Re: Limit RCPT TO in Postfix
Quoting Claudio Prono claudio.pr...@atpss.net: Hello all, I use Postfix with mysql database for the users lookup. I have recently found an information leak with the RCPT TO command. Here is an example: telnet mailserver 25 Trying XXX.XXX.XXX.XXX... Connected to mailserver. Escape character is '^]'. 220 mailserver ESMTP helo mail 250 mailserver mail from: t...@test.com 250 2.1.0 Ok rcpt to: clau...@atpss.net 250 2.1.5 Ok rcpt to: root 250 2.1.5 Ok rcpt to: test 550 5.1.1 test: Recipient address rejected: User unknown in local recipient table How you can see, the rcpt to permit to verify the user, not only virtual but also real (like root). There is any solution to fix that information leak on my systems? Something like rcpt deny to some users, or all the real users You can use fail2ban to add a firewall DROP rule for any IPs that guess too many (configurable) bad email addresses. Terry
Re: Spam Attack on my outgoing server
On 01/12/2010 09:50 AM, Damian Rivas wrote: Yeah, I've figured out that the problem was a Firewall vulnerability issue, port 25 was open to anyone. I've fixed that and problem solved! Thanks to you all for your help and my apologies because it was not a Postfix issue at all, Don't feel bad. It's almost never a postfix issue. Terry
Re: possible problem with postfix/local??
On 12/27/2009 11:28 PM, Satish Kumar P wrote: 1. unknown user (this is really strange, if the user were unknown, postfix/smtpd would have rejected the recipient at SMTP connection itself) 2. mail forwarding loop for x...@domain.com (though we are pretty sure that the mail came to this server once - i mean not looping b/w the servers) In all the cases we observed, postfix/local fails to find the entry in alias tables. This server handles almost 7 emails daily and works perfectly except the bugging issue I mentioned above. Few details regarding our environment are as follows: Is the alias table generated dynamically? It is possible that it's not readable (still being written) at the time the lookup happens? Terry
Bypass some header_checks rules for a specific user?
Is there any way to bypass header_checks rules for a specific sender? What I'd like to do is simply not process the rest of the header_checks file if the sender matches u...@dom.ain. However this doesn't seem to be possible, since header_checks only works on a single line at a time. Any suggestions? Thanks, Terry
Re: Bounce at SMTPD level
http://forum.qmailrocks.org/archive/index.php/t-1623.html I found the above link when looking for a how to for configuring postfix to bounce email BEFORE the initial MTA transaction is complete. I can't seem to find one for postfix. I want a sending MTAs to get a 550 error if spamc/spamd determine a mail is spammy so non spam senders get some sort of feedback that their message has been tossed and not delivered. For obvious reasons you can't do this as a bounce to the From: or Reply-To: header emails so it has to happen during the initial MTA transaction. Can someone point me to a how to for this? Unless I'm misunderstanding you, what you really want is to not accept the message if it's spam. Bouncing it implies accepting it and then sending back an NDR. Although you can accomplish this with a Before Queue Filter: http://www.postfix.org/SMTPD_PROXY_README.html, it may become a performance problem and it probably not an optimal solution. Aside from anything else, it will really annoy the senders if the mail is legitimate. Terry
Re: Filtering e-mail headers : To,Cc and Bcc
Sharma, Ashish wrote: Hi, I have a Postfix mail-receiving server. I have to filter the received e-mail according to the logic: 1. Only mails sent to the recipient registered on my email server would be accepted. 2. Mails sent to the recipient registered on my e-mail server would be rejected if any other recipient of the mail has been specified in To, CC or BCC header. Now I have two options: 1. Write a mail-filter (milter), parse the incoming headers of the mail and implement the logic (I know how to do this). 2. Using custom postfix feature as listed here: http://www.postfix.org/BUILTIN_FILTER_README.html I have very less idea of option 2, and Will I be able to achieve my intended logic by option 2? If yes please give some good examples. You could implement part of what you described with header_checks and a few regular expressions, however I suspect this won't accomplish what you want to do, and won't handle bCC in any event, since BCC isn't a message header. Messages are delivered based on envelope information, not message headers. Message headers are completely irrelevant for message delivery. The recipient information is envelope information, which is transmitted during the SMTP protocol. If you really want to only allow single recipient messages, I'd suggest writing a custom plugin for a mail filter like amavis. Terry -- Terry Carmen CNY Support, LLC http://cnysupport.com
Re: Two MX servers with load balancing
Osmany wrote: Hi everyone, I have two relay servers currently working with load balancing. I want to configure both servers so that each MX relays only certain domain and the rest of the mail throws it to the other MX. Here is the idea: You can use a transport table entry as: /etc/postfix/transport otherdomain.com smtp:ip where you want to send otherdomain.com's mail Terry
Re: OT: need some advice as to distro
Centos 5.4 - while it looks like a good choice, there has been some political infighting going on recently which makes us a little nervous about its future. In addition we have found that a number of the core packages we wish to use are out of date (postfix, dovecot, amavisd-new among them). Centos is not likely to vanish, since it's just a re-branded version of Redhat Enterprise Linux. Since you already know Fedora, I'd suggest doing a base Centos install (no apps), then using the cheat sheet here: http://wiki.centos.org/HowTos/Amavisd. It sets up an additional repository that uses much more up-to-date apps than are in the Centos repository. Another option would be to install from source, which is actually not difficult at all, and is very similar to what you probably did 20 years ago, only easier. (the build scripts are much more polished than in years past). Terry
Re: Postfix/Cyrus Forwarding Question
Dennis Putnam wrote: I'm not sure if this is the right forum for this question but I don't know where else to start. I am running Postfix/Cyrus on the same server that contains user home directories. The forwarding mechanism (.forward) is, of course, working and I understand it. What I don't understand is how this mechanism works, or even if it does, when a user's home directory is on a different server than Postfix/Cyrus. In other words when Postfix/Cyrus does not have access to the user's home directory. Or is there some other delivery mechanism involved that I am missing? Thanks. Can someone explain if this can work and if, so how. If not, what do users do in that case? Postfix's local delivery agent (local) http://www.postfix.org/local.8.html handles the .forward file. If local is delivering the mail to the user's directory, it can see the .forward file and should handle it properly. If it can't see the user's home directories, it can't deliver the mail or read the forward file. However, delivery can be delegated to an alternate transport method or application, in which case local does nothing with the .forward file. If you're not sure how the mail is being delivered, it would be useful to follow a single message id in the maillog file and watch exactly what happens to it. Terry
Re: 4KB of disk space burning on a single email
Arora, Sumit wrote: You are right Joost, 4KB will be the block size... But my question is who is taking this disk space, because email is deleted already. Please show Postfix log entries showing the message being delivered to the content filter and successfully accepted and deleted as: Nov 20 13:41:10 wormhole postfix/lmtp[17080]: 81D9430101: to=te...@cnysupport.com, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.19/0/0/0.88, dsn=2.0.0 Nov 20 13:41:10 wormhole postfix/qmgr[5151]: 81D9430101: removed then try postcat -q queue id If it says: [r...@wormhole ~]# postcat -q 81D9430101 postcat: fatal: open queue file 81D9430101: No such file or directory then it's not a postfix problem. Terry
Re: query about holding mails for review...
Johan Andersson wrote: Hi, We have a slight problem with accounts being phished/hacked and spammers using them for their stuff. Servers are as safe as the customer will make them at the moment... which sadly means that some of the very mixed staff answers phishing mails and gives out their passwords from time to time... The usual mails sent from the site has form one to a few recipients with the odd one being addressed to a few more... You can also use SpamAssassin on the outbound mail and add a header_check in postfix to HOLD spammy outbound mail. The down-side is that if you do a significant volume, monitoring the hold queue can easily be a full-time job. Terry
Re: is my server an open relay?
Israel Garcia wrote: This is the postconf -n on my smarthost server. server:/etc/postfix# postconf -n append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all mailbox_size_limit = 1024000 mydestination = myhostname = server.domain mynetworks = 127.0.0.0/8 xx.xx.xx.xx #-- my.network.subnet myorigin = /etc/mailname readme_directory = no relayhost = smtpd_banner = $myhostname ESMTP $mail_name transport_maps = hash:/etc/postfix/transport With this conf, only the IPs from mynetworks relay mail throuhg the smarthost. BUT, I repeat, users can send mail from their servers using any sender address. How can I block this? You can prevent relaying by unwanted systems by properly specifying mynetworks. You can prevent access by unauthenticated users by using SASL on your smarthosts: http://www.postfix.org/SASL_README.html Although it's not appropriate for general use, you could prevent users from sending using bogus email addresses with by using Sender Address Verification on your own servers: http://www.postfix.org/ADDRESS_VERIFICATION_README.html Terry
Re: not receiving forwarded mail from postfix, all logs seem fine
Hi all, My setup is simply this: - Email sent to my domain is received by postfix on my Debian box - All email at this domain is delivered locally to me (user dan) - Using a simple .forward file, this email gets forwarded to my gmail account Maybe not the most graceful approach, but it's simple. Problem is I never get any email to my gmail account, or any other account I try to forward it to, even though the postfix logs seem entirely fine: . . . Jul 30 00:59:44 mydomain postfix/smtp[13941]: 7D04B96117E4: to=mygmailn...@gmail.com, orig_to=d...@mydomain.ca, relay=gmail-smtp-in.l.google.com[209.85.133.27]:25, delay=1.6, delays=0/0.01/0.13/1.4, dsn=2.0.0, status=sent (250 2.0.0 OK 1248933584 d35si1808699and.15) Jul 30 00:59:44 mydomain postfix/qmgr[13654]: 7D04B96117E4: removed My best guess is that Google doesn't like your IP address. Have you checked your spam folder? Terry
Re: Email Not To or From My Domain Stuck in Queue
On Wed, Jul 29, 2009 at 2:56 PM, Brian Evans - Postfix Listgrkni...@scent-team.com wrote: The server mx.dr1.us.army.mil basically said: This seems bogus to us. We don't want it, but you're welcome to try again Thats understandable but I guess I am confused as to why mx.dr1.us.army.mil is telling my Postfix server. I don't think my SMTP server was the sender or the recipient as far as I can see. I am checking my logs. The queue ids are logged. Â Grep your logs for the IDs (AA83077925B in this case) to find out where it came in. AA83077925B You're still missing the log entries where you accepted the message. Jul 29 15:09:18 wormhole postfix/smtpd[12792]: 04A7B3011F: client=english-breakfast.cloud9.net[168.100.1.7] Jul 29 15:09:18 wormhole postfix/cleanup[12795]: 04A7B3011F: message-id=d80f793f0907291209h4b681e4emaf126643edf83...@mail.gmail.com Jul 29 15:09:18 wormhole postfix/qmgr[3813]: 04A7B3011F: from=owner-postfix-us...@postfix.org, size=5593, nrcpt=1 (queue active) These may be in a previous log file. Terry
Exclude a domain from processing, and forward?
