Re: Postfix: Variable meanings table
I have a fail2ban ban - quite active - based on this: failregex = ^%(__prefix_line)sdisconnect from \S+\[\] (ehlo|helo)=\d+ .*auth=0/\d See also http://www.postfix.org/announcements/postfix-3.0.0.html. (I whitelist a few ips that are our own, or known to run auth tests).
Re: Postfix: Variable meanings table
Thanks for the explanation, it has been very instructive. Regards. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: Postfix: Variable meanings table
manu19: > Can someone tell me how I can get the meaning of these variables > (ehlo..commands) in the postfix log? > i.e: > 1) disconnect from ..xx [99.99.999.99] ehlo= 2 starttls= 1 mail=1 > rcpt=1 data=1 quit=1 commands=7 > 2) disconnect from ..xx [99.99.999.99] ehlo=2 starttls=1 mail=1 > rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8 foo=x/y means that the client sent the 'foo' command 'y' times, and that Postfix accepted 'x' of those conmmands. When 'x' and 'y' are the same, Postfix shows only one. These statistics make problems easy to diagnose. The command $ grep auth=./ /var/log/maillog will show spambots attempts to log in. Here is a typical result: Aug 1 11:24:35 spike postfix/smtpd[26284]: disconnect from unknown[122.246.158.54] ehlo=1 auth=0/1 commands=1/2 Wietse
Re: OT: Omni Directional hostnames
On 8/9/2019 12:15 PM, Kevin Miller wrote: Sorry for the OT post, but I'm stumped and hope someone here can enlighten me. When sending to a mimecast users, our mailserver timed out with. Looking at the logs, I see: Aug 9 07:39:48 smtp postfix/smtp[31712]: 060641011CF: host us-smtp-1.mimecast.com[205.139.110.139] said: 451 Hostname is not authorized - https://community.mimecast.com/docs/DOC-1369#451 [3xVXmRAsN4awNrHIyHCW5Q.us94] (in reply to RCPT TO command) Looking at the web page referred to in the log entry I find this: 451 Hostname is not authorized Omni Directional hostnames is enabled. Disable Omni Directional hostnames. I did a web search but can't find any other reference to "Omni Directional hostnames". What are they referring to that they don't like about the sending hostname (smtp.ci.juneau.ak.us)? No other domain is rejecting messages based on the hostname and the phrase "Omni Directional hostnames" doesn't seem to be industry standard nomenclature. At least not that I can find in my searches. I sent a query to postmas...@mimecast.com which was duly rejected (not awfully surprised): 'postmas...@mimecast.com' (postmas...@mimecast.com) Your message couldn't be delivered because delivery to this group is restricted to authenticated senders. If the problem continues, please contact your email admin. Again, sorry for the OT post but if anyone knows what the heck they're talking about I'd appreciate it... ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 I'm guessing this is something about FCrDNS for your IP, and/or your HELO hostname doesn't have an A record matching the IP. -- Noel Jones
OT: Omni Directional hostnames
Sorry for the OT post, but I'm stumped and hope someone here can enlighten me. When sending to a mimecast users, our mailserver timed out with. Looking at the logs, I see: Aug 9 07:39:48 smtp postfix/smtp[31712]: 060641011CF: host us-smtp-1.mimecast.com[205.139.110.139] said: 451 Hostname is not authorized - https://community.mimecast.com/docs/DOC-1369#451 [3xVXmRAsN4awNrHIyHCW5Q.us94] (in reply to RCPT TO command) Looking at the web page referred to in the log entry I find this: 451 Hostname is not authorized Omni Directional hostnames is enabled. Disable Omni Directional hostnames. I did a web search but can't find any other reference to "Omni Directional hostnames". What are they referring to that they don't like about the sending hostname (smtp.ci.juneau.ak.us)? No other domain is rejecting messages based on the hostname and the phrase "Omni Directional hostnames" doesn't seem to be industry standard nomenclature. At least not that I can find in my searches. I sent a query to postmas...@mimecast.com which was duly rejected (not awfully surprised): 'postmas...@mimecast.com' (postmas...@mimecast.com) Your message couldn't be delivered because delivery to this group is restricted to authenticated senders. If the problem continues, please contact your email admin. Again, sorry for the OT post but if anyone knows what the heck they're talking about I'd appreciate it... ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357
