Re: Add subject in logs or into a file ?

2015-04-18 Thread phil 

On 19/04/2015 3:21 PM, Olivier CALVANO wrote:

Hi

Actually, i have a Postfix server and into the logs i have:

Apr 14 20:06:00 mx postfix/smtpd[24600]: 01BF8301079A:
client=o1.email.xx.com [192.xx.xx.153]
Apr 14 20:06:00 mx postfix/cleanup[24932]: 01BF8301079A:
message-id=<14cb9189909.2c84.ab5ac@ismtpd-061>
Apr 14 20:06:00 mx postfix/qmgr[20732]: 01BF8301079A:
from=mailto:xx...@email.xx.com>>, size=18397, nrcpt=1 (queue active)
Apr 14 20:06:01 mx postfix/smtp[24933]: 01BF8301079A: to=mailto:myu...@xx.fr>>, relay=spam.mydomain.org
[2a02:xx:xx:X:X::400]:25, delay=1.5,
delays=0.92/0.04/0.16/0.34, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued
as BDE043004F53)
Apr 14 20:06:01 mx postfix/qmgr[20732]: 01BF8301079A: removed



I am search a solution for put into the logs the subject of the mail.
Directly into the logs, sample:
Apr 14 20:06:01 mx postfix/smtp[24933]: 01BF8301079A: subject=test
logs subject

or into a separate file, sample:
01BF8301079A;test logs subject;

it's possible ?

regards
Olivier



You can do a header check with a regexp in main.cf . . .

header_checks = regexp:/etc/postfix/header_checks

and in that file put something like . . .

/^Subject: / WARN

regards
phil

Add subject in logs or into a file ?

2015-04-18 Thread Olivier CALVANO 
Hi

Actually, i have a Postfix server and into the logs i have:

Apr 14 20:06:00 mx postfix/smtpd[24600]: 01BF8301079A: client=
o1.email.xx.com[192.xx.xx.153]
Apr 14 20:06:00 mx postfix/cleanup[24932]: 01BF8301079A:
message-id=<14cb9189909.2c84.ab5ac@ismtpd-061>
Apr 14 20:06:00 mx postfix/qmgr[20732]: 01BF8301079A:
from=, size=18397, nrcpt=1
(queue active)
Apr 14 20:06:01 mx postfix/smtp[24933]: 01BF8301079A: to=,
relay=spam.mydomain.org[2a02:xx:xx:X:X::400]:25, delay=1.5,
delays=0.92/0.04/0.16/0.34, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
BDE043004F53)
Apr 14 20:06:01 mx postfix/qmgr[20732]: 01BF8301079A: removed



I am search a solution for put into the logs the subject of the mail.
Directly into the logs, sample:
   Apr 14 20:06:01 mx postfix/smtp[24933]: 01BF8301079A: subject=test logs
subject

or into a separate file, sample:
   01BF8301079A;test logs subject;

it's possible ?

regards
Olivier

Rate limiting to gmail, yahoo

2015-04-18 Thread Alex Regan 

Hi,

I have a fedora20 system with postfix-2.10.5 that is primarily used as a 
mail store. I'd like to get some kind of rate limiting working to build 
a better reputation with gmail and other systems.


This server has a couple of hundred IMAP users for a branch of a larger 
company. The mail is sent from the corporate server, through a mail 
router, then delivered on this system. Many of these users forward their 
mail off this system to a remote account, many of which are gmail and yahoo.


On occasion, the corporate office sends a few thousand messages to the 
recipients on this system, which causes the system to queue these 
messages then forward hundreds at a time to the user's remote yahoo and 
gmail accounts. This frequently results in temporary bounces such as:


Apr 18 09:04:38 email postfix/smtp[30964]: 0B83D40570: host 
gmail-smtp-in.l.google.com[64.233.171.26] said: 421-4.7.0 [66.XX.XX.100 
 15] Our system has detected an unusual rate of 421-4.7.0 
unsolicited mail originating from your IP address. To protect our 
421-4.7.0 users from spam, mail sent from your IP address has been 
temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 
http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 
4.7.0 Email Senders Guidelines. n88si4525330qge.91 - gsmtp (in reply to 
end of DATA command)


I'm trying to understand how best to rate limit mail to a group of 
senders without too significantly delaying mail to these recipients.


Maybe one approach would be to implement the delay in the same way gmail 
does on the mail router, such that mail is delayed at the corporate system?


The problem I'm having with my current configuration is mail is being 
delivered entirely too slowly. I hoped someone had a configuration they 
know to work with gmail or could generally explain what I'm doing wrong.


Setting a destination_rate_delay to 2s seems entirely too slow. I 
currently have destination_recipient_limit set to 15 or so.


I feel like it would be nice to have an initial destination delay, then 
no further throttling, but I'd love to hear people's experiences on if 
that was a good idea.


I've created these services in master.cf:

polite unix - - n - - smtp
-o syslog_name=postfix-polite
turtle unix - - n - - smtp
-o syslog_name=postfix-turtle

My transport_rate file looks like this:

/\@gmail\.com$/ polite:
/yahoo(\.[a-z]{2,3}){1,2}$/ turtle:
/\@hotmail\.com$/ polite:
/secureserver\.net$/ polite:

Suggestions for other common systems that would be good candidates for 
throttling?


I've included my main.cf below. Thanks for any ideas.

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_mail_to_files = alias,forward
always_bcc = mail-archive
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd 
$daemon_directory/$process_name $process_id & sleep 5

disable_mime_input_processing = no
header_checks = pcre:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 2d
message_size_limit = 2400
mydestination = $myhostname, localhost.$mydomain
mynetworks = 127.0.0.0/8, 64.X.XX.0/27
newaliases_path = /usr/bin/newaliases.postfix
transport_maps = regexp:/etc/postfix/transport_limit
polite_destination_concurrency_limit = 10
polite_destination_rate_delay = 2s
polite_destination_recipient_limit = 15
polite_initial_destination_concurrency = 1
queue_directory = /var/spool/postfix
rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
readme_directory = /usr/share/doc/postfix/README_FILES
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_CAfile = /var/www/mail.example.com-443/ssl/gd_bundle-2014.crt
smtp_tls_exclude_ciphers = 3DES
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_non_fqdn_sender,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_invalid_helo_hostname,
reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
reject_rhsbl_helo mykey.dbl.dq.spamhaus.net,
 check_client_access hash:/etc/postfix/client_checks,
check_sender_access hash:/etc/postfix/sender_checks,
check_recipient_access pcre:/etc/postfix/local_recip_map, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_loc

Re: Blocking compromised accounts (outgoing spam) and auth cracking

2015-04-18 Thread Venkat 
On Sat, Apr 18, 2015 at 11:16 AM, Chuck Peters  wrote:

>
>
> I'm researching migrating some Exim servers to Postfix and would like to
> implement automatic blocking of compromised and spammers' accounts with
> notifications to staff.  Any suggestions?
>
>
>
We are successfully using  Postfix, Policyd, and Swatch to implement
something similar to what you speak of but with notifications vs. automatic
blocking. It has been working well for us for the past year or so. Let me
know if you want more details on the approach.

cheers,

VM

RE: Blocking compromised accounts (outgoing spam) and auth cracking

2015-04-18 Thread Marius Gologan 
In my experience, anti-spam is a combination of methods. Filtering outgoing
traffic is difficult, especially if spammers don't send worldwide, but in
their own country and language.
Smart spammers do cleanup their lists and do not include links, but keep in
mind:  they need volume while normal users don't.

Implement recipients rate per day for each account (not messages and not
authentications). It should affect their mass mailing. A normal user or
employee has no need to contact 200 - 300 recipients in one day. If they do,
you may consider the number of recipient domains instead.
Compare successful deliveries (per sender) vs hard bounces (non-existing
recipients and domains). <= 1% should be enough to trigger an action.
Obtain spammed recipients at popular providers from your logs (@yahoo,
@gmail etc.) and set them as spam traps in your system covering the whole
alphabet and numbers. Once a trap address (or a combination of traps) is
hit, block the sender or hold the messages.

