Re: update: 1 mail stoped by 1 user. Now it is 2 users and I noticed something.
The postcat -q -eh command does not work. It does not like the -e??? What do I need to do? Thanks, Josh - Original Message - From: "Viktor Dukhovni" To: Sent: Tuesday, September 17, 2013 2:33 PM Subject: Re: update: 1 mail stoped by 1 user. Now it is 2 users and I noticed something. On Tue, Sep 17, 2013 at 02:04:55PM -0600, Josh Cason wrote: So this is a update. I had put a few days ago. I said 1 mail was stopped by 1 user in the incoming directory. Then goes away without a error. Well I now have 2 users. But I noticed something the other day and on this user. It has a pair of ?? marks on it. So I did a search but still did not provide any answers. Most of that type went through no problem. The other update was there was on some email. It showed up a few hours later. I'm still trying to see that in my logs. But what would cause a message to hang out in the incoming that long. When all the other go through? Size? I did finally see a bounce back. I'll look into that too. See if I can find out what it says. The above is a bunch of speculative noise. To report a problem: - Provide configuration information (postconf -n, master.cf, ...) - Provide detailed related logging (matching the queue-id and any related earlier messages from processes with the same pid). Also any related logging from master(8) about its child processes. - Show a long listing of the problem queue file with permissions and modification time as well as the current time reported by "date". - Show the output of "postcat -q -eh " for the problem queue-id. Messages for which the SMTP client never sends "." may sit (incomplete) in incoming for some time. Also if your operating system has buggy poll or epoll code, daemon processes may hang intermittently and be killed by the watchdog timer. A message is incomplete while its permissions are 0600, and changes to 0700 once cleanup(8) has received and post-processed (perhaps via a milter) the entire message. Without real evidence, you're on your own. -- Viktor. -- This message has been scanned for viruses and dangerous content by Galaxy Mail Server, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Galaxy Mail Server, and is believed to be clean.
Re: update: 1 mail stoped by 1 user. Now it is 2 users and I noticed something.
Sorry. But I'll have to wait for another one to get stuck. As for the one I thought was a error message back from the system. It was just a normal message. So once one get stuck. I double check my findings and get you a ls - l from it. Thanks, Josh - Original Message - From: "Wietse Venema" To: "Postfix users" Sent: Tuesday, September 17, 2013 2:24 PM Subject: Re: update: 1 mail stoped by 1 user. Now it is 2 users and I noticed something. Josh Cason: So this is a update. I had put a few days ago. I said 1 mail was stopped by 1 user in the incoming directory. Then goes away without a error. Well I now have 2 users. But I noticed something the other day and on this user. It has a pair of ?? marks on it. Please provide a complete line of "ls -l" output with the mystery file's name and permissions. So I did a search but still did not provide any answers. Most of that type went through no problem. The other update was there was on some email. It showed up a few hours later. I'm still trying to see that in my logs. Postfix logs the queue file name when the file is created. For example: Sep 17 00:47:47 spike postfix/smtpd[54896]: 3cfBdb4G3tzjymn: client=unknown[61.164.179.222] Sep 17 01:05:06 spike postfix/pickup[54595]: 3cfC1Z1qMXzjymp: uid=1001 from= What does the logging look like for your mystery file? This means you need to search the mail logfile. But what would cause a message to hang out in the incoming that long. When all the other go through? Size? The universe of possibilities is too large to speculate. This question is best answered if you can provide Postfix logfile records for the file's arrival and delivery. This means you need to search the mail logfile. Wietse -- This message has been scanned for viruses and dangerous content by Galaxy Mail Server, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Galaxy Mail Server, and is believed to be clean.
update: 1 mail stoped by 1 user. Now it is 2 users and I noticed something.
So this is a update. I had put a few days ago. I said 1 mail was stopped by 1 user in the incoming directory. Then goes away without a error. Well I now have 2 users. But I noticed something the other day and on this user. It has a pair of ?? marks on it. So I did a search but still did not provide any answers. Most of that type went through no problem. The other update was there was on some email. It showed up a few hours later. I'm still trying to see that in my logs. But what would cause a message to hang out in the incoming that long. When all the other go through? Size? I did finally see a bounce back. I'll look into that too. See if I can find out what it says. once again thanks for all the help. EX: 7E20810D800E?? Thanks, Josh -- This message has been scanned for viruses and dangerous content by Galaxy Mail Server, and is believed to be clean.
Re: 1 mail being stuck in incoming mail queue.
The two entries in log file. I change a few things to protect my mail server, client and sender. But you should get the idea. This is how my mailserver system is setup. cisco router - assp spam filter - postfix mailserver with mailscanner. It is suspose to go to the hold folder. So MailScanner can pick it up. But never makes it to that folder. I thought perhaps the assp was cutting out to soon on the message. I have some disconnects around that time. But if that was the case I thought I would have found more. But I observered most of the day and have been running this assp setup for 2 months. Everything goes fine. Before that was postini - router - postfix with mailscanner. I did check the assp log and say the message went just fine. No errors. Thinking maybe it was disconnecting to soon. But the servers are on the same shelve with the same switch on the same network. I asked my client if the if there customer was sending the mail was getting a error message. He did not know. They just know the email was not showing up. So I checked my normal spots. No dice. Then that is when I found it stuck in the incoming folder. I see the email three times in the log. All next to each other. I see the connection from my spam filter. The hold header on the messag and the third time with a message id. Sep 11 17:29:38 primary postfix/cleanup[25098]: 054AC10D800E: hold: header Received: from BOZO2.onsite.local (spamfilter.mydomain.com [172.16.0.188])??by primary.mydomain.cc ) with ESMTP id 054AC10D800E??for ; Wed, 11 Sep 2013 17:29:36 -0600 (M from spamfilter.mydomain.com[172.16.0.188]; from= to= proto=ESMTP helo= Sep 11 17:29:38 primary postfix/cleanup[25098]: 054AC10D800E: message-id=<4e653ecbe3cd403bb 5254d7554e43fd9@BOZO2.onsite.local> I hope this helps some more. Unelss I need to turn on debugging or missing it. I didn't see any error messages in the maillog. That the first thing I looked for was error messages. Then I have something to follow. Thanks, Josh - Original Message - From: "Viktor Dukhovni" To: Sent: Wednesday, September 11, 2013 2:44 PM Subject: Re: 1 mail being stuck in incoming mail queue. On Wed, Sep 11, 2013 at 02:15:34PM -0600, Josh Cason wrote: I have this 1 email from 1 company from 1 person who for some reason gets stuck in the incoming folder. Mail After it goes through. Mail Before it goes through. The maillog show the message showing up. Then that is it. The file stays in chmod 600. I found a suggestion of putting -v behind pickup. All that seemed to do was reqeue the message each time restarted postfix and get stuck again. I have never had any problem before with postfix. That I know of. Messages in the incoming directory that are mode 0600 are in the process of being received by the cleanup(8) service. The entire message has not yet been received, and so naturally does not get delivered. If there is a cleanup(8) process with the queue file open for write, the problem is upstream in smtpd(8) or remote sender or in pickup(8). Look for problem reports from cleanup(8) in your logs. Does the message arrive from outside via SMTP or is it submitted locally? Does pickup(8) or smtpd(8) log any problems? -- Viktor. -- This message has been scanned for viruses and dangerous content by Galaxy Mail Server, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Galaxy Mail Server, and is believed to be clean.
1 mail being stuck in incoming mail queue.
I have this 1 email from 1 company from 1 person who for some reason gets stuck in the incoming folder. Mail After it goes through. Mail Before it goes through. The maillog show the message showing up. Then that is it. The file stays in chmod 600. I found a suggestion of putting -v behind pickup. All that seemed to do was reqeue the message each time restarted postfix and get stuck again. I have never had any problem before with postfix. That I know of. If I restart the postfix. The message goes away and is never delivered. Need the first step of that to do. Perhaps I can manually push the file through? Thanks, Josh -- This message has been scanned for viruses and dangerous content by Galaxy Mail Server, and is believed to be clean.
one mail account that needs to foward a copy of the mail to another account
I had a request to take a internal mail account that receives email and need to copy that information to another account. I can do a aliase but that just fowards the mail not make a copy. I'm using postfix, mysql, and postfix.admin. I will answer any other questions. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
re: (graylisting) better spam filter for postfix
I treid grey listng and don't use it because too many servers were not re-sending the e-mail back asap. Alot did and there was no problem. But some took up to a day to retry the message. I remeber reading about DPSAM. Also going to look at amavisd-new and assp. I like the idea of calling it a engine when using mutiple applications. Thanks for the sugguestions, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Better spam filter for postfix
As most of you guys know. I use mailscanner. I would like recomendations of what else to use. I prefer a all in one package like what mailscanner does. It also utilizes clamav and spamassion. The problem is most of the information I find on the net is outdated or for projects that stops. Seems like everybody has there way of dealing wiht spam filterting. So This is a ask of what you guys find the most usefull. I'm hosting mutiple domains (virtual via mysql) so I cannot be sepecific to each one. Also I'm using postini with some but not all the domains. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
re: spam that does get through looks normal.
