Re: Refuse mail from hosts with closed port 25
On 9/16/19 8:47 AM, Paul van der Vlis wrote: Hello, How can I refuse mail from hosts who don't have an open port 25? What do you think from such a check? DO NOT DO THIS! A significant number of installations will use different servers for inbound and outbound email. What is worth checking, is that the sender has MX records. Is there more needed? E.g. a list of exceptions for some big providers? Background: I've investigated why somebody did not receive mail from a virtual machine, and I found out her provider (reviced.nl) refuses all mail from a host what does not have port 25 open. I have much problems with spam and I would like to reduce it. -- John PGP Public Key: 412934AC
Re: GEO IP based restrictions?
On 5/14/19 1:41 PM, @lbutlr wrote: Has anyone implemented geo based restrictions for postfix login connections, or is this something that needs to be done in dovecot? I was thinking someway to add most of Asia and Eastern Europe to postscreen checks would be useful? You can always use access_client and reject based on TLD. I ban most of the new TLDs that are used for nothing but spam and Eastern Europe.. I use the geo-ip extension to iptables for restricting IMAP access. -- John PGP Public Key: 412934AC
Re: spam from own email address
On 4/23/19 11:54 AM, Ralph Seichter wrote: * John Peach: /^From:.*\@example\.com/ REJECT This header check will not catch the envelope sender, so I suggest adding "check_sender_access pcre:/path/to/sender_access" to the mix (file content according to your needs, of course). It is not meant to catch the envelope sender. That should be in your normal checks. This is specifically for the data From:, which is what these are using. -Ralph -- John PGP Public Key: 412934AC
Re: spam from own email address
On 4/23/19 11:39 AM, Paul wrote: Yes I agree with Kevin here, the best solution to this problem is an spf record set to reject mail from any ip that’s not in your allowed list of ips for your domain. Forging a from address is very easy and is one of the main purposes of why spf was created. There is no need to go to those lengths - assuming that all your own email is being submitted over port 587, include -o receive_override_options=no_header_body_checks in the master.cf entry for submission and use a PCRE header checks file for port 25. /^From:.*\@example\.com/REJECT Sent from my iPhone On Apr 23, 2019, at 11:26 AM, Kevin A. McGrail wrote: On 4/23/2019 10:02 AM, Ian Jones wrote: I am getting emails like the one below, in which the header from is my own address. Ian, are you using Apache SpamAssassin or something in the mix? I've published a lot of rules for these sexploitation scams in KAM.cf and with an SPF record, you really shouldn't get these in your inbox. Regards, KAM -- John PGP Public Key: 412934AC
Re: Discard subject UTF8
On 2/28/19 8:51 AM, Emanuel wrote: it's not what I need thanks. El 28/2/19 a las 10:45, Bastian Blank escribió: ou block the users sending them. It probably is - legitimate Amazon email comes from servers in amazonses.com - block email purporting to be from Amazon if the server is not in that domain. -- John PGP Public Key: 412934AC
Re: Open Relay on local lan
On 07/25/2018 01:36 PM, @lbutlr wrote: On 24 Jul 2018, at 11:31, Software Information wrote: Recently though, auditors made a deal that the server is an open relay. Based on the rest of this thread, it sounds very much like the auditors are incompetent. I mean, not knowing what an open relay is is concerning. I still remember trying to explain to auditors why I did not have AV on a Solaris server and, having won that battle, having to prove it really was Solaris. -- John PGP Public Key: 412934AC
Re: Question regarding use of amavisd-new
On 12/13/2017 10:52 AM, L.P.H. van Belle wrote: Hai, mailscanner runs fine here for about 5-6 years now, with postfix. Mailscanner + postfix (postscreen) rules here :-) You *think* it's been running fine. When the author of postfix specifically warns against using it, it would be foolhardy to ignore him. But if you want a quicky to test. https://efa-project.org/ = Mailscanner + mailwatch +... Lots of extra's. Greetz, Louis -Oorspronkelijk bericht- Van: postfixlists-070...@billmail.scconsult.com [mailto:owner-postfix-us...@postfix.org] Namens Bill Cole Verzonden: woensdag 13 december 2017 16:46 Aan: Postfix users Onderwerp: Re: Question regarding use of amavisd-new On 13 Dec 2017, at 4:45 (-0500), Maarten wrote: According to their documentation using MailScanner with postfix works too. https://www.mailscanner.info/postfix/ Yes, and there's a link at the bottom of that page to the postfix.org add-on page which specifically warns against MailScanner. What would be the advantage to switching to something like amavisd-new? The advantage to something that uses the SMTP Proxy interface or the Milter interface is that you can trust that it won't be broken without warning or documentation in a future Postfix release. Apart from the risk that it relies on Postfix not changing queue structures and behaviors which are explicitly unsupported and subject to change, MailScanner works directly with the Postfix queue in a way that Wietse has been saying for years is already not safe. I haven't analyzed the Postfix queue-handling code (life is too short...) but I trust his judgment of safety in working with the Postfix queue over that of anyone who didn't write that code. The MailScanner argument (essentially that what they do doesn't break enough to notice) is entirely unpersuasive. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole -- John PGP Public Key: 412934AC
Re: regexp for allowing helo host
On 11/15/16 13:43, Eric Abrahamsen wrote: > I'm trying to successfully receive emails from my state's health care > service, which is apparently broken in the way it sends emails. These > are the errors: > > ericabrahamsen.net/smtpd[24193]: warning: hostname\ > mail-relay.secure-24.net does not resolve to address 199.71.239.178 You could just whitelist 199.71.236.0/22 > > ericabrahamsen.net/smtpd[24193]: NOQUEUE: reject: RCPT from\ > unknown[199.71.239.178]: 550 5.7.1\ > : Helo command rejected: Host\ > not found; from=\ > to= proto=ESMTP\ > helo= > > The helo host seems to change ever time; at least there are a lot of > them. > > I just want to check here: is it safe to change my check_helo_access > from a hash to a regexp, and do: > > /msp.secure-24.net/ OK > > Is that likely to cause me any problems? > > Thanks! > Eric > -- John PGP Public Key: 412934AC
Re: Postfix + relayhost via riseup.net = Problems?
On Sat, 22 Mar 2014 19:45:08 +0200 Anonymous12 anonymou...@riseup.net wrote: [snip] show your /etc/postfix/sasl_passwd with passwords replaced and the rest untouched OS: Ubuntu 12.04 LTS I'll not show what packages I have installed as I see no reason to well then help yourself, nobody asked for all installed packages only the relevant sasl ones if i type yum remove cyrus-sasl-md5 cyrus-sasl-plain i get also no mechanism available for very clear reasons, thats all root@vps44713:~# apt-get install cyrus-sasl-md5 cyrus-sasl-plain Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package cyrus-sasl-md5 E: Unable to locate package cyrus-sasl-plain OS is debian based. 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN What package do I need installed? Oh dear, are you sure you should be managing a linux system, let alone a mailserver? apt-cache search sasl suggests that libsasl2-2 may be what you need. -- John PGP Public Key: 412934AC signature.asc Description: PGP signature
Re: SMTP sender accepted when from a different domain
On Fri, 30 Aug 2013 15:52:22 -0400 Jean-Sébastien Nicaise jsnica...@gmail.com wrote: On Fri, Aug 30, 2013 at 3:48 PM, John Peach post...@johnpeach.com wrote: On Fri, 30 Aug 2013 15:43:01 -0400 Jean-Sébastien Nicaise jsnica...@gmail.com wrote: [snip] I'm hoping for something simple like: user sends an email. Postfix looks at MAIL FROM. Is the email address part of $mydomain? if so, relay mail. If not, don't relay mail. You really, really do NOT want that. Anyone can then spoof your address and you are an open relay. -- John PGP Public Key: 412934AC How would restricting local users make me an open relay? You are not restricting to local users, but to anyone claiming to be a local user. $mynetworks is the way to restrict to local users, or use authentication. -- John PGP Public Key: 412934AC signature.asc Description: PGP signature
Re: Does Postfix understand MX 0 . ?
