This problem is definitely real. :-(
I have just received a new batch of e-mails that sneaked past assp.
Earlier in the thread, I pretty much proved that my set up has jumped
through all the hoops necessary to ensure that mail should only pass
through assp (see netstat, nmap, etc. outputs earlier in the thread).
Given that postfix's Master.cf does not listen on port 25, and that
port 25 is only used by assp (as demonstrated by netstat and nmap),
one has to feel that assp is somehow letting this stuff through to
postfix.
For example, this line (perhaps spoofed) seems to indicate that
postfix received the message directly, but the mail log below
indicates that the message is coming through 127.0.0.1 to postfix:
Received: from mail.e-fta.co.kr (localhost [127.0.0.1])
by My.MXDomain.com (Postfix) with ESMTP id 4C700B6AB09
for <webmas...@mydomain1.com>; Sat, 8 Aug 2009 04:12:01 -0400 (EDT)
The problem is that it does not identify the port number directly,
making sleuthing more difficult.
Here are four new, recent examples of the problem (there should be
assp headers on all of them). From what I can tell there is more than
one source, and they're coming into more than one virtual domain.
Return-Path: <jonat...@e-fta.co.kr>
Received: from My.MXDomain.com ([unix socket])
by My.MXDomain.com (Cyrus v2.3.8-OS X Server 10.5: 9G69) with
LMTPA;
Sat, 08 Aug 2009 04:12:09 -0400
X-Sieve: CMU Sieve 2.3
Received: from localhost (localhost [127.0.0.1])
by My.MXDomain.com (Postfix) with ESMTP id 44CBAB6AB15
for <webmas...@mydomain1.com>; Sat, 8 Aug 2009 04:12:07 -0400 (EDT)
X-Virus-Scanned: amavisd-new at MyServer.com
Received: from My.MXDomain.com ([127.0.0.1])
by localhost (My.MXDomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id VpbA1fEKe0qh for <webmas...@mydomain1.com>;
Sat, 8 Aug 2009 04:12:04 -0400 (EDT)
Received: from mail.e-fta.co.kr (localhost [127.0.0.1])
by My.MXDomain.com (Postfix) with ESMTP id 4C700B6AB09
for <webmas...@mydomain1.com>; Sat, 8 Aug 2009 04:12:01 -0400 (EDT)
Received: from mail.e-fta.co.kr (bear [127.0.0.1])
by mail.e-fta.co.kr (8.13.1/8.13.1) with ESMTP id n786hceu024160
for <webmas...@mydomain1.com>; Sat, 8 Aug 2009 15:43:39 +0900
Received: (from e-...@localhost)
by mail.e-fta.co.kr (8.13.1/8.13.1/Submit) id n786hbWp024153
for webmas...@mydomain1.com; Sat, 8 Aug 2009 15:43:37 +0900
Date: Sat, 8 Aug 2009 15:43:37 +0900
Message-Id: <200908080643.n786hbwp024...@mail.e-fta.co.kr>
X-Authentication-Warning: mail.e-fta.co.kr: e-fta set sender to
jonat...@e-fta.co.kr
using -f
To: <webmas...@mydomain1.com>
From: Jonathan Sim<s...@e-fta.co.kr>
Subject: [ALLWIN] Steam Car Wash
Content-type: text/html
Return-Path: <grants_2...@canadiansubsidydirectory.ca>
Received: from My.MXDomain.com ([unix socket])
by My.MXDomain.com (Cyrus v2.3.8-OS X Server 10.5: 9G69) with
LMTPA;
Sat, 08 Aug 2009 03:51:08 -0400
X-Sieve: CMU Sieve 2.3
Received: from localhost (localhost [127.0.0.1])
by My.MXDomain.com (Postfix) with ESMTP id 88F8FB6A9C1
for <tre...@mydomain2.com>; Sat, 8 Aug 2009 03:51:07 -0400 (EDT)
X-Virus-Scanned: amavisd-new at MyServer.com
Received: from My.MXDomain.com ([127.0.0.1])
by localhost (My.MXDomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 0badFI7bmfPb for <tre...@mydomain2.com>;
Sat, 8 Aug 2009 03:51:06 -0400 (EDT)
Received: from bsd02.best-hosting.ru (localhost [127.0.0.1])
by My.MXDomain.com (Postfix) with ESMTP id 1E080B6A9BA
for <tre...@mydomain2.com>; Sat, 8 Aug 2009 03:51:06 -0400 (EDT)
Received: from [89.208.136.90] (helo=besthost39.host)
by bsd02.best-hosting.ru with esmtpa (Exim 4.69 (FreeBSD))
(envelope-from <grants_2...@canadiansubsidydirectory.ca>)
id 1MZghj-0003ov-2c
for tre...@mydomain2.com; Sat, 08 Aug 2009 11:51:03 +0400
From: "=?iso-8859-1?B?