I do accept mail besides postini. But when I track this mail (spam) back it is comming through postini. What I'm seeing is a spike in spam. This will normally last for 1 week or so then stop. But during that time. All heck breaks loose for me. I admin other domains besides mychoice.cc. Some use postini. Some don't. 2 of them post use postini and I verified the spam is being delivered from the postini servers. Basicly after 1 week or less or what not postini stops the spam or the spammers move on. As in this case. THe ones I got look like rejections. However, postini seems to treat them like normal e-mail messages. I talked to the provider we get postini from and no problem was found plus by the time I get done looking into it more. The spam goes down. Though I'm still getting spam messages. I wish I could catch some of this my mail queue as stated before. I will also look into more spam assasian settings too. Current Postfix config file. alias_maps = hash:/etc/aliases allow_percent_hack = no biff = no broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 delay_warning_time = 4h disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.4.7-documentation/html inet_interfaces = localhost, 172.16.0.185 invalid_hostname_reject_code = 554 local_recipient_maps = $virtual_mailbox_maps local_transport = virtual mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_backoff_time = 8000s maximal_queue_lifetime = 7d message_size_limit = 2560 minimal_backoff_time = 1000s multi_recipient_bounce_reject_code = 554 mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = $config_directory/mynetworks newaliases_path = /usr/bin/newaliases.postfix non_fqdn_reject_code = 554 notify_classes = resource,software proxy_interfaces = 24.117.29.115 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.4.7-documentation/readme recipient_delimiter = relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf relay_domains_reject_code = 554 relay_recipient_maps = mysql:/etc/postfix/mysql_relay_recipient_maps.cf relayhost = mail.cableone.net sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_helo_timeout = 60s smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/access, reject_unknown_client smtpd_data_restrictions = reject_multi_recipient_bounce,permit smtpd_delay_reject = yes smtpd_discard_ehlo_keywords = silent-discard, dsn smtpd_error_sleep_time = 20s smtpd_hard_error_limit = 12 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, regexp:/etc/postfix/helo.regexp, permit smtpd_junk_command_limit = 2 smtpd_recipient_limit = 30 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,check_client_access hash:/etc/postfix/access,reject_unauth_destination, reject_non_fqdn_recipient,reject_unknown_sender_domain, reject_invalid_hostname,reject_unknown_recipient_domain, reject_unauth_pipelining,reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org,reject_rbl_client dsn.rfc-ignorant.org,reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit smtpd_soft_error_limit = 3 strict_rfc821_envelopes = yes swap_bangpath = no unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 450 unknown_relay_recipient_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_co
re: spam that does get through looks normal.
No the message is different. Like this time around they look like this: This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed. authentical...@raisley.com Final-Recipient: rfc958;authentical...@raisley.com Action: failed Status: 1.2.0 I prefer not keeping a long list of block. I would like to stop this garbage before it gets to me. The domain and mail address changes though. Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
spam that does get through looks normal.
I have now went through my config so I will post it if needed. What I'm facing now is spam that looks normal. Looks like a reject but is not in some cases. The problem is that since these e-mails are delivered to the user account. I really don't have an example to post from the q. I use postini, mailscanner, that uses clamav and spamassasian. That does a good job but I still get spam through. Even on top of using outlook 2003 / 2007 spam filter. The current small batch of say 5 messages looked like rejects. Sure I can look at the header and see what server they are comming from. In fact some of the messages are from postmaster at whatever server. But it does not matter. This spam slips through and I'm told about it. I cannot tell them to black list the address since it keeps changing. I think I need a better spam filter or to change some settings. But how do you kill mail that looks normal? (I think I asked this before. So plz forgive me if I did. Perhaps this plea for help for have some new ideas) Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Postfix helo.regexp file for stopping same to/from address
A while back I setup a helo.regexp file. I have changed it around a bit. I'm trying to stop e-mail that is sent to/from the same e-mail address but not my system. The idea was if they are sending mail to themselves from my ip address. It would be blocked. Example from my test server: /^webserv\.idahofur\.com$/ 550 Don't use my own hostname /^216\.201\.76\.183$/ 550 Don't use my own IP address /^[0-9.]+$/ 550 Your software is not RFC 2821 compliant /^[0-9]+(\.[0-9]+){3}$/ 550 Your software is not RFC 2821 compliant Example from my log: Jun 13 20:10:45 primary postfix/smtpd[1322]: connect from exprod6mx190.postini.com[64.18.1.42] Jun 13 20:10:47 primary postfix/smtpd[1322]: AB47810D8005: client=exprod6mx190.postini.com[64.18.1.42] Jun 13 20:10:49 primary postfix/cleanup[1325]: AB47810D8005: hold: header Received: from psmtp.com (exprod6mx190.postini.com$ Jun 13 20:10:49 primary postfix/cleanup[1325]: AB47810D8005: message-id=<20100614021047.ab47810d8...@primary.mychoice.cc> Jun 13 20:10:49 primary MailScanner[28889]: New Batch: Scanning 1 messages, 12557 bytes Jun 13 20:10:49 primary MailScanner[28889]: Spam Checks: Starting Jun 13 20:10:49 primary MailScanner[28889]: Expired 1 records from the SpamAssassin cache Jun 13 20:10:49 primary postfix/smtpd[1322]: disconnect from exprod6mx190.postini.com[64.18.1.42] Jun 13 20:10:50 primary MailScanner[28889]: Virus and Content Scanning: Starting Jun 13 20:10:55 primary MailScanner[28889]: Requeue: AB47810D8005.4CC84 to EA43910D8139 Jun 13 20:10:55 primary MailScanner[28889]: Uninfected: Delivered 1 messages Jun 13 20:10:55 primary postfix/qmgr[20454]: EA43910D8139: from=, size=11920, nrcpt=1 (queue active) Jun 13 20:10:55 primary MailScanner[28889]: MailScanner child dying of old age Jun 13 20:10:55 primary postfix/virtual[1337]: EA43910D8139: to=, relay=virtual, delay=8.9, delays=8$ Jun 13 20:10:55 primary postfix/qmgr[20454]: EA43910D8139: removed Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
RE: (solved) Installing smtp auth did not help my spam issue Below is example
First of all thank you so much for helping me. I found it was a hacked user account in the e-mail system. Not only did they use his e-mail account they used his webmail too. Once I changed his password. As of yet they have gave up trying. I'm amazed I did not catch this sooner. I did catch something was up in his user account. But it was not until I installed sasl that I was able to catch the other half. It then told me enough and I was able to track down the ip number. The over sea and all universe ip numbers. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
RE: (mailscanner?) Installing smtp auth did not help my spam issue Below is example
