Re: Minor documentation issue with DATABASE_README
Peter: > In DATABASE_README the table types are all in bold with the sole > exception of "inline" which has been left un-bolded. > > Just a minor niggle but figured you'd want to know so you can correct it. Thanks. I must have mis-typed some regexp, because it was bolded like this: inline (read-only) It's fixed in the development release. Wietse
Error: queue file write error
I am receiving the transcript file with the error "Error: queue file write error." It appears that postfix is timing out the connection after 10 minutes. The thing that disturbs me is that nothing is logged. Is there a way to get postfix to put something in the logs? Here is the transcript: Transcript of session follows. Out: 220 myserver.net ESMTP Postfix In: EHLO avas10tiga.indosat.net.id Out: 250-myserver.net Out: 250-PIPELINING Out: 250-SIZE 104857600 Out: 250-ETRN Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250 DSN In: MAIL FROM:<2...@heathfield.co.nz> SIZE=2873224 Out: 250 2.1.0 Ok In: RCPT TO: Out: 250 2.1.5 Ok In: DATA Out: 354 End data with . Out: 451 4.3.0 Error: queue file write error In: QUIT Out: 221 2.0.0 Bye And here are the log entries: Oct 10 09:13:26 myserver postfix/smtpd[18826]: connect from avas10tiga.indosat.net.id[219.83.54.103] Oct 10 09:13:34 myserver policyd: rcpt=18817141, greylist=update, host=219.83.54.103 (avas10tiga.indosat.net.id), from=2...@heathfield.co.nz, to=u...@myserver.net, size=2873224 Oct 10 09:13:34 myserver postfix/smtpd[18826]: 89C476DF8C3: client= avas10tiga.indosat.net.id[219.83.54.103] Oct 10 09:13:37 myserver postfix/cleanup[18080]: 89C476DF8C3: message-id=<32609497.108184811317.JavaMail.defaultUser@defaultHost> Oct 10 09:13:37 myserver postfix/cleanup[18080]: 89C476DF8C3: warning: header Subject: CONFIDENTAIL: CLAIM YOUR PRIZE from avas10tiga.indosat.net.id[219.83.54.103]; from=<2...@heathfield.co.nz> to=< u...@myserver.net> proto=ESMTP helo= Oct 10 09:23:10 myserver postfix/smtpd[18826]: disconnect from avas10tiga.indosat.net.id[219.83.54.103] Thanks!
Re: Error: queue file write error
On Sat Oct 10 2015 09:53:12 Dan Listssaid: > > I am receiving the transcript file with the error "Error: queue file write > error." It appears that postfix is timing out the connection after 10 > minutes. The thing that disturbs me is that nothing is logged. Is there a > way to get postfix to put something in the logs? Postfix DOES put something in the logs. Oct 10 09:23:10 myserver postfix/smtpd[18826]: disconnect from avas10tiga.indosat.net.id[219.83.54.103] -- Lisa Bonet ate no Basil
Re: Error: queue file write error
Am 10. Oktober 2015 17:53:12 MESZ, schrieb Dan Lists : >I am receiving the transcript file with the error "Error: queue file >write >error." It appears that postfix is timing out the connection after 10 >minutes. The thing that disturbs me is that nothing is logged. Is >there >a way to get postfix to put something in the logs? How mich space is reported to be free in the filesystem? - Christian
Re: Error: queue file write error
On Sat, Oct 10, 2015 at 10:53:12AM -0500, Dan Lists wrote: > Out: 451 4.3.0 Error: queue file write error > > And here are the log entries: > > Oct 10 09:13:26 myserver postfix/smtpd[18826]: connect from > avas10tiga.indosat.net.id[219.83.54.103] > Oct 10 09:13:34 myserver policyd: rcpt=18817141, greylist=update, > host=219.83.54.103 (avas10tiga.indosat.net.id), from=2...@heathfield.co.nz, > to=u...@myserver.net, size=2873224 > Oct 10 09:13:34 myserver postfix/smtpd[18826]: 89C476DF8C3: client= > avas10tiga.indosat.net.id[219.83.54.103] > Oct 10 09:13:37 myserver postfix/cleanup[18080]: 89C476DF8C3: > message-id=<32609497.108184811317.JavaMail.defaultUser@defaultHost> > Oct 10 09:13:37 myserver postfix/cleanup[18080]: 89C476DF8C3: warning: > header Subject: CONFIDENTAIL: CLAIM YOUR PRIZE from > avas10tiga.indosat.net.id[219.83.54.103]; from=<2...@heathfield.co.nz> to=< > u...@myserver.net> proto=ESMTP helo= > Oct 10 09:23:10 myserver postfix/smtpd[18826]: disconnect from > avas10tiga.indosat.net.id[219.83.54.103] Sorry that can't be all that's in the logs, look at your syslog configuration and check any additional log files. -- Viktor.
