Re: Postfix 3.2.0 stable release

[Viktor Dukhovni]

> On Mar 2, 2017, at 7:43 PM, Wietse Venema  wrote:
> 
>  * Elliptic curve negotiation with OpenSSL <= 1.0.2. This changes
>the default smtpd_tls_eecdh_grade setting to "auto", and
>introduces a new parameter tls_eecdh_auto_curves with the names
>of curves that may be negotiated.

Tiny correction.  The EC negotiation is with OpenSSL >= 1.0.2, not
OpenSSL <= 1.0.2.  That is, it requires at *least* OpenSSL 1.0.2,
which currently means some patch level of 1.0.2 or 1.1.0.

-- 
Viktor.

Postfix 3.2.0 stable release

[Wietse Venema]

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.0.html]

Postfix stable release 3.2.0 is available, 20 years after work began
early 1997. This release ends support for legacy release Postfix 2.10.

The main changes in no particular order are:

  * Elliptic curve negotiation with OpenSSL <= 1.0.2. This changes
the default smtpd_tls_eecdh_grade setting to "auto", and
introduces a new parameter tls_eecdh_auto_curves with the names
of curves that may be negotiated.

  * Stored-procedure support for MySQL databases. Contributed by
John Fawcett. See the mysql_table(5) manpage for details.

  * Cidr: table support for if/endif and negation (by prepending !
to a pattern), just like regexp: and pcre: tables. See the
cidr_table(5) manpage for details.

  * The postmap command and the inline: and texthash: maps now
support spaces in left-hand field of lookup table source text.
Use double quotes (") around a left-hand field that contains
spaces, and use backslash (\) to protect quotes in a left-hand
field.

  * Support for per-client Milter configuration (smtpd_milter_maps)
that overrides the main.cf smtpd_milters setting, and that has
the same syntax. A lookup result of "DISABLE" turns off Milter
support for that client. See MILTER_README.html for details.

  * The local SMTP server IP address and port are available in the
policy delegation protocol (attribute names: server_address,
server_port), in the Milter protocol (macro names: {daemon_addr},
{daemon_port}), and in the XCLIENT protocol (attribute names:
DESTADDR, DESTPORT).

  * For safety reasons, the Postfix sendmail -C option must specify
an authorized directory: the default configuration directory,
a directory that is listed in the default main.cf file with
alternate_config_directories or multi_instance_directories,
otherwise the command must be invoked with root privileges.
This mitigates a recurring "jail break" problem with the PHP
mail() function.

  * "PASS" and "STRIP" actions in header/body_checks. "STRIP" is
similar to "IGNORE" but also logs the action, and "PASS" disables
header, body, and Milter inspection for the remainder of the
message content. Contributed by Hobbit.

  * The collate.pl script by Viktor Dukhovni for grouping Postfix
logfile records into "sessions" based on queue ID and process
ID information, in the auxiliary/collate directory of the Postfix
source tree.

Disabled or removed behavior:

  * SMTPUTF8 support: Postfix 3.2 disables the 'transitional'
compatibility between the IDNA2003 and IDNA2008 standards for
internationalized domain names (domain names beyond the limits
of US-ASCII). This makes Postfix behavior consistent with
contemporary web browsers. See RELEASE_NOTES for more.

  * Postfix 3.2 removes tentative features that were implemented
before the DANE spec was finalized: support for certificate
usage PKIX-EE(1), the ability to disable digest agility, and
the ability to disable support for "TLSA 2 [01] [12]" records
that specify the digest of a trust anchor. See RELEASE_NOTES
for more.

You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.