-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Chuck Peters
Sent: Saturday, April 18, 2015 9:17 PM
To: postfix-users@postfix.org
Subject: Blocking compromised accounts (outgoing spam) and auth cracking



I'm researching migrating some Exim servers to Postfix and would like to
implement automatic blocking of compromised and spammers' accounts with
notifications to staff.  Any suggestions?

On the Exim user list today someone
suggested https://github.com/Exim/exim/wiki/BlockCracking.

Blocking compromised accounts (outgoing spam) and auth cracking

Nowadays users' passwords often are stolen (with drive-by exploits, Windows
malware, phishing) and used for spamming. Spam sent with authentication via
your server causes it to be blacklisted without notice and sometimes no
appeal. Simple rate limiting authenticated users constrains honest users
while still allowing spam to trickle through, your server still ends up in
blacklists. Each server needs automatic detection and blocking of
compromised accounts (stolen passwords). I amended and implemented (for Exim
version 4.67 or higher) Andrew Hearn's idea to check not rate of messages or
all recipients, but rate of attempts to send to nonexistent recipient email
addresses. Vast majority of spammers never try to validate every recipient
address. Spammers harvest strings looking like email addresses from webpages
and disks of trojaned Windowses, then sell huge lists of email addresses to
each other. These lists contain very much email addresses which don't exist
anymore or never existed: Message-Ids, corrupted strings in memory and
files. In short, spammers' lists of email addresses are much dirtier than
lists honest users send to. Honest users are very unlikely to attempt to
send to 100 nonexistent email addresses in one hour. Below I explain in
detail (for novices at Exim) what to change in Exim config for automatic
blocking of compromised and spammers' accounts, with automatic email
notification to sysadmin or your abuse or support staff.
...


Thanks,
Chuck

Re: Blocking compromised accounts (outgoing spam) and auth cracking

2015-04-18 Thread Sebastian Nielsen 
Yes I agree its annoying for your users, but sometimes convience needs to be 
sacrified for security.
As I said, mail could be set up so receiving is allowed, and sending 
internal mail is allowed, but not sending outside, when "away from your home 
network".
Its also possible to set up for example VPN accounts and similiar for 
travelling "VIP" users, so those "VIP" users can use cellphone mail, but 
regular users have to wait until they're home before replying on mail.
By allowing receiving of mail from worldwide, its possible that a user can 
use a GMAIL account to reply to a mail when they are away.
Webmail to be able to access abroad can be setup too. Preferably with strong 
OTP authentication.


Large mail providers like hotmail, gmail and such, can track user behaviour 
and find out if a known spammer logs into a gmail account, and thus block it 
off. This because they have a fairly large "view" of the internet and in 
practice
knows most spammer IPs and ISPs, and can request extra verification via SMS 
for example, when a known spammer IP or suspicious country attempts to logon 
to a GMAIL account.


For a small/medium corporation/organization or private mail, such its 
impossible, and thus its better to rely in whitelisting instead. 
Whitelisting countries, whitelisting ISP ranges and such, to ensure the end 
user's account not get compromised.



-Ursprungligt meddelande- 
From: Patrick Domack

Sent: Saturday, April 18, 2015 11:35 PM
To: postfix-users@postfix.org
Subject: Re: Blocking compromised accounts (outgoing spam) and auth cracking

This sounds painfully annoying.

I hope your uses never travel, take a vacation, or go on a work trip.

And it doesn't stop or help if the user gets a virus on their computer
that uses the local saved credentials on that computer, and also will
make cellphone mail completely unusable.


Quoting Sebastian Nielsen :


I think you are approaching this problem from the wrong end.
Instead of blocking compromised accounts, make sure they cannot be 
compromised.


For example: Configure your server to only accept authentication  from 
valid IPs, for example company internal ones, or implement  geoIP blocking 
so if your organization is located in Country X,  whitelist Country X and 
then disallow every other country to login.
Another thing to implement is IP-range restriction. You could  implement 
this as a policy service, where the first login of a new  user will record 
the IP-range the user's ISP is using (This can be  enumerated by either 
doing a whois lookup against the user's IP,
or doing a ASN lookup against the user's ASN number). This will  return a 
range like 94.185.80.0 - 94.185.87.255 for a small ISP or a  larger range 
like x.x.0.0 to x.x.255.255 for a larger ISP.
Once a user has logged in for the first time, his account will be  locked 
to the ISP he is currently using.


This will cut down on comrpomised accounts and spam very much, since  the 
user's username and password is worthless to anyone who don't  have the 
same ISP as the account's owner.
If you dont want to restrain your users too much, you can always  allow 
receiving of POP3/IMAP mail worldwide without IP restriction,  and also 
allow internal mail, but relayed mail is subject to the IP  restriction.


-Ursprungligt meddelande- From: Chuck Peters
Sent: Saturday, April 18, 2015 8:16 PM
To: postfix-users@postfix.org
Subject: Blocking compromised accounts (outgoing spam) and auth cracking



I'm researching migrating some Exim servers to Postfix and would  like to 
implement automatic blocking of compromised and spammers'  accounts with 
notifications to staff.  Any suggestions?


On the Exim user list today someone suggested 
https://github.com/Exim/exim/wiki/BlockCracking.


Blocking compromised accounts (outgoing spam) and auth cracking

Nowadays users' passwords often are stolen (with drive-by exploits, 
Windows malware, phishing) and used for spamming. Spam sent with 
authentication via your server causes it to be blacklisted without  notice 
and sometimes no appeal. Simple rate limiting authenticated  users 
constrains honest users while still allowing spam to trickle  through, 
your server still ends up in blacklists. Each server needs  automatic 
detection and blocking of compromised accounts (stolen  passwords). I 
amended and implemented (for Exim version 4.67 or  higher) Andrew Hearn's 
idea to check not rate of messages or all  recipients, but rate of 
attempts to send to nonexistent recipient  email addresses. Vast majority 
of spammers never try to validate  every recipient address. Spammers 
harvest strings looking like email  addresses from webpages and disks of 
trojaned Windowses, then sell  huge lists of email addresses to each 
other. These lists contain  very much email addresses which don't exist 
anymore or never  existed: Message-Ids, corrupted strings in memory and 
files. In  short, spammers' lists of email addresses are much dirtier than 
lists hon

Re: Blocking compromised accounts (outgoing spam) and auth cracking

2015-04-18 Thread Patrick Domack 

This sounds painfully annoying.

I hope your uses never travel, take a vacation, or go on a work trip.

And it doesn't stop or help if the user gets a virus on their computer  
that uses the local saved credentials on that computer, and also will  
make cellphone mail completely unusable.



Quoting Sebastian Nielsen :


I think you are approaching this problem from the wrong end.
Instead of blocking compromised accounts, make sure they cannot be  
compromised.


For example: Configure your server to only accept authentication  
from valid IPs, for example company internal ones, or implement  
geoIP blocking so if your organization is located in Country X,  
whitelist Country X and then disallow every other country to login.
Another thing to implement is IP-range restriction. You could  
implement this as a policy service, where the first login of a new  
user will record the IP-range the user's ISP is using (This can be  
enumerated by either doing a whois lookup against the user's IP,
or doing a ASN lookup against the user's ASN number). This will  
return a range like 94.185.80.0 - 94.185.87.255 for a small ISP or a  
larger range like x.x.0.0 to x.x.255.255 for a larger ISP.
Once a user has logged in for the first time, his account will be  
locked to the ISP he is currently using.


This will cut down on comrpomised accounts and spam very much, since  
the user's username and password is worthless to anyone who don't  
have the same ISP as the account's owner.
If you dont want to restrain your users too much, you can always  
allow receiving of POP3/IMAP mail worldwide without IP restriction,  
and also allow internal mail, but relayed mail is subject to the IP  
restriction.


-Ursprungligt meddelande- From: Chuck Peters
Sent: Saturday, April 18, 2015 8:16 PM
To: postfix-users@postfix.org
Subject: Blocking compromised accounts (outgoing spam) and auth cracking



I'm researching migrating some Exim servers to Postfix and would  
like to implement automatic blocking of compromised and spammers'  
accounts with notifications to staff.  Any suggestions?