On Tue, 25 Jun 2013 18:22:22 +0100 Jim Reid j...@rfc1035.com wrote: On 25 Jun 2013, at 18:01, John Levine jo...@iecc.com wrote: There is a somewhat popular convention that if a domain publishes an MX like this: whatever.example MX 0 . it means the domain does not receive mail. Well yes. But it only works as long as there are no A or records for . in the root zone. If that was ever to change, anyone who adopted this Bad Idea will be in for a nasty surprise. It's useful for rejecting email that purports to be from that domain [snip] -- John GPG Public Key: 412934AC
Re: Too much traffic
On Tue, 2 Apr 2013 11:25:09 -0300 Fernando Maior fernando.souto.ma...@gmail.com wrote: Hi, I am not an specialist in Postfix, just a common admin. Yet, I can see two things from your message: 1. You sure have a DNS resolution problem. No external server should be resolved to 192.168.x.x, that is an internal network. Also, the last two octets (255.255) are almost allways used for broadcasting packets in the network. The IP address for mx1.likya.com should never be 192.168.255.255; 2. Because of the DNS resolution problem, postfix is just trying to connect to 192.168.255.255 to deliver the message to za...@likya.com, but could not, of course. I issued three commands: # dig likya.com ns # dig likya.com mx # host mx1.likya.com The first two seems that likya.com is configured correctly, instead the last command resolved to the IP address 192.168.255.255, that is wrong. So, problem with DNS resolution is with the admins of likya.com, not you. Best thing to do? I would just remove all entries in postfix queue that are for the wrong configured server (likya.com). Probably, someone at likya.com just made a wrong config. May be - in the interests of your users - you should try the likya.com site and look for a way to talk to them and tell them about the problem. Else you should keep an eye on the postfix queue and keep removing any messages for that domain, if they continue to pop. in main.cf check_sender_mx_access cidr:/etc/postfix/mx_access.cidr and in mx_access.cidr: 192.168.0.0/16 REJECT MX in bogon address space Cheers, --- Fernando Maciel Souto Maior On Mon, Apr 1, 2013 at 3:25 AM, Ceyhun Ganioglu ceyhunganio...@gmail.comwrote: Hi everybody, ** ** I was using Postfix without any problems but last two months time the traffic usage of the server is increased too much. When I checked the mail queue I see emails for an account za...@likya.com which does not exist on my server. Below is an example how the mail queue looks like. I checked for open relay both manually and some online sites. There’s no open relay. Is this a kind of spam method? If yes, does anyone give me an idea how to fix it. ** ** Kindest Regards Ceyhun ** ** ** ** Email queue: ** ** AC5A615038A 635 Mon Apr 1 03:47:47 za...@likya.com (connect to mx1.likya.com[192.168.255.255]: Connection timed out) za...@likya.com ** ** A05E7150098 635 Sat Mar 30 13:33:46 za...@likya.com (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out) za...@likya.com ** ** ABDC81500CB 641 Sun Mar 31 05:28:05 za...@likya.com (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out) za...@likya.com ** ** A333F150086 2786 Sat Mar 30 09:55:01 MAILER-DAEMON (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out) za...@likya.com ** ** A594015008E 629 Sat Mar 30 12:03:53 za...@likya.com (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out) za...@likya.com ** ** A122F150381 631 Mon Apr 1 00:34:18 za...@likya.com (delivery temporarily suspended: connect to mx1.likya.com[192.168.255.255]: Connection timed out) za...@likya.com
Re: Does this IP have reverse DNS?
On Mon, 04 Mar 2013 12:06:20 -0600 Blake Hudson bl...@ispn.net wrote: Just hoping to get a consensus on this. Postfix is stating that a host (in fact several hosts from the same ISP) does not have rDNS, because our DNS (Bind 9.8) returns SERVFAIL when looking up a PTR record for it. The IP in question is 63.171.0.212. From my perspective, this IP does not have a PTR record and as such does not have proper rDNS. Other tools (including older versions of bind) might say otherwise; What do you say? dig +trace 212.0.171.63.in-addr.arpa ; DiG 9.8.1-P1 +trace 212.0.171.63.in-addr.arpa ;; global options: +cmd . 107196 IN NS c.root-servers.net. . 107196 IN NS j.root-servers.net. . 107196 IN NS h.root-servers.net. . 107196 IN NS b.root-servers.net. . 107196 IN NS e.root-servers.net. . 107196 IN NS d.root-servers.net. . 107196 IN NS a.root-servers.net. . 107196 IN NS k.root-servers.net. . 107196 IN NS f.root-servers.net. . 107196 IN NS m.root-servers.net. . 107196 IN NS l.root-servers.net. . 107196 IN NS g.root-servers.net. . 107196 IN NS i.root-servers.net. ;; Received 436 bytes from 192.168.1.2#53(192.168.1.2) in 29 ms in-addr.arpa. 172800 IN NS e.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS a.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS b.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS f.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS c.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS d.in-addr-servers.arpa. ;; Received 419 bytes from 192.228.79.201#53(192.228.79.201) in 94 ms 63.in-addr.arpa.86400 IN NS t.arin.net. 63.in-addr.arpa.86400 IN NS z.arin.net. 63.in-addr.arpa.86400 IN NS u.arin.net. 63.in-addr.arpa.86400 IN NS w.arin.net. 63.in-addr.arpa.86400 IN NS r.arin.net. 63.in-addr.arpa.86400 IN NS y.arin.net. 63.in-addr.arpa.86400 IN NS x.arin.net. 63.in-addr.arpa.86400 IN NS v.arin.net. ;; Received 179 bytes from 199.212.0.73#53(199.212.0.73) in 20 ms 171.63.in-addr.arpa.86400 IN NS NS3-AUTH.SPRINTLINK.NET. 171.63.in-addr.arpa.86400 IN NS NS2-AUTH.SPRINTLINK.NET. 171.63.in-addr.arpa.86400 IN NS NS1-AUTH.SPRINTLINK.NET. ;; Received 126 bytes from 199.212.0.63#53(199.212.0.63) in 18 ms 212.0.171.63.in-addr.arpa. 86400 IN CNAME 63.171.0.212.cust.lkq.sprintlink.net. 171.63.in-addr.arpa.86400 IN NS ns1-auth.sprintlink.net. 171.63.in-addr.arpa. 86400 IN NS ns2-auth.sprintlink.net. 171.63.in-addr.arpa.86400 IN NS ns3-auth.sprintlink.net. ;; Received 162 bytes from 144.228.255.10#53(144.228.255.10) in 35 ms --Blake* *
Re: Public free (libre) mailbox hosting service for everybody!
On Thu, 28 Feb 2013 12:00:58 -0500 James Seymour jseym...@linxnet.com wrote: On Thu, 28 Feb 2013 18:51:15 +0200 אנטולי קרסנר tomback...@gmail.com wrote: No, the mailing list is a legitimate way to connect with all postfix users ... The mailing list I thought was supposed to be about Postfix, or at least vaguely Postfix-related, issues. By your logic: If I want to interact with all Postfix users on the subject of motorcycle repair, then it would be on-topic, because it's only Postfix users with whom I wish to discuss motorcycle repair? +1
Re: destination_rate_delay and connection_reuse_time_limit
On Wed, 9 Jan 2013 13:29:06 -0200 Rafael Azevedo - IAGENTE raf...@iagente.com.br wrote: I was watching my log files now looking for deferred errors, and for my surprise, we got temporary blocked by Yahoo on some SMTPs (ips), as shown: Jan 9 13:20:52 mxcluster yahoo/smtp[8593]: 6731A13A2D956: host mta5.am0.yahoodns.net[98.136.216.25] refused to talk to me: 421 4.7.0 [TS02] Messages from X.X.X.X temporarily deferred - 4.16.56.1; see http://postmaster.yahoo.com/errors/421-ts02.html So guess what, I still have another 44k messages on active queue (a lot of them are probably to yahoo) and postfix is wasting its time and cpu trying to deliver to Yahoo when there's an active block. Yahoo suggests to try delivering in few hours, but we'll never get rid from the block if we keep trying while the block is active. This doesn't happens only with bulk senders. Many people use their hosting company to send few hundreds emails together with many other users sending legitimate mails from their mail clients… Eventually, one user will compromise all infrastructure and many people may have problem delivering their messages. There's gotta be a solution for this. There is - you need to register your mailserver(s) with yahoo. - Rafael
Re: Why i cann't email to majord...@openssl.org
On Sun, 16 Sep 2012 01:08:58 +0800 LEON l...@kingdest.com wrote: How to avoid receive the mail that i post to this mail list? Stop posting to the list. On 09/16/2012 01:00 AM, Ralf Hildebrandt wrote:* LEON l...@kingdest.com: What command to get this information? host -t ns 54.107.218.in-addr.arpa -- John
Re: Bulk Mailing Performance
On Sun, 2 Sep 2012 22:46:10 +0200 Lorens Kockum postfix-users-4...@tagged.lorens.org wrote: The exact same question was sent by someone calling himself Ron White to the exim mailing list at almost exactly the same time. Peddling one's services by soliciting comparisons with competitors is so passé . . . I find it rather useful; lets me know what I should be blocking -- John
Re: amavisd debug:Permission denied
On Fri, 13 Jul 2012 02:09:45 +0800 Feel Zhou feelz...@gmail.com wrote: Thank you very much My system is Centos6.2/64bit do not have the command sealert Maybe not install So I set setenforce 0, make selinux permissive And it has no change for debug log Whichever system account you're running amavisd under does not have permissions to write to that directory [snip]
Re: Ubuntu Precise packaged 2.9.1 SSL 1.0.1
On Tue, 26 Jun 2012 11:04:16 -0700 Daniel L. Miller dmil...@amfes.com wrote: After a recent Ubuntu server upgrade, the packaged versions of Postfix - using Ubuntu's Precise version, as well as the security, updates, and backports repositories - Postfix's TLS is broken with the known SSL version issue: warning: TLS library problem: 4425:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340: I've tried a couple different main.cf settings, including: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 but the only option that has given me temporary functionality is: smtpd_tls_security_level=none Is there a way I can restore TLS functionality via configuration? Or is an updated Postfix, possibly a self-compiled version, my only option? I've not seen this at all, but I've always used: smtpd_tls_security_level = may This gives me TLS when the client wants to use it. -- John