Q2FuYWRpYW4gU3Vic2lkeSBkaXJlY3RvcnkgKDIwMDkgRURJVElPTik=?="
<grants_2...@canadiansubsidydirectory.ca
>
To: tre...@mydomain2.com
Subject: Available; Federal, Provincial and Foundation grants
Date: Sat, 8 Aug 2009 11:51:01 +0400
MIME-Version: 1.0
Message-ID:
<1249605703d1b9cd85dfcbb6b8881811462253a...@canadiansubsidydirectory.ca
>
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Return-Path: <toronto.supp...@torontorating.org>
Received: from My.MXDomain.com ([unix socket])
by My.MXDomain.com (Cyrus v2.3.8-OS X Server 10.5: 9G69) with
LMTPA;
Thu, 06 Aug 2009 14:24:55 -0400
X-Sieve: CMU Sieve 2.3
Received: by My.MXDomain.com (Postfix, from userid 77)
id 36981B60C42; Thu, 6 Aug 2009 14:24:55 -0400 (EDT)
Received: from My.MXDomain.com ([unix socket])
by My.MXDomain.com (Cyrus v2.3.8-OS X Server 10.5: 9G69) with
LMTPA;
Thu, 06 Aug 2009 14:24:55 -0400
X-Sieve: CMU Sieve 2.3
Received: from localhost (localhost [127.0.0.1])
by My.MXDomain.com (Postfix) with ESMTP id 7B10FB60C3A
for <i...@mydomain2.com>; Thu, 6 Aug 2009 14:24:53 -0400 (EDT)
X-Virus-Scanned: amavisd-new at MyServer.com
Received: from My.MXDomain.com ([127.0.0.1])
by localhost (My.MXDomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id VmNLElJozzlt for <i...@mydomain2.com>;
Thu, 6 Aug 2009 14:24:49 -0400 (EDT)
Received: from circleserver.com (localhost [127.0.0.1])
by My.MXDomain.com (Postfix) with ESMTP id 46E42B60C30
for <i...@mydomain2.com>; Thu, 6 Aug 2009 14:24:49 -0400 (EDT)
Received: from [127.0.0.1] ([87.79.234.58])
(authenticated bits=0)
by circleserver.com (8.14.3/8.14.3) with ESMTP id n76IS6dA055528
for <i...@mydomain2.com>; Thu, 6 Aug 2009 23:28:09 +0500 (AMST)
(envelope-from toronto.supp...@torontorating.org)
Message-ID: <4a7b1fe3.1070...@torontorating.org>
Date: Thu, 06 Aug 2009 20:24:35 +0200
From: "TorontoRating.Org Support" <toronto.supp...@torontorating.org>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: i...@mydomain2.com
Subject: Toronto Web Sites Rating and Statistics system
Content-Type: multipart/mixed;
boundary="------------010605000800070403000102"
This is a multi-part message in MIME format.
--------------010605000800070403000102
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-Path: <diverc...@misvinculos.com>
Received: from My.MXDomain.com ([unix socket])
by My.MXDomain.com (Cyrus v2.3.8-OS X Server 10.5: 9G69) with
LMTPA;
Sat, 08 Aug 2009 06:48:39 -0400
X-Sieve: CMU Sieve 2.3
Received: from localhost (localhost [127.0.0.1])
by My.MXDomain.com (Postfix) with ESMTP id 6A7B8B6B11C
for <edi...@mydomain1.com>; Sat, 8 Aug 2009 06:48:38 -0400 (EDT)
X-Virus-Scanned: amavisd-new at MyServer.com
Received: from My.MXDomain.com ([127.0.0.1])
by localhost (My.MXDomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 5OJ-GV7NxFOx for <edi...@mydomain1.com>;
Sat, 8 Aug 2009 06:48:33 -0400 (EDT)
Received: from linux8.servidor5.net (localhost [127.0.0.1])
by My.MXDomain.com (Postfix) with ESMTP id 9AE26B6B10F
for <edi...@mydomain1.com>; Sat, 8 Aug 2009 06:48:33 -0400 (EDT)
Received: from localhost ([127.0.0.1] helo=linux.servidor5.net)
by linux.servidor5.net with esmtpa (Exim 4.69)
(envelope-from <diverc...@misvinculos.com>)
id 1MZjTS-0000kE-MC
for edi...@mydomain1.com; Sat, 08 Aug 2009 05:48:31 -0500
Received: from dsl-189-146-78-64-dyn.prod-infinitum.com.mx
([189.146.78.64]
helo=dsl-189-146-78-64-dyn.prod-infinitum.com.mx) with IPv4:26 by
linux.servidor5.net; 8 Aug 2009 05:48:28 -0500
MIME-Version: 1.0
From: "Latin Hot Party / Cancun 2009" <diverc...@misvinculos.com>
Reply-To: i...@divercity.com.mx
To: edi...@mydomain1.com
Subject:
=?windows-1252http-equivContent-Type?Q?