On the Exim user list today someone suggested  
https://github.com/Exim/exim/wiki/BlockCracking.


Blocking compromised accounts (outgoing spam) and auth cracking

Nowadays users' passwords often are stolen (with drive-by exploits,  
Windows malware, phishing) and used for spamming. Spam sent with  
authentication via your server causes it to be blacklisted without  
notice and sometimes no appeal. Simple rate limiting authenticated  
users constrains honest users while still allowing spam to trickle  
through, your server still ends up in blacklists. Each server needs  
automatic detection and blocking of compromised accounts (stolen  
passwords). I amended and implemented (for Exim version 4.67 or  
higher) Andrew Hearn's idea to check not rate of messages or all  
recipients, but rate of attempts to send to nonexistent recipient  
email addresses. Vast majority of spammers never try to validate  
every recipient address. Spammers harvest strings looking like email  
addresses from webpages and disks of trojaned Windowses, then sell  
huge lists of email addresses to each other. These lists contain  
very much email addresses which don't exist anymore or never  
existed: Message-Ids, corrupted strings in memory and files. In  
short, spammers' lists of email addresses are much dirtier than  
lists honest users send to. Honest users are very unlikely to  
attempt to send to 100 nonexistent email addresses in one hour.  
Below I explain in detail (for novices at Exim) what to change in  
Exim config for automatic blocking of compromised and spammers'  
accounts, with automatic email notification to sysadmin or your  
abuse or support staff.

...


Thanks,
Chuck

Re: Blocking compromised accounts (outgoing spam) and auth cracking

2015-04-18 Thread Sebastian Nielsen 

I think you are approaching this problem from the wrong end.
Instead of blocking compromised accounts, make sure they cannot be 
compromised.


For example: Configure your server to only accept authentication from valid 
IPs, for example company internal ones, or implement geoIP blocking so if 
your organization is located in Country X, whitelist Country X and then 
disallow every other country to login.
Another thing to implement is IP-range restriction. You could implement this 
as a policy service, where the first login of a new user will record the 
IP-range the user's ISP is using (This can be enumerated by either doing a 
whois lookup against the user's IP,
or doing a ASN lookup against the user's ASN number). This will return a 
range like 94.185.80.0 - 94.185.87.255 for a small ISP or a larger range 
like x.x.0.0 to x.x.255.255 for a larger ISP.
Once a user has logged in for the first time, his account will be locked to 
the ISP he is currently using.


This will cut down on comrpomised accounts and spam very much, since the 
user's username and password is worthless to anyone who don't have the same 
ISP as the account's owner.
If you dont want to restrain your users too much, you can always allow 
receiving of POP3/IMAP mail worldwide without IP restriction, and also allow 
internal mail, but relayed mail is subject to the IP restriction.


-Ursprungligt meddelande- 
From: Chuck Peters

Sent: Saturday, April 18, 2015 8:16 PM
To: postfix-users@postfix.org
Subject: Blocking compromised accounts (outgoing spam) and auth cracking



I'm researching migrating some Exim servers to Postfix and would like to 
implement automatic blocking of compromised and spammers' accounts with 
notifications to staff.  Any suggestions?


On the Exim user list today someone suggested 
https://github.com/Exim/exim/wiki/BlockCracking.


Blocking compromised accounts (outgoing spam) and auth cracking

Nowadays users' passwords often are stolen (with drive-by exploits, Windows 
malware, phishing) and used for spamming. Spam sent with authentication via 
your server causes it to be blacklisted without notice and sometimes no 
appeal. Simple rate limiting authenticated users constrains honest users 
while still allowing spam to trickle through, your server still ends up in 
blacklists. Each server needs automatic detection and blocking of 
compromised accounts (stolen passwords). I amended and implemented (for Exim 
version 4.67 or higher) Andrew Hearn's idea to check not rate of messages or 
all recipients, but rate of attempts to send to nonexistent recipient email 
addresses. Vast majority of spammers never try to validate every recipient 
address. Spammers harvest strings looking like email addresses from webpages 
and disks of trojaned Windowses, then sell huge lists of email addresses to 
each other. These lists contain very much email addresses which don't exist 
anymore or never existed: Message-Ids, corrupted strings in memory and 
files. In short, spammers' lists of email addresses are much dirtier than 
lists honest users send to. Honest users are very unlikely to attempt to 
send to 100 nonexistent email addresses in one hour. Below I explain in 
detail (for novices at Exim) what to change in Exim config for automatic 
blocking of compromised and spammers' accounts, with automatic email 
notification to sysadmin or your abuse or support staff.

...


Thanks,
Chuck 



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Blocking compromised accounts (outgoing spam) and auth cracking

2015-04-18 Thread Robert Schetterer 
Am 18.04.2015 um 20:50 schrieb Viktor Dukhovni:
> On Sat, Apr 18, 2015 at 06:16:56PM +, Chuck Peters wrote:
> 
>> I'm researching migrating some Exim servers to Postfix and would like to
>> implement automatic blocking of compromised and spammers' accounts with
>> notifications to staff. Any suggestions?
>>
>> On the Exim user list today someone suggested 
>> https://github.com/Exim/exim/wiki/BlockCracking.
>>
> 
> With Postfix you would generally use a policy service to detect
> anomalous outbound mail from potentially compromised accounts.
> 
> What constitutes anomalous outbound mail is then up to the policy
> service.  Various policy services are in use for this purpose.
> 
> A policy service might even connect to a loopback Postfix SMTP
> service port that is configured to use "recipient verification" to
> check for non-existent addresses (and caches positive/negative
> results) (make sure that SMTP service is not configured to also
> use the same policy service).
> 
> Most users seem to get adequate results with just volume limits.
> 
> If at all possible, generate strong random passwords for submission
> users, these are not passwords users type in very often.  The MUA
> will store the password, so there's no reason to have a "memorable"
> one.  This also avoids passwords that are used at multiple sites
> and get compromised when those sites get breached.
> 

have a look at

https://github.com/croessner/vrfydmn/


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: [SOLVED] smtpd: warning: hostname does not resolve to address Name or service not known

2015-04-18 Thread Krzs 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 18/04/2015 21:19, Noel Jones wrote:
> On 4/18/2015 1:31 PM, Krzs wrote:
> 

> But relay is still denied.  Probably because you forgot to add 
> "permit_sasl_authenticated" to your postfix restrictions, or added 
> it in the wrong place.  Posting a readable "postconf -n" will 
> probably help.
> 
> 
> 
>> To me is defenitly a dns issue
> 
> No, nothing to do with DNS.
> 
>> i have commented out security restrictions in postfix that's how
>> i explain the "relay access denied"
> 
> Ah, and that's why you get relay access denied.

I have put back security restrictions and also corrected
smtp_host_lookup which was set to native instead of dns and i got over
the issue ,thanks everybody

Regards

Gab

- -- 
Key fingerprint = EB67 3CA1 6C61 EACE B705  4EC3 A28D E2DD 4C47 A4D9
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJVMrDXAAoJEKKN4t1MR6TZJb4P/3yp3z7vvW2aawwqOgQO6xiW
Fpe5JKUQss5zmWragrvXWBH2Xwpm94bpDNKHlHFYD2Rx/1zkX+sOAAZZDfn69JzO
x/QjyUg3ghQPzI94NoIIxRQz1fxybcUNwbcGhyYQQsS/j2bINpj+v5yEVijErKZE
qtR4W2cKvd99IAuNYD2m06OOSzhD3yfCmMT0HsGSw3zegdemspk+4eztpRwLnXed
bmwElELnShb9xdz64Dj3l9hlhiqGW13iwvxDsdl8VHaox86z5SBEqoJsFHj7+Ifi
czKPe3Rw3ug/fO+ApfLsDwFkPbqtM9TwaA3LFqEA4EIMOLZXRA6v8liDSlOMT18x
5QZTiBu4yozSycDRhlfXaexrkh5EW+Zltf0gtM47mUtpKw8POvHXDtW9TYOT4LiU
aBA6CYqvW54fuxhT2od7tLyOGJCO8nkPbSJUjFsJpgL9JyqEsnqfkhM7yjidqdqZ
1KVkDjiJRTNKq1z4OY7nTYPNF1BtqR/nWD4ZkQ04UlZIRA++pXdNSqljZl7pWRoM
k7PEPPgR2VaPaz0CZ7vdOL0O80Lm2D6iCV3mtxipomfzrrDUUrIbbrpSKqNwfwdH
dDrCu8vIArPLaUpD0kcJbWsSOwY8vA7W86Tz8XSZiQbXgJjInW3yvwQQHFuTonmY
HvmNpYmWY077sWJPMOGY
=Jwnj
-END PGP SIGNATURE-