Wietse

Re: ot: 554 No SMTP service here

[Wietse Venema]

Voytek:
> struck a problem sending to a particular server, get 554
> everything else works fine, server unaltered since setup a while back
> 
> how can I troubleshoot this ?
> 
> Mar  3 06:36:56 emu postfix/smtp[25322]: 02D124C5D9:
> to=,
> relay=rosstul1.rosscosmetics.com.au[115.70.161.114]:25, delay=17227,
> delays=17227/0.01/0.06/0, dsn=4.0.0, status=deferred (host
> rosstul1.rosscosmetics.com.au[115.70.161.114] refused to talk to me: 554
> No SMTP service here.)
> 
> # telnet 115.70.161.114 25
> Trying 115.70.161.114...
> Connected to 115.70.161.114.
> Escape character is '^]'.
> 554 No SMTP service here.
> Connection closed by foreign host.
> [root@emu 2017]#

% telnet 115.70.161.114 25
Trying 115.70.161.114...
Connected to 114.161.70.115.static.exetel.com.au.
Escape character is '^]'.
220 rosscosmetics.com.au ESMTP Trustwave SEG Ready

They don't seem to like your IP address.

Wietse

Re: Question about milters

[@lbutlr]

On 2017-03-01 (09:50 MST), Linda Pagillo  wrote:
> 
> For example... u...@domain.com is a valid user on the server. They want to 
> send mail out on ports 25... I would want to the milter to bypass this 
> because they are authenticated. 

This is not the way to go.

A mail server should *never* allow unauthenticated users to send mail. The most 
reasonable way to do this is to require port 587 for all mail submission and 
require secure authentication on that port. Do not allow users to use port 25 
at all.

main.ct:
smtpd_sasl_auth_enable = no

master.cf:
submission inet  n   -   n   -   -   smtpd
   […]
-o smtpd_sasl_auth_enable=yes
   […]

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: SPF, Postfix and majordomo

[@lbutlr]

On 2017-03-02 (05:38 MST), an...@isac.gov.in wrote:
> 
> Suppose sender domain has set SPF policy with list of IP addresses from which 
> mail can originate for their domain. When the user sends a mail to a mailing 
> list manager like majordomo, being a member of the list, the sender will 
> receive back the mail posted to a mailing list. But, due to SPF policy set 
> for sender domain, mail is rejected.

If so, your SPF is very broken.

What do your logs show?

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

ot: 554 No SMTP service here

[Voytek]

struck a problem sending to a particular server, get 554
everything else works fine, server unaltered since setup a while back

how can I troubleshoot this ?

Mar  3 06:36:56 emu postfix/smtp[25322]: 02D124C5D9:
to=,
relay=rosstul1.rosscosmetics.com.au[115.70.161.114]:25, delay=17227,
delays=17227/0.01/0.06/0, dsn=4.0.0, status=deferred (host
rosstul1.rosscosmetics.com.au[115.70.161.114] refused to talk to me: 554
No SMTP service here.)

# telnet 115.70.161.114 25
Trying 115.70.161.114...
Connected to 115.70.161.114.
Escape character is '^]'.
554 No SMTP service here.
Connection closed by foreign host.
[root@emu 2017]#

mxtoolbox says:

Connecting to 115.70.161.114

220 rosscosmetics.com.au ESMTP Trustwave SEG Ready [766 ms]
EHLO PWS3.mxtoolbox.com
250-rosscosmetics.com.au Hello PWS3.mxtoolbox.com (64.20.227.134)
250 SIZE [953 ms]
MAIL FROM:
250 sender ok  [813 ms]
RCPT TO:
550  Relaying denied from 64.20.227.134 [1547 ms]

PWS3v2 6266ms

Re: domain forwarding/redirecting

[Wietse Venema]

Vernon Fort:
> I need a way to forward/redirect emails to and from a specific
> domain and send them to a specific local email account.  I need
> this based on the envelope sender - so regardless of one or multiple
> recipients (in the header), the email goes to one specific account.
> It looks like the access filter REDIRECT will work for inbound but
> I'm not finding anything for outbound messages.

virtual_alias_maps transforms the envelope recipient;
it operates on all mail that passes through Postfix.

Wietse

domain forwarding/redirecting

[Vernon Fort]

I need a way to forward/redirect emails to and from a specific domain and send 
them to a specific local email account.  I need this based on the envelope 
sender - so regardless of one or multiple recipients (in the header), the email 
goes to one specific account.  It looks like the access filter REDIRECT will 
work for inbound but I'm not finding anything for outbound messages.

