Re: [courier-users] smtpaccess and 517 rejects woes
> Why is it misconfigured? Its SPF record is fine, and IP 178.63.50.70 > is one of the authorized addresses. > Why wasn't that "none", given that there's no SPF record for mx1.evo.pl? The reject isn't because of SPF, but because of HELO > if BOFHCHECKHELO really does what it's documented to do, and what > indicates this message, then you should not use it, since it violates RFC > 821 and all its successors. It may cause troubles to you (well, it just > did...) Actually, it also slashed about 30% of incoming spam, and I didn't notice any illogical behaviour of my courier when analyzing the logs. This gem is just one of hundreds hosts that connect to my server every day, and they don't have issues (unless, of course, they do, but 99.9% of these are either dynamic IPs or shady mailing servers). I sumbit to you: $ host mx1.evo.pl mx1.evo.pl A 178.63.45.155 However, I'm being reached by 178.63.50.70, thus HELO is mismatched, which suits my aggressive antispam policy - mail is rejected. Getting back to the point of discussion, Sam's hunch was duly justified, I used space instead of tabulation, this has now been fixed but still waiting for another attempt from their side. -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtpaccess and 517 rejects woes
On Fri 28/Nov/2014 13:34:41 +0100 Marcin 'Rambo' Roguski wrote: > I receive mail from one server that is (obviously) misconfigured, but - > unfortunately - it's in my interest to receive mail from it. Why is it misconfigured? Its SPF record is fine, and IP 178.63.50.70 is one of the authorized addresses. > Recently I made rejection rules slightly more agressive, so my bofh > looks like this: > > opt BOFHBADMIME=accept > opt BOFHCHECKHELO=1 > opt MAXRCPT=500 > opt BOFHSPFHARDERROR=fail,softfail > opt BOFHSPFHELO=pass,neutral,none,softfail,error,unknown > opt BOFHSPFMAILFROM=pass,neutral,none,softfail,error,unknown > opt BOFHSPFFROM=pass,neutral,none,softfail,error,unknown,mailfromok > > Works fine, spam is being dropped and occasionally - misconfigured > MTAs, however recently I got this: > > Nov 28 12:31:04 goldsmith courieresmtpd: > error,relay=:::178.63.50.70,from=<-[edited]-@platon.com.pl>: 517 HELO > mx1.evo.pl does not match :::178.63.50.70 Why wasn't that "none", given that there's no SPF record for mx1.evo.pl? Ale -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtpaccess and 517 rejects woes
On 28.11.14 13:34, Marcin 'Rambo' Roguski wrote: >opt BOFHCHECKHELO=1 > >Nov 28 12:31:04 goldsmith courieresmtpd: >error,relay=:::178.63.50.70,from=<-[edited]-@platon.com.pl>: 517 HELO >mx1.evo.pl does not match :::178.63.50.70 if BOFHCHECKHELO really does what it's documented to do, and what indicates this message, then you should not use it, since it violates RFC 821 and all its successors. It may cause troubles to you (well, it just did...) I don't recommend using BOFHCHECKHELO unless it relaxes this check (hostname in helo string points to connecting IP) to for example requiring FQDN with valid A/ record, maybe with addition that it must NOT match or resolv to the local IP address (which is quite common for spamming clients). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fucking windows! Bring Bill Gates! (Southpark the movie) -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Courier 20141127
Development courier build. Download: http://www.courier-mta.org/download.html Changes: - SPF lookups can handle multiple text strings in an SPF DNS record. -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtpaccess and 517 rejects woes
Marcin 'Rambo' Roguski writes: I receive mail from one server that is (obviously) misconfigured, but - unfortunately - it's in my interest to receive mail from it. Recently I made rejection rules slightly more agressive, so my bofh looks like this: opt BOFHBADMIME=accept opt BOFHCHECKHELO=1 opt MAXRCPT=500 opt BOFHSPFHARDERROR=fail,softfail opt BOFHSPFHELO=pass,neutral,none,softfail,error,unknown opt BOFHSPFMAILFROM=pass,neutral,none,softfail,error,unknown opt BOFHSPFFROM=pass,neutral,none,softfail,error,unknown,mailfromok Works fine, spam is being dropped and occasionally - misconfigured MTAs, however recently I got this: Nov 28 12:31:04 goldsmith courieresmtpd: error,relay=::: 178.63.50.70,from=<-[edited]-@platon.com.pl>: 517 HELO mx1.evo.pl does not match :::178.63.50.70 All right, that's what it was supposed to do, but this is the domain I need to get mail from. So I added them to smtpaccess mx1.evo.pl allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0,BOFHNOVRFY=1 178.63.50.70 allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0,BOFHNOVRFY=1 :::178.63.50.70 allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0,BOFHNOVRFY=1 Rebuilt the binary file with makesmtpaccess, restarted everything just in case. But their mail is still being rejected. Two out of these three entries will never be used, the smtpaccess file always gets looked up by the IP address. Try the low-hanging fruit: the smtpaccess file format is somewhat strict, verify that you have exactly one tab character between the IP address, and the settings for the IP address. pgpbh52qcZJjC.pgp Description: PGP signature -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] smtpaccess and 517 rejects woes
On 28/11/14 22:34, Marcin 'Rambo' Roguski wrote: > Nov 28 12:31:04 goldsmith courieresmtpd: error, > relay=:::178.63.50.70,from=<-[edited]-@platon.com.pl>: > 517 HELO mx1.evo.pl does not match :::178.63.50.70 The domain you want to "whitelist" is platon.com.pl so try... platon.com.pl allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0,BOFHNOVRFY=1 -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] smtpaccess and 517 rejects woes
I receive mail from one server that is (obviously) misconfigured, but - unfortunately - it's in my interest to receive mail from it. Recently I made rejection rules slightly more agressive, so my bofh looks like this: opt BOFHBADMIME=accept opt BOFHCHECKHELO=1 opt MAXRCPT=500 opt BOFHSPFHARDERROR=fail,softfail opt BOFHSPFHELO=pass,neutral,none,softfail,error,unknown opt BOFHSPFMAILFROM=pass,neutral,none,softfail,error,unknown opt BOFHSPFFROM=pass,neutral,none,softfail,error,unknown,mailfromok Works fine, spam is being dropped and occasionally - misconfigured MTAs, however recently I got this: Nov 28 12:31:04 goldsmith courieresmtpd: error,relay=:::178.63.50.70,from=<-[edited]-@platon.com.pl>: 517 HELO mx1.evo.pl does not match :::178.63.50.70 All right, that's what it was supposed to do, but this is the domain I need to get mail from. So I added them to smtpaccess mx1.evo.pl allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0,BOFHNOVRFY=1 178.63.50.70 allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0,BOFHNOVRFY=1 :::178.63.50.70 allow,RELAYCLIENT,BOFHCHECKDNS=0,BOFHCHECKHELO=0,BOFHNOVRFY=1 Rebuilt the binary file with makesmtpaccess, restarted everything just in case. But their mail is still being rejected. What did I miss? -- Marcin 'Rambo' Roguski -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users