Re: problem with postfix configuration - Relay Access Denied
On Tue, 19 Jun 2012 19:44:31 +0800 JonL jonl...@hotmail.com wrote: I'm getting the following in my mail logs for a new postfix system. OS = SuSE Linux Enterprise v10 Thanks mail log error Jun 18 15:20:24 linux-srv postfix/smtpd[6509]: NOQUEUE: reject: RCPT from emessenger.cisco.com[192.86.51.17]: 554 jlmil...@mmtnetworks.com.au: Relay access denied; from=emsg-1474-18cf-repl...@emessenger.cisco.com to=jlmil...@mmtnetworks.com.au proto=ESMTP helo=emessenger.cisco.com Jun 18 15:20:24 linux-srv postfix/smtpd[6509]: disconnect from emessenger.cisco.com[192.86.51.17] Jun 18 15:20:29 linux-srv postfix/smtpd[6509]: connect from ccm24.constantcontact.com[208.75.123.132] Jun 18 15:20:30 linux-srv postfix/smtpd[6509]: NOQUEUE: reject: RCPT from ccm24.constantcontact.com[208.75.123.132]: 554 jlmil...@jlorenzo.com.au: Relay access denied; from=esc1110217818469_1110190421834_12336_...@in.constantcontact.com to=jlmil...@jlorenzo.com.au proto=ESMTP helo=ccm24.constantcontact.com postconf should be postconf -n [snip] mydestination = $myhostname, localhost.$mydomain mydomain = mmtnetworks.com.au myhostname = linux-srv.mmtnetworks.com.au jlorenzo.com.au is not there. [snip] -- john
Re: problem with postfix configuration - Relay Access Denied
On Tue, 19 Jun 2012 20:08:33 +0800 Looks like you should read up on the basics. Never try and postmap main.cf; it is not a map. mydomain is just that - one domain. If you are accepting mail for multiple domains use mydestination. JonL jonl...@hotmail.com wrote: Sorry When I put in the 2nd domain this is what shows up in the mail log or when I try to type a postmap command postmap: warning: valid_hostname: invalid character 44(decimal): mmtnetworks.com.au, jlorenzo.com.au postmap: fatal: file /etc/postfix/main.cf: parameter mydomain: bad parameter value: mmtnetworks.com.au, jlorenzo.com.au Jun 19 18:33:42 linux-srv postfix/master[1756]: reload configuration /etc/postfix Jun 19 18:33:42 linux-srv postfix/master[1756]: warning: valid_hostname: invalid character 44(decimal): mmtnetworks.com.au, jlorenzo.com.au Jun 19 18:33:42 linux-srv postfix/master[1756]: fatal: file /etc/postfix/main.cf: parameter mydomain: bad parameter value: mmtnetworks.com.au, jlorenzo.com.au Jun 19 18:33:42 linux-srv postfix[2103]: warning: valid_hostname: invalid character 44(decimal): mmtnetworks.com.au, jlorenzo.com.au Jun 19 18:33:42 linux-srv postfix[2103]: fatal: file /etc/postfix/main.cf: parameter mydomain: bad parameter value: mmtnetworks.com.au, jlorenzo.com.au postconf -n alias_maps = hash:/etc/aliases biff = no canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no disable_mime_output_conversion = no html_directory = /usr/share/doc/packages/postfix/html inet_interfaces = all inet_protocols = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 1024 mydestination = $myhostname, localhost.$mydomain mydomain = mmtnetworks.com.au, jlorenzo.com.au myhostname = linux-srv.mmtnetworks.com.au mynetworks = 192.168.2.0/24, 127.0.0.0/8 mynetworks_style = subnet newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES relayhost = relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = no smtp_use_tls = no smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination smtpd_sasl_auth_enable = no smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual It's not delivering to the mmtnetworks.com.au domain also. regards Jon -- From: John Peach post...@johnpeach.com Sent: Tuesday, June 19, 2012 7:51 PM To: postfix-users@postfix.org Subject: Re: problem with postfix configuration - Relay Access Denied On Tue, 19 Jun 2012 19:44:31 +0800 JonL jonl...@hotmail.com wrote: I'm getting the following in my mail logs for a new postfix system. OS = SuSE Linux Enterprise v10 Thanks mail log error Jun 18 15:20:24 linux-srv postfix/smtpd[6509]: NOQUEUE: reject: RCPT from emessenger.cisco.com[192.86.51.17]: 554 jlmil...@mmtnetworks.com.au: Relay access denied; from=emsg-1474-18cf-repl...@emessenger.cisco.com to=jlmil...@mmtnetworks.com.au proto=ESMTP helo=emessenger.cisco.com Jun 18 15:20:24 linux-srv postfix/smtpd[6509]: disconnect from emessenger.cisco.com[192.86.51.17] Jun 18 15:20:29 linux-srv postfix/smtpd[6509]: connect from ccm24.constantcontact.com[208.75.123.132] Jun 18 15:20:30 linux-srv postfix/smtpd[6509]: NOQUEUE: reject: RCPT from ccm24.constantcontact.com[208.75.123.132]: 554 jlmil...@jlorenzo.com.au: Relay access denied; from=esc1110217818469_1110190421834_12336_...@in.constantcontact.com to=jlmil...@jlorenzo.com.au proto=ESMTP helo=ccm24.constantcontact.com postconf should be postconf -n [snip] mydestination = $myhostname, localhost.$mydomain mydomain = mmtnetworks.com.au myhostname = linux-srv.mmtnetworks.com.au jlorenzo.com.au is not there. [snip] -- john -- john
Re: Flexible formatting of Postfix log entries?
On Sat, 28 Apr 2012 08:30:54 -0700 kar...@mailcan.com wrote: I've been writing scripts for my loganalysis chores. A typical log entry for a mail transaction looks like, [snip] Since it's Postfix doing the writing to the logs in the 1st place, is it possible to config Postfix to (free)format those It's not postfix - it's syslog. [snip] -- John
Re: Linux.3 in makedefs Ubuntu12
On Thu, 29 Mar 2012 12:10:26 -0700 Quanah Gibson-Mount qua...@zimbra.com wrote: --On Thursday, March 29, 2012 10:56 PM +0400 Michael Tokarev m...@tls.msk.ru wrote: Besides, gcc --print-search-dirs (as already used in makedefs) includes all necessary multiarch directories already. So I'm not really sure why the OP have this problem to start with. Here's the content of SEARCHDIRS variable from makedefs script on my 32bit system: If postfix doesn't find nsl or resolv in the directories in that list, it won't add them to the library list. Thus the build fails. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. Zimbra :: the leader in open source messaging and collaboration My Ubuntu Precise box has the following in in /etc/ld.so.conf which will pick up those directories: cat /etc/ld.so.conf include /etc/ld.so.conf.d/*.conf cat /etc/ld.so.conf.d/*.conf # Multiarch support /lib/i386-linux-gnu /usr/lib/i386-linux-gnu /lib/i686-linux-gnu /usr/lib/i686-linux-gnu # libc default configuration /usr/local/lib /usr/lib/nvidia-settings # Multiarch support /lib/x86_64-linux-gnu /usr/lib/x86_64-linux-gnu /usr/lib/nvidia-current /usr/lib32/nvidia-current # Legacy biarch compatibility support /lib32 /usr/lib32
Re: Problem delivering through one barracuda gateway from postfix
On Fri, 23 Mar 2012 13:19:14 -0300 francis picabia fpica...@gmail.com wrote: On Fri, Mar 23, 2012 at 12:43 PM, Giles Coochey gi...@coochey.net wrote: On 23/03/2012 15:37, francis picabia wrote: On Fri, Mar 23, 2012 at 11:33 AM, francis picabiafpica...@gmail.com wrote: We have a difficulty delivering to a site running a barracuda appliance. I can email them from a gmail account, or via a telnet session, but not via postfix on our SMTP gateway. I've contacted the remote site from my gmail to discuss it but no progress so far. I have the default pix conf settings and we are running postfix 2.8.6 In the logs we see it times out. Mar 21 15:01:30 thabit postfix-internal/smtpd[9296]: 6E7211F44DD: client=localhost[127.0.0.1] Mar 21 15:01:30 thabit postfix-internal/cleanup[9274]: 6E7211F44DD: message-id=moodlepost153...@acorn.mydomain.ca Mar 21 15:01:30 thabit postfix-internal/qmgr[28954]: 6E7211F44DD: from=lms.ad...@mydomain.ca, size=6449, nrcpt=1 (queue active) Mar 21 15:01:30 thabit postfix-internal/lmtp[9288]: 2A0561F44EE: to=usern...@theirdomain.ca, relay=127.0.0.1[127.0.0.1]:10026, delay=189085, delays=189084/0.03/0.01/0.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=09101-06, from MTA([127.0.0.1]:10027): 250 2.0.0 Ok: queued as 6E7211F44DD) Mar 21 15:01:30 thabit postfix-internal/smtp[9198]: 6E7211F44DD: enabling PIX workarounds: disable_esmtp delay_dotcrlf for barracuda1.theirdomain.ca[24.224.X.Y]:25 Mar 21 15:11:30 thabit postfix-internal/smtp[9198]: 6E7211F44DD: conversation with barracuda1.theirdomain.ca[24.224.X.Y] timed out while sending end of data -- message may be sent more than once I saw an older article about delivering to a barracuda gateway and tried the solution with smtp_discard_ehlo_keyword_address_maps = hash:/etc/postfix-internal/smtp_discard_ehlo and that file containing: 24.224.X.Y pipelining This setting made no difference in the result and error. I wonder if the pix settings are not the right fit for this case? Is there a method to not use the pix workarounds for a single destination? I read another old thread about Cisco firewalls associated with the pix workaround. When I telnet to the remote site, the response shows: 220 Is this a sign of the Cisco firewall or could it be something else masked? Should I look at suppressing dkim headers? It is a sign of the PIX firewall removing data. To disable: 1. Logon to firewall command line 2. type enable 3. enter enable password or secret 4. type configure terminal 5. use 'no fixup protocol smtp 25' to disable SMTP protocol mangling 6. type 'write memory' to save config to device 7. restart or reload the PIX firewall Thanks, but this issue is on the remote site. Given they can receive email from gmail and other sites, I'm not sure I can convince them to make these changes on their firewall. There must be another solution so that I'm sending email to them they can digest. http://blog.arschkrebs.de/blog/working-around-broken-cisco-pix-or-asa-installations/
Re: spamcop abusing mail systems worldwide
On Thu, 17 Nov 2011 08:08:13 -0600 (CST) Dan The Man d...@sunsaturn.com wrote: I agree completely, but I don't think a student failing a course because he only has a yahoo/shaw etc address and got a legitimate email bounced would agree very much :) I think my solution should stand, we got all the other rbl's, and spamassassin etc, there really no need to have anything legitimate dropped till they fix their issues. Spamcop recommend you use it for scoring, not blocking [snip]
Re: Is there a RHSBL for parked domains?