Latin_Hot_Party_.._=A1_=A1_La_fies?=
=?windows-1252http-equivContent-Type?Q?ta_esta_a_punto_de_comenzar_!
_!?=
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_5980_26052D13.1D861909"
X-Mailer: SendBlaster.1.6.0
Date: Sat, 8 Aug 2009 05:48:24 -0500
Message-ID: <419662402672263291...@esm_01>
X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report
X-AntiAbuse: Primary Hostname - linux.servidor5.net
X-AntiAbuse: Original Domain - MyDomain1.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - misvinculos.com
Here's the entire mail log from time of the last header of the four
above (there seems to be another message coming in ([66115]), too, but
it just connects and disconnects some time later). Note that the
connection is from 127.0.0.1, not from the originating server, so it
seems to point to assp (or perhaps some other local process):
Aug 8 06:48:32 mini postfix/smtpd[65846]: connect from
localhost[127.0.0.1]
Aug 8 06:48:33 mini postfix/smtpd[65846]: 9AE26B6B10F:
client=localhost[127.0.0.1]
Aug 8 06:48:33 mini postfix/cleanup[66116]: 9AE26B6B10F: message-
id=<419662402672263291...@esm_01>
Aug 8 06:48:33 mini postfix/qmgr[108]: 9AE26B6B10F:
from=<diverc...@misvinculos.com
>, size=9226, nrcpt=1 (queue active)
Aug 8 06:48:34 mini postfix/smtpd[65846]: disconnect from
localhost[127.0.0.1]
Aug 8 06:48:37 mini postfix/smtpd[66115]: connect from
localhost[127.0.0.1]
Aug 8 06:48:38 mini postfix/smtpd[66324]: connect from
localhost[127.0.0.1]
Aug 8 06:48:38 mini postfix/smtpd[66324]: 6A7B8B6B11C:
client=localhost[127.0.0.1]
Aug 8 06:48:38 mini postfix/cleanup[66003]: 6A7B8B6B11C: message-
id=<419662402672263291...@esm_01>
Aug 8 06:48:38 mini postfix/smtpd[66324]: disconnect from
localhost[127.0.0.1]
Aug 8 06:48:38 mini postfix/qmgr[108]: 6A7B8B6B11C:
from=<diverc...@misvinculos.com
>, size=9643, nrcpt=1 (queue active)
Aug 8 06:48:38 mini postfix/smtp[66322]: 9AE26B6B10F: to=<editor@
MyDomain1.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.8,
delays=0.3/0.01/0/4.5, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
6A7B8B6B11C)
Aug 8 06:48:38 mini postfix/qmgr[108]: 9AE26B6B10F: removed
Here's Master.cf. It's the default Apple master.cf, changed so that
postfix only receives on ports that assp uses. The uncommented lines
at the bottom are added by Apple's Server Admin when one uses virus
checking, mailman, etc., but they're all on localhost. The only line
that gives me pause is the "-o content_filter=" after 628, but I doubt
that it's related to the current problem of mail bypassing assp,
particularly given the mail server log above:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
#
=
=
========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
#
=
=
========================================================================
# THJ disabled smtp port 25 (1 line from original) 20080517
# smtp inet n - n - - smtpd
#
#
# THJ added submission port (4 lines) 20080517
125 inet n - n - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#
#
# THJ added submission port (4 lines) 20080517
2600 inet n - n - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
-o content_filter=
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX
loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
cyrus unix - n n - - pipe
user=_cyrus argv=/usr/bin/cyrus/bin/deliver -e -r ${sender} -m $
{extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_enforce_tls=no
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_header_body_checks
Anyone have any thoughts? Thanks.
T.
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
