Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
On 23.05.24 07:00, Northwind via Postfix-users wrote:
will this also stop the valid client's SMTP connection? thank you W
On 23/05/2024 14:27, Scott Techlist via Postfix-users wrote:
All of these entries are using the LOGIN mech. Unless you have an
extremely old outlook express MUA (or similar) you xan and should be
using the PLAIN mech. You can eliminate all of the above attacks by
removing LOGIN from the list of
On Wed, May 22, 2024 at 11:27:15PM -0500, Scott Techlist via Postfix-users
wrote:
> >All of these entries are using the LOGIN mech. Unless you have an
> >extremely old outlook express MUA (or similar) you xan and should be
> >using the PLAIN mech. You can eliminate all of the above attacks by
>
>All of these entries are using the LOGIN mech. Unless you have an
>extremely old outlook express MUA (or similar) you xan and should be
>using the PLAIN mech. You can eliminate all of the above attacks by
>removing LOGIN from the list of mechs you accept.
Peter:
I too see a lot of these so I w
Hi All,
the resubmit service is configured in master.cf:
resubmit unix - n n - 10 pipe
flags=Rq user=nobody null_sender=
argv=/usr/local/libexec/resubmit_mail.sh -N success --
${recipient}
if the user requests a DSN,
On Wed, May 22, 2024 at 12:19:03PM -0500, Greg Sims wrote:
> [root@mail01 postfix]# postconf -nf
> maximal_backoff_time = 16m
> minimal_backoff_time = 2m
> queue_run_delay = 2m
FWIW (not related to your immediate issue) I would not recommend such a
short maximal backoff, you're potentiall
On 23/05/2024 08:33, Northwind via Postfix-users wrote:
Hello list,
In the last two days, my mail system (small size) met attacks.
mail.log shows a lot of this stuff:
May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Ma
Em 22/05/2024 19:33, Northwind via Postfix-users escreveu:
Hello list,
In the last two days, my mail system (small size) met attacks.
mail.log shows a lot of this stuff:
May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Good ideas. thanks a lot Peter.
Things of note from the log entries above:
1/2 of the entries are from the smtp (port 25) service. This service
should be for MX communication only and should not accept
pauthentication. You can eliminate 1/2 of the attempts just by
disabling authenticatio
On 23/05/24 10:55, Wietse Venema via Postfix-users wrote:
2. How to strengthen email system security to stop this?
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
He's
On 23/05/24 10:33, Northwind via Postfix-users wrote:
Hello list,
In the last two days, my mail system (small size) met attacks.
mail.log shows a lot of this stuff:
May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May
will this also stop the valid client's SMTP connection? thank you Wietse.
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
___
Wietse Venema via Postfix-users:
> Northwind via Postfix-users:
> > Hello list,
> >
> > In the last two days, my mail system (small size) met attacks.
> >
> > mail.log shows a lot of this stuff:
> >
> > May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
> > unknown[194.169.175.17]: SASL LOGIN
Northwind via Postfix-users:
> Hello list,
>
> In the last two days, my mail system (small size) met attacks.
>
> mail.log shows a lot of this stuff:
>
> May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
> unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
This just wast
Greg Sims via Postfix-users:
> > It is assumed that you're not a victim of systemd-journald log mangling.
> > It may be dropping some messages, and recording others out of order,
> > breaking "collate". On Linux systems where systemd is doing the
> > logging, you'll want to have Postfix writing it
Hello list,
In the last two days, my mail system (small size) met attacks.
mail.log shows a lot of this stuff:
May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 23 06:24:37 mx postfix/smtps/smtpd[2655958]: warning:
Alexander Leidinger via Postfix-users wrote in
:
|Am 2024-05-22 01:22, schrieb Greg Sims via Postfix-users:
|> TLS connection reuse is being used. About 10% of the connections are
|> reused for large volume ISPs. Small volume ISPs do not see connection
|> reuse. I believe this is as expected
y 22 23:40 /var/log/postfix/log
> -rw--- 1 root postdrop 25747944 May 22 23:40
> /var/log/postfix/log.20240522-234048.gz
>
> See https://www.postfix.org/MAILLOG_README.html and note that rotation
> does not (yet) delete old files, that's up to your cron job.
Pos
> This is perhaps a good time to ask you for your full configuration,
> not just cherry-picked individual settings. Please post the outputs of:
>
> $ postconf -nf
> $ postconf -Mf
>
> with all whitespace (including linebreaks) preserved.
[root@mail01 postfix]# postconf -nf
alias_datab
>
> If the delay is with sending or receiving RSET, then the SMTP client
> log "conversation with XXX timed out". I don't know if that has a
> queue ID logged with that, though. Just grep for 'conversation with'.