restricting access from recieving email from a users from outside the network
I thought I blocked access to recieving spoofed email headed with From users when the mail is coming from outside the network. I recieved this one today, with my email address on it. >From www-d...@drv5-gylq.accessdomain.com Sat Oct 10 11:01:13 2015 Return-Path: X-Original-To: ru...@mrbrklyn.com Delivered-To: ru...@mrbrklyn.com Received: from drv5-gylq.accessdomain.com (drv5-gylq.accessdomain.com [70.32.90.185]) by mrbrklyn.com (Postfix) with ESMTP id B7C74161157 for ; Sat, 10 Oct 2015 11:00:49 -0400 (EDT) Received: by drv5-gylq.accessdomain.com (Postfix, from userid 33) id CC198AF242; Sat, 10 Oct 2015 10:23:53 -0400 (EDT) To: ru...@mrbrklyn.com Subject: Montepio Geral - APOIO AO CLIENTE N. PT83738-21 (41198) X-PHP-Originating-Script: 0:ptihdjtfhxhfwdoghn.php MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 Content-Transfer-encoding: 8bit From: ru...@mrbrklyn.com Reply-To: ru...@mrbrklyn.com X-Mailer: iGMail [www.ig.com.br] X-Originating-Email: ru...@mrbrklyn.com X-Sender: ru...@mrbrklyn.com X-iGspam-global: Unsure, spamicity=0.570081 - pe=5.74e-01 - pf=0.574081 - pg=0.574081 Message-Id: <20151010143905.cc198af...@drv5-gylq.accessdomain.com> Date: Sat, 10 Oct 2015 10:23:53 -0400 (EDT) ~~~ The second from header identifies itself as from me. Can't I get postfix to bounce this when it is coming outside the nextwork? Ruben -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
Re: Error: queue file write error
On Sat, Oct 10, 2015 at 11:30 AM, Viktor Dukhovni < postfix-us...@dukhovni.org> wrote: > On Sat, Oct 10, 2015 at 10:53:12AM -0500, Dan Lists wrote: > > > Out: 451 4.3.0 Error: queue file write error > > > > And here are the log entries: > > > > Oct 10 09:13:26 myserver postfix/smtpd[18826]: connect from > > avas10tiga.indosat.net.id[219.83.54.103] > > Oct 10 09:13:34 myserver policyd: rcpt=18817141, greylist=update, > > host=219.83.54.103 (avas10tiga.indosat.net.id), from= > 2...@heathfield.co.nz, > > to=u...@myserver.net, size=2873224 > > Oct 10 09:13:34 myserver postfix/smtpd[18826]: 89C476DF8C3: client= > > avas10tiga.indosat.net.id[219.83.54.103] > > Oct 10 09:13:37 myserver postfix/cleanup[18080]: 89C476DF8C3: > > message-id=<32609497.108184811317.JavaMail.defaultUser@defaultHost> > > Oct 10 09:13:37 myserver postfix/cleanup[18080]: 89C476DF8C3: warning: > > header Subject: CONFIDENTAIL: CLAIM YOUR PRIZE from > > avas10tiga.indosat.net.id[219.83.54.103]; from=<2...@heathfield.co.nz> > to=< > > u...@myserver.net> proto=ESMTP helo= > > Oct 10 09:23:10 myserver postfix/smtpd[18826]: disconnect from > > avas10tiga.indosat.net.id[219.83.54.103] > > Sorry that can't be all that's in the logs, look at your syslog > configuration and check any additional log files. > > -- > Viktor. > I did eventually manage to find something in the logs: Oct 10 09:13:39 nook postfix/cleanup[18080]: fatal: pcre map /usr/local/etc/postfix/body_checks, line 17: matched text exceeds buffer limit We handle around 1 million messages per day, so it can be hard to find an entry that is not associated with the client IP, queue id, message id, sender, or recipient. Why didn't smtpd log the 451 error? This is the first time I have ever seen smtpd not log the final outcome. Is there a way to increase the buffer limit? Is there a way to get postfix to reject these in a way that generates a log entry associated with the queue id? Thanks, Dan
Re: Error: queue file write error
Dan Lists: > > > Out: 451 4.3.0 Error: queue file write error > Oct 10 09:13:39 nook postfix/cleanup[18080]: fatal: pcre map > /usr/local/etc/postfix/body_checks, line 17: matched text exceeds buffer > limit Yes, in case of trouble, look for panic or fatal messages first. Especially when the SMTP transcript tells you to look in the log for details. The PCRE client does not know the queue ID, and the SMTP daemon does not know that the PCRE client aborted (nor does the SMTP daemon know why). This will not change. Logging the full execution context for every possible error comes with a significant cost. > Why didn't smtpd log the 451 error? This is the first time I have ever > seen smtpd not log the final outcome. Postfix will not log all [45]xx replies. That would make it way too easy to flood the file system. However, every panic or fatal error should be investigated whether it happened during an SMTP session or otherwise. > Is there a way to increase the buffer limit? Maybe this helps: https://groups.google.com/forum/#!topic/mailing.postfix.users/14GV4g4kNyk Wietse
