email with multiple senders in From:
Hello ppl, I'm using postfix has relay and sometimes appear some messages with multiple senders, from outside but with my domain, like From: j...@domain.xx, a...@domain.xx, ... How can I avoid/delete this messages or mark them like spam in spamassassin? thanks in advance -- :) cumprimentos -- José Luís Faria Network Engineer/Systems Administrator Departamento de Informática Universidade do Minho Braga, Portugal smime.p7s Description: Assinatura criptografada S/MIME
Re: email with multiple senders in From:
W dniu 2012-04-19 10:35, José Luís Faria pisze: Hello ppl, I'm using postfix has relay and sometimes appear some messages with multiple senders, from outside but with my domain, like From: j...@domain.xx, a...@domain.xx, ... How can I avoid/delete this messages or mark them like spam in spamassassin? thanks in advance Hi, I am having the same issue for the last time. What I made was to do regexp check: header_checks = regexp:/etc/postfix/header_checks and in file header_checks: /^From:[ ]*[a-zA-Z0-9]*\@domain.xx[,]*.*$/ REJECT Sorry! No domain.xx in FROM Regards, -- Marek
Problem when sending to suffix domians ( example : abc.com.cn )
Hi All, I have used abc.com ( Example ) domain emails to relay directly to one exchange server by mentioneing the same in transports file. and all other domain mails should be relayed to another defualt relay server which i mentioned on main.cf file . The problem here is when iam sening email to abc.com.cn also it is trying to relay to exchange server which is mentioned in transports file... Transport file is as below /abc.com/ smtp:[IP Address of exchange server] Can anybody help here... My postfix Configuration looks below #postconf -n command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_destination_concurrency_limit = 20 default_process_limit = 200 disable_dns_lookups = yes disable_vrfy_command = yes fast_flush_purge_time = 1d html_directory = no local_destination_concurrency_limit = 4 local_header_rewrite_clients = static:all local_recipient_maps = mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man masquerade_classes = envelope_sender, envelope_recipient, header_sender, header_recipient masquerade_domains = examples.com maximal_backoff_time = 1200s maximal_queue_lifetime = 1d message_size_limit = 4096 mydestination = $myhostname, $mydomain mydomain = example.com myhostname = testserver mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains, mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients, smtpd_access_maps queue_directory = /var/spool/postfix readme_directory = no relayhost = mail.example.com sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_connect_timeout = 120s smtp_helo_timeout = 60s smtp_host_lookup = native smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_hard_error_limit = 10 smtpd_helo_required = yes smtpd_recipient_restrictions = reject_non_fqdn_sender, permit_mynetworks, reject_unauth_destination smtpd_sender_restrictions = permit_mynetworks smtpd_soft_error_limit = 5 transport_maps = regexp:/etc/postfix/transports ***** Thanks in advance Regards, Kalyan -- View this message in context: http://old.nabble.com/Problem-when-sending-to-suffix-domians-%28-example-%3A-abc.com.cn-%29-tp33713272p33713272.html Sent from the Postfix mailing list archive at Nabble.com.
Re: postfix lmtp ssl failure
On Wed, Apr 18, 2012 at 08:44:49PM -0700, fr47Tb wrote: > Having difficulty with communications between cyrus-imapd lmtpd (version > 2.4.14) and postfix lmtp (version 2.9.1) using openssl > (version 1.0.0-fips 29) on Centos (version 6) system. FIPS could well be a problem, since it imposes limits on algorithms that may be too strict. Is FIPS mode enabled by default? > However communication breaks down between postfix and cyrus. Using TCP (24) > port for common link. It appears that the read for server cipher list is > requested prior to the information being placed in buffer, You're misreading the debug logs. This is not the case. All SSL read calls initially return -1 when the underlying network read buffer is empty, these are then retried after reading more raw data from the network. > cyrus-imapd replies with 454 4.3(.3) TLS not available, then lmtp reads this > as reply cipher list and fails with SSLv3/v2 protocol not found. The real problem is that the lmtp(8) client and the LMTP server are out of sync at this point, the client is starting an SSL handshake, so it believes it got a positive response to STARTTLS. You need to include earlier (plaintext) data exchanged during this session. Either the LMTP client and server are out of sync, or the server erroneously sends a plaintext error message after responding positively to STARTTLS. > Please see log output below. In the future, please include the logs in your message, rather than posting a URL. -- Viktor.