I asked a similar question on the Amavis list, but as I think about it, it might be more appropriate to handle in postfix, before the mail ever gets to amavis. Currently postfix accepts mail for a number of domains, and all mail gets sent though amavisd-new using the configuration below, and is then delivered to appropriate local users: I would like to accept all mail for one of the domains, regardless of the username, and forward it to a single user's maildir on the mail server, with no processing at all by amavis. Does anybody have any suggestions, or can point me to a README on how to do this? Thanks! Terry --- main.cf content_filter=amavisfeed:[127.0.0.1]:10024 master.cf: smtp inet n - n - - smtpd amavisfeed unix- - n- 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n- n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients=
Re: Exclude a domain from processing, and forward?
Terry Carmen a écrit : I asked a similar question on the Amavis list, but as I think about it, it might be more appropriate to handle in postfix, before the mail ever gets to amavis. Currently postfix accepts mail for a number of domains, and all mail gets sent though amavisd-new using the configuration below, and is then delivered to appropriate local users: I would like to accept all mail for one of the domains, regardless of the username, and forward it to a single user's maildir on the mail server, with no processing at all by amavis. Does anybody have any suggestions, or can point me to a README on how to do this? the problem is what to do for mail to multiple recipients. if this never happens (mail is never sent to a user in this domain as well as to a user in another domain), then check_recipient_access hash:/etc/postfix/access_recipient === access_recipient: example.com FILTER smtp:[127.0.0.1]:10025 but again, if a spammer send mail to j...@example.com and virgi...@example.net, then it will not be filtered (so virginia will get the mail unfiltered, even if she is not in example.com). using amavisd-new is more robust. Thanks! That's exactly what I was looking for, although since you mentioned the multiple recipient problem, it's probably not the solution I need. It woul donly be a matter of time before it became a problem. I guess I'll wait and see if I get any answers on how to handle it with amavis Thanks, Terry
Re: Exclude a domain from processing, and forward?
Perhaps you could use multiple postfix instances; use use foo_transport (instead of content_filter) to route mail to amavisd- new. For domains or recipients that should skip the filter, use a transport_map entry to route directly from first - second instance of Postfix, bypassing amavisd-new. This elegantly handles the issue of multi-recipient mail. There are some natural consequences and caveats, but this should be enough to get you started. This would also be a good time to review the MULTI_INSTANCE_README. That sounds like more work and complexity than should be necessary. I think I'll wait and see of anybody on the amavis list has an idea why my processing exclusions aren't working as they seem like they should, Terry
Re: Postfix and IDENT (RFC1413)
Still not support? Postfix implements the SMTP protocol. Why would you expect it to implement Ident? Terry
Re: Setting up postfix problems
I am comparatively new to postfix and seem unable to get my configuration correct to ensure there are no open relays. For obvious reasons I am not posting from the network concerned! I set out below 1. Details of test with abuse.net 2. maillog entries for the test 3. network requirements for the server 4. entries in main.cf Post the output from postconf -n. Terry
Re: Strategies to Prevent Abuse in Bulk-Mailing?
Hi guys. I've been googling around looking for info on this without much sucess. Here we are: Some of my customers insist on sending bulk-email from their web php sites (you know, bulletins and such). My worst nightmare would be having our servers listed in any RBL list because of this. How do you guys deal with custommers sending bulk-mail? Are there any rules in postfix to prevent it, maybe even delaying them in the queue? Unfortunately, this is a human problem, not a technology problem. There are various band-aid approaches, like running the outbound mail through spamassassin and HOLDing the spammy mail, however this may or may not catch what you want, since even SpamAssassin has no idea if the user actually wanted the mail or not. I worked for a very large ISP a number of years ago, and they handled the problem with a good legal team and really good contract that specified huge financial penalties for spamming. This actually worked very well, since the customers would either refrain from spamming, or would be terminated, forfeit their hardware and be sued. You might want to do the same, as well as suggest that your customers use an outside mailing-list provider. Terry -- CNY Support, LLC Web. Database. Business http://www.cnysupport.com
OT: Re: Strategies to Prevent Abuse in Bulk-Mailing?
Hi guys. I've been googling around looking for info on this without much sucess. Here we are: Some of my customers insist on sending bulk-email from their web php sites (you know, bulletins and such). My worst nightmare would be having our servers listed in any RBL list because of this. How do you guys deal with custommers sending bulk-mail? Are there any rules in postfix to prevent it, maybe even delaying them in the queue? Unfortunately, this is a human problem, not a technology problem. There are various band-aid approaches, like running the outbound mail through spamassassin and HOLDing the spammy mail, however this may or may not catch what you want, since even SpamAssassin has no idea if the user actually wanted the mail or not. Yes, we already do that, and more. In fact, I'm not that worried because of the contents of the emails, I'm mostly worried because sending emails to more than 500 people in the recipient list is not very polite, and can trigger undesired actions. People sometimes have poorly designed web pages with a not-too good php emailing code. For instance. I'd like to find a way (maybe through some header checks in outgoing email) so if it detects a large amount of recipients it triggers actions such as: 1.- Adding the 'Precedence: bulk' header field 2.- Clean the message for non-valid characters 3.- If a non-valid sender address is detected, block the sending (for instance, someone may send bulk-email with a From: www...@ispdomain.com (the apache user) 4.- If the recipient list has invalid recipient domains block the whole sending. 5.- Of course, any modification of the email should be done before doing the dk/dkim signing, which we already do. Can this be (totally or partially) done? 1, 2 3 are possible but probably not helpful. 4 is possible but not useful for fixing your problem (if the recipient domain is invalid, the mail won't go out anyway). I'm not sure if #5 would be good or bad, but it won't stop anybody from sending spam. It takes very little spam to get blacklisted (sometimes as little as a single message to the right spamtrap). There is no technology that I'm aware of that will stop this. If you don't want your server to be blacklisted, you need to make sure the users don't send spam, or you need to tell them they have to contract with an external mail provider. Terry
Re: Open Relay (???)
Hi People Very strange what is happening today, so I see my server seems to be accepting connections from outside to send e-mail, the message as shown below (pfqueue) 5x message_arrival_time: Tue Jul 7 05:40:57 2009 9x create_time: Tue Jul 7 05:40:57 2009 Please post the output from postconf -n, as well as a section of /var/log/maillog showing the messages being relayed. Terry
Re: Open Relay (???)
Jul 7 17:54:01 mx postfix/smtpd[31079]: disconnect from localhost.localdomain[127.0.0.1] It looks like the mail is coming from a process running on your server (localhost). Do you host any websites, run webmail or have any local users? If you're lucky, the cleanup line will contain a message id that give a clue as to it's creator. For example, this shows a message that came from squirrelmail. Jul 7 16:41:05 wormhole postfix/cleanup[27697]: 50237503FB: message-id=d82e40699ae1412316736573384c8811.squir...@webmail.cnysupport.com Terry
Re: Postfix Manual
Hi I know that If I ask this stupid question all of you will sendme to man or here: http://www.postfix.org/documentation.html But I wonder if any of you knows about a begining manual for dummy sysadmins to let them to work with already postfix installation. It's not a dumb question. Although everything is documented perfectly, postfix is made out of a number of components and configuation files, and the big picture is non-obvious at first. It's like reading a biology book then trying to understand exactly why bean-burritos make you gassy. My best advice would be google. Whatever questions you have have almost certainly been asked before and have already been answered. There is at least one Postifx Book available, that seems to be popular, although I have never actually seen it. Terry
Re: header checks not working
Rob Brandt wrote, On 7/1/2009 9:09 AM:
Excellent, I now get a match using postmap. If the spam doesn't cease,
I'll be back. Thanks everyone!
Rob
Nuts. I am still getting spam. Is there any reason header_checks might
not be enabled? Is header_checks being run before SA processes it?
You'll pretty much always get spam. The question is how spammy does
spamassassin think it is, is it being flagged with the spam header, and is
your header check macthing it?
Here's my header_checks file:
*
# X-Spam-Flag
/^X-Spam-Flag: YES$/ DISCARD X-Spam-Flag
Here's my current main.cf:
*
Without trying to be a Master of the Obvious, are you actually getting the
X-Spam-Flag header in your messages? If you're using amavis, it may eat the
spam headers depending on configuration.
Also, you don't need the $. at the end of the string.
FWIW, you might want to use X-Spam-Level instead of X-Spam-Flag, since it
gives you more control over how spammy something is before you take action:
/^X-Spam-Level.*\*\*\*\*\*/ HOLD
works nicely, for example.
When you fire up postfix are there any error messages in the log?
Terry
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate delayed mail warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail.dom.ain
alias_maps = hash:/etc/aliases,hash:/usr/local/mailman/data/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = amd64.dom.ain, localhost.dom.ain,localhost
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
virtual_alias_maps =
hash:/etc/postfix/virtual,hash:/usr/local/mailman/data/virtual-mailman
home_mailbox = Maildir/
content_filter = smtp-amavis:[127.0.0.1]:10024
debug_peer_list = amd64.dom.ain
unknown_local_recipient_reject_code = 550
transport_maps = hash:/etc/postfix/transport
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
inet_interfaces = all
smtpd_tls_auth_only = no
smtpd_use_tls = yes
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
header_checks = regexp:/etc/postfix/header_checks
Here's the headers from a very spammy email I just received:
*
Return-Path: ale...@52.red-88-5-123.dynamicip.rima-tde.net
X-Original-To: bronto-dom@amd64.dom.ain
Delivered-To: bronto-dom@amd64.dom.ain
Received: from localhost (localhost [127.0.0.1])
by mail.dom.ain (Postfix) with ESMTP id A24B1422C5
for bronto-dom@amd64.dom.ain; Wed, 1 Jul 2009 10:10:54 -0700
(PDT)
X-Virus-Scanned: Debian amavisd-new at amd64.dom.ain
X-Spam-Flag: YES
X-Spam-Score: 27.191
X-Spam-Level: ***
X-Spam-Status: Yes, score=27.191 tagged_above=-999 required=6.31
tests=[BAYES_99=3.5, DIGEST_MULTIPLE=0.001, FH_HELO_ALMOST_IP=3.565,
FH_HOST_EQ_DYNAMICIP=4.058, HELO_DYNAMIC_SPLIT_IP=3.493,
HTML_FONT_SIZE_LARGE=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457,
PYZOR_CHECK=3.7, RAZOR2_CF_RANGE_51_100=0.5,
RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905,
RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1]
X-Spam-Report:
* 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.]
* 4.1 FH_HOST_EQ_DYNAMICIP Host is dynamicip
* 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
* IP)
* 3.6 FH_HELO_ALMOST_IP Helo is almost an IP addr.