Re: restricting access from recieving email from a users from outside the network
Ruben Safir: > Can't I get postfix to bounce this when it is coming outside the > nextwork? Yes, but then you would not receive the following email: Received: by mrbrklyn.com (Postfix, from userid 1000) id 735FF16115B; Sat, 10 Oct 2015 13:10:56 -0400 (EDT) Date: Sat, 10 Oct 2015 13:10:56 -0400 From: Ruben Safir To: postfix-users@postfix.org That's your posting that started this thread. There are better ways to block forgeries. Look into DMARC. Wietse
postfix sending spam
Hi, I have a little Ubuntu 14.04.3 server using postfix for those few users who want it. Generally smooth. But yesterday a huge bandwidth increase on the system as a whole led me to outgoing spam mails being sent by this system. I can prevent this (and have) by turning postfix off. Brief periods or operation confirm that the spamming starts as soon as postfix is started, within a minute or so. In each case I can stop postfix and the outbound spam stops too. I suspected a compromised wordpress install and ran updates on every aspect of wordpress that I can think of. I have no reason now to think that WP is responsible for the ongoing spamming. I don't have any more good ideas,a dn am reproducing below the postscript portion of logwatch I ran just now, hoping someone will see more in it than I do. Ideas about this much appreciated, those of my users who use email really need it. Dave ps this report was run with postfix not running - Postfix Begin 3 *Fatal: General fatal 1 *Warning: Error writing queue file 34 SASL authentication failed 58 Miscellaneous warnings 21.219M Bytes accepted 22,249,818 7.515M Bytes sent via SMTP 7,880,014 83.760K Bytes delivered 85,770 12.324K Bytes forwarded 12,620 == 18609 Accepted99.80% 37 Rejected 0.20% -- 18646 Total 100.00% == 37 5xx Reject unknown user100.00% -- 37 Total 5xx Rejects 100.00% == 91 4xx Reject relay denied100.00% -- 91 Total 4xx Rejects 100.00% == 172 Connections 42 Connections lost (inbound) 12011 Connections lost (outbound) 172 Disconnections 71164 Removed from queue 18 Delivered 5503 Sent via SMTP 9 Forwarded 54722 Deferred 539046 Deferrals 9658 Bounced (local) 5477 Bounced (remote) 3842 Expired and returned to sender 9470 Notifications sent 18747 Connection failures (outbound) 22 Timeouts (inbound) 29 DNS lookup errors 11 Hostname verification errors (FCRDNS) 23 Hostname validation errors 2 PIX workaround enabled 1 SASL authenticated messages 2 Postfix start 4 Postfix stop 1 Postfix waiting to terminate -- Postfix End - -- "As long as politics is the shadow cast on society by big business, the attenuation of the shadow will not change the substance." -- John Dewey
Re: restricting access from recieving email from a users from outside the network
On Sat, Oct 10, 2015 at 03:27:10PM -0400, Wietse Venema wrote: > Ruben Safir: > > Can't I get postfix to bounce this when it is coming outside the > > nextwork? > > Yes, but then you would not receive the following email: > > Received: by mrbrklyn.com (Postfix, from userid 1000) > id 735FF16115B; Sat, 10 Oct 2015 13:10:56 -0400 (EDT) > Date: Sat, 10 Oct 2015 13:10:56 -0400 > From: Ruben Safir > To: postfix-users@postfix.org > > That's your posting that started this thread. > Why would that be? My email comes from within my network, which is what it says on that recieved line. Does it not make sense that if I recieve mail from an IP Address that postfix says, that is from a LOCAL user but not from the LOCAL network, so reject or silently drop it. I have this problem when I run the mailing list as well. Forgies get through when I'm on the list so I resort to using an outside email address to get mail from mailings lists i run inside my network. I definitely want a policy that outright rejects any email addressed FROM a local user that doesn't come from inside my network, and the 10.0.0 private range behind my router. If your saying that email from an external mailing list that has me on the From ithe second line is dropped, that is OK. I have my sent emails. > There are better ways to block forgeries. Look into DMARC. > Do I really want a policy that takes another 73 pages to describe? I don't know. I'm getting to be an old man and I'd rather drink scotch and watch the playoffs ;) I already have a huge stack of Artifical intelligence theory to read and to learn CLIPS et al because at 52 years of age decided to go back to school. Ruben > Wietse -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
