Re: Minor documentation issue with DATABASE_README
Peter: > In DATABASE_README the table types are all in bold with the sole > exception of "inline" which has been left un-bolded. > > Just a minor niggle but figured you'd want to know so you can correct it. Thanks. I must have mis-typed some regexp, because it was bolded like this: inline (read-only) It's fixed in the development release. Wietse
Error: queue file write error
I am receiving the transcript file with the error "Error: queue file write error." It appears that postfix is timing out the connection after 10 minutes. The thing that disturbs me is that nothing is logged. Is there a way to get postfix to put something in the logs? Here is the transcript: Transcript of session follows. Out: 220 myserver.net ESMTP Postfix In: EHLO avas10tiga.indosat.net.id Out: 250-myserver.net Out: 250-PIPELINING Out: 250-SIZE 104857600 Out: 250-ETRN Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250 DSN In: MAIL FROM:<2...@heathfield.co.nz> SIZE=2873224 Out: 250 2.1.0 Ok In: RCPT TO: Out: 250 2.1.5 Ok In: DATA Out: 354 End data with . Out: 451 4.3.0 Error: queue file write error In: QUIT Out: 221 2.0.0 Bye And here are the log entries: Oct 10 09:13:26 myserver postfix/smtpd[18826]: connect from avas10tiga.indosat.net.id[219.83.54.103] Oct 10 09:13:34 myserver policyd: rcpt=18817141, greylist=update, host=219.83.54.103 (avas10tiga.indosat.net.id), from=2...@heathfield.co.nz, to=u...@myserver.net, size=2873224 Oct 10 09:13:34 myserver postfix/smtpd[18826]: 89C476DF8C3: client= avas10tiga.indosat.net.id[219.83.54.103] Oct 10 09:13:37 myserver postfix/cleanup[18080]: 89C476DF8C3: message-id=<32609497.108184811317.JavaMail.defaultUser@defaultHost> Oct 10 09:13:37 myserver postfix/cleanup[18080]: 89C476DF8C3: warning: header Subject: CONFIDENTAIL: CLAIM YOUR PRIZE from avas10tiga.indosat.net.id[219.83.54.103]; from=<2...@heathfield.co.nz> to=< u...@myserver.net> proto=ESMTP helo= Oct 10 09:23:10 myserver postfix/smtpd[18826]: disconnect from avas10tiga.indosat.net.id[219.83.54.103] Thanks!
Re: Error: queue file write error
On Sat Oct 10 2015 09:53:12 Dan Listssaid: > > I am receiving the transcript file with the error "Error: queue file write > error." It appears that postfix is timing out the connection after 10 > minutes. The thing that disturbs me is that nothing is logged. Is there a > way to get postfix to put something in the logs? Postfix DOES put something in the logs. Oct 10 09:23:10 myserver postfix/smtpd[18826]: disconnect from avas10tiga.indosat.net.id[219.83.54.103] -- Lisa Bonet ate no Basil
Re: Error: queue file write error
Am 10. Oktober 2015 17:53:12 MESZ, schrieb Dan Lists : >I am receiving the transcript file with the error "Error: queue file >write >error." It appears that postfix is timing out the connection after 10 >minutes. The thing that disturbs me is that nothing is logged. Is >there >a way to get postfix to put something in the logs? How mich space is reported to be free in the filesystem? - Christian
Re: Error: queue file write error
On Sat, Oct 10, 2015 at 10:53:12AM -0500, Dan Lists wrote: > Out: 451 4.3.0 Error: queue file write error > > And here are the log entries: > > Oct 10 09:13:26 myserver postfix/smtpd[18826]: connect from > avas10tiga.indosat.net.id[219.83.54.103] > Oct 10 09:13:34 myserver policyd: rcpt=18817141, greylist=update, > host=219.83.54.103 (avas10tiga.indosat.net.id), from=2...@heathfield.co.nz, > to=u...@myserver.net, size=2873224 > Oct 10 09:13:34 myserver postfix/smtpd[18826]: 89C476DF8C3: client= > avas10tiga.indosat.net.id[219.83.54.103] > Oct 10 09:13:37 myserver postfix/cleanup[18080]: 89C476DF8C3: > message-id=<32609497.108184811317.JavaMail.defaultUser@defaultHost> > Oct 10 09:13:37 myserver postfix/cleanup[18080]: 89C476DF8C3: warning: > header Subject: CONFIDENTAIL: CLAIM YOUR PRIZE from > avas10tiga.indosat.net.id[219.83.54.103]; from=<2...@heathfield.co.nz> to=< > u...@myserver.net> proto=ESMTP helo= > Oct 10 09:23:10 myserver postfix/smtpd[18826]: disconnect from > avas10tiga.indosat.net.id[219.83.54.103] Sorry that can't be all that's in the logs, look at your syslog configuration and check any additional log files. -- Viktor.