Re: Problem when sending to suffix domians ( example : abc.com.cn )
On Thu, Apr 19, 2012 at 03:33:16AM -0700, kalyanspeaks wrote: > Hi All, > > I have used abc.com ( Example ) domain emails to relay directly to one > exchange server by > mentioneing the same in transports file. and all other domain mails > should be relayed to another defualt relay server which i mentioned on > main.cf file . > > > The problem here is when iam sening email to abc.com.cn also it is > trying to relay to exchange server which is mentioned in transports > file... > > > Transport file is as below > > > /abc.com/ smtp:[IP Address of exchange server] > > > Can anybody help here... If I read the doc right, the regexp-implentation of the OS in use can also be used in the transport file. So you imo should write /abc.com$/ smtp:[IP address of exchange server] to only match lines that end with abc.com (under Linux regexps are documented in 'man 7 regex' As I don't have much clue of postfix, I'm not sure whether this is helpful. Apologizes if not. lG -- Michael P. Demelbauer Systemadministration WSR Arsenal, Objekt 20 1030 Wien -- root@blarozzo:/# apt-get moo (__) (oo) /--\/ / ||| * /\---/\ ~~ ~~ "Have you mooed today?"...
Re: Problem when sending to suffix domians ( example : abc.com.cn )
Hello Michael, Thank you very much ...Its working.great help... Regards, Kalyan Michael P. Demelbauer wrote: > > On Thu, Apr 19, 2012 at 03:33:16AM -0700, kalyanspeaks wrote: >> Hi All, >> >> I have used abc.com ( Example ) domain emails to relay directly to one >> exchange server by >> mentioneing the same in transports file. and all other domain mails >> should be relayed to another defualt relay server which i mentioned on >> main.cf file . >> >> >> The problem here is when iam sening email to abc.com.cn also it is >> trying to relay to exchange server which is mentioned in transports >> file... >> >> >> Transport file is as below >> >> >> /abc.com/ smtp:[IP Address of exchange server] >> >> >> Can anybody help here... > > If I read the doc right, the regexp-implentation of the OS in use can > also be used in the transport file. > > So you imo should write > /abc.com$/ smtp:[IP address of exchange server] > > to only match lines that end with abc.com (under Linux regexps are > documented in 'man 7 regex' > > As I don't have much clue of postfix, I'm not sure whether this is > helpful. Apologizes if not. > > lG > -- > Michael P. Demelbauer > Systemadministration > WSR > Arsenal, Objekt 20 > 1030 Wien > -- > root@blarozzo:/# apt-get moo > (__) > (oo) >/--\/ > / ||| > * /\---/\ > ~~ ~~ > "Have you mooed today?"... > > -- View this message in context: http://old.nabble.com/Problem-when-sending-to-suffix-domians-%28-example-%3A-abc.com.cn-%29-tp33713272p33713514.html Sent from the Postfix mailing list archive at Nabble.com.
Re: postfix lmtp ssl failure
On Thu, Apr 19, 2012 at 10:41:11AM +, Viktor Dukhovni wrote: > > Please see log output below. The client HELO in the log decodes as: Version 3.1 cipher suites TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_SEED_CBC_SHA TLS_DHE_DSS_WITH_SEED_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_SEED_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_SEED_CBC_SHA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression methods deflate NULL Perhaps renegotiation support in the server is an issue, but first rule out out-of-sync LMTP, by looking at the protocol plain-text exchange that precedes the SSL handshake. Postfix will not proceed to the SSL stage unless it receives "2XX" in response to STARTTLS. After that point the server may not send plaintext messages. -- Viktor.
