Re: Postfix 3.2.0 stable release
> On Mar 2, 2017, at 7:43 PM, Wietse Venemawrote: > > * Elliptic curve negotiation with OpenSSL <= 1.0.2. This changes >the default smtpd_tls_eecdh_grade setting to "auto", and >introduces a new parameter tls_eecdh_auto_curves with the names >of curves that may be negotiated. Tiny correction. The EC negotiation is with OpenSSL >= 1.0.2, not OpenSSL <= 1.0.2. That is, it requires at *least* OpenSSL 1.0.2, which currently means some patch level of 1.0.2 or 1.1.0. -- Viktor.
Postfix 3.2.0 stable release
[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.2.0.html] Postfix stable release 3.2.0 is available, 20 years after work began early 1997. This release ends support for legacy release Postfix 2.10. The main changes in no particular order are: * Elliptic curve negotiation with OpenSSL <= 1.0.2. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter tls_eecdh_auto_curves with the names of curves that may be negotiated. * Stored-procedure support for MySQL databases. Contributed by John Fawcett. See the mysql_table(5) manpage for details. * Cidr: table support for if/endif and negation (by prepending ! to a pattern), just like regexp: and pcre: tables. See the cidr_table(5) manpage for details. * The postmap command and the inline: and texthash: maps now support spaces in left-hand field of lookup table source text. Use double quotes (") around a left-hand field that contains spaces, and use backslash (\) to protect quotes in a left-hand field. * Support for per-client Milter configuration (smtpd_milter_maps) that overrides the main.cf smtpd_milters setting, and that has the same syntax. A lookup result of "DISABLE" turns off Milter support for that client. See MILTER_README.html for details. * The local SMTP server IP address and port are available in the policy delegation protocol (attribute names: server_address, server_port), in the Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol (attribute names: DESTADDR, DESTPORT). * For safety reasons, the Postfix sendmail -C option must specify an authorized directory: the default configuration directory, a directory that is listed in the default main.cf file with alternate_config_directories or multi_instance_directories, otherwise the command must be invoked with root privileges. This mitigates a recurring "jail break" problem with the PHP mail() function. * "PASS" and "STRIP" actions in header/body_checks. "STRIP" is similar to "IGNORE" but also logs the action, and "PASS" disables header, body, and Milter inspection for the remainder of the message content. Contributed by Hobbit. * The collate.pl script by Viktor Dukhovni for grouping Postfix logfile records into "sessions" based on queue ID and process ID information, in the auxiliary/collate directory of the Postfix source tree. Disabled or removed behavior: * SMTPUTF8 support: Postfix 3.2 disables the 'transitional' compatibility between the IDNA2003 and IDNA2008 standards for internationalized domain names (domain names beyond the limits of US-ASCII). This makes Postfix behavior consistent with contemporary web browsers. See RELEASE_NOTES for more. * Postfix 3.2 removes tentative features that were implemented before the DANE spec was finalized: support for certificate usage PKIX-EE(1), the ability to disable digest agility, and the ability to disable support for "TLSA 2 [01] [12]" records that specify the digest of a trust anchor. See RELEASE_NOTES for more. You can find the updated Postfix source code at the mirrors listed at http://www.postfix.org/. Wietse
Re: ot: 554 No SMTP service here
Voytek: > struck a problem sending to a particular server, get 554 > everything else works fine, server unaltered since setup a while back > > how can I troubleshoot this ? > > Mar 3 06:36:56 emu postfix/smtp[25322]: 02D124C5D9: > to=, > relay=rosstul1.rosscosmetics.com.au[115.70.161.114]:25, delay=17227, > delays=17227/0.01/0.06/0, dsn=4.0.0, status=deferred (host > rosstul1.rosscosmetics.com.au[115.70.161.114] refused to talk to me: 554 > No SMTP service here.) > > # telnet 115.70.161.114 25 > Trying 115.70.161.114... > Connected to 115.70.161.114. > Escape character is '^]'. > 554 No SMTP service here. > Connection closed by foreign host. > [root@emu 2017]# % telnet 115.70.161.114 25 Trying 115.70.161.114... Connected to 114.161.70.115.static.exetel.com.au. Escape character is '^]'. 220 rosscosmetics.com.au ESMTP Trustwave SEG Ready They don't seem to like your IP address. Wietse
