Re: Using postscreen_dnsbl_reply_map
On Wed, Oct 21, 2015 at 07:59:29PM -0400, Alex wrote: > Oct 21 19:56:10 mail01 postfix/smtpd[20778]: NOQUEUE: reject: RCPT > from bx1.c4xf.com[66.150.190.74]: 554 5.7.1 Service unavailable; > Unverified Client host [bx1.c4xf.com] blocked using > mykey.dbl.dq.spamhaus.net; > http://www.spamhaus.org/query/dbl?domain=c4xf.com; > from= to= proto=ESMTP > helo= This was blocked by smtpd(8) NOT postscreen. Perhaps surprisingly, The smtpd(8) service has a different mechanism for obfuscating the DNSBL service name. http://www.postfix.org/postconf.5.html#rbl_reply_maps > # cat /etc/postfix/postscreen_dnsbl_reply_map.pcre > mykey.dbl.dq.spamhaus.net multiple DNS-based blocklists > mykey.zen.dq.spamhaus.net zen.spamhaus.org Unwise (misleading) to use a ".pcre" suffix for a texthash table. -- Viktor.
Re: Using postscreen_dnsbl_reply_map
Hi, On Wed, Oct 21, 2015 at 7:26 PM, Benny Pedersen wrote: > On October 22, 2015 12:39:52 AM Alex wrote: > >> http://rob0.nodns4.us/postscreen.html >> >> I'm unsure what else to do from here. > > http://www.postfix.org/POSTSCREEN_README.html > > point 7 Yes, that's exactly what I'm doing, and as outlined in the beginning of this thread, it only works for seemingly some of the responses. I've changed to using texthash, as per Wietse. For some, it still prints: Oct 21 19:56:10 mail01 postfix/smtpd[20778]: NOQUEUE: reject: RCPT from bx1.c4xf.com[66.150.190.74]: 554 5.7.1 Service unavailable; Unverified Client host [bx1.c4xf.com] blocked using mykey.dbl.dq.spamhaus.net; http://www.spamhaus.org/query/dbl?domain=c4xf.com; from= to= proto=ESMTP helo= instead of printing "multiple DNS-based blocklists" or "zen.spamhaus.org" # cat /etc/postfix/postscreen_dnsbl_reply_map.pcre mykey.dbl.dq.spamhaus.net multiple DNS-based blocklists mykey.zen.dq.spamhaus.net zen.spamhaus.org postscreen_dnsbl_reply_map = texthash:$config_directory/postscreen_dnsbl_reply_map.pcre
Re: Using postscreen_dnsbl_reply_map
On October 22, 2015 12:39:52 AM Alex wrote: http://rob0.nodns4.us/postscreen.html I'm unsure what else to do from here. http://www.postfix.org/POSTSCREEN_README.html point 7
Re: Using postscreen_dnsbl_reply_map
Hi, On Wed, Oct 21, 2015 at 10:38 AM, L.P.H. van Belle wrote: > I just point everything to http://multirbl.valli.org so they can see if they > are listed on multiple rbl servers. That's a great idea. How did you configure your system to do that? > And imo thats better, then, mailing, getting rejected, by for example > spamhaus. Going to that site, checking, > removing. Mailing again, and now again blocked, other rbl server etc. Absolutely. Thanks, Alex
Re: Using postscreen_dnsbl_reply_map
Hi, On Wed, Oct 21, 2015 at 6:53 AM, Wietse Venema wrote: > Alex: >> Hi, >> >> I'd like to obscure the names of the DNSBLs that we use in response to >> emails that are rejected. I've set up postscreen_dnsbl_reply_map and >> it's working properly for most: >> >> Oct 20 21:41:36 mail02 postfix/postscreen[17651]: NOQUEUE: reject: >> RCPT from [46.102.117.88]:43226: 550 5.7.1 Service unavailable; client >> [46.102.117.88] blocked using multiple DNS-based blocklists; >> from=, to=, proto=ESMTP, >> helo= >> >> However, there are others where it doesn't seem to apply. Perhaps >> because of the '554 5.7.1' response compared with the '550 5.7.1' from >> above? >> >> Oct 20 21:38:07 mail02 postfix/smtpd[9200]: NOQUEUE: reject: RCPT from >> 14-233-245-104-static.reverse.queryfoundry.net[104.245.233.14]: 554 >> 5.7.1 Service unavailable; Sender address [tr...@spaceinfi.com] >> blocked using mykey.dbl.dq.spamhaus.net; >> http://www.spamhaus.org/query/dbl?domain=spaceinfi.com; >> from= to= proto=ESMTP >> helo= >> >> postscreen_dnsbl_reply_map = >> pcre:$config_directory/postscreen_dnsbl_reply_map.pcre >> >> postscreen_dnsbl_reply_map.pcre: >> !/^mykey\.dbl\.dq\.spamhaus\.net$/ multiple DNS-based blocklists > > Why in heavens name are you using as PCRE map? Would hash be more appropriate? I believe I got this configuration from rob0's system some time ago, where he used pcre: http://rob0.nodns4.us/postscreen.html I'm unsure what else to do from here. Thanks, Alex
Re: multiple IPs and postscreen
