Re: Negative Senderscore ?
On 2024-05-06 10:39, gil...@poolp.org wrote: May 5, 2024 11:34 PM, "J Doe" wrote: On 2024-05-05 17:26, gil...@poolp.org wrote: May 5, 2024 11:18 PM, "J Doe" wrote: Hello, Hello, I am using the Senderscore OpenSMTPD filter from packages on OpenBSD 7.5. All packages installed are up-to-date. In my mail server logs I noticed: May 4 20:12:44 server smtpd[58189]: check_senderscore: link-connect addr=115.231.78.9 score=-1 This is the first time I have seen a negative score. According to the Senderscore website[0] scores should be between zero and one hundred. What does a negative result mean ? In most cases, -1 means that the IP address is not known to senderscore, implying a neutral reputation. Hi Gilles, Thank you for your reply. Ok, if a negative number means the address is not known (and has neither a good or bad reputation), does the argument: -blockBelow take this into account ? For example, on my server I use filter check_senderscore proc-exec "filter-senderscore -scoreHeader -blockBelow 11" ... .. so I want scores of 10 and lower to be blocked, but I wouldn't want a negative score blocked as there is no reputation data. Does the filter take that into account or will a negative score lead to a block based on how I have configured it ? Yes, the filter takes that into account. -1 is a filter specific-value to determine if... it should take the value into account. Hi Gilles, Ok, great - thanks for clearing that up for me! - J
Re: Negative Senderscore ?
On 2024-05-05 17:26, gil...@poolp.org wrote: May 5, 2024 11:18 PM, "J Doe" wrote: Hello, Hello, I am using the Senderscore OpenSMTPD filter from packages on OpenBSD 7.5. All packages installed are up-to-date. In my mail server logs I noticed: May 4 20:12:44 server smtpd[58189]: check_senderscore: link-connect addr=115.231.78.9 score=-1 This is the first time I have seen a negative score. According to the Senderscore website[0] scores should be between zero and one hundred. What does a negative result mean ? In most cases, -1 means that the IP address is not known to senderscore, implying a neutral reputation. Hi Gilles, Thank you for your reply. Ok, if a negative number means the address is not known (and has neither a good or bad reputation), does the argument: -blockBelow take this into account ? For example, on my server I use filter check_senderscore proc-exec "filter-senderscore -scoreHeader -blockBelow 11" ... .. so I want scores of 10 and lower to be blocked, but I wouldn't want a negative score blocked as there is no reputation data. Does the filter take that into account or will a negative score lead to a block based on how I have configured it ? Thanks, - J
Negative Senderscore ?
Hello, I am using the Senderscore OpenSMTPD filter from packages on OpenBSD 7.5. All packages installed are up-to-date. In my mail server logs I noticed: May 4 20:12:44 server smtpd[58189]: check_senderscore: link-connect addr=115.231.78.9 score=-1 This is the first time I have seen a negative score. According to the Senderscore website[0] scores should be between zero and one hundred. What does a negative result mean ? Thanks, - J Links: == [0] https://senderscore.org/assess/get-your-score/
Re: filter-dnsbl and Abusix
On 2024-02-10 14:27, Martijn van Duren wrote: On Sat, 2024-02-10 at 14:10 -0500, J Doe wrote: Hello, I have configured OpenSMTPD to make use of: filter-dnsbl: /etc/mail/smtpd.conf . . . filter check_abusix proc-exec "filter-dnsbl -v .black.mail.abusix.zone" user _dnsbl group _dnsbl . . . filter port_25_filters chain { check_rev_DNS, check_spamhaus, check_abusix... } ...however, if I try either the combined DNSBL from Abusix or the black DNSBL from Abusix, it will reject mail from Hotmail as well as e-mail that is hosted via 1&1's e-mail service. The man page for filter-dnsbl mentions Abusix, so I am assuming it supports it, but why would this be happening ? It seems like all responses via Abusix are detected as spam. Does anyone else make use of Abusix and see this behaviour ? Thanks, - J I don't use abusix myself. Some