[pfx] Re: Spam mails seen in logfiles question
On 2023-08-23 at 14:38:18 UTC-0400 (Wed, 23 Aug 2023 12:38:18 -0600) IUL Support via Postfix-users is rumored to have said: I must be missing something in what you're saying. If the server receives a message for myu...@mydomain.com and myuser's mailbox is full... by default the server generates a bounce, I don't see any way around that. In most modern configurations of Postfix, a full mailbox will result in a rejection code in SMTP. The incoming message is never queued. If the sender uses the ESMTP SIZE extension, the receiving server may reject an oversize message without seeing the message data at all. It tries to send the bounce back to the sender from whence it came, lets say that is "enlarge_your_part-myuser=mydomain@theirdomain.com" and then their server throws a 4xx and defers accepting the bounce, repeatedly, for a week, until retries finally times out.If their server is deferring inbound mail that doesn't sound like any sort of successful bounce management strategy to me. Yes, you will only notice when bounces fail. Most happen almost immediately and just work. Depending on why you are bouncing messages, you may only be bouncing messages sent by reckless spammers who use VERP only because that's what their tools do, and their spamming gets their accounts killed or filled before their giant piles of spam have fully delivered. -Original Message- From: Bill Cole via Postfix-users Sent: Wednesday, August 23, 2023 9:17 AM To: IUL Support via Postfix-users Subject: [pfx] Re: Spam mails seen in logfiles question On 2023-08-23 at 05:22:21 UTC-0400 (Wed, 23 Aug 2023 03:22:21 -0600) IUL Support via Postfix-users is rumored to have said: Hi All, Have a legacy server that I've just taken over maintaining. It's set up with postfix that handles a small handful of email users. In looking through the logfile I'll frequently see emails bouncing (and the bounce messages being deferred so they just sit in the queue wasting retries). You should fix that. It is a dangerous practice to accept mail and then attempt to bounce it on a machine accepting mail from the Internet. This generates a "backscatter" of bounces to forged addresses, often with embedded spam and malware in the bounce messages. The email will be from some_spammy_text-myuser=mydomain@notmydomain.com and addressed to myu...@mydomain.com. The LHS always seems to have the same basic format ie. the underscores and the equal sign so it seems obvious that they're trying to accomplish something specific. Is it supposed to help them get past spam filtering, or get around some sort of bug? It is called "variable envelope return path" or more often just VERP. It is a common practice used in modern mailing list management that sends each message with one recipient and a unique envelope sender to assure that any delayed bounces (which are sent to the envelope sender, a.k.a. 'return path') can be positively matched to a user, so that the user can be removed or suspended from a list if there are problems delivering to them that can be understood from the bounce as likely to be repaired. There are related variants on VERP that are used to encode an earlier return path into a new one on forwarded messages (SRS) and as a trick to give every message a unique return path and hence eliminate fake bounces (BATV.) Can anyone enlighten me as to what they're trying to accomplish and if I should be doing anything configuration wise to block them from accomplishing it?? Don't block based solely on VERP use. VERP is almost universally used in business-to-consumer bulk and transactional email, including messages which are very much wanted and valuable. SRS and BATV, which look very similar, are used to make other spam mitigation tactics possible. Is it supposed to help them get past spam filtering, or get around some sort of bug? It's all about spam, like everything these days in email... But it is NOT about getting around filters. It is about enabling rigorous bounce handling (GOOD!) so that bulk mail senders can avoid sending de facto spam and keep their lists clean. The similar-looking BATV and SRS are tactics developed to allow other anti-spam techniques to work with fewer errors. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___
[pfx] Re: How can I set up a very simple postfix server
Wietse Venema via Postfix-users wrote in <4rw8mh2rcwzj...@spike.porcupine.org>: |Steffen Nurpmeso via Postfix-users: |>|Alls you need is to 'mount' the maildtop directory into a container |>|with read/write permission, and install the Postfix sendmail and |>|postdrop programs insalled in the container. As long as there is a |>|Postfix pickup daemon running somewhere, it will pick up new messages |>|in at most 60 seconds. |> |> "The problem" (i have given up and did not try it for long) is the |> configuration directory. Does this work without configuration |> directory? I had to try again. | |You need at a minimum: | |- passwd/shadow/group entries for postdrop Sure. (Well, at least here.) |- $config_directory/main.cf with sendail_path, setgid-group, queue_direc\ |tory, command_directory |- sendmail and postdrop binaries These from a default installation, then. |- maildrop directory That i will try to --bind mount(1)ing from real into unshare(1) ip(8) netns container to where the default installation expects it, then. (Next time i will do this.) Thank you for the information. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Spam mails seen in logfiles question