Re: Question about milters
On 2017-03-01 (09:50 MST), Linda Pagillowrote: > > For example... u...@domain.com is a valid user on the server. They want to > send mail out on ports 25... I would want to the milter to bypass this > because they are authenticated. This is not the way to go. A mail server should *never* allow unauthenticated users to send mail. The most reasonable way to do this is to require port 587 for all mail submission and require secure authentication on that port. Do not allow users to use port 25 at all. main.ct: smtpd_sasl_auth_enable = no master.cf: submission inet n - n - - smtpd […] -o smtpd_sasl_auth_enable=yes […] -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
Re: SPF, Postfix and majordomo
On 2017-03-02 (05:38 MST), an...@isac.gov.in wrote: > > Suppose sender domain has set SPF policy with list of IP addresses from which > mail can originate for their domain. When the user sends a mail to a mailing > list manager like majordomo, being a member of the list, the sender will > receive back the mail posted to a mailing list. But, due to SPF policy set > for sender domain, mail is rejected. If so, your SPF is very broken. What do your logs show? -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
ot: 554 No SMTP service here
struck a problem sending to a particular server, get 554 everything else works fine, server unaltered since setup a while back how can I troubleshoot this ? Mar 3 06:36:56 emu postfix/smtp[25322]: 02D124C5D9: to=, relay=rosstul1.rosscosmetics.com.au[115.70.161.114]:25, delay=17227, delays=17227/0.01/0.06/0, dsn=4.0.0, status=deferred (host rosstul1.rosscosmetics.com.au[115.70.161.114] refused to talk to me: 554 No SMTP service here.) # telnet 115.70.161.114 25 Trying 115.70.161.114... Connected to 115.70.161.114. Escape character is '^]'. 554 No SMTP service here. Connection closed by foreign host. [root@emu 2017]# mxtoolbox says: Connecting to 115.70.161.114 220 rosscosmetics.com.au ESMTP Trustwave SEG Ready [766 ms] EHLO PWS3.mxtoolbox.com 250-rosscosmetics.com.au Hello PWS3.mxtoolbox.com (64.20.227.134) 250 SIZE [953 ms] MAIL FROM: 250 sender ok [813 ms] RCPT TO: 550 Relaying denied from 64.20.227.134 [1547 ms] PWS3v2 6266ms
Re: domain forwarding/redirecting
Vernon Fort: > I need a way to forward/redirect emails to and from a specific > domain and send them to a specific local email account. I need > this based on the envelope sender - so regardless of one or multiple > recipients (in the header), the email goes to one specific account. > It looks like the access filter REDIRECT will work for inbound but > I'm not finding anything for outbound messages. virtual_alias_maps transforms the envelope recipient; it operates on all mail that passes through Postfix. Wietse
domain forwarding/redirecting
I need a way to forward/redirect emails to and from a specific domain and send them to a specific local email account. I need this based on the envelope sender - so regardless of one or multiple recipients (in the header), the email goes to one specific account. It looks like the access filter REDIRECT will work for inbound but I'm not finding anything for outbound messages. Just need someone to point me in the right direction. Vernon
Re: Client is always localhost
> On Mar 2, 2017, at 9:04 AM, chaouche yacinewrote: > > I was doing some log processing today for a supposedly sent mail I didn't > recieve. It turns out that while I was playing with the log file I suddenly > realized that every connection is made from localhost... > > root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # zgrep client= /var/log/mail.* > | grep -v localhost This would be a good time to look at the actual log entries and determine whether (most likely) all the mail is originating locally, or whether some proxy or other is making your system an open relay. Just "grep -v localhost" is not terribly informative. -- Viktor.