[root@mail01 postfix]# journalctl -u postfix.service | grep 'conversation with'
retu
Wietse Venema via Postfix-users:
> Greg Sims via Postfix-users:
> > May 22 03:13:22 mail01.raystedman.org t123/smtp[46725]:
> > 604BE30A4ACA: to=<@gmail.com>,
> > relay=gmail-smtp-in.l.google.com[142.251.2.26]:25, conn_use=2,
> > delay=1576, delays=0.05/1550/25/0.84, dsn=2.0.0, status=sent (250
>
Le 2024-05-22T10:15:34.000+02:00, Matus UHLAR - fantomas via
Postfix-users a écrit :
> On 21.05.24 15:13, Kevin Cousin via Postfix-users wrote:
>> We are using Postfix as relay for our internal apps. This apps
>> are
>>
>> sending mails to final users with from nore...@example.net, but
>>
y 22 23:40 /var/log/postfix/log
> -rw--- 1 root postdrop 25747944 May 22 23:40
> /var/log/postfix/log.20240522-234048.gz
>
We are collecting the log files as input with:
journalctl -u postfix.service | grep 'May 22' >0522.log
It seems that this may be the issue
Greg Sims via Postfix-users:
> May 22 03:13:22 mail01.raystedman.org t123/smtp[46725]:
> 604BE30A4ACA: to=<@gmail.com>,
> relay=gmail-smtp-in.l.google.com[142.251.2.26]:25, conn_use=2,
> delay=1576, delays=0.05/1550/25/0.84, dsn=2.0.0, status=sent (250
> 2.0.0 OK 1716372802 41be03b00d2f7-6578166
2 root postdrop 47 May 22 23:40 /var/log/postfix
-rw--- 1 root root 226 May 22 23:40 /var/log/postfix/log
-rw--- 1 root postdrop 25747944 May 22 23:40
/var/log/postfix/log.20240522-234048.gz
See https://www.postfix.org/MAILLOG_README.html and note that rotation
I am having problems with "collate". I greped a 10 minute portion of
our mail.log which created a 6.8M file. I ran "collate" on this file
and collected the output -- a 796M file. I looked at the file and it
seems to be filled with records like the following:
May 22 02:10:00 mail01.raystedman.o
I have data collection homework to do -- and I will be happy to do it!
Config data and "collate" is next after morning meetings.
Here is some summary data by ISP from the logs:
Email Ave Max Conn
Relay SentDelay
Le 22/05/2024 à 12:35, Greg Sims via Postfix-users a écrit :
Thank you again for your feedback on this issue.
I watched the workload in real time this morning and now have more
insight into what is happening. It appears the large ISPs are using
TLS connection as a way to throttle incoming traff
Greg Sims via Postfix-users:
> This is a sample of delays= for google.com -- 20 and 25 second delays:
>
> 0.01/11/20/0.73,
> 0.01/9.5/20/0.77,
> 0.01/0/25/0.74,
> 0.01/7.6/25/0.91,
> 0.01/6.9/25/1.1,
> 0.01/13/20/4.6,
> 0.01/14/25/0.56,
> 0.01/14/25/1.1,
> 0.01/0/0.22/0.72,
> 0
On Wed, May 22, 2024 at 05:35:25AM -0500, Greg Sims wrote:
> Thank you again for your feedback on this issue.
You're welcome, but I don't see anything in your reply that responds
directly to my requests for more detailed configuration and log data.
> I watched the workload in real time this morn
Thank you again for your feedback on this issue.
I watched the workload in real time this morning and now have more
insight into what is happening. It appears the large ISPs are using
TLS connection as a way to throttle incoming traffic. I looked at the
inbound mail queue and found most of the t
On Tue, May 21, 2024 at 08:31:51AM -0500, Greg Sims wrote:
> Changes:
> * certs back to defaults
> * smtp_tls_loglevel = 1
Better. Now it is time to post a more detailed transcript of a single
message (the sender and recipient addresses can be obfuscated if you
wish, the recipient domain wou
On 21.05.24 15:13, Kevin Cousin via Postfix-users wrote:
We are using Postfix as relay for our internal apps. This apps are
sending mails to final users with from nore...@example.net, but
sometimes, adresses are wrong and a Non delivery notification is
generated ans sent back to nore...@example.n
Am 2024-05-22 01:22, schrieb Greg Sims via Postfix-users:
TLS connection reuse is being used. About 10% of the connections are
reused for large volume ISPs. Small volume ISPs do not see connection
reuse. I believe this is as expected.
I did some testing of our DNS setup. A DNS query using dig
34 matches
Mail list logo