Re: smtpd: warning: hostname does not resolve to address Name or service not known

2015-04-18 Thread Noel Jones 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 4/18/2015 1:31 PM, Krzs wrote:
> 
> 
> On 18/04/2015 18:36, Alex JOST wrote:
>> Am 18.04.2015 um 16:35 schrieb Krzs:
> 
>> To me it looks as if everything is working as it should.
>> This might simply be a Thunderbird misconfiguration.
> 
> 
> By thunderbird and connection security SSL/TLS i get:
> 
>> www postfix/smtpd[11453]: warning: hostname anon.riseup.net
>> does not resolve to address 199.58.81.144: Name or service
>> not known www postfix/smtpd[11453]: connect from
>> unknown[199.58.81.144] www postfix/smtpd[11453]: lost
>> connection after UNKNOWN from

The "lost connection after UNKNOWN" is because your thunderbird is
using wrappermode TLS, commonly used on port 465.  You need to set
tbird for "STARTTLS".

> 
> There is a dns issue

Yes, but that isn't the problem.

> to me my actual postconf -n is:

Unreadable, I'm not even going to try.

> 
>> alias_database = hash:/etc/aliases alias_maps =
>> hash:/etc/aliases append_dot_mydomain = no biff = no
>> broken_sasl_auth_clients = yes config_directory =
>> /etc/postfix delay_warning_time = 4h disable_dns_lookups = no
>> disable_vrfy_command = yes 
>> dovecot_destination_recipient_limit = 1 inet_interfaces = all
>>  inet_protocols = all mailbox_size_limit = 0 mydestination = 
>> localhost.localdomain, localhost mydomain = frozenstar.info
> 
> By mutt which has in its own conf:
> 
>> set ssl_force_tls = yes set ssl_starttls = yes
> 
> i get relay access denied and postfix logs say:
> 
>> Apr 18 20:16:48 www postfix/smtpd[23597]: warning: hostname 
>> anon.riseup.net does not resolve to address 199.58.81.144:
>> Name or service not known Apr 18 20:16:48 www
>> postfix/smtpd[23597]: connect from unknown[199.58.81.144] Apr
>> 18 20:16:50 www postfix/smtpd[23597]: Anonymous TLS
>> connection established from unknown[199.58.81.144]: TLSv1.2
>> with cipher DHE-RSA-AES128-SHA (128/128 bits) Apr 18 20:16:51
>> www dovecot: auth-worker(23645):

Good, TLS connection to postfix works when the client is
configured for STARTTLS.

>> mysql(127.0.0.1): Connected to database mailserver Apr 18
>> 20:16:52 www postfix/smtpd[23597]: NOQUEUE: reject: RCPT
>> from unknown[199.58.81.144]: 554 5.7.1
>> : Relay access denied;
>> from=

But the client never sent an AUTH command to postfix; if it had,
it would be logged.  Relay access is denied because the client did
not AUTH.


>> to= proto=ESMTP 
>> helo= Apr 18 20:16:52 www 
>> postfix/smtpd[23597]: lost connection after RCPT from 
>> unknown[199.58.81.144] Apr 18 20:16:52 www
>> postfix/smtpd[23597]: disconnect from unknown[199.58.81.144]
> 
> Claws mail client logs say:

Unreadable, but this is shorter, so I'll try:

> 
>> [20:25:22] SMTP< 220 smtp.frozenstar.info ESMTP Postfix
>> [20:25:22] ESMTP> EHLO localhost [20:25:23] ESMTP<
>> 250-smtp.frozenstar.info [20:25:23] ESMTP< 250-PIPELINING
>> [20:25:23] ESMTP< 250-SIZE 1024 [20:25:23] ESMTP<
>> 250-ETRN [20:25:23] ESMTP< 250-STARTTLS [20:25:23] ESMTP<
>> 250-ENHANCEDSTATUSCODES [20:25:23] ESMTP< 250-8BITMIME
>> [20:25:23] ESMTP< 250 DSN [20:25:23] ESMTP> STARTTLS 
>> [20:25:23] ESMTP< 220 2.0.0 Ready to start TLS [20:25:27]
>> ESMTP>

STARTTLS issued, TLS connection established.

>> EHLO localhost [20:25:27] ESMTP< 250-smtp.frozenstar.info 
>> [20:25:27] ESMTP< 250-PIPELINING [20:25:27] ESMTP< 250-SIZE 
>> 1024 [20:25:27] ESMTP< 250-ETRN [20:25:27] ESMTP<
>> 250-AUTH PLAIN LOGIN [20:25:27] ESMTP< 250-AUTH=PLAIN LOGIN
>> [20:25:27] ESMTP< 250-ENHANCEDSTATUSCODES [20:25:27] ESMTP<
>> 250-8BITMIME [20:25:27] ESMTP< 250 DSN [20:25:27] ESMTP> AUTH
>> LOGIN [20:25:28] ESMTP< 334 VXNlcm5hbWU6 [20:25:28] ESMTP>
>> [USERID] [20:25:28] ESMTP< 334 UGFzc3dvcmQ6 [20:25:28] ESMTP>
>> [PASSWORD] [20:25:28] ESMTP< 235 2.7.0 Authentication
>> successful [20:25:28] ESMTP> MAIL

This time apparently the AUTH worked.  Postfix would have logged a
similar auth successful line.

>> FROM: SIZE=365 [20:25:28] SMTP< 250
>> 2.1.0 Ok [20:25:28] SMTP> RCPT TO:
>> [20:25:29] SMTP< 554 5.7.1 : Relay
>> access denied

But relay is still denied.  Probably because you forgot to add
"permit_sasl_authenticated" to your postfix restrictions, or added
it in the wrong place.  Posting a readable "postconf -n" will
probably help.


> 
> To me is defenitly a dns issue

No, nothing to do with DNS.

> i have commented out security restrictions in postfix that's
> how i explain the "relay access denied"

Ah, and that's why you get relay access denied.


> 
> Regards
> 




  -- Noel Jones
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJVMq4kAAoJEJGRUHb5Oh6gOkoH/i/8NchROmoCl1AVQxs9MSCn
d2jozaQ2JyxGcW4it+NK8P3Ube7VTIr/Su/vX5LjqL7AA0PQlYaLqYFMZLWnqlgy
84LbsahBlTnB5Vt5QRSvSm4eZrdqkHuf6U//myBfZek3FjjgLQLsUx0lKd4MHX5m
Gx7LZimcd0EP9Q+RUyyhk5T5Uce1hP2G3w8w7N8ln4yQF+WxfBTvx8+Z8lk7ErKl
69Ze0NbfwbI3OYANH74bmrIlNDpWmqCLyE4OyxuCLLtePfJyH7bS4keWNm81Jc5O
AcwsDb7mHqai0PolG/bSR5X4XbTwG0P2HjqxuPtY2PokB4me1vL9DjP+oQHY2go=
=Ry2W
-END PGP SIGNATURE-

---

Re: Blocking compromised accounts (outgoing spam) and auth cracking

2015-04-18 Thread Viktor Dukhovni 
On Sat, Apr 18, 2015 at 06:16:56PM +, Chuck Peters wrote:

> I'm researching migrating some Exim servers to Postfix and would like to
> implement automatic blocking of compromised and spammers' accounts with
> notifications to staff. Any suggestions?
> 
> On the Exim user list today someone suggested 
> https://github.com/Exim/exim/wiki/BlockCracking.
> 

With Postfix you would generally use a policy service to detect
anomalous outbound mail from potentially compromised accounts.