Just need someone to point me in the right direction.

Vernon

Re: Client is always localhost

[Viktor Dukhovni]

> On Mar 2, 2017, at 9:04 AM, chaouche yacine  wrote:
> 
> I was doing some log processing today for a supposedly sent mail I didn't 
> recieve. It turns out that while I was playing with the log file I suddenly 
> realized that every connection is made from localhost...
> 
> root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # zgrep client= /var/log/mail.*  
> | grep -v localhost

This would be a good time to look at the actual log entries and
determine whether (most likely) all the mail is originating locally,
or whether some proxy or other is making your system an open relay.

Just "grep -v localhost" is not terribly informative.

-- 
Viktor.

Re: growing size of mail.log file - postfix logs

[Poliman - Serwis]

Thanks guys for pro tips. ;)

2017-03-02 15:23 GMT+01:00 Phil Stracchino :

> On 03/02/17 09:09, Viktor Dukhovni wrote:
> > On Thu, Mar 02, 2017 at 08:06:57AM +0100, Poliman - Serwis wrote:
> >
> >> Hi everyone. In mail.log file I have many lines like below:
> >> Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept error
> from
> >> house.census.shodan.io[89.248.172.16]: -1
> >
> > See
> >
> > https://www.shodan.io/
> >
> > This plus the word "census" is a pretty clear hint that this site
> > does whole-internet scans for connected devices and records supported
> > TLS versions, ...
>
>
> Specifically, shodan.io scans the 'net for insecure IoT devices.
>
>
> --
>   Phil Stracchino
>   Babylon Communications
>   ph...@caerllewys.net
>   p...@co.ordinate.org
>   Landline: 603.293.8485
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: growing size of mail.log file - postfix logs

[Phil Stracchino]

On 03/02/17 09:09, Viktor Dukhovni wrote:
> On Thu, Mar 02, 2017 at 08:06:57AM +0100, Poliman - Serwis wrote:
> 
>> Hi everyone. In mail.log file I have many lines like below:
>> Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept error from
>> house.census.shodan.io[89.248.172.16]: -1
> 
> See
> 
> https://www.shodan.io/
> 
> This plus the word "census" is a pretty clear hint that this site
> does whole-internet scans for connected devices and records supported
> TLS versions, ...


Specifically, shodan.io scans the 'net for insecure IoT devices.


-- 
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: 603.293.8485

Re: SPF, Postfix and majordomo

[Wietse Venema]

an...@isac.gov.in:
Content-Description: Plaintext Message

> Hello,
> 
> As I know, Postfix-users mailing list uses majordomo.
> 
> Suppose sender domain has set SPF policy with list of IP addresses  
> from which mail can originate for their domain. When the user sends a  
> mail to a mailing list manager like majordomo, being a member of the  
> list, the sender will receive back the mail posted to a mailing list.  
> But, due to SPF policy set for sender domain, mail is rejected.

Well, that is their choice. Or they could use DKIM, and find out
that the message is authentic.

Wietse

Re: growing size of mail.log file - postfix logs

[Viktor Dukhovni]

On Thu, Mar 02, 2017 at 08:06:57AM +0100, Poliman - Serwis wrote:

> Hi everyone. In mail.log file I have many lines like below:
> Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept error from
> house.census.shodan.io[89.248.172.16]: -1

See

https://www.shodan.io/

This plus the word "census" is a pretty clear hint that this site
does whole-internet scans for connected devices and records supported
TLS versions, ...

You can just ignore them, or even apply firewall rules, if you find
the log entries sufficiently annoying to take action.

-- 
Viktor.

Client is always localhost

[chaouche yacine]

o/

I was doing some log processing today for a supposedly sent mail I didn't 
recieve. It turns out that while I was playing with the log file I suddenly 
realized that every connection is made from localhost... 





root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # zgrep client= /var/log/mail.*  | 
grep -v localhost
root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL #

that command was supposed to spit all the client connections that weren't made 
by localhost, and it had 0 results...