I must be missing something in what you're saying. If the server receives a message for myu...@mydomain.com and myuser's mailbox is full... by default the server generates a bounce, I don't see any way around that. It tries to send the bounce back to the sender from whence it came, lets say that is "enlarge_your_part-myuser=mydomain@theirdomain.com" and then their server throws a 4xx and defers accepting the bounce, repeatedly, for a week, until retries finally times out.If their server is deferring inbound mail that doesn't sound like any sort of successful bounce management strategy to me. -Original Message- From: Bill Cole via Postfix-users Sent: Wednesday, August 23, 2023 9:17 AM To: IUL Support via Postfix-users Subject: [pfx] Re: Spam mails seen in logfiles question On 2023-08-23 at 05:22:21 UTC-0400 (Wed, 23 Aug 2023 03:22:21 -0600) IUL Support via Postfix-users is rumored to have said: > Hi All, > > Have a legacy server that I've just taken over maintaining. It's set > up with postfix that handles a small handful of email users. In > looking through the logfile I'll frequently see emails bouncing (and > the bounce messages being deferred so they just sit in the queue > wasting retries). You should fix that. It is a dangerous practice to accept mail and then attempt to bounce it on a machine accepting mail from the Internet. This generates a "backscatter" of bounces to forged addresses, often with embedded spam and malware in the bounce messages. > The email will be from > some_spammy_text-myuser=mydomain@notmydomain.com and addressed > to > myu...@mydomain.com. > > The LHS always seems to have the same basic format ie. the underscores > and the equal sign so it seems obvious that they're trying to > accomplish > something specific. Is it supposed to help them get past spam > filtering, > or get around some sort of bug? It is called "variable envelope return path" or more often just VERP. It is a common practice used in modern mailing list management that sends each message with one recipient and a unique envelope sender to assure that any delayed bounces (which are sent to the envelope sender, a.k.a. 'return path') can be positively matched to a user, so that the user can be removed or suspended from a list if there are problems delivering to them that can be understood from the bounce as likely to be repaired. There are related variants on VERP that are used to encode an earlier return path into a new one on forwarded messages (SRS) and as a trick to give every message a unique return path and hence eliminate fake bounces (BATV.) > Can anyone enlighten me as to what they're trying to accomplish and if > I should be doing anything configuration wise to block them from > accomplishing it?? Don't block based solely on VERP use. VERP is almost universally used in business-to-consumer bulk and transactional email, including messages which are very much wanted and valuable. SRS and BATV, which look very similar, are used to make other spam mitigation tactics possible. > Is it supposed to help them get past spam filtering, or get around > some sort of bug? It's all about spam, like everything these days in email... But it is NOT about getting around filters. It is about enabling rigorous bounce handling (GOOD!) so that bulk mail senders can avoid sending de facto spam and keep their lists clean. The similar-looking BATV and SRS are tactics developed to allow other anti-spam techniques to work with fewer errors. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Spam mails seen in logfiles question
On 2023-08-23 at 05:22:21 UTC-0400 (Wed, 23 Aug 2023 03:22:21 -0600) IUL Support via Postfix-users is rumored to have said: Hi All, Have a legacy server that I've just taken over maintaining. It's set up with postfix that handles a small handful of email users. In looking through the logfile I'll frequently see emails bouncing (and the bounce messages being deferred so they just sit in the queue wasting retries). You should fix that. It is a dangerous practice to accept mail and then attempt to bounce it on a machine accepting mail from the Internet. This generates a "backscatter" of bounces to forged addresses, often with embedded spam and malware in the bounce messages. The email will be from some_spammy_text-myuser=mydomain@notmydomain.com and addressed to myu...@mydomain.com. The LHS always seems to have the same basic format ie. the underscores and the equal sign so it seems obvious that they're trying to accomplish something specific. Is it supposed to help them get past spam filtering, or get around some sort of bug? It is called "variable envelope return path" or more often just VERP. It is a common practice used in modern mailing list management that sends each message with one recipient and a unique envelope sender to assure that any delayed bounces (which are sent to the envelope sender, a.k.a. 'return path') can be positively matched to a user, so that the user can be removed or suspended from a list if there are problems delivering to them that can be understood from the bounce as likely to be repaired. There are related variants on VERP that are used to encode an earlier return path into a new one on forwarded messages (SRS) and as a trick to give every message a unique return path and hence eliminate fake bounces (BATV.) Can anyone enlighten me as to what they're trying to accomplish and if I should be doing anything configuration wise to block them from accomplishing it?? Don't block based solely on VERP use. VERP is almost universally used in business-to-consumer bulk and transactional email, including messages which are very much wanted and valuable. SRS and BATV, which look very similar, are used to make other spam mitigation tactics possible. Is it supposed to help them get past spam filtering, or get around some sort of bug? It's all about spam, like everything these days in email... But it is NOT about getting around filters. It is about enabling rigorous bounce handling (GOOD!) so that bulk mail senders can avoid sending de facto spam and keep their lists clean. The similar-looking BATV and SRS are tactics developed to allow other anti-spam techniques to work with fewer errors. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: How can I set up a very simple postfix server