* 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [88.5.123.52 listed in zen.spamhaus.org]
* 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* 0.9
Re: Bounce / NDR messages - how to stop them
Steve, you know the answer to this question: I will repeat it once more time. Don't reject mail after accepting it. Wietse Wietse, You are, of course, correct. It would be totally retarded to be able to switch of bounce/ndr messages. Mail admins are totally perfect and never make any config errors that would have the potential to turn Postfix into a bulk backscatter machine. I apologise for asking for such a stupid feature. I'll try and become perfect so I don't show up any limitations to your Postfix in the future. I also apologise for asking for the ability to white list clients, senders or recipients in the header and body check section. That is also totally retarded of me and I will ask all spammers to be considerate and send me 'the right kind of spam'. :-) You can be as annoyed as you wish, however (as usual) Wietse is correct. Accepting a message then sending an NDR is simply not acceptable, and will turn you into something that the entire rest of the world hates. Accepting a message then trashing the NDR and deleting the message will turn you into something that your users and the senders hate. The problem isn't that you're getting the wrong kind of spam it's that you're attempting to process it incorrectly. If you process it correctly, you can handle any type of spam. Terry
Re: Bounce / NDR messages - how to stop them
On Mon, 2009-06-29 at 14:24 -0400, Terry Carmen wrote: Whilst Wietse's Postfix mostly rocks you need to drop that 'God' like arse licking Terry. It makes you look a tit dude. If something sucks it sucks. No matter who wrote it, who's project it is, or the cost of it. I appreciate Wietse's help because I've spent decades and hundreds of thousands of dollars for product support that doesn't come close to what's available here for free. Try getting free support for any Microsoft server product directly from the developers. Let us know how that works for you. Terry
Re: Regular expression with fighting against spam
Hi. As I'm new on that group I would like to welcome everyone. I've noticed that in my SMTP filtering server a lot of spam try to get through. I want to block it but the problem is all these emails starts from | (pipe). How to block it then ? I've tried to add /^From: |(*)/ REJECT in access file but it doesn't work. Can somebody shed a light for me how to block it ? Post some log entires showing the unwanted mail entering your system. Terry
Re: Regular expression with fighting against spam
Received: from ost1-v-4-63.static.adsl.vol.cz (ost1-v-4-63.static.adsl.vol.cz [62.177.85.63])??by smtp66.swiftinter.net (Postfix) with ESMTP id CEC657112BF2??for |arl.b...@domain_name.com; Fri, 19 from ost1-v-4-63.static.adsl.vol.cz[62.177.85.63]; from=|arl.b...@domain_name.com to=|arl.b...@domain_name.com proto=ESMTP helo=ost1-v-4-63.static.adsl.vol.cz Of course domain_name.com is a domain name allowed to relay on this server. I want to stop everything what starts from pipe |. Unless you have a user named |arl.bird, all you need to do is stop accepting mail for users that don't exist. http://www.postfix.org/LOCAL_RECIPIENT_README.html Terry
Re: rule to manually put on hold
Hi, How can I set a rule to put manually on HOLD all email sent to temporarydeaddomain.com ? I understand that postfix will automatically sent the emails in the deferred and deal with them from time to time but as I know that the domain is dead for a while, I'd like to move them directly on hold and resubmit them in the maildrop when I know that the domain will work again ... Thanks for your help. Stéphane This should work: In main.cf: header_checks = regexp:/etc/postfix/header_checks In /etc/postfix/header_checks: /^To:@temporarydeaddomain.com/ HOLD Terry
Re: Defer All INET
On Thu, 2009-06-18 at 12:42 -0400, Terry Carmen wrote: # /etc/postfix/deferall.regexp /^/ DEFER Please try again during business hours You might want to do a little log exploration and see if 100% of everything you receive after hours is spam Not all mail received after hours is spam. Quite a bit is automated (package tracking, machine status, mailing lists, bills, bank statements, etc.) and not all machines will continue to retry until morning. It's not a one size fits all fix, but the majority is. My view is simple, don't expect to deliver it when we are closed. The onus being on the sender, not the recipient. Even if I was a local customer, the concept of email only works when the lights are on would make me look somewhere else. Especially when accompanied by a message that indicates that your mail server is actually running and available, but has been configured to not accept mail because your front door is locked. In the end, you can do what you want, but I think you're using an inappropriate and not very effective method to control spam. The spammers don't generally care what time it is, since bandwidth and hardware cost them almost nothing. If you want greylisting, why not use appropriate software and a reasonable delay? Terry -- CNY Support, LLC Web. Database. Business http://www.cnysupport.com
Re: Problem with 450 bounce notices
I use a backup MX service to accompany my Postfix mail server. Right now the Backup MX service has more than 1,200 messages waiting to be delivered. As near as I can tell (from the Postfix logs) all of them are addressed to addresses that either never existed or no longer exist. The Postfix log indicates it is bouncing them with a 450 (temporary bounce) instead of a 550. So the Backup MX service is keeping them and continually trying to re-send. I've checked the main.cf. The following two lines are as listed in the file: unknown_local_recipient_reject_code = 550 soft_bounce = no Please post the unedited output (except for passwords/private data) from postconf -n, as well as log entries showing unknown recipients being bounced with 450 and 550. Terry
Re: Problem with 450 bounce notices
I'm hoping someone knows the key to this. I use a backup MX service to accompany my Postfix mail server. Right now the Backup MX service has more than 1,200 messages waiting to be delivered. As near as I can tell (from the Postfix logs) all of them are addressed to addresses that either never existed or no longer exist. The Postfix log indicates it is bouncing them with a 450 (temporary bounce) instead of a 550. So the Backup MX service is keeping them and continually trying to re-send. I've checked the main.cf. The following two lines are as listed in the file: unknown_local_recipient_reject_code = 550 soft_bounce = no To complicate things further, when I sent a test message to an invalid address, I quickly get a 550 response. It appears it's giving 450 responses to some senders and 550 responses to others, even when the same invalid address is used. You have reject_unverified_recipient enabled and the verification is failing. Terry smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_client_access hash:/etc/postfix/access, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, *reject_unverified_recipient* http://www.postfix.org/postconf.5.html#reject_unverified_recipient
Re: anvil
I have postfix 2.3.3 installed and have just found some info on Anvil(8) which looks like it should be good as part of my anti-spam implementation. I can see anvil in /usr/libexec/postfix/ but when i enable the config within main.cf smtpd_error_sleep_time = 1s and grep on maillog there's no entry for anvil - its as though it isn't compiled or something. Anyone know how to get it up and running? While you're welcome to try what you want, it looks like you're over-optimizing the wrong thing. Spammers don't care about your server rate limits. Most spam is spread out with one or two emails coming from thousands of zombies, which Anvil won't notice. It's rare (at least from what I've seen) to get more than a couple of dozen messages at one time from a single infected IP. In the end, all you'll end up with is a weird server that causes problems with legitimate email and doesn't stop spam. I'd suggest rejecting anybody with no reverse DNS, and if you're feeling adventurous, some regular expressions to reject dynamic addresses you don't want to talk to, then checking a few carefully selected RBLs. Give whatever gets though to SpamAssassin. Terry -- CNY Support, LLC Web. Database. Business http://www.cnysupport.com
Re: handling non MX entry domains
Thanks for the reply... but i didnt get any explanation on how it sends to a domain which he didnt find the MX entry? If no MX record is found, the A record is used. http://tools.ietf.org/html/rfc5321 Terry
Re: handling non MX entry domains
Really thanks to ruben and terry... Let me set this setting... by the way, i am curious to know, if i want to delete a particular mail from the queue (may be in active or in deferred) how can we do that. postsuper -d QUEUE_ID For more info: man postsuper you can get the queue ID from the message or postqueue -p an example like mail message id 8AD5TYU is in deferred and i want to delete it, how can i do that (if i delete, this manually, any problem for the system ?) and if i delete this with a command, will the postfix send a notification to the user? Never delete things manually from any active queue. You can delete queued messages with the above command, however in any case, there will be no user notification for the sender or intended recipient. another example mail message id 6FG23DB is in active queue and i want to delete it. how can i do that (by notification to the user and also another way without notifying the user) what will happen if i delete the mail message by rm command from the active queue? Never delete things manually from any active queue. I doubt it would work anyway, from the ACTIVE queue, but would absolutely not recommend trying it. Postfix doesn't expect files to be ripped away while being processed. AFAIK you can do what you want with anything in the HOLD queue. Terry - -- --- Always try to find truth!!! ***---***--*** Its always nice to know that people with no understanding of technologies want to evaluate technical professionals based on their own lack of knowledge ***---***--*** --- On Tue, 6/9/09, Ruben Laban r.la...@ism.nl wrote: From: Ruben Laban r.la...@ism.nl Subject: Re: handling non MX entry domains To: postfix-users@postfix.org Date: Tuesday, June 9, 2009, 4:18 PM On Tuesday 09 June 2009 at 15:03 (CET), truth_seeker_3...@yahoo.com wrote: but i didnt get any explanation on how it sends to a domain which he didnt find the MX entry? If example.com doesn't have a MX record, it will use the A record of example.com (if it exists). delay_warning_time will notify the current status to the user? or it will warn the user and stop processing that mail? It tells the message has not been delivered yet, and that the system will continue to try (until max queue lifetime is reached). -- Regards, Ruben Laban Systems and Network Administrator ISM eCompany -- CNY Support, LLC Web. Database. Business http://www.cnysupport.com
Re: handling non MX entry domains
postsuper -d QUEUE_ID ok. now i want to inform the user about this action. HOW can i do that? anyway for sending a notification at this point There is no need to manual delete mail from the queue that way. i agree. But now i have to do it with postsuper -d QUEUE_ID in this situation how can i notify the user? i believe there will be somehow a way to inform the user!!! There is no automatic notification for postsuper -d. If you want to notify users that you deleted their mail, you'll need to do it yourself. However if all you want to do is bounce undeliverable messages, you don't need to do anything. Just configure whatever maximal_queue_lifetime you find reasonable and leave postfix alone. When the message expires postfix will notify the sender. Terry
Re: Howto bounce a message in queue
Noel Jones wrote: At 03:24 PM 2/7/2007, Dick Middleton wrote: Is it possible to manually bounce a message in the deferred queue so preempting the normal retry/timeout period? I've got a message sitting in the queue trying to connect to a non-existent server. The sooner it gets bounced back to originator the better, If these are the result of a user mis-typing a domain, add the bad domain to your transport map and requeue the message with postsuper -r QUEUEID. # transport hotmal.com error:invalid domain hotmal.com maybe try hotmail.com instead. If these are the result of bouncing undeliverable mail, you need to implement proper recipient validation so invalid recipients are rejected during SMTP. Sorry to bump such an old topic but this fits what I'm trying to learn to do on a system that focuses on sending outbound traffic using v2.5.5. I did read man transport and searched list archives but I just don't seem to be getting all the pieces right. . . . I have a transport file and I've postmapped it. Does an additional directive go in main.cf or master.cf and what might that look like when implemented? Add an entry like: verision.net error:Invalid Domain Name. did you mean verizon.net? To /etc/postfix/transport, then requeue the message as described above. Terry -- CNY Support, LLC Web. Database. Business http://www.cnysupport.com
Re: How to safely re-inject an archived queue file?
