Re: Spam Attack on Postmaster
On Mon, Mar 1, 2010 at 9:29 AM, Noel Jones njo...@megan.vbhcs.org wrote: That parameter doesn't prevent spammers from sending junk to postmaster, it prevents mail to postmaster from bypassing your existing anti-spam controls. Big difference. It looks like it does pass my 'anti-spam' controls however I am not sure why or how I can determine what is allowing this particular example to slip past. Below is straight from my Postfix logs and in the end of this email you can see my postconf -n shows '$double_bounce_sender': Feb 27 15:05:44 mail postfix/smtpd[3291]: warning: 89.204.40.160: hostname 160.40.204.89.access.ttknet.ru verification failed: Name or service not known Feb 27 15:05:44 mail postfix/smtpd[3291]: connect from unknown[89.204.40.160] Feb 27 15:05:49 mail postfix/smtpd[3291]: 179C477ADB5: client=unknown[89.204.40.160] Feb 27 15:05:50 mail postfix/cleanup[5220]: 179C477ADB5: message-id=20100227200549.179c477a...@mail.iamghost.com Feb 27 15:05:50 mail postfix/qmgr[20536]: 179C477ADB5: from=postmas...@iamghost.com, size=3854, nrcpt=1 (queue active) Feb 27 15:05:50 mail postfix/smtpd[3291]: disconnect from unknown[89.204.40.160] Feb 27 15:05:50 mail postfix/smtpd[5224]: EC5B277ADD6: client=localhost.localdomain[127.0.0.1] Feb 27 15:05:50 mail postfix/cleanup[5220]: EC5B277ADD6: message-id=20100227200549.179c477a...@mail.iamghost.com Feb 27 15:05:51 mail postfix/smtpd[5224]: disconnect from localhost.localdomain[127.0.0.1] Feb 27 15:05:51 mail postfix/qmgr[20536]: EC5B277ADD6: from=postmas...@iamghost.com, size=4620, nrcpt=1 (queue active) Feb 27 15:05:51 mail amavis[6851]: (06851-16) Passed SPAMMY, [89.204.40.160] [89.204.40.160] postmas...@iamghost.com - postmas...@iamghost.com, Message-ID: 20100227200549.179c477a...@mail.iamghost.com, mail_id: awUEbrkCfcvq, Hits: 7.457, size: 3845, queued_as: EC5B277ADD6, 811 ms Feb 27 15:05:51 mail postfix/lmtp[5221]: 179C477ADB5: to=postmas...@iamghost.com, relay=127.0.0.1[127.0.0.1]:10024, delay=2.5, delays=1.7/0.01/0/0.81, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=06851-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as EC5B277ADD6) Feb 27 15:05:51 mail postfix/qmgr[20536]: 179C477ADB5: removed Feb 27 15:05:51 mail postfix/local[5225]: EC5B277ADD6: to=car...@iamghost.com, orig_to=postmas...@iamghost.com, relay=local, delay=0.31, delays=0.18/0.01/0/0.12, dsn=2.0.0, status=sent (delivered to maildir) Feb 27 15:05:51 mail postfix/qmgr[20536]: EC5B277ADD6: removed No. Apparently you have no controls that would otherwise reject this spam. I guess I didn't really understand fully the full meaning of '$double_bounce_sender'. Yes, looks as if the spammer forged your postmaster as the envelope sender. You can reject mail FROM postmaster@ your domain with a check_sender_access map. I do have a 'sender_access' map in /etc/postfix and in main.cf: [r...@mail postfix]# postconf -n | grep 'sender_access' smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, check_helo_access pcre:/etc/postfix/helo_checks.pcre, check_client_access hash:/etc/postfix/client_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net Inside the file however I have domains and specific email addresses. Is this wrong formatting for the 'sender_access' file? # /etc/postfix/sender_access # # Black/Whitelist for senders matching the 'MAIL FROM' field. Examples... # lmco.comOK saic.comOK se-core.net OK army.milOK us.army.mil OK rayhtheonvtc.comOK sting_r...@yahoo.comOK aol.com REJECT craigslist.org REJECT facebookmail.comREJECT gmail.com REJECT hotmail.com REJECT yahoo.com REJECT youtube.com REJECT Noel or anyone. If you can please help me understand the following: 1. Why did Postfix allow the sender to bypass my 'anti spam' rules in my main.cf when it appeared in my logs above it didn't have a proper formatted fqdn and or hostname? 2. Was it passed because it was spoofed to come from 'postmas...@iamghost.com' I need to add a rule for this in 'sender_access'? 3. If 'yes' to above, why isn't '$double_bounce_sender' forcing email to 'Postmaster' run through checks? 4. Based on my postconf -n (below) and my contents above showing '/etc/postfix/sender_access', do I have the correct values in the 'sender_access' file or is it improperly formatted? ***Postconf -n*** [r...@mail postfix]# postconf -n address_verify_sender = $double_bounce_sender alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases,
Re: Spam Attack on Postmaster
On Mon, Mar 1, 2010 at 12:28 PM, Noel Jones njo...@megan.vbhcs.org wrote: It slips past because there are no rules to block it. You can add postmas...@your_domain REJECT to this list if you want. I am assuming I would add this to 'sender_access', correct? On Mon, Mar 1, 2010 at 1:31 AM, LuKreme krem...@kreme.com wrote: Often people have an exclusion to pass email to postmaster no matter what. Check you sender_access and helo_checks for such an exclusion. Mine looks like this: /^postmas...@kreme.com$/ 550 Don't Spoof as my postmaster /^postmas...@example.com$/ 550 Don't Spoof as my postmaster /^postmas...@example.net$/ 550 Don't Spoof as my postmaster /^postmaster\@/ OK LuKreme suggested the above which is different from your suggestion above. I guess I am just not sure which works or do they simply do the same thing. I don't know if the above example from LuKreme is for 'sender_access' or another type of file. Do you care to add to this for my understanding? No glaring errors, although you might want to remove reject_unknown_recipient_domain as the only thing it's likely to block is your own domain. Thanks. I will try this. You're the 1st to suggest this so far. Thanks.
Re: Spam Attack on Postmaster
On Tue, Oct 27, 2009 at 8:55 AM, Noel Jones njo...@megan.vbhcs.org wrote: Or you can have postfix add it to main.cf for you by typing the command: # postconf -e 'address_verify_sender=$double_bounce_sender' I added the above parameter (address_verify_sender=$double_bounce_sender) in my main.cf to keep spammers from sending spam / junk email to my built in Postmaster account. I am running a dated version of Postfix 2.3. I added it in my main.cf and reloaded Postfix. I see it listed in my 'postconf -n' just this weekend received this email: Return-Path: postmas...@iamghost.com X-Original-To: postmas...@iamghost.com Delivered-To: postmas...@iamghost.com Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.iamghost.com (Postfix) with ESMTP id EC5B277ADD6 for postmas...@iamghost.com; Sat, 27 Feb 2010 15:05:50 -0500 (EST) X-Virus-Scanned: amavisd-new at iamghost.com X-Spam-Flag: YES X-Spam-Score: 7.457 X-Spam-Level: *** X-Spam-Status: Yes, score=7.457 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1] autolearn=no Received: from mail.iamghost.com ([127.0.0.1]) by localhost (iamghost.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id awUEbrkCfcvq for postmas...@iamghost.com; Sat, 27 Feb 2010 15:05:50 -0500 (EST) Received: from ambianceimports.com (unknown [89.204.40.160]) by mail.iamghost.com (Postfix) with SMTP id 179C477ADB5 for postmas...@iamghost.com; Sat, 27 Feb 2010 15:05:48 -0500 (EST) To: postmas...@iamghost.com Subject: ***SPAM*** Delivery Status Notification From: Inez postmas...@iamghost.com MIME-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-Id: 20100227200549.179c477a...@mail.iamghost.com Date: Sat, 27 Feb 2010 15:05:48 -0500 (EST) * Should the above parameter firstly not have allowed this message to be sent to 'Postmaster'? And I am confused why the Return-Path Delivered-To address are the same. Was this spammer attempting to spoof my postmaster's email address?
Re: Added a Check - Asking for a Review
On Wed, Jan 20, 2010 at 10:34 AM, Ralf Hildebrandt ralf.hildebra...@charite.de wrote: /^localhost$/ 550 Don't use my own domain (localhost)! /^iamghost.\com$/ 550 Don't use my own domain! /^64\.95\.64\.198$/ 550 Your spam was rejected because you're forging my IP. /^\[64\.95\.64\.198\]$/ 550 Your spam was rejected because you're forging my IP. /^mail\.iamghost.\com$/ 550 Don't use my own hostname! /^[0-9.-]+$/ 550 Your software is not RFC 2821 compliant: EHLO/HELO must be a domain or an address-literal (IP enclosed in []) - not a naked IP. Beyond this file, does my main.cf file look correct to you? Looks OK. Why did this email get through Postfix if my I followed Ralph's example of helo_checks.pcre'? I posted my postconf -n previously in this message and above you can see the contents of 'helo_checks.pcre' I would think this would prevent anyone from sending mail to my Postfix server spoofing my domain in the headers. Am I wrong? I got the following email this weekend: Return-Path: postmas...@iamghost.com X-Original-To: postmas...@iamghost.com Delivered-To: postmas...@iamghost.com Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.iamghost.com (Postfix) with ESMTP id EC5B277ADD6 for postmas...@iamghost.com; Sat, 27 Feb 2010 15:05:50 -0500 (EST) X-Virus-Scanned: amavisd-new at iamghost.com X-Spam-Flag: YES X-Spam-Score: 7.457 X-Spam-Level: *** X-Spam-Status: Yes, score=7.457 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1] autolearn=no Received: from mail.iamghost.com ([127.0.0.1]) by localhost (iamghost.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id awUEbrkCfcvq for postmas...@iamghost.com; Sat, 27 Feb 2010 15:05:50 -0500 (EST) Received: from ambianceimports.com (unknown [89.204.40.160]) by mail.iamghost.com (Postfix) with SMTP id 179C477ADB5 for postmas...@iamghost.com; Sat, 27 Feb 2010 15:05:48 -0500 (EST) To: postmas...@iamghost.com Subject: ***SPAM*** Delivery Status Notification From: Inez postmas...@iamghost.com MIME-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-Id: 20100227200549.179c477a...@mail.iamghost.com Date: Sat, 27 Feb 2010 15:05:48 -0500 (EST) I thought this was the point of adding the 'helo_checks' but I think I am missing something. Can anyone please help explain what I did wrong or am missing? I think this email should have been prevented with: /^iamghost\.com$/ 550 Don't use my own domain The headers of this email show the spammer spoofed this email to come from 'postmas...@iamghost.com'. *Below is my output of 'postconf -n': address_verify_sender = $double_bounce_sender alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 2048 mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = iamghost.com myhostname = mail.iamghost.com mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix recipient_delimiter = + relay_domains = sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_security_level = may smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, check_helo_access pcre:/etc/postfix/helo_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, permit smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/mail.crt smtpd_tls_key_file = /etc/ssl/mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
Re: Spam Attack on Postmaster
On Sun, Feb 28, 2010 at 5:27 PM, Stan Hoeppner s...@hardwarefreak.com wrote: Carlos, I think it's time you join spam-l and learn all the tricks to fighting spam. http://spam-l.com/mailman/listinfo/spam-l Thanks. I will research this and see what I can learn from that list. You could have blocked this spam with any number of methods, the simplest being adding the following to main.cf: smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org I do have this in my main.cf. I don't know why it didn't reject it if I have zen.spamhaus.org in my config unless it was added after the spam was sent to me. Do you know? I have attached my output of 'postconf -n' below. address_verify_sender = $double_bounce_sender alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 2048 mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = iamghost.com myhostname = mail.iamghost.com mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix recipient_delimiter = + relay_domains = sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_security_level = may smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, check_helo_access pcre:/etc/postfix/helo_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, permit smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/mail.crt smtpd_tls_key_file = /etc/ssl/mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 If you don't need to receive email from Russia, ever, period, you can use the data at ipdeny.com to build a cidr table and block _ALL_ mail from Russia. You can do this for any country. Is the a guide on how I can build a cidr table and block ALL mail from Russia? I don't ever want / need mail from Russia and don't know how to build this table and how to force Postfix to use the list.