So did I setup mailscanner wrong or is this just one of those horrible designs. I was thining at one time that mailscanner was messing with e-mail and I temporary disabled it. But didn't change anything. Just got more spam. Also I sent that guy a e-mail asking if he mutiple listed. But I find this portion strange. to me that looks like a route. Jun 7 08:57:22 primary MailScanner[31851]: Virus and Content Scanning: Starting Jun 7 08:57:26 primary MailScanner[31851]: Requeue: 8A42710D8005.354D5 to 3378410D8139 Jun 7 08:57:26 primary MailScanner[31851]: Uninfected: Delivered 1 messages Jun 7 08:57:26 primary postfix/qmgr[23472]: 3378410D8139: from=, size=1172, nrcpt=20 (queue active) Jun 7 08:57:27 primary postfix/smtp[32286]: 3378410D8139: host mx2.mail.eu.yahoo.com[77.238.184.241] refused to talk to me:$ Jun 7 08:57:27 primary postfix/smtp[32283]: connect to mx5.hushmail.com[65.39.178.164]: No route to host (port 25) Why would a "from fk0...@gmail.com" be in there. This address comes up alot more and as you seen in my previous posts. That is the spamming address. At least this time around. All other proper e-mails have just a from/to correctly. But not this run and related to this message number. Is this just a horrible type of boucing or msg sending? Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
RE: (grep followed msg) Installing smtp auth did not help my spam issue Below is example
Now this has always been puzzling. This looks like a spam from a customers machine. They swear up an down there machine is clean. The are also a good friend of the boss. Well he knowns them. What I did was grep the 2E3F10D8005 and then did another grep when 7F92C10D8193 via mailscanner. Thanks, Josh Jun 7 08:57:28 primary postfix/smtpd[32012]: 2E03F10D8005: client=primary.mychoice.cc[172.16.0.185], sasl_method=PLAIN, sasl_username=p...@mychoice.cc Jun 7 08:57:28 primary postfix/cleanup[32032]: 2E03F10D8005: hold: header Received: from localhost (primary.mychoice.cc [172.16.0.185])??(Authenticated sender: p...@mychoice.cc)??by primary.mychoice.cc (Postfix) with ESMTP id 2E03F10D8005;??Mon, 7 Jun 2010 08:57:28 -0600 ( from primary.mychoice.cc[172.16.0.185]; from= to= proto=ESMTP helo= Jun 7 08:57:28 primary postfix/cleanup[32032]: 2E03F10D8005: message-id=<20100607085728.zpp6nrf09skcs...@www.mychoice.cc> Jun 7 08:57:30 primary MailScanner[31332]: SpamAssassin cache hit for message 2E03F10D8005.C2137 Jun 7 08:57:34 primary MailScanner[31332]: Requeue: 2E03F10D8005.C2137 to 7F92C10D8193 - this is were is was changed via mailscanner Jun 7 08:57:34 primary postfix/qmgr[23472]: 7F92C10D8193: from=, size=1172, nrcpt=20 (queue active) Jun 7 08:57:34 primary postfix/smtp[32286]: 7F92C10D8193: to=, relay=mx1.hotmail.com[65.55.92.168]:25, delay=6.5, delays=6.1/0.01/0.23/0.19, dsn=2.0.0, status=sent (250 <20100607085728.zpp6nrf09skcs...@www.mychoice.cc> Queued mail for delivery) Jun 7 08:57:34 primary postfix/smtp[32284]: 7F92C10D8193: to=, relay=mx3.hotmail.com[65.54.188.94]:25, delay=6.5, delays=6.1/0.01/0.33/0.1, dsn=2.0.0, status=sent (250 <20100607085728.zpp6nrf09skcs...@www.mychoice.cc> Queued mail for delivery) Jun 7 08:57:34 primary postfix/smtp[32285]: 7F92C10D8193: to=, relay=mx2.hotmail.com[65.55.92.152]:25, delay=6.8, delays=6.1/0.01/0.42/0.27, dsn=2.0.0, status=sent (250 <20100607085728.zpp6nrf09skcs...@www.mychoice.cc> Queued mail for delivery) Jun 7 08:57:35 primary postfix/smtp[32287]: 7F92C10D8193: to=, relay=gmail-smtp-in.l.google.com[72.14.213.27]:25, delay=7, delays=6.1/0.01/0.21/0.64, dsn=2.0.0, status=sent (250 2.0.0 OK 1275920903 d37si10986603wam.48) Jun 7 08:57:35 primary postfix/smtp[32279]: 7F92C10D8193: to=, relay=mailin-01.mx.aol.com[64.12.90.1]:25, delay=7, delays=6.1/0.01/0.62/0.23, dsn=5.1.1, status=bounced (host mailin-01.mx.aol.com[64.12.90.1] said: 550 5.1.1 : Recipient address rejected: europe.com (in reply to RCPT TO command)) Jun 7 08:57:35 primary postfix/smtp[32302]: 7F92C10D8193: to=, relay=h.mx.mail.yahoo.com[66.94.236.34]:25, delay=7.1, delays=6.1/0.04/0.22/0.76, dsn=2.0.0, status=sent (250 ok dirdel 2/1) Jun 7 08:57:35 primary postfix/smtp[32302]: 7F92C10D8193: to=, relay=h.mx.mail.yahoo.com[66.94.236.34]:25, delay=7.1, delays=6.1/0.04/0.22/0.76, dsn=2.0.0, status=sent (250 ok dirdel 2/1) Jun 7 08:57:35 primary postfix/smtp[32302]: 7F92C10D8193: to=, relay=h.mx.mail.yahoo.com[66.94.236.34]:25, delay=7.1, delays=6.1/0.04/0.22/0.76, dsn=2.0.0, status=sent (250 ok dirdel 2/1) Jun 7 08:57:35 primary postfix/smtp[32283]: 7F92C10D8193: to=, relay=mailin-01.mx.aol.com[64.12.90.1]:25, delay=7.2, delays=6.1/0.01/0.63/0.5, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5C29F3800011B) Jun 7 08:57:36 primary postfix/smtp[32300]: 7F92C10D8193: to=, relay=mx-ha01.web.de[217.72.192.149]:25, delay=8, delays=6.1/0.02/0.54/1.3, dsn=2.0.0, status=sent (250 OK id=1OLdJP-0001xq-00) Jun 7 08:57:36 primary postfix/smtp[32301]: 7F92C10D8193: host mx.wmint.net[80.247.237.14] said: 451 4.7.1 GreyShark: Grey listed for 01:00, please try again later. (in reply to RCPT TO command) Jun 7 08:57:37 primary postfix/smtp[32281]: 7F92C10D8193: to=, relay=sbcmx4.prodigy.net[207.115.20.23]:25, delay=8.9, delays=6.1/0.01/1.1/1.6, dsn=2.0.0, status=sent (250 2.0.0 o57ESNSv024475 Message accepted for delivery) Jun 7 08:57:37 primary postfix/smtp[32301]: 7F92C10D8193: to=, relay=mx.wmint.net[80.247.237.17]:25, delay=9.7, delays=6.1/0.03/3.3/0.29, dsn=4.7.1, status=deferred (host mx.wmint.net[80.247.237.17] said: 451 4.7.1 GreyShark: Grey listed for 00:59, please try again later. (in reply to RCPT TO command)) Jun 7 08:58:03 primary postfix/smtp[32282]: 7F92C10D8193: to=, relay=gmail-smtp-in.l.google.com[72.14.213.27]:25, delay=35, delays=6.1/0.01/0.17/29, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com[72.14.213.27] said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 h16si6707240rvn.68 (in reply to RCPT TO command)) Jun 7 08:58:03 primary postfix/smtp[32282]: 7F92C10D8193: to=, rela
RE: (updated main.cf file) Installing smtp auth did not help my spam issue Below is example
Current Config file. Running since friday. Now I have had major problems posting maillog files that was either not enough info, too large, or not in -V format. The first post was not in -v format because if I leave my system in that. It messes up logwatch. Plus I still tried to follow a message through and information was still missing. Sigh. Is there something to submitting a proper "maillog" log file that is not to large. I tried grep and the message number. But everybody says still missing information on previouse tries. Thanks, josh alias_maps = hash:/etc/aliases allow_percent_hack = no biff = no broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 delay_warning_time = 4h disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.4.7-documentation/html inet_interfaces = localhost, 172.16.0.185 invalid_hostname_reject_code = 554 local_recipient_maps = $virtual_mailbox_maps local_transport = virtual mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_backoff_time = 8000s maximal_queue_lifetime = 7d message_size_limit = 2560 minimal_backoff_time = 1000s multi_recipient_bounce_reject_code = 554 mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = $config_directory/mynetworks newaliases_path = /usr/bin/newaliases.postfix non_fqdn_reject_code = 554 notify_classes = resource,software proxy_interfaces = 24.117.29.115 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.4.7-documentation/readme recipient_delimiter = relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf relay_domains_reject_code = 554 relay_recipient_maps = mysql:/etc/postfix/mysql_relay_recipient_maps.cf sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_helo_timeout = 60s smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/access, reject_unknown_client smtpd_data_restrictions = reject_multi_recipient_bounce,permit smtpd_delay_reject = yes smtpd_error_sleep_time = 20s smtpd_hard_error_limit = 12 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, regexp:/etc/postfix/helo.regexp, permit smtpd_junk_command_limit = 2 smtpd_recipient_limit = 30 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,check_client_access hash:/etc/postfix/access,reject_unauth_destination, reject_non_fqdn_recipient,reject_unknown_sender_domain, reject_invalid_hostname,reject_unknown_recipient_domain, reject_unauth_pipelining,reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org,reject_rbl_client dsn.rfc-ignorant.org,reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit smtpd_soft_error_limit = 3 strict_rfc821_envelopes = yes swap_bangpath = no unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 450 unknown_relay_recipient_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_code = 554 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_create_maildirsize = yes virtual_gid_maps = static:12 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 2560 virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_map