Steffen Nurpmeso via Postfix-users: > |Alls you need is to 'mount' the maildtop directory into a container > |with read/write permission, and install the Postfix sendmail and > |postdrop programs insalled in the container. As long as there is a > |Postfix pickup daemon running somewhere, it will pick up new messages > |in at most 60 seconds. > > "The problem" (i have given up and did not try it for long) is the > configuration directory. Does this work without configuration > directory? I had to try again. You need at a minimum: - passwd/shadow/group entries for postdrop - $config_directory/main.cf with sendail_path, setgid-group, queue_directory, command_directory - sendmail and postdrop binaries - maildrop directory Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: How can I set up a very simple postfix server
Peter via Postfix-users wrote in <8b2661ea-5560-af5a-e674-d2fb10094...@pajamian.dhs.org>: |On 23/08/23 11:58, Steffen Nurpmeso via Postfix-users wrote: |> "The problem" (i have given up and did not try it for long) is the |> configuration directory. Does this work without configuration |> directory? I had to try again. |> |> So last i tried. |> If you do not compile custom, but still want a custom |> configuration (directory), you need command line options. | |Or you can set the MAIL_CONFIG environment variable, which should be |easy enough to do system-wide. Hm. Whereas this is also an idea for anything session-like (not explicitly cleared thereof that is) i have not thought of, it does not solve "the problem of directory access". But as this seems to me only my problem (occasionally container support shows up, but that is something different .. i think) i am fine with as it is. But i will try out Wietse Venema's suggestion soonish, ie, basic installation in /etc/ but which does not drive the real postfix, and then "making the maildrop available" to the basic installation. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Spam mails seen in logfiles question
Dnia 23.08.2023 o godz. 03:22:21 IUL Support via Postfix-users pisze: > The email will be from > some_spammy_text-myuser=mydomain@notmydomain.com and addressed to > myu...@mydomain.com. > > The LHS always seems to have the same basic format ie. the underscores and > the equal sign so it seems obvious that they're trying to accomplish > something specific. Is it supposed to help them get past spam filtering, > or get around some sort of bug? I think they do it for bounce handling. If the recipient some_spammy_text-myuser=mydomain@notmydomain.com gets a bounce, they know myu...@mydomain.com does not accept their mail. I guess they can use this knowledge to remove the address from their mailing list, but who knows what they are doing with it actually... -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Rate limiting gmail
Dnia 22.08.2023 o godz. 18:27:40 Wietse Venema via Postfix-users pisze: > > Unfortunatey, the Postfix schedulerisn't smart enough to figure out > that a domain is hosted at google. Even if the doain is not google, > it may be hosted there and add to your rate limit. I'm not claiming > that gmail is perfecr, but neither is Postfix. This does not apply to my case (although may apply to OP's case) - I have manually checked the logs, and I did not send at that time to any other domain hosted at Google than gmail.com. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: How can I set up a very simple postfix server
Dnia 23.08.2023 o godz. 09:43:08 Henrik Y via Postfix-users pisze: > Maybe another option is mutt command? > > echo "Body Of the Email" | mutt -a "File_Attachment.csv" -s "Daily > Report for $(date)" -c u...@addr.com -y Mutt calls /usr/sbin/sendmail anyway to send mail, so that doesn't seem to solve anything. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Spam mails seen in logfiles question
Hi All, Have a legacy server that I've just taken over maintaining. It's set up with postfix that handles a small handful of email users. In looking through the logfile I'll frequently see emails bouncing (and the bounce messages being deferred so they just sit in the queue wasting retries). The email will be from some_spammy_text-myuser=mydomain@notmydomain.com and addressed to myu...@mydomain.com. The LHS always seems to have the same basic format ie. the underscores and the equal sign so it seems obvious that they're trying to accomplish something specific. Is it supposed to help them get past spam filtering, or get around some sort of bug? Can anyone enlighten me as to what they're trying to accomplish and if I should be doing anything configuration wise to block them from accomplishing it?? Is it supposed to help them get past spam filtering, or get around some sort of bug? Cheers, > Mike < ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org