On Thu, 13 Oct 2011 15:33:48 +0530 Ram r...@netcore.co.in wrote: On 10/13/2011 02:37 AM, Ralf Hildebrandt wrote: * Noel Jonesnjo...@megan.vbhcs.org: You might be able to do something with check_recipient_mx_access. Mostly, these domains have no MX, but only an A record. But yes, I havne'T yet checked if they all resolve to but a few IPs Since all the non existing domains are now being typo-squatted with A records and MX records too What I saw that most of these domains use common MX or NS records I use check_recipient_mx_access and reject these mails at SMTPD I typically reject all mails where MX points to mx.fakemx.net , or mxs1.tradenames.com .. among others check_recipient_ns_access would make more sense I think. sedoparking, at least, uses ns1.sedoparking.com, ns2.sedoparking.com. -- John
Re: Issue integrating with Cyrus-SASL
On Fri, 16 Sep 2011 14:17:13 -0400 (EDT) Wietse Venema wie...@porcupine.org wrote: Crazedfred: ? Crazedfred crazedf...@yahoo.com: What is the result of:find / -name smtpd.conf sudo find / -name smtpd.conf /usr/lib/sasl2/smtpd.conf read the debian documentation! Could you elaborate? Am I looking for the wrong file? I have seen several hints on this mailing list that Debian Postfix wants to read /etc/postfix/sasl/smtpd.conf. That's exactly where it is on mine.
Re: postscreen dnsbl services down ß
On Wed, 31 Aug 2011 12:10:29 +0200 Michael Weissenbacher m...@dermichi.com wrote: On Wed Aug 31 2011 12:01:20 GMT+0200 (CET), we...@zackbummfertig.de wrote: Hello, annyone can acknowledge that following dnsbl services are not reachable? zen.spamhaus.org*2DOWN b.barracudacentral.orgDOWN bl.spamcop.net*2 combined.rbl.msrbl.net*2 ix.dnsbl.manitu.net*2DOWN dnsrbl.swinog.ch*2 dnsbl.njabl.org*2no-more-funn.moensted.dk db.wpbl.infoDOWN psbl.surriel.com i get a loot 550 service not available entries in log and sender gets error messages. They all work fine here, i'd say check for routing problems. ...or you've been blocked for too many requests. cheers, Michael
Re: selective greylisting with a long delay
On Mon, 11 Apr 2011 17:39:43 -0400 Jerry postfix-u...@seibercom.net wrote: On Mon, 11 Apr 2011 15:43:09 -0500 Stan Hoeppner s...@hardwarefreak.com articulated: pf at alt-ctrl-del.org put forth on 4/10/2011 10:33 PM: My thought on auto combating this is to use a CIDR list to kick these networks (and only these networks) over to a greylist policy that delays these emails for 4+ hours. By then, most of the bad IPs would be listed in one or more RBL and be blocked. So, has anyone else already done something like this? Why bother with this complex greylisting setup? Simply hammer the big blocks with a CIDR entry and whitelist individual IPs in the range from which you need legit mail. If such IPs are used to send both snowshoe spam and ham, that's a human shield tactic, and deserves permanent blocking, FOREVER. If anyone complains, lay the full skinny on them as to why. I.e. lay the blame at the proper feet, and direct complaints at the guilty. Life is too short to waste _your_ valuable time playing whack-a-mole with spammers, isn't it? We don't live in a totally collateral damage free world. People must get used to this. Unless of course you get hit with a law suit. My server, my rules.
Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]
On Thu, 03 Feb 2011 10:44:13 +0100 J4K ju...@klunky.co.uk wrote: On 02/02/2011 11:54 PM, Steve Jenkins wrote: On Wed, Feb 2, 2011 at 2:33 PM, Stan Hoeppner s...@hardwarefreak.com wrote: In the mean time, maybe give this a go. 1600+ expressions matching rDNS patterns of many millions of broadband IPs worldwide that shouldn't be sending direct SMTP. Catches quite a bit that PBL/CBL/SORBS-DYNA/etc don't and with less delay, reduced load on dnsbl servers and your own network. Potential FPs will be SOHO and Linux weenie MTAs on consumer IPs. Usage instructions are comments at the top of the file. Insert the restriction above/before any greylisting daemons in main.cf, obviously. Some on this list and many on the Dovecot list can testify to its effectiveness. http://www.hardwarefreak.com/fqrdns.pcre I can attest to the awesomeness of Stan's pcre file. I run it on all 5 of our Postfix servers, and it catches a LOT of stuff. From my logs, what it seems to do best is block zombie mailers on dynamic IPs. And I updated to your latest version today, Stan. Thanks :) SteveJ Its a good idea, but this would limit a user from using a server on his residential ADSL from being an Email server, and force them to use their ISPs relay. Else they might have to upgrade to a business package or spend more money for a static IP address that they can amend the reverse lookup record for. Pros and cons. No cons that I can see.