RE: (updated main.cf file) Installing smtp auth did not help my spam issue Below is example
Current Config file. Running since friday. Now I have had major problems posting maillog files that was either not enough info, too large, or not in -V format. The first post was not in -v format because if I leave my system in that. It messes up logwatch. Plus I still tried to follow a message through and information was still missing. Sigh. Is there something to submitting a proper "maillog" log file that is not to large. I tried grep and the message number. But everybody says still missing information on previouse tries. Thanks, josh alias_maps = hash:/etc/aliases allow_percent_hack = no biff = no broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 delay_warning_time = 4h disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.4.7-documentation/html inet_interfaces = localhost, 172.16.0.185 invalid_hostname_reject_code = 554 local_recipient_maps = $virtual_mailbox_maps local_transport = virtual mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_backoff_time = 8000s maximal_queue_lifetime = 7d message_size_limit = 2560 minimal_backoff_time = 1000s multi_recipient_bounce_reject_code = 554 mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = $config_directory/mynetworks newaliases_path = /usr/bin/newaliases.postfix non_fqdn_reject_code = 554 notify_classes = resource,software proxy_interfaces = 24.117.29.115 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.4.7-documentation/readme recipient_delimiter = relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf relay_domains_reject_code = 554 relay_recipient_maps = mysql:/etc/postfix/mysql_relay_recipient_maps.cf sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_helo_timeout = 60s smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/access, reject_unknown_client smtpd_data_restrictions = reject_multi_recipient_bounce,permit smtpd_delay_reject = yes smtpd_error_sleep_time = 20s smtpd_hard_error_limit = 12 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, regexp:/etc/postfix/helo.regexp, permit smtpd_junk_command_limit = 2 smtpd_recipient_limit = 30 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,check_client_access hash:/etc/postfix/access,reject_unauth_destination, reject_non_fqdn_recipient,reject_unknown_sender_domain, reject_invalid_hostname,reject_unknown_recipient_domain, reject_unauth_pipelining,reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org,reject_rbl_client dsn.rfc-ignorant.org,reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit smtpd_soft_error_limit = 3 strict_rfc821_envelopes = yes swap_bangpath = no unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 450 unknown_relay_recipient_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_code = 554 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_create_maildirsize = yes virtual_gid_maps = static:12 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 2560 virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_map
Installing smtp auth did not help my spam issue Below is example
So I got rid of pop-before-smtp. I setup smtpd sasl. But like clockwork I'm still getting spam. I don't get it. I even found a program called test-relay-pro and it showed 16 problems until I added the sasl stuff. What I don't understand is why the difference between one of my costmers e-mail and this garbage. I could post another example of a customer using sasl. But that is fine too. I have everything I need about a customer. Yes I know about the -v in master.cf. But even with that. It doesn't give me anything usefull. I had one user on the postfix group sugguest I check the webserver and make sure that is okay. Well I did. No increase in logs. If you guys want. Go ahead and run a test on my server. See if I missed anything. mail.mychoice.cc or 24.117.29.115. Below is e-mail comming in from postini. Then below that is the spam garbage. Thanks, Josh --- this is a correct e-mail comming through via postini. Jun 6 04:29:23 primary postfix/smtpd[17205]: 2353010D8005: client=exprod6mx266.postini.com[64.18.1.62] Jun 6 04:29:24 primary postfix/cleanup[30153]: 2353010D8005: hold: header Received: from psmtp.com (exprod6mx266.postini.co$ Jun 6 04:29:24 primary postfix/cleanup[30153]: 2353010D8005: message-id=<20100606102923.2353010d8...@primary.mychoice.cc> Jun 6 04:29:24 primary postfix/smtpd[17205]: disconnect from exprod6mx266.postini.com[64.18.1.62] Jun 6 04:29:25 primary MailScanner[29770]: New Batch: Scanning 1 messages, 20816 bytes Jun 6 04:29:25 primary MailScanner[29770]: Spam Checks: Starting Jun 6 04:29:29 primary MailScanner[29770]: Virus and Content Scanning: Starting Jun 6 04:29:33 primary MailScanner[29770]: Requeue: 2353010D8005.3CEC2 to C3E2510D8139 Jun 6 04:29:33 primary MailScanner[29770]: Uninfected: Delivered 1 messages Jun 6 04:29:33 primary postfix/qmgr[29765]: C3E2510D8139: from=, size=20197, nrcpt=1 (queue active) Jun 6 04:29:33 primary postfix/virtual[17159]: C3E2510D8139: to=, relay=virtual, delay=14, delays=$ Jun 6 04:29:33 primary postfix/qmgr[29765]: C3E2510D8139: removed --- end of good example - --- below is this garbage - Jun 4 13:23:33 primary postfix/qmgr[29514]: C388610D8150: removed Jun 4 13:23:58 primary postfix/qmgr[29514]: 8A37A10D8140: from=<>, size=19455, nrcpt=1 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 89D452CB0004: from=<>, size=10574, nrcpt=1 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 8359D10D8801: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 8502210D8835: from=<>, size=15182, nrcpt=1 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 8BAC810D814F: from=<>, size=9743, nrcpt=1 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 89CE810D8811: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 8549D10D8195: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 8CA6810D8834: from=<>, size=15160, nrcpt=1 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 34EF910D880F: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 3B74F10D819B: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 3A50310D8806: from=<>, size=14980, nrcpt=1 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 6410410D819A: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 6F97A10D8800: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 625CD10D87F6: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 6DEBA10D81A7: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 6728F2CB0005: from=<>, size=14582, nrcpt=1 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 60F682CB000A: from=<>, size=5171, nrcpt=1 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 6310610D880E: from=, size=1127, nrcpt=19 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: D60E110D8839: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: DF45A10D8821: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: DD6E210D87FF: from=<>, size=21684, nrcpt=1 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: D296710D8813: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: DAFA810D882B: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 792E72CB0007: from=<>, size=10473, nrcpt=1 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 7793A10D8838: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: 7A91210D881A: from=, size=1127, nrcpt=20 (queue active) Jun 4 13:23:58 primary postfix/qmgr[29514]: E43C110D8802: from=, size=11
Convert access list to cidr but have some extra stuff. Can it go into sender_access?
