Re: smtp disobeying smtp_bind_address

2021-10-25 Thread Vincent Pelletier 
On Mon, 25 Oct 2021 12:36:35 -0400 (EDT),
Wietse Venema  wrote :
> This would require a new setting, for example to make smtp_bind_address
> failures a retryable error.
> 
> smtp_bind_address_failure_action = warn (or defer)
> 
> warn: current behavior
> defer: treat as a faiilure to connect

This looks like something I would want to use in my situation. Does the
implementation complexity and maintenance cost look reasonable to you,
for what seems to be a rather niche use (otherwise someone else would
certainly have done the same mistake before) ?

Until this is available, I will follow what Viktor suggests: monitoring
and dynamically deferring emails, and notify me of the issue while at
it. The email rate on this system should be low enough that the monitor
will notice the issue before any significant volume went through.

Regards,
-- 
Vincent Pelletier
ERP5 - open source ERP/CRM for flexible enterprises

Re: I got an email from "myself?" what the heck!

2021-10-25 Thread Peter 

On 25/10/21 2:59 pm, Thomas Anderson wrote:

Here is a clean email:

Received: from example.net (unknown [192.168.1.10])
by mail.example.com (Postfix) with ESMTPSA id D7C3F1980059
for; Mon, 25 Oct 2021 03:42:29 +0200 (CEST)

Here is a non-clean email:

Received: by mail.example.com (Postfix, from userid 1005)
id F1E621982CA9; Sun, 13 Jun 2021 15:32:28 +0200 (CEST)


This looks legitimate, and generated by the sendmail binary on your 
system.  Check your Postfix logs for a pickup entry that matches that 
queue id (you can grep for F1E621982CA9 and then look back for the 
pickup line).  It likely indicates some sort of spam coming through a 
web form on your system, like on a php script, fix the web form to make 
it harder for spammers to use.



Peter

Re: I got an email from "myself?" what the heck!

2021-10-25 Thread Wietse Venema 
Benny Pedersen:
> On 2021-10-25 07:11, Thomas Anderson wrote:
> > The IP it came from was outside my network.
> 
> you can reject all evevelope senders if its claims its your domain in 
> port 25, you will never send it there, never as never, spf is just a 
> global world protection not needed for postfix to make thar policy

# Disallow sen...@example.com (and subdomains) from strangers.
main.cf:
smtpd_sender_restrictions = 
inline:{{ example.com = permit_mynetworks, reject }}

# Allow from authenticated mail user agents.
master.cf:
submission ...
-o smtpd_sender_restrictions=
...
smtps ...
-o smtpd_sender_restrictions=
...

It's not the default because historically, some mailing lists did
not reset the envelope sender, and your postings to such a list
could have your own envelope sender address.

Wietse

Re: smtp disobeying smtp_bind_address

2021-10-25 Thread Wietse Venema 
Vincent Pelletier:
> I would rather postfix just stop sending emails altogether in such case,
> than send them from an unexpected ip: a delay is preferable to me to
> uncertainty as to how the emails were processed by recipient SMTPs.
> 
> Is there something else I should set so postfix stops falling back to
> no binding ?

This would require a new setting, for example to make smtp_bind_address
failures a retryable error.

smtp_bind_address_failure_action = warn (or defer)

warn: current behavior
defer: treat as a faiilure to connect

Wietse

Re: I got an email from "myself?" what the heck!

2021-10-25 Thread Benny Pedersen 

On 2021-10-25 07:11, Thomas Anderson wrote:

The IP it came from was outside my network.


you can reject all evevelope senders if its claims its your domain in 
port 25, you will never send it there, never as never, spf is just a 
global world protection not needed for postfix to make thar policy

Re: smtp disobeying smtp_bind_address

2021-10-25 Thread Viktor Dukhovni 
On Mon, Oct 25, 2021 at 09:35:35AM +, Vincent Pelletier wrote:

> I would rather postfix just stop sending emails altogether in such
> case, than send them from an unexpected ip: a delay is preferable to
> me to uncertainty as to how the emails were processed by recipient
> SMTPs.
> 
> Is there something else I should set so postfix stops falling back to
> no binding ?

No such setting is presently available in Postfix:


https://github.com/vdukhovni/postfix/blob/master/postfix/src/smtp/smtp_connect.c#L231-L234

Instead, monitor your system configuration for absence of IP addresses
expected by the Postfix configuration, and add any transports whose
IP address is not configured to "defer_transports" (if not already
present) and execute "postfix reload".

You can collect the list of configured addresses via:

(
postconf -xh smtp_bind_address
postconf -Ph '*/unix/smtp_bind_address'
) | sort -u

The warnings in the logs should also be noticed.

-- 
Viktor.

Re: smtp disobeying smtp_bind_address

2021-10-25 Thread Max-Julian Pogner 

On 25/10/2021 11:35, Vincent Pelletier wrote:

I would rather postfix just stop sending emails altogether in such case,
than send them from an unexpected ip: a delay is preferable to me to
uncertainty as to how the emails were processed by recipient SMTPs.


As a categorical prevention of postfix using the wrong ip address until 
you found the correct postfix configuration, you could block all 
outgoing smtp from the wrong ip address:


iptables -A OUTPUT -p tcp --dport 25 ! -s  -j DROP

(quote the ! when entering via bash, and co-align with all the other 
rules in your iptables).

smtp disobeying smtp_bind_address

2021-10-25 Thread Vincent Pelletier 
Hello,

I have a server with multiple IPv4 routes to the internet (multipath
over tunnels, plus the default route). The multipath route is picked for
outgoing connections based on the IP the client socket is bound to:
  ip rule from  lookup 
  ip route add table  default nexthop via ... [nexthop via ... [...]]

I have setup postfix to bind to  for some emails that should appear
as having entered the net from the ends of the multipath route (because
these IPs are in SPF records).

I did a mistake and accidentally removed  from that system. Postfix
complains (rightly) in the logs that it cannot bind to this address:
  postfix/smtp: warning: smtp_connect_addr: bind : Cannot assign requested 
address

But then, it proceeded to send the email anyway, so it entered the
internet from the main default route. This made some recipients' SMTP
servers unhappy, which delayed some emails, but others continued to
accept the mails (and could have done all sort of bad things to them,
like file them in a spam box, ...).

The custom postfix settings I have for this setup are:
  smtp_address_preference = ipv4
  smtp_bind_address = 
I am on postfix 3.4.14 (Debian oldstable).

I would rather postfix just stop sending emails altogether in such case,
than send them from an unexpected ip: a delay is preferable to me to
uncertainty as to how the emails were processed by recipient SMTPs.

Is there something else I should set so postfix stops falling back to
no binding ?

Regards,
-- 
Vincent Pelletier