Re: Text Substitution with pcre:
On Sat, 29 Jan 2011 12:30:35 +0100 Bastian Blank bastian+postfix-users=postfix@waldi.eu.org wrote: On Fri, Jan 28, 2011 at 03:49:55PM -0500, Jerrale G wrote: from *mail.sheltoncomputers.com (mail [127.0.0.1]) * by mail.sheltoncomputers.com (SC Mail Server) with ESMTP id 182431B60017for jerr...@sheltoncomputers.com; Fri, 28 Jan 2011 15:44:05 -0500 (EST) The correct address, for mail.sheltoncomputers.com is 173.50.101.12. I am actually doing this to make the headers correct, due to the bug of Centos. No. 127.0.0.1 is always _the_ valid address for the system. 127.0.0.1 is localhost or, possibly, localhost.localdomain. I would take great exception to anything trying to redefine it. Bastian -- John
Re: my server being used for spam
On Wed, 22 Dec 2010 19:52:03 +0200 Razvan Chitu c...@topedge.ro wrote: Hello again, This time the question is simple: my server is being maliciously used to send spam, and this has to stop. Here are the log entries in question (latest ones): [snip] Also, I'm having a lot of these kind of entries lately (*Dec 22 19:03:18 raptor postfix/qmgr[23830]: 42B741BC5C9: from=, size=3425, nrcpt=1 (queue active)*) with unknown sender. Unfortunately these bounces are what put my server on several backscatter lists. Is there any way to reject these kind of senders from start (reject_unknown_sender?). Is there any way to insert longer and longer delays for unauthorized connections such as the ones from 88.166.185.164 with each connection attempt? Something like proftpd's throttle module. Thank you and be kind. Point me to the right manual :)) Stop accepting mail for non-existent users. Kind regards, -- John
Re: my server being used for spam
On Wed, 22 Dec 2010 20:23:51 +0200 Razvan Chitu c...@topedge.ro wrote: *For* non-existent or *From *non-existent? I never knew that Postfix had a reject_unknown_sender. Does it have any caveats that I should watch over? I wrote for, which is what I meant and is why you get on backscatter lists. Thanks, C.R. On 12/22/2010 7:53 PM, John Peach wrote: On Wed, 22 Dec 2010 19:52:03 +0200 Razvan Chituc...@topedge.ro wrote: Hello again, This time the question is simple: my server is being maliciously used to send spam, and this has to stop. Here are the log entries in question (latest ones): [snip] Also, I'm having a lot of these kind of entries lately (*Dec 22 19:03:18 raptor postfix/qmgr[23830]: 42B741BC5C9: from=, size=3425, nrcpt=1 (queue active)*) with unknown sender. Unfortunately these bounces are what put my server on several backscatter lists. Is there any way to reject these kind of senders from start (reject_unknown_sender?). Is there any way to insert longer and longer delays for unauthorized connections such as the ones from 88.166.185.164 with each connection attempt? Something like proftpd's throttle module. Thank you and be kind. Point me to the right manual :)) Stop accepting mail for non-existent users. Kind regards, -- John
Re: fqrdns.pcre
On Tue, 07 Dec 2010 17:10:45 -0500 Paul Cartwright deb...@pcartwright.com wrote: On 12/07/2010 04:48 PM, Steffan A. Cline wrote: CIDR blocking all of China with an auto whitelist for those that you email directly? I don't know anyone in China, I know someone who travels there, but he has a Bellsouth address.. so how do you implement CIDR blocking?? well I see where you can add a hash file, but all I see are IP ranges, not *.cn . I also block both sender and client addresses in the cn TLD -- John
Re: Posfix: deliver to spam folder analog of reject_rbl_client
On Thu, 28 Oct 2010 14:28:42 +1000 Noel Butler noel.but...@ausics.net wrote: On Wed, 2010-10-27 at 22:15 -0400, John Peach wrote: On Thu, 28 Oct 2010 11:17:00 +1000 Noel Butler noel.but...@ausics.net wrote: On Tue, 2010-10-26 at 14:11 +0300, Покотиленко Костик wrote: sorbs.net is very agressive, many ISPs get blocked for several years and are not willing to delist b/c sorbs doesn't offer free delist for them. That is complete FUD, yes, I know what their website says, but knowing the people behind them I can assure you it has never been demanded, it is a deterrent, a request to their ticketing system is all it takes to get out, please don't fall for the mistruths by those who have been in SORBS, infact, better to ask yourself why they were in there in the first place. ... because we have so-called educated professionals who fall for phishing scams on a regular basis, despite regular warnings about the same. Right, so, how is THAT a false positive, it is a justifiable listing if they became part of the problem. I never said it was a false positive. Just that it's a waste of time trying to get delisted; we gave up with that years ago. -- John
Re: Posfix: deliver to spam folder analog of reject_rbl_client
On Thu, 28 Oct 2010 11:17:00 +1000 Noel Butler noel.but...@ausics.net wrote: On Tue, 2010-10-26 at 14:11 +0300, Покотиленко Костик wrote: sorbs.net is very agressive, many ISPs get blocked for several years and are not willing to delist b/c sorbs doesn't offer free delist for them. That is complete FUD, yes, I know what their website says, but knowing the people behind them I can assure you it has never been demanded, it is a deterrent, a request to their ticketing system is all it takes to get out, please don't fall for the mistruths by those who have been in SORBS, infact, better to ask yourself why they were in there in the first place. ... because we have so-called educated professionals who fall for phishing scams on a regular basis, despite regular warnings about the same. We have given up trying to do anything with SORBS - caveat emptor. [snip] -- John
Re: ..::Spoofing Issues::..
On Wed, 6 Oct 2010 12:13:25 +1100 James Gray ja...@gray.net.au wrote: On 06/10/2010, at 9:37 AM, Noel Butler wrote: On Tue, 2010-10-05 at 23:46 +0200, mouss wrote: Le 04/10/2010 23:03, Terry Gilsenan a écrit : Configure postfix to use SPF, and setup an SPF record in DNS for that domain. then what? you reject mail because of spf fail? that would lead to false positives... We've used it for years, had very little complaints, maybe half a dozen in all that time. SPF is a must use IMHO, and by use of -all ... providing you configure your DNS correctly. ...and then a user puts in a .forward file (or equivalent) to send mail to another address. Now SPF if broken on the forwarded account as your mail server very likely doesn't have an SPF record for the original sender. Ooops - SPF is broken in these situations and therefore can't be used to arbitrarily reject messages on SPF failures. The best it can do is be added as a heuristic to an overall message evaluation (spamassassin et al). We neither publish nor use SPF records; broken by design. Cheers, James -- John
Re: unknow user 450 to 550 reject code
On Sat, 05 Jun 2010 23:26:46 +0200 Jeroen Geilman jer...@adaptr.nl wrote: Ciao Somebody have any idea how can i change User unknown in virtual mailbox table reject code from 450 to 550 (don't send again) The unknown_virtual_mailbox_reject_code response defaults to 550. If it is not 550 on your system, somebody altered it from the default. (I don't see how an undeliverable address could be anything but a permanent error) soft_bounce is set to yes by default (so that you can correct your config before putting it into production). -- John
Re: unknow user 450 to 550 reject code
On Sat, 05 Jun 2010 23:33:04 +0200 Jeroen Geilman jer...@adaptr.nl wrote: On Sat, 05 Jun 2010 23:26:46 +0200 Jeroen Geilmanjer...@adaptr.nl wrote: Ciao Somebody have any idea how can i change User unknown in virtual mailbox table reject code from 450 to 550 (don't send again) The unknown_virtual_mailbox_reject_code response defaults to 550. If it is not 550 on your system, somebody altered it from the default. (I don't see how an undeliverable address could be anything but a permanent error) soft_bounce is set to yes by default (so that you can correct your config before putting it into production). A REJECT isn't a bounce, is it ? Unless this is documented as such, I don't see the connection. As with all of postfix, it is clearly documented: http://www.postfix.org/SMTPD_ACCESS_README.html -- John
Re: Sender address rejected: Domain not found
On Wed, 02 Jun 2010 08:50:53 -0400 Robert Fitzpatrick li...@webtent.net wrote: I am getting a lot of these for various domains... Jun 2 07:21:08 esmtp postfix/smtpd[55535]: NOQUEUE: reject: RCPT from mail.cypresspartners.com[72.242.211.227]: 450 4.1.8 onlinebanking.ela...@onlinealert.bankofamerica.com: Sender address rejected: Domain not found; from=onlinebanking.ela...@onlinealert.bankofamerica.com to=de...@plasticert.com proto=ESMTP helo=mail.cypresspartners.com I assume these are legitimate rejects since the helo domain is cypresspartners.com and I did not find an A record for that domain. Is that correct? Just want to confirm since I have a user not receiving an auto-email from BOA. But not this user above. Phishing scam: ** server can't find onlinealert.bankofamerica.com: NXDOMAIN besides which, BoA is not likely to send anything through cypresspartners.com. Thanks, Robert -- John
Re: Mail discarded with http
On Fri, 21 May 2010 15:03:22 +0200 Sasa s...@shoponweb.it wrote: Hi, I have a problem with some mails that are discarded when in body message there is a web link with http prefix, i.e. with: http://www.example.com/example with this link the mail is discarded and in log file I have: [r...@mail ~]# grep 707F026A302 /var/log/maillog May 20 10:52:16 mail postfix/smtpd[12804]: 707F026A302: client=unknown[192.168.1.88], sasl_method=LOGIN, sasl_username=u...@mydomain.com May 20 10:52:16 mail postfix/cleanup[13001]: 707F026A302: message-id=000d01caf7f9$c95308e0$5bf91a...@com May 20 10:52:20 mail postfix/qmgr[12573]: 707F026A302: from=u...@mydomain.com, size=3075, nrcpt=2 (queue active) May 20 10:52:39 mail postfix/smtp[13776]: 707F026A302: to=dvd...@domain.it, relay=127.0.0.1[127.0.0.1]:10024,delay=23, ^^^ delays=4.2/0/0.01/19, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=13116-02) Discarded by amavisd-new (presumably spamassassin). [snip] -- John
Re: which port to use for SSL/TLS?
