Q: Is it safe to clear ldaplistdb?
Q: What is the best way to do it?
I see very old entries, like
ti...@ziborski.net|::|[2016-11-22,13:03:12] VRFY
Q: Shouldn't such entries get deleted automatically?
Settings:
DoVRFY: on
ldaplistdb: DB:
LDAPcrossCheckInterval: 24
MaxLDAPlistDays: 30
VRFYforceRCPTTO: <empty>
On forceLDAPcrossCheck, ASSP does not use VRFY, although it is available:
...
220 mx1.safemail.at ESMTP Postfix
EHLO mx1.safemail.at
250-mx1.safemail.at
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
HELP
502 5.5.2 Error: command not recognized
MAIL FROM:<postmas...@mx1.safemail.at>
250 2.1.0 Ok
RCPT TO:<lindsay...@ziborski.net>
250 2.1.5 Ok
QUIT
221 2.0.0 Bye
...
Anyway, when Postfix answers to VRFY with
252 2.0.0 blahb...@web.de
it means "I don't know whether the address is valid"
and perhaps "it doesn't look invalid"
ASSP should not assume that the address is local!
Same, of course, when using "RCPT TO" - Postfix has to accept any
address that looks valid - not just local addresses.
Checking the logs, I've found this (and similar entries, some with
domains containing line breaks in the name (!?!)):
:2018/01/29 12:01:22 [Worker_10000] Info: localdomains was changed -
removed the now not matching temporary local domain entry '@web.de' from
ldaplistdb
Q: What is "temporary local domain"?
Q: How does a domain get listed as "temporary local"?
Thank you,
best regards,
Zrin Ziborski
Am 30.01.2018 um 11:13 schrieb Thomas Eckardt:
252 2.0.0 blahb...@web.de
This is the wrong answer from your postfix. If assp sees this reply, it
will cache 'web.de' as local domain for a while. Because, if
blahb...@web.deis valid, web.de must be a local domain.
Thomas
Von: "Zrin Ziborski" <zrin+a...@ziborski.net>
An: assp-test@lists.sourceforge.net
Datum: 30.01.2018 10:43
Betreff: Re: [Assp-test] UnknownLocalSender / SpoofedSender for
non-local domain
------------------------------------------------------------------------
Did check that - there was no "web.de" anywhere to find.
Is it safe to empty the ldaplistdb?
Is it normal that some entries in it contain line breaks?
Example:
@ziborski.net|::|[2018-01-30,06:24:27]
@ziborski.net
|::|[2018-01-30,08:03:05] VRFY
@ziborski.net>
|::|[2018-01-30,06:24:27]
I've checked all of those:
https://assp.my.net:55555/edit?file=DB-ldaplistdb¬e=1
https://assp.my.net:55555/edit?file=DB-LDAPShowDB¬e=8
(I guess it's the very same content)
./database/ldaplist
./ldaplist
./mysql/dbbackup/ldaplist*
Couldn't find "web.de" there.
Several weeks ago I did have a route (transport setting in postfix) for
outgoing e-mails to web.de through another server, but that shouldnt
touch local domains (?)
BTW, when manually testung VRFY on the internal port for ASSP->Postfix I
get following:
220 mx1.safemail.at ESMTP Postfix
EHLO localhost
250-mx1.safemail.at
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
VRFY postmaster
252 2.0.0 postmaster
VRFY postmas...@safemail.at
252 2.0.0 postmas...@safemail.at
VRFY postmas...@google.com
252 2.0.0 postmas...@google.com
VRFY postmas...@web.de
252 2.0.0 postmas...@web.de
VRFY blahblah
550 5.1.1 <blahblah>: Recipient address rejected: User unknown in local
recipient table
VRFY blahb...@web.de
252 2.0.0 blahb...@web.de
QUIT
221 2.0.0 Bye
Thank you,
best regards,
Zrin
Am 30.01.2018 um 09:18 schrieb Thomas Eckardt:
check the content of 'ldaplistdb' and remove all nolocal domain entries.
eg.
@web.de
Thomas
Von: "Zrin Ziborski" <zrin+a...@ziborski.net>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Datum: 29.01.2018 16:24
Betreff: [Assp-test] UnknownLocalSender / SpoofedSender for non-local
domain
------------------------------------------------------------------------
ASSP version 2.5.5(17223)
Helo all,
I've noticed [UnknownLocalSender] and [SpoofedSender] in the log for an
external incoming e-mail that has non-local from address:
2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] 212.227.15.4
<xxx....@web.de> info: found message size announcement: 9.62 kByte
2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] [UnknownLocalSender]
212.227.15.4 <xxx....@web.de> [monitoring] (Invalid Local Sender
'xxx....@web.de')
2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] [SpoofedSender]
212.227.15.4 <xxx....@web.de> [scoring] (No Spoofing Allowed
'xxx....@web.de' in 'mailfrom')
2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] 212.227.15.4
<xxx....@web.de> Message-Score: added 37 (slValencePB) for No Spoofing
Allowed 'xxx....@web.de' in 'mailfrom', total score for this message is
now 37
2018/01/03 20:47:09 08828-29715 [Worker_1] [TLS-in] 212.227.15.4
<xxx....@web.de> to: rrr....@defrance.at info: remove IP-score from
212.227.15.4 - this mail passed the SPF check
2018/01/03 20:47:09 08828-29715 [Worker_1] [TLS-in] 212.227.15.4
<xxx....@web.de> to: rrr....@defrance.at Message-Score: added -5
(spfpValencePB) for SPF pass, total score for this message is now 32
Settings:
LocalAddresses_Flat: <empty>
localDomains: file:files/localdomains.txt
<file://files/localdomains.txt><file://files/localdomains.txt>
DoVRFY: on
files/localdomains.txt does NOT contain "web.de".
LDAP is not used there.
What can cause this behavior?
What can I do to debug that?
Thank you in advance,
Zrin
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