I've already been down this road. Forget about playing with queue file names, permissions and all the other back door methods of accessing the queues, and use the utilities supplied. Calling an external app to make things happen isn't quite as elegant as being able to drop files where you want them, however you also won't get angry phone calls about missing or stuck mail. If you consider the potential visibility, nobody except you will know that you're holding, releasing and re-injecting mail using external applications, however if you guess wrong mess up or something changes in postfix and breaks your stuff, *everybody* will know. Terry
Re: Allow Relaying, but not be an open-relay
HI All, How can I allow e-mails to be sent from my website to external users (like GMail) but not be an open-relay to spammers? By default Postfix will deliver mail to it's intended destination (GMail, AOL, etc.). but will accept mail only from IP addresses in mynetworks. I believe mynetworks (defined in main.cf) defaults to localhost, although it could be different on your distribution, so you should verify it's actual setting. http://www.postfix.org/postconf.5.html#mynetworks Allowing trusted outside users without becoming an open relay takes a little more work. The most reliable method I've tried is SASL Authentication: http://www.postfix.org/postconf.5.html#permit_sasl_authenticated Terry
Re: Allow Relaying, but not be an open-relay
HI All, How can I allow e-mails to be sent from my website to external users (like GMail) but not be an open-relay to spammers? By default Postfix will deliver mail to it's intended destination (GMail, AOL, etc.). but will accept mail only from IP addresses in mynetworks. I believe mynetworks (defined in main.cf) defaults to localhost, although it could be different on your distribution, so you should verify it's actual setting. http://www.postfix.org/postconf.5.html#mynetworks Allowing trusted outside users without becoming an open relay takes a little more work. The most reliable method I've tried is SASL Authentication: http://www.postfix.org/postconf.5.html#permit_sasl_authenticated Sorry, I replied without fully reading the message. What you're looking for requires that your email interface (webmail, forms, etc) only accept mail from authenticated users. This would typically be a function of your website, not postifx. The sending application would then need to authenticate with Postfix, or be part of MyNetworks. What, specifically is sending mail? Terry -- CNY Support, LLC Web. Database. Business http://www.cnysupport.com
Re: Allow Relaying, but not be an open-relay
Well, I have a ColdFusion based website that I have a few forms that users submit to sign up for events. So they dont log in or anything. I specified localhost in CFMail and it works for domains on my system, but when I send the user a copy of what they submitted they dont get it. My main.cf says: mynetworks = 172.16.254.0/28 That address is my apartment. I am hosting this at mosso so I have one static from them of 67.23.34.37. Mail and CF run on this same IP. It looks like the mail isn't going out because Postfix does not trust your local machine and is (correctly) refusing to relay. Try changing mynetworks to: 127.0.0.1 The only machine postfix needs to trust in this case is the machine it's running on, and then only the local IP address. If this doesn't work, post the output from postconf -n as well as all the lines from /var/log/maillog that show postfix accepting and not delivering your message. Terry
Re: Mails stuck in incoming queue
I have multiple almost identically configured postfix servers relaying mails On one of the servers the mails get stuck in incoming queue. All other servers are delivering perfectly fine There are no body / header checks on this machine that could potentially be slowing down pickup. And apparently there are no hardware issues How do I debug the pickup process ? Adding a -v to the end of the pickup line your master.cf file and restarting postfix seems to work although I don't see the -v switch listed in the pickup man page. Terry
Re: Mails stuck in incoming queue
I have multiple almost identically configured postfix servers relaying mails On one of the servers the mails get stuck in incoming queue. All other servers are delivering perfectly fine There are no body / header checks on this machine that could potentially be slowing down pickup. And apparently there are no hardware issues How do I debug the pickup process ? PS. Don't forget to postfix reload Terry
Re: Strange problem with postfix and dovecot sasl auth
Hello, I've been trying to setup postfix with tls and smtp auth (dovecot sasl). I'm now stuck with the smtp auth part, with a strange error. For a few days I've tried to search information about similar problems, but found none. Now I'm hoping somebody here could help me out. I'm running Ubuntu Jaunty on AMD64. I've disabled tls (and a lot of other options, and not running in a chroot jail) for now. The problem is, that as soon as I enable smtp auth in postfix (smtpd_sasl_auth_enable), smtp stops working. When doing bash:# telnet localhost 25 Trying ::1... ^ I'm guessing that something in the mix isn't properly configured for IPv6. I's probably configurable, but unless you really need IPv6, I'd suggest just disabling IPv6 in your network stack, commenting out any IPv6 references in Postfix and trying again. Terry
Re: check sent messages
Last night a mail was sent to a group of recipients but it seems like only a few persons received the message. The command mailq says Mail queue is empty, the mail logfile doesn't show any errors. How can I check if a certain message was sent sent? Is there a way to log every outbound message's From and To fields? You should have one of these in your log for each sent message: Apr 20 23:23:01 wormhole postfix/smtp[20205]: DA266304A5: to=m...@dest_domain.org, relay=mail.dest_domain.org[205.178.149.7]:25, delay=1.2, delays=0. 27/0.01/0.51/0.39, dsn=2.0.0, status=sent (250 2.0.0 n3L350sk01923f Message accepted for delivery) Terry
Re: Info about queues
How I can get more information about the messages through the different queues ? For example, information like input/output time. How many queues, Postfix have? 5 or 6 ? 1. active 2. deferred 3. hold 4. incoming 5. maildrop 6. corrupt (is a queue ?) http://www.postfix.org/QSHAPE_README.html#maildrop_queue
Re: Limits for cidr files
Terry Carmen: Does anybody know what practical limits are for cidr files? Postfix CIDR patterns are executed in the specified order. Therefore the run-time processing time is linear in the number of rules. Each process also spends some time compiling the patterns during initialization. Don't use this for complex content inspection. Wietse Thank you. I'll keep the big datasets on a DB server. Terry
Limits for cidr files
Does anybody know what practical limits are for cidr files? Specifically, would there be any problem loading it with something like uceprotect, which currently has around 2M entries? Thanks, Terry
Re: mail delivered multiple times.
I wonder if anyone can help? I've done a lot of googling but still can't see anything that relates clearly to my problem. When sending a newsletter to clients using Postfix as my MTA, I will get multiple deliveries of the same email to a user, although they are only listed once. I have isolated this as an MTA problem with Postfix and it occurs most often when sending to Yahoo email accts. In logs I get the message that Postfix lost connection with name of server while sending end of data -- message may be sent more than once. If this is an issue with the other corresponding server, or nothing that I can change in Postfix, then I'd rather the email not be sent at all than be sent multiple times. I'm running Postfix v2.5.1 Can anyone suggest what might be wrong? thanks. Unfortunately, it's doing exactly what it says it's doing. The transfer starts and at some point before the end of the SMTP transaction, postfix loses the connection (the receiving system disconnects or something in-between like an ill-behaved firewall kills the connection), so postfix has no confirmation that the transfer completed. The message stays queued and the transfer restarts the next time it connects, which gives you duplicate messages. Right now my best guess would be that Yahoo believes you're a spammer and is throttling or tar-piting your connection. Before changing too many setting in postfix (which probably won't help a lot), you should see about getting whitelisted with Yahoo, which would almost certainly take care of the problem. Terry
Re: Spam Filters Not Catching Repeating Offenders?
Carlos Williams wrote: I noticed I keep getting the same spam message delivered to a building wide distribution via Postfix and I can't understand why the following are not catching it every time? You'll need to post log entries showing the message being accepted. The two you posted were both rejected. Terry
Re: Spam Filters Not Catching Repeating Offenders?
Carlos Williams wrote: On Mon, Mar 30, 2009 at 2:47 PM, Victor Duchovni victor.ducho...@morganstanley.com wrote: Here we, go again, do please look at the Received headers of the message... Sorry - this is new to me so please bare with my confusion. I apologise again. We're referring to the headers in one of the actual emails, not the logs. They'll look like this: Return-Path: n.16.1635...@offersand.com X-Original-To: te...@bupkis.org Delivered-To: te...@bupkis.org Received: from localhost (wormhole [127.0.0.1]) by smtp.cnysupport.com (Postfix) with ESMTP id 96E4A30400 for te...@bupkis.org; Mon, 30 Mar 2009 13:29:33 -0400 (EDT) Received: from smtp.cnysupport.com ([127.0.0.1]) by localhost (smtp.cnysupport.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id LzyD6GHV+ijx for te...@bupkis.org; Mon, 30 Mar 2009 13:29:33 -0400 (EDT) Received: from rts42.offersand.com (rts42.offersand.com [69.94.142.42]) --- by smtp.cnysupport.com (Postfix) with SMTP id CEBF7303FB for te...@bupkis.org; Mon, 30 Mar 2009 13:29:32 -0400 (EDT) You're looking for this: by smtp.cnysupport.com (Postfix) with SMTP id *CEBF7303FB* and can then: grep CEBF7303FB /var/log/maillog to find out how it was processed. Terry
Re: Changing virtual mailbox for large messages
Brian Schang wrote:
Hello:
I have read through the Postfix documentation and have Googled for an
an answer, but I have not found a solution for the following problem...
In a nutshell, I have a number of virtual_mailbox_domains and
virtual_mailbox_maps and everything is working perfectly. Now for a
given virtual user, I'd like to change the virtual mailbox being used
if the message is over a given size.
For instance, assume that I have the following entry in
virtual_mailbox_maps:
Mark Martinec was kind enough to translate my C message size filter into perl
for amavisd-new. You can use it to add:
X-ActualMessageSize: **
X-ActualMessageSizeBytes: nn
headers to your message (Each * = 1MB) then do something with it in header_checks.
I'm not sure how you would use this to redirect it to a different mailbox for
each user, but it's currently in production HOLDing messages that are too large
for a client's exchange server.
Terry
---
Mark's message follows:
If all you need to do is to add two header fields based on mail size,
the simplest way is to call add_header() from a custom hook, e.g.:
somewhere in amavisd.conf add:
include_config_files('/etc/amavisd-custom.conf');
then in /etc/amavisd-custom.conf :
package Amavis::Custom;
use strict;
# invoked at child process creation time;
# return an object, or just undef when custom checks are not needed
sub new {
my($class,$conn,$msginfo) = @_;
my($self) = bless {}, $class;
my($mail_size) = $msginfo-msg_size; # mail size in bytes
my($mail_size_mb) = $mail_size/(1024*1024);
my($hdr_edits) = $msginfo-header_edits;
$hdr_edits-add_header('X-ActualMessageSizeBytes', $mail_size);
$hdr_edits-add_header('X-ActualMessageSize',
'*' x ($mail_size_mb 50 ? 50 : $mail_size_mb));
$self; # returning an object activates further callbacks,
# returning undef disables them
}
1; # insure a defined return
Re: unusual access requirement
Res wrote: Hi, I have an internal requirement to deny access to an email address, which I'd like to do via access, however, we'd also like to accept that message for storage somewhere, I was thinking of the access BCC method, but then I need to also send a 5xx message in their connect transaction, I know this is a contradiction of the way SMTP works :) but is it possible with postfix or do we need an alternative method, I know milters work like this for scanners etc, so I was hoping someones done similar or knows of a milter that can do this? What do you mean by deny access? Are you trying to stop internal users from sending mail using a certain email address as the sender or reject incoming mail that lists that email address as a recipient (a distribution list, for example)? Terry
Re: unusual access requirement
Res wrote: Hi Terry, On Fri, 27 Mar 2009, Terry Carmen wrote: I have an internal requirement to deny access to an email address, which I'd like to do via access, however, we'd also like to accept that message for storage somewhere, I was thinking of the access BCC method, but then I need to also send a 5xx message in their connect transaction, I know this What do you mean by deny access? Lets say user is f...@example.com ... and I'm example.net when f...@example.com SMTP connects to our SMTP, I want the message secretly accepted (for lack of a better term) but then I want our SMTP to, after accepting, return: 550 service unavailable in their transaction, just as if we had set in access: f...@example.com REJECT ..to avoid accepting then generating backscatter bounce message which is what I can do now in 5 seconds, but I'm trying to avoid that despite f...@example.com being a real address that someone reads. You want to accept the message, deliver it to the recipient and still return a 550? I'm not sure why anybody would want this, but AFAIK, you can't do it without modifying postfix or writing a filter. Terry
Re: Am I a backscattered email source?
Ivan Ricotti wrote: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: ab...@elabor.homelinux.org Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: *550 550 5.1.1 ab...@elabor.homelinux.org: Recipient address rejected: User unknown in virtual mailbox table (state* 14). - Original message - MIME-Version: 1.0 Received: by 10.103.246.1 with SMTP id y1mr4093237mur.116.1237976577631; Wed, 25 Mar 2009 03:22:57 -0700 (PDT) Date: Wed, 25 Mar 2009 11:22:57 +0100 Message-ID: 214f10...@mail.gmail.com Subject: test From: Ivan Ricotti ivan.rico...@gmail.com To: ab...@elabor.homelinux.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit --- So, I'm a bit confused now. Is my configuration correct or not? What should I do? Your server rejected the email because it has no abuse alias. The /etc/aliases file needs to map abuse to a real user. Don't forget to postalias aliases and you might also want to postconf |grep alias_database to verify which alias file postfix is actually using. The alias file location changed over time (not sure if it was a distribution change or a postfix change), but some systems use /etc/aliases and some use /etc/postfix/aliases. If you make changes to the wrong one, it won't work properly. Terry
Re: my mailserver has been blacklisted
Ivan Ricotti wrote: Hi, thanks for your reply. Brian Evans - Postfix List wrote: Look a few lines above this. Why did you accept mail for a non-existent user? But I do *not* accept mail for non-existent users: Mar 26 09:27:11 athene postfix/smtpd[29704]: NOQUEUE: reject: RCPT from mail02.mail.esat.net[193.120.142.82]: 450 4.1.1 3f6f17ca.813b5...@elabor.homelinux.org: Recipient address rejected: undeliverable address: unknown user: 3f6f17ca.813b5...@elabor.homelinux.org; from=mem...@ebay.it to=3f6f17ca.813b5...@elabor.homelinux.org proto=ESMTP helo=mail02.mail.esat.net [r...@wormhole ~]# telnet elabor.homelinux.org 25 Trying 217.133.111.72... Connected to elabor.homelinux.org. Escape character is '^]'. 220 elabor.homelinux.org ESMTP Postfix (Debian/GNU) MAIL FROM: te...@cnysupport.com 250 2.1.0 Ok RCPT TO: postmas...@cnysupport.com *554 5.7.1 postmas...@cnysupport.com: Relay access denied* QUIT 221 2.0.0 Bye Connection closed by foreign host. You don't appar to be an open relay. It's more likely that a machine on your network is infected. Can you post log entries for a message that originates on your network, but is not legitimate email? If not, it's more likely that someone is using you as a forged sender address/IP. in this case, can you get the headers from a supposed spam? Terry
Re: What makes a postfix server behave this way?
suomi wrote: Problem is: last friday, a person complained that no messages had been sent from an application which sends the same message to about 40 mail-recipients including to this person himself. Messages are sent via php-pear-Mail-Mime, which sofar has worked correctly in all cases: single-mail, small mail-lists, about 40 mail-recipients mail list. Just in this single case the mail was not sent. I am at a loss for new ideas on what the reason could be. In the postfix log, where the php-pear-Mail-Mime client sends all mails, for the mail in question I find the following: Mar 20 09:00:01 smtphost postfix/smtpd[3990]: connect from senderhost.mydomain.com[xxx.xxx.xxx.163] Mar 20 09:00:01 smtphost postfix/smtpd[3990]: disconnect from senderhost.mydomain.com[xxx.xxx.xxx.163] and no more. I am sure that the above log entry corresponds to the failed mail, because in the application log I can see that the person sent the message exactly at 09:00:01. postfix on the smtphost is not busy, the last message before the failed was processed at 08:56:15 and the next message after the failed was processed at 09:38:29. I also checked to see that no empty mail addresses had been sent in the recipient list. Test with this application are very delicate, because I cannot send interminable test-mail to the entire mail-list. Where could I try to find the error in this case? The answers to all of the world's important questions are in the log file (OK, they're not nearly as important as friends, SCUBA diving and pizza, but the answers are still in the log). Edit your config file to increase the log level, then see exactly what's happening. See http://www.postfix.org/DEBUG_README.htm for more info. It will tell you in much greater detail what's going on. Terry
Re: header_checks for a specific client or sender
Martin Strand wrote: Is it possible to make a header_checks rule apply only to a certain client? I've got an annoying piece of software which sends messages through Postfix. This software insists on including a Sender header that I wish to filter out with Postfix, but only for this certain client (or the envelope sender, which is always the same) Unfortunately, fixing the software is not an option :( Any tips? If you want to change the sender's email address for the message, you can use smtp_generic_maps = hash:/etc/postfix/generic In main.cf and add the address translation to /etc/postfix/generic (don't forget to postmap and reload config) If you really want to not deliver it, you can add: badsen...@yourdomain.tlderror:mail from badsender is not deliverable to your transport table. Terry Terry
Re: header_checks for a specific client or sender
Martin Strand wrote: On Mon, 23 Mar 2009 15:28:03 +0100, Terry Carmen te...@cnysupport.com wrote: Martin Strand wrote: Is it possible to make a header_checks rule apply only to a certain client? I've got an annoying piece of software which sends messages through Postfix. This software insists on including a Sender header that I wish to filter out with Postfix, but only for this certain client (or the envelope sender, which is always the same) Unfortunately, fixing the software is not an option :( Any tips? If you want to change the sender's email address for the message, you can use smtp_generic_maps = hash:/etc/postfix/generic In main.cf and add the address translation to /etc/postfix/generic (don't forget to postmap and reload config) If you really want to not deliver it, you can add: badsen...@yourdomain.tlderror:mail from badsender is not deliverable to your transport table. Terry Terry No, it's only the Sender *header* that's causing problems, not the actual envelope sender. I added an IGNORE line to filter out all Sender headers, but I would prefer to only apply that filter to this specific client. After reading the header_checks documentation several times I still can't find a way to do this so I'll live with the current workaround for now. Thanks anyway! Can you post the bad header? Terry
Re: Fedora10 RPM build from src fails.
James A R Brown wrote:
Hi Alan,
Have you managed a temporary workaround to build the rpm?
ie there a way of changing the build root directory which is indexed I
guess by
rpm --eval '%{_sourcedir}'
Or is this hard compiled into the RPM program?
If what you are saying is the case, bit concerned how to get the mail
server back up as it needs a custom compiled version inc Mysql and
dovecot.
Guess I could start looking and a source source build. Ack!
I always build from the official postfix sources.
Unless you have a lot of non-standard options you need to enable, it's
usually a really quick and simple build, and has been much easier to
maintain than the packaged builds.
Terry
Re: Best method to throttle mail to one user
jeffs wrote: I have a postfix system set up that works fine (well, maybe that is because it is not totally on-line yet :-\ ). But testing has been great. Once it goes live this system is going to be used to send email alerts to users based on certain database activity. Actually, a script which runs against user names and email addresses in the database will be kicking off the alerts. This is not a system that uses postfix for general email type of activity -- it will be used only for outbound alerts. I've got that part to work already just fine. There is the slight potential for abuse by these logged in users that one or two may figure out a way to send spam through this system by forging (not login) credentials that the database uses to sort out outbound email. In this particular system if spam is going to go out via the method mentioned above, it will always be destined for one particular user, although those users will change over time and it is not feasible to predetermine which user may be on the receiving end. What would be the best method in postfix to shut down or stop a sudden flurry of emails to one user. It will always be a sudden jump in outbound emails since typical outbound alerts will not happen that often. Postfix has rate-limiting features, but I'm not sure that would be very helpful, since even a low rate-limit will still let a lot of messages though (over a weekend, for example). A better solution would be to secure the system that generates the emails and use authentication for sending mail. If that isn't an option, you could install spamassassin and use header_checks to HOLD anything with an X-Spam-Level a defined maximum. It's very effective especially if you teach it what the legitimate emails look like. Terry
OT Re: Best method to throttle mail to one user
jeffs wrote: Sahil Tandon wrote: On Mon, 23 Mar 2009, jeffs wrote: There is the slight potential for abuse by these logged in users that one or two may figure out a way to send spam through this system by forging (not login) credentials that the database uses to sort out outbound email. This is really shady. Why can't you secure the system? I'm developing a system that examines the apache logs for a particular string of characters, which only occasionally are present in the URLs -- very rarely. Actually, the presence of those strings, is the mechanism that kicks off a script that sends email to an email address. Now, it is difficult but not impossible for someone to calculate what those strings may be. If they guess right, they could flood my apache logs with those strings and thereby kick off a flurry of alerts to an email address. AFAIK, there's no way to do what you want using any type of postfix or postfix add-on software. A bunch of log hits could just as easily be real hits for your string as someone playing with you. What you need is more intelligence in your app, not better mail server security. A good place to start would be to model your app after syslogd, which will report last message repeated times, so instead of becoming a DDOS attack on your intended recipients, they would get a single email that says Found string 'your string 34,100 times in the last 20 minutes In any case, this isn't a postfix problem. Terry
Re: Performance tuning
Brandon Hilkert wrote: So tmpfs does use the ram ? I as able to get tmpfs to work, but there was some notion that it too uses the disk. It uses RAM, but will swap to disk if it needs to. There's no guarantee that it won't cause disk activity. Terry
Re: How to index maildir
Jeff Huang wrote: Hi,my mailserver is postfix and the mailbox is set to /Maildir. But I found if there are too many email in maildir,the imap is very slow. Can we set the Maildir indexing?So we can accelerate to read/find the email from Maildir. Postfix doesn't do IMAP. You might have better luck asking your IMAP vendor. Terry
Re: Move queue to RAMFS
Brandon Hilkert wrote: I'm trying to get my queue to ramfs. I mounted a volume. When I send mail to it, it tells me there's insufficient storage. Not sure about the error, but in general RAMFS sounds like a bad idea for a number of reasons including the ability to crash your machine if it fills up, and the loss of messages if you lose power or have a hardware failure. The server should use free RAM for cache anyway, so I'm not sure how much of a performance improvement you'll see. OTOH, the benchmark data would be interesting. Also, you might want to check and see where the problem actually is, since I'd be amazed if postfix is actually disk-bound. It's more likely to be another process or something with log-level set too high. If it turns out to be logging and you can't reduce the log data, you could try moving syslog to a difference machine. Terry
Re: Dropping rejected mail from a transport server
Chris Cameron wrote: I have a Postfix server that sits in front of Exchange. Exchange has anti-spam software running that will reject what it deems as spam. This is creating a problem for Postfix, which accepts a message, and tries to send it to Exchange, who then rejects it. That leaves Postfix with an email it has to try to bounce to a (usually) non-legitimate sender. It'd be nice if Exchange accepted and then silently dropped, but that doesn't seem to be coming. So, on my part, what can I do with Postfix to drop messages that Exchange (defined through the transport file) rejects? Exchange is accepting mail, then rejecting it, which is a problem with Exchange, not Postfix. Anything you do with Postfix to delete the rejected mail that Exchange as already accepted will also lose legitimate mail Exchange thinks is spam. The recipient will not get the mail and the sender will not get a reject notice, which breaks the integrity of the SMTP protocol and will really annoy a lot of people. My suggestion would be to: * Do the spam processing on or before the postfix box and turn it off on exchange, or * Configure Exchange to deliver spammy mail and just mark it as spam. Any solution that accepts mail and them bounces it later will make you a bounce-back spam source and get your servers blacklisted. Any solution that accepts mail and deletes it will have the users at your door with pitchforks and torches. Terry
Re: Unable To Track Spam in Mail Logs = :(
Carlos Williams wrote: I just had a ticket come in regards to a user who just last week Now I am wondering why I am unable to find any of these messages in my logs: mail:~# cat /var/log/mail.log | grep -i 203.217.121.52 mail:~# cat /var/log/mail.log | grep -i 3B3311FA41E0 mail:~# cat /var/log/mail.log | grep -i guypatricelumu...@congo.gov Am I searching for this incorrectly or in the wrong directory? Thanks for any help! - Carlos I'm guessing that the log has been rotated or you're looking in the wrong log file. What do you get with: postconf |grep log If the results contain: syslog_facility = mail What do you get with: grep mail /etc/syslog.conf Terry -- Terry Carmen CNY Support, LLC http://cnysupport.com
Multiple HOLD Queues?
Is it possible to implement multiple HOLD queues for different types of content that requires inspection (spam, file attachments, etc?) Thanks! Terry
Re: Accept undeliverable mails and send NDR
ram wrote: One of my clients sends mail using a custom application which *cannot* recognize a smtpd error message .. like user-not-found, or invalid-domain etc Now they want our postfix server to accept all mails without checks and send NDR's for undeliverable mails. Even if you can make this work, it's still a bad idea, since the outbound SMTP server will be blacklisted for sending to too many invalid addresses. Because it ignores bounces, the mailing list will never be updated to remove invalid recipients. Terry
Re: OT: Diagnose blocked mail
Ray wrote: Hello, I'm having an issue with mail being blocked (I think) and I was hoping that someone here would give me an idea on where to get started. here's the situation. (Made up names) server is postfix with amavis-new, spam-assassin and dovecot. logs are fairly verbose. Alice (al...@example.com) sends Bob an Email (b...@myserver.com) CC (b...@3rdserver.com) I run myserver.com. message goes through to b...@3rdserver.com, but not b...@myserver.com. there is absolutely no trace of alice's domain in the mail logs. am I being blocked up stream, is my server discarding the mail somewhere or ...? any suggestions including alternate mail lists or google search terms very much appreciated. Ray Post the appropriate section of /var/log/maillog showing the misbehaving transfer. Terry
Re: OT: Diagnose blocked mail
Sorry, I should have filled in all this information before hand :( Server is live and fully functional. it deals with thousands of messages per day and has for over a year. One user can't receive messages from one contact. That contact doesn't even show up in the logs as spam or lost connection or anything. So, let me see: one user can't receive mail from on specific mail address, but can other users receive mail from that address?, ie, if al...@example.com sends a mail to us...@myserver.com , is the mail delivered? If your server is running and postfix is logging normally and there are no log entries for the missing message, it means that the message isn't making it as far as your postfix server, it's not a postfix problem and you need to look elsewhere. Even if it's being eaten by another app (amavis, a poorly written filter, etc.), there will still be a log entry showing where postfix accepted or rejected the message. No log entry means you're looking in the wrong place. Terry
Re: denyhosts-like postfix brute force block?
Cameron Camp wrote: I've been happily using denyhosts for ssh brute force attacks, 1. What are best practices for the same functionality for Postfix 2. Are there gotcha's for trying to use denyhosts/fail2ban for this 3. Should I use something else? I'd like to stop attacks at the iptable/tcpwrapper level before it eats up postfix resources. Sorry if that has already been asked. Best, Cam It works great! I've been using it for a while to catch dictionary attacks and relay attempts. I have this in /etc/fail2ban/filter.d: failregex = reject: RCPT from (.*)\[HOST\]: 5 -- and this in /etc/fail2ban/jail.conf: [postfix] enabled = true filter = postfix action = iptables-allports[name=postfix] sendmail-whois[name=postfix, dest=r...@cnysupport.com, sender=s...@cnysupport.com] logpath = /var/log/maillog maxretry = 6 Depending on how fast your email addresses change, 6 might be too low, so you'll probably need to adjust it. -- which catches log entries like this: Mar 2 19:24:40 wormhole postfix/smtpd[23869]: NOQUEUE: reject: RCPT from unknown[122.110.167.253]: 554 5.7.1 m...@headwa ters.com: Relay access denied; from=cwall...@choirschool.org to=m...@headwaters.com proto=SMTP helo=122.110.167.253. optusnet.com.au Terry
Re: Mail Received But Not Delivered
Rich Shepard wrote: This has not happened before: two messages sent to me, and received, but not delivered to my mailbox. Here's what the maillog shows: Feb 9 11:43:59 salmo postfix/qmgr[32715]: E4041AAE: from=usern...@gte.net, size=4572, nrcpt=1 (queue active) Feb 11 11:33:33 salmo postfix/qmgr[21684]: 8BA1AF50: from=usern...@gte.net, size=4839, nrcpt=1 (queue active) I've replace the actual username. There should be nothing in procmail that prevents delivery so I'm really puzzled where these went. Thanks, Rich What do you get with: grep E4041AAE /var/log/maillog and postqueue -p ? Terry -- Terry Carmen CNY Support, LLC http://cnysupport.com
Re: Mail Received But Not Delivered
Rich Shepard wrote: On Wed, 11 Feb 2009, Terry Carmen wrote: What do you get with: grep E4041AAE /var/log/maillog Terry, Feb 9 11:43:58 salmo postfix/smtpd[17963]: E4041AAE: client=vms173007pub.verizon.net[206.46.173.7] Feb 9 11:43:59 salmo postfix/cleanup[17966]: E4041AAE: message-id=88ba18204f8d4137a8f4a4b0601d2...@mrdsoffice Feb 9 11:43:59 salmo postfix/qmgr[32715]: E4041AAE: from=usern...@gte.net, size=4572, nrcpt=1 (queue active) Feb 9 11:44:01 salmo postfix/local[17967]: E4041AAE: to=rshep...@appl-ecosys.com, relay=local, delay=4, delays=1.4/0/0/2.6, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail) Feb 9 11:44:01 salmo postfix/qmgr[32715]: E4041AAE: removed Feb 9 11:44:01 salmo postfix/local[17967]: E4041AAE: to=rshep...@appl-ecosys.com, relay=local, delay=4, delays=1.4/0/0/2.6, dsn=2.0.0, -- status=sent (delivered to command: /usr/bin/procmail) Postfix delivered it to procmail, so postfix is done with it. I don't use procmail so I can't help you there, but I would assume it has some sort of log you could check to follow the message. Terry
Re: Mail Received But Not Delivered
Rich Shepard wrote: On Wed, 11 Feb 2009, Terry Carmen wrote: Postfix delivered it to procmail, so postfix is done with it. I saw that, but there's nothing in ~/procmail/log since 2007. Time to look further. Yep. That's definitely a good place to start. At a minimum the procmail log should show the messages its processing. Terry
Re: Delaying some email addresses
Victor Duchovni wrote: On Mon, Feb 09, 2009 at 02:44:09PM +, Jo?o Miguel Neves wrote: Good morning, I'm using spamassassin thru amavisd. I also have a bunch of spamtraps (addresses that were never used by persons, but that receive spam regularly) feeding automatically its bayes filter. Sometimes I get some spam that goes to regular addresses and to the spamtraps around the same time. Is there a way or, what is the correct way of delaying some addresses? Don't delay, if your spamtrap addresses are well chosen, have never existed as valid email addresses, and are unlikely to be mistyped accidentally by a human sender, you can just REDIRECT all mail for a spamtrap address to that same spamtrap address, this drops all the other recipients. Does this mean that if a single message has multiple recipients, and one of the recipients is spamt...@mydomain, that the message will only be delivered to spamt...@mydomain? Terry
Re: Building postfix for packaging
Quanah Gibson-Mount wrote: We currently use postfix as a part of our overall product, which means that it ends up being packaged inside our own RPM (or deb, etc) packages, and then redeployed when our product is installed. One thing I've noticed about the postfix build system in this is that it assumes you are building postfix specifically to be run on the box you're building it on, which in what we are doing is not really the case. As a part of all this, we also allow people to check out and build the FOSS edition of our product. To make it easier on those who want to do this, I'm trying to make it so they can build postfix as whatever user they want, since our own install process takes care of setting up permission, etc, for postfix. However, the postfix-install script doesn't seem to have a concept of this, which makes it somewhat annoying to use, as I have to essentially patch around it. Of the numerous software applications we build as the underlying components to our product, Postfix is the only one that goes to such pains. Is there a way that I'm missing to turn off this behavior in postfix-install besides patching it to turn off its checks? Have you considered allowing the use of an existing instance of Postfix? Many people tend to not consider packages that require and ship with their own versions of externally maintained packages. Terry
Re: whitelisting not working
David Cottle wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have got RBL tests and I got a client on godaddy. Naturally their outgoing server (secureserver.net) is listed. I made changes to postfix but its still rejecting, here is the extract of the main.cf and the rules. I don't understand why its not working.. If I remove all the rbl checks the emails arrive.. Any ideas? Here is the configs that apply: smtpd_client_restrictions = check_client_access hash:/etc/postfix/whitelist, check_client_access hash:/etc/postfix/check_backscatterer, check_client_access hash:/etc/postfix/check_spamcannibal, reject_rbl_client bl.spamcop.net, reject_rbl_client pbl.spamhaus.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client dnsbl-2.uceprotect.net, reject_rbl_client dnsbl-3.uceprotect.net, reject_rbl_client 2.0.0.127.b.barracudacentral.org the /etc/postfix/whitelist file (yes its been mapped to .cf) Assuming you're making a hash file, postmap outputs a .db file. Terry
Re: whitelisting not working
David Cottle wrote: Sent from my iPhone On 09/02/2009, at 10:38, Terry Carmen te...@cnysupport.com wrote: David Cottle wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have got RBL tests and I got a client on godaddy. Naturally their outgoing server (secureserver.net) is listed. I made changes to postfix but its still rejecting, here is the extract of the main.cf and the rules. I don't understand why its not working.. If I remove all the rbl checks the emails arrive.. Any ideas? Here is the configs that apply: smtpd_client_restrictions = check_client_access hash:/etc/postfix/whitelist, check_client_access hash:/etc/postfix/check_backscatterer, check_client_access hash:/etc/postfix/check_spamcannibal, reject_rbl_client bl.spamcop.net, reject_rbl_client pbl.spamhaus.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client dnsbl-2.uceprotect.net, reject_rbl_client dnsbl-3.uceprotect.net, reject_rbl_client 2.0.0.127.b.barracudacentral.org the /etc/postfix/whitelist file (yes its been mapped to .cf) Assuming you're making a hash file, postmap outputs a .db file. Terry Hi Terry, Yes all the files (whitelist, check_backscatterer and check_spamcannibal) have been postmap. I assume that as long as the whitelist is done first, anything that is ok in the file simply should 'brute force' past the rest of the checks, no matter how many? My point was that postmap outputs a db file, and check_client_access hash:/etc/postfix/whitelist looks for /etc/postfix/whitelist.db, while you stated that you mapped (renamed?) the file to .cf, which is not what postfix is looking for. This means that it will not find your whitelist file. Terry
Re: Postfix installation problem
Mayuresh Kasture wrote: Hello everyone, I am trying to install postfix. When I do make install, I get an error, //etc/postfix/post-install: Error: no /usr/sbin/postconf command found. Re-run this command as /etc/postfix/post-install command_directory=/some/where. make: *** [install] Error 1 / But, I can see postconf in /usr/sbin. /r...@mayuresh-desktop://home/mayuresh/Desktop/Tools/Postfix/postfix-2.5.6/# ls -l /usr/sbin/postconf -rwxr-xr-x 1 root root 568127 2009-02-01 16:45 /usr/sbin/postconf / If you're running anything like SELinux or AppArmor, turn it off. If you're running a plain *nix install, something is screwed up in your installation package. Download a fresh copy from http://www.postfix.org/ and try again. Troubleshooting your specific problem is possible, but probably not a productive use of your time.// I followed instructions given in http://archive.netbsd.se/?ml=postfix-usersa=2004-08t=308185 http://archive.netbsd.se/?ml=postfix-usersa=2004-08t=308185, Use the instructions that come with postfix or from the above URL. 3rd party instructions are not necessarily current or accurate. . . . gives/ ///usr/sbin/postconf: error while loading shared libraries: libmysqlclient.so.16: cannot open shared object file: No such file or directory postconf -d mail_version failed / The default postfix install does not use mysql. Unless you require it for something, it's probably a package dependency you're missing on a precompiled version of postfix. If you actually need mysql, you should make sure that mysql and the mysql client libraries are installed. Terry -- Terry Carmen CNY Support, LLC http://cnysupport.com
Re: Mail backup for malfunctioning MTA
Melvyn Sopacua wrote: The reason is that a client has unsolved ongoing configuration issues with their Exchange server and can no longer afford to loose mail because of it. The Exchange server is not my problem(tm). . . . 4) Magically catch the accepted mail that bounces after completed transaction (mailbox is full primarily. Spoof MAIL FROM: dialog?) If you're saying that exchange is losing the mail, the easiest fix is to configure postfix as a relayhost between the outside world and the broken exchange server. Postfix will queue the mail and send it to the exchange server as quickly as possible and if the exchange server is down, it will wait until it's back up again. If you're saying that there is actual broken client software (Outlook, etc.) that's loosing mail, why not configure it for IMAP instead of POP so the mail will remain on the Exchange server? Terry
Re: how to block arabic emails ?
Murat Ugur EMINOGLU wrote: Dear All, How i can block all arabic emails? example email : header and body content : اضافه مهمه ومثيرة لبرنامج الاوت لوك thanks, best regards. You need to post the actual message headers (View-Options in Outlook, View-Message Source in almost everything else.) Terry
Re: Multiple SMTP relays based on sender's domain
Neil wrote: On Wed, Jan 14, 2009 at 5:01 AM, Gilles Albusac gilles.albu...@wanadoo.fr wrote: Is it possible to set up Postfix to choose an SMTP relayhost when routing outbound mail based on the domain name of the sender ? If you're okay with using addresses instead of domains, I think sender_dependent_relayhost_maps might do the trick for you. If you mean recipient domain, this will work: /etc/postfix/main.cf: transport_maps = hash:/etc/postfix/transport /etc/postfix/transport: army.mil smtp:smtp.yourisp.com fussymx.com smtp:mail.whoevertheytalkto.com Don't forget to postmap transport If you really mean sender, I'm not sure what you would use. Terry -- Terry Carmen CNY Support, LLC 315.382.3939 http://cnysupport.com
Re: queue buildup
Multilinks.com is undeliverable for some reason. postqueue -p will tell you why, however unless it's a routing problem, you don't need to do anything. As the messages get older, they'll expire and be returned to the sender. Terry punit jain wrote: Hi All, My mail server has due to some reasons queued plenty of mails: - qshape deferred T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 1349 0 2 2 6 5 6 18 23 58 1229 multilinks.com http://multilinks.com 1342 0 2 1 6 5 6 18 23 57 1224 mac.com http://mac.com 1 0 0 0 0 0 0 0 01 0 diamato.com http://diamato.com 1 0 0 0 0 0 0 0 00 1 schweif.net http://schweif.net 1 0 0 1 0 0 0 0 00 0 cablenet5.com http://cablenet5.com 1 0 0 0 0 0 0 0 00 1 mail.mtc.com.pl http://mail.mtc.com.pl 1 0 0 0 0 0 0 0 00 1 tmda.easydns.com http://tmda.easydns.com 1 0 0 0 0 0 0 0 00 1 kreadesign1.model-fx.com http://kreadesign1.model-fx.com 1 0 0 0 0 0 0 0 0 0 1 I want to flush mails for one specific domain, basically multilinks.com http://multilinks.com which have been queued for long time. I was thinking of running postqueue -s multilinks.com http://multilinks.com but it says postqueue: fatal: Flush service is not configured for destination multilinks.com http://multilinks.com Thanks in advance. -- Terry Carmen CNY Support, LLC 315.382.3939 http://cnysupport.com
Re: syslog convert to lowercase
Henrik K wrote: On Sat, Jan 03, 2009 at 04:51:04PM +0530, ram wrote: Can all the logs be made in lowercase only atleast the sender and the recipient emailids Since we have huge logs, searching for something in the logs is quite expensive. And doing it case insensitive really sucks the resources If postfix could log everything in lowercase then that would help a lot Pretty funny stuff as my egrep chews happily 140MB/s, whether it's case insensitive or not.. you must use really lousy code. I was going to mention that. Case sensitivity is generally implemented in low level code in whatever string library is used. If you can tell the difference, someone did a horrible job. Terry
Re: relayhost not working correctly
Arthur Wiebe wrote: On Sat, Jan 3, 2009 at 1:06 PM, Dan Langille d...@langille.org wrote: Arthur Wiebe wrote: Hey folks, I'm setting up a mail server using postfix, don't have a whole lot of experience with it and so here's what I want to do. I want Postfix to be a smarthost, with internal connections to use SSL. Dovecot is my MDA as well. The relay host (smarthost) is my ISP, and it does not require any authentication (no login). I've sent an email successfully over a telnet session on port 25 and it works fine. Also I've monitored my firewall and I can see the connection to my ISP's mail server when attempting to send an email using postfix. But the email never get's delivered so I assume it's something to do with the relayhost authentication. Perhaps the log of that delivery attempt will be useful to the diagnosis. The firewall log I'm assuming you're talking about, just a very simple entry: 22:43:42 TCP 10.142.11.17:59763 - 67.58.192.15:25 [SYN] len=60 ttl=63 tos=0x00 srcmac=__ dstmac=00:0c:29:12:42:12 (Passed) I've looked through /var/log/mail.log,mail.err are there any others logs for postfix that I should be looking at? (There's nothing in those two) If there's nothing in the mail.log file, then you haven't found the correct file. At the very least you should have an entry for the delivery attempt, regardless of whether or not it was successful. Terry
Re: How to bounce back a mail in queue
ram wrote: Sometimes my mailq gets cluttered with lot of undelivearble mails. Because end servers are not accepting I wish to bounce back some messages ( not delete them ) from queue How do I do it ? The mail will bounce on it's own when it's maximal_queue_lifetime expires. Terry
Re: issue connecting to mysql after upgrade
Jeff Weinberger wrote: Hello again: One more issue on which I would appreciate any help anyone can offer: Yesterday I upgraded my postfix installation from 2.5.2 to 2.5.5 and my MySQL installation from 5.0.51b to 5.0.75. Immediately after restarting everything (the whole computer), I started seeing these messages in my mail log: Jan 1 09:48:35 s postfix/smtpd[13199]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/tmp' (38) Jan 1 09:48:35 s postfix/cleanup[13201]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/tmp' (38) Jan 1 09:48:42 s postfix/trivial-rewrite[13205]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/tmp' (38)Can't connect to local MySQL server through socket '/tmp' /tmp isn't a socket, it's a directory. Run: mysql --xml -uroot -p -e SHOW VARIABLES WHERE Variable_name = 'socket'; to see where mysql has it's socket, then make sure that postfix is looking for it there, or move the socket, or switch postfix and MySQL to use a TCP socket. If you're running chroot'ed the socket needs to be where postfix can find it. Terry