Re: Postfix: Variable meanings table
On Fri, 9 Aug 2019 03:32:20 -0700 (MST) manu19 wrote: > Can someone tell me how I can get the meaning of these variables > (ehlo..commands) in the postfix log? > i.e: > 1) disconnect from ..xx [99.99.999.99] ehlo= 2 starttls= 1 > mail=1 rcpt=1 data=1 quit=1 commands=7 > 2) disconnect from ..xx [99.99.999.99] ehlo=2 starttls=1 > mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8 > > Thank you very much!! > > > > -- > Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html https://www.samlogic.net/articles/smtp-commands-reference.htm -- --- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
Re: transport_maps not taking on
Noel Jones wrote on Thu, 8 Aug 2019 10:49:54 -0500: > That looks like a policy service and not a milter. Yeah, right. It's a dovecot authenticator I think. > > Regardless, postfix accepts mail, running it through all configured > milters, restrictions, and policy services, then puts it in the > queue. THEN it consults the transport table to see where to deliver > it. (this is somewhat over-simplification, but should answer your > question) Yeah, thanks! The milter is getting consulted every time. I think it works now. And I've found out about the mysterious holds. It was an old header_check file on that machine. It wasn't used until I copied over the uncommented header_check directive. Thanks! Kai
Postfix: Variable meanings table
Can someone tell me how I can get the meaning of these variables (ehlo..commands) in the postfix log? i.e: 1) disconnect from ..xx [99.99.999.99] ehlo= 2 starttls= 1 mail=1 rcpt=1 data=1 quit=1 commands=7 2) disconnect from ..xx [99.99.999.99] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8 Thank you very much!! -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: Postfix log
On Fri, 9 Aug 2019 12:11:35 +0200 Matus UHLAR - fantomas wrote: > On 09.08.19 11:56, Enrico Morelli wrote: > >I'll try to put > > > > postrotate > > /usr/lib/rsyslog/rsyslog-rotate > > endscript > > > >in my postfix logrotate script to see if it works. > > don't. Simply look what's in /etc/logrotate.d/*syslog* > it should contain /var/log/mail. files > Yes, I know. But I've to maintain the log for a long time, so I created a logrotate script that worked with the previous version of Debian/Postfix. Now I encounter the problem described in this post. -- --- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
Re: Postfix log
On 09.08.19 11:56, Enrico Morelli wrote: I'll try to put postrotate /usr/lib/rsyslog/rsyslog-rotate endscript in my postfix logrotate script to see if it works. don't. Simply look what's in /etc/logrotate.d/*syslog* it should contain /var/log/mail. files -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam is for losers who can't get business any other way.
Re: Postfix log
On 09.08.19 09:32, Enrico Morelli wrote: I upgraded Debian from version 9 to 10 and consequently postfix 3.1.12 to 3.4.5. I'm checking log with multitail in real time and with the new postfix version, I've a strange behavior. When the logs rotate, postfix continues to write in the old file renamed mail.log.1 instead of the new mail.log. I've to restart postfix to solve the problem. I created a postfix file in logrotate.d, as the following, that worked before the update: /var/log/mail.info /var/log/mail.warn /var/log/mail.err /var/log/mail.log { weekly missingok notifempty delaycompress compress create 640 root adm rotate 3650 size 10M } Any suggestion? those files are written by syslog server, and should be rotated in syslog, not postfix logrotate config file. It's the one that causes syslog to reopen log files when they are rotated. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.