wie...@porcupine.org (Wietse Venema) writes: > Eric Abrahamsen: >> > TLS? In that case you also need two tlsproxy services, each with >> > their own certificate stuff. >> > >> > 1.2.3.5:smtp inet n - n - 1 postscreen >> > -o tlsproxy_service_name=tlsproxy_1.2.3.5 >> > -o smtpd_service_name=smtpd_1.2.3.5 >> > -o syslog_name=postfix/1.2.3.5 >> > smtpd_1.2.3.5 pass - - n - - smtpd >> > -o syslog_name=postfix/1.2.3.5 >> > tlsproxy_1.2.3.5 ...other master settings... >> > -o syslog_name=postfix/1.2.3.5 >> > ...certificate stuff... >> >> Yes, that was the whole point of this! Thanks for the extra notes. I've >> had things running for the past day or so without the separate tlsproxy >> services, and haven't noticed any immediately obvious errors in the >> logs. On the other hand, I *have* noticed an increase in spam, so >> probably it hasn't been working after all! I'll tweak further tonight. >> >> Is this particular setup detailed in the docs anywhere? It seems like >> something a fair number of people will be interested in. I can do some >> sort of blog post, but I don't know how many people it would reach. > > The "-o _name" feature works, but it quickly becomes > unwieldy with more comples configurations. For complex setups, > separate Postfix instances are a more manageable solution than a > web of -o options. Unfortunately some distros don't handle multiple > Postfix instance support well. Okay, got it. My setup is fairly simple, so I'll stick with this for now. Thanks again, Eric
RE: Using postscreen_dnsbl_reply_map
I just point everything to http://multirbl.valli.org so they can see if they are listed on multiple rbl servers. And imo thats better, then, mailing, getting rejected, by for example spamhaus. Going to that site, checking, removing. Mailing again, and now again blocked, other rbl server etc. So 1 point to 1 site, customers check there. Greetz, Louis > -Oorspronkelijk bericht- > Van: krem...@kreme.com [mailto:owner-postfix-us...@postfix.org] Namens > @lbutlr > Verzonden: woensdag 21 oktober 2015 16:28 > Aan: Postfix users > Onderwerp: Re: Using postscreen_dnsbl_reply_map > > On Oct 20, 2015, at 7:44 PM, Alex wrote: > > I'd like to obscure the names of the DNSBLs that we use in response to > > emails that are rejected. > > Why would you do that? If someone hits your blocks and doesn’t know why > they were blocked you may find yourself on blocklists yourself. > > > -- > she [Esk] was already learning that if you ignore the rules people will, > half the time, quietly rewrite them so they don't apply to you. --Equal > Rites
Re: Using postscreen_dnsbl_reply_map
On Oct 20, 2015, at 7:44 PM, Alex wrote: > I'd like to obscure the names of the DNSBLs that we use in response to > emails that are rejected. Why would you do that? If someone hits your blocks and doesn’t know why they were blocked you may find yourself on blocklists yourself. -- she [Esk] was already learning that if you ignore the rules people will, half the time, quietly rewrite them so they don't apply to you. --Equal Rites
Re: Postfix mail are getting queued
Viktor Dukhovni: > On Wed, Oct 21, 2015 at 05:10:46PM +0600, Alamgir Shamim wrote: > > > Oct 21 14:04:06 spamguard postfix/qmgr[30495]: fatal: qmgr_active_feed: > > 1E8E01426E1: rename from incoming to active: Input/output error > > Perhaps you have corruption in the filesystem. Or a security policy > that's denying the rename. > > > When i deleted the mail 1E8E01426E1 from incoming directory and > > restart the postfix all queued mail delivered to the users. Here is If other messages go through as expected, then you very likely have a file system corruption problem, which may be the result of failing hardware. Suggestions: try smartmontools to check the disk health, and try to repair the file system with umount and fsck. Wietse
Re: Postfix mail are getting queued
On Wed, Oct 21, 2015 at 05:10:46PM +0600, Alamgir Shamim wrote: > Oct 21 14:04:06 spamguard postfix/qmgr[30495]: fatal: qmgr_active_feed: > 1E8E01426E1: rename from incoming to active: Input/output error Perhaps you have corruption in the filesystem. Or a security policy that's denying the rename. > When i deleted the mail 1E8E01426E1 from incoming directory and > restart the postfix all queued mail delivered to the users. Here is > another log I just found 10 min back. Instead of deleting the file, determine and report its permissions owner and group. Try "postcat -q " to see whether the file contents look like a well-formed message. Finally become the "postfix" user and try to rename the file with that user's permissions. mv incoming/ active/ > Oct 21 16:36:53 spamguard postfix/qmgr[31438]: fatal: > qmgr_active_feed: 21D7D142C04: rename from incoming to active: > Input/output error Ditto. -- Viktor.
Postfix mail are getting queued
Hello, I am facing a problem with postfix. Incoming mails are getting queued randomly. When I see the log I found the below repeatedly and see that incoming mails are getting queued. Oct 21 14:04:06 spamguard postfix/qmgr[30495]: fatal: qmgr_active_feed: 1E8E01426E1: rename from incoming to active: Input/output error When i deleted the mail 1E8E01426E1 from incoming directory and restart the postfix all queued mail delivered to the users. Here is another log I just found 10 min back. Oct 21 16:36:53 spamguard postfix/qmgr[31438]: fatal: qmgr_active_feed: 21D7D142C04: rename from incoming to active: Input/output error Again deleted 21D7D142C04 and thing become normal. What might be the problem and how to resolve. Please help. BR Tuhin.
Re: Using postscreen_dnsbl_reply_map
Alex: > Hi, > > I'd like to obscure the names of the DNSBLs that we use in response to > emails that are rejected. I've set up postscreen_dnsbl_reply_map and > it's working properly for most: > > Oct 20 21:41:36 mail02 postfix/postscreen[17651]: NOQUEUE: reject: > RCPT from [46.102.117.88]:43226: 550 5.7.1 Service unavailable; client > [46.102.117.88] blocked using multiple DNS-based blocklists; > from=, to=, proto=ESMTP, > helo= > > However, there are others where it doesn't seem to apply. Perhaps > because of the '554 5.7.1' response compared with the '550 5.7.1' from > above? > > Oct 20 21:38:07 mail02 postfix/smtpd[9200]: NOQUEUE: reject: RCPT from > 14-233-245-104-static.reverse.queryfoundry.net[104.245.233.14]: 554 > 5.7.1 Service unavailable; Sender address [tr...@spaceinfi.com] > blocked using mykey.dbl.dq.spamhaus.net; > http://www.spamhaus.org/query/dbl?domain=spaceinfi.com; > from= to= proto=ESMTP > helo= > > postscreen_dnsbl_reply_map = > pcre:$config_directory/postscreen_dnsbl_reply_map.pcre > > postscreen_dnsbl_reply_map.pcre: > !/^mykey\.dbl\.dq\.spamhaus\.net$/ multiple DNS-based blocklists Why in heavens name are you using as PCRE map? Wietse
Re: email duplicates
Marco Stoecker: > > All the evidence that you need is logged by Postfix and mailman: > > track down a duplicate delivery back to the source and look for > > delivery errors. > > Will do a double-check of all the logfiles again. Maybe I have overseen > something. As I'm not the 'expert' in those things, I'd like to come > back with questions ;) > Any suggestions what are the most important postfix logfiles I should > have a look into? Turn off verbose logging (no "-v" daemon options in master.cf). You need to find the records where the same message is delivered more than once to the same recipient, then look for all the records with the same Postfix QUEUE ID. That will show if the duplication happened BEFORE Postfix or INSIDE Postfix.S It may not matter for the recipient, but it matters for the solution. Wietse
Re: email duplicates
On 10/20/2015 11:31 PM, wie...@porcupine.org wrote: Marco Stoecker: -- Start of PGP signed section. Hi, I do have a combination of postfix and mailman and use postfix as a relayhost. I get all the mails for mailman via fetchmail. The whole system is Debian 8 with its packages for postfix (2.11.3-1) and mailman (2.1.18-2). Now to the problem: Since several months emails sometimes are duplicated (recipients got them twice ore more) when they were sent to the members of the mailing lists. The problem does occur, after mailman has handled the incoming mail and has handed it over to postfix. The problem is somehow sporadicly and I didn't find a solution so far. How does mailman submit mail into Postfix? Perhaps the submission fails (times out) and mailman sends again, resulting in duplicates. All the evidence that you need is logged by Postfix and mailman: track down a duplicate delivery back to the source and look for delivery errors. Will do a double-check of all the logfiles again. Maybe I have overseen something. As I'm not the 'expert' in those things, I'd like to come back with questions ;) Any suggestions what are the most important postfix logfiles I should have a look into? I did look into mail.info and mail.log while mail.err does not show anything when the duplicates occur. Wietse This is the output form postconf -n: I provide here further? BR Marco -- End of PGP signed section, PGP failed!