This problem is definitely real. :-( I have just received a new batch of e-mails that sneaked past assp. Earlier in the thread, I pretty much proved that my set up has jumped through all the hoops necessary to ensure that mail should only pass through assp (see netstat, nmap, etc. outputs earlier in the thread). Given that postfix's Master.cf does not listen on port 25, and that port 25 is only used by assp (as demonstrated by netstat and nmap), one has to feel that assp is somehow letting this stuff through to postfix.
For example, this line (perhaps spoofed) seems to indicate that postfix received the message directly, but the mail log below indicates that the message is coming through 127.0.0.1 to postfix: Received: from mail.e-fta.co.kr (localhost [127.0.0.1]) by My.MXDomain.com (Postfix) with ESMTP id 4C700B6AB09 for <webmas...@mydomain1.com>; Sat, 8 Aug 2009 04:12:01 -0400 (EDT) The problem is that it does not identify the port number directly, making sleuthing more difficult. Here are four new, recent examples of the problem (there should be assp headers on all of them). From what I can tell there is more than one source, and they're coming into more than one virtual domain. Return-Path: <jonat...@e-fta.co.kr> Received: from My.MXDomain.com ([unix socket]) by My.MXDomain.com (Cyrus v2.3.8-OS X Server 10.5: 9G69) with LMTPA; Sat, 08 Aug 2009 04:12:09 -0400 X-Sieve: CMU Sieve 2.3 Received: from localhost (localhost [127.0.0.1]) by My.MXDomain.com (Postfix) with ESMTP id 44CBAB6AB15 for <webmas...@mydomain1.com>; Sat, 8 Aug 2009 04:12:07 -0400 (EDT) X-Virus-Scanned: amavisd-new at MyServer.com Received: from My.MXDomain.com ([127.0.0.1]) by localhost (My.MXDomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VpbA1fEKe0qh for <webmas...@mydomain1.com>; Sat, 8 Aug 2009 04:12:04 -0400 (EDT) Received: from mail.e-fta.co.kr (localhost [127.0.0.1]) by My.MXDomain.com (Postfix) with ESMTP id 4C700B6AB09 for <webmas...@mydomain1.com>; Sat, 8 Aug 2009 04:12:01 -0400 (EDT) Received: from mail.e-fta.co.kr (bear [127.0.0.1]) by mail.e-fta.co.kr (8.13.1/8.13.1) with ESMTP id n786hceu024160 for <webmas...@mydomain1.com>; Sat, 8 Aug 2009 15:43:39 +0900 Received: (from e-...@localhost) by mail.e-fta.co.kr (8.13.1/8.13.1/Submit) id n786hbWp024153 for webmas...@mydomain1.com; Sat, 8 Aug 2009 15:43:37 +0900 Date: Sat, 8 Aug 2009 15:43:37 +0900 Message-Id: <200908080643.n786hbwp024...@mail.e-fta.co.kr> X-Authentication-Warning: mail.e-fta.co.kr: e-fta set sender to jonat...@e-fta.co.kr using -f To: <webmas...@mydomain1.com> From: Jonathan Sim<s...@e-fta.co.kr> Subject: [ALLWIN] Steam Car Wash Content-type: text/html Return-Path: <grants_2...@canadiansubsidydirectory.ca> Received: from My.MXDomain.com ([unix socket]) by My.MXDomain.com (Cyrus v2.3.8-OS X Server 10.5: 9G69) with LMTPA; Sat, 08 Aug 2009 03:51:08 -0400 X-Sieve: CMU Sieve 2.3 Received: from localhost (localhost [127.0.0.1]) by My.MXDomain.com (Postfix) with ESMTP id 88F8FB6A9C1 for <tre...@mydomain2.com>; Sat, 8 Aug 2009 03:51:07 -0400 (EDT) X-Virus-Scanned: amavisd-new at MyServer.com Received: from My.MXDomain.com ([127.0.0.1]) by localhost (My.MXDomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0badFI7bmfPb for <tre...@mydomain2.com>; Sat, 8 Aug 2009 03:51:06 -0400 (EDT) Received: from bsd02.best-hosting.ru (localhost [127.0.0.1]) by My.MXDomain.com (Postfix) with ESMTP id 1E080B6A9BA for <tre...@mydomain2.com>; Sat, 8 Aug 2009 03:51:06 -0400 (EDT) Received: from [89.208.136.90] (helo=besthost39.host) by bsd02.best-hosting.ru with esmtpa (Exim 4.69 (FreeBSD)) (envelope-from <grants_2...@canadiansubsidydirectory.ca>) id 1MZghj-0003ov-2c for tre...@mydomain2.com; Sat, 08 Aug 2009 11:51:03 +0400 From: "=?iso-8859-1?B? Q2FuYWRpYW4gU3Vic2lkeSBkaXJlY3RvcnkgKDIwMDkgRURJVElPTik=?=" <grants_2...@canadiansubsidydirectory.ca > To: tre...