Re: defer mail for unknown recipients for one domain only
* Wietse Venema [2012-04-04 01:22]: > To soft-reject unknown recipients in selected domains, in mail from > clients outside the local network, request defer_if_reject at the end > of smtpd_recipient_restrictions: > > /etc/postfix/main.cf: > smtpd_recipient_restrictions = > permit_mynetworks > ... > reject_unauth_destination > ... > check_recipient_access hash:/etc/postfix/final_rcpt_access > > /etc/postfix/final_rcpt_access: > example.com defer_if_reject > > This is approximately the solution that Rob0 proposed. Hi, this works for me, but I put the check before my greylist/whitelist lines: smtpd_recipient_restrictions = permit_mynetworks, permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, check_recipient_access hash:$config_directory/defer_unkown_users, < here # Prevent greylisting for known "good" senders permit_dnswl_client list.dnswl.org, # Do greylisting for a few users/domains check_recipient_access pcre:$config_directory/greylist.pcre I did debug the smtp connections as I wasn't sure if a "defer_if_reject" lookup match would prevent the following checks to run but that's not the case. Thanks again for all your help! Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant
Re: postfix lmtp ssl failure
Viktor Dukhovni wrote: > > On Thu, Apr 19, 2012 at 10:41:11AM +, Viktor Dukhovni wrote: > >> > Please see log output below. > > The client HELO in the log decodes as: > > Version 3.1 > cipher suites > TLS_DHE_RSA_WITH_AES_256_CBC_SHA > TLS_DHE_DSS_WITH_AES_256_CBC_SHA > TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA > TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA > TLS_DH_anon_WITH_AES_256_CBC_SHA > TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA > TLS_RSA_WITH_AES_256_CBC_SHA > TLS_RSA_WITH_CAMELLIA_256_CBC_SHA > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA > TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA > TLS_DH_anon_WITH_3DES_EDE_CBC_SHA > TLS_RSA_WITH_3DES_EDE_CBC_SHA > TLS_DHE_RSA_WITH_AES_128_CBC_SHA > TLS_DHE_DSS_WITH_AES_128_CBC_SHA > TLS_DHE_RSA_WITH_SEED_CBC_SHA > TLS_DHE_DSS_WITH_SEED_CBC_SHA > TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA > TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA > TLS_DH_anon_WITH_AES_128_CBC_SHA > TLS_DH_anon_WITH_SEED_CBC_SHA > TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA > TLS_RSA_WITH_AES_128_CBC_SHA > TLS_RSA_WITH_SEED_CBC_SHA > TLS_RSA_WITH_CAMELLIA_128_CBC_SHA > TLS_DH_anon_WITH_RC4_128_MD5 > TLS_RSA_WITH_RC4_128_SHA > TLS_RSA_WITH_RC4_128_MD5 > TLS_EMPTY_RENEGOTIATION_INFO_SCSV > compression methods > deflate > NULL > > Perhaps renegotiation support in the server is an issue, but first > rule out out-of-sync LMTP, by looking at the protocol plain-text > exchange that precedes the SSL handshake. Postfix will not proceed > to the SSL stage unless it receives "2XX" in response to STARTTLS. > After that point the server may not send plaintext messages. > > -- > Viktor. > > Viktor: Thank you for your response. I have included the debug file as best that I know how below. In regards to renegotiation, I am not sure which command field would allow this option to be set. Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: initializing the client-side TLS engine Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: smtp_stream_setup: maxtime=300 enable_deadline=0 Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 220 mail.test.com server ready Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: > 127.0.0.1[127.0.0.1]:24: LHLO mail.test.com Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-mail.test.com Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-8BITMIME Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-ENHANCEDSTATUSCODES Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-PIPELINING Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-SIZE Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-STARTTLS Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250 