On another machine (with an old setup) this  is definitely not the case (had 
923 unique clients/IPs) : 


root@messagerie-secours[10.10.10.20] /var/log # zgrep -o 'client=.*]' 
/var/log/mail.* | grep -v localhost | cut -f 2 -d : | sort | uniq -c | sort -n
  1 client=118-163-37-8.HINET-IP.hinet.net[118.163.37.8]
  1 client=131.red-80-35-249.staticip.rima-tde.net[80.35.249.131]
  1 client=179-191-149-46.dynamic.starweb.net.br[179.191.149.46]
  1 client=a95-93-181-252.cpe.netcabo.pt[95.93.181.252]
   [...snip...]

   1713 client=mta-gw11.infomaniak.ch[84.16.68.70]
   1715 client=mta-gw16.infomaniak.ch[84.16.68.77]
   1943 client=messagerie.algerian-radio.dz[10.10.10.19]
   4499 client=wsus.eprs.dz[10.10.10.1]
root@messagerie-secours[10.10.10.20] /var/log # 




This is a little embarassing since I can not know if any other server has 
attempted to connect to my posftix or not. Any idea on what could be wrong ? 


Config follows : 


postfinger - postfix configuration on Thu Mar  2 14:16:09 CET 2017
version: 1.30 Warning: postfinger output may show private configuration 
information,
such as ip addresses and/or domain names which you do not want to show
to the public.  If this is the case it is your responsibility to modify
the output to hide this private information.  [Remove this warning with
the --nowarn option.] --System Parameters--
mail_version = 2.11.3
hostname = messagerie
uname = Linux messagerie 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 
(2016-01-02) x86_64 GNU/Linux --Packaging information--
looks like this postfix comes from deb package: postfix-2.11.3-1 --main.cf 
non-default parameters--
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
content_filter = amavis:[127.0.0.1]:10024
enable_original_recipient = no
inet_protocols = ipv4
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
maildrop_destination_recipient_limit = 1
message_size_limit = 20971520
mydestination = messagerie.domain.tld, messagerie, localhost.localdomain, 
localhost
myhostname = messagerie.domain.tld
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_message_rate_limit = 100
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sender_restrictions = check_sender_access 
hash:/etc/postfix/maps/reject_senders
smtpd_tls_cert_file = /etc/ssl/private/LETSENCRYPT/nouveau_complet.cert
smtpd_tls_key_file = /etc/ssl/private/LETSENCRYPT/server.private_key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
virtual_alias_maps = hash:/etc/postfix/maps/alias
virtual_gid_maps = static:1002
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = backup.domain.tld, domain.tld
virtual_mailbox_maps = mysql:/etc/postfix/maps/mailboxes.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:113 --master.cf--
smtpinet  n - n - - smtpd -o content_filter=spamassassin
pickup   unix  n - - 601 pickup
cleanup  unix  n - - - 0 cleanup
qmgrunix  n - n 3001 qmgr
tlsmgr   unix  - - - 1000?  1 tlsmgr
rewrite  unix  - - - - - trivial-rewrite
bounce   unix  - - - - 0 bounce
deferunix  - - - - 0 bounce
traceunix  - - - - 0 bounce
verify   unix  - - - - 1 verify
flushunix  n - - 1000?  0 flush
proxymap  unix  - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtpunix  - - - - - smtp
relayunix  - - - - - smtp
showqunix  n - - - - showq
errorunix  - - - - - error
retryunix  - - - - - error
discard  unix  - - - - - discard
localunix  - n n - - local
virtual  unix  - n n - - virtual
lmtpunix  - - - - - lmtp
anvilunix  - - - - 1 anvil
scache   unix  - 

Re: SPF, Postfix and majordomo

[anant]

 Hi,

to make things clear, I am running majordomo in my setup and I am
facing some SPF related issues in my setup and hence wanted to know,
how it is not happening with postfix-users which is also based on
Majordomo?

Regards,
anant.