restricting access from recieving email from a users from outside the network
I thought I blocked access to recieving spoofed email headed with From users when the mail is coming from outside the network. I recieved this one today, with my email address on it. >From www-d...@drv5-gylq.accessdomain.com Sat Oct 10 11:01:13 2015 Return-Path: X-Original-To: ru...@mrbrklyn.com Delivered-To: ru...@mrbrklyn.com Received: from drv5-gylq.accessdomain.com (drv5-gylq.accessdomain.com [70.32.90.185]) by mrbrklyn.com (Postfix) with ESMTP id B7C74161157 for ; Sat, 10 Oct 2015 11:00:49 -0400 (EDT) Received: by drv5-gylq.accessdomain.com (Postfix, from userid 33) id CC198AF242; Sat, 10 Oct 2015 10:23:53 -0400 (EDT) To: ru...@mrbrklyn.com Subject: Montepio Geral - APOIO AO CLIENTE N. PT83738-21 (41198) X-PHP-Originating-Script: 0:ptihdjtfhxhfwdoghn.php MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 Content-Transfer-encoding: 8bit From: ru...@mrbrklyn.com Reply-To: ru...@mrbrklyn.com X-Mailer: iGMail [www.ig.com.br] X-Originating-Email: ru...@mrbrklyn.com X-Sender: ru...@mrbrklyn.com X-iGspam-global: Unsure, spamicity=0.570081 - pe=5.74e-01 - pf=0.574081 - pg=0.574081 Message-Id: <20151010143905.cc198af...@drv5-gylq.accessdomain.com> Date: Sat, 10 Oct 2015 10:23:53 -0400 (EDT) ~~~ The second from header identifies itself as from me. Can't I get postfix to bounce this when it is coming outside the nextwork? Ruben -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
Re: Error: queue file write error
On Sat, Oct 10, 2015 at 11:30 AM, Viktor Dukhovni < postfix-us...@dukhovni.org> wrote: > On Sat, Oct 10, 2015 at 10:53:12AM -0500, Dan Lists wrote: > > > Out: 451 4.3.0 Error: queue file write error > > > > And here are the log entries: > > > > Oct 10 09:13:26 myserver postfix/smtpd[18826]: connect from > > avas10tiga.indosat.net.id[219.83.54.103] > > Oct 10 09:13:34 myserver policyd: rcpt=18817141, greylist=update, > > host=219.83.54.103 (avas10tiga.indosat.net.id), from= > 2...@heathfield.co.nz, > > to=u...@myserver.net, size=2873224 > > Oct 10 09:13:34 myserver postfix/smtpd[18826]: 89C476DF8C3: client= > > avas10tiga.indosat.net.id[219.83.54.103] > > Oct 10 09:13:37 myserver postfix/cleanup[18080]: 89C476DF8C3: > > message-id=<32609497.108184811317.JavaMail.defaultUser@defaultHost> > > Oct 10 09:13:37 myserver postfix/cleanup[18080]: 89C476DF8C3: warning: > > header Subject: CONFIDENTAIL: CLAIM YOUR PRIZE from > > avas10tiga.indosat.net.id[219.83.54.103]; from=<2...@heathfield.co.nz> > to=< > > u...@myserver.net> proto=ESMTP helo= > > Oct 10 09:23:10 myserver postfix/smtpd[18826]: disconnect from > > avas10tiga.indosat.net.id[219.83.54.103] > > Sorry that can't be all that's in the logs, look at your syslog > configuration and check any additional log files. > > -- > Viktor. > I did eventually manage to find something in the logs: Oct 10 09:13:39 nook postfix/cleanup[18080]: fatal: pcre map /usr/local/etc/postfix/body_checks, line 17: matched text exceeds buffer limit We handle around 1 million messages per day, so it can be hard to find an entry that is not associated with the client IP, queue id, message id, sender, or recipient. Why didn't smtpd log the 451 error? This is the first time I have ever seen smtpd not log the final outcome. Is there a way to increase the buffer limit? Is there a way to get postfix to reject these in a way that generates a log entry associated with the queue id? Thanks, Dan
Re: Error: queue file write error