@mydomain2.com Subject: Available; Federal, Provincial and Foundation grants Date: Sat, 8 Aug 2009 11:51:01 +0400 MIME-Version: 1.0 Message-ID: <1249605703d1b9cd85dfcbb6b8881811462253a...@canadiansubsidydirectory.ca > Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Return-Path: <toronto.supp...@torontorating.org> Received: from My.MXDomain.com ([unix socket]) by My.MXDomain.com (Cyrus v2.3.8-OS X Server 10.5: 9G69) with LMTPA; Thu, 06 Aug 2009 14:24:55 -0400 X-Sieve: CMU Sieve 2.3 Received: by My.MXDomain.com (Postfix, from userid 77) id 36981B60C42; Thu, 6 Aug 2009 14:24:55 -0400 (EDT) Received: from My.MXDomain.com ([unix socket]) by My.MXDomain.com (Cyrus v2.3.8-OS X Server 10.5: 9G69) with LMTPA; Thu, 06 Aug 2009 14:24:55 -0400 X-Sieve: CMU Sieve 2.3 Received: from localhost (localhost [127.0.0.1]) by My.MXDomain.com (Postfix) with ESMTP id 7B10FB60C3A for <i...@mydomain2.com>; Thu, 6 Aug 2009 14:24:53 -0400 (EDT) X-Virus-Scanned: amavisd-new at MyServer.com Received: from My.MXDomain.com ([127.0.0.1]) by localhost (My.MXDomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VmNLElJozzlt for <i...@mydomain2.com>; Thu, 6 Aug 2009 14:24:49 -0400 (EDT) Received: from circleserver.com (localhost [127.0.0.1]) by My.MXDomain.com (Postfix) with ESMTP id 46E42B60C30 for <i...@mydomain2.com>; Thu, 6 Aug 2009 14:24:49 -0400 (EDT) Received: from [127.0.0.1] ([87.79.234.58]) (authenticated bits=0) by circleserver.com (8.14.3/8.14.3) with ESMTP id n76IS6dA055528 for <i...@mydomain2.com>; Thu, 6 Aug 2009 23:28:09 +0500 (AMST) (envelope-from toronto.supp...@torontorating.org) Message-ID: <4a7b1fe3.1070...@torontorating.org> Date: Thu, 06 Aug 2009 20:24:35 +0200 From: "TorontoRating.Org Support" <toronto.supp...@torontorating.org> User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: i...@mydomain2.com Subject: Toronto Web Sites Rating and Statistics system Content-Type: multipart/mixed; boundary="------------010605000800070403000102" This is a multi-part message in MIME format. --------------010605000800070403000102 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-Path: <diverc...@misvinculos.com> Received: from My.MXDomain.com ([unix socket]) by My.MXDomain.com (Cyrus v2.3.8-OS X Server 10.5: 9G69) with LMTPA; Sat, 08 Aug 2009 06:48:39 -0400 X-Sieve: CMU Sieve 2.3 Received: from localhost (localhost [127.0.0.1]) by My.MXDomain.com (Postfix) with ESMTP id 6A7B8B6B11C for <edi...@mydomain1.com>; Sat, 8 Aug 2009 06:48:38 -0400 (EDT) X-Virus-Scanned: amavisd-new at MyServer.com Received: from My.MXDomain.com ([127.0.0.1]) by localhost (My.MXDomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5OJ-GV7NxFOx for <edi...@mydomain1.com>; Sat, 8 Aug 2009 06:48:33 -0400 (EDT) Received: from linux8.servidor5.net (localhost [127.0.0.1]) by My.MXDomain.com (Postfix) with ESMTP id 9AE26B6B10F for <edi...@mydomain1.com>; Sat, 8 Aug 2009 06:48:33 -0400 (EDT) Received: from localhost ([127.0.0.1] helo=linux.servidor5.net) by linux.servidor5.net with esmtpa (Exim 4.69) (envelope-from <diverc...@misvinculos.com>) id 1MZjTS-0000kE-MC for edi...@mydomain1.com; Sat, 08 Aug 2009 05:48:31 -0500 Received: from dsl-189-146-78-64-dyn.prod-infinitum.com.mx ([189.146.78.64] helo=dsl-189-146-78-64-dyn.prod-infinitum.com.mx) with IPv4:26 by linux.servidor5.net; 8 Aug 2009 05:48:28 -0500 MIME-Version: 1.0 From: "Latin Hot Party / Cancun 2009" <diverc...@misvinculos.com> Reply-To: i...@divercity.com.mx To: edi...@mydomain1.com Subject: =?windows-1252http-equivContent-Type?Q? Latin_Hot_Party_.._=A1_=A1_La_fies?= =?windows-1252http-equivContent-Type?Q?ta_esta_a_punto_de_comenzar_! _!?= Content-Type: multipart/alternative; boundary="----=_NextPart_001_5980_26052D13.1D861909" X-Mailer: SendBlaster.1.6.0 Date: Sat, 8 Aug 2009 05:48:24 -0500 Message-ID: <419662402672263291...@esm_01> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - linux.servidor5.net X-AntiAbuse: Original Domain - MyDomain1.