- Message from an...@isac.gov.in -
   Date: Thu, 02 Mar 2017 18:55:47 +0530
   From: an...@isac.gov.in
Subject: Re: SPF, Postfix and majordomo
     To: postfix-users@postfix.org


Hi,

I think, this may be due to my misconfiguration of mailing list
created using majordomo.  I will try to resolve.  I am sure,
postfix-users mailing list is not breaking SPF.  But, my mailing
list using majordomo is breaking it.

regards,
anant.

- Message from Benny Pedersen  -
   Date: Thu, 02 Mar 2017 14:10:45 +0100
   From: Benny Pedersen 
Subject: Re: SPF, Postfix and majordomo
     To: postfix-users@postfix.org


an...@isac.gov.in skrev den 2017-03-02 13:58:


This is may due to configuration in majordomo. Can someone guide on
this?  Sorry, I am discussing this in postfix group.


there exists no guides for things that is not a problem

you did not post a logging problem ?

i am sure if yoy really like help you can show the problem you
have, plenty of other users here would like to help if there is any
problem, but it cost to show logs of it first
to make it more shurt, where did you read spf breaks maillists ?


- End message from Benny Pedersen  -
 
  Anant S Athavale

   

-

  गोपनीयता नोटिसः यह ई-मेल संदेश, किसी भी संलग्नक के साथ, अभिप्रेत
प्राप्तकार(रों) के एकमात्र उपयोग के लिए है और इसमें गोपनीयता और
विशेषाधिकार सूचना होगी। किसी प्रकार का अप्राधिकृत पुनरीक्षण, उपयोग,
खुलासा या परिचालन निषेध है। यदि आप अभिप्रेत प्राप्तकार नहीं हैं तो,
कृपया भेजने वाले से उत्तर ई-मेल द्वारा संपर्क करें और मूल संदेश की
सभी प्रतियों को नष्ट कर दें।

-

  Confidentiality Notice: This e-mail message, including any
attachments, is for the sole use of the intended recipient(s) and
may contain confidential and privileged information. Any
unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.

-


- End message from an...@isac.gov.in -
 Anant S Athavale
--
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
--

Re: SPF, Postfix and majordomo

[anant]

 Hi,

I think, this may be due to my misconfiguration of mailing list
created using majordomo.  I will try to resolve.  I am sure,
postfix-users mailing list is not breaking SPF.  But, my mailing list 
using majordomo is breaking it.


regards,
anant.

- Message from Benny Pedersen  -
   Date: Thu, 02 Mar 2017 14:10:45 +0100
   From: Benny Pedersen 
Subject: Re: SPF, Postfix and majordomo
     To: postfix-users@postfix.org


an...@isac.gov.in skrev den 2017-03-02 13:58:


This is may due to configuration in majordomo. Can someone guide on
this?  Sorry, I am discussing this in postfix group.


there exists no guides for things that is not a problem

you did not post a logging problem ?

i am sure if yoy really like help you can show the problem you have,
plenty of other users here would like to help if there is any
problem, but it cost to show logs of it first
to make it more shurt, where did you read spf breaks maillists ?


- End message from Benny Pedersen  -
 Anant S Athavale
--
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
--

Re: SPF, Postfix and majordomo

[Benny Pedersen]

an...@isac.gov.in skrev den 2017-03-02 13:58:


This is may due to configuration in majordomo. Can someone guide on
this?  Sorry, I am discussing this in postfix group.


there exists no guides for things that is not a problem

you did not post a logging problem ?

i am sure if yoy really like help you can show the problem you have, 
plenty of other users here would like to help if there is any problem, 
but it cost to show logs of it first


to make it more shurt, where did you read spf breaks maillists ?

Re: SPF, Postfix and majordomo

[Ralph Seichter]

On 02.03.17 13:38, an...@isac.gov.in wrote:

> When the user sends a mail to a mailing list manager like majordomo,
> being a member of the list, the sender will receive back the mail posted
> to a mailing list. But, due to SPF policy set for sender domain, mail is
> rejected.