Dan Lists: > > > Out: 451 4.3.0 Error: queue file write error > Oct 10 09:13:39 nook postfix/cleanup[18080]: fatal: pcre map > /usr/local/etc/postfix/body_checks, line 17: matched text exceeds buffer > limit Yes, in case of trouble, look for panic or fatal messages first. Especially when the SMTP transcript tells you to look in the log for details. The PCRE client does not know the queue ID, and the SMTP daemon does not know that the PCRE client aborted (nor does the SMTP daemon know why). This will not change. Logging the full execution context for every possible error comes with a significant cost. > Why didn't smtpd log the 451 error? This is the first time I have ever > seen smtpd not log the final outcome. Postfix will not log all [45]xx replies. That would make it way too easy to flood the file system. However, every panic or fatal error should be investigated whether it happened during an SMTP session or otherwise. > Is there a way to increase the buffer limit? Maybe this helps: https://groups.google.com/forum/#!topic/mailing.postfix.users/14GV4g4kNyk Wietse
Re: restricting access from recieving email from a users from outside the network
Ruben Safir: > Can't I get postfix to bounce this when it is coming outside the > nextwork? Yes, but then you would not receive the following email: Received: by mrbrklyn.com (Postfix, from userid 1000) id 735FF16115B; Sat, 10 Oct 2015 13:10:56 -0400 (EDT) Date: Sat, 10 Oct 2015 13:10:56 -0400 From: Ruben Safir To: postfix-users@postfix.org That's your posting that started this thread. There are better ways to block forgeries. Look into DMARC. Wietse
postfix sending spam
Hi,
I have a little Ubuntu 14.04.3 server using postfix for those few
users who want it. Generally smooth. But yesterday a huge bandwidth
increase on the system as a whole led me to outgoing spam mails being
sent by this system. I can prevent this (and have) by turning postfix
off. Brief periods or operation confirm that the spamming starts as
soon as postfix is started, within a minute or so. In each case I can
stop postfix and the outbound spam stops too.
I suspected a compromised wordpress install and ran updates on every
aspect of wordpress that I can think of. I have no reason now to think
that WP is responsible for the ongoing spamming. I don't have any more
good ideas,a dn am reproducing below the postscript portion of
logwatch I ran just now, hoping someone will see more in it than I do.
Ideas about this much appreciated, those of my users who use email
really need it.
Dave
ps this report was run with postfix not running
- Postfix Begin
3 *Fatal: General fatal
1 *Warning: Error writing queue file
34 SASL authentication failed
58 Miscellaneous warnings
21.219M Bytes accepted 22,249,818
7.515M Bytes sent via SMTP 7,880,014
83.760K Bytes delivered 85,770
12.324K Bytes forwarded 12,620
==
18609 Accepted99.80%
37 Rejected 0.20%
--
18646 Total 100.00%
==
37 5xx Reject unknown user100.00%
--
37 Total 5xx Rejects 100.00%
==
91 4xx Reject relay denied100.00%
--
91 Total 4xx Rejects 100.00%
==
172 Connections
42 Connections lost (inbound)
12011 Connections lost (outbound)
172 Disconnections
71164 Removed from queue
18 Delivered
5503 Sent via SMTP
9 Forwarded
54722 Deferred
539046 Deferrals
9658 Bounced (local)
5477 Bounced (remote)
3842 Expired and returned to sender
9470 Notifications sent
18747 Connection failures (outbound)
22 Timeouts (inbound)
29 DNS lookup errors
11 Hostname verification errors (FCRDNS)
23 Hostname validation errors
2 PIX workaround enabled
1 SASL authenticated messages
2 Postfix start
4 Postfix stop
1 Postfix waiting to terminate
-- Postfix End -
--
"As long as politics is the shadow cast on society by big business,
the attenuation of the shadow will not change the substance."