Re: growing size of mail.log file - postfix logs
Thanks guys for pro tips. ;) 2017-03-02 15:23 GMT+01:00 Phil Stracchino: > On 03/02/17 09:09, Viktor Dukhovni wrote: > > On Thu, Mar 02, 2017 at 08:06:57AM +0100, Poliman - Serwis wrote: > > > >> Hi everyone. In mail.log file I have many lines like below: > >> Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept error > from > >> house.census.shodan.io[89.248.172.16]: -1 > > > > See > > > > https://www.shodan.io/ > > > > This plus the word "census" is a pretty clear hint that this site > > does whole-internet scans for connected devices and records supported > > TLS versions, ... > > > Specifically, shodan.io scans the 'net for insecure IoT devices. > > > -- > Phil Stracchino > Babylon Communications > ph...@caerllewys.net > p...@co.ordinate.org > Landline: 603.293.8485 > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: growing size of mail.log file - postfix logs
On 03/02/17 09:09, Viktor Dukhovni wrote: > On Thu, Mar 02, 2017 at 08:06:57AM +0100, Poliman - Serwis wrote: > >> Hi everyone. In mail.log file I have many lines like below: >> Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept error from >> house.census.shodan.io[89.248.172.16]: -1 > > See > > https://www.shodan.io/ > > This plus the word "census" is a pretty clear hint that this site > does whole-internet scans for connected devices and records supported > TLS versions, ... Specifically, shodan.io scans the 'net for insecure IoT devices. -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485
Re: SPF, Postfix and majordomo
an...@isac.gov.in: Content-Description: Plaintext Message > Hello, > > As I know, Postfix-users mailing list uses majordomo. > > Suppose sender domain has set SPF policy with list of IP addresses > from which mail can originate for their domain. When the user sends a > mail to a mailing list manager like majordomo, being a member of the > list, the sender will receive back the mail posted to a mailing list. > But, due to SPF policy set for sender domain, mail is rejected. Well, that is their choice. Or they could use DKIM, and find out that the message is authentic. Wietse
Re: growing size of mail.log file - postfix logs
On Thu, Mar 02, 2017 at 08:06:57AM +0100, Poliman - Serwis wrote: > Hi everyone. In mail.log file I have many lines like below: > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept error from > house.census.shodan.io[89.248.172.16]: -1 See https://www.shodan.io/ This plus the word "census" is a pretty clear hint that this site does whole-internet scans for connected devices and records supported TLS versions, ... You can just ignore them, or even apply firewall rules, if you find the log entries sufficiently annoying to take action. -- Viktor.
Client is always localhost
o/ I was doing some log processing today for a supposedly sent mail I didn't recieve. It turns out that while I was playing with the log file I suddenly realized that every connection is made from localhost... root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # zgrep client= /var/log/mail.* | grep -v localhost root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # that command was supposed to spit all the client connections that weren't made by localhost, and it had 0 results... On another machine (with an old setup) this is definitely not the case (had 923 unique clients/IPs) : root@messagerie-secours[10.10.10.20] /var/log # zgrep -o 'client=.*]' /var/log/mail.* | grep -v localhost | cut -f 2 -d : | sort | uniq -c | sort -n 1 client=118-163-37-8.HINET-IP.hinet.net[118.163.37.8] 1 client=131.red-80-35-249.staticip.rima-tde.net[80.35.249.131] 1 client=179-191-149-46.dynamic.starweb.net.br[179.191.149.46] 1 client=a95-93-181-252.cpe.netcabo.pt[95.93.181.252] [...snip...] 1713 client=mta-gw11.infomaniak.ch[84.16.68.70] 1715 client=mta-gw16.infomaniak.ch[84.16.68.77] 1943 client=messagerie.algerian-radio.dz[10.10.10.19] 4499 client=wsus.eprs.dz[10.10.10.1] root@messagerie-secours[10.10.10.20] /var/log # This is a little embarassing since I can not know if any other server has attempted to connect to my posftix or not. Any idea on what could be wrong ? Config follows : postfinger - postfix configuration on Thu Mar 2 14:16:09 CET 2017 version: 1.30 Warning: postfinger output may show private configuration information, such as ip addresses and/or domain names which you do not want to show to the public. If this is the case it is your responsibility to modify the output to hide this private information. [Remove this warning with the --nowarn option.] --System Parameters-- mail_version = 2.11.3 hostname = messagerie uname = Linux messagerie 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86_64 GNU/Linux --Packaging information-- looks like this postfix comes from deb package: postfix-2.11.3-1 --main.cf non-default parameters-- alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no content_filter = amavis:[127.0.0.1]:10024 enable_original_recipient = no inet_protocols = ipv4 