IGNOREQUOTA Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: server features: 0x101f size 0 Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: Using LMTP PIPELINING, TCP send buffer size is 50604, PIPELINING buffer size is 4096 Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: smtp_stream_setup: maxtime=300 enable_deadline=0 Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: > 127.0.0.1[127.0.0.1]:24: STARTTLS Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 220 Begin TLS negotiation now Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: setting up TLS connection to 127.0.0.1[127.0.0.1]:24 Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: 127.0.0.1[127.0.0.1]:24: TLS cipher list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!eNULL" Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: looking for session lmtp:127.0.0.1:24:mail.test.com&p=1&c=ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!eNULL in lmtp cache Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: send attr request = lookup Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: send attr cache_type = lmtp Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: send attr cache_id = lmtp:127.0.0.1:24:mail.test.com&p=1&c=ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!eNULL Apr 19 08:47:07 HP_ML110 postfix/tlsmgr[1628]: lookup lmtp session id=lmtp:127.0.0.1:24:mail.test.com&p=1&c=ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!eNULL Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: private/tlsmgr: wanted attribute: status Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: input attribute name: status Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: input attribute value: 4294967295 Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: private/tlsmgr: wanted attribute: session Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: input attribute name: session Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: input attribute value: (end) Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: private/tlsmgr: wanted attribute: (list terminator) Apr 19 08:47:07 HP_ML110 postfix/lmtp[1638]: input attribute name: (end) Apr 19 08:47:07 HP_ML110 postfix/lmt
Re: postfix lmtp ssl failure
On Thu, Apr 19, 2012 at 07:36:04AM -0700, fr47Tb wrote: > Thank you for your response. I have included the debug file as best that I > know how below. > > lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 220 mail.test.com server ready > lmtp[1638]: > 127.0.0.1[127.0.0.1]:24: LHLO mail.test.com > lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-mail.test.com > lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-8BITMIME > lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-ENHANCEDSTATUSCODES > lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-PIPELINING > lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-SIZE > lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-STARTTLS > lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250 IGNOREQUOTA > lmtp[1638]: > 127.0.0.1[127.0.0.1]:24: STARTTLS > lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 220 Begin TLS negotiation now > lmtp[1638]: setting up TLS connection to 127.0.0.1[127.0.0.1]:24 > lmtp[1638]: write to 080B5008 [080CD920] (111 bytes => 111 (0x6F)) > lmtp[1638]: SSL_connect:SSLv2/v3 write client hello A > lmtp[1638]: read from 080B5008 [080D2E80] (7 bytes => 7 (0x7)) > lmtp[1638]: 34 35 34 20 34 2e 33 454 4.3 > lmtp[1638]: SSL_connect:error in SSLv2/v3 read server hello A The server is busted, it attempts to reneg on doing TLS after sending "220 Begin TLS negotiation now". Sending a plaintext "454 ..." error in the midle of the SSL handshake is too late! -- Viktor.