Okay So I want to convert my access list into a cidr list. Since postini has a simple cidr. The problem is I have some nos...@nospam.com addresses in the access list as well as ip numbers. Can I move the addresses to the check_sender_access list? This is what is in my access list. But from what I could tell cidr only take ip addys and not email / domain names. taggedmail.com REJECT tag...@taggedmail.com REJECT dolifrontend1.installs.com OK apa...@dolifrontend1.installs.com OK steelheaddr...@qwestoffice.net OK sdrafti...@qwestoffice.net OK Would like to move these above to sender_access Then below would be the ip's for my new cidr file. 71.39.113.15 OK 71.39.117.85 OK 174.19.206.44 OK 216.161.142.136 OK thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
RE: (more info plz from Victor D.)Postini, Has bad idea for adding ip numbers. This is sendmail example
I'm just a tad confused. I currently only have one check client access file. That is /etc/postfix/access. Do I need another check client access file with postini's ip range? As below I do have a senders access list. But I don't have a recipient access list because this is mysql under virtual. I was looking at a way to do a recipient access list with mysql and Postfixadmin. But I'm trying to keep any of the files like sender_access simple. you know one time change. Then leave it with maybe quarterly updates. my sender_access list. aol.com reject_unverified_sender hotmail.com reject_unverified_sender yahoo.com reject_unverified_sender gmail.com reject_unverified_sender bigfoot.com reject_unverified_sender apa...@dolifrontend1.installs.com OK installs.com OK # Special restrictions on sender or recipient that # apply to Postini filtered traffic. Can't use IP # checks here, since you only ever see Postini IPs. # check_recipient_access ${indexed}rcpt-access, # check_sender_access ${indexed}sender-access, Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Postini, Has bad idea for adding ip numbers. This is sendmail example
So postini wants me to add there servers into the my_network list. To only accept e-mail from there servers. To me this is wrong. For send mail they wanted the below setup. Now from what I could find. Should I not be able to add the ip numbers or ranges to my access file. check_client_access hash:/etc/postfix/access --- this file? x.x.x.x OK Because I have read reports that once in a while a spam or mailbomb and I have seen a couple come through postini. It does not last long. Postini seems to be on top of the problems. But It will reroute out of my server. I read it will do this even with smtp auth in place. So I talked to you guys before about the access file and to me adding them into this file makes sense. That I will get mail from there servers. But it won't route anything out. Below is sendmail example: Add the message security system IP addresses to the hosts.allow file in the format below. (Note that the IP ranges below are an example only. IP ranges for mail transmission are system-specific, so make sure to look up the IPS for your own system). sendmail: 64.18.0.0/255.255.240.0 sendmail: 207.126.144.0/255.255.240.0 sendmail: 74.125.148.0/255.255.252.0 Restart TCP_Wrappers Sendmail 8.9.1 These instructions were created for servers using Sendmail 8.9.X. Other versions may be subtly different. Follow these steps when mail is being sent directly from spam servers/viruses and accepted by the mail server. Add this line to the mail server's sendmail.cf: Kaccess hash -o /etc/mail/access Create an /etc/mail/access, or add the message security service's IPs to the current access file as shown below. Note that the IP ranges below are an example only and are based on system 5. IP ranges for mail transmission are system-specific, so make sure to look up the IPS for your own system. You will need to use one line for each IP address, or simply specify the entire IP range. 64.18.0.2 RELAY 64.18.0.3 RELAY 64.18.0.4 RELAY Editions: This article is intended for administrators using Message Filtering, Message Filtering, Message Filtering, Enterprise Edition and Service Provider Edition. If you're using another edition, your service may include different features from those described in this article. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
re: (update)ip range other than mynetworks
I called and talk to globalpops. It is not a range. it is a ip number like this ex: 192.168.1.0 --- notice the zero. So I don't think that will work. They actually recomend what I'm going and that is smtp-auth. But still any response would be appricated. thanks, josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
ip range other than mynetworks
I decided to impliment some new security and remove pop-before-smtp. But I have some dialup users and some of them use email. The company I'm going through is global pops. I would like to add there iprange to postfix as allowed users. I looked at /etc/postfix/access list example 192.168.0.1 OK but this is per user. Not a range and ofcoures I do not want to add this to the mynetwork file. So unless I missed it. Is there a place to specify a range? Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
postfix, relayhost, and dynamic ip range though it is static
postfix, relayhost, and dynamic ip range though it is static So after fighting with rdns and sorbs issues. Well mostly sorb issues. I decided to route through our isp server. I think this fixed sorbs for complaints about it thinking it is a dynamic ip. I'll find out more. But from what I could tell with this error. ISU.EDU mail server is still complaining about my ip number. WTF? I'm also looking into postini oubound service as well. To route mail out of. host mail.cableone.net[24.116.0.226] refused to talk to me: 550 g_deny_smtp blocked this ip (24.117.29.115) 24.117.29.115 Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Delayed email after leaving my server?
I don't know how to explain this. Have you guys every heard of a problem were email is sent to another server and go stray for hours before being delivered? The only network I had problems on was verizion text message. You send a text msg from your e-mail and it goes into the verizion server. Then sometimes through the day. The person gets it. I just don't know were to start because the e-mail message has left my server and out of my hands. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
reject_unverified_sender in postfix woud like to over ride with email address
reject unverified sender is nice way to block spam. But it also blocks my other servers that really are not e-mail servers. I have tried to get around this with no luck. I have two backup servers that are not really e-mail servers. There is no route to them but they do send out information via sendmail. I would like to override the address not using the ip but the name it is sent from. (r...@priback.mydomain.com) as the example address goes. But when I put it in the client_access list. It still tries to verify the sender. I know this is the issue since when I remove the reject unverfied sender the mail goes through. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
postmaster problem with virtual and mysql
A while back I changed my aliases to use the mysql database. Well I thought everything was fine until I had a changed and relized the postmaster address was not working. Okay no problem I'll just link a postmaster address to the support account of my system. Well that is great if I send a mail to post master. But when postfix has a issue. It sends it to postmas...@primary.domainname.com instead of postmas...@domainname.com. I have two servers and so ofcourse the other one doesn't work either. secondary.domainname.com. as it goes. So all I get is a user not found. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
confused about different smtpd information in main.cf
I'm confused about the following in the main.cf smtpd_receipient_restrictions smtpd_sender_restrictions smtpd_client_restrictions smtpd_data_restrictions this I pretty much get smtpd_helo_restrictions this I pretty much get Now with postfix all of these are blank except smtpd_receipient_restrictions. The default is something simple. Based on mynetworks to let your network through and then reject unauthorized destination to block anything else. Now it has turned into a real nightmare. I treid to apply some ip numbers to the access list and it did not work. I used my test server to backtrack the problem under smtpd_client_restrictions with reject unknown client. So below is all my restrictions. If you can clean them up or recommend anything to add. It should help me have less problems. For example some people have reject at the end of most everything while other have permit or leave blank. Thanks, Josh (I use pop-before-smtp) I get confused because the quick guide to pop to smtp says to put reject_non_fqdn_recipeint. So then I ask why there and not below. Seems like everybody has there own way of doing something and as I found out today. It can cause problems. smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/access, check_client_access hash:/etc/postfix/pop-before-smtp, reject_unauth_destination, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_unknown_sender_domain, reject_unverified_sender, reject_multi_recipient_bounce, reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, check_helo_access regexp:/etc/postfix/helo.regexp, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit # Requirements for the sender details smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, check_sender_access hash:/etc/postfix/sender_access, permit (do I really need pop-before-smtp there? Somebody else had it in a example?) # Requirements for the connecting server smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/access, check_client_access hash:/etc/postfix/pop-before-smtp, reject_unknown_client, reject_rbl_client sbl.spamhaus.org, reject_rbl_client dnsbl.njabl.org, reject_unauth_destination smtpd_helo_restrictions = permit_mynetworks, regexp:/etc/postfix/helo.regexp, permit -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
RE: overidding with my networks. Better way of doing it?
Thank you for the help. Let me clear up a few things. First of all they are talking to my e-mail server but the servers we are monitoring is the customers servers These servers have one static ip from qwest. We have no control over that and have not asked qwest to fix the wrong dns issue. I have tried a few dns servers and they all come back with the wrong answer. So to make my life easy. I'm going ahead and trying the client_whitelist.cidr with just the three ip numbers of the three servers on the outside of my network since they are static. The only other thing I was able to track down. Is when we moved one server from one dsl provider to qwest. That is when that one server stopped working. I also want to know if client_whitelist would work for another issue I'm having with postini and postfix. I would like to tell my servers that e-mail comming in from postini's mail server ip numbers. To not route any mail except for mail going to the domains I host. It should do this anyway but I read of a problem with postini that allows mail to come in and re-route like an open relay. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
overidding with my networks. Better way of doing it?
I have three servers that need to send me e-mail. Two of the servers won't send say avast reports and what not. I get the following error From one server: warning: 71.39.113.15: address not listed for hostname sbs.rtgis.com From the other server: NOQUEUE: reject: RCPT from unknown[71.39.117.85]: 554 5.7.1 Client host rejed: cannot find your hostname But this is a static ip number and the mail server it is using is mine. These are customers of ours that we monitor our servers. Now If I put the extact ip address into mynetworks. It works. But I don't think that is proper. Is there another override I can use based on there ip numbers? thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Re: update to Small amount of spam still routed through server and another problem with spam
After working on some other issues. I came back to this spam problem. I once again do not have the -v. The spam I was looking at came in last wensday (I disabled the -v for a few weeks now until I can get back to it) and one difference I noticed is it does not have a hold header on it. It does not have a ip number listed with it. It does not have a machine listed with it. A typical valid e-mail customer will show up with there machine name, there ip number, and then the message is put on hold. This is all without the -v option. Why the difference? Has anybody seen any spam like that without the -v option? Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
What does postfix need to be in a dmz zone?