What constitutes anomalous outbound mail is then up to the policy
service.  Various policy services are in use for this purpose.

A policy service might even connect to a loopback Postfix SMTP
service port that is configured to use "recipient verification" to
check for non-existent addresses (and caches positive/negative
results) (make sure that SMTP service is not configured to also
use the same policy service).

Most users seem to get adequate results with just volume limits.

If at all possible, generate strong random passwords for submission
users, these are not passwords users type in very often.  The MUA
will store the password, so there's no reason to have a "memorable"
one.  This also avoids passwords that are used at multiple sites
and get compromised when those sites get breached.

-- 
Viktor.

Re: smtpd: warning: hostname does not resolve to address Name or service not known

2015-04-18 Thread Krzs 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On 18/04/2015 18:36, Alex JOST wrote:
> Am 18.04.2015 um 16:35 schrieb Krzs:

> To me it looks as if everything is working as it should. This
> might simply be a Thunderbird misconfiguration.
> 

By thunderbird and connection security SSL/TLS i get:

> www postfix/smtpd[11453]: warning: hostname anon.riseup.net does
> not resolve to address 199.58.81.144: Name or service not known www
> postfix/smtpd[11453]: connect from unknown[199.58.81.144] www
> postfix/smtpd[11453]: lost connection after UNKNOWN from
> unknown[199.58.81.144] www postfix/smtpd[11453]: disconnect from
> unknown[199.58.81.144] www dovecot: auth-worker(13211):
> mysql(127.0.0.1): Connected to database mailserver www dovecot:
> pop3-login: Login: user=, method=PLAIN,
> rip=199.58.81.144, lip=88.198.107.18, mpid=13213, TLS,
> session= www dovecot:
> pop3(ad...@frozenstar.info): Disconnected: Logged out top=0/0,
> retr=0/0, del=0/10, size=41665

There is a dns issue to me my actual postconf -n is:

> alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases 
> append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes 
> config_directory = /etc/postfix delay_warning_time = 4h 
> disable_dns_lookups = no disable_vrfy_command = yes 
> dovecot_destination_recipient_limit = 1 inet_interfaces = all 
> inet_protocols = all mailbox_size_limit = 0 mydestination =
> localhost.localdomain, localhost mydomain = frozenstar.info 
> myhostname = smtp.$mydomain mynetworks = 127.0.0.1 mynetworks_style
> = host myorigin = $mydomain readme_directory = no 
> recipient_delimiter = + relayhost = smtp_tls_cert_file =
> /etc/postfix/ssl/cert.pem smtp_tls_ciphers = export 
> smtp_tls_key_file = /etc/postfix/ssl/key.pem 
> smtp_tls_note_starttls_offer = yes smtp_tls_protocols = !SSLv2 
> smtp_tls_security_level = may smtp_tls_session_cache_database =
> btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner
> = $myhostname ESMTP $mail_name (DeadbyDawn) smtpd_delay_reject =
> yes smtpd_helo_required = yes smtpd_sasl_auth_enable = yes 
> smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain =
> $mydomain smtpd_sasl_path = private/auth 
> smtpd_sasl_security_options = noanonymous smtpd_sasl_type =
> dovecot smtpd_tls_ask_ccert = no smtpd_tls_auth_only = yes 
> smtpd_tls_ccert_verifydepth = 0 smtpd_tls_cert_file =
> /etc/postfix/ssl/cert.pem smtpd_tls_key_file =
> /etc/postfix/ssl/key.pem smtpd_tls_loglevel = 1 
> smtpd_tls_received_header = yes smtpd_tls_security_level = may 
> smtpd_tls_session_cache_database =
> btree:${data_directory}/smtpd_scache smtpd_use_tls = yes 
> tls_random_source = dev:/dev/urandom virtual_alias_maps =
> mysql:/etc/postfix/mysql-virtual-alias-maps.cf 
> virtual_mailbox_domains =
> mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf 
> virtual_mailbox_maps =
> mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_transport
> = dovecot

By mutt which has in its own conf:

> set ssl_force_tls = yes set ssl_starttls = yes

i get relay access denied and postfix logs say:

> Apr 18 20:16:48 www postfix/smtpd[23597]: warning: hostname
> anon.riseup.net does not resolve to address 199.58.81.144: Name or
> service not known Apr 18 20:16:48 www postfix/smtpd[23597]: connect
> from unknown[199.58.81.144] Apr 18 20:16:50 www
> postfix/smtpd[23597]: Anonymous TLS connection established from
> unknown[199.58.81.144]: TLSv1.2 with cipher DHE-RSA-AES128-SHA
> (128/128 bits) Apr 18 20:16:51 www dovecot: auth-worker(23645):
> mysql(127.0.0.1): Connected to database mailserver Apr 18 20:16:52
> www postfix/smtpd[23597]: NOQUEUE: reject: RCPT from
> unknown[199.58.81.144]: 554 5.7.1 : Relay
> access denied; from=
> to= proto=ESMTP
> helo= Apr 18 20:16:52 www
> postfix/smtpd[23597]: lost connection after RCPT from
> unknown[199.58.81.144] Apr 18 20:16:52 www postfix/smtpd[23597]:
> disconnect from unknown[199.58.81.144]

Claws mail client logs say:

> [20:25:22] SMTP< 220 smtp.frozenstar.info ESMTP Postfix [20:25:22]
> ESMTP> EHLO localhost [20:25:23] ESMTP< 250-smtp.frozenstar.info 
> [20:25:23] ESMTP< 250-PIPELINING [20:25:23] ESMTP< 250-SIZE
> 1024 [20:25:23] ESMTP< 250-ETRN [20:25:23] ESMTP< 250-STARTTLS 
> [20:25:23] ESMTP< 250-ENHANCEDSTATUSCODES [20:25:23] ESMTP<
> 250-8BITMIME [20:25:23] ESMTP< 250 DSN [20:25:23] ESMTP> STARTTLS 
> [20:25:23] ESMTP< 220 2.0.0 Ready to start TLS [20:25:27] ESMTP>
> EHLO localhost [20:25:27] ESMTP< 250-smtp.frozenstar.info 
> [20:25:27] ESMTP< 250-PIPELINING [20:25:27] ESMTP< 250-SIZE
> 1024 [20:25:27] ESMTP< 250-ETRN [20:25:27] ESMTP< 250-AUTH
> PLAIN LOGIN [20:25:27] ESMTP< 250-AUTH=PLAIN LOGIN [20:25:27]
> ESMTP< 250-ENHANCEDSTATUSCODES [20:25:27] ESMTP< 250-8BITMIME 
> [20:25:27] ESMTP< 250 DSN [20:25:27] ESMTP> AUTH LOGIN [20:25:28]
> ESMTP< 334 VXNlcm5hbWU6 [20:25:28] ESMTP> [USERID] [20:25:28]
> ESMTP< 334 UGFzc3dvcmQ6 [20:25:28] ESMTP> [PASSWORD] [20:25:28]
> ESMTP< 235 2.7.0 Authentication successful [20:25:28] ESMTP>

Blocking compromised accounts (outgoing spam) and auth cracking

2015-04-18 Thread Chuck Peters 


I'm researching migrating some Exim servers to Postfix and would like to 
implement automatic blocking of compromised and spammers' accounts with 
notifications to staff.  Any suggestions?

On the Exim user list today someone suggested 
https://github.com/Exim/exim/wiki/BlockCracking.