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - misvinculos.com Here's the entire mail log from time of the last header of the four above (there seems to be another message coming in ([66115]), too, but it just connects and disconnects some time later). Note that the connection is from 127.0.0.1, not from the originating server, so it seems to point to assp (or perhaps some other local process): Aug 8 06:48:32 mini postfix/smtpd[65846]: connect from localhost[127.0.0.1] Aug 8 06:48:33 mini postfix/smtpd[65846]: 9AE26B6B10F: client=localhost[127.0.0.1] Aug 8 06:48:33 mini postfix/cleanup[66116]: 9AE26B6B10F: message- id=<419662402672263291...@esm_01> Aug 8 06:48:33 mini postfix/qmgr[108]: 9AE26B6B10F: from=<diverc...@misvinculos.com >, size=9226, nrcpt=1 (queue active) Aug 8 06:48:34 mini postfix/smtpd[65846]: disconnect from localhost[127.0.0.1] Aug 8 06:48:37 mini postfix/smtpd[66115]: connect from localhost[127.0.0.1] Aug 8 06:48:38 mini postfix/smtpd[66324]: connect from localhost[127.0.0.1] Aug 8 06:48:38 mini postfix/smtpd[66324]: 6A7B8B6B11C: client=localhost[127.0.0.1] Aug 8 06:48:38 mini postfix/cleanup[66003]: 6A7B8B6B11C: message- id=<419662402672263291...@esm_01> Aug 8 06:48:38 mini postfix/smtpd[66324]: disconnect from localhost[127.0.0.1] Aug 8 06:48:38 mini postfix/qmgr[108]: 6A7B8B6B11C: from=<diverc...@misvinculos.com >, size=9643, nrcpt=1 (queue active) Aug 8 06:48:38 mini postfix/smtp[66322]: 9AE26B6B10F: to=<editor@ MyDomain1.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.8, delays=0.3/0.01/0/4.5, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 6A7B8B6B11C) Aug 8 06:48:38 mini postfix/qmgr[108]: 9AE26B6B10F: removed Here's Master.cf. It's the default Apple master.cf, changed so that postfix only receives on ports that assp uses. The uncommented lines at the bottom are added by Apple's Server Admin when one uses virus checking, mailman, etc., but they're all on localhost. The only line that gives me pause is the "-o content_filter=" after 628, but I doubt that it's related to the current problem of mail bypassing assp, particularly given the mail server log above: # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # = = ======================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # = = ======================================================================== # THJ disabled smtp port 25 (1 line from original) 20080517 # smtp inet n - n - - smtpd # # # THJ added submission port (4 lines) 20080517 125 inet n - n - - smtpd # -o smtpd_enforce_tls=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # # # THJ added submission port (4 lines) 20080517 2600 inet n - n - - smtpd # -o smtpd_enforce_tls=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup -o content_filter= cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # ==================================================================== # # The Cyrus deliver program has changed incompatibly, multiple times. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # cyrus unix - n n - - pipe user=_cyrus argv=/usr/bin/cyrus/bin/deliver -e -r ${sender} -m $ {extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # #uucp unix - n n - - pipe # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # ==================================================================== # # Other external delivery methods. # #ifmail unix - n n - - pipe # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) # #bsmtp unix - n n - - pipe # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient # #scalemail-backend unix - n n - 2 pipe # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store # ${nexthop} ${user} ${extension} # #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - y - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_enforce_tls=no -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o receive_override_options=no_header_body_checks Anyone have any thoughts? Thanks. T. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test