I have a dmz zone on my network. The postfix sits behind the dmz zone. The public IP address is translated (nat) to the dmz zone. I asked about the proxy interfaces command in the main.cf file. I was told I needed to put in the public ip address for the server. What does this do since it didn't seem to make any changes on my end regarding spam? I also disabled the src nat out on the firewall. My concern is stuff comming into the dmz zone. I'm currently watching the log to make sure all IP numbers show external. It seems like the some spam does not sport a ip number that postfix logs. As soon as I log the next attack or find a previous attack. I'll post the log. Thanks, Jsoh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Re: Pop-Before-Smtp let spam through Answered More on Firewall with postfix?
Major question: First of all can you be a little more clear on the fw setting. I need to get with my firewall guy and check with him. I'm pretty sure it is wrong. It is doing src and nat translation. I cannot get more specific since I didn't setup the fw. Better explination: I think we are on the right track with the router. This router I did not setup. The routers I setup were years ago and not this complicated. Another person setup this router on our network (he also never did something this complicated. He just knows the router we are using.) As for posting log files. If you go back into my other posts. There is some log files and a postfix config file that I posted more than once. I just didn't want to keep posting the same thing over and over again. I can if you guys want me to. The next issue is mine and not knowing what to post. I'll post a section of log file with the -v and it seems to be not completed or done wrong. So I tried to post the section that fitted my question. Don't get me wrong this is all helping. I'm weeding out all the the issues. For instance now I'm concentrating on pop-before-smtp and got my questions answered on that. So now I have a answer on the router. I'm pretty sure from what I was told. The router is setup wrong. That it is allowing postfix to see all connections as local. Thus, in my log files. It looks like stuff is comming directly from my server. Once I check the firewall/router and get that answered. If I still have quetions I'll ask. The firewall was brought up before as being a possible problem. So I asked the question what needs to be in the proxy under the postfix config file. So this is all helping. As for allowing spam through. Yes I limited the amount and it is way down. But that is why I'm trying my best to get this solved. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
re: pop-before-smtp why I use.
When I built the server after doing tons of research. (the old servers ran sendmail and I didn't have a hand in setting them up.) pop-before-smtp worked great for customers outside the network. If I disabled pop-before-smtp they would not work. Just internal users. So without any changes to the outside world in there e-mail clients. As long as they had a proper username / password it worked great. My e-mail server worked great for 1 year before (I assume this new type of spam) starting showing up in my server. Now for about 1 year I have been adding and trying different configurations to get ride of it. Seems to be a partial open relay. I don't know what it is caused by and I'm trying my best to spot or give all you helpfull people information needed to sqash this. I can't thank you enough once again for help. In this area I'm alone and don't have any help. Most people suguested paying a service to host e-mail and I'm like that is stupid. But now with my spare time involved in this. I question that. But I have two problems with spam and this is a pretty big problem. If I could squash it. Then my e-mail server would be close to perfect. Not perfect because I was the only one knowning linux and setup other linux projects that work great. Like routers, and what not. Just not so good at e-mail. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
re: pop-before-smtp should not put localhost/server ip in the list then?
So then from I could tell. Pop-Before-Smtp should not list 127.0.0.1 and the server ip number then. I guess what I'm asking is. I have this server doing multiple duties including sending logwatch and webmail from the server via localhost. This works great. But I think it might be a cause to my spamming problem. I just don't have a way to test xxx fake e-mail to go through the server from the outside to see if it gets changed and the local network sends it. Do any of you have a good e-mail test program that I can send stuff as a relay to the mychoice server. relay to relay without setting up another e-mail server or full blown server? Yes I know the server should accept outside mail. But not route outside mail that does not belong to it. That is what is currently doing. x...@yahoo.com is going to mutiple yahoo adresses via my server. (this is a example. It does alot others.) Yet my server should say oh x...@yahoo.com you have not business here. You are not going to one of my email users. So it stops it. THanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
re: (still same spam problem) Pop-Before Smtpd question and also can you quicky check the log file for issues?
The pop-before-smtp has other ip numbers in the list. I'm able to create a list using the pop-before-smtp --list command and > into a file. Then read through the ip numbers. That is how I know what is listed including 127.0.0.1 and the internal server ip number. Compared to the test server that does not includ itself in the list. As stated before I think I'm missing something. I did include a bit of the log in the last post of this message. I was wishing one of you guys would take a look at it and say yea. This or that is allowing stuff that is not suspose to through. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
re: (still same spam problem) Pop-Before Smtpd question and also can you quicky check the log file for issues?
Back to the question. I was looking at a detailed log on postfix. When it goes through the list of tests. It rejects everything until it hits pop-before-smtp. Then it says okay. When I check the database of ip numbers. It lists my server and my localhost 127.0.0.1 number. This isn't correct? Below is snippet of log. My test server does not show itself in the list of ip's or localhost. I hope I gave you guys enough info. Seems like me and the amount or little bits I post is not enough. But HOnestly I'm not 100% sure how to read the log from a start to end e-mail. I do know how to look for some errors. Like for instance if it checks against the database and it errors out. Thanks, Josh infocarejobs...@aol.com Mar 25 00:36:07 primary postfix/smtpd[16392]: ctable_locate: leave existing entry key infocarejobs...@aol.com Mar 25 00:36:07 primary postfix/smtpd[16392]: reject_unknown_mailhost: aol.com Mar 25 00:36:07 primary postfix/smtpd[16392]: lookup aol.com type MX flags 0 Mar 25 00:36:07 primary postfix/smtpd[16392]: dns_query: aol.com (MX): OK Mar 25 00:36:07 primary postfix/smtpd[16392]: dns_get_answer: type MX for aol.com Mar 25 00:36:07 primary last message repeated 3 times Mar 25 00:36:07 primary postfix/smtpd[16392]: generic_checks: name=reject_unknown_sender_domain status=0 Mar 25 00:36:07 primary postfix/smtpd[16392]: generic_checks: name=reject_unauth_pipelining Mar 25 00:36:07 primary postfix/smtpd[16392]: reject_unauth_pipelining: RCPT Mar 25 00:36:07 primary postfix/smtpd[16392]: generic_checks: name=reject_unauth_pipelining status=0 Mar 25 00:36:07 primary postfix/smtpd[16392]: generic_checks: name=permit Mar 25 00:36:07 primary postfix/smtpd[16392]: generic_checks: name=permit status=1 Mar 25 00:36:07 primary postfix/smtpd[16392]: >>> START Recipient address RESTRICTIONS <<< Mar 25 00:36:07 primary postfix/smtpd[16392]: generic_checks: name=check_client_access Mar 25 00:36:07 primary postfix/smtpd[16392]: check_namadr_access: name primary.mychoice.cc addr 172.16.0.185 Mar 25 00:36:07 primary postfix/smtpd[16392]: check_domain_access: primary.mychoice.cc Mar 25 00:36:07 primary postfix/smtpd[16392]: check_addr_access: 172.16.0.185 Mar 25 00:36:07 primary postfix/smtpd[16392]: check_table_result: hash:/etc/postfix/pop-before-smtp ok 172.16.0.185 Mar 25 00:36:07 primary postfix/smtpd[16392]: generic_checks: name=check_client_access status=1 Mar 25 00:36:07 primary postfix/smtpd[16392]: >>> CHECKING RECIPIENT MAPS <<< Mar 25 00:36:07 primary postfix/smtpd[16392]: ctable_locate: move existing entry key tmoneyrac...@hotmail.com Mar 25 00:36:07 primary postfix/smtpd[16392]: maps_find: recipient_canonical_maps: tmoneyrac...@hotmail.com: not found Mar 25 00:36:07 primary postfix/smtpd[16392]: match_string: hotmail.com ~? primary.mychoice.cc Mar 25 00:36:07 primary postfix/smtpd[16392]: match_string: hotmail.com ~? localhost.mychoice.cc Mar 25 00:36:07 primary postfix/smtpd[16392]: match_string: hotmail.com ~? localhost Mar 25 00:36:07 primary postfix/smtpd[16392]: match_list_match: hotmail.com: no match Mar 25 00:36:07 primary postfix/smtpd[16392]: maps_find: recipient_canonical_maps: @hotmail.com: not found Mar 25 00:36:07 primary postfix/smtpd[16392]: mail_addr_find: tmoneyrac...