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 maildrop_destination_recipient_limit = 1 message_size_limit = 20971520 mydestination = messagerie.domain.tld, messagerie, localhost.localdomain, localhost myhostname = messagerie.domain.tld mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_message_rate_limit = 100 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/maps/reject_senders smtpd_tls_cert_file = /etc/ssl/private/LETSENCRYPT/nouveau_complet.cert smtpd_tls_key_file = /etc/ssl/private/LETSENCRYPT/server.private_key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache virtual_alias_maps = hash:/etc/postfix/maps/alias virtual_gid_maps = static:1002 virtual_mailbox_base = /var/vmail/ virtual_mailbox_domains = backup.domain.tld, domain.tld virtual_mailbox_maps = mysql:/etc/postfix/maps/mailboxes.cf virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_uid_maps = static:113 --master.cf-- smtpinet n - n - - smtpd -o content_filter=spamassassin pickup unix n - - 601 pickup cleanup unix n - - - 0 cleanup qmgrunix n - n 3001 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce deferunix - - - - 0 bounce traceunix - - - - 0 bounce verify unix - - - - 1 verify flushunix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtpunix - - - - - smtp relayunix - - - - - smtp showqunix n - - - - showq errorunix - - - - - error retryunix - - - - - error discard unix - - - - - discard localunix - n n - - local virtual unix - n n - - virtual lmtpunix - - - - - lmtp anvilunix - - - - 1 anvil scache unix -
Re: SPF, Postfix and majordomo
Hi, to make things clear, I am running majordomo in my setup and I am facing some SPF related issues in my setup and hence wanted to know, how it is not happening with postfix-users which is also based on Majordomo? Regards, anant. - Message from an...@isac.gov.in - Date: Thu, 02 Mar 2017 18:55:47 +0530 From: an...@isac.gov.in Subject: Re: SPF, Postfix and majordomo To: postfix-users@postfix.org Hi, I think, this may be due to my misconfiguration of mailing list created using majordomo. I will try to resolve. I am sure, postfix-users mailing list is not breaking SPF. But, my mailing list using majordomo is breaking it. regards, anant. - Message from Benny Pedersen- Date: Thu, 02 Mar 2017 14:10:45 +0100 From: Benny Pedersen Subject: Re: SPF, Postfix and majordomo To: postfix-users@postfix.org an...@isac.gov.in skrev den 2017-03-02 13:58: This is may due to configuration in majordomo. Can someone guide on this? Sorry, I am discussing this in postfix group. there exists no guides for things that is not a problem you did not post a logging problem ? i am sure if yoy really like help you can show the problem you have, plenty of other users here would like to help if there is any problem, but it cost to show logs of it first to make it more shurt, where did you read spf breaks maillists ? - End message from Benny Pedersen - Anant S Athavale - गोपनीयता नोटिसः यह ई-मेल संदेश, किसी भी संलग्नक के साथ, अभिप्रेत प्राप्तकार(रों) के एकमात्र उपयोग के लिए है और इसमें गोपनीयता और विशेषाधिकार सूचना होगी। किसी प्रकार का अप्राधिकृत पुनरीक्षण, उपयोग, खुलासा या परिचालन निषेध है। यदि आप अभिप्रेत प्राप्तकार नहीं हैं तो, कृपया भेजने वाले से उत्तर ई-मेल द्वारा संपर्क करें और मूल संदेश की सभी प्रतियों को नष्ट कर दें। - Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. - - End message from an...@isac.gov.in - Anant S Athavale -- Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. --
Re: SPF, Postfix and majordomo
Hi, I think, this may be due to my misconfiguration of mailing list created using majordomo. I will try to resolve. I am sure, postfix-users mailing list is not breaking SPF. But, my mailing list using majordomo is breaking it. regards, anant. - Message from Benny Pedersen- Date: Thu, 02 Mar 2017 14:10:45 +0100 From: Benny Pedersen Subject: Re: SPF, Postfix and majordomo To: postfix-users@postfix.org an...@isac.gov.in skrev den 2017-03-02 13:58: This is may due to configuration in majordomo. Can someone guide on this? Sorry, I am discussing this in postfix group. there exists no guides for things that is not a problem you did not post a logging problem ? i am sure if yoy really like help you can show the problem you have, plenty of other users here would like to help if there is any problem, but it cost to show logs of it first to make it more shurt, where did you read spf breaks maillists ? - End message from Benny Pedersen - Anant S Athavale -- Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. --
Re: SPF, Postfix and majordomo
an...@isac.gov.in skrev den 2017-03-02 13:58: This is may due to configuration in majordomo. Can someone guide on this? Sorry, I am discussing this in postfix group. there exists no guides for things that is not a problem you did not post a logging problem ? i am sure if yoy really like help you can show the problem you have, plenty of other users here would like to help if there is any problem, but it cost to show logs of it first to make it more shurt, where did you read spf breaks maillists ?
Re: SPF, Postfix and majordomo
On 02.03.17 13:38, an...@isac.gov.in wrote: > When the user sends a mail to a mailing list manager like majordomo, > being a member of the list, the sender will receive back the mail posted > to a mailing list. But, due to SPF policy set for sender domain, mail is > rejected. Please show logs to prove this claim. The Postfix mailing list does not break SPF, as I can see on my end. Let's take your message as an example: Authentication-Results: sekhmet.horus-it.com; dmarc=none header.from=isac.gov.in Authentication-Results: sekhmet.horus-it.com; spf=pass smtp.mailfrom=owner-postfix-us...@postfix.org Authentication-Results: sekhmet.horus-it.com; dkim=none; dkim-atps=neutral All is well in terms of SPF. -Ralph
Re: SPF, Postfix and majordomo
Hi, What I think is, in my setup "envelope-from" is not getting set something similar to envelope-from="owner-postfix-us...@postfix.org" and instead it is set same as sender email id. This is may due to configuration in majordomo. Can someone guide on this? Sorry, I am discussing this in postfix group. Regards, ANANT. - Message from Benny Pedersen- Date: Thu, 02 Mar 2017 13:42:25 +0100 From: Benny Pedersen Subject: Re: SPF, Postfix and majordomo To: postfix-users@postfix.org an...@isac.gov.in skrev den 2017-03-02 13:38: Now, is there a way to overcome this using Postfix? As majordomo is a very old software, it may be difficult to get any solution from Majordomo. Please suggest. logs that prove this would be usefull, i bet its not a spf problem - End message from Benny Pedersen - Anant S Athavale -- Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. --
Re: SPF, Postfix and majordomo
an...@isac.gov.in skrev den 2017-03-02 13:38: Now, is there a way to overcome this using Postfix? As majordomo is a very old software, it may be difficult to get any solution from Majordomo. Please suggest. logs that prove this would be usefull, i bet its not a spf problem
SPF, Postfix and majordomo
Hello, As I know, Postfix-users mailing list uses majordomo. Suppose sender domain has set SPF policy with list of IP addresses from which mail can originate for their domain. When the user sends a mail to a mailing list manager like majordomo, being a member of the list, the sender will receive back the mail posted to a mailing list. But, due to SPF policy set for sender domain, mail is rejected. Now, is there a way to overcome this using Postfix? As majordomo is a very old software, it may be difficult to get any solution from Majordomo. Please suggest. Anant S Athavale -- Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. --
postfix-3.2.0 - documenting keep-new-mtime instead of keep-build-mtime
Hi, I have noticed that in postfix-3.2.0 option -keep-new-mtime was renamed to -keep-build-mtime, but it seems the old option is still mentioned in: postfix-3.2.0/html/INSTALL.html postfix-3.2.0/proto/INSTALL.html e.g.: $ grep -r --exclude=HISTORY keep-new-mtime postfix-3.2.0 postfix-3.2.0/proto/INSTALL.html:"-keep-new-mtime". postfix-3.2.0/html/INSTALL.html:"-keep-new-mtime". but: $ grep keep-build-mtime postfix-3.2.0/proto/INSTALL.html $ grep keep-build-mtime postfix-3.2.0/html/INSTALL.html thanks & regards Jaroslav
Re: growing size of mail.log file - postfix logs
Strange thing with Mar 2 07:25:01 vps342401 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session= and > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: lost connection after CONNECT from house.census.shodan.io[89.248.172.16] > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: disconnect from house.census.shodan.io[89.248.172.16] > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14637]: lost connection after CONNECT from house.census.shodan.io[89.248.172.16] because I've checked and house.census.shodan.io is on few spamlists. Second thing that I have clear server with few like apache, php, mysql, pureftp, postfix, dovecot and I seriously have no idea how check what connect/disconnect to dovecot service. I point out on size of the file, because file from 26 Feb has only 6,3MB, from 20 Feb only 2MB. So it looks like size is growing. 2017-03-02 8:34 GMT+01:00 Patrick Ben Koetter: > * Poliman - Serwis : > > Hi everyone. In mail.log file I have many lines like below: > > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept error > from house.census.shodan.io[89.248.172.16]: -1 > > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: warning: TLS > library problem: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong > version number:s3_srvr.c:966: > > Postfix refuses to use SSLv3. > > > > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: lost connection > after CONNECT from house.census.shodan.io[89.248.172.16] > > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: disconnect from > house.census.shodan.io[89.248.172.16] > > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14637]: lost connection > after CONNECT from house.census.shodan.io[89.248.172.16] > > house.census.shodan.io tries to connect your Postfix server and then > nothing > happens. Unless every other host has this problem too, you will have to > talk > to the people who run house.census.shodan.io to find out why their client > doesn't proceed with a SMTP session. Chances are their hosts problem is, it > is unable to use any other/newer TLS protocol version. > > > > and > > > > Mar 2 07:15:01 vps342401 dovecot: pop3-login: Disconnected (no auth > attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, > session= > > Mar 2 07:20:01 vps342401 dovecot: imap-login: Disconnected > (disconnected before auth was ready, waited 0 secs): user=<>, > rip=127.0.0.1, lip=127.0.0.1, secured, session=<+TxOa7lJ/AB/AAAB> > > Mar 2 07:20:01 vps342401 dovecot: pop3-login: Disconnected (no auth > attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, > session= > > Mar 2 07:25:01 vps342401 dovecot: imap-login: Disconnected > (disconnected before auth was ready, waited 0 secs): user=<>, > rip=127.0.0.1, lip=127.0.0.1, secured, session= > > Something - a program ? - on your server connects to your dovecot service > and > disconnects. Find out what it is. > > > > From two days log file has 18MB. What is wrong? > > The log size is not necessarily an indicator that something is wrong on > your > machine. On busy machines 18 MB growth is a matter of minutes. > > How recurring are the errors in the LOG? Is it always the same error? Is it > always the same host having problems with your server? > > p@rick > > > -- > [*] sys4 AG > > https://sys4.de, +49 (89) 30 90 46 64 > Schleißheimer Straße 26/MG,80333 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief > Aufsichtsratsvorsitzender: Florian Kirstein > > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: growing size of mail.log file - postfix logs
> From two days log file has 18MB. What is wrong? Do you have logging still active from your threat "dovecot cram-md5 setting break sending emails"? Willi
Re: ot: troubleshhoting MX issue (?)