Re: sasl config confusion postfix 2.10.1-- FIXED
On 07.08.19 17:30, Fazzina, Angelo wrote: I changed it to relayhost = [massmail.uconn.edu]:587 smtp_fallback_relay = [massmail.uconn.edu]:587 this is superflous, smtp_fallback_relay makes sense when it's different from relahost. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm
Re: dynamically prepend a header in received emails
On Sun, 2019-08-04 at 07:14 +0100, André Rodier wrote: > Thanks, Wietse. > > I will have a look and I will post to the list with the solution. > > Best regards, > André > > On Sat, 2019-08-03 at 17:52 -0400, Wietse Venema wrote: > > Andr? Rodier: > > > Hello all, > > > > > > Is there a way to prepend a header in the received emails, > > > according to > > > the FROM and TO email address, with a script? > > > > You might be able to do that with http://www.postfwd.org/. > > IIRC this is implemented in Perl, therefore easy to extend. > > > > > I have a list of email addresses in a text file, which has to be > > > different for each user. > > > > In the case that postfwd cannot do this, your options are > > > > - Custom policy server. > > > > - Custom Milter. > > > > > Is there an option, for instance in header_checks, to use > > > something > > > like pcre:/etc/postfix/$recipient/headers_check.cf > > > > Each Postfix daemon opens tables before it handles requests. I > > would > > not allow random strangers to control the pathname of files that > > Postfix will open. > > > > > Or maybe an SQLite database would be enough. With a custom SQL > > > query, I > > > should be able to return the header to add, but how? > > > Otherwise, I will start writing a custom milter. > > > > There are many options for doing that. > > > > Wietse As promised, I have written a simple milter in Python, that does exactly what I wanted. I post it here, in case people want to use it. This is a very simple milter, written in Python, that do the following when a new message arrive. 1. Get the recipient uid "UID" from the email address. 2. Get the list of address books in the database for the user with uid "UID" 3. Search the sender email address in all the user's address books 4. If found at least one, add one header "X-AddressBook" which contains a list of all the address books found, with a prefixed syntax: X-AddressBook: "SOGo:Personnal, SOGo:Professional" There are some limitations, of course, but it is still functional. This allows a lot of things, for instance with Sieve filters. I am not a Python expert, and perhaps there are some errors in the code, but it should be readable. I had to disable a few pylint warnings, as I could not solve them at all, especially those related to the inherited class. https://github.com/progmaticltd/sogo-milters/blob/master/milter-abook/milter-abook.py Enjoy! -- André Rodier
Re: Postfix log
On Fri, 9 Aug 2019 11:17:26 +0200 Alexander Wirt wrote: > On Fri, 09 Aug 2019, Benny Pedersen wrote: > > Hi, > > > > Thanks, postscript is not part of the Debian package. I'll try to > > > put: service postfix restart > > > > this is not working, postfix send logs to syslogd, so restarting > > postfix is not what to do, restart the syslogd will work > > > > please create a bug on debian so it can be resolved, its default > > logrotate problem that does not restart syslogd > The default syslogd (rsyslogd) in debian does that: > > /var/log/mail.info > /var/log/mail.warn > /var/log/mail.err > /var/log/mail.log > /var/log/daemon.log > /var/log/kern.log > /var/log/auth.log > /var/log/user.log > /var/log/lpr.log > /var/log/cron.log > /var/log/debug > /var/log/messages > { > rotate 4 > weekly > missingok > notifempty > compress > delaycompress > sharedscripts > postrotate > /usr/lib/rsyslog/rsyslog-rotate > endscript > } > > cat /usr/lib/rsyslog/rsyslog-rotate > #!/bin/sh > > if [ -d /run/systemd/system ]; then > systemctl kill -s HUP rsyslog.service > else > invoke-rc.d rsyslog rotate > /dev/null > fi > > I'll try to put postrotate /usr/lib/rsyslog/rsyslog-rotate endscript in my postfix logrotate script to see if it works. -- --- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
Re: Postfix log
On Fri, 09 Aug 2019, Benny Pedersen wrote: Hi, > > Thanks, postscript is not part of the Debian package. I'll try to put: > > service postfix restart > > this is not working, postfix send logs to syslogd, so restarting postfix is > not what to do, restart the syslogd will work > > please create a bug on debian so it can be resolved, its default logrotate > problem that does not restart syslogd The default syslogd (rsyslogd) in debian does that: /var/log/mail.info /var/log/mail.warn /var/log/mail.err /var/log/mail.log /var/log/daemon.log /var/log/kern.log /var/log/auth.log /var/log/user.log /var/log/lpr.log /var/log/cron.log /var/log/debug /var/log/messages { rotate 4 weekly missingok notifempty compress delaycompress sharedscripts postrotate /usr/lib/rsyslog/rsyslog-rotate endscript } cat /usr/lib/rsyslog/rsyslog-rotate #!/bin/sh if [ -d /run/systemd/system ]; then systemctl kill -s HUP rsyslog.service else invoke-rc.d rsyslog rotate > /dev/null fi
Re: Postfix log