@hotmail.com -> (not found) Mar 25 00:36:07 primary postfix/smtpd[16392]: maps_find: canonical_maps: tmoneyrac...@hotmail.com: not found Mar 25 00:36:07 primary postfix/smtpd[16392]: match_string: hotmail.com ~? primary.mychoice.cc Mar 25 00:36:07 primary postfix/smtpd[16392]: match_string: hotmail.com ~? localhost.mychoice.cc Mar 25 00:36:07 primary postfix/smtpd[16392]: match_string: hotmail.com ~? localhost Mar 25 00:36:07 primary postfix/smtpd[16392]: match_list_match: hotmail.com: no match Mar 25 00:36:07 primary postfix/smtpd[16392]: maps_find: canonical_maps: @hotmail.com: not found Mar 25 00:36:07 primary postfix/smtpd[16392]: mail_addr_find: tmoneyrac...@hotmail.com -> (not found) Mar 25 00:36:07 primary postfix/smtpd[16392]: send attr request = lookup Mar 25 00:36:07 primary postfix/smtpd[16392]: send attr table = mysql:/etc/postfix/mysql_virtual_alias_maps.cf Mar 25 00:36:07 primary postfix/smtpd[16392]: send attr flags = 16384 Mar 25 00:36:07 primary postfix/smtpd[16392]: send attr key = tmoneyrac...@hotmail.com Mar 25 00:36:07 primary postfix/smtpd[16392]: private/proxymap socket: wanted attribute: status Mar 25 00:36:07 primary postfix/smtpd[16392]: input attribute name: status Mar 25 00:36:07 primary postfix/smtpd[16392]: input attribute value: 1 Mar 25 00:36:07 primary postfix/smtpd[16392]: private/proxymap socket: wanted attribute: value Mar 25 00:36:07 primary postfix/smtpd[16392]: input attribute name: value Mar 25 00:36:07 primary postfix/smtpd[16392]: input attribute value: (end) Mar 25 00:36:07 primary postfix/smtpd[16392]: private/proxymap socket: wanted attribute: (list terminator) Mar 25 00:36:07 primary postfix/smtpd[16392]: input
Proxy Setting in Main.cf + Another question (with log snippit)
My mailserver is behing a firewall that also does nat tranlastion. So the inside has a dmz zone. When you hit from the oustide you hit the outside / public ip numbers. You are hitting the firewall box. Then going in to the dmz zone. The firewall is setup to route the proper ports back and forth to the inside. Port 25/110 has two sets of rules. One incomming and one outgoing. 69.69.25.125 port 25 = 172.16.0.10 port 25. (both ways) 172.16.0.10 port 25 = 69.69.25.125 port 25. (both ways) (I don't do firewalls so my answer is limited.) example: (this is just a example with example numbers) fw: (69.69.24.123) ext pub ip for mailserver: (69.69.25.125) dmz: (172.16.0.1) mailserver on inside in dmz zone: (172.16.0.10) So for the setting via proxy / inet. Inet = localhost, 172.16.0.10 (WHAT DO I SET THIS PROXY TOO?) Proxy = 172.16.0.10 ??? Next question. (I can post more of the log if needed) This looks like a open relay. THis is the beginning of spam hitting my server then it will get routed out to other mailservers. I changed a few things to protect myself in the log file. But any ideas how to stop this? I did post my configuration file a while back and check most everything everybody was kind to sugguest. Including this proxy setting I'm asking about. Notice the strange long id in front of the www.myserver.net If it is a normal e-mail like twink...@myserver.net it gets bounced. Mar 23 20:46:44 primary postfix/smtpd[27713]: connect from mailserver.myserver.net[xxx.xx.x.xxx] Mar 23 20:46:44 primary postfix/smtpd[27713]: 6A3EE10D815B: client=mailserver.myserver.net[xxx.xx.x.xxx] Mar 23 20:46:44 primary postfix/cleanup[28671]: 6A3EE10D815B: hold: header Received: from localhost (mailserver.myserver.net [17$ Mar 23 20:46:44 primary postfix/cleanup[28671]: 6A3EE10D815B: message-id=<20100323204644.gu8pcnqs2s8wk...@www.myserver.net> Mar 23 20:46:44 primary postfix/smtpd[27713]: disconnect from mailserver.myserver.net[xxx.xx.x.xxx] Thanks for all the help, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
RE: A little bit of spam is getting through
I don't have time to post alot more info since I'm off of work on friday. But going back and looking at my log. I thought of a question a few months ago. But had not place to ask. We are behind a firewall that is doing nat translation. I got the impression that when this spam hits. It looks like it is originating from the server. At least the server ip address. Then going out. Do I need to use a proxy setting in main.cf to tell it my outside public ip number for that server? I ignored it since it seemed more for backup mx servers. As for my posting of my main.cf file. It does look better than posted. I'm going between a linux box and a winderz machine. So they looked messed up sometimes. I also saw what part of that I got off from the mail log with the -v. The message in the queue got re numbered via rules. So when I type grep the original message. In this case as listed above. It list the server ip number as comming in with some outside e-mail address we don't have. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Re: update: Small amount of spam still routed through server and another problem with spam
I checked a few setting as explained. I have a stupid question and also my results. First of all it is not just comming from postini. It once in a while wonders in from the outside. Not that I know how since all my mx records points to postini. Just random junk I suspose. The next thing is postini is not listed anyplace. Either in a white list, access list or mynetworks. The third thing is a question on mynetworks. I currently have it going to a file. On one machine I can work with and without the file This being the test machine. On the production machine. I have to have a certain number in there. 10.0.0.0/8 - This is our internal network but if I remove this or change the ip number nothing works on the production server. Error when trying to send. Now of all things the test server was built after the production server so the main.cf was copied from the production server to the test server. The only thing changed was the ip number of said machine. Since the test server is a different ip. Everything else is duplicated. Probably something I did when I setup both servers. The fouth thing is when I test the mysql database with the following. postmap -q mydomain.com mysql:/etc/postfix/mysql_virtual_domains_maps.cf If it is a valid domain I'm hosting. Then it will return back the exact domain name. If the domain is wrong. It returns back nothing. Just a blank screen. It does this for any of the mysql queies. So if query the whole e-mail address. If valid it will reply back the e-mail address. If not it will be a blank screen. I hope this helps in understanding my system better to try to fix this. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Re: Log files this time! Small amount of spam still routed through server and another problem with spam
Thanks for the help so far. I already posted my config file in the very first post. However, I will repost it. Plus an additional log file of the attack. Yes to me it seems like an open relay. As stated before when I run tests they say closed relay. As for reading the howto's. I have been through them over and over again. When I find a change or something I need to add I apply the changes. Just two weeks ago I applied a change. The week before that I cleaned up the config file for postfix. This does help get rid of alot of spam. But I still get what is posted below. A quick run down of the system again. Running, Mysql, postfix, dovecot, postfixadmin, MailScanner (uses clamav and spamassasian), postini, centos 5.X (Cannot remeber the exact version, and running this virtual with multiple domains. Posted the config file and the log file for all of you to admire my horrible work. LOL. Like I said on another post the system worked great for about 1 year then out of the blue. We get this. Yes We do have a firewall but when we block the ip number. They just change ip number. Plus as you can see this comes tthrough postini. I did run into one other person who had this issue. The fix was to add all the users to the postini database and tell postini not to accept aanything else. I don't believe that is the only fix. But yes we can block Ip and addresses. But when they spoof a valid address or ip and as said once before they change ip. Don't do me any good. This is what the attack looks like: (I have to use the -v in the main.cf file) Mar 24 00:01:50 primary postfix/qmgr[25306]: D13DE10D8837: from=, size=2922, nrcpt=30 (queue active) Mar 24 00:01:50 primary postfix/qmgr[25306]: C1EAA10D8187: from=, size=2922, nrcpt=30 (queue active) Mar 24 00:01:50 primary postfix/smtpd[2483]: D760910D8152: client=exprod6mx284.postini.com[64.18.1.71] Mar 24 00:01:51 primary postfix/smtp[2490]: C1EAA10D8187: host canit01.muw.edu[192.231.29.105] said: 451 4.3.0 Message held $ Mar 24 00:01:51 primary postfix/cleanup[2489]: D760910D8152: hold: header Received: from psmtp.com (exprod6mx284.postini.com$ Mar 24 00:01:51 primary postfix/cleanup[2489]: D760910D8152: message-id=<201003240540.o2o5emi1002...@gw.npskskip.com> Mar 24 00:01:52 primary postfix/smtpd[2483]: disconnect from exprod6mx284.postini.com[64.18.1.71] Mar 24 00:01:52 primary MailScanner[1930]: New Batch: Scanning 1 messages, 3236 bytes Mar 24 00:01:52 primary MailScanner[1930]: Spam Checks: Starting Mar 24 00:01:52 primary postfix/smtp[2490]: C1EAA10D8187: to=, relay=canit02.muw.edu[192.231.29.106]:25, delay=$ Mar 24 00:01:53 primary postfix/smtpd[2610]: disconnect from exprod6mx247.postini.com[64.18.1.147] Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.236.34$ Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.$ Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.236.34]$ Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.236$ Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.236.34]:25,$ Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.236.34]$ Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.236$ Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.236.34$ Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.236.34]$ Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.236$ Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.2$ Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.23$ Mar 24 00:01:54 primary postfix/smtp[2617]: C1EAA10D8187: to=, relay=h.mx.mail.yahoo.com[66.94.236.34$ Mar 24 00:01:54 primary MailScanner[1930]: Virus and Content Scanning: Starting Mar 24 00:01:55 primary postfix/smtp[2611]: D13DE10D8837: to=, relay=a.mx.mail.yahoo.com[67.195.16$ Mar 24 00:01:55 primary postfix/smtp[2611]: D13DE10D8837: to=, relay=a.mx.mail.yahoo.com[67.1$ Mar 24 00:01:55 primary postfix/smtp[2611]: D13DE10D8837: to=, relay=a.mx.mail.yahoo.com[67.1$ Mar 24 00:01:55 primary postfix/smtp[2611]: D13DE10D8837: to=, relay=a.mx.mail.yahoo.com[67.195.168.31]$ Mar 24 00:01:55 primary postfix/smtp[2611]: D13DE10D8837: to=, relay=a.mx.mail.yahoo.com[67.195.168.3$ Mar 24 00:01:55 primary postfix/smtp[2611]: D13DE10D8837: to=, relay=a.mx.mail.yahoo.com[67.195.168.31$ Mar 24 00:01:55 primary postfix/smtp[2611]: D13DE10D8837: to=, relay=a.mx.mail.yahoo.com[67.195.168.31]:2$ Mar 24 00:01:55 primary postfix/smtp[2611]: D13DE10D8837: to=, relay=a.mx.mail.yahoo.com[67.
Re: Small amount of spam still routed through server and another problem with spam
It isn't just aol. It is any isp system that they seem to be spamming. As I said a person connnects up. (not one of the email users). Just a random ip number. Sometimes it is postini (we use postini), aol, etc, etc. That sends one message in with mutiple reciepients. Then it sends out like say 20 or 30 or 100 messages to yahoo or aol or what not. I'll try to get a log of it. But I have to put postini in -v to get more information and wait for it to happen again. I just don't understand why my postfix system would allow anybody that is not in my mysql database to route a messages. It is not suspose to. I assume I have a configuration issue. If you look at my first post. You will see my config file. I have concluded that this might be a known issue and thus not talked about. But if that is the case. It is annoying that every once in a while I have to go and unblack list myself from some isp. Like the other day I had to request removal from verizion. They check into my system and said everything looks great. Black list removal approved. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Re: Small amount of spam still routed through server and anotherproblem with spam
First I hope I'm posting a reply back. I'll try to explain better. Since I cannot find the log I need to post. The spam comes from any place. Mostly just foreign IP numbers. Yea we could block the ip numbers but they change. We also use postini and to my surprise it even show up through them. This problem does not last more than 2 weeks if that. For instance on postini it came in for about two weeks. Not every day. Then I assume postini or whoever fixes or kicks the spammer off-line. I went with a month and a half one time with no extra junk. Then it returned. All I see is a person connecting up. Dropping a message via a ip number. With or without spoofed address. Then it goes through the system and is sent back out to like 30 recepients. These messages are pretty harmless either. Sometimes not even a link. Just a stupid message. Example last night I had somebody go over 20 (that is our number) and we are okay since it was blocked. Then what we get back is from other email servers saying connection time out or users does not exist, etc, etc. I figured either my main.cf file is allowing a open relay that my testing is not picking up or I'm already doing everything I can to fight this type of spam. Yes we even put in more firewall rules and that helped too. I did find one other person having this issue with postini in general. The answer they got was to turn on autocreate and add all valid users to postini database. The problem is this cost money for each user address and I cannot believe this is the only answer. I admit I might have configured something incorrect even though it worked for more than a year. On the other problem. We still get email that is to/from the same person and it is not from our system. I found a page that said that said if you added something it will check to see the to/from is not from your ip number and kills the message. But I cannot find that info. Even though the ip number can be spoofed. Most of what I see is not. When you look at the message. Just the to/from address matches up. The ip does not. Thanks, Josh -- This message has been scanned for viruses and dangerous content by Mychoice, and is believed to be clean.
Small amount of spam still routed through server and another problem with spam
I have two problems. I built a new postfix e-mail system that worked great for about 1 year. Then I started getting spam that comes into our system as one msg and is then routed out to mutiple e-mail addresses like aol.com. I have since update my postfix config file to block even more spam and in some cases it worked. Example: I limited the amount of mutiple e-mail receipents. But nothing have done changed this problem. The end results is we have messages blocked up in our e-mail queue (from being undelivered) and if there is say 5 incomming messages. Then we are probably get blacklisted someplace due to like 100+ to go out. Now my attempts have showed some results in over all spam. The first time it happened I got black listed in 20-30 different lists / providers. Now with all the rules. I'm down to maybe one blacklist when this happens. Yet the problem still exists (about weekly with or without being added to a blacklist). I ran all the open relay test with program that are legal and for eduational purpose only. They all come back failed. Unable to send NOT open relay. The next problem is I'm getting the to/from same users on our system. I found a page on how to deal with this. Real world example. But I'm unable to find the page to put the rules back in. I think it went under header checks. If you can point in the right direction. That would be great. Enclosed is my postfix config file. I xxx the ip numbers out. I use mysql, dovecot, postfix (virtual with mutiple domains), postfixadmin, pop-before-stmp, and mailscanner (this ofcourse works with clamav and spamassasian). I did read about some kind of access list saying x...@xxx.xxx is okay for a mysql field. But when I checked my mysql table. This is not in the list. So I can't match it to any other field. I would assume that mysql under virtual is enough to say hey if you don't match x...@xxx.xxx then don't do anything. Thanks, Josh (below is my postfix config file)(kinda messed up abit because of what I used to copy it) alias_maps = hash:/etc/aliases allow_percent_hack = no biff = no command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 delay_warning_time = 4h disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.4.7-documentation/html inet_interfaces = localhost, xxx.xx.x.xxx (removed for security) invalid_hostname_reject_code = 554 local_recipient_maps = $virtual_mailbox_maps local_transport = virtual mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_backoff_time = 8000s maximal_queue_lifetime = 7d message_size_limit = 2560 minimal_backoff_time = 1000s multi_recipient_bounce_reject_code = 554 mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = $config_directory/mynetworks newaliases_path = /usr/bin/newaliases.postfix non_fqdn_reject_code = 554 notify_classes = resource,software proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.4.7-documentation/readme recipient_delimiter = relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf relay_domains_reject_code = 554 relay_recipient_maps = mysql:/etc/postfix/mysql_relay_recipient_maps.cf sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_helo_timeout = 60s smtpd_client_restrictions = permit_mynetworks,check_client_access hash:/etc/postfix/access,check_client_access hash:/etc/postfix/pop-before-smtp,reject_unknown_client, reject_rbl_client sbl.spamhaus.org, reject_rbl_client dnsbl.njabl.org,reject_unauth_destination smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce,permit smtpd_delay_reject = yes smtpd_error_sleep_time = 20s smtpd_hard_error_limit = 12 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, regexp:/etc/postfix/helo.regexp,permit smtpd_junk_command_limit = 2 smtpd_recipient_limit = 30 smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/pop-before-smtp,check_client_access hash:/etc/postfix/access,reject_non_fqdn_recipient, reject_unlisted_recipient,reject_unknown_se