Blocking compromised accounts (outgoing spam) and auth cracking

Nowadays users' passwords often are stolen (with drive-by exploits, Windows 
malware, phishing) and used for spamming. Spam sent with authentication via 
your server causes it to be blacklisted without notice and sometimes no appeal. 
Simple rate limiting authenticated users constrains honest users while still 
allowing spam to trickle through, your server still ends up in blacklists. Each 
server needs automatic detection and blocking of compromised accounts (stolen 
passwords). I amended and implemented (for Exim version 4.67 or higher) Andrew 
Hearn's idea to check not rate of messages or all recipients, but rate of 
attempts to send to nonexistent recipient email addresses. Vast majority of 
spammers never try to validate every recipient address. Spammers harvest 
strings looking like email addresses from webpages and disks of trojaned 
Windowses, then sell huge lists of email addresses to each other. These lists 
contain very much email addresses which don't exist anymore or never existed: 
Message-Ids, corrupted strings in memory and files. In short, spammers' lists 
of email addresses are much dirtier than lists honest users send to. Honest 
users are very unlikely to attempt to send to 100 nonexistent email addresses 
in one hour. Below I explain in detail (for novices at Exim) what to change in 
Exim config for automatic blocking of compromised and spammers' accounts, with 
automatic email notification to sysadmin or your abuse or support staff.
...


Thanks,
Chuck

Re: smtpd: warning: hostname does not resolve to address Name or service not known

2015-04-18 Thread Alex JOST 

Am 18.04.2015 um 16:35 schrieb Krzs:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

That's while i use openssl:


:~$ openssl s_client -starttls smtp -crlf -connect
88.198.107.18:25 CONNECTED(0003) depth=0 C = DE, ST = Berlin, L
= Berlin, O = Frozenstar Communications, OU = SMTP, CN =
smtp.frozenstar.info, emailAddress = admin[at]frozenstar.info
verify error:num=18:self signed certificate verify return:1 depth=0
C = DE, ST = Berlin, L = Berlin, O = Frozenstar Communications, OU
= SMTP, CN = smtp.frozenstar.info, emailAddress =
admin[at]frozenstar.info verify return:1 --- Certificate chain 0
s:/C=DE/ST=Berlin/L=Berlin/O=Frozenstar
Communications/OU=SMTP/CN=smtp.frozenstar.info/emailAddress=admin[at]f

rozenstar.info

[...]


Start Time: 1429367076 Timeout   : 300 (sec) Verify return code: 18
(self signed certificate) --- 250 DSN


If I issue the same command and continue with EHLO AUTH is offered to me 
but my credentials (obviously) get rejected. So far working as it should.

535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6



This is insted by telnet:


:~$ telnet smtp.frozenstar.info 25Trying 88.198.107.18... Connected
to smtp.frozenstar.info. Escape character is '^]'. 220
smtp.frozenstar.info ESMTP Postfix ehlo frozenstar.info
250-smtp.frozenstar.info 250-PIPELINING 250-SIZE 1024 250-ETRN
250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN


AUTH is NOT on the list and logs say:


That's because you told Postfix not to offer AUTH on unsecure connections.
smtpd_tls_auth_only = yes


To me it looks as if everything is working as it should. This might 
simply be a Thunderbird misconfiguration.


--
Alex JOST

Re: unused parameter: policy-spf_time_limit=3600s

2015-04-18 Thread Scott Kitterman 
On Saturday, April 18, 2015 03:48:47 PM Juan Pablo wrote:
> Hello,
> 
> I am having a new Ubuntu 14.04 server set up with postfix.  When using
> postfix check I am seeing warning about unused parameter
> 
>/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter:
> policy-spf_time_limit=3600s
>/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter:
> policy-spf_time_limit=3600s
>/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter:
> policy-spf_time_limit=3600s
>repeat 10 more time
> 
> policy-spf_time_limit = 3600s
> 
> is defined in my main.cf at the bottom
> 
> I have the following installed:
> 
># dpkg -l | grep postfix
>ii  postfix   2.11.0-1ubuntu1   amd64High-performance mail
> transport agent
>ii  postfix-pcre  2.11.0-1ubuntu1  amd64PCRE map support
> for Postfix
>ii  postfix-policyd-spf-python 1.2-1   all  Postfix policy
> server for SPF checking
> 
> Can any person tell me if this entry has been depreciated or if it is
> some other problem?

It means that the parameter is no longer in use.  In this case it usually 
means either you're no longer using the SPF policy server or the master.cf is 
using a different name for the process.

Also, you might want to consider upgrading to 1.3.1 in trusty-backports since 
it's been updated for the changes in RFC 7208.

Scott K

unused parameter: policy-spf_time_limit=3600s

2015-04-18 Thread Juan Pablo 

Hello,

I am having a new Ubuntu 14.04 server set up with postfix.  When using 
postfix check I am seeing warning about unused parameter


  /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
policy-spf_time_limit=3600s
  /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
policy-spf_time_limit=3600s
  /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
policy-spf_time_limit=3600s

  repeat 10 more time

policy-spf_time_limit = 3600s

is defined in my main.cf at the bottom

I have the following installed:

  # dpkg -l | grep postfix
  ii  postfix   2.11.0-1ubuntu1   amd64High-performance mail 
transport agent
  ii  postfix-pcre  2.11.0-1ubuntu1  amd64PCRE map support 
for Postfix
  ii  postfix-policyd-spf-python 1.2-1   all  Postfix policy 
server for SPF checking


Can any person tell me if this entry has been depreciated or if it is 
some other problem?


Thanks

JP

Re: smtpd: warning: hostname does not resolve to address Name or service not known

2015-04-18 Thread Krzs 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On 18/04/2015 16:43, Christian Kivalo wrote:

> you seem to have a local problem with your auth daemon that
> postfix tries to connect to. is dovecot running and an auth socket
> exists at $queue_directory/private/auth?

Dovecot is up and running:

> tcp0  0 0.0.0.0:110 0.0.0.0:*
> LISTEN  658/dovecot tcp0  0 0.0.0.0:143
> 0.0.0.0:*   LISTEN  658/dovecot tcp0  0
> 0.0.0.0:41900.0.0.0:*   LISTEN
> 658/dovecot tcp0  0 0.0.0.0:993 0.0.0.0:*
> LISTEN  658/dovecot tcp0  0 0.0.0.0:995
> 0.0.0.0:*   LISTEN  658/dovecot

and file /etc/dovecot/conf.d/10-master.conf has proper:

> # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth
> { mode = 0660 user = postfix group = postfix }

As also documented in >
https://workaround.org/ispmail/wheezy/setting-up-dovecot

Regards


>> Gab
> 


- -- 
Key fingerprint = EB67 3CA1 6C61 EACE B705  4EC3 A28D E2DD 4C47 A4D9
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJVMnGYAAoJEKKN4t1MR6TZJV4P/2BN94/zqlvezp0aauIi9Jb3
neUyAXQo3hTwIJFpWwGY9eRaXMN9tplhT3D1MsmWx/Xwl4JWeNlyaVSNZknyIc2Q
UiEDid4PjiaT4bh1hMhQbPKcdf9NrHgPuD1i0TdNkJ7Cbf7Pt6bBMuuz14+bUxU2
3a7wudjPoWowl549nPblkxeET1oVE91Nb4OxdPyQ59YYkapaTm9f0rn+fsB+Wlnr
r5YiGeZSqU65oETuNM2YbuyKhXvRRI5GbBkJ2uzbON8X7BdkWe7aIoLUJ+XCfgZw
6FLVV6Q2s+41/954NlNfr3wr+BDkPjxq8gWFkYxTw6h93Bq3b9e3mq7g5Dkkxcys
tYZl01G6f3e5DlqYCuDKFCAnY6P86Q9oWug9oJngqTwVOACeGRi88cYWpTF74Cux
/whoZIWvmBlxtmtYngN54ZtA41CpCQ+tGCrxKCrhBQ+LmMLnT/Bw3/QN3NBgzrUS
kGg/qMYcq/SzuEcZAY8cNbeMifnge7fyy+LmmAQPSHnteGPONMmDIekOlCi0mOTo
M3lyNyr0c7XsGEetCwuv+IKWFC1RicbuANNLMpuLshI5q23y/ryefC5E+bwy5cYF
U1G6HmBOQjDaFFq38DpVesP6+yT6I8a8a2dpCUFy6vcror72d2nSi3jDOUPIbZXL
A5ghLxjjJPQamO3gBSC2
=NPjm
-END PGP SIGNATURE-

Re: smtpd: warning: hostname does not resolve to address Name or service not known