time ago someone pointed out to me that keys were part of the address and thus popped up in the logs and return codes. For the providers that are known to have keys I've implemented a hardcoded way of stripping the key itself. Other than that they have no special treatment in filter-dnsbl. If you're sure these servers aren't listed it might be possible that they return some special whitelist status. To keep filter-dnsbl simple all answers are interpreted at listed. martijn@ Hi Martijn, Thank you for your reply. Yes, in man when it mentioned stripping the key I was confused at first, but then I understood what the documentation meant. I also tried doing a manual lookup of a test value that Abusix mentions on their website via dig - that works and returns 127.x.x.x values - but doing a test against a Hotmail IPv4 address produces no results. I was wondering if my resolver may be the issue. I run my own for the mail server, as I know Spamhaus requires a dedicated resolver and not the use of a public one like: 8.8.8.8, and I made sure to disable QNAME minimization on the off chance that it was interfering, but no luck for the Hotmail IPv4 address, again. I suppose it's possible that there is some sort of issue on Abusix's side, but their status page doesn't list anything for today so far. Ah, well. filter-dnsbl is still great with SpamHaus ... if we can figure out why Abusix is doing what it's doing, it will be nice to make use of it. Maybe all the Abusix servers are distracted by Super Bowl weekend, ha ha. Thanks again, - J
filter-dnsbl and Abusix
Hello, I have configured OpenSMTPD to make use of: filter-dnsbl: /etc/mail/smtpd.conf . . . filter check_abusix proc-exec "filter-dnsbl -v .black.mail.abusix.zone" user _dnsbl group _dnsbl . . . filter port_25_filters chain { check_rev_DNS, check_spamhaus, check_abusix... } ...however, if I try either the combined DNSBL from Abusix or the black DNSBL from Abusix, it will reject mail from Hotmail as well as e-mail that is hosted via 1&1's e-mail service. The man page for filter-dnsbl mentions Abusix, so I am assuming it supports it, but why would this be happening ? It seems like all responses via Abusix are detected as spam. Does anyone else make use of Abusix and see this behaviour ? Thanks, - J
Re: filter-mimedefang temporary error
Hi list and Giovanni, I *think* I might have figured out what was wrong ... I Googled for the expression: "mimedefang undefined subroutine ::do_main_loop", which was showing up in: /var/log/maillog. This brought me to a mailing list archive message[1], that is admittedly old (reply in question at the bottom of webpage is from 19 years ago), and targets Linux, but had a suggestion to try the following when receiving this error: $ mimedefang.pl -test This results in the following output: Can't locate Net/DNS.pm in @INC (you may need to install the Net::DNS module) (@INC contains: /usr/local/bin/modules/lib /usr/local/libdata/perl5/site_perl/amd64-openbsd /usr/local/libdata/perl5/site_perl /usr/libdata/perl5/amd64-openbsd /usr/libdata/perl5) at /usr/local/libdata/perl5/site_perl/Mail/MIMEDefang/Net.pm line 27. BEGIN failed--compilation aborted at /usr/local/libdata/perl5/site_perl/Mail/MIMEDefang/Net.pm line 27. Compilation failed in require at /usr/local/bin/mimedefang.pl line 36. BEGIN failed--compilation aborted at /usr/local/bin/mimedefang.pl line 36. I then pulled down the Perl package: Net::DNS from packages and re-ran: mimedefang.pl -test, which now results in: Filter /etc/mail/mimedefang-filter seems syntactically correct. Now when I restarted mimedefang_multiplexor and mimedefang and submit a test message with a fake: .exe attachment I see in: /var/log/maillog: Jun 23 19:03:03 server mimedefang.pl[22055]: checking message 8eada11c61e2efdc Jun 23 19:03:03 server mimedefang.pl[87731]: 8eada11c61e2efdc: MDLOG,8eada11c61e2efdc,bad_filename,attachment.exe,application/octet-stream,,develo...@server.home.arpa, Test #3 - ATTACHMENT Jun 23 19:03:03 server mimedefang.pl[87731]: 8eada11c61e2efdc: MDLOG,8eada11c61e2efdc,mail_indevelo...