On Fri, 21 May 2010 15:35:55 -0400 Phil Howard ttip...@gmail.com wrote: On Fri, May 21, 2010 at 15:29, John Peach post...@johnpeach.com wrote: 465 is for SMTP over SSL, which is deprecated. What is deprecated? Using port 465? Or doing SMTP over SSL? SMTP over SSL Unfortunately, I need to do the latter because of some network security and access issues (and for like reason am doing IMAP over SSL on port 993 and POP over SSL on port 995). I could go ahead and do SMTP over SSL on port 465. Are you sure it won't conflict with anything? Just use port 465 if you want, but the submission port would make more sense (587) I'm doing optional STARTTLS (e.g. smtpd_tls_security_level=may and smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination) on port 25. What should I be doing on port 587? Why not use smtpd_tls_security_level = encrypt on port 587? http://www.postfix.org/TLS_README.html -- John
Re: ISP bounces email
On Sun, 16 May 2010 20:52:54 +0100 Frank Shute boysh...@googlemail.com wrote: Hi, My ISP suddenly started bouncing my mail. I phoned them up and they started saying In profiles do I pointed out at that point that I used Unix and the tech took fright said that he'd get somebody to ring me back; nobody ever did. Maybe you should have listened to what he had to say; it's trivial to extrapolate the necessities once you know the windoze setup. I assume that they've added some sort of authentication scheme on their mail server in addition to IP based. Beforehand I could push mail to their server without any special setup. They run Sendmail on Linux IIRC. I tried setting up cyrus-sasl with my Postfix running on FreeBSD-8-STABLE. This is what I did: added the lines: smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd I also have: smtp_sasl_security_options = to main.cf put this in /usr/local/etc/postfix/sasl_passwd [mail.zetnet.co.uk] esperance.zetnet.co.uk:X since I've got a pop3 email address of: fr...@. I would have expected the login to be fr...@esperance.zetnet.co.uk not just esperance.zetnet.co.uk However, you really need to ask your ISP what mechanism they are using. [snip] -- John
Re: Postfix logging to syslog
On Wed, 28 Apr 2010 00:47:08 -0400 Sahil Tandon sa...@freebsd.org wrote: On Wed, 28 Apr 2010, N. Yaakov Ziskind wrote: Sahil Tandon wrote (on Wed, Apr 28, 2010 at 12:02:34AM -0400): On Tue, 27 Apr 2010, N. Yaakov Ziskind wrote: Sahil Tandon wrote (on Tue, Apr 27, 2010 at 11:23:22PM -0400): Assuming you did not make any mistakes while editing syslog.conf, did you restart syslogd(8) after making the changes? Postfix simply logs to the mail facility; how syslogd(8) handles this is not a Postfix issue. yes, with /etc/init.d/sysklogd restart; I also HUPed the only process, 'rsyslogd -c4', to come out of 'ps ax|grep log'. You are aware that rsyslogd != sys(k)logd, right? In the interest of clarity, system is running Ubuntu Lucid, and there is no syslogd on the system (except /etc/default/syslogd), only sysklogd, which seems to be its replacement. And yet your ps(1) output indicates that only rsyslogd is running? I'm not an Ubuntu user, so perhaps someone else can chime with a hint. Since this does not appear to be a Postfix issue, you might also wish to pursue this on a more appropriate mailing list. syslogd has been replaced by rsyslogd. man rsyslogd hint: /etc/rsyslogd.conf -- John
Re: DNS RBL error
On Mon, 19 Apr 2010 08:53:03 -0400 donovan jeffrey j dono...@beth.k12.pa.us wrote: On Apr 19, 2010, at 8:41 AM, Ralf Hildebrandt wrote: * donovan jeffrey j dono...@beth.k12.pa.us: Greetings i have been seeing tons of errors coming from spamhaus, it seems it's not resolving. at least for me. is anyone else having any problems ? You might have been blocked because you exceeded the limits for free usage. i did not know there was such a thing. I may be having some type of dns issue with zen. My local dns server does not resolve zen, but google public dns does. i found this http://www.spamhaus.org/organization/dnsblusage.html -- John
Re: DNS RBL error
On Mon, 19 Apr 2010 09:09:38 -0400 donovan jeffrey j dono...@beth.k12.pa.us wrote: On Apr 19, 2010, at 9:03 AM, Ralf Hildebrandt wrote: * donovan jeffrey j dono...@beth.k12.pa.us: this system in question picks up mail ( primary MX ) for about 2000 users. This should well be within the limits. We're execeeding the limit at about 30k users. Maybe you're using your ISPs DNS forwarder? Im not sure i understand. I know my isp pulls zone files from me, and runs a secondary dns server. -j Your nslookup shows you using 207.172.3.20 as a nameserver: 20.3.172.207.in-addr.arpa name = auth1.dns.rcn.net Your ISP's nameserver. You need to run your own, so that you query spamhaus directly. They are counting all the hits from RCN. -- John
Re: Changes in PCRE handling postfix etch vs lenny?
On Tue, 19 Jan 2010 17:15:59 -0600 Stan Hoeppner s...@hardwarefreak.com wrote: Well, there's one positive side to this thread Noel. Your reply to undisclosed recipients instead of the list address broke my postfix-users sort filter. I just spent 20 minutes trying to figure it out. I tried received and return-path and all kinds of header checks in the T-Bird message filter, and none of them work on this message. They clearly should. So now I get to file a bug report on T-Bird as it's clearly not processing the headers correctly or obeying custom headers I plug in. Hell, it won't even filter on Sender: owner-postfix-us...@postfix.org for Pete's sake and Sender is built into the filter, not custom, IIRC. Regardless of the T-Bird issue, could we all please reply to the list address instead of burying it in a BCC? That's just plain silly. I only accept mail to post...@johnpeach.com from cloud9.net and I do the same thing for other mailing lists to which I subscribe - that should get rid of your bcc problems.. -- John
Re: Does Postfix cache resolv.conf?
On Sun, 10 Jan 2010 11:32:34 +0100 Dr. Lars Hanke l...@lhanke.de wrote: I had a quite strange issue. About a week ago my bind9 broke down and I could not get it running again on the same machine. So moved it to another machine and changed the /etc/resolv.conf of my machines to try both IP. Apparently everything worked fine. Today I was puzzled that the corresponding bug-report to the Debian list was somehow missing. I resent it watching the postfix logs and found that potfix was missing the MX entry of my relay host and refused to send. Since the host itself actually does not have a MX entry, I was sidetracked assuming postfix was not smart enough to strip the host name from the domain. During this trouble shooting I had postfix reload its configuration a couple of times. After setting the name in [] postfix reported that the A entry was missing, which definitely was wrong. I restarted postfix and voilá it continued working like it did all the years before. Now I know that it is smart enough to strip the relay host name from the domain to lookup MX. ;) Apparently postfix missed the switching of nameservers and did not learn of the new DNS until restart. Is this a bug or a feature? This is true of most services, not just postfix. They will read /etc/resolv.conf at startup and not again unless told to do so -- John
Re: smtpd_helo_required compliance with the RFC
On Sun, 27 Dec 2009 18:10:53 +0100 Philippe Cerfon philc...@googlemail.com wrote: On Sun, Dec 27, 2009 at 2:11 AM, Wietse Venema wie...@porcupine.org wrote: With smtpd_helo_required = yes, the Postfix SMTP server requires HELO (or EHLO) before the MAIL, ETRN and AUTH commands (*). I've just tried it vor ETRN, and as far as I understand the RFC it should not be necessary for ETRN (as well as AUTH and STARTTLS which you named) to require HELO/EHLO. If you disagree, then you MUST show the evidence that Postfix behaves otherwise. Well,.. I do not claim that the RFC is superior in all points. I've just read that HELO/EHLO should be only necessary for mail transactions (= MAIL)... q.e.d. ;-) I don't wanna be nit-picking,.. but as I read through rfc 5321 right now, I found some other places where postfix might be not stricly speaking compliant... or where the check/restriction keywords forbid more that the rfc forbids. Should this brought to the attention of the developers? (-devel list or so?) No it should not - they know. The RFCs were written way before the problems we have now. Feel free to update the RFCs if you so wish. -- John
Re: smtpd_helo_required compliance with the RFC
On Sun, 27 Dec 2009 20:22:33 +0100 Ansgar Wiechers li...@planetcobalt.net wrote: On 2009-12-26 Stan Hoeppner wrote: Len Conrad put forth on 12/26/2009 3:49 PM: Requiring HELO is hardly an RFC-abusive setting. I expect almost no legit, nor illegit, SMTP servers send EXPN or VRFY before helo, I'll add that just about everyone disables VRFY these days to prevent valid address harvesting, Which, of course, is utterly pointless. HELO example.org MAIL FROM:pr...@example.org RCPT TO:address_to_be_verif...@example.net QUIT wrong. there is a world of difference between; 502 5.5.1 VRFY command is disabled and 250 2.1.5 Ok or 550 5.1.1 redacted Recipient address rejected -- John
Re: smtpd_helo_required compliance with the RFC