2015-04-18 Thread Christian Kivalo 

On 2015-04-18 15:08, Krzs wrote:


postfix/smtpd[23438]: xsasl_dovecot_server_connect: Connecting Apr
18 15:05:25 www postfix/smtpd[23438]: warning: SASL: Connect to
private/auth failed: Connection refused Apr 18 15:05:25 www
postfix/smtpd[23438]: fatal: no SASL authentication mechanisms Apr
18 15:05:26 www postfix/master[26805]: warning: process
/usr/lib/postfix/smtpd pid 23438 exit status 1 Apr 18 15:05:26 www
postfix/master[26805]: warning: /usr/lib/postfix/smtpd: bad command
startup -- throttling
you seem to have a local problem with your auth daemon that postfix 
tries to connect to.
is dovecot running and an auth socket exists at 
$queue_directory/private/auth?


while i connect through thunderbird.
My mail system was working i don't understand what happened all of a
sudden ,
Regards

Gab


 -c

Re: smtpd: warning: hostname does not resolve to address Name or service not known

2015-04-18 Thread Krzs 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

That's while i use openssl:

> :~$ openssl s_client -starttls smtp -crlf -connect
> 88.198.107.18:25 CONNECTED(0003) depth=0 C = DE, ST = Berlin, L
> = Berlin, O = Frozenstar Communications, OU = SMTP, CN =
> smtp.frozenstar.info, emailAddress = admin[at]frozenstar.info 
> verify error:num=18:self signed certificate verify return:1 depth=0
> C = DE, ST = Berlin, L = Berlin, O = Frozenstar Communications, OU
> = SMTP, CN = smtp.frozenstar.info, emailAddress =
> admin[at]frozenstar.info verify return:1 --- Certificate chain 0
> s:/C=DE/ST=Berlin/L=Berlin/O=Frozenstar
> Communications/OU=SMTP/CN=smtp.frozenstar.info/emailAddress=admin[at]f
rozenstar.info
>
> 
i:/C=DE/ST=Berlin/L=Berlin/O=Frozenstar
Communications/OU=SMTP/CN=smtp.frozenstar.info/emailAddress=admin[at]fro
zenstar.info
> --- Server certificate -BEGIN CERTIFICATE- 
> MIIGIzCCBAugAwIBAgIJAPV+AisgHuWIMA0GCSqGSIb3DQEBBQUAMIGnMQswCQYD 
> VQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xIjAgBgNV

> WjCBpzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVy 
> bGluMSIwIAYDVQQKDBlGcm96ZW5zdGFyIENvbW11bmljYXRpb25zMQ0wCwYDVQQL 
> DARTTVRQMR0wGwYDVQQDDBRzbXRwLmZyb3plbnN0YXIuaW5mbzEkMCIGCSqGSIb3 
> DQEJARYVYWRtaW5AZnJvemVuc3Rhci5pbmZvMIICIjANBgkqhkiG9w0BAQEFAAOC

> 5arrfxBqFmGC7oaKftdlek5d+7VHwN9/CBkMXncPLKGm/x6x/zWMOrXXeCOoqBl+ 
> 73yH0exuNAeTRKR6L/PAf4peIZVxCrlc2c9defUOhUeiMqHIVkXWFR+4iwlSSDEF 
> wIIeLu/3xy5vr1dPAEqvpcRH/LzvF6KFJTT7EWzdMSwWWvxHHmUoFFQbI44ionrd 
> BLW22easVlWo2KSRCWUBR2QHCKI2E718ikoQ92saOmM2B4V2+QsD -END
> CERTIFICATE- subject=/C=DE/ST=Berlin/L=Berlin/O=Frozenstar
> Communications/OU=SMTP/CN=smtp.frozenstar.info/emailAddress=admin[at]f
rozenstar.info
>
> 
issuer=/C=DE/ST=Berlin/L=Berlin/O=Frozenstar
Communications/OU=SMTP/CN=smtp.frozenstar.info/emailAddress=admin[at]fro
zenstar.info
> --- No client certificate CA names sent --- SSL handshake has read
> 2706 bytes and written 466 bytes --- New, TLSv1/SSLv3, Cipher is
> ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure
> Renegotiation IS supported Compression: NONE Expansion: NONE 
> SSL-Session: Protocol  : TLSv1.2 Cipher:
> ECDHE-RSA-AES256-GCM-SHA384 Session-ID:
> DE1240991CE9AA59F9337E80106A4365343E4C76FB371E4BD9CD53B98D2A1BB0 
> Session-ID-ctx: Master-Key:
> 55B8C0826A345F5BF08D9740D35305ED2C9699A03ED2B9C9B99620745B6742FD163CAB
0E0A7D8B9A80616FECBC9D3F71
>
> 
Key-Arg   : None
> PSK identity: None PSK identity hint: None SRP username: None TLS
> session ticket lifetime hint: 3600 (seconds) TLS session ticket: 
>  - fd 8a bb 58 ce bb 59 5b-d8 34 d6 73 69 2e bb db
> ...X..Y[.4.si... 0010 - ab 9f f7 84 36 ef 4c f8-62 35 3f 4e 81 30
> 78 da   6.L.b5?N.0x. 0020 - 43 fa 3a a1 a9 29 03 c1-1e dd cf 85
> 91 8a b0 ac   C.:..).. 0030 - 09 62 93 b7 0f b8 eb e0-cc 4f
> 09 6c 1a 31 73 5b   .b...O.l.1s[


> 0080 - ce 11 1b c0 1e 16 ae cb-5a 74 87 cd f2 74 f7 b7
> Zt...t.. 0090 - 0f 23 8a b1 4a ec 52 05-9f 08 79 7d a7 b2
> 4c 43   .#..J.R...y}..LC
> 
> Start Time: 1429367076 Timeout   : 300 (sec) Verify return code: 18
> (self signed certificate) --- 250 DSN

This is insted by telnet:

> :~$ telnet smtp.frozenstar.info 25Trying 88.198.107.18... Connected
> to smtp.frozenstar.info. Escape character is '^]'. 220
> smtp.frozenstar.info ESMTP Postfix ehlo frozenstar.info 
> 250-smtp.frozenstar.info 250-PIPELINING 250-SIZE 1024 250-ETRN 
> 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN

AUTH is NOT on the list and logs say:

> postfix/smtpd[27162]: warning: hostname riseup.net does not resolve
> to address 199.58.81.144: Name or service not known Apr 18 16:26:51
> www postfix/smtpd[27162]: connect from unknown[199.58.81.144] Apr
> 18 16:26:53 www postfix/smtpd[27162]: Anonymous TLS connection
> established from unknown[199.58.81.144]: TLSv1.2 with cipher
> ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Apr 18 16:26:53 www
> dovecot: auth-worker(27188): mysql(127.0.0.1): Connected to
> database mailserver Apr 18 16:26:55 www postfix/smtpd[27162]:
> warning: unknown[199.58.81.144]: SASL PLAIN authentication failed:
>  Apr 18 16:27:02 www postfix/smtpd[27162]: warning:
> unknown[199.58.81.144]: SASL LOGIN authentication failed:
> UGFzc3dvcmQ6

Connection to mysql seems to work but not the authentication

Regards




On 18/04/2015 16:02, Danny Horne wrote:
> 
> 
> On 18/04/2015 2:08 pm, Krzs wrote:
>> SMTPD does starttls
>> 
>>> 220 2.0.0 Ready to start TLS
> 
> 'Ready to start TLS' isn't the same as a running TLS connection,
> you've shown no evidence of the key negotiation (if that's what
> it's called) required to create the encrypted connection, and I
> don't believe you can do this from a telnet session anyway.
> 
> This site helped me understand the process -
> 
> https://qmail.jms1.net/test-auth.shtml
> 

- -- 
Key fingerprint = EB67 3CA1 6C61 EACE B705  4EC3 A28D E2DD 4C47 A4D9
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJVMmvJAAoJEKKN4t1MR6TZrZ4P/2fecQbA5Vr71+GX/x

Re: smtpd: warning: hostname does not resolve to address Name or service not known

2015-04-18 Thread Danny Horne 


On 18/04/2015 2:08 pm, Krzs wrote:
> SMTPD does starttls
> 
>> 220 2.0.0 Ready to start TLS

'Ready to start TLS' isn't the same as a running TLS connection, you've
shown no evidence of the key negotiation (if that's what it's called)
required to create the encrypted connection, and I don't believe you can
do this from a telnet session anyway.