Planning An Upgrade
I am getting ready to step up my Postfix version from postfix-2.3.3-2.1.el5_2 (Package maintainers version) to Simon's binary RPM 2.7.0 package. Currently I checked out the 'Release Notes: http://de.postfix.org/ftpmirror/official/postfix-2.7.0.RELEASE_NOTES From what I read, no functionalist has been removed but I am stepping up from such an old version granted it's the latest version available from Red Hat Enterprise Linux, there could be problems with my particular configuration. I was wondering if I did decide to step up this weekend during some downtime, how difficult would it be to simply drop my current 2.3.x configuration into the 2.7.0 build on my Red Hat Enterprise Linux server? I attached my 'postfconf -n' below because maybe someone will see something that would break or not work well in 2.7. Thanks for any support! Sadly there are no guides for configuration on 2.7 from scratch since it's so new. ###Postconf -n### address_verify_sender = $double_bounce_sender alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = mail/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 2048 mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = iamghost.com myhostname = mail.iamghost.com mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_delimiter = + relay_domains = sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_security_level = may smtpd_banner = $myhostname ESMTP smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, check_helo_access pcre:/etc/postfix/helo_checks.pcre, check_client_access hash:/etc/postfix/client_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, permit smtpd_tls_auth_only = yes smtpd_tls_cert_file = /srv/ssl/ghost.crt smtpd_tls_key_file = /srv/ssl/ghost.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550
2.7 RPM
Does anyone happen to know if anyone is kindly dedicating their time to creating a Postfix 2.7 RPM for download? I know this is extremely time consuming but I am really interested to try out Postfix 2.7 on my CentOS x64 server. I realize Simon was responsible for creating the previous RPM's available on a mirror but I don't know if he is still doing so. I never saw a 2.6.5-3 RPM (only 2.6.5-1) and wasn't sure if he would continue to do so or only with major release versions. Thanks for any info! **PS** Yes I am very aware anyone including myself could create a RPM from source using the SRPM's however I attempted this in the past and failed miserably. -Carlos
Re: [OT] suitable webmail
On Tue, Feb 2, 2010 at 8:36 AM, Charles Marcus cmar...@media-brokers.com wrote: On 2010-02-01 7:17 PM, Stan Hoeppner wrote: All of that said, I don't find I'm lacking any functionality with my current version of Roundcube. Then you haven't looked at it... the new features are really nice... I would say this is getting pretty off-topic for Postfix discussion. It looks like most agree that RoundCube, Squirrelmail, or Horde are great applications and it's up to you to decide which works best for your needs. Good luck!
Re: suitable webmail
On Mon, Feb 1, 2010 at 10:52 AM, K bharathan kbhara...@gmail.com wrote: hi all of course this is a non postfix topic; but i'd like to know from the experienced which webmail is best for a postfix pop server i'd also have it configured for user soft quota guidance appreciated Postfix is not the POP/IMAP server. Postfix is the MTA generally for SMTP. IMAP and POP are handled by popular daemons such as Dovecot and Courier. 95% of the responses will be Squirrelmail. http://squirrelmail.org/ I recommend and prefer Roundcube. http://roundcube.net/ Both have great Postfix / Dovecot integration.
Re: Best Suggestion For Blacklisting Senders
On Thu, Jan 21, 2010 at 2:43 PM, Brian Evans - Postfix List grkni...@scent-team.com wrote: This is a client IP not a sender, e. g. 'MAIL FROM: br...@example.com' The IP should go into a file referenced by a check_client_access restriction. I think I still don't have a understanding at how to properly read / understand message headers in order to create good filters in Postfix. I am very sorry for my confusion but can someone please tell me what the difference is between these two IP's I show in the headers. I am guessing one IP is the actual 'senders' IP address in which is initiating SMTP from using a client like Outlook / Thunderbird and the other IP I am guessing is the address of the senders SMTP server which establishes a connection with my Postfix MTA, right? Do I at least have this correct? I am looking at these headers: *** Return-path: b.148.1296207.0e628e696f0d1...@mail.wfmc.org X-original-to: car...@iamghost.com Delivered-to: car...@iamghost.com Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.iamghost.com (Postfix) with ESMTP id 8A54C77A8E9 for car...@iamghost.com; Fri, 22 Jan 2010 05:29:33 -0500 (EST) Received: from mail.iamghost.com ([127.0.0.1]) by localhost (iamghost.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id eY2CHd1Jva+X for car...@iamghost.com; Fri, 22 Jan 2010 05:29:31 -0500 (EST) Received: from civismtp.uas.coop (civismtp.uas.coop [67.212.170.242]) by mail.iamghost.com (Postfix) with ESMTP id C00DB77A862 for car...@iamghost.com; Fri, 22 Jan 2010 05:29:30 -0500 (EST) Received: from wfmc.org (HELO www.wfmc.org) (192.220.23.216) (smtp-auth username editor, mechanism cram-md5) by civismtp.uas.coop (qpsmtpd/0.40) with ESMTPA; Fri, 22 Jan 2010 03:50:52 -0600 Mime-version: 1.0 Reply-to: r.148.1296207.0e628e696f0d1...@mail.wfmc.org From: BPM Times edi...@bpm.com Subject: BPM Times January 2010 List-unsubscribe: mailto:u.148.1296207.0e628e696f0d1...@mail.wfmc.org To: car...@iamghost.com car...@iamghost.com Content-type: multipart/alternative; boundary==_6f6883e747bd1842f9d8a495eff04b03 Date: 01/22/2010 05:29:29 AM Message-id: 20100122095052.183d3192c...@civismtp.uas.coop *** There are two (2) 'Received: from' lines which both have two completely different IP's. One has a HELO 'smtp-auth' username (editor) which I assume this line to be the client sending the message, not the MTA, is this correct? Any clarification is greatly appreciated.
Best Suggestion For Blacklisting Senders
Everyday I have a notification from my virus scanner that a Virus / Trojan was received from a specific IP: *** A virus was found: Trojan.Delf-5385 Banned name: .exe,.exe-ms,postcard.htm ... .exe Scanner detecting a virus: ClamAV-clamd Content type: Virus Internal reference code for the message is 28594-11/qO-PxfSzvjHV First upstream SMTP client IP address: [75.112.128.242] unknown According to a 'Received:' trace, the message apparently originated at: [75.112.128.242], hallmark.com unknown [75.112.128.242] Return-Path: postca...@hallmark.com From: postca...@hallmark.com Message-ID: 20100121161108.b572977a...@mail.iamghost.com Subject: You've received A Hallmark E-Card! The message has been quarantined as: virus-qO-PxfSzvjHV Notification to sender will not be mailed. *** The email every day is from the same IP to the same recipient on my Postfix server. I have what most of you consider a very small / low traffic Postfix MTA so I was wondering if adding the IP address in /etc/postfix/sender_access is wrong or acceptable to stop receiving mail from this IP. I contacted Brighthouse and realized those are moments of my life I will never get back. Here is what I have in 'sender_access': # Black/Whitelist for senders matching the 'MAIL FROM' field. Examples... 75.112.128.242 REJECT Below is a Postconf -n address_verify_sender = $double_bounce_sender alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 2048 mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = iamghost.com myhostname = mail.iamghost.com mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix recipient_delimiter = + relay_domains = sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_security_level = may smtpd_banner = $myhostname ESMTP smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, check_helo_access pcre:/etc/postfix/helo_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, permit smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/mail.crt smtpd_tls_key_file = /etc/ssl/mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550
Re: Best Suggestion For Blacklisting Senders
On Thu, Jan 21, 2010 at 2:43 PM, Brian Evans - Postfix List grkni...@scent-team.com wrote: This is a client IP not a sender, e. g. 'MAIL FROM: br...@example.com' The IP should go into a file referenced by a check_client_access restriction. So when I generate a 'check_client_access' file in '/etc/postfix', I need to reference this check under which trigger sections? Would this go under 'smtpd_recipient_restrictions' or 'smtpd_client_restriction'? smtpd_client_restriction This trigger applies to the client IP or hostname... smtpd_recipient_restriction This trigger applies to envelope sender, envelope recipient, and client IP...
Re: Best Suggestion For Blacklisting Senders
On Thu, Jan 21, 2010 at 3:35 PM, Brian Evans - Postfix List grkni...@scent-team.com wrote: Since you have 'smtpd_delay_reject = yes', it does not matter. All restrictions are processed during 'RCPT TO' time with this (default) setting. All information about client, helo, sender and recipient are available in those classes. I created the /etc/postfix/client_access file and added the IP to the file as formatted below: x.x.x.x REJECT I then ran the 'postmap' command against the file to generate the db. file. I entered it into 'smtpd_recipient_restrictions' in my 'main.cf' file and reloaded Postfix. I show the following in postconf -n: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, check_helo_access pcre:/etc/postfix/helo_checks.pcre, check_client_access hash:/etc/postfix/client_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net This was the correct suggested result from your initial suggestion, no? I am assuming the order in which I place the check in my 'smtpd_recipient_restictions' trigger does not make a difference, right?
Added a Check - Asking for a Review
Today I downloaded Ralph Hildebrandt's Postfix example and used his 'check_helo_access' example in my configuration. I have not 'reloaded' Postfix yet because I want to make sure that I did not add this in and cause any redundant checks or worse, break something. Can you guys please review my main.cf and tell me if I added this into the correct sections / order? Below is an output of my 'postconf -n' *START POSTCONF -N* address_verify_sender = $double_bounce_sender alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 2048 mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = iamghost.com myhostname = mail.iamghost.com mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix recipient_delimiter = + relay_domains = sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_security_level = may smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, check_helo_access pcre:/etc/postfix/helo_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, permit smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/mail.crt smtpd_tls_key_file = /etc/ssl/mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 *END POSTCONF -N* As you can see I added the 'check_helo_access' in my 'smtpd_recipient_restrictions'. I was wondering if this was the correct section in my main.cf for 'check_helo_access'? I thought this would go in the 'smtpd_helo_restrictions' in my main.cf however I just read in The Book of Postfix that this trigger applies to the envelope recipient(s), sender, the HELO/EHLO argument. To me that makes it sound like all checks should be listed under 'smtpd_recipient_restrictions', no? Let me know what you think from my Postfconf -n above and if it's not too much trouble, if anyone can comment on my thoughts on why this particular trigger is listed under the sections discussed in this paragraph. Thanks for any clarification.
Re: Added a Check - Asking for a Review
On Wed, Jan 20, 2010 at 10:20 AM, Ralf Hildebrandt ralf.hildebra...@charite.de wrote: why not use soft_bounce = yes :) ? I have never used it before. That sounds like a good idea. check_helo_access pcre:/etc/postfix/helo_checks.pcre, And what is the content of the file? [r...@mail postfix]# cat helo_checks.pcre /^localhost$/ 550 Don't use my own domain (localhost)! /^iamghost.\com$/ 550 Don't use my own domain! /^64\.95\.64\.198$/ 550 Your spam was rejected because you're forging my IP. /^\[64\.95\.64\.198\]$/ 550 Your spam was rejected because you're forging my IP. /^mail\.iamghost.\com$/ 550 Don't use my own hostname! /^[0-9.-]+$/550 Your software is not RFC 2821 compliant: EHLO/HELO must be a domain or an address-literal (IP enclosed in []) - not a naked IP. Beyond this file, does my main.cf file look correct to you?
Re: Added a Check - Asking for a Review
On Wed, Jan 20, 2010 at 10:34 AM, Ralf Hildebrandt ralf.hildebra...@charite.de wrote: I would merge: smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, check_helo_access pcre:/etc/postfix/helo_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net into: Thank you very much for your merge suggestion. I am reading your book right now (page 70-72) and trying to understand the concept are the merge suggestion. Would you mind explaining what benefit / performance is attributed by merging all? Are you suggestion I leave 'smtpd_helo_restrictions =' blank on my main.cf or should I omit that completely since there are no variables for this trigger? Thank you so much for your time and assistance!
Re: TLS Configuration on Postfix
On Mon, Dec 21, 2009 at 12:05 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: Yes, sorry, the rest of OP's message was about smtpd(8), failed to notice this was smtp(8). Yes: smtp_tls_security_level = may So are you suggestion in my current 'main.cf' I need to change the parameter from smtpd_tls_security_level = may to smtp_tls_security_level = may? I got my config from the following URL Wiki / Howto: http://wiki.centos.org/HowTos/postfix_sasl#head-50a7952d755088f3f88df33cdf814800bc42835a It shows the parameter as smtpd_tls_security_level = may. Is this wrong according to you guys on the list?
TLS Configuration on Postfix
I have TLS / SASL working on my email server. My question is in my main.cf on Postfix, I have the following parameter for TLS: smtpd_tls_security_level = may In my VIM editor, every parameter except the one listed above is in color. The above parameter is just in white. I assumed that this was because the parameter was not being properly recognized via Postfix. I removed it and broke Postfix so I then knew this parameter was significant and being utilized via my Postfix server: [r...@mail ~]# postconf | grep smtpd_tls_security_level smtpd_tls_security_level = may My question is why is it not in color like all the other Postfix parameters in VIM? And lastly, do I need this parameter in my main.cf: smtp_use_tls = yes or is the above the old parameter that is no longer used via Postfix 2.3+? I am thinking the later is a redundant entry for the first parameter I listed above. Below is my Postconf -n: [r...@mail ~]# postconf -n address_verify_sender = $double_bounce_sender alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 2048 mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = mydomain.tld myhostname = mail.mydomain.tld mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_delimiter = + relay_domains = sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_use_tls = yes smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, permit smtpd_tls_CAfile = /path/to/my/intermediate.crt smtpd_tls_auth_only = yes smtpd_tls_cert_file = /path/to/.crt smtpd_tls_key_file = /path/to/.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550
Force Delivery Failure
I notice from time to time by checking my mail queue that messages get stuck there because users send to an invalid or non existing domain. My Postfix server attempts to hold the message in queue for later delivery assuming the remote server could be experiencing issues right his moment. My question is can I simply run a command to force a delivery failure rather than issuing the 'postsuper -d queue_id'? If I run the 'postsuper' command, the message is simply deleted from the queue and vanishes never to be heard from again. I want to force Postfix to return the message with a delivery failure to the sender. Is this possible? I searched man postsuper Google and could not find anything I was looking for. Thanks!
Re: Force Delivery Failure
On Fri, Dec 18, 2009 at 5:41 PM, Noel Jones njo...@megan.vbhcs.org wrote: postconf -d shows built-in defaults, not the settings currently used. For current settings, use postconf. Woops. These are temporary errors that postfix rightfully keeps in the queue. A computer can't tell the difference between a temporary error that is likely to continue forever and a real temporary error. [didn't I just answer this question from another poster a few minutes ago??] I don't remember asking this before but I am usually wrong. Your choices are to just ignore it and let the mail be returned when $max_queue_lifetime is reached, or you can help postfix out by adding a transport_maps entry for the offending domain. Something like: # main.cf transport_maps = hash:/etc/postfix/transport # transport # these are some I commonly see; yours may be different hotmial.com error:5.1.2 hotmail.com not hotmial.com hotmai.com error:5.1.2 hotmail.com not hotmai.com aoil.com error:5.1.2 try aol.com instead gmial.com error:5.1.2 try gmail.com instead comcaste.net error:5.1.2 try comcast.net instead comcat.net error:5.1.2 try comcast.net instead comcost.com error:5.1.2 try comcast.net instead comcst.net error:5.1.2 try comcast.net instead c0mcast.net error:5.1.2 try comcast.net instead cherter.net error:5.1.2 try charter.net instead Very helpful!
Re: Should Anyone Be Able To Send Telnet Email
On Fri, Dec 4, 2009 at 2:16 PM, Martijn de Munnik mart...@youngguns.nl wrote: If sending e-mail via telnet without a username/password is possible it is also possible with a client. OK so from that note I gather something with my config is not secure or wide open. Is this is a Postfix issue or something 'off-topic'?
Re: Should Anyone Be Able To Send Telnet Email
On Fri, Dec 4, 2009 at 2:22 PM, Matt Hayes domin...@slackadelic.com wrote: The question is, are you trying to 'relay' through the server or sending to a domain that the server hosts? -Matt I don't know how to answer this. The Postfix server is on the same network as the clients connecting to it. The clients simply connect to the server on the same subnet / domain. It just seems that anyone can log in as anybody and send mail on their behalf. This appears bad to me...
What Is Causing This Failure
I am getting a report from someone on my network that they are getting delivery failures when attempting to send an email from my Postfix server to the remote mail server. I see the message stuck on my Postfix servers queue: CB87E778055 1337 Mon Nov 30 08:59:15 tprem...@iamghost.com (connect to a.mx.premore.net[198.186.193.20]: No route to host) b...@premore.net I am guessing that this is a problem with the remote mail server 'a.mx.premore.net' since my server is sending and receiving email just fine to every other destination. I then decided to do a MX lookup for this domain premore.net see if there is anything wrong: ;; QUESTION SECTION: ;premore.net. IN MX ;; ANSWER SECTION: premore.net.3093IN MX 0 a.mx.premore.net. ;; ADDITIONAL SECTION: a.mx.premore.net. 3093IN A 198.186.193.20 However my mail server wont send to this destination address and I have no idea why. Can someone tell me how I can better examine this situation to understand where the fault lies. Thank you!
Re: What Is Causing This Failure
On Tue, Dec 1, 2009 at 10:10 AM, Ralf Hildebrandt ralf.hildebra...@charite.de wrote: Works OK. What does tracroute 198.186.193.20 return? # traceroute 198.186.193.20 traceroute to 198.186.193.20 (198.186.193.20), 30 hops max, 60 byte packets ... snip ... 4 zr-pot1-te0-0-0-3.x-win.dfn.de (188.1.144.30) 5.288 ms 5.290 ms 5.281 ms 5 cr02.frf02.pccwbtn.net (80.81.192.50) 18.030 ms 18.027 ms 18.132 ms 6 carpathia.ge12-1.br02.ash01.pccwbtn.net (63.218.94.166) 109.111 ms 106.313 ms 106.528 ms 7 xe-3-3.e4.iad1.cirn.net (209.222.130.29) 105.968 ms 106.036 ms 106.044 ms 8 66.117.37.180 (66.117.37.180) 101.005 ms 100.773 ms 101.520 ms 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 dns5.docforge.org (198.186.193.20) 4.241 ms 1.685 ms 0.271 ms I am unable to connect via Telnet so it appears to be a network / ISP issue. car...@tunafish:~$ telnet 198.186.193.20 25 Trying 198.186.193.20... telnet: Unable to connect to remote host: No route to host
Re: What Is Causing This Failure
On Tue, Dec 1, 2009 at 10:43 AM, Ralf Hildebrandt ralf.hildebra...@charite.de wrote: What is the output of traceroute 198.186.193.20 ? I get no results from my mail server: traceroute to 198.186.193.20 (198.186.193.20), 30 hops max, 40 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * . . . 29 * * * 30 * * * Strange...
Re: What Is Causing This Failure
On Tue, Dec 1, 2009 at 11:42 AM, Terry L. Inzauro tinza...@ha-solutions.net wrote: why all the off topic posts today? I suspected this to be Postfix or Mail related so I posted here. It was determined with the help of the list it was not a MTA issue. Simple as that! Sorry for any inconvenience.
Re: Spam Attack on Postmaster
On Thu, Sep 24, 2009 at 11:05 AM, Noel Jones njo...@megan.vbhcs.org wrote: Some older versions of postfix give special treatment to the postmaster address. To disable this special treatment, add # main.cf address_verify_sender = $double_bounce_sender So when you note older I am going to assume 2.3.x qualifies, right? Basically I should simply add the following anywhere in my 'main.cf' config file, right? *address_verify_sender = $double_bounce_sender*
Upgrade From 2.3 to 2.6
I am getting ready to remove my Postfix installation of 2.3 which is the latest version RHEL / CentOS have to offer for stability reasons in place for the 2.6.5-1 RPM I downloaded from Simon. I have Postgrey, Amavisd-new, Dovecot, and ClamAV all integrated or interacting with the Postfix 2.3 MTA package. I backed up my entire /etc/postfix directory and /etc/aliases* file from the server. Do you guys know if I should be fine or know of anything I should be careful with before I set ahead with removing the 2.3 RHEL package and install the 2.6 RPM I downloaded from Simon? Just trying to get some expert advise of what I should be aware of before I blindly remove the package maintainers version of Postfix and install the latest and greatest version. According to Redhat, I am obviously on my own for support on this package if something breaks. Thanks for any support and or information before I perform this upgrade!
Rejecting Reverse Hostname in Logs
I have someone telling me that they can't send email to my mail server. I checked the logs and it appears that Postfix is not happy with the way their client or server is sending the message to me. I want to understand what is causing this. I would like to know if anyone can please help me understand what is at fault here. I am guessing that this is being caused by: smtpd_sender_restrictions = reject_unknown_reverse_client_hostname Can someone please help me understand? Should I have the noted above restriction in my main.cf or is this being too restrictive? Is that even the correct parameter that is causing the delivery failure? I removed the senders user name and my recipients full email address for privacy. Sep 22 18:11:55 mail postfix/smtpd[6052]: NOQUEUE: reject: RCPT from unknown[204.117.196.2]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [204.117.196.2]; from=***...@pmcatt-ppss.com to=**...@***.com proto=ESMTP helo=mail.pmcatt-ppss.com **Postconf -n* alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = iamghost.com myhostname = mail.iamghost.com mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_delimiter = + relay_domains = sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, permit smtpd_tls_CAfile = /etc/ssl/intermediate.crt smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/mail.crt smtpd_tls_key_file = /etc/ssl/mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550
Re: Rejecting Reverse Hostname in Logs
On Thu, Sep 24, 2009 at 9:16 AM, Martijn de Munnik mart...@youngguns.nl wrote: I think this is not too restrictive and the sending mailserver should fix their rdns, YMMV. We use a policy server (policyd-weight) which gives scores for things like no rdns, dailup ip, ip in dnsbl etc. So the problem then is that the servers reverse DNS is not resolving to their sending IP, correct? When I do a RDNS on the server, I get the following: 204.117.196.2 resolves to mail.pmcatt-ppss.com Top Level Domain: pmcatt-ppss.com Is that not correct? I am still confused as to trying to simply understand why the message was rejected.
Spam Attack on Postmaster
I have a Postfix server running with also Postgrey enabled. It seems to work great however in the last week I have noticed a huge increase in spam mail that is sent to postmas...@... I am configured on the mail server to get all mail destined for Postmaster and it appears that everyone and their mother is spamming my postmaster account. I don't know if the message filters and greylisting I have configured on the server are being applied to mail sent to postmaster because very obvious spam that my smtpd_*_restrictions under main.cf should be filtering and then if not, Postgrey should for sure be filtering them out! I am just trying to understand why this spam is getting through. I am posting my postconf -n below as well as some examples from my logs of messages sent to postmaster. Pretty much the only messages that are sent to that particular address are spam. alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = iamghost.com myhostname = mail.iamghost.com mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_delimiter = + relay_domains = sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, permit smtpd_tls_CAfile = /etc/ssl/intermediate.crt smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/mail.crt smtpd_tls_key_file = /etc/ssl/mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 **From my maillogs** [r...@mail ~]# cat /var/log/maillog | grep -i Sep 23 | grep -i 92.243.237.70 Sep 23 16:01:13 mail postfix/smtpd[31246]: connect from unknown[92.243.237.70] Sep 23 16:01:14 mail postfix/smtpd[31246]: 09E43779B26: client=unknown[92.243.237.70] Sep 23 16:01:15 mail postfix/smtpd[31246]: disconnect from unknown[92.243.237.70] Sep 23 16:01:21 mail amavis[29716]: (29716-05) Passed SPAMMY, [92.243.237.70] [92.243.237.70] bethbeachheadcoff...@yesonpropk.org - postmas...@iamghost.com, Message-ID: 006201ca3c99$5f10f490$1d32dd...@org, mail_id: Yo1zL4wIGwB4, Hits: 6.995, size: 6091, queued_as: 944B7779B31, 5988 ms Trying to understand if these messages are routed simply because they're sent to postmaster or if it did pass all smtpd_*_restrictions and also pass greylisting parameters (which I find extremely unlikely). Can someone please help me understand why my postmaster account is getting slammed with spam?
Re: Spam Attack on Postmaster
On Thu, Sep 24, 2009 at 11:05 AM, Noel Jones njo...@megan.vbhcs.org wrote: Some older versions of postfix give special treatment to the postmaster address. To disable this special treatment, add # main.cf address_verify_sender = $double_bounce_sender I am guessing that 2.3 which the latest version for Redhat Linux is considered old, right? I will add that parameter in main.cf.
Re: 2.6 RPM
On Wed, Sep 16, 2009 at 2:24 PM, Gary Smith gary.sm...@holdstead.com wrote: Carlos, You might want to put together a build environment and roll your own. I tend to do this for a lot of software (as I need to application specific business required patches to several packages). In most cases, you can easily setup a chroot environment of some type, download the source RPM (instead binary), and then compile it. In many cases, when I need to go from 2.6.x up to the next version, I just download the new source file, edit my spec file for postfix, change the version number, run a single command to build it, wait about 4 minutes, then I have a package. (it's easier than it sounds once you've done it a few times). Gary - I have never done this before for any application so I would like to try this with you advice. Where do I start and is there a guide or step by step instructions I would take in order to create my own 2.6.5 RPM package? I am guessing I need to go to www.postfix.org and download the source code: http://mirrors.rootservices.net/postfix/official/postfix-2.6.5.tar.gz Is that the correct file I would need to build from or do I need a source rpm file?
2.6 RPM
I recall some months ago seeing a large discussion on someone taking their time and dedication on creating a pre-packaged RPM of 2.6.X. I was wondering if anyone has the latest RPM that I can download for my new RHEL 5 server. I am looking to use 2.6.5 from a packaged RPM however Redhat / CentOS only have 2.3 available from their mirrors. Sadly the DoD is requiring I utilize a current stable release for this project. Does anyone know if I can still download 2.6 (preferably 2.6.5) and from where? Thanks for any help at all! -Carlos
Email Not To or From My Domain Stuck in Queue
I am checking my mail queue and I have noticed that mail in my queue is stuck with the following error: AA83077925B 1508 Sun Jul 26 10:22:31 rheinl...@simulationinformation.com (host mx.dr1.us.army.mil[143.69.243.34] said: 451 #4.1.8 Domain of sender address rheinl...@simulationinformation.com does not resolve (in reply to MAIL FROM command)) james.to...@us.army.mil 4094D77921F 1520 Sun Jul 26 10:22:31 rheinl...@simulationinformation.com (host mx.dr1.us.army.mil[143.69.243.34] said: 451 #4.1.8 Domain of sender address rheinl...@simulationinformation.com does not resolve (in reply to MAIL FROM command)) br...@omitted_domain.com 2EF15779273 1503 Sun Jul 26 10:22:32 rheinl...@simulationinformation.com (host mx.ps1.us.army.mil[143.69.251.34] said: 451 #4.1.8 Domain of sender address rheinl...@simulationinformation.com does not resolve (in reply to MAIL FROM command)) tho...@omitted_domain.com 78BCE779279 1499 Sun Jul 26 10:22:31 rheinl...@simulationinformation.com (host mx.dr1.us.army.mil[143.69.243.34] said: 451 #4.1.8 Domain of sender address rheinl...@simulationinformation.com does not resolve (in reply to MAIL FROM command)) fr...@omitted_domain.com My domain is not the domain I omitted from the log entries and I checked /var/log/maillog to find the same error in my mail logs. I am concerned as to why my Postfix server is handling mail for the omitted domain. That domain is a .mil domain which has nothing to do with my Postfix server. ***Postconf -n*** [r...@mail ~]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = mail/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = iamghost.com myhostname = mail.iamghost.com mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix relay_domains = sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, permit smtpd_tls_CAfile = /etc/ssl/intermediate.crt smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/mail.crt smtpd_tls_key_file = /etc/ssl/mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 Can someone please help me understand why I am getting this several of the same entries showing up in my log entries? I don't think the sender is a spammer and this might be legitimate email but I can't understand why it's flowing through my SMTP server... - Carlos
Re: Email Not To or From My Domain Stuck in Queue
On Wed, Jul 29, 2009 at 2:56 PM, Brian Evans - Postfix Listgrkni...@scent-team.com wrote: The server mx.dr1.us.army.mil basically said: This seems bogus to us. We don't want it, but you're welcome to try again Thats understandable but I guess I am confused as to why mx.dr1.us.army.mil is telling my Postfix server. I don't think my SMTP server was the sender or the recipient as far as I can see. I am checking my logs. The queue ids are logged. Grep your logs for the IDs (AA83077925B in this case) to find out where it came in. I searched the logs and I see a bunch of entries as follows: Jul 29 12:44:31 mail postfix/smtp[5836]: AA83077925B: to=ja...@us.army.mil, relay=mx.ps1.us.army.mil[143.69.251.34]:25, delay=267720, delays=267715/0/3.9/0.91, dsn=4.0.0, status=deferred (host mx.ps1.us.army.mil[143.69.251.34] said: 451 #4.1.8 Domain of sender address rheinl...@simulationinformation.com does not resolve (in reply to MAIL FROM command)) Jul 29 14:07:46 mail postfix/qmgr[4088]: AA83077925B: from=rheinl...@simulationinformation.com, size=1508, nrcpt=1 (queue active) Jul 29 14:09:01 mail postfix/smtp[17268]: AA83077925B: host mx.us.army.mil[143.69.251.34] said: 451 #4.1.8 Domain of sender address rheinl...@simulationinformation.com does not resolve (in reply to MAIL FROM command) Jul 29 14:09:14 mail postfix/smtp[17268]: AA83077925B: to=ja...@us.army.mil, relay=mx.dr1.us.army.mil[143.69.243.34]:25, delay=272803, delays=272715/0/76/12, dsn=4.0.0, status=deferred (host mx.dr1.us.army.mil[143.69.243.34] said: 451 #4.1.8 Domain of sender address rheinl...@simulationinformation.com does not resolve (in reply to MAIL FROM command)) Nothing is clear or explains to me why my Postfix SMTP server is in the mix. This is very confusing to me...
Re: Email Not To or From My Domain Stuck in Queue
On Wed, Jul 29, 2009 at 3:15 PM, Terry Carmente...@cnysupport.com wrote: You're still missing the log entries where you accepted the message. I think this is it: Jul 26 10:22:31 mail postfix/smtpd[14344]: AA83077925B: client=localhost.localdomain[127.0.0.1] Jul 26 10:22:31 mail postfix/cleanup[14864]: AA83077925B: message-id=20090726142225.4a01e779...@mail.iamghost.com Jul 26 10:22:31 mail amavis[22548]: (22548-04-3) Passed CLEAN, MYNETS LOCAL [192.168.1.92] [192.168.1.92] rheinl...@simulationinformation.com - ja...@us.army.mil, Message-ID: 20090726142225.4a01e779...@mail.iamghost.com, mail_id: u4lCSmAqg2xD, Hits: -4.399, size: 1047, queued_as: AA83077925B, 276 ms Jul 26 10:22:31 mail postfix/qmgr[4088]: AA83077925B: from=rheinl...@simulationinformation.com, size=1508, nrcpt=1 (queue active) Jul 26 10:22:31 mail postfix/lmtp[14870]: 4A01E779261: to=ja...@us.army.mil, relay=127.0.0.1[127.0.0.1]:10024, conn_use=3, delay=6.5, delays=0.08/6.2/0.01/0.29, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=22548-04-3, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AA83077925B) Jul 26 10:22:33 mail postfix/smtp[14941]: AA83077925B: host mx.us.army.mil[143.69.251.34] said: 451 #4.1.8 Domain of sender address rheinl...@simulationinformation.com does not resolve (in reply to MAIL FROM command) After reviewing the logs above as Aaron and all indicated, it does make sense. I have a server 192.168.1.92 which is visible in the 3rd entry that relays mail for us.army.mil. That explains it. I don't think these are malicious entries and I don't know why the Army's mail server can't resolve that but I really don't care at this point. On Wed, Jul 29, 2009 at 2:59 PM, Aaron Wolfeaawo...@gmail.com wrote: Your configuration allows 'mynetworks' and sasl authenticated senders to send mail from/to anywhere. These are the likely sources of the messages in question. Your postfix logs will show you exactly where the message came from. -Aaron Yes. 192.168.0.0/16 is my mail server as well as the machine 192.168.1.92 which appears to be doing the relaying of mail for this incident. I think I have this correct unless anyone sees something I don't...
Re: Email Not To or From My Domain Stuck in Queue
On Wed, Jul 29, 2009 at 3:34 PM, Brian Evans - Postfix Listgrkni...@scent-team.com wrote: Carlos Williams wrote: Jul 26 10:22:31 mail postfix/lmtp[14870]: 4A01E779261: to=ja...@us.army.mil, relay=127.0.0.1[127.0.0.1]:10024, conn_use=3, delay=6.5, delays=0.08/6.2/0.01/0.29, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=22548-04-3, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AA83077925B) This is the key entry. Content filters will generate a second ID. The Pre-content_filter ID was 4A01E779261. I had no idea Amavisd-new generate a second ID. I searched and found everything I was looking for. Thanks so much!
Re: TLS / SASL Help
On Mon, Jul 20, 2009 at 1:25 PM, Noel Jonesnjo...@megan.vbhcs.org wrote: Details of a problem are not divulged to outsiders, so the transcript intentionally gives vague information. Something broken in your config. Check your logs, postfix probably tells you where to look further there. That makes sense why it's so vague. I checked my /var/log/maillog and can't find any notification for the error. you should add permit_sasl_authenticated just after permit_mynetworks in the above restrictions. You should add permit_sasl_authenticated just after permit_mynetworks in the above restrictions. I added permit_sasl_authenticated to all 3 checks in my main.cf file right after permit_mynetworks. - smtpd_helo_restrictions = - smtpd_recipient_restrictions = - smtpd_sender_restrictions = smtpd_tls_CAfile = /etc/ssl/intermediate.crt smtpd_tls_auth_only = yes smtpd_tls_cert_file = smtpd_tls_key_file = Not sure how postfix is supposed to do TLS without a certificate or key file. This looks like the problem. I omitted this from my postconf -n output but I do have a valid path to the certificates. smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 You can test TLS with # openssl s_client -connect ip.add.re.ss:port -starttls smtp after some TLS handshake garbage, you should get a 250 ... greeting from postfix. If it gets that far, TLS is working correctly. I tested TLS as you noted above and here was my results: (not good) [r...@mail ~]# openssl s_client -connect 127.0.0.1:25 -starttls smtp CONNECTED(0003) 22646:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:583: I removed all SASL / TLS configuration from main.cf and started from scratch again using the CentOS guide: http://wiki.centos.org/HowTos/postfix_sasl I appear to have SASL working fine since I test it as noted in the link above and I get what I expect to see. It's when I configure TLS on Postfix, I get the problems: I am re-posting my latest postconf -n output: postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = iamghost.com myhostname = mail.iamghost.com mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES relay_domains = sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname,permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks,permit_sasl_authenticated, reject_non_fqdn_sender,reject_unknown_sender_domain, reject_unknown_reverse_client_hostname,permit smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/mail.iamghost.com.crt smtpd_tls_key_file = /etc/ssl/mail.iamghost.com.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 So my Postfix server is still allowing me to send mail when I have my mail client use no secure authentication setting in Thunderbird when sending (SMTP) mail. I would think that the smtpd_tls_auth_only = yes setting would not allow me to send mail if I have no authentication configured unless I am just confused. Any thoughts? I am lost...
Re: TLS / SASL Help
On Tue, Jul 21, 2009 at 11:33 AM, Noel Jonesnjo...@megan.vbhcs.org wrote: Without logs it's much more difficult to diagnose the problem; with no obvious configuration errors we're reduced to guessing. Postfix logging is handled by your system's syslog program. Check your syslog.conf file to see where it stores mail logs. Sometimes errors are stored in a separate file. You really need the logs. I will check and see what I can find in my logs. My wild guess is that your certificates are somehow broken. The fix would be to start over and carefully follow: http://www.postfix.org/TLS_README.html#quick-start I don't think I mentioned this but I am using a Verisign SSL certificate. This is normally used by Apache web server but was told that Postfix can use the same SSL certificate. I used OpenSSL to generate a CSR on my mail server: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=contentid=AR198 Then I downloaded my private key issued from Verisign along with my public certificate on my mail server. I know that when my IMAP server (Dovecot) uses my SSL certificate for TLS it appears to be working great. The only thing I noted is that my Dovecot config file /etc/dovecot.conf file requires the SSL passphrase to properly access / use the SSL Verisign certificate. With out that passphrase, I don't think my MAU would properly have TLS working. I am guessing that in order for Postfix to use my SSL certificate, does it not also require the SSL certificate passphrase? How would I configure this with my MTA?
Re: TLS / SASL Help
On Tue, Jul 21, 2009 at 1:30 PM, Noel Jonesnjo...@megan.vbhcs.org wrote: Carlos Williams wrote: Ah, that's an important detail. Postfix does not support password-protected certificates. You can use openssl to remove the password. I forget the command offhand, but google knows. There is no security advantage between storing a password in a config file and storing a certificate with no password. Either way, security depends on the OS file access permissions. Sorry but I was under the impression that passphrases were standard on SSL certificates. I removed the passphrase and it works great! Thanks all!
TLS / SASL Help
I am unable to understand why I can't get TLS / SASL working on my Postfix server. I am using Postfix 2.3 (postfix-2.3.3-2.1.el5_2) on CentOS 5 x64. I followed the CentOS guide and enabled this in my main.cf dovecot.conf. When I telnet into my server, I see the following: [r...@mail /]# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 iamghost.com ESMTP EHLO iamghost.com 250-mail.iamghost.com 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host. Obviously I can see that 'STARTLS' is working from above but then when I try and send a message from Thunderbird, I get an error stating: Sending message failed: unable to connect to SMPT server mail.iamghost.com via STARTLS since it does not offer STARTLS in EHLO response I don't understand why it says this since I can clearly see it visible in the EHLO response. I then get an email from the mail server with the following: Transcript of session follows. Out: 220 mail.iamghost.com ESMTP In: EHLO [10.1.1.204] Out: 250-mail.iamghost.com Out: 250-PIPELINING Out: 250-SIZE 1024 Out: 250-VRFY Out: 250-ETRN Out: 250-STARTTLS Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250 DSN In: STARTTLS Out: 454 4.3.0 TLS not available due to local problem In: QUIT Out: 221 2.0.0 Bye I don't understand. Can someone please help me understand why this is not working? I did notice that when I enter the below TLS settings, 'smtpd_tls_security_level = may' is a difference color from all the other entries which usually means it can't read or determine that value. Perhaps my Postfix version is too old to use this config for TLS? I am pasting an output of 'postfconf -n' [r...@mail /]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = iamghost.com myhostname = mail.iamghost.com mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES relay_domains = sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname, permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,reject_unknown_sender_domain, reject_unknown_reverse_client_hostname,permit smtpd_tls_CAfile = /etc/ssl/intermediate.crt smtpd_tls_auth_only = yes smtpd_tls_cert_file = smtpd_tls_key_file = smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550
Question About Maildir Mailboxes
I am setting up a new server to run Maildir style in-boxes. In my main.cf, I added the following parameter: home_mailbox = Maildir/ The above seems to be working fine in my main.cf. It auto created the directory upon receiving the 1st email but I was also reading I need to add the following parameter: mailbox_command = It works with out this parameter but I don't know if this is something I should add for good measure or just ignore. The parameter value is empty but I know it could possible still be useful. Anyone?
Re: Question About Maildir Mailboxes
On Wed, Jul 8, 2009 at 1:48 PM, Victor Duchovnivictor.ducho...@morganstanley.com wrote: This is the default value. You don't need this, unless someone (perhaps an O/S distribution) supplied you with a main.cf file that overrides the default. Hmmm... I am using the Debian provided main.cf when I used apt-get to install their package version of Postfix. I can see that this is a default value in postconf -d but when I run postconf -n I don't see it listed. Does that mean my main.cf is not recognizing this parameter? [r...@mail ~]# postconf -d | grep -i mailbox_command mailbox_command = mailbox_command_maps = [r...@mail ~]# postconf -n | grep -i mailbox_command [r...@mail ~]# Does that mean I should add it based on the following * To use maildir format in your mailbox which creates separate files for each email you can use the following commands: * Maildir has few advantages over mbox format. (keeps emails in separate files, allows for multiple application to read mail, etc) * Issue these commands: postconf -e home_mailbox = Maildir/ postconf -e mailbox_command = ^ Quoted from: http://wiki.debian.org/Postfix#InstallingandConfiguringPostfixonDebian
Testing For Open Relay
I just finished a new Postfix 2.6 installation on a Debian server in a co-location and just wanted to make sure I am properly testing this machine is not a 'open relay' before I open it out to the public: I was told to go to the following URL http://www.abuse.net/relay.html and I entered my external IP address in the 1st line and nothing else. After 17 tests, I get the following at the bottom: Relay test result All tests performed, no relays accepted. Does this mean I am safe? I read somewhere that in my main.cf I should have the following entry: relay_domains = relay_domains: is a list of destination domains this system will relay mail to. By setting it to be blank we ensure that our mail server isn't acting as an open relay for untrusted networks. The reader is advised to test that their system isn't acting as an open relay here: http://www.abuse.net/relay.html; Now that being said, I don't have relay_domains entry in my main.cf however according to the site they recommend I test, I don't appear to be one. Do I need this entry in my main.cf or am I fine? Is there an other way to test for being an open relay or should I feel safe about this? *postconf -n* alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix content_filter = amavis:[127.0.0.1]:10024 home_mailbox = mail/ inet_interfaces = all mailbox_size_limit = 0 message_size_limit = 10485760 mydestination = $config_directory/mydestination mydomain = omgwtf.com myhostname = mx.omgwtf.com mynetworks = $config_directory/mynetworks myorigin = omgwtf.com readme_directory = no receive_override_options = no_address_mappings recipient_delimiter = + smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP smtpd_use_tls = no
/var/mail
I notice that when I create a user in my Postfix server, I also create a file located in /var/spool/mail: [r...@mail mail]# ls -l total 0 -rw-rw 1 user1mail 0 Jun 8 11:35 user1 -rw-rw 1 user2mail 0 Jun 5 08:41 user2 -rw-rw 1 user3mail 0 Jun 9 10:00 user3 -rw-rw 1 user4mail 0 Jun 8 10:37 user4 -rw-rw 1 user5mail 0 May 21 15:15 user5 -rw-rw 1 user6mail 0 May 28 16:06 user6 -rw-rw 1 user7mail 0 May 21 15:20 user7 -rw-rw 1 user8mail 0 May 20 10:04 user8 I have Postfix running with /Maildir style mailboxes and all the users email gets stored in their /home directory so I am not sure why my Linux / Postfix system is generating these files. I normally don't mess with files in /var unless I know what I am doing which I obviously don't. Can someone tell me: 1 - Why this files are being generated 2 - Can I delete them 3 - How can I prevent future new users from having files generated in this directory All the files are blank / empty so it does not appear to be doing much from what I can see.
Re: Postfix-2.6.0 RPM
On Sun, May 24, 2009 at 9:07 AM, Simon J Muddsjm...@pobox.com wrote: sjm...@pobox.com (Simon J Mudd) writes: For those interested I've updated the packages and you should be able to find: postfix-2.6.0-1.src.rpm and postfix-2.6.0-1.rhel5.x86_64.rpm Updated to 2.6.1 as I hadn't seen Wietse's 2.6.1 update. Simon Simon, Thanks for your efforts and hard work. Is the 2.6.1 RPM download still available? I can't seem to find it unless I am looking under the wrong spot. - Carlos
Re: How is it: mynetworks = 127.0.0.0/8 yet local network users are able to send.
On Tue, Jun 2, 2009 at 10:55 AM, Sthu Pous sthu.p...@gmail.com wrote: Good day. Could You please, explain me how it is possible for the users from local net to send mail if we have in main.cf: mynetworks = 127.0.0.0/8 You want / need to also add the network parameter for which your local clients are on. For example my office IP's are as follows: 10.1.1.100 10.1.1.101 10.1.1.103 So for those three machines above to be able to send email using Postfix, I need add the following to '/etc/postfix/mynetworks': 127.0.0.0/8 10.1.0.0/16 Try that, reload Postfix and try and send email. Hope that helps. Also your logs should show some errors if not resolving.
Consistent Entry Stuck in Queue
Can someone please help me understand why I am seeing this entry over and over in my Postfix queue? Is this dangerous or does this mean I have been compromised? I am seeing this over and over in my queue even after I remove it with the postsuper -d command: 502E97782FC 4527 Thu May 21 16:48:04 MAILER-DAEMON (connect to returnmail35.gowenandco.com[206.212.244.102]: Connection timed out) info_1664177_5149789_gowenworks2-70.164.13.80_2009-5-21+tcampbell=server...@return.gowenandco.com E386E7782A9 4527 Wed May 20 23:35:36 MAILER-DAEMON (connect to returnmail35.manuelmedia.com[206.212.244.102]: Connection timed out) info_1661358_5149789_reinventyourlife-99.51.80.24_2009-5-20+tcampbell=server...@return.manuelmedia.com BCED77782A4 4534 Wed May 20 19:31:28 MAILER-DAEMON (connect to returnmail35.manuelmedia.com[206.212.244.102]: Connection timed out) info_1661389_5149789_reinventyourlife-99.51.80.12_2009-5-20+tcampbell=server...@return.manuelmedia.com I assume the sender is my Postfix server (MAILER-DAEMON) is trying to send email that address but have no idea why? I don't think my server is an open relay but I am adding the output of 'postfcon -n' below: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = server.us myhostname = mail.server.us mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES relay_domains = sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname, permit smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, check_policy_service unix:postgrey/socket, permit smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,reject_unknown_sender_domain,permit unknown_local_recipient_reject_code = 550
Re: Consistent Entry Stuck in Queue
On Thu, May 21, 2009 at 8:20 PM, Sahil Tandon sa...@tandon.net wrote: No need to be alarmist; search the logs for further enlightenment. I checked the logs and found the following when I search for the message ID: May 21 16:48:04 mail postfix/smtpd[22513]: 502E97782FC: client=localhost.localdomain[127.0.0.1] May 21 16:48:04 mail postfix/cleanup[22592]: 502E97782FC: message-id=ss6f+fdgn2u...@server.us May 21 16:48:04 mail postfix/qmgr[28965]: 502E97782FC: from=, size=4527, nrcpt=1 (queue active) May 21 16:50:04 mail postfix/smtp[23194]: 502E97782FC: to=info_1664177_5149789_gowenworks2-70.164.13.80_2009-5-21+tcampbell=server...@return.gowenandco.com, relay=none, delay=120, delays=0.05/0/120/0, dsn=4.4.1, status=deferred (connect to returnmail35.gowenandco.com[206.212.244.102]: Connection timed out) May 21 17:08:50 mail postfix/qmgr[28965]: 502E97782FC: from=, size=4527, nrcpt=1 (queue active) Then when I search returnmail35, I get the following: May 21 20:14:11 mail postfix/smtp[13883]: connect to returnmail35.gowenandco.com[206.212.244.102]: Connection timed out (port 25) May 21 20:14:11 mail postfix/smtp[13883]: 502E97782FC: to=info_1664177_5149789_gowenworks2-70.164.13.80_2009-5-21+tcampbell=server...@return.gowenandco.com, relay=none, delay=12367, delays=12246/0.01/122/0, dsn=4.4.1, status=deferred (connect to returnmail35.gowenandco.com[206.212.244.102]: Connection timed out) I see it in my /var/log/maillog however I don't understand it. What is causing this or what is it doing? I guess I don't understand what is taking place here or what is happening in order to know if I should be alarmed.
Re: Webmail
On Tue, May 19, 2009 at 11:25 AM, Just E. Mail justem...@imwell-usa.com wrote: I am posting this message here because I want Postfix uses to suggest a webmail application best suited with Postfix. This question has been asked and answered several times but since LINUX is changing so fast, I am asking again. System: CentOS 5.3, NSF-1.3.23, PostgreSQL-8.3.7, Postfix-2.3.3, Dovecot-1.0.7,... Now I like to install a webmail program. I have looked in SqirrelMail and it looks promising. However, I like to know if there is another webmail application I should also look into? Please note, that eventually, I will be using PostgreSQL backend to store emails, if that makes any difference. I just moved from Squirellmail to Roundcube and I love it!
Re: Webmail
On Tue, May 19, 2009 at 1:50 PM, Just E. Mail justem...@imwell-usa.com wrote: Thank you all. I am going with roundcube: http://www.roundcube.net It's really eacy to install. Main thing is making sure you have PHP 5.2+ installed on Apache and also configuring your MySQL database which is super easy if you follow the wiki. I did this on RHEL / CentOS and it worked great! If you need any more assistance, please let me know. There are a few things I wish I had known before it went live that I know now. I don't know your environment so if you need more info, please let me know! PS - They had a great forums but its down now for some reason. Their support forums is re-directed to some crazy Pokemon type page...
Re: Postfix-2.6.0 RPM
I'll see if I can make some time to build some 2.6 rpms, but am likely to respond more if there are people who show an interest in these rpms I build. I too am interested and would like to try it. I have never used anything beyond the vendor supplied version of Postfix but am tired of waiting for Red Hat to get their packages updated. Running v2.3 is way too old for my needs. I appreciate your time and help! Wish I had the know-how on how to create them since I have the time... - Carlos
Re: Following CentOS Postfix Config Guide
Guys - After implementing the main.cf on my Postfix server, I noticed a increase in spam from before I modified my main.cf. Do you guys know what could be causing this based on the changes I made to main.cf below? ***OLD*** myhostname = mail.ideorlando.org alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = ideorlando.org mydestination = $myhostname, $mydomain, mail.$mydomain mynetworks = $config_directory/mynetworks mailbox_size_limit = 0 message_size_limit = 2048 recipient_delimiter = + inet_interfaces = all proxy_interfaces = 216.242.104.130 home_mailbox = Maildir/ mime_header_checks = regexp:/etc/postfix/mime_header_checks content_filter=smtp-amavis:[127.0.0.1]:10024 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_unlisted_sender, reject_invalid_hostname, reject_non_fqdn_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client safe.dnsbl.sorbs.net, reject_invalid_hostname, reject_non_fqdn_hostname ***NEW*** mail:~# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 home_mailbox = Maildir/ inet_interfaces = all mailbox_size_limit = 0 message_size_limit = 2048 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = $myhostname, $mydomain, mail.$mydomain myhostname = mail.iamunix.org mynetworks = $config_directory/mynetworks myorigin = iamunix.org readme_directory = no recipient_delimiter = + smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient,reject_unknown_recipient_domain, permit_mynetworks,reject_unauth_destination,reject_rbl_client zen.spamhaus.org,reject_rbl_client bl.spamcop.net smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,reject_unknown_sender_domain smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes I know you prefer a postconf -n read out of the old but it's hard to implement the change in production.
Re: Following CentOS Postfix Config Guide
Sorry - the hostname parameter was not blank on my initial config, I just omitted it from the email when I pasted my postconf -n. I guess I should have specified that before. I removed the trailing 'permits' from the 'smtpd_*_restrictions' as shown below. Also removed blank entries like 'relayhosts'. I removed 'default' values from cluttering my config. Do you guys see any other issues with the read out or problems with my modifications I made? mail:~# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 home_mailbox =mail/ inet_interfaces = all mailbox_size_limit = 0 message_size_limit = 2048 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = $myhostname, $mydomain, mail.$mydomain myhostname = mail.iamunix.org mynetworks = $config_directory/mynetworks myorigin = iamunix.org readme_directory = no recipient_delimiter = + smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient,reject_unknown_recipient_domain, permit_mynetworks,reject_unauth_destination,reject_rbl_client zen.spamhaus.org,reject_rbl_client bl.spamcop.net smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,reject_unknown_sender_domain smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes
Following CentOS Postfix Config Guide
I just installed CentOS Wiki guide for installing configuring Postfix restrictions was wondering what you guys thought based on what I have listed below. I just set this machine up and appears to be working great but I trust you guys since you've been doing this for a lot longer than I have: http://wiki.centos.org/HowTos/postfix_restrictions Above is the Wiki link I followed and below is a output of my postconf -n *** mail:/etc/postfix# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 home_mailbox = Maildir/ inet_interfaces = all mailbox_size_limit = 0 message_size_limit = 2048 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = $myhostname, $mydomain, mail.$mydomain myhostname = mynetworks = $config_directory/mynetworks readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname, permit smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient,reject_unknown_recipient_domain, permit_mynetworks,reject_unauth_destination,reject_rbl_client zen.spamhaus.org,reject_rbl_client bl.spamcop.net, check_policy_service unix:postgrey/socket,permit smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,reject_unknown_sender_domain,permit smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache ***
Recommendation For Postfix Mailboxes
I am starting a new mail server for the company (CentOS 5.3 + Postfix) and was wondering what the best recommendation for user mailboxes are? I was once told by someone here that we should create a MySQL database / user structure on the mail server so each user is virtual or listed in MySQL rather than an actual user on the server itself and having their own home directory. I have always used the useradd command in Linux to create a new Postfix home directory for a user and it really has been fine for me since I am not that experienced with Postfix but would like to know if it is preferred to do a MySQL user base, then perhaps learn how something like that is possible. I don't want to obviously if it is so complex to the point it frustrates me and there is no real basic advantage. Right now I guess I could say having Maildir/ style home directories has worked this long so why bother changing but sometimes ignorance is bliss... Thanks for any help - advice - recommendations and if anyone knows of a company who supports RHEL / CentOS + Postfix, I would be interested to hear.
Re: Recommendation For Postfix Mailboxes
Thanks all. I think with less than 300 users security not being a huge deal since I set everyone's shell to /sbin/nologin.
Spam Filters Not Catching Repeating Offenders?
I noticed I keep getting the same spam message delivered to a building wide distribution via Postfix and I can't understand why the following are not catching it every time? Here is the message: Return-Path: teem...@iqnetsys.net X-Original-To: every...@ Delivered-To: cwilli...@ Received: by mail. (Postfix) id B71C61FA4DA3; Mon, 30 Mar 2009 10:33:01 -0400 (EDT) Delivered-To: every...@ Received: from localhost (localhost [127.0.0.1]) by mail. (Postfix) with ESMTP id A94B31FA4DA0 for every...@; Mon, 30 Mar 2009 10:33:01 -0400 (EDT) X-Virus-Scanned: GNU/Linux Amavisd-new at X-Spam-Flag: YES X-Spam-Score: 16.926 X-Spam-Level: X-Spam-Status: Yes, score=16.926 tagged_above=-5 required=4 tests=[BAYES_50=0.001, DNS_FROM_RFC_BOGUSMX=1.482, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, RCVD_NUMERIC_HELO=2.067, RDNS_NONE=0.1, STOX_REPLY_TYPE=0.001, TVD_RCVD_IP=1.931, URIBL_BLACK=1.955, URIBL_JP_SURBL=1.501] Now in my main.cf, I have the following: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_unlisted_sender, reject_invalid_hostname, reject_non_fqdn_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client safe.dnsbl.sorbs.net, reject_invalid_hostname, reject_non_fqdn_hostname I don't know if I have this configured wrong but if the above is correct, should zen.spamhaus.org not be catching this as it does everything else? Mar 30 10:45:46 mail postfix/smtpd[16825]: NOQUEUE: reject: RCPT from unknown[189.71.167.149]: 554 5.7.1 Service unavailable; Client host [189.71.167.149] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=189.71.167.149; from=aleksash...@mail.ru to=w...@ideorlando.org proto=ESMTP helo=[189.71.167.149] Mar 30 10:45:55 mail postfix/smtpd[15486]: NOQUEUE: reject: RCPT from unknown[83.69.139.6]: 554 5.7.1 Service unavailable; Client host [83.69.139.6] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=83.69.139.6; from=kfnu...@blsarchitects.com to=bnor...@ proto=ESMTP helo=[83.69.139.6]
Re: Spam Filters Not Catching Repeating Offenders?
On Mon, Mar 30, 2009 at 11:07 AM, Terry Carmen te...@cnysupport.com wrote: You'll need to post log entries showing the message being accepted. The two you posted were both rejected. Terry Sorry. Does this help? It was basically everything I found in my log. mail:~# cat /var/log/mail.log | grep -i teem...@iqnetsys.net Mar 30 10:32:53 mail postfix/qmgr[2680]: 910AA1FA4D9E: from=teem...@iqnetsys.net, size=1292, nrcpt=1 (queue active) Mar 30 10:32:53 mail amavis[15415]: (15415-10) ESMTP::10024 /var/lib/amavis/tmp/amavis-20090330T103029-15415: teem...@iqnetsys.net - every...@mail:~# cat /var/log/mail.log | grep teem...@iqnetsys.net Mar 30 10:32:53 mail postfix/qmgr[2680]: 910AA1FA4D9E: from=teem...@iqnetsys.net, size=1292, nrcpt=1 (queue active) Mar 30 10:32:53 mail amavis[15415]: (15415-10) ESMTP::10024 /var/lib/amavis/tmp/amavis-20090330T103029-15415: teem...@iqnetsys.net - every...@ SIZE=1292 Received: from mail. ([127.0.0.1]) by localhost (mail.[127.0.0.1]) (amavisd-new, port 10024) with ESMTP for every...@; Mon, 30 Mar 2009 10:32:53 -0400 (EDT) Mar 30 10:32:53 mail amavis[15415]: (15415-10) Checking: x9wUuMu35-4A [59.165.5.205] teem...@iqnetsys.net - every...@ Mar 30 10:33:01 mail amavis[15415]: (15415-10) SPAM-TAG, teem...@iqnetsys.net - every...@, Yes, score=16.926 tagged_above=-5 required=4 tests=[BAYES_50=0.001, DNS_FROM_RFC_BOGUSMX=1.482, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, RCVD_NUMERIC_HELO=2.067, RDNS_NONE=0.1, STOX_REPLY_TYPE=0.001, TVD_RCVD_IP=1.931, URIBL_BLACK=1.955, URIBL_JP_SURBL=1.501] Mar 30 10:33:01 mail postfix/qmgr[2680]: A94B31FA4DA0: from=teem...@iqnetsys.net, size=2140, nrcpt=1 (queue active) Mar 30 10:33:01 mail amavis[15415]: (15415-10) FWD via SMTP: teem...@iqnetsys.net - every...@, 250 2.6.0 Ok, id=15415-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as A94B31FA4DA0 Mar 30 10:33:01 mail amavis[15415]: (15415-10) Passed SPAMMY, [59.165.5.205] [59.165.5.205] teem...@iqnetsys.net - every...@, Message-ID: 01c9b172$81de7e00$cd05a...@teemigh, mail_id: x9wUuMu35-4A, Hits: 16.926, queued_as: A94B31FA4DA0, 8288 ms Mar 30 10:33:01 mail postfix/qmgr[2680]: B71C61FA4DA3: from=teem...@iqnetsys.net, size=2280, nrcpt=277 (queue active) Mar 30 10:33:02 mail postfix/qmgr[2680]: 450B31FA4DA5: from=teem...@iqnetsys.net, size=2419, nrcpt=1 (queue active) Mar 30 10:33:02 mail postfix/qmgr[2680]: 482B11FA4DA6: from=teem...@iqnetsys.net, size=2417, nrcpt=1 (queue active) Mar 30 10:33:02 mail postfix/qmgr[2680]: 1E4761FA4D9E: from=teem...@iqnetsys.net, size=2423, nrcpt=1 (queue active) Mar 30 10:33:02 mail postfix/qmgr[2680]: 2678F1FA4DA0: from=teem...@iqnetsys.net, size=2420, nrcpt=1 (queue active) Mar 30 10:33:02 mail postfix/qmgr[2680]: 5FAF71FA4DA7: from=teem...@iqnetsys.net, size=2420, nrcpt=1 (queue active) Mar 30 10:33:04 mail postfix/qmgr[2680]: B8F861FA4DA8: from=teem...@iqnetsys.net, size=2419, nrcpt=1 (queue active) Mar 30 10:33:04 mail postfix/qmgr[2680]: BB9251FA4DA9: from=teem...@iqnetsys.net, size=2417, nrcpt=1 (queue active) Mar 30 10:33:04 mail postfix/qmgr[2680]: C36171FA4DAD: from=teem...@iqnetsys.net, size=2422, nrcpt=1 (queue active) Mar 30 10:33:04 mail postfix/qmgr[2680]: BFE351FA4DAB: from=teem...@iqnetsys.net, size=2420, nrcpt=1 (queue active) Mar 30 10:33:04 mail postfix/qmgr[2680]: C51DB1FA4DAE: from=teem...@iqnetsys.net, size=2420, nrcpt=1 (queue active) Mar 30 10:33:04 mail postfix/qmgr[2680]: C05551FA4DAC: from=teem...@iqnetsys.net, size=2419, nrcpt=1 (queue active) Mar 30 10:33:04 mail postfix/qmgr[2680]: BBD4E1FA4DAA: from=teem...@iqnetsys.net, size=2419, nrcpt=1 (queue active) Mar 30 10:33:05 mail postfix/qmgr[2680]: D5B8B1FA4DA0: from=teem...@iqnetsys.net, size=2421, nrcpt=1 (queue active) Mar 30 10:33:07 mail postfix/qmgr[2680]: 260571FA4DB0: from=teem...@iqnetsys.net, size=2421, nrcpt=1 (queue active) Mar 30 10:33:07 mail postfix/qmgr[2680]: 1DFD71FA4DA6: from=teem...@iqnetsys.net, size=2415, nrcpt=1 (queue active) Mar 30 10:33:07 mail postfix/qmgr[2680]: 1FDA81FA4DA7: from=teem...@iqnetsys.net, size=2418, nrcpt=1 (queue active) Mar 30 10:33:07 mail postfix/qmgr[2680]: 24DC21FA4DAF: from=teem...@iqnetsys.net, size=2418, nrcpt=1 (queue active) Mar 30 10:33:07 mail postfix/qmgr[2680]: 20D6B1FA4DA8: from=teem...@iqnetsys.net, size=2420, nrcpt=1 (queue active) Mar 30 10:33:07 mail postfix/qmgr[2680]: 1DFAE1FA4DA5: from=teem...@iqnetsys.net, size=2417, nrcpt=1 (queue active) Mar 30 10:33:11 mail postfix/smtp[15406]: D99831FA4DA0: to=teem...@iqnetsys.net, relay=mail.iqnetsys.net[71.240.223.238]:25, delay=3.2, delays=2/0/0.34/0.85, dsn=5.1.1, status=bounced (host mail.iqnetsys.net[71.240.223.238] said: 550 5.1.1 teem...@iqnetsys.net is not a valid mailbox (in reply to RCPT TO command))
Re: Spam Filters Not Catching Repeating Offenders?
On Mon, Mar 30, 2009 at 11:59 AM, Noel Jones njo...@megan.vbhcs.org wrote: To search the log, use the QUEUEID reported in the first Received: header added by your system. Note Received headers are read bottom to top, so the first one is the lowest one with your server name. Sorry all. Let me start with posting the output of 'postconf -n' mail:~# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 home_mailbox = mail/ inet_interfaces = all mailbox_size_limit = 0 message_size_limit = 2048 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = $myhostname, $mydomain, mail.$mydomain myhostname = mail.ideorlando.org mynetworks = $config_directory/mynetworks myorigin = ideorlando.org readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination, reject_non_fqdn_sender,reject_non_fqdn_recipient, reject_unlisted_recipient,reject_unlisted_sender, reject_invalid_hostname,reject_non_fqdn_hostname, reject_rbl_client zen.spamhaus.org,reject_rbl_client bl.spamcop.net,reject_rbl_client safe.dnsbl.sorbs.net, reject_invalid_hostname,reject_non_fqdn_hostname smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes Now I am searching for that QUEUEID and maybe I am doing this wrong... mail:~# less /var/log/mail.log | grep B71C61FA4DA3 Mar 30 10:33:01 mail postfix/cleanup[15401]: B71C61FA4DA3: message-id=01c9b172$81de7e00$cd05a...@teemigh Mar 30 10:33:01 mail postfix/local[15394]: A94B31FA4DA0: to=every...@ideorlando.org, relay=local, delay=0.21, delays=0.06/0/0/0.16, dsn=2.0.0, status=sent (forwarded as B71C61FA4DA3) Mar 30 10:33:01 mail postfix/qmgr[2680]: B71C61FA4DA3: from=teem...@iqnetsys.net, size=2280, nrcpt=277 (queue active) Mar 30 10:33:02 mail postfix/local[15394]: B71C61FA4DA3: to=iush...@ideorlando.org, orig_to=every...@ideorlando.org, relay=local, delay=0.32, delays=0.15/0.02/0/0.14, dsn=2.0.0, status=sent (delivered to maildir) Mar 30 10:33:02 mail postfix/local[15179]: B71C61FA4DA3: to=f...@ideorlando.org, orig_to=every...@ideorlando.org, relay=local, delay=0.32, delays=0.15/0.02/0/0.14, dsn=2.0.0, status=sent (delivered to maildir) Mar 30 10:33:02 mail postfix/local[14759]: B71C61FA4DA3: to=g...@ideorlando.org, orig_to=every...@ideorlando.org, relay=local, delay=0.32, delays=0.15/0.02/0/0.14, dsn=2.0.0, status=sent (delivered to maildir) Mar 30 10:33:02 mail postfix/local[15777]: B71C61FA4DA3: to=h...@ideorlando.org, orig_to=every...@ideorlando.org, relay=local, delay=0.32, delays=0.15/0.03/0/0.13, dsn=2.0.0, status=sent (delivered to maildir) Mar 30 10:33:02 mail postfix/local[15776]: B71C61FA4DA3: to=jyr...@ideorlando.org, orig_to=every...@ideorlando.org, relay=local, delay=0.32, delays=0.15/0.03/0/0.13, dsn=2.0.0, status=sent (delivered to maildir) The list keeps going on and on...Am I searching for this wrong? I don't understand why I don't see the connect from section in my logs...
Re: Spam Filters Not Catching Repeating Offenders?
On Mon, Mar 30, 2009 at 2:32 PM, Noel Jones njo...@megan.vbhcs.org wrote: It appears the QUEUEID you want to look for is A94B31FA4DA0. That should be listed in the first (reading up from the bottom) Received header in the message. I searched and found what is listed below. Are you saying that reads from bottom to top? Is this even what I am looking for to help understand my issue? mail:~# grep A94B31FA4DA0 /var/log/mail.log Mar 30 10:33:01 mail postfix/smtpd[15411]: A94B31FA4DA0: client=localhost[127.0.0.1] Mar 30 10:33:01 mail postfix/cleanup[14524]: A94B31FA4DA0: message-id=01c9b172$81de7e00$cd05a...@teemigh Mar 30 10:33:01 mail postfix/qmgr[2680]: A94B31FA4DA0: from=teem...@iqnetsys.net, size=2140, nrcpt=1 (queue active) Mar 30 10:33:01 mail amavis[15415]: (15415-10) FWD via SMTP: teem...@iqnetsys.net - every...@ideorlando.org, 250 2.6.0 Ok, id=15415-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as A94B31FA4DA0 Mar 30 10:33:01 mail amavis[15415]: (15415-10) Passed SPAMMY, [59.165.5.205] [59.165.5.205] teem...@iqnetsys.net - every...@ideorlando.org, Message-ID: 01c9b172$81de7e00$cd05a...@teemigh, mail_id: x9wUuMu35-4A, Hits: 16.926, queued_as: A94B31FA4DA0, 8288 ms Mar 30 10:33:01 mail postfix/smtp[15341]: 910AA1FA4D9E: to=every...@ideorlando.org, relay=127.0.0.1[127.0.0.1]:10024, delay=9.4, delays=1.1/0/0/8.3, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=15415-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as A94B31FA4DA0) Mar 30 10:33:01 mail postfix/local[15394]: A94B31FA4DA0: to=every...@ideorlando.org, relay=local, delay=0.21, delays=0.06/0/0/0.16, dsn=2.0.0, status=sent (forwarded as B71C61FA4DA3) Mar 30 10:33:01 mail postfix/qmgr[2680]: A94B31FA4DA0: removed BTW, consider restricting access to everyone or other easily-guessed list names using something similar to this example: http://www.postfix.org/RESTRICTION_CLASS_README.html#internal Well I am implementing Mailman on my server next week which does not permit non-subscribed addresses to pass through without approval. Obviously those would be denied. Should I still consider doing the mentioned above if I plan to implement Mailman on my Postfix server?
Re: Spam Filters Not Catching Repeating Offenders?
On Mon, Mar 30, 2009 at 2:47 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: Here we, go again, do please look at the Received headers of the message... Sorry - this is new to me so please bare with my confusion. I apologise again. Now the upstream (still your system) queue-id is 910AA1FA4D9E, perhaps this is the first point of entry, ar we can play this game again... mail:~# grep -i 910AA1FA4D9E /var/log/mail.log Mar 30 10:32:52 mail postfix/smtpd[14504]: 910AA1FA4D9E: client=unknown[59.165.5.205] Mar 30 10:32:53 mail postfix/cleanup[14471]: 910AA1FA4D9E: message-id=01c9b172$81de7e00$cd05a...@teemigh Mar 30 10:32:53 mail postfix/qmgr[2680]: 910AA1FA4D9E: from=teem...@iqnetsys.net, size=1292, nrcpt=1 (queue active) Mar 30 10:33:01 mail postfix/smtp[15341]: 910AA1FA4D9E: to=every...@ideorlando.org, relay=127.0.0.1[127.0.0.1]:10024, delay=9.4, delays=1.1/0/0/8.3, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=15415-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as A94B31FA4DA0) Mar 30 10:33:01 mail postfix/qmgr[2680]: 910AA1FA4D9E: removed
Re: Spam Filters Not Catching Repeating Offenders?
On Mon, Mar 30, 2009 at 3:01 PM, Noel Jones njo...@megan.vbhcs.org wrote: Can you post the full unaltered headers of the message? Change the username part of mail addresses to protect privacy. Noel, I am guessing I just post the headers from the message as I see it with the exception of the username for privacy, correct? Return-Path: teem...@iqnetsys.net X-Original-To: every...@ideorlando.org Delivered-To: use...@ideorlando.org Received: by mail.ideorlando.org (Postfix) id B71C61FA4DA3; Mon, 30 Mar 2009 10:33:01 -0400 (EDT) Delivered-To: every...@ideorlando.org Received: from localhost (localhost [127.0.0.1]) by mail.ideorlando.org (Postfix) with ESMTP id A94B31FA4DA0 for every...@ideorlando.org; Mon, 30 Mar 2009 10:33:01 -0400 (EDT) X-Virus-Scanned: Debian amavisd-new at ideorlando.org X-Spam-Flag: YES X-Spam-Score: 16.926 X-Spam-Level: X-Spam-Status: Yes, score=16.926 tagged_above=-5 required=4 tests=[BAYES_50=0.001, DNS_FROM_RFC_BOGUSMX=1.482, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, RCVD_NUMERIC_HELO=2.067, RDNS_NONE=0.1, STOX_REPLY_TYPE=0.001, TVD_RCVD_IP=1.931, URIBL_BLACK=1.955, URIBL_JP_SURBL=1.501] Received: from mail.ideorlando.org ([127.0.0.1]) by localhost (mail.ideorlando.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x9wUuMu35-4A for every...@ideorlando.org; Mon, 30 Mar 2009 10:32:53 -0400 (EDT) Received: from 59.165.5.205.man-static.vsnl.net.in (unknown [59.165.5.205]) by mail.ideorlando.org (Postfix) with ESMTP id 910AA1FA4D9E for every...@ideorlando.org; Mon, 30 Mar 2009 10:32:52 -0400 (EDT) Message-ID: 01c9b172$81de7e00$cd05a...@teemigh From: Facebook Inform Center medi...@facebook.com To: every...@ideorlando.org Subject: ***SPAM*** Facebook announcement: Cute Girls Dancing Online ... (Last rated by Loraine Kyle) Date: Mon, 30 Mar 2009 20:02:52 +0530 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=iso-8859-1; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 X-Spam: Not detected
Unable To Track Spam in Mail Logs = :(
I just had a ticket come in regards to a user who just last week started receiving a crazy amount of spam emails that he has never had an issue with. I checked the mail logs (/var/log/mail.log) and was unable to find anything. I checked the spam emails the user still had on his client and copied the message headers: Return-Path: hangza...@yahoo.com.cn X-Original-To: ba...@mydomain.com Delivered-To: ba...@mydomain.com Received: from localhost (localhost [127.0.0.1]) by mail.mydomain.com (Postfix) with ESMTP id 052A51FA41E4 for ba...@mydomain.com; Mon, 9 Mar 2009 06:54:05 -0400 (EDT) X-Virus-Scanned: Debian amavisd-new at mydomain.com Received: from mail.mydomain.com ([127.0.0.1]) by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E5kf3dILFNtT for ba...@mydomain.com; Mon, 9 Mar 2009 06:54:04 -0400 (EDT) Received: from mail.lkpp.gov.my (unknown [219.93.25.92]) by mail.mydomain.com (Postfix) with ESMTP id ECD741FA413E for ba...@mydomain.com; Mon, 9 Mar 2009 06:54:03 -0400 (EDT) Received: from lkpp.gov.my (localhost [127.0.0.1]) by mail.lkpp.gov.my (Postfix) with ESMTP id 29335BE1F7; Mon, 9 Mar 2009 18:03:55 +0800 (MYT) From: Zaohang Lin hangza...@yahoo.com.cn Reply-To: hnagza...@yahoo.com.cn Subject: I need your assistance please Date: Mon, 9 Mar 2009 18:03:55 +0800 Message-Id: 20090309100355.m63...@yahoo.com.cn X-Mailer: OpenWebMail 2.53 X-OriginatingIP: 216.139.189.104 (sharifah) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 To: undisclosed-recipients:; === Return-Path: nob...@topadmin.por.tw X-Original-To: ba...@mydomain.com Delivered-To: ba...@mydomain.com Received: from localhost (localhost [127.0.0.1]) by mail.mydomain.com (Postfix) with ESMTP id 3B3311FA41E0 for ba...@mydomain.com; Sun, 8 Mar 2009 19:42:37 -0400 (EDT) X-Virus-Scanned: Debian amavisd-new at mydomain.com Received: from mail.mydomain.com ([127.0.0.1]) by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vYnvKEJBBnbB for ba...@mydomain.com; Sun, 8 Mar 2009 19:42:37 -0400 (EDT) Received: from topadmin.por.tw (52.121.217.203.static.tcol.com.tw [203.217.121.52]) by mail.mydomain.com (Postfix) with ESMTPS id 7C91D1FA4180 for ba...@mydomain.com; Sun, 8 Mar 2009 19:42:36 -0400 (EDT) Received: by topadmin.por.tw (Postfix, from userid 99) id 3B035C0C8B; Mon, 9 Mar 2009 07:41:12 +0800 (CST) To: ba...@mydomain.com Subject: Anticipating Your Prompt Response From: GUY-PATRICE LUMUMBA guypatricelumu...@congo.gov Reply-To: guypatrice.lumu...@yahoo.com MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit Message-Id: 20090308234115.3b035c0...@topadmin.por.tw Date: Mon, 9 Mar 2009 07:41:12 +0800 (CST) X-ServerMaster-MailScanner-Information: Please contact the ISP for more information X-ServerMaster-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-ServerMaster-MailScanner-SpamCheck: X-MailScanner-From: nob...@topadmin.por.tw == Now I am wondering why I am unable to find any of these messages in my logs: mail:~# cat /var/log/mail.log | grep -i 203.217.121.52 mail:~# cat /var/log/mail.log | grep -i 3B3311FA41E0 mail:~# cat /var/log/mail.log | grep -i guypatricelumu...@congo.gov Am I searching for this incorrectly or in the wrong directory? Thanks for any help! - Carlos
Re: Messages Are Refused
Thanks for that info. Can someone also comment on this? I asked a friend via email and this was his response to the same issue: ** I used nslookup to verify the address your queue is showing, and it does correspond to je.jfcom.mil. But a request for the mail-exchangers for jfcom.mil does not indicate that this host should be receiving mail. The mail-exchangers for that domain are: smtp01.jfcom.mil smtp02.jfcom.mil So this problem resolves into a new one: how did your Postfix come up with the name je.jfcom.mil to send messages to? Did the user explicitly specify that host as a target? Or did Postfix get bad info from its DNS lookup of MX records? Or did something else happen to misdirect these messages? Only a good look at the mail headers for the offending messages will tell you that. When a message finally expires and is sent back to its originator (or to the postmaster), you will need to examine the headers to see at what stage of forwarding a host made the choice to use the wrong mail exchanger. Then further work will be needed to figure out why. ** My question is how did he find smtp01.jfcom.mil? And more important, why then is my Postfix server trying to send to a different smtp address?
Constant Entry in Queue
When I check my Postfix mail queue, I am always noticing a strange entry that sits there until I manually remove it. I really don't understand why it is even routed into my Postfix server to begin with as the recipient and domain don't match anything my server handles. The senders address looks to be spam so through the times, its never the same sender however the recipient address is always the same. Can someone please tell me how and or why this message gets routed to my Postfix mail server if there is a logical way to stop / block this from happening. Below I am adding the queue entry as well as the output from 'postconf -n'. -Queue ID- --Size-- Arrival Time -Sender/Recipient--- 283B71FA4CFB 5734 Wed Feb 25 14:40:28 ztul.f...@thestampcatalogue.com (connect to vmx.atpco.com[206.181.245.168]:25: Connection timed out) christine.a.edg...@mco.com **My mail server is not 'mco.com' nor does it handle any replay for such a domain. I just don't understand why these messages for the same recipient always end up in my Postfix queue.** mail:/home/mlo# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 home_mailbox = mail/ inet_interfaces = all mailbox_size_limit = 0 message_size_limit = 2048 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = $myhostname, $mydomain, mail.$mydomain myhostname = mail.example.com mynetworks = $config_directory/mynetworks myorigin = example.com readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination, reject_non_fqdn_sender,reject_non_fqdn_recipient, reject_unlisted_recipient,reject_unlisted_sender, reject_invalid_hostname,reject_non_fqdn_hostname, reject_rbl_client zen.spamhaus.org,reject_rbl_client bl.spamcop.net,reject_rbl_client safe.dnsbl.sorbs.net, reject_invalid_hostname,reject_non_fqdn_hostname smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
Understanding Message Headers
I received an email this morning that I was confused / concerned by. I am looking at the headers however I am not sure exactly how to make this out. This is obviously spam and I did not send myself spam. The sender shows my email address as well as the recipient address however when I view the full message headers, I can see the 'Return Path' is to a different address. Does that mean that the headers were spoofed to look like I was the sender? Just trying to understand how to read this and also make sure I don't have a serious problem here. Return-Path: carlosw...@pten.org X-Original-To: carlosw...@example.com Delivered-To: carlosw...@example.com Received: from localhost (localhost [127.0.0.1])by $my_mail_server (Postfix) with ESMTP id 9D1FD1FA4BBFfor carlosw...@example.com; Wed, 4 Feb 2009 07:59:01 -0500 (EST) Received: from $my_mail_server ([127.0.0.1])by localhost ($my_mail_server [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tax+kKxS6xrS for carlosw...@example.com; Wed, 4 Feb 2009 07:58:59 -0500 (EST) Received: from amerblind.outbound.ed10.com (pfz2203.tam.ne.jp [210.133.173.203]) by $my_mail_server (Postfix) with SMTP id 935711FA4B51for carlosw...@example.com; Wed, 4 Feb 2009 07:58:58 -0500 (EST)
Access Restriction Not Working
In my attempt to block my Postfix email server from receiving and sending email to gmail, yahoo, hotmail, aol, and msn email accounts, I created the following: vim /etc/postfix/main.cf smtpd_sender_restrictions = hash:/etc/postfix/access reject_unauth_destination = hash:/etc/postfix/access Then I created the file called 'access' and added the following entry: vim /etc/postfix/access gmail.com REJECT I then ran postmap against the newly created 'access' file: postmap hash:/etc/postfix/access Reloaded postfix mail server mail:/etc/postfix# postfix reload postfix/postfix-script: refreshing the Postfix mail system The problem I have is nobody from the specific domains are able to send email to my mail server. It rejects like it should however I am still able to send mail to those domains from my Postfix email server. It appears that 1/2 of the rule is working and I don't know what I did wrong. Anyone know? I checked /var/log/mail.err and found nothing. Nov 21 14:17:26 mail postfix/smtpd[5425]: NOQUEUE: reject: RCPT from yx-out-1718.google.com[74.125.44.157]: 554 5.7.1 [EMAIL PROTECTED]: Sender address rejected: Access denied; from=[EMAIL PROTECTED] to=[EMAIL PROTECTED] proto=ESMTP helo=yx-out-1718.google.com Inbound = blocked Outbound = still works Why?
Re: Certificates Invalid in Main.cf (Possibly Off Topic'ish)
On Mon, Nov 10, 2008 at 9:20 PM, Victor Duchovni [EMAIL PROTECTED] wrote: On Mon, Nov 10, 2008 at 5:26 PM, Noel Jones [EMAIL PROTECTED] wrote: If your existing verisign certificate is a server type certificate with the right FQDN, you should be able to use it with postfix. I believe it is a server type certificate. Its a basic Verisign SSL CA cert. which is visible from my webmail server. https://mail.ideorlando.org When I look at the cert's on the server, I see the following: mail:/etc/apache2/ssl# pwd /etc/apache2/ssl mail:/etc/apache2/ssl# ls -l total 12 -rw-r--r-- 1 root root 1659 2008-09-11 16:47 intermediate.crt -rw-r--r-- 1 root root 1899 2008-09-11 16:47 mail.crt -rw-r--r-- 1 root root 963 2008-09-11 16:47 mail.key Can those just be placed into the main.cf for Postfix? I see the ones already in Postfix have a .pem extension. My Verisign certificates do NOT have a .pem extension. mail:/etc/apache2/ssl# grep snake /etc/postfix/main.cf smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key Those above are generated when the machine had a different FQDN and is not conflicting with the current machines FQDN. Can I simply just use the SSL CA certificates I purchased from Verisign in Postfix with the information I provided above?
Certificates Invalid in Main.cf (Possibly Off Topic'ish)
It appears that my postfix server is using invalid TLS certs from /etc/postfix/main.cf. When I set up my client to use TLS, I get an invalid certificate error from Outlook that tells me the hostname and domain of the server which are wrong. I renamed the FQDN at some point however I must have re-used the certificates generated for old FQDN. How do I fix this? Can I regenerate certificates some how with the current FQDN or use my SSL certificates from Verisign? I don't know if the SSL certs I use from Verisign are the same thing in this case. Can someone please explain and or help me?
Re: Certificates Invalid in Main.cf (Possibly Off Topic'ish)
On Mon, Nov 10, 2008 at 5:26 PM, Noel Jones [EMAIL PROTECTED] wrote: Yes, the FQDN of the server is encoded in the certificate. If you rename the server, you must get a new certificate (or generate a new one if self-signed). If your existing verisign certificate is a server type certificate with the right FQDN, you should be able to use it with postfix. My mail server has a Verisign SSL Server Certificate installed which Apache is using. Can Postfix use the same certificate? I am guessing I just need to change the paths leading to the Verisign certificates in my main.cf, right?
Refused Message from RCPT TO
I am seeing in my logs several of the following: -Queue ID- --Size-- Arrival Time -Sender/Recipient--- 9D3DB1FA461C 1046060 Fri Oct 10 09:37:27 [EMAIL PROTECTED] (host mx2.east.saic.com[198.151.13.25] said: 452 Deferred - [X.X.X.X] (in reply to RCPT TO command)) [EMAIL PROTECTED] Above the [X.X.X.X] is my public IP address for my Postfix server. My question is this being caused due to a poor Postfix configuration in main.cf or is this an issue based on how the client connecting to my Postfix server is composing the message headers? I am assuming that the machine / client initiating the message is improperly using the mail servers IP and this is what the receiving host is rejecting, no?
Re: Refused Message from RCPT TO
On Fri, Oct 10, 2008 at 10:16 AM, Brian Evans - Postfix List [EMAIL PROTECTED] wrote: A 452 response is generally a temporary error and will be retried. Is the recipient yours or a remote? This can be some form of greylisting or other not in your control issue if remote. Thanks Brian Mark for your quick response! The recipient is a remote destination. It is being initiated from a relayed domain for my email server to a remote mail server / destiniation. I will watch and see if it does eventually go through. If I no longer see the entry listed in postqueue -p, how do I know if the message was sent successfully of just failed and cleaned from the queue by the queue manager?
Re: Refused Message from RCPT TO
On Fri, Oct 10, 2008 at 10:33 AM, Brian Evans - Postfix List [EMAIL PROTECTED] wrote: Simply grep out the Queue ID from your log. The status parameter will tell you if it was sent, bounced, or delayed again. Thanks - so basically this is not specifically something my Postfix server is doing wrong or occurring due to config, correct?
Out Of Office Utility
I had a user ask me if the Postfix email server can auto respond w/ Out of Office reply rather than do this on his client in case his machine is rebooted and or shut off. I Google'd this first and found a program called Vacation which appears to be somewhat compatible however I am not sure since I have neither installed or used it as if yet. I read the man page and it appears like a process getting up and running so I thought I would ask here 1st if there is a more efficient way in Postfix to get this up and running w/o having to install a separate application / daemon to do what I am looking for. Thanks for any info!
Unable To Send Emails From Web Server
My email server died last week (hardware) so I took the opportunity to move the system (Postfix) to a different version of Linux (Debian). Everything is working fine and all users are 100% happy with the new machine / Postfix install except I have one web server on my LAN (DMZ) which is unable to send / relay messages out using my SMTP server. The web server and mail server are completely different machines: web - 192.168.1.92 /16 mail - 192.168.0.76 / 24 *both machines are on the DMZ interface* This partnership of being able to send mail from the web server using my SMTP server worked perfect before the change over and the only thing that is different is the mail servers subnet mask. It was /16 which matched the web servers mask however I don't understand why someone had a class b on a 192.168.x.x address so I simply changed it to the traditional class c. I also copied over the /etc/hosts.allow entries over from the old email server to the new one. The old mail server was not relaying and hosts or domains for this to work in the main.cf so I don't think that is the cause. Here is the old mail servers hosts.allow file: ALL: localhost ALL: 192.168.0.76 ALL: 216.242.0. ALL: 169.254.0. ALL: 10.10.0. ALL: 192.168.0. ALL: 10.1.1.13 ALL: 192.168.0.100 I copied that to my new email server and the web server (192.168.1.92) still is unable to send messages out for whatever reason. I attached the output of postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 home_mailbox = Maildir/ inet_interfaces = all mailbox_size_limit = 0 mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost myhostname = mail.***.org mynetworks = $config_directory/mynetworks myorigin = *.org readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination, reject_non_fqdn_sender,reject_non_fqdn_recipient, reject_unlisted_recipient,reject_unlisted_sender, reject_invalid_hostname,reject_non_fqdn_hostname, reject_rbl_client zen.spamhaus.org,reject_rbl_client bl.spamcop.net,reject_rbl_client safe.dnsbl.sorbs.net, reject_invalid_hostname,reject_non_fqdn_hostname smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache I also attached below the log entries from the web server trying to send emails out: AssemblyVersion: 04.05.05 PortalID: 0 PortalName: LT2 Portal UserID: 370 UserName: ** ActiveTabID: 16 ActiveTabName: Host Settings RawURL: /Host/Host Settings/tabid/16/portalid/0/Default.aspx AbsoluteURL: /Default.aspx AbsoluteURLReferrer: https://l.org/Host/Host%20Settings/tabid/16/portalid/0/Default.a spx UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) DefaultDataProvider: DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider ExceptionGUID: bde87654-b6f4-40fc-97f4-91c8be753286 InnerException: Unable to connect to the remote server FileName: FileLineNumber: 0 FileColumnNumber: 0 Method: System.Net.Sockets.Socket.DoConnect StackTrace: Message: System.Net.WebException: Unable to connect to the remote server --- System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.0.76:25 at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP) at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket socket, IPAddress address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception exception) --- End of inner exception stack trace --- at System.Net.ServicePoint.GetConnection(PooledStream PooledStream, Object owner, Boolean async, IPAddress address, Socket abortSocket, Socket abortSocket6, Int32 timeout) at System.Net.PooledStream.Activate(Object owningObject, Boolean async, Int32 timeout, GeneralAsyncDelegate asyncCallback) at System.Net.PooledStream.Activate(Object owningObject, GeneralAsyncDelegate asyncCallback) at System.Net.ConnectionPool.GetConnection(Object owningObject, GeneralAsyncDelegate asyncCallback, Int32 creationTimeout) at System.Net.Mail.SmtpConnection.GetConnection(String host, Int32 port) at System.Net.Mail.SmtpTransport.GetConnection(String host, Int32 port) at
Re: Unable To Send Emails From Web Server
On Tue, Sep 16, 2008 at 11:34 AM, Noel Jones [EMAIL PROTECTED] wrote: Maybe you should change the mail server back to /16 before you do any more troubleshooting. Then read up on networking and netmasks. Thanks for helping me. I reverted back to the /16 and it works fine.
Re: new to postfix
On Fri, Sep 12, 2008 at 7:59 AM, David Ballano [EMAIL PROTECTED] wrote: Hello people, I'm new Here, and I have a lot of questions for you, thanks in advance :) I'm configuring a postfix 2.3 server in a debian etch, I'ts my first time so I would like to do a simple configuration. First you need to do the following: Add this to your /etc/apt/source.list deb http://ftp.us.debian.org/debian/ etch main deb-src http://ftp.us.debian.org/debian/ etch main deb http://security.debian.org/ etch/updates main contrib deb-src http://security.debian.org/ etch/updates main contrib deb http://www.backports.org/debian etch-backports main contrib non-free deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free This adds backports and volatile repos which have the latest versions of Postfix and ClamAV. # apt-get clean # apt-get update # apt-get dist-upgrade That will leave you with a Postfix 2.5 installation rather than the dated 2.3 you have installed from Etch repos.
Re: Unable To Enable Checks
On Wed, Sep 3, 2008 at 3:50 PM, Brian Evans - Postfix List [EMAIL PROTECTED] wrote: This is caused by not having permit_mynetworks as the first restriction. First restriction wins and this is being rejected by reject_unauth_destination because you told it to ignore people on your network. Brian I made the following change in my config: email:~# postconf -n [...] smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_unknown_recipient_domain,reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, permit smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes It appears everything is working fine and the restrictions appear to be working. Thanks for pointing out my mistake :D
What Creates mbox File
I built a new Postfix server this weekend and I noticed that even though I specified Maildir style mailboxes, for some reason I continuously get a file in a users home directory called mbox. I am trying to avoid this file being created. It was my understanding that if you specify Maildir/ style mailboxes, it will dump all email in a directory on that users home folder, no? Here is I see and also the output of postconf -n email:~# cd /home/carlos/ email:/home/carlos# ls -l total 8 drwx-- 5 carlos users 4096 2008-08-15 17:49 Maildir -rw--- 1 carlos users 500 2008-08-17 15:44 mbox alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix home_mailbox = Maildir/ inet_interfaces = all mailbox_size_limit = 0 mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost myhostname = email.example.net mynetworks = 10.1.0.0/16, 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 myorigin = example.net readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes Why do I this mbox file under my users home directory and is it possible to avoid this file generation and just have all my email queue up in /home/$user? -- Man your battle stations...
Re: What Creates mbox File
On Sun, Aug 17, 2008 at 10:37 PM, Eduardo Júnior [EMAIL PROTECTED] wrote: Maybe some config of mutt. I don't know too, but by their description, that is a possibility. If anyone logs into their Postfix server as their regular user and runs the mail command, does it self generate a mbox file in that users home directory?
Postfix GAL Options
My biggest complaint at work is that there is no global address book for everyone to use. Obviously a file I create will be outdated weekly based on the users I add and remove from my Postfix email server. My Postfix email server does not do any kind of fancy authentication with LDAP or do I have any kind of MySQL database running. Its plainly a company Imap server that all clients connect to. I know this is not directly Postfix related however I am looking for suggestions on what other Postfix admins do for something like this? Just a address book that can be accessed by all and is always updated based on user accounts I add and or create. Every email account on my Postfix server has their own UID/GID and their own home directory which is set to /bin/nologin. I don't mind managing it this way and I know where are database methods that help clean this up but that is not what I am looking for here. Thanks for any and all suggestions. -- Man your battle stations...
Re: Postfix Bootcamp / School
On Mon, Jul 28, 2008 at 1:59 PM, mouss [EMAIL PROTECTED] wrote: and you're where? and you'd pay what? I am in Orlando, FL. Price depends on the length of training. I guess I would like to leave that open to see what that is worth. Ideally we would pay to have a consultant come down to Orlando or do over the phone support to build a new system from scratch and assist us in configuration of Postfix, RBL, Spam, and other mail features based on our environment. Since I can't seem to find anyone who offers such a service, I guessed a Postfix support class was the next best thing. Price is really dependent on what is offered and included for what length of time. - Carlos