On Sun, 27 Dec 2009 23:34:47 +0100 Ansgar Wiechers li...@planetcobalt.net wrote: On 2009-12-27 John Peach wrote: On Sun, 27 Dec 2009 20:22:33 +0100 Ansgar Wiechers wrote: On 2009-12-26 Stan Hoeppner wrote: I'll add that just about everyone disables VRFY these days to prevent valid address harvesting, Which, of course, is utterly pointless. HELO example.org MAIL FROM:pr...@example.org RCPT TO:address_to_be_verif...@example.net QUIT wrong. there is a world of difference between; 502 5.5.1 VRFY command is disabled and 250 2.1.5 Ok or 550 5.1.1 redacted Recipient address rejected Perhaps I'm missing something, but I fail to see the big difference when it comes to address verification. Regardless of whether you use VRFY or MAIL FROM/RCPT TO/QUIT, if the address is invalid the response will be 550 5.1.1 address_to_be_verif...@example.net: Recipient address rejected If it isn't, the address can be considered verified. Unless, of course, the server produces backscatter. Which it shouldn't. No it is not. 502 5.5.1 VRFY command is disabled just tells you that VRFY has been disabled; not the validity of the address. -- John
Re: always get 450 for non-existent domain
On Sat, 19 Dec 2009 04:40:02 -0400 D G Teed donald.t...@gmail.com wrote: [snip] Due to the hardwired default of 450, all sent mail becomes sluggish on the Exchange queue as hundreds of messages are retried every few minutes (one mistyped domain in a mail list triggers this behaviour in MS Exchange). Fix the problem, then. Hint - the problem is exchange, not postfix. --Donald -- John
Re: [OT?] blocking replies (WAS: whitelisting problem)
On Wed, 09 Dec 2009 03:58:28 -0600 Stan Hoeppner s...@hardwarefreak.com wrote: [snip] Two words: LIST MAIL. When you reply directly to senders, all kinds of unpleasant things can happen. Keep replies on list only and you can avoid seeing some of the draconian things folks do. setting the reply-to header helps that enormously -- John
Re: OT: need some advice as to distro
On Tue, 01 Dec 2009 16:30:36 +0200 Eero Volotinen eero.voloti...@iki.fi wrote: Centos 5.4 - while it looks like a good choice, there has been some political infighting going on recently which makes us a little nervous about its future. In addition we have found that a number of the core packages we wish to use are out of date (postfix, dovecot, amavisd-new among them). Centos 5.x is my selection. You can also use packages from epel and dag's rpm repositories. It suffers from Red Hat's liking for sendmail. The postfix package is aeons old. I would go with Ubuntu (probably 9.04 which is a long-term support version). -- John
Re: sender check
On Thu, 26 Nov 2009 18:29:00 +0100 Marco Giardini m...@tecnogi.com wrote: * Wietse Venema wie...@porcupine.org [2009-11-26 12:20:19 -0500]: Marco Giardini: I have a barracuda server that receives mails, filter them and forward to a linux system running postfix. Both machine have a public IP (static). The linux system is configured to be used as SMTP for sasl authenticated users as well, besides to be used as SMTP for the people on $mynetworks (permit_mynetworks in the smtpd_recipient_restrictions). Unfortunatley, some spammers, have found it and use to spam local recipients using the linux machine, avoiding so to be filtered through the barracuda system. I'm wondering if there is a way to allow OLNY local users or users belonging to the domains hosted by the linux server to use SMTP. To permit only local systems (incl. barracuda box), or users that have a relationship with your server: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject Wietse i do use: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination but it seems from the log that spammer still send me and to other local users spam mails. Humm...strange Not at all; try reading what Wietse wrote. reject, NOT reject_unauth_destination. mg -- John
Re: Backscatter being generated from mail aliased to other servers.
On Mon, 16 Nov 2009 13:00:26 -0700 Jim Lang post...@guscreek.com wrote: Wietse Venema wrote: Jim Lang: OK here is the scenario. Spammer sends mail to: u...@myclientsdomain.com from forged address vic...@randomdomain.com If u...@myclientsdomain.com is delivered locally, not a problem, if the address is invalid, postix rejects the mail during the smtp connection. But if u...@myclientsdomain.com is an alias to mycli...@otherserver.com, postfix accepts the mail as deliverable and forwards it to hotmail.com. But if mycli...@otherserver.com can for whatever reason not be delivered, otherserver.com does what it is supposed to do and rejects the mail during the smtp connection, which causes postfix to send out a non-delivery report to vic...@randomdomain.com -- backscatter. Is there a way to stop this? Yes. Don't forward SPAM. Wietse And how do I do that in this scenario? You use recipient verification. -- John
Re: Backscatter being generated from mail aliased to other servers.
On Mon, 16 Nov 2009 13:07:05 -0700 Jim Lang post...@guscreek.com wrote: John Peach wrote: On Mon, 16 Nov 2009 13:00:26 -0700 Jim Lang post...@guscreek.com wrote: Wietse Venema wrote: Jim Lang: OK here is the scenario. Spammer sends mail to: u...@myclientsdomain.com from forged address vic...@randomdomain.com If u...@myclientsdomain.com is delivered locally, not a problem, if the address is invalid, postix rejects the mail during the smtp connection. But if u...@myclientsdomain.com is an alias to mycli...@otherserver.com, postfix accepts the mail as deliverable and forwards it to hotmail.com. But if mycli...@otherserver.com can for whatever reason not be delivered, otherserver.com does what it is supposed to do and rejects the mail during the smtp connection, which causes postfix to send out a non-delivery report to vic...@randomdomain.com -- backscatter. Is there a way to stop this? Yes. Don't forward SPAM. Wietse And how do I do that in this scenario? You use recipient verification. I must have been really inarticulate when I wrote out the scenario. I do use recipient verification on my server. How is it that that is not clear? Do I need to rewrite this post? Clearly, you are *NOT* doing recipient verification, or myotherserver.com would not be rejecting it. Never accept mail which cannot be delivered. -- John
Re: Adding headers in Postfix mails
On Wed, 28 Oct 2009 08:43:34 + Sharma, Ashish ashish.shar...@hp.com wrote: Hello, I am unable to see the following headers in e-mails received on my Postfix e-mail receiving server: 1. Return-Path 2. Received: from Similar to header on gmail Received: from dev16 ([123.123.123.123]) by mx.google.com with SMTP id ; Tue, 27 Oct 2009 05:52:56 -0700 (PDT) 3. Return-To: Please suggest me what should I do to add these headers in the received e-mails. Thanks in advance. Configure your MUA to show them. -- John
Re: Adding headers in Postfix mails
On Wed, 28 Oct 2009 12:22:43 + Sharma, Ashish ashish.shar...@hp.com wrote: John Thanks for the reply. But please post some reference link or samples as I am unable to understand your answer. It is not a function of postfix; you need to configure whatever mail-reading program you use to show them. [snip] -- John
Re: smtp client and aliased addresses
On Wed, 30 Sep 2009 01:03:36 +1000 Barney Desmond barneydesm...@gmail.com wrote: 2009/9/30 Postfix User post...@linuxnet.ca: I've since implemented an iptables SNAT rule as a temporary workaround as I really needed this working this morning. I doubt this will interfere with the verbose logging output. What exactly is it I should be looking for? Can you show us some proof that it's not working? Eg. send mail via that machine and show the headers that appear on the receiving end. If you really want to use iptables, I'd use it for logging first. Just some trivial rules. iptables -I OUTPUT -s 142.22.75.146 -p tcp --dport smtp -m state --state NEW iptables -I OUTPUT -s 142.22.75.147 -p tcp --dport smtp -m state --state NEW Send some mail and check your packet counters with `iptables -L OUTPUT -vn` I don't doubt that you're seeing some sort of problem, but we need more evidence to believe there's actually something broken/wrong with postfix. I wouldn't bother turning on verbose logging just yet; I'm not sure it'll show the source address, and it's a lot of information to wade through (and noone here will read through it unless they're sure there's a problem that needs it). Why would you think there's a problem? Postfix does not determine what interface is used for outbound email. The OS routing tables do that, so iptables will do what he wants. -- John
Re: relayhost and authentication
On Tue, 15 Sep 2009 16:06:54 +0200 K bharathan kbhara...@gmail.com wrote: if the relay host has got a username and password how can i specify these in the main.cf a google on this showed me the following: relayhost = smtp.example.com:25 smtp_sasl_auth_enable=yes smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd smtp_sasl_security_options= /etc/postfix/sasl_passwd: smtp.example.com userid:password is it the proper way of doing it? guidance appreciated bharathan relayhost = [smtp.example.com] [smtp.example.com] userid:password -- John
Re: postfix mx check
On Mon, 3 Aug 2009 22:11:49 +0800 sosogh sos...@126.com wrote: 2009-08-03 21:02:01 Udo Mueller wrote: My question: Is it possible to disable the domain check an let postfix send these emails to me.vodafone.com Yes.You can use transport_maps http://www.postfix.org/transport.5.html debian:/etc/postfix# postconf -e 'transport_maps = hash:/etc/postfix/transport_maps.txt' add this line into file /etc/postfix/transport_maps.txt vf.uk.vodafone.com smtp:vodafone.com debian:/etc/postfix# postmap /etc/postfix/transport_maps.txt debian:/etc/postfix# /etc/init.d/postfix reload ...and you would really expect vodafone to accept those emails? -- John