As long as you're getting a SERVAIL you are having a problem with your resolver. This assumption can be verified if you check with public resolvers like 8.8.8.8 and 8.8.4.4 (dig -t mx surfacetreatment.be @8.8.8.8) -- Yassine. On Thursday, March 2, 2017 5:56 AM, Voytekwrote: On Wed, March 1, 2017 10:45 pm, Andrew Sullivan wrote: > On Wed, Mar 01, 2017 at 09:50:55PM +1100, Voytek wrote: Andrew, > Why are you setting +nocd? ahmm, I saw it in Viktor's post, and, copied it..oops > It looks like you're still seeing a SERVFAIL for the MX record, at > least in what you posted. SERVFAIL means something is wrong, possibly with > the resolver (also called "recursive" or "recursive server") itself. > That's not the answer you need. I found different name servers in an old resolv.conf, and, these seem to resolve OK, I'll use these pending confirmation from hosting now getting this[1]: Andrew, Viktor, thanks for your help, much appreciated. [1] # dig -t mx surfacetreatment.be ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> -t mx surfacetreatment.be ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27982 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;surfacetreatment.be. IN MX ;; ANSWER SECTION: surfacetreatment.be. 300 IN MX 10 remote.surfacetreatment.be. ;; Query time: 334 msec ;; SERVER: 103.15.178.250#53(103.15.178.250) ;; WHEN: Thu Mar 2 15:51:30 2017 ;; MSG SIZE rcvd: 60
Re: growing size of mail.log file - postfix logs
On Thu, 2 Mar 2017 08:34:59 +0100 Patrick Ben Koetterwrote: > * Poliman - Serwis : > > Hi everyone. In mail.log file I have many lines like below: > > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept > > error from house.census.shodan.io[89.248.172.16]: -1 Mar 2 > > 06:53:30 vps342401 postfix/smtps/smtpd[14642]: warning: TLS library > > problem: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong > > version number:s3_srvr.c:966: > > Postfix refuses to use SSLv3. > > > > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: lost > > connection after CONNECT from house.census.shodan.io[89.248.172.16] > > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: disconnect > > from house.census.shodan.io[89.248.172.16] Mar 2 06:53:30 > > vps342401 postfix/smtps/smtpd[14637]: lost connection after CONNECT > > from house.census.shodan.io[89.248.172.16] > > house.census.shodan.io tries to connect your Postfix server and then > nothing happens. Unless every other host has this problem too, you > will have to talk to the people who run house.census.shodan.io to > find out why their client doesn't proceed with a SMTP session. > Chances are their hosts problem is, it is unable to use any > other/newer TLS protocol version. > > > > and > > > > Mar 2 07:15:01 vps342401 dovecot: pop3-login: Disconnected (no > > auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, > > secured, session= Mar 2 07:20:01 vps342401 > > dovecot: imap-login: Disconnected (disconnected before auth was > > ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, > > secured, session=<+TxOa7lJ/AB/AAAB> Mar 2 07:20:01 vps342401 > > dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): > > user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, > > session= Mar 2 07:25:01 vps342401 dovecot: > > imap-login: Disconnected (disconnected before auth was ready, > > waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, > > session= > > Something - a program ? - on your server connects to your dovecot > service and disconnects. Find out what it is. > > > > From two days log file has 18MB. What is wrong? > > The log size is not necessarily an indicator that something is wrong > on your machine. On busy machines 18 MB growth is a matter of minutes. > > How recurring are the errors in the LOG? Is it always the same error? > Is it always the same host having problems with your server? > > p@rick I block that server from all but port 25. It will password guess until the cows come home. I had no idea it was associated with shodan, but now all the more reason to block it. #novogara ipfw table 1 add 89.248.160.0/21 ipfw table 1 add 89.248.169.0/24 ipfw table 1 add 89.248.170.0/23 ipfw table 1 add 89.248.172.0/23 ipfw table 1 add 89.248.174.0/24 ipfw table 1 add 93.174.88.0/21 ipfw table 1 add 94.102.48.0/20 There is a snowshoe type botnet password guesser hosted at Digital Ocean. Being a customer of them, I complained. I stopped for a few days, but it back again. They password guess in sequence. 138.68.90.75 139.59.158.92 207.154.221.122 Also the "141" block of the University of Michigan. I have contacted them to see if they are doing "research", but I get no reply. ipfw table 3 add 141.211.0.0/16 ipfw table 3 add 141.212.0.0/16 ipfw table 3 add 141.213.0.0/16 ipfw table 3 add 141.214.0.0/16 Mind you, I can block these ports because I'm the only customer of my server. Yes I know fail2ban is the way to go, but my cellphone creates some chatter that would trigger an aggressive fail2ban. > >