Re: Problem when sending to suffix domians ( example : abc.com.cn )
On 4/19/2012 6:33 AM, kalyanspeaks wrote: > > Hello Michael, > > Thank you very much ...Its working.great help... > Your expression is still broken. /example.com$/ will still match anythingexample.com notexample1com example2com etc... You need to anchor the beginning of the domain name, and periods should be escaped to prevent them from matching any single character. /@example\.com$/ -- Noel Jones > > Regards, > Kalyan > > > > > > > Michael P. Demelbauer wrote: >> >> On Thu, Apr 19, 2012 at 03:33:16AM -0700, kalyanspeaks wrote: >>> Hi All, >>> >>> I have used abc.com ( Example ) domain emails to relay directly to one >>> exchange server by >>> mentioneing the same in transports file. and all other domain mails >>> should be relayed to another defualt relay server which i mentioned on >>> main.cf file . >>> >>> >>> The problem here is when iam sening email to abc.com.cn also it is >>> trying to relay to exchange server which is mentioned in transports >>> file... >>> >>> >>> Transport file is as below >>> >>> >>> /abc.com/ smtp:[IP Address of exchange server] >>> >>> >>> Can anybody help here... >> >> If I read the doc right, the regexp-implentation of the OS in use can >> also be used in the transport file. >> >> So you imo should write >> /abc.com$/ smtp:[IP address of exchange server] >> >> to only match lines that end with abc.com (under Linux regexps are >> documented in 'man 7 regex' >> >> As I don't have much clue of postfix, I'm not sure whether this is >> helpful. Apologizes if not. >> >> lG >> -- >> Michael P. Demelbauer >> Systemadministration >> WSR >> Arsenal, Objekt 20 >> 1030 Wien >> -- >> root@blarozzo:/# apt-get moo >> (__) >> (oo) >>/--\/ >> / ||| >> * /\---/\ >> ~~ ~~ >> "Have you mooed today?"... >> >> >
Re: Virtual domain postfix configuration problem
On 4/18/12 10:15 PM, Noel Jones wrote: On 4/18/2012 10:21 PM, Deron Kazmaier wrote: Seems like this is a semi-common problem, but I just can't get my head around this. I've been struggling with this for over 5 days, and I could really use a fresh pair of eyes: First, TURN OFF ALL THE DEBUG AND VERBOSE LOGGING! Sorry, I was having other troubles, which I had resolved. I actually gave up just a little too soon. After fixing one problem after another with the default virtualmin configuration, I stopped one too soon. Anyway, sorry again about the verbose logs. 9 times out of 10, I need more info than people provide when trying to figure out the problems they are having in my own work. If I have future problems, I'll be sure to start out smaller! mydestination = lisn-mdv.razercut.com, localhost.razercut.com, , localhost, marksteiner.ag, faroutprojects.com, whdt.net Are all these "local" non-virtual domains? Domains handled by postfix should not be listed in more than one address class. http://www.postfix.org/ADDRESS_CLASS_README.html That was one of the many attempts at fixing the problem. I've removed it. It didn't seem to hurt, only put more warnings in the log, but thanks for the reminder! smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject On a general purpose MTA, this must be smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination The final "reject" is causing your current problem. Possibly other problems will show up after you fix this. And that was indeed my problem! The original configuration had no reject and one of the many failed solutions I found on the Internet said to put reject there. Thanks for your help! I would have saved me tons of time by starting here instead of bugging folks at Ubuntu and Virtualmin. Lesson learned. On the bright side (for me at least), I did learn an awful lot about postfix and mail in general. If you get new errors, post the NON VERBOSE log entries and a fresh postfinger with the new configuration. Right now, other than getting SSL working, I am good. Thanks again! Deron -- Noel Jones
spam tags
hi all am getting spams with ***Spam*** tags in the subject line; esp lottery spams; anybody know an effective measure to prevent these i run amavis-new /postscreen on postfix relays and spam levels are tolerable so far except some creep i like the above -bharathan
RE: spam tags