Re: temporary errors for DNS
On Mon, 13 Jul 2009 14:25:01 +0200 Keld J__rn Simonsen k...@dkuug.dk wrote: On Mon, Jul 13, 2009 at 07:07:01AM -0400, Charles Marcus wrote: On 7/13/2009, Keld J__rn Simonsen (k...@dkuug.dk) wrote: I am getting it via fetchmail snip If you are getting it through fetchmail, then the message has already been delivered... so you MUST NOT reject it later, *especially* if it is spam - unless of course you really *want* to end up blacklisted... OK, I want to DISCARD it then. Is that possible? And why would I end up being blacklisted for rejecting spam, already received at one of my mailboxes? http://lmgtfy.com/?q=backscatter -- John
Re: temporary errors for DNS
On Mon, 13 Jul 2009 15:24:04 +0200 Keld J__rn Simonsen k...@dkuug.dk wrote: [snip] # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtpinetn - y - - smtpd -v It is chrooted. -- John
Re: backscatter
On Sat, 4 Jul 2009 20:46:16 -0600 LuKreme krem...@kreme.com wrote: On 3-Jul-2009, at 20:35, Andrew Thompson wrote: what is the hate for backscatter founded in? Wait until you get hundreds of thousands of backscatter where someone has sent out spams with your user name as the From: address and helpful mail systems bounce them 'back' to you since your address is in the From: header. This is known as a 'joe-job' and it sucks. Besides that, a lot of spammers sent mail out with forged from addresses so that if the spam isin't delivered to the To: i t might be delivered by some retarded mailserver to the forged From. http://www.backscatterer.org/?target=usage well worth looking at -- John
Re: nobody is going to write a new MTA
On Thu, 28 May 2009 11:56:38 +0200 Ralf Hildebrandt ralf.hildebra...@charite.de wrote: Turns out Wietse was wrong: http://lwn.net/SubscriberLink/334866/fffe7b1a0716c0e4/ All political; no real rational reasoning for it -- John
Re: Consistent Entry Stuck in Queue
On Fri, 22 May 2009 19:23:33 +0200 mouss mo...@ml.netoyen.net wrote: Carlos Williams a __crit : [snip] Content-filter at server.us wrote: A message from jthras...@server.us to: - jthras...@server.us was considered unsolicited bulk e-mail (UBE). Our internal reference code for your message is 16433-01/qNJBp5TNkzDa The message carried your return address, so it was either a genuine mail from you, or a sender address was faked and your e-mail address abused by third party, in which case we apologize for undesired notification. We do try to minimize backscatter for more prominent cases of UBE and for infected mail, but for less obvious cases of UBE some balance between losing genuine mail and sending undesired backscatter is sought, and there can be some collateral damage on both sides. First upstream SMTP client IP address: [88.255.159.190] unknown According to a 'Received:' trace, the message originated at: [88.255.159.190], [88.255.159.190] unknown [88.255.159.190] Return-Path: jthras...@server.us Message-ID: 173702817170361.uflfwryznisq...@[88.255.159.190] Subject: Come to my place Delivery of the email was stopped! ** so some filter (at server.us?) is bouncing mail it considers possibly spam. This is a bad idea. once mail has been accepted by postfix, subsequent relays/filters/whatever should no more bounce. if spam is bounced to an innocent who never sent anything, you'll get in trouble... and even if not, you know it is bad to hit innocents whose email address was forged. [snip] Looks worse than that: host -t mx server.us server.us mail is handled by 10 cm1.dnsmadeeasy.com. So they're not the primary MX and they're bouncing it. -- John
Re: What makes a postfix server behave this way?
On Tue, 24 Mar 2009 15:05:52 +0100 suomi post...@ayni.com wrote: [snip] In the postfix log, where the php-pear-Mail-Mime client sends all mails, for the mail in question I find the following: Mar 20 09:00:01 smtphost postfix/smtpd[3990]: connect from senderhost.mydomain.com[xxx.xxx.xxx.163] Mar 20 09:00:01 smtphost postfix/smtpd[3990]: disconnect from senderhost.mydomain.com[xxx.xxx.xxx.163] and no more. I am sure that the above log entry corresponds to the failed mail, because in the application log I can see that the person sent the message exactly at 09:00:01. postfix on the smtphost is not busy, the last message before the failed was processed at 08:56:15 and the next message after the failed was processed at 09:38:29. I also checked to see that no empty mail addresses had been sent in the recipient list. Test with this application are very delicate, because I cannot send interminable test-mail to the entire mail-list. Where could I try to find the error in this case? Thank you very much in advance. On the client side; it connected and disconnected without doing anything.
Re: DNS lookups not working?
On Tue, 10 Feb 2009 21:50:26 +0800 jan gestre ipcopper...@gmail.com wrote: [snip] I have this same problem that I was not able to solve for almost a week now. I posted too on various mailing lists including this (mail from gmail and yahoo are blocked), some suggested to install a caching nameserver but obviously in your case it doesn't work too. Replaced OpenDNS with other DNS server to no avail, still the same result. If rbl is enabled all incoming emails were blocked so I have no recourse but to turn it off, caveat is I've got lots of SPAM. Also I don't have Postfix in chroot environment. Here's my log: Feb 10 21:34:46 kartero postfix/smtpd[14176]: NOQUEUE: reject: RCPT from wf-out-1314.google.com[209.85.200.172]: 554 5.7.1 Service unavailable; Client host [209.85.200.172] blocked using bl.spamcop.net; from=ipcopper...@gmail.com to=jan.ges...@ddb.com.ph proto=ESMTP helo=wf-out-1314.google.com It's working exactly as you configured it. If you want that mail, remove bl.spamcop.net from your checks...
Re: No reason not to use reject_unverified sender (was Re: reject_unverified_sender vs greylisting)
On Tue, 10 Feb 2009 18:49:05 + Jo__o Miguel Neves joao.ne...@intraneia.com wrote: Charles Marcus escreveu: Here's a link informing why indiscriminate use of SAV is bad, and what it should be used for: http://www.backscatterer.org/?target=sendercallouts OK, I've finished reading and analyzing that text. My conclusion is that there's no reason not to use reject_unverified sender. In this answer I'm assuming 1) the postfix implementation of SAV and that any implementation and 2) that MTAs implement the RFCs (so they have a configuration that matches, for instance, the Book of Postfix). [snip] Have I missed anything? Yes; your domain so that I can block it.
Re: TLS and Avast anti-virus
On Mon, 17 Nov 2008 16:32:32 -0500 brian [EMAIL PROTECTED] wrote: A client who uses Windows/Thunderbird is reporting the following error when attempting to connect to her INBOX: TLS not supported by avast mail scanner. She needs to disable mail-scanning in Avast.
Re: Spammers abusing my postfix box
On Tue, 11 Nov 2008 09:39:32 -0300 Jaap Westerbeek [EMAIL PROTECTED] wrote: Ok the (or some) spammer came back. For some reason everything seems to originate from localhost, which isn't telling me much. Where to look , what to do ? [snip] You need the log entries for the email BEFORE it gets fed into amavisd-new.
Re: Can Anyone Make Sense of This Log Entry?
On Fri, 31 Oct 2008 18:09:37 + (UTC) Duane Hill [EMAIL PROTECTED] wrote: Responding to the original message... On Fri, 31 Oct 2008, Asai wrote: [snip] They may be having issues or you may be on their private blacklist. worldswidedomainnames.com isn't even a registered domain name. worldwidedomainnames.com *is* and I would want to blackhole them
Re: Can Anyone Make Sense of This Log Entry?
On Fri, 31 Oct 2008 11:29:04 -0700 Asai [EMAIL PROTECTED] wrote: John Peach wrote: On Fri, 31 Oct 2008 18:09:37 + (UTC) Duane Hill [EMAIL PROTECTED] wrote: Responding to the original message... On Fri, 31 Oct 2008, Asai wrote: [snip] They may be having issues or you may be on their private blacklist. worldswidedomainnames.com isn't even a registered domain name. worldwidedomainnames.com *is* and I would want to blackhole them Ok, thanks guys. John, when you say blackhole them what do you mean? I've been looking for a way to blacklist conveniently using MySQL. Do you know of a way? Not with my*sql, per se, but you can reject them based on all sorts of criteria. host -t mx worldwidedomainnames.com worldwidedomainnames.com mail is handled by 0 dev.null. That would block them at a lot of sites... check_sender_mx_access hash:/etc/postfix/mx_access dev.nullREJECT host -t ns worldwidedomainnames.com worldwidedomainnames.com name server this-domain-for-sale.com. worldwidedomainnames.com name server ns.buydomains.com. check_sender_ns_access hash:/etc/postfix/ns_access this-domain-for-sale.comREJECT buydomains.com REJECT etc...
Re: valid_hostname chokes on trailing dot
On Wed, 01 Oct 2008 12:40:57 -0400 Chad Whitacre [EMAIL PROTECTED] wrote: Please cite the relevant section of the relevant RFC. Happy to if you point me to it. I'm not an expert. Is this the right place? https://tools.ietf.org/html/rfc5321#section-2.3.5 If it is, it does not back up your assertion that a trailing dot is part of the FQDN. -- John