Please show logs to prove this claim. The Postfix mailing list does not
break SPF, as I can see on my end. Let's take your message as an example:

Authentication-Results: sekhmet.horus-it.com; dmarc=none header.from=isac.gov.in
Authentication-Results: sekhmet.horus-it.com; spf=pass 
smtp.mailfrom=owner-postfix-us...@postfix.org
Authentication-Results: sekhmet.horus-it.com; dkim=none; dkim-atps=neutral

All is well in terms of SPF.

-Ralph

Re: SPF, Postfix and majordomo

[anant]

 Hi,

What I think is, in my setup "envelope-from" is not getting set
something similar to
envelope-from="owner-postfix-us...@postfix.org" and instead it is set
same as sender email id.

This is may due to configuration in majordomo. Can someone guide on
this?  Sorry, I am discussing this in postfix group.

Regards,
ANANT.


- Message from Benny Pedersen  -
   Date: Thu, 02 Mar 2017 13:42:25 +0100
   From: Benny Pedersen 
Subject: Re: SPF, Postfix and majordomo
     To: postfix-users@postfix.org


an...@isac.gov.in skrev den 2017-03-02 13:38:


Now, is there a way to overcome this using Postfix?  As majordomo is a
very old software, it may be difficult to get any solution from
Majordomo.  Please suggest.


logs that prove this would be usefull, i bet its not a spf problem


- End message from Benny Pedersen  -
 Anant S Athavale
--
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
--

Re: SPF, Postfix and majordomo

[Benny Pedersen]

an...@isac.gov.in skrev den 2017-03-02 13:38:


Now, is there a way to overcome this using Postfix?  As majordomo is a
very old software, it may be difficult to get any solution from
Majordomo.  Please suggest.


logs that prove this would be usefull, i bet its not a spf problem

SPF, Postfix and majordomo

[anant]

Hello,

As I know, Postfix-users mailing list uses majordomo.

Suppose sender domain has set SPF policy with list of IP addresses
from which mail can originate for their domain. When the user sends a
mail to a mailing list manager like majordomo, being a member of the
list, the sender will receive back the mail posted to a mailing list.
But, due to SPF policy set for sender domain, mail is rejected.

Now, is there a way to overcome this using Postfix?  As majordomo is a
very old software, it may be difficult to get any solution from
Majordomo.  Please suggest.
 Anant S Athavale
--
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
--

postfix-3.2.0 - documenting keep-new-mtime instead of keep-build-mtime

[Jaroslav Skarvada]

Hi,

I have noticed that in postfix-3.2.0 option -keep-new-mtime was renamed
to -keep-build-mtime, but it seems the old option is still mentioned in:
postfix-3.2.0/html/INSTALL.html
postfix-3.2.0/proto/INSTALL.html

e.g.:
$ grep -r --exclude=HISTORY keep-new-mtime postfix-3.2.0
postfix-3.2.0/proto/INSTALL.html:"-keep-new-mtime".  
postfix-3.2.0/html/INSTALL.html:"-keep-new-mtime".  

but:
$ grep keep-build-mtime postfix-3.2.0/proto/INSTALL.html
$ grep keep-build-mtime postfix-3.2.0/html/INSTALL.html

thanks & regards

Jaroslav

Re: growing size of mail.log file - postfix logs

[Poliman - Serwis]

Strange thing with
Mar  2 07:25:01 vps342401 dovecot: imap-login: Disconnected (disconnected
before auth was ready, waited 0 secs): user=<>, rip=127.0.0.1,
lip=127.0.0.1, secured, session=
and
> Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: lost connection
after CONNECT from house.census.shodan.io[89.248.172.16]
> Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: disconnect from
house.census.shodan.io[89.248.172.16]
> Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14637]: lost connection
after CONNECT from house.census.shodan.io[89.248.172.16]

because I've checked and house.census.shodan.io is on few spamlists. Second
thing that I have clear server with few like apache, php, mysql, pureftp,
postfix, dovecot and I seriously have no idea how check what
connect/disconnect to dovecot service. I point out on size of the file,
because file from 26 Feb has only 6,3MB, from 20 Feb only 2MB. So it looks
like size is growing.

2017-03-02 8:34 GMT+01:00 Patrick Ben Koetter :

> * Poliman - Serwis :
> > Hi everyone. In mail.log file I have many lines like below:
> > Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept error
> from house.census.shodan.io[89.248.172.16]: -1
> > Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: warning: TLS
> library problem: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong
> version number:s3_srvr.c:966:
>
> Postfix refuses to use SSLv3.
>
>
> > Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: lost connection
> after CONNECT from house.census.shodan.io[89.248.172.16]
> > Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: disconnect from
> house.census.shodan.io[89.248.172.16]
> > Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14637]: lost connection
> after CONNECT from house.census.shodan.io[89.248.172.16]
>
> house.census.shodan.io tries to connect your Postfix server and then
> nothing
> happens. Unless every other host has this problem too, you will have to
> talk
> to the people who run house.census.shodan.io to find out why their client
> doesn't proceed with a SMTP session. Chances are their hosts problem is, it
> is unable to use any other/newer TLS protocol version.
>
>
> > and
> >
> > Mar  2 07:15:01 vps342401 dovecot: pop3-login: Disconnected (no auth
> attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured,
> session=
> > Mar  2 07:20:01 vps342401 dovecot: imap-login: Disconnected
> (disconnected before auth was ready, waited 0 secs): user=<>,
> rip=127.0.0.1, lip=127.0.0.1, secured, session=<+TxOa7lJ/AB/AAAB>
> > Mar  2 07:20:01 vps342401 dovecot: pop3-login: Disconnected (no auth
> attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured,
> session=
> > Mar  2 07:25:01 vps342401 dovecot: imap-login: Disconnected
> (disconnected before auth was ready, waited 0 secs): user=<>,
> rip=127.0.0.1, lip=127.0.0.1, secured, session=
>
> Something - a program ? - on your server connects to your dovecot service
> and
> disconnects. Find out what it is.
>
>
> > From two days log file has 18MB. What is wrong?
>
> The log size is not necessarily an indicator that something is wrong on
> your
> machine. On busy machines 18 MB growth is a matter of minutes.
>
> How recurring are the errors in the LOG? Is it always the same error? Is it
> always the same host having problems with your server?
>
> p@rick
>
>
> --
> [*] sys4 AG
>
> https://sys4.de, +49 (89) 30 90 46 64
> Schleißheimer Straße 26/MG,80333 München
>
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> Aufsichtsratsvorsitzender: Florian Kirstein
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: growing size of mail.log file - postfix logs

[wilfried.es...@essignetz.de]

> From two days log file has 18MB. What is wrong?


Do you have logging still active from your threat

"dovecot cram-md5 setting break sending emails"?


Willi

Re: ot: troubleshhoting MX issue (?)

[chaouche yacine]

As long as you're getting a SERVAIL you are having a problem with your 
resolver. This assumption can be verified if you check with public resolvers 
like 8.8.8.8 and 8.8.4.4 (dig -t mx surfacetreatment.be @8.8.8.8)

-- Yassine. 

On Thursday, March 2, 2017 5:56 AM, Voytek  wrote:
 

 On Wed, March 1, 2017 10:45 pm, Andrew Sullivan wrote:
> On Wed, Mar 01, 2017 at 09:50:55PM +1100, Voytek wrote:

Andrew,

> Why are you setting +nocd?

ahmm, I saw it in Viktor's post, and, copied it..oops

> It looks like you're still seeing a SERVFAIL for the MX record, at
> least in what you posted.  SERVFAIL means something is wrong, possibly with
> the resolver (also called "recursive" or "recursive server") itself.
> That's not the answer you need.

I found different name servers in an old resolv.conf, and, these seem to
resolve OK, I'll use these pending confirmation from hosting

now getting this[1]:

Andrew, Viktor, thanks for your help, much appreciated.

[1]
# dig -t mx surfacetreatment.be

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> -t mx
surfacetreatment.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27982
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;surfacetreatment.be.          IN      MX

;; ANSWER SECTION:
surfacetreatment.be.    300    IN      MX      10
remote.surfacetreatment.be.