Re: restricting access from recieving email from a users from outside the network
Ruben Safir: > On Sat, Oct 10, 2015 at 03:27:10PM -0400, Wietse Venema wrote: > > Ruben Safir: > > > Can't I get postfix to bounce this when it is coming outside the > > > nextwork? > > > > Yes, but then you would not receive the following email: > > > > Received: by mrbrklyn.com (Postfix, from userid 1000) > > id 735FF16115B; Sat, 10 Oct 2015 13:10:56 -0400 (EDT) > > Date: Sat, 10 Oct 2015 13:10:56 -0400 > > From: Ruben Safir > > To: postfix-users@postfix.org > > > > That's your posting that started this thread. > > > > Why would that be? My email comes from within my network, which is > what it says on that recieved line. This email message came from the Internet (from a system that pretends to be the POSTFIX.ORG mailing list manager). Do you believe every Received header line in email from the Internet? Why? Wietse
Re: postfix sending spam
Dave Stevens: > I suspected a compromised wordpress install and ran updates on every > aspect of wordpress that I can think of. I have no reason now to think > that WP is responsible for the ongoing spamming. I don't have any more > good ideas,a dn am reproducing below the postscript portion of > logwatch I ran just now, hoping someone will see more in it than I do. > Ideas about this much appreciated, those of my users who use email > really need it. Allow me to repeat the mailing list welcome message. Wietse TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix.
Re: postfix sending spam
Quoting Wietse Venema : Dave Stevens: I suspected a compromised wordpress install and ran updates on every aspect of wordpress that I can think of. I have no reason now to think that WP is responsible for the ongoing spamming. I don't have any more good ideas,a dn am reproducing below the postscript portion of logwatch I ran just now, hoping someone will see more in it than I do. Ideas about this much appreciated, those of my users who use email really need it. Allow me to repeat the mailing list welcome message. Wietse TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix. OK, thanks. Reading from the report url above seems to tell me where the config files are but not the log files. Anyway some of the other reporting info is as follows, postfinger first: postfinger - postfix configuration on Sat Oct 10 15:07:10 PDT 2015 version: 1.30 Warning: postfinger output may show private configuration information, such as ip addresses and/or domain names which you do not want to show to the public. If this is the case it is your responsibility to modify the output to hide this private information. [Remove this warning with the --nowarn option.] --System Parameters-- mail_version = 2.11.0 hostname = bulkley uname = Linux bulkley 3.16.0-50-generic #67~14.04.1-Ubuntu SMP Fri Oct 2 22:07:51 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux --Packaging information-- looks like this postfix comes from deb package: postfix-2.11.0-1ubuntu1 --main.cf non-default parameters-- alias_maps = hash:/etc/aliases allow_percent_hack = no append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes home_mailbox = Maildir/ mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mydestination = bulkley.bvserver.ca, localhost.bvserver.ca, , localhost myhostname = bulkley.bvserver.ca mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + sender_bcc_maps = hash:/etc/postfix/bcc smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache virtual_alias_maps = hash:/etc/postfix/virtual --master.cf-- smtpinetn - - - - smtpd -o smtpd_sasl_auth_enable=yes pickupunix n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgrunix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounceunix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verifyunix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scacheunix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmailunix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${
Re: postfix sending spam
Dave Stevens: > OK, thanks. Reading from the report url above seems to tell me where > the config files are but not the log files. Anyway some of the other > reporting info is as follows, postfinger first: Looks like you have a local problem. > Oct 4 06:49:14 bulkley postfix/smtp[976]: connect to > smtpin2.three.com.au[202.124.68.52]:25: Connection timed out > Oct 4 06:49:14 bulkley postfix/smtp[976]: 2F684228B098: To determine the origin of the spam. grep the logfile for 2F684228B098 and see how the message entered the Postfix queue. - Via the pickup daemon? - Via smtpd from 127.0.0.1? Wietse