-- John Dewey
Re: restricting access from recieving email from a users from outside the network
On Sat, Oct 10, 2015 at 03:27:10PM -0400, Wietse Venema wrote: > Ruben Safir: > > Can't I get postfix to bounce this when it is coming outside the > > nextwork? > > Yes, but then you would not receive the following email: > > Received: by mrbrklyn.com (Postfix, from userid 1000) > id 735FF16115B; Sat, 10 Oct 2015 13:10:56 -0400 (EDT) > Date: Sat, 10 Oct 2015 13:10:56 -0400 > From: Ruben Safir > To: postfix-users@postfix.org > > That's your posting that started this thread. > Why would that be? My email comes from within my network, which is what it says on that recieved line. Does it not make sense that if I recieve mail from an IP Address that postfix says, that is from a LOCAL user but not from the LOCAL network, so reject or silently drop it. I have this problem when I run the mailing list as well. Forgies get through when I'm on the list so I resort to using an outside email address to get mail from mailings lists i run inside my network. I definitely want a policy that outright rejects any email addressed FROM a local user that doesn't come from inside my network, and the 10.0.0 private range behind my router. If your saying that email from an external mailing list that has me on the From ithe second line is dropped, that is OK. I have my sent emails. > There are better ways to block forgeries. Look into DMARC. > Do I really want a policy that takes another 73 pages to describe? I don't know. I'm getting to be an old man and I'd rather drink scotch and watch the playoffs ;) I already have a huge stack of Artifical intelligence theory to read and to learn CLIPS et al because at 52 years of age decided to go back to school. Ruben > Wietse -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
Re: restricting access from recieving email from a users from outside the network
Ruben Safir: > On Sat, Oct 10, 2015 at 03:27:10PM -0400, Wietse Venema wrote: > > Ruben Safir: > > > Can't I get postfix to bounce this when it is coming outside the > > > nextwork? > > > > Yes, but then you would not receive the following email: > > > > Received: by mrbrklyn.com (Postfix, from userid 1000) > > id 735FF16115B; Sat, 10 Oct 2015 13:10:56 -0400 (EDT) > > Date: Sat, 10 Oct 2015 13:10:56 -0400 > > From: Ruben Safir > > To: postfix-users@postfix.org > > > > That's your posting that started this thread. > > > > Why would that be? My email comes from within my network, which is > what it says on that recieved line. This email message came from the Internet (from a system that pretends to be the POSTFIX.ORG mailing list manager). Do you believe every Received header line in email from the Internet? Why? Wietse
Re: postfix sending spam
Dave Stevens: > I suspected a compromised wordpress install and ran updates on every > aspect of wordpress that I can think of. I have no reason now to think > that WP is responsible for the ongoing spamming. I don't have any more > good ideas,a dn am reproducing below the postscript portion of > logwatch I ran just now, hoping someone will see more in it than I do. > Ideas about this much appreciated, those of my users who use email > really need it. Allow me to repeat the mailing list welcome message. Wietse TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix.
Re: postfix sending spam
Quoting Wietse Venema :
Dave Stevens:
I suspected a compromised wordpress install and ran updates on every
aspect of wordpress that I can think of. I have no reason now to think
that WP is responsible for the ongoing spamming. I don't have any more
good ideas,a dn am reproducing below the postscript portion of
logwatch I ran just now, hoping someone will see more in it than I do.
Ideas about this much appreciated, those of my users who use email
really need it.
Allow me to repeat the mailing list welcome message.
Wietse
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
Thank you for using Postfix.
OK, thanks. Reading from the report url above seems to tell me where
the config files are but not the log files. Anyway some of the other
reporting info is as follows, postfinger first:
postfinger - postfix configuration on Sat Oct 10 15:07:10 PDT 2015
version: 1.30
Warning: postfinger output may show private configuration information,
such as ip addresses and/or domain names which you do not want to show
to the public. If this is the case it is your responsibility to modify
the output to hide this private information. [Remove this warning with
the --nowarn option.]
--System Parameters--
mail_version = 2.11.0
hostname = bulkley
uname = Linux bulkley 3.16.0-50-generic #67~14.04.1-Ubuntu SMP Fri Oct
2 22:07:51 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
--Packaging information--
looks like this postfix comes from deb package: postfix-2.11.0-1ubuntu1
--main.cf non-default parameters--
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
home_mailbox = Maildir/
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mydestination = bulkley.bvserver.ca, localhost.bvserver.ca, , localhost
myhostname = bulkley.bvserver.ca
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/bcc
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
virtual_alias_maps = hash:/etc/postfix/virtual
--master.cf--
smtpinetn - - - - smtpd -o
smtpd_sasl_auth_enable=yes
pickupunix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgrunix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounceunix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verifyunix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scacheunix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmailunix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${
Re: postfix sending spam
Dave Stevens: > OK, thanks. Reading from the report url above seems to tell me where > the config files are but not the log files. Anyway some of the other > reporting info is as follows, postfinger first: Looks like you have a local problem. > Oct 4 06:49:14 bulkley postfix/smtp[976]: connect to > smtpin2.three.com.au[202.124.68.52]:25: Connection timed out > Oct 4 06:49:14 bulkley postfix/smtp[976]: 2F684228B098: To determine the origin of the spam. grep the logfile for 2F684228B098 and see how the message entered the Postfix queue. - Via the pickup daemon? - Via smtpd from 127.0.0.1? Wietse