From: owner-postfix-us...@postfix.org [owner-postfix-us...@postfix.org] On Behalf Of K bharathan [kbhara...@gmail.com] Sent: Friday, 20 April 2012 6:47 AM To: postfix users list Subject: spam tags hi all am getting spams with ***Spam*** tags in the subject line; esp lottery spams; anybody know an effective measure to prevent these i run amavis-new /postscreen on postfix relays and spam levels are tolerable so far except some creep i like the above Hi Your own amavis and spamassassin setup is inserting these tags because the reach the "tabbing" threshold in the spammyness points. This isnt a postfix issue. T
Re: postfix lmtp ssl failure
Viktor Dukhovni wrote: > > On Thu, Apr 19, 2012 at 07:36:04AM -0700, fr47Tb wrote: > >> Thank you for your response. I have included the debug file as best that >> I >> know how below. >> >> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 220 mail.test.com server ready >> lmtp[1638]: > 127.0.0.1[127.0.0.1]:24: LHLO mail.test.com >> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-mail.test.com >> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-8BITMIME >> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-ENHANCEDSTATUSCODES >> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-PIPELINING >> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-SIZE >> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250-STARTTLS >> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 250 IGNOREQUOTA >> lmtp[1638]: > 127.0.0.1[127.0.0.1]:24: STARTTLS >> lmtp[1638]: < 127.0.0.1[127.0.0.1]:24: 220 Begin TLS negotiation now >> lmtp[1638]: setting up TLS connection to 127.0.0.1[127.0.0.1]:24 >> lmtp[1638]: write to 080B5008 [080CD920] (111 bytes => 111 (0x6F)) >> lmtp[1638]: SSL_connect:SSLv2/v3 write client hello A >> lmtp[1638]: read from 080B5008 [080D2E80] (7 bytes => 7 (0x7)) >> lmtp[1638]: 34 35 34 20 34 2e 33 454 4.3 >> lmtp[1638]: SSL_connect:error in SSLv2/v3 read server hello A > > The server is busted, it attempts to reneg on doing TLS after > sending "220 Begin TLS negotiation now". Sending a plaintext "454 > ..." error in the midle of the SSL handshake is too late! > > -- > Viktor. > > Viktor: I see the issue now, much troubleshooting ahead. As a comparison I have a lmtptest -t "" -p 24 localhost output which shows no collision. Note however a collision may be generated by multiple test sequences. Makes me think a timing issue is involved. Also using tcpdump the message turns out to be 454 4.3.3 STARTTLS failure ( never receiving initial client sequence properly) S: 220 mail.test.com server ready C: LHLO lmtptest S: 250-mail.test.com S: 250-8BITMIME S: 250-ENHANCEDSTATUSCODES S: 250-PIPELINING S: 250-SIZE S: 250-STARTTLS S: 250 IGNOREQUOTA C: STARTTLS S: 220 Begin TLS negotiation now starting TLS engine setting up TLS connection SSL_connect:before/connect initialization write to 08077BF8 [08085F3B] (113 bytes => 113 (0x71)) 16 03 01 00 6c 01 00 00|68 03 01 4f 90 88 a5 18 0010 6a 61 48 2a 48 91 e6 7b|12 f6 ea 64 11 eb 9c ef 0020 88 ae 04 38 8a 79 6a 77|09 c9 90 00 00 3a 00 39 0030 00 38 00 88 00 87 00 35|00 84 00 16 00 13 00 0a 0040 00 33 00 32 00 9a 00 99|00 45 00 44 00 2f 00 96 0050 00 41 00 05 00 04 00 15|00 12 00 09 00 14 00 11 0060 00 08 00 06 00 03 00 ff|02 01 00 00 04 00 23 0071 - SSL_connect:SSLv3 write client hello A read from 08077BF8 [0807D9EB] (5 bytes => 5 (0x5)) 16 03 01 00 35 read from 08077BF8 [0807D9F0] (53 bytes => 53 (0x35)) 02 00 00 31 03 01 4f 90|88 a5 38 1a e9 95 75 7f 0010 7b 28 4b 52 d0 fa 34 76|1e cf 64 76 9f b0 58 ec 0020 15 0e 44 69 69 f8 00 00|39 01 00 09 ff 01 00 01 0030 00 00 23 0035 - SSL_connect:SSLv3 read server hello A read from 08077BF8 [0807D9EB] (5 bytes => 5 (0x5)) 16 03 01 03 d3 Thank you for your time! -- View this message in context: http://old.nabble.com/postfix-lmtp-ssl-failure-tp33705787p33717651.html Sent from the Postfix mailing list archive at Nabble.com.
Delaying mail delivery
Dear All, I want to keep the messages waiting in queue for delivery for certain time of period (say 10 minutes) destination wise. Presently as soon as the message is being received by postfix is being delivered in the same time. I want to keep message staying in queue for delivery for 10 minutes, and that also destination wise. Thanks/regards, Vishal Agarwal