Enrico Morelli skrev den 2019-08-09 10:45: Thanks, postscript is not part of the Debian package. I'll try to put: service postfix restart this is not working, postfix send logs to syslogd, so restarting postfix is not what to do, restart the syslogd will work please create a bug on debian so it can be resolved, its default logrotate problem that does not restart syslogd
Re: Postfix log
On Fri, 9 Aug 2019 08:18:21 + Matthew Lowy wrote: > Hi Enrico, > > I can't speak for why postscript behaviour has changed, but this is a > known issue for other applications that hold a file open across time > instead of opening it to write / closing it after write. Logrotate > allows you to put in a postrotate / endscript sequence that can be > used to make the application do whatever is necessary to make it > re-open it's log file (or anything else...) Any lines between the > line containing 'postrotate' and the line containing 'endscript' will > be run after the rotate job has rotated the files. So in between you > can stop / start postfix or restart postfix or any other action that > can cause it to re-process it's log file. > > For example... > postrotate > service postscript restart > endscript > > someone else might know if postscript will handle kill -HUP (kill -1) > correctly (I'm running an older version of postscript that doesn't > exhibit this behaviour, it handles the log being switched under it > just fine) or you could try it out. > Thanks, postscript is not part of the Debian package. I'll try to put: service postfix restart > ML > > -Original Message- > From: owner-postfix-us...@postfix.org > On Behalf Of Enrico Morelli Sent: > 09 August 2019 08:33 To: postfix-users@postfix.org > Subject: Postfix log > > Dear, > > I upgraded Debian from version 9 to 10 and consequently postfix > 3.1.12 to 3.4.5. I'm checking log with multitail in real time and > with the new postfix version, I've a strange behavior. When the logs > rotate, postfix continues to write in the old file renamed mail.log.1 > instead of the new mail.log. I've to restart postfix to solve the > problem. > > I created a postfix file in logrotate.d, as the following, that > worked before the update: > > /var/log/mail.info > /var/log/mail.warn > /var/log/mail.err > /var/log/mail.log { > weekly > missingok > notifempty > delaycompress > compress > create 640 root adm > rotate 3650 > size 10M > } > > Any suggestion? > > -- > --- > Enrico Morelli > System Administrator | Programmer | Web Developer > > CERM - Polo Scientifico > via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY > -- --- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
RE: Postfix log
Hi Enrico, I can't speak for why postscript behaviour has changed, but this is a known issue for other applications that hold a file open across time instead of opening it to write / closing it after write. Logrotate allows you to put in a postrotate / endscript sequence that can be used to make the application do whatever is necessary to make it re-open it's log file (or anything else...) Any lines between the line containing 'postrotate' and the line containing 'endscript' will be run after the rotate job has rotated the files. So in between you can stop / start postfix or restart postfix or any other action that can cause it to re-process it's log file. For example... postrotate service postscript restart endscript someone else might know if postscript will handle kill -HUP (kill -1) correctly (I'm running an older version of postscript that doesn't exhibit this behaviour, it handles the log being switched under it just fine) or you could try it out. ML -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Enrico Morelli Sent: 09 August 2019 08:33 To: postfix-users@postfix.org Subject: Postfix log Dear, I upgraded Debian from version 9 to 10 and consequently postfix 3.1.12 to 3.4.5. I'm checking log with multitail in real time and with the new postfix version, I've a strange behavior. When the logs rotate, postfix continues to write in the old file renamed mail.log.1 instead of the new mail.log. I've to restart postfix to solve the problem. I created a postfix file in logrotate.d, as the following, that worked before the update: /var/log/mail.info /var/log/mail.warn /var/log/mail.err /var/log/mail.log { weekly missingok notifempty delaycompress compress create 640 root adm rotate 3650 size 10M } Any suggestion? -- --- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
Postfix log
Dear, I upgraded Debian from version 9 to 10 and consequently postfix 3.1.12 to 3.4.5. I'm checking log with multitail in real time and with the new postfix version, I've a strange behavior. When the logs rotate, postfix continues to write in the old file renamed mail.log.1 instead of the new mail.log. I've to restart postfix to solve the problem. I created a postfix file in logrotate.d, as the following, that worked before the update: /var/log/mail.info /var/log/mail.warn /var/log/mail.err /var/log/mail.log { weekly missingok notifempty delaycompress compress create 640 root adm rotate 3650 size 10M } Any suggestion? -- --- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY