RBL problems affect mail reception
Hi, On my postfix mail server I have RBL definitions at smtpd_client_restrictions phase. At the moment 2 of 4 rbl's waiting until tcp timeout without an answer when I try with nslookup. This affects my clients. Also client programs are waiting for sending e-mail. Is there any way to put some timeout or any other resoluton for the problem? Regards, Oguz Yilmaz smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, permit_sasl_authenticated, permit_mynetworks, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client dnsbl.njabl.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, permit
Re: not receiveing bounce backs when using postfix
2009/4/4 nr...@firstfinancial.org: Apr 3 23:32:11 mail postfix/smtp[6451]: 96B0EB8: to=df...@yahoo.com, relay=b.mx.mail.yahoo.com[66.196.97.250]:25, delay=0.38, delays=0.28/0.01/0.05/0.04, dsn=5.0.0, status=bounced (host b.mx.mail.yahoo.com[66.196.97.250] said: 554 delivery error: dd This user doesn't have a yahoo.com account (df...@yahoo.com) [-5] - mta241.mail.re3.yahoo.com (in reply to end of DATA command)) Apr 3 23:32:11 mail postfix/cleanup[7281]: 2ACDFBA: message-id=20090404033211.2acd...@mail.firstfinancial.org Apr 3 23:32:11 mail postfix/bounce[31334]: 96B0EB8: sender non-delivery notification: 2ACDFBA Show more logs. 96B0EB8 is the failed delivery to yahoo, 2ACDFBA is the non-delivery notification that postfix will attempt to pass back to Exchange. You need to find where that non-delivery notification has gone.
Re: header_checks doesn't work (postfix 2.5.5 on debian lenny)
On Friday, April 03, 2009 at 18:50 CEST, sosogh sos...@126.com wrote: [...] [r...@postfix]# more recipient_access.txt /special.com/ FILTER smtp:[127.0.0.1]:10026 This regular expression will match not only special.com but also especial.com, a.special.company.net etc. Consider writing a proper regular expression or just use a regular indexed map. You don't need PCRE for this. [...] -- Magnus Bäck mag...@dsek.lth.se
Re: not receiveing bounce backs when using postfix
nr...@firstfinancial.org: Thanks for the fast reply. I fixed the logging issue. From the /var/log/maillog Apr 3 23:32:11 mail postfix/smtp[6451]: 96B0EB8: to=df...@yahoo.com, relay=b.mx.mail.yahoo.com[66.196.97.250]:25, delay=0.38, delays=0.28/0.01/0.05/0.04, dsn=5.0.0, status=bounced (host b.mx.mail.yahoo.com[66.196.97.250] said: 554 delivery error: dd This user doesn't have a yahoo.com account (df...@yahoo.com) [-5] - mta241.mail.re3.yahoo.com (in reply to end of DATA command)) Apr 3 23:32:11 mail postfix/cleanup[7281]: 2ACDFBA: message-id=20090404033211.2acd...@mail.firstfinancial.org Apr 3 23:32:11 mail postfix/bounce[31334]: 96B0EB8: sender non-delivery notification: 2ACDFBA Do: $ grep 2ACDFBA /var/log/maillog Wietse
Re: RBL problems affect mail reception
On Sat, 04 Apr 2009, Oguz Yilmaz wrote: On my postfix mail server I have RBL definitions at smtpd_client_restrictions phase. At the moment 2 of 4 rbl's waiting until tcp timeout without an answer when I try with nslookup. This affects my clients. Also client programs are waiting for sending e-mail. Is there any way to put some timeout or any other resoluton for the problem? If clients and their programs are trusted senders, then exclude them from RBL checks. -- Sahil Tandon sa...@tandon.net
new clamav-milter quarantaine in hold queue script
Hi, the redesign of the clamav-milter 0.95 does quarantaine in the hold queue before infected mails were written to some configurable dir havening them in hold is a nice option but i am thinking of a script getting them out of hold and store in the filesystem and clean up hold i have some clean mailerdaemon script which works likely for deferred started by cron whats your opinion does it sound like a good idea , i dont like the idea that infected mails may i.e hold forever or is there a way, yet ,of configure postfix to unhold them and delete by a configured time period after all i ve asked clamav developers to bring back store in filesystem option, which makes it more easy to investigate infected mails cause sometimes false positives happens with anitpishing code etc -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: not receiveing bounce backs when using postfix
nr...@firstfinancial.org: Here is the output. # grep 2ACDFBA /var/log/maillog Apr 3 23:32:11 triton postfix/cleanup[7281]: 2ACDFBA: message-id=20090404033211.2acd...@mail.firstfinancial.org Apr 3 23:32:11 triton postfix/bounce[31334]: 96B0EB8: sender non-delivery notification: 2ACDFBA Apr 3 23:32:11 triton postfix/smtp[8455]: 2ACDFBA: to=no-re...@firstfinancial.org, relay=none, delay=0.19, delays=0.14/0.05/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=firstfinancial.org type=: Host found but no data record of requested type) 2ACDFBA Is the Postfix bounce message, directed to the sender address of message 96B0EB8 that could not be delivered. If you want to find out why this bounce message is undeliverable, see the mailing list welcome message below. Wietse TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix.
Re: new clamav-milter quarantaine in hold queue script
On Sat, Apr 04, 2009 at 06:16:33PM +0200, Robert Schetterer wrote: havening them in hold is a nice option but i am thinking of a script getting them out of hold and store in the filesystem and clean up hold Here's my suggestion: - Create a second Postfix instance in the same file-system. - Run a cron job to move (rename(2)) messages from the HOLD queue of the main instance into the deferred queue of the second instance, carefully respecting the hash_depth of each directory. - In the second instance, deliver all mail via a suitable daemonized SMTP server or via pipe(8) script. The daemon or script will be the entry point into a quarantine system that eventualy expires unclaimed mail, generates reports and allows other administrative or user actions as you see fit. This means that FILTER transport:nexthop is perhaps a better choice than HOLD, but milters may not be able to express this action... I am not aware of an open-source quarantine add-on for Postfix. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: new clamav-milter quarantaine in hold queue script
Victor Duchovni schrieb: On Sat, Apr 04, 2009 at 06:16:33PM +0200, Robert Schetterer wrote: havening them in hold is a nice option but i am thinking of a script getting them out of hold and store in the filesystem and clean up hold Here's my suggestion: - Create a second Postfix instance in the same file-system. - Run a cron job to move (rename(2)) messages from the HOLD queue of the main instance into the deferred queue of the second instance, carefully respecting the hash_depth of each directory. - In the second instance, deliver all mail via a suitable daemonized SMTP server or via pipe(8) script. The daemon or script will be the entry point into a quarantine system that eventualy expires unclaimed mail, generates reports and allows other administrative or user actions as you see fit. This means that FILTER transport:nexthop is perhaps a better choice than HOLD, but milters may not be able to express this action... I am not aware of an open-source quarantine add-on for Postfix. Hi Victor, this sounds very complicated i was thinking more about a cron cript like this ( surly modified to the hold issue ) #!/bin/sh # we need to clean up MAILER-DAEMON messages #try to deliver by force #postqueue -f #now its time to kill the rest TMPFILE=/tmp/clean.queue.$$ DEFERDIR=/var/spool/postfix/deferred # collect the filenames mailq |grep MAILER-DAEMON | cut -f1 -d ' ' $TMPFILE for DEFERFILE in `cat $TMPFILE` do FILEPATH=`find $DEFERDIR -name $DEFERFILE` #echo $FILEPATH #for debug #echo $DEFERFILE #for debug # # checks in use with spamass. # # egrep -i 'spamassassin|hits\=[0-9]{1,2}\.[0-9]' $FILEPATH /dev/null # if [ $? -eq 0 ] # then # deferred message is most likely spam ## postsuper -d $DEFERFILE deferred # fi done rm -f $TMPFILE /dev/null -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: new clamav-milter quarantaine in hold queue script
On Sat, Apr 04, 2009 at 07:01:08PM +0200, Robert Schetterer wrote: Here's my suggestion: - Create a second Postfix instance in the same file-system. - Run a cron job to move (rename(2)) messages from the HOLD queue of the main instance into the deferred queue of the second instance, carefully respecting the hash_depth of each directory. - In the second instance, deliver all mail via a suitable daemonized SMTP server or via pipe(8) script. The daemon or script will be the entry point into a quarantine system that eventualy expires unclaimed mail, generates reports and allows other administrative or user actions as you see fit. This means that FILTER transport:nexthop is perhaps a better choice than HOLD, but milters may not be able to express this action... I am not aware of an open-source quarantine add-on for Postfix. Hi Victor, this sounds very complicated Yes, I am proposing a robust, comprehensive system that could serve a variety of needs. i was thinking more about a cron cript like this ( surly modified to the hold issue ) What do mail-daemon messages have to do with junk placed in the HOLD queue by a milter TMPFILE=/tmp/clean.queue.$$ DEFERDIR=/var/spool/postfix/deferred # collect the filenames mailq |grep MAILER-DAEMON | cut -f1 -d ' ' $TMPFILE for DEFERFILE in `cat $TMPFILE` do FILEPATH=`find $DEFERDIR -name $DEFERFILE` This is subject to race-conditions, because queue-ids can be re-used. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Backscatter
W dniu 2009-04-04 20:09, LuKreme pisze: I've seen an increase in backscatter emails recently. Perfectly valid headers (AFAICT) Return-Path: X-Original-To: kr...@kreme.com Delivered-To: kr...@covisp.net Received: from mail9.webair.com (mail9.webair.net [74.206.236.69]) by mail.covisp.net (Postfix) with ESMTPS id 4FC10118B5B0 for kr...@kreme.com; Sat, 4 Apr 2009 00:18:38 -0600 (MDT) Received: (qmail 45760 invoked for bounce); 4 Apr 2009 06:18:36 - Date: 4 Apr 2009 06:18:36 - From: mailer-dae...@mail9.webair.com To: kr...@kreme.com Subject: failure notice Message-Id: 20090404061838.4fc10118b...@mail.covisp.net (I did just update this spf record to v=spf1 a mx ip4:75.148.117.94/29 ~all which I expect will help some) Is there some sort of strategy I can implement that will reject a good portion of these kinds of messages? What are other people doing to deal with backscatter? I read up on SRS, but it doesn't sound like a great idea. I'd recommend using rbl checks specified for this: backscatter.map: reject_rbl_client ips.backscatterer.org, reject_rbl_client bl.spamcannibal.org postmaster reject_rbl_client ips.backscatterer.org, reject_rbl_client bl.spamcannibal.org MAILER-DAEMON reject_rbl_client ips.backscatterer.org, reject_rbl_client bl.spamcannibal.org Add check_sender_access hash:/etc/postfix/backscatter.map at the very last of RBLs in smtpd_recipient_restrictions (or other restrisctions if you prefer). For sure you should also read info on those blacklists. IP you've provided as source of backscatter is listed in backscatterer.org. Moreover, SPF won't help you much, because other mailserver admins would have to check it, and it's rarely supported. Pawel Lesniak
Re: new clamav-milter quarantaine in hold queue script
Robert Schetterer wrote: i was thinking more about a cron cript like this ( surly modified to the hold issue ) What do mail-daemon messages have to do with junk placed in the HOLD queue by a milter Here's a dorky script I use to release mail on hold after a few days. I have some questionable header_checks that HOLD mail and don't want to keep mail on hold forever if I'm on vacation or whatever... It can easily be modified to move mail elsewhere or just delete old mail. Caution: if you move the file without renaming it, keep it in the same filesystem to insure unique filenames. Just run from cron a couple times a day. 8X #!/bin/sh # pf-releasehold - automatically release messages from # the hold queue if they are greater than DAYSOLD days old. PBIN=/usr/sbin DAYSOLD=2 QUEUEDIR=`$PBIN/postconf -h queue_directory` HOLDQUEUE=${QUEUEDIR}/hold TMPFILE=/tmp/pfhold-$$ find ${HOLDQUEUE} -type f -mtime +${DAYSOLD} -print ${TMPFILE} if test -z ${TMPFILE} then echo 'nothing to release from hold' rm -f ${TMPFILE} exit fi # if we get this far, there must be something that needs to be released for QUEUEPATH in `cat ${TMPFILE}` do QUEUEID=`basename ${QUEUEPATH}` # change this line to adjust action $PBIN/postsuper -H ${QUEUEID} 21 | mail -s 'pf-releasehold' postmaster done rm -f ${TMPFILE} 8X Of course, the better answer is: If clamav-milter isn't doing what you need, use another milter. There are several milters that can interface to clamd. -- Noel Jones
Re: Backscatter
On 4-Apr-2009, at 16:02, Noel Jones wrote: Best in smtpd_data_restrictions so you don't reject sourceforge and others sender verification probes. Is there anything I need to be concerned about having/not having in smtpd_data_restrictions? it is currently commented out. if I simply put: smtpd_data_restrictions = reject_unauth_pipelining, reject_rbl_client ips.backscatterer.org, reject_rbl_client bl.spamcannibal.org permit is that good enough? (the pipelining was there before in the commented out declaration along with the permit). I am sad to say I am still a little unclear about how the various smtpd_mumble_restrictions work together. IP you've provided as source of backscatter is listed in backscatterer.org. Moreover, SPF won't help you much, because other mailserver admins would have to check it, and it's rarely supported. True. It seems that sites with SPF are less frequently chosen as joe-job victims, but there's no guarantee. At any rate, adding SPF shouldn't hurt anything. Well, I am hoping spf helps a bit. I'd left off the ~all on some domain's configuration and I've noticed a lot os this backscatter has Received-SPF: neutral (mail9.webair.com: 85.9.127.134 is neither permitted nor denied by SPF record at kreme.com) Other suggestions... Add the header_checks suggested in http://www.postfix.org/BACKSCATTER_README.html Note the examples will need to be customized for your site. Oh, those look like a good idea in general, backscatter or not. At least in the header_checks. I am leery of running body_checks as it seems those would be expensive. If you're using SpamAssassin, the VBOUNCE rules are helpful. Yeah, but SA is run after reception. I'd rather reject backscatter than discard it, if possible. Thanks, this is great info. -- I'll trade you 223 Wesley Crushers for your Captain Picard
Re: Backscatter
On Sat, 04 Apr 2009, LuKreme wrote: On 4-Apr-2009, at 16:02, Noel Jones wrote: Best in smtpd_data_restrictions so you don't reject sourceforge and others sender verification probes. Is there anything I need to be concerned about having/not having in smtpd_data_restrictions? it is currently commented out. if I simply put: smtpd_data_restrictions = reject_unauth_pipelining, reject_rbl_client ips.backscatterer.org, reject_rbl_client bl.spamcannibal.org permit The trailing permit is unnecessary. And some people worry about blocking legitimate mail from sites listed on those RBLs. If you share that fear, you could use an access(5) table to limit the RBL lookups (and rejections) only to null envelope senders. is that good enough? (the pipelining was there before in the commented out declaration along with the permit). I am sad to say I am still a little unclear about how the various smtpd_mumble_restrictions work together. For more clarity and general illumination, see: http://www.postfix.org/SMTPD_ACCESS_README.html -- Sahil Tandon sa...@tandon.net
Re: Cannot use restrictions to block emails between local users.
Chances are you'll need to modify the webmail software so that it sends mail via SMTP, then maybe you'll be able to reject it as you want to (this will depend on the webmail software setting the right sender address). Hurray, that worked! I was able block an email after changing SquirrelMail from sendmail to SMTP. FYI, this email server is for internal use, in an environment where people are supposed to only use it to contact their supervisors, and not eachother. thanks!!