This site helped me understand the process -

https://qmail.jms1.net/test-auth.shtml



signature.asc
Description: OpenPGP digital signature

Re: smtpd: warning: hostname does not resolve to address Name or service not known

2015-04-18 Thread Krzs 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I did set an A record for my MX domain name

> smtp.frozenstar.info. 3600IN  A   88.198.107.18

SMTPD does starttls

> 220 2.0.0 Ready to start TLS

but i noticed this SSL error in logs:

> warning: TLS library problem: 1958:error:140760FC:SSL
> routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:649:

These are debug logs (hope you accept them):

> Apr 18 15:05:23 www postfix/smtpd[23438]: > unknown[199.58.81.144]:
> 250-smtp.frozenstar.info Apr 18 15:05:23 www postfix/smtpd[23438]:
> > unknown[199.58.81.144]: 250-PIPELINING Apr 18 15:05:23 www
> postfix/smtpd[23438]: > unknown[199.58.81.144]: 250-SIZE 1024 
> Apr 18 15:05:23 www postfix/smtpd[23438]: > unknown[199.58.81.144]:
> 250-ETRN Apr 18 15:05:23 www postfix/smtpd[23438]: >
> unknown[199.58.81.144]: 250-STARTTLS Apr 18 15:05:23 www
> postfix/smtpd[23438]: > unknown[199.58.81.144]:
> 250-ENHANCEDSTATUSCODES Apr 18 15:05:23 www postfix/smtpd[23438]: >
> unknown[199.58.81.144]: 250-8BITMIME Apr 18 15:05:23 www
> postfix/smtpd[23438]: > unknown[199.58.81.144]: 250 DSN Apr 18
> 15:05:23 www postfix/smtpd[23438]: < unknown[199.58.81.144]:
> STARTTLS Apr 18 15:05:23 www postfix/smtpd[23438]: >
> unknown[199.58.81.144]: 220 2.0.0 Ready to start TLS Apr 18
> 15:05:23 www postfix/smtpd[23438]: send attr request = seed Apr 18
> 15:05:23 www postfix/smtpd[23438]: send attr size = 32 Apr 18
> 15:05:23 www postfix/smtpd[23438]: private/tlsmgr: wanted
> attribute: status Apr 18 15:05:23 www postfix/smtpd[23438]: input
> attribute name: status Apr 18 15:05:23 www postfix/smtpd[23438]:
> input attribute value: 0 Apr 18 15:05:23 www postfix/smtpd[23438]:
> private/tlsmgr: wanted attribute: seed Apr 18 15:05:23 www
> postfix/smtpd[23438]: input attribute name: seed Apr 18 15:05:23
> www postfix/smtpd[23438]: input attribute value:
> +pxhGKo7ErHn9aDMYfY+PQaKkQcNeC1y/DhpAgqXUiY= Apr 18 15:05:23 www
> postfix/smtpd[23438]: private/tlsmgr: wanted attribute: (list
> terminator) Apr 18 15:05:23 www postfix/smtpd[23438]: input
> attribute name: (end) Apr 18 15:05:25 www postfix/smtpd[23438]:
> Anonymous TLS connection established from unknown[199.58.81.144]:
> TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Apr
> 18 15:05:25 www postfix/smtpd[23438]: xsasl_dovecot_server_create:
> SASL service=smtp, realm=frozenstar.info Apr 18 15:05:25 www
> postfix/smtpd[23438]: name_mask: noanonymous Apr 18 15:05:25 www
> postfix/smtpd[23438]: xsasl_dovecot_server_connect: Connecting Apr
> 18 15:05:25 www postfix/smtpd[23438]: warning: SASL: Connect to
> private/auth failed: Connection refused Apr 18 15:05:25 www
> postfix/smtpd[23438]: fatal: no SASL authentication mechanisms Apr
> 18 15:05:26 www postfix/master[26805]: warning: process
> /usr/lib/postfix/smtpd pid 23438 exit status 1 Apr 18 15:05:26 www
> postfix/master[26805]: warning: /usr/lib/postfix/smtpd: bad command
> startup -- throttling

while i connect through thunderbird.
My mail system was working i don't understand what happened all of a
sudden ,
Regards

Gab



On 18/04/2015 12:19, Danny Horne wrote:
> 
> 
> On 17/04/2015 1:02 pm, Krzs wrote:
>> :~$ telnet smtp.myFQDN 25 Trying 1.2.3.4 ... Connected to
>> myFQDN. Escape character is '^]'. 220 smtp.myFQDN ESMTP Postfix 
>> ehlo smtp.myFQDN 250-smtp.myFQDN 250-PIPELINING 250-SIZE
>> 1024 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 
>> 250-8BITMIME 250 DSN mail from: admin@myFQDN 250 2.1.0 Ok auth
>> plain
>> gibberishtextinbase64encodedvalueoftheusernameadminandpassword 
>> 503 5.5.1 Error: authentication not enabled Connection closed by
>> foreign host.
> 
> I'm no expert, but it seems to me that you're trying to
> authenticate before setting up a TLS connection
> 

- -- 
Key fingerprint = EB67 3CA1 6C61 EACE B705  4EC3 A28D E2DD 4C47 A4D9
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJVMldEAAoJEKKN4t1MR6TZHJIP/Amc26ozXajfjUo4EcHnMmff
CHzHd8OXsBxASr6M0aYuYVBMCYE3e78+lQQ+VOFZLaAnM3maNp27JHQfEW7iP8Np
mAApduaY640RaI3743hLRzlviLuca1CWG+scdsqLkn3rMNTPMElovzSf0gUflfwE
mcpxkI4nzliuFYxo9dzNmv8Ymfp5OhhBua8ZFLDRAUITPObol+PcJWgkeYCa+avI
8H/evv5NwT+eYx1evN3dF+C1RUHby9QpEYQMUAEtdqLNbZB/RsNkRiwfEW3RezGK
TpjJgmI+2osU0dbG2Q6lCz1KiCztuzsNOV2bUd5IrlKreqfGEXXkp11mVdHsxyqW
xSTPNqBaysBWOdPhduSOZwovwlGTHzsU2iAQt/c7FgR2xXpI/uMvu2lPBvEXWsSI
btdi+J3eD8GLPuFw6LR4eke8qWxINCDCvq6op8Iu5IyX3aUa+YFkbMxsBbrDu0WM
RsWjqcIF4mcMGMidMLcw0sHkLPK7IrLGe55lZgv4mC3ZlXJKmjPuh0t3/WvesHz4
242qtWtz3rWRiG+yG3Me87GtFbQQ9y7sqZT6cFtQTw1cav/eMFKHbgfW7laj7g8J
W0rkcCpuva9CIr5NQIvqV+gUsiC5MoNhd9ewEH/eHZkLiSa4LcLDs+2WmS/cFk5w
Zln2x1cEa8IxQyuD/sds
=mOGK
-END PGP SIGNATURE-

Re: smtpd: warning: hostname does not resolve to address Name or service not known

2015-04-18 Thread Danny Horne 


On 17/04/2015 1:02 pm, Krzs wrote:
> :~$ telnet smtp.myFQDN 25
> Trying 1.2.3.4 ...
> Connected to myFQDN.
> Escape character is '^]'.
> 220 smtp.myFQDN ESMTP Postfix
> ehlo smtp.myFQDN
> 250-smtp.myFQDN
> 250-PIPELINING
> 250-SIZE 1024
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> mail from: admin@myFQDN
> 250 2.1.0 Ok
> auth plain gibberishtextinbase64encodedvalueoftheusernameadminandpassword
> 503 5.5.1 Error: authentication not enabled
> Connection closed by foreign host.

I'm no expert, but it seems to me that you're trying to authenticate
before setting up a TLS connection



signature.asc
Description: OpenPGP digital signature