@server.home.arpa, Test #3 - ATTACHMENT So it appears that the following steps should be taken when installing the mimedefang filter for OpenSMTPD: $ doas pkg_add filter-mimedefang $ doas pkg_add p5-Net-DNS-1.37 $ doas rcctl enable mimedefang_multiplexor mimedefang $ doas rcctl order mimedefang_multiplexor mimedefang $ doas rcctl start mimedefang_multiplexor $ doas rcctl start mimedefang This suggests to me that the root cause of the problem is a missing dependency for the Perl pacakage: Net::DNS ... am I correct ? - J Links [1] See: https://mimedefang.roaringpenguin.narkive.com/UP7dOGIf/sire-2-44-undefined-subroutine-main-do-main-loop
Re: filter-mimedefang temporary error
On 2023-06-15 11:12, giova...@paclan.it wrote: Hi, some questions: Which MIMEDefang version are you using ? could you provide a maillog with related MIMEDefang errors ? Thanks Giovanni Hi Giovanni, Thanks for your reply. To try and figure out why I wasn't having success, I spun up a VM with OpenBSD 7.3 and applied all syspatches up to today (Thurs June 22). The MIMEDefang version I am using is what gets installed along with the: filter-mimedefang-0.1 package (see below). I have a minimal: smtpd.conf config to test the filter: /etc/mail/smtpd.conf pki server.home.arpa cert "/etc/ssl/server.home.arpa.crt" pki server.home.arpa key "/etc/ssl/private/server.home.arpa.key" table aliasesfile:/etc/mail/aliases filter check_mime proc-exec "filter-mimedefang.pl -d" \ user _mdefang group _mdefang listen on socket filter check_mime listen on lo0 filter check_mime action "local_mail" maildir "/home/developer/mail" alias match from any for local action "local_mail" I then installed the filter: $ doas pkg_add filter-mimedefang-0.1 ... and then attempted to start the two rc scripts: $ doas rcctl start mimedefang_multiplexor $ doas rcctl start mimedefang ... but then I see the following in: /var/log/maillog Jun 22 19:12:31 server mimedefang[97511]: MIMEDefang alive. workersReservedForLoopback=-1 AllowNewConnectionsToQueue=1 doRelayCheck=1 doHeloCheck=0 doSenderCheck=0 doRecipientCheck=0 Jun 22 19:12:31 server mimedefang[97511]: Multiplexor alive - entering main loop Jun 22 19:12:34 server mimedefang-multiplexor[48548]: Starting worker 0 (pid 46278) (1 running): Bringing workers up to minWorkers (2) Jun 22 19:12:34 server mimedefang-multiplexor[48548]: Worker 0 stderr: Undefined subroutine ::do_main_loop called at /usr/local/b Jun 22 19:12:34 server mimedefang-multiplexor[48548]: Worker 0 stderr: in/mimedefang.pl line 36. Jun 22 19:12:34 server mimedefang-multiplexor[48548]: Reap: worker 0 (pid 46278) exited normally with status 9 (WORKER DIED UNEXPECTEDLY) Jun 22 19:12:34 server mimedefang-multiplexor[48548]: Worker 0 resource usage: req=0, scans=0, user=0.000, sys=0.010, nswap=0, majflt=0, minflt=311, maxrss=4304, bi=0, bo=0 Jun 22 19:12:37 server mimedefang-multiplexor[48548]: Starting worker 0 (pid 7077) (1 running): Bringing workers up to minWorkers (2) Jun 22 19:12:37 server mimedefang-multiplexor[48548]: Worker 0 stderr: Undefined subroutine ::do_main_loop called at /usr/local/b Jun 22 19:12:37 server mimedefang-multiplexor[48548]: Worker 0 stderr: in/mimedefang.pl line 36. Jun 22 19:12:37 server mimedefang-multiplexor[48548]: Reap: worker 0 (pid 7077) exited normally with status 9 (WORKER DIED UNEXPECTEDLY) Jun 22 19:12:37 server mimedefang-multiplexor[48548]: Worker 0 resource usage: req=0, scans=0, user=0.000, sys=0.000, nswap=0, majflt=0, minflt=306, maxrss=4252, bi=0, bo=0 ...so based on what I am seeing there, I believe MIMEDefang comes up and is happy, because it sees that: mimedefang-multiplexor is running, but the multiplexor process periodically repeats the: WORKER DIED UNEXPECTEDLY output at regular intervals. If I test this via telnet: $ telnet 127.0.0.1 25 ehlo example.com mail from: rcpt to: data To: Developer From: Root Subject: Test message with no attachment This is a test message . ... I get a "550 Nope" response from OpenSMTPD: Jun 22 19:25:56 server smtpd[10842]: check_mime: < report|0.6|1687476356.867090|smtp-in|protocol-client|36d8435651e33086|. Jun 22 19:25:56 server smtpd[10842]: check_mime: < filter|0.6|1687476356.867356|smtp-in|commit|36d8435651e33086|f5932f6f4f50179a| Jun 22 19:25:56 server smtpd[10842]: check_mime: Unknown return from filter 'smtp-in'|'commit': at /usr/local/libexec/smtpd/filter-mimedefang.pl line 128. Jun 22 19:25:56 server smtpd[10842]: check_mime: > filter-result|36d8435651e33086|f5932f6f4f50179a|reject|550 Nope Jun 22 19:25:56 server smtpd[85608]: 36d8435651e33086 smtp failed-command command="data" result="550 Nope" Jun 22 19:25:56 server smtpd[10842]: check_mime: < report|0.6|1687476356.868024|smtp-in|filter-response|36d8435651e33086|commit|reject|550 Nope Jun 22 19:25:56 server smtpd[10842]: check_mime: < report|0.6|1687476356.868028|smtp-in|protocol-server|36d8435651e33086|550 Nope Jun 22 19:25:56 server smtpd[10842]: check_mime: < report|0.6|1687476356.868029|smtp-in|tx-data|36d8435651e33086|0776c9b2|permfail Jun 22 19:25:56 server smtpd[10842]: check_mime: < report|0.6|1687476356.868124|smtp-in|tx-rollback|36d8435651e33086|0776c9b2 Jun 22 19:25:56 server smtpd[10842]: check_mime: < report|0.6|1687476356.868125|smtp-in|tx-reset|36d8435651e33086|0776c9b2 ...this is different from the temporary error I got in my initial e-mail to the OpenSMTPD list, but that's because I realized I hadn't started: mimedefang_multiplexor and mimedefang. Is there enough information in the output I've shown
Re: /etc/mail/aliases question
On 2023-06-14 18:32, Thomas Bohl wrote: The default is -rw-r--r-- 1 root wheel 2045 Oct 28 2022 aliases My question is - why does smtpd output what it does - particularly the "failed to update table" portion ? Because _smtpd does not have read access to /etc/mail/aliases. Hi Thomas, Ah, you are correct! When I reset the permissions on: alias, alias.db to the defaults you mentioned and then edited aliases and re-ran: newaliases, all is good: Jun 14 20:07:45 server smtpd[87551]: info: Table "aliases" successfully updated Silly mistake on my part ... I must have changed the permissions at some point. Thanks for your help! - J
filter-mimedefang temporary error
Hi, I am making use of: filter-mimedefang for OpenSMTPD. It is available via a: pkg_add and installs successfully. My OpenSMTPD config has the following to configure it: /etc/mail/smtpd.conf filter check_mime proc-exec "filter-mimedefang.pl -d" \ user _mdefang group _mdefang listen on egress inet4 port 25 tls pki server.com \ filter check_mime When I submit either a message with no attachment or a message with an attachment, I get a temporary error warning: Jun 14 19:53:58 server smtpd[10317]: 07b3a84220811d32 smtp failed-command command="data" result="451 Temporary failure, please try again later." On the off chance that this was resulting from a bug that has not surfaced before, I downloaded version 0.2 of the OpenSMTPD filter package from the MIMEDefang website and did a make install, but the problem happens again. Has anyone run into something like this - either with MIMEDefang or more generally with OpenSMTPD reporting a transient error ? Thanks, - J
/etc/mail/aliases question
Hi, I have a question regarding some output to: /var/log/maillog when I update the: /etc/mail/aliases file. If I make a change to: /etc/mail/aliases: $ doas vim /etc/mail/aliases $ doas newaliases I see the following in: /var/log/maillog: ... server smtpd[50072]: /etc/mail/aliases: fopen: Permission denied ... server smtpd[50072]: info: Failed to update table "aliases" However, the output from: newaliases shows: $ doas newaliases /etc/mail/aliases: 69 aliases Test messages also show that the changes to the aliases file are being picked up. The current permissions I have on: /etc/mail/aliases are: -rw-r- 1 root wheel 2.1K Jun 14 17:31 aliases -rw-r- 1 root wheel 64.0K Jun 14 17:31 aliases.db ... and I don't believe I've changed the file permissions (please correct me if this isn't the default set of permissions). My question is - why does smtpd output what it does - particularly the "failed to update table" portion ? Thanks, - J