;; Query time: 334 msec
;; SERVER: 103.15.178.250#53(103.15.178.250)
;; WHEN: Thu Mar  2 15:51:30 2017
;; MSG SIZE  rcvd: 60







   

Re: growing size of mail.log file - postfix logs

[li...@lazygranch.com]

On Thu, 2 Mar 2017 08:34:59 +0100
Patrick Ben Koetter  wrote:

> * Poliman - Serwis :
> > Hi everyone. In mail.log file I have many lines like below:
> > Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept
> > error from house.census.shodan.io[89.248.172.16]: -1 Mar  2
> > 06:53:30 vps342401 postfix/smtps/smtpd[14642]: warning: TLS library
> > problem: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong
> > version number:s3_srvr.c:966:  
> 
> Postfix refuses to use SSLv3.
> 
> 
> > Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: lost
> > connection after CONNECT from house.census.shodan.io[89.248.172.16]
> > Mar  2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: disconnect
> > from house.census.shodan.io[89.248.172.16] Mar  2 06:53:30
> > vps342401 postfix/smtps/smtpd[14637]: lost connection after CONNECT
> > from house.census.shodan.io[89.248.172.16]  
> 
> house.census.shodan.io tries to connect your Postfix server and then
> nothing happens. Unless every other host has this problem too, you
> will have to talk to the people who run house.census.shodan.io to
> find out why their client doesn't proceed with a SMTP session.
> Chances are their hosts problem is, it is unable to use any
> other/newer TLS protocol version.
> 
> 
> > and
> > 
> > Mar  2 07:15:01 vps342401 dovecot: pop3-login: Disconnected (no
> > auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1,
> > secured, session= Mar  2 07:20:01 vps342401
> > dovecot: imap-login: Disconnected (disconnected before auth was
> > ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1,
> > secured, session=<+TxOa7lJ/AB/AAAB> Mar  2 07:20:01 vps342401
> > dovecot: pop3-login: Disconnected (no auth attempts in 0 secs):
> > user=<>, rip=127.0.0.1, lip=127.0.0.1, secured,
> > session= Mar  2 07:25:01 vps342401 dovecot:
> > imap-login: Disconnected (disconnected before auth was ready,
> > waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured,
> > session=  
> 
> Something - a program ? - on your server connects to your dovecot
> service and disconnects. Find out what it is.
> 
>  
> > From two days log file has 18MB. What is wrong?  
> 
> The log size is not necessarily an indicator that something is wrong
> on your machine. On busy machines 18 MB growth is a matter of minutes.
> 
> How recurring are the errors in the LOG? Is it always the same error?
> Is it always the same host having problems with your server?
> 
> p@rick

I block that server from all but port 25. It will password guess until
the cows come home.  I had no idea it was associated with shodan, but
now all the more reason to block it.

#novogara
ipfw table 1 add  89.248.160.0/21
ipfw table 1 add  89.248.169.0/24
ipfw table 1 add  89.248.170.0/23
ipfw table 1 add  89.248.172.0/23
ipfw table 1 add  89.248.174.0/24
ipfw table 1 add  93.174.88.0/21
ipfw table 1 add  94.102.48.0/20

There is a snowshoe type botnet password guesser hosted at Digital
Ocean. Being a customer of them, I complained. I stopped for a few
days, but it back again. They password guess in sequence.

138.68.90.75
139.59.158.92
207.154.221.122

Also the "141" block of the University of Michigan. I have contacted
them to see if they are doing "research", but I get no reply.

ipfw table 3 add 141.211.0.0/16
ipfw table 3 add 141.212.0.0/16
ipfw table 3 add 141.213.0.0/16
ipfw table 3 add 141.214.0.0/16

Mind you, I can block these ports because I'm the only customer of my
server. 

Yes I know fail2ban is the way to go, but my cellphone creates some
chatter that would trigger an aggressive fail2ban.






> 
>