Re: issue connecting to mysql after upgrade
Terry Carmen wrote: Jeff Weinberger wrote: Hello again: One more issue on which I would appreciate any help anyone can offer: Yesterday I upgraded my postfix installation from 2.5.2 to 2.5.5 and my MySQL installation from 5.0.51b to 5.0.75. Immediately after restarting everything (the whole computer), I started seeing these messages in my mail log: Jan 1 09:48:35 s postfix/smtpd[13199]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/tmp' (38) Jan 1 09:48:35 s postfix/cleanup[13201]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/tmp' (38) Jan 1 09:48:42 s postfix/trivial-rewrite[13205]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/tmp' (38)Can't connect to local MySQL server through socket '/tmp' /tmp isn't a socket, it's a directory. Run: mysql --xml -uroot -p -e SHOW VARIABLES WHERE Variable_name = 'socket'; to see where mysql has it's socket, then make sure that postfix is looking for it there, or move the socket, or switch postfix and MySQL to use a TCP socket. If you're running chroot'ed the socket needs to be where postfix can find it. Terry Sorry about the --xml. Although it doesn't hurt anything, you don't really need it. In any event, if you're getting the error messages, I don't see how postfix can be using mysql. Terry
Re: rate limit outgoing mails with mailman
ja...@monsterjam.org wrote: I want only 1 smtp connection at a time to be made out from my server to my ISP's server.. Can someone please help me with a config that will accomplish this? If your ISP doesn't want to handle your list traffic, trying to get around their restrictions isn't going to make them happy. However if you really want to do this, you can set maxproc to 1 for smtp in master.cf. Terry
odd client restrictions behaviour
I have: smtpd_delay_reject = yes smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, hash:/etc/postfix/whitelist, regexp:/etc/postfix/spam_ip_regex, reject_unknown_reverse_client_hostname, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_rbl_client zen.spamhaus.org which AFAIK, should reject inbound connections that do not have a reverse DNS entry. However it doesn't seem to be consistant. I get a lot of these, for example; NOQUEUE: reject: RCPT from unknown[218.94.129.166]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [218.94.129.166]; from=stev...@xuite.net to=te...@cnysupport.com proto=ESMTP helo=njgzwibm346.njgzw.org which are properly rejected, however I also get: NOQUEUE: reject: RCPT from unknown[202.70.195.135]: 554 5.7.1 Service unavailable; Client host [202.70.195.135] blocked using zen.spamhaus.org. To resolve this issue, please call CNY Support and ask that your IP address be whitelisted.; from=fatiguelc...@sina.com.tw to=oneofmyus...@example.com proto=ESMTP helo=abc lost connection after DATA (0 bytes) from unknown[202.70.195.135] Shouldn't this be rejected by reject_unknown_reverse_client_hostname instead of making it all the way to the zen.spamhaus.org RBL, or is the smtpd_delay_reject causing all the restrictions to execute before rejecting the message? Terry
Re: odd client restrictions behaviour
The postifx log says: RCPT from unknown[202.70.195.135] Regardless of the results from dig, doesn't the above log entry mean that postfix is unable to find an rdns entry for this IP and that No, in this case it means that forward confirmation of the PTR failed. An unknown host in logs is still determined the same way it always was. Suppose I'm a bad guy (not a big leap of imagination) and I owned 202.70.195.0/24. And I set the PTR for 202.70.195.135 as security.cnysupport.com. Would you want your logs to say ... RCPT from unknown[202.70.195.135] ... or ... RCPT from security.cnysupport.com[202.70.195.135] ?? That makes more sense. Thanks! Terry
Re: Reject/Discard mails to a Receipient
Linux Addict wrote: Hello, I have clients sending mails to an non-existent email address/domain, emailerm...@exchange.example.net. I want to discard any mail sent to this address. I looked at smtpd_recipient_restrictions, but cant figure out how to get this done. Please help me!! ~LA Why are you accepting mail that you can't deliver? Terry
Re: Special routing for mail from localhost
Victor Duchovni wrote: On Fri, Dec 19, 2008 at 01:54:05PM -0500, Wietse Venema wrote: Is there any way to have special routing for mail that's created on the postfix server(localhost), destined for mydomain? As far as I recall, internally generated messages are not subject to the content_filter setting. Thus, you can use the content_filter parameter to send regular mail to the content filter, even when the filter never sends it back to Postfix, and send other mail directly to the exchange box. The OP is not talking about mail generated internally inside Postfix (bounces, postmaster notices, ...). Rather this is mail from $mynetworks, and replacing content_filter with a FILTER ... action in a CIDR table will work for that, and will automatically exempt pickup(8) once the global setting is gone from main.cf That's pretty much it. So would it be correct to change: content_filter=amavisfeed:[127.0.0.1]:10024 to content_filter=cidr:/special_routing.cidr then, special_routing.cidr: 127.0.0.1/32 smtp:exchange server ip 0.0.0.0/0 amavisfeed:[127.0.0.1]:10024 Terry
Re: postfix + procmail autoresponder
That's a great idea assuming you want to be on every known RBL when you return. The from and sender addresses on almost all spam is forged, so you'll be spamming them all with Sorry, we're not here right now . . .. Most won't appreciate it. Terry Christian Desrochers wrote: Hi all, My office will be closed for the Christmas holidays and I would like to set up an mail autoresponder that will send back a notice to the sender for every mail sent at @our_domain.com http://our_domain.com. What I really want is to reply to sender saying we are closed and will be back on Jan 5th. More, I want the received email to be delivered to the final recipient, so this one can follow up when he or she is back. I found a website giving a procmail receipe that sounds good. I am just wondering if I have to add anything else to it, so the mail is delivered to the final user? Do you guys know an other way to set up a mail autoresponder, using postfix? Here is the website: http://www.knowplace.org/pages/howtos/autoresponder_with_procmail_howto.php Thanks in advance, Chris -- Terry Carmen CNY Support, LLC 315.382.3939 http://cnysupport.com
Re: Backup MX for multiple domains
DJ Lucas wrote: Hi guys, I believe that I already have the answer to this pretty basic setup, but I just wanted to do a quick sanity check. I'm setting up a backup MX, and for one of the domains that it will relay to, it should do no filtering whatsoever as there is a Symantec device in front of the primary. The device is configured with a catch-all, and I have verified that no backscatter is generated when sending to an invalid address, and the admin of that server wants to review everything coming at him. The backup should have the same filtering as the primary, since a lot of spammers use it without every trying the primary, specifically because a lot of people implement the backup without filtering. Terry
Re: Stopping backscatter with before-queue
Chris Turan wrote: Hey All, I'm having an issue with backscatter emails and implementing a before-queue spam and virus scanner. My current mail server uses a after-queue amavisd-new scanner with spamassassin and clamav. In the last two weeks, my system has started *sending* a significant number of backscatter messages. I need to silence these messages in a safe and reliable way. Here are my criteria: 1) Reject the message before the end of the smtp transaction. 2) Scan for both spam and viruses. 3) Never discard. MTA must deliver-and-tag or reject-and-notify. 4) Scan both incoming and outgoing messages. 5) Scanner is fast, runs as a daemon, and is preferably written in a faster language like C. Despite my best research, I have not yet found a way to do all five of these. Can anyone recommend a way to run amavis as before-queue scanner, or to recommend a different scanner better than amavisd-new. To eliminate *sending* backscatter, all you need to do is not accept mail you won't be able to deliver: http://www.postfix.org/BACKSCATTER_README.html amavisd-new with spamassassin and clamav will handle #2 #3 and #4 and maybe #5 depending on what you think fast is. Unfortunately, there's still no such thing as a free lunch and both the virus and spam scanning are not exactly speedy, regardless of how fast amavis is. The trick is to reject everything possible using other means (blacklists, regular expressions, other tests) before finally sending the message to the scanners. That said, it depends very much on your mail volume and how much is spam and how much is ham. I have a small (2 processor, 512M/RAM) mail server that runs anywhere from 30K-60K connections/day, rejects way over 90% of the attempts and still only runs at less than 2% utilization until the spam/AV scanners are started, at which point it runs around 50% for a few seconds, then goes back to 0. Unless you're running a really big site or a really old server, it's unlikely that the performance issues you're worried about will actually be a problem. Postfix is extremely efficient, and the cost of rejecting unwanted connections is really low. Back to your actual problem, if you can post the output from postconf -n, someone can probably tell you what's wrong. Terry
Re: Stopping backscatter with before-queue
Chris Turan wrote: Terry Carmen wrote: To eliminate *sending* backscatter, all you need to do is not accept mail you won't be able to deliver: I am rejecting unknown recipients but the bounces are coming from messages with a spamassassin score above 12. Don't do that. Once you've accepted a message, it's yours. Aside from anything else, it makes you look bad when someone sends a legitimate email that happens to look spammy and you bounce it back as spam. One of my clients HOLDs spammy messages for manual inspection by the postmaster, then releases or deletes it. Another one lets the users email application deal with the messages based on the spamassassin header. Unfortunately, there's still no such thing as a free lunch and both the virus and spam scanning are not exactly speedy, regardless of how fast amavis is. The trick is to reject everything possible using other means (blacklists, regular expressions, other tests) before finally sending the message to the scanners. Hmmm. I did get a suggestion about checking the headers against RBL's using builtin postfix content filters. After that, it can be passed onto the real scanners. You just about have to use an RBL or you'll get creamed. However before sending it to the RBL, reject everything possible using less (processor/network) expensive methods like rdns verification and regular expressions. See Re:RBL on this list for more information. That said, it depends very much on your mail volume and how much is spam and how much is ham. I have a small (2 processor, 512M/RAM) mail server that runs anywhere from 30K-60K connections/day, rejects way over 90% of the attempts and still only runs at less than 2% utilization until the spam/AV scanners are started, at which point it runs around 50% for a few seconds, then goes back to 0. I get 10K emails per day, so its still fairly small. Do you have a before-queue scanner installed? There are warnings all over amavisd-new's documentation saying not to use it as a before queue scanner and rightly so. I have no before-queue scanner. I reject everything possible based on the senders IP, existence of an rdns entry and some regular expressions (see Re:RBL). Anything that makes it past there is never rejected or bounced, no matter what. It either goes to the final recipient or is deleted based on corporate policy (chain letters, porn, etc.) Back to your actual problem, if you can post the output from postconf -n, someone can probably tell you what's wrong. Terry
Re: Stopping backscatter with before-queue
Chris Turan wrote: Terry Carmen wrote: Don't do that. Once you've accepted a message, it's yours. Aside from anything else, it makes you look bad when someone sends a legitimate email that happens to look spammy and you bounce it back as spam. Right, I'm trying to correct that problem. This wasn't much of an issue when I first set up this server. None of my addresses or domains were known to the spammers and as a result, I sent very very little backscatter. That's changed now and I need to rethink things. One of my clients HOLDs spammy messages for manual inspection by the postmaster, then releases or deletes it. This is a great idea! I didn't think of this at all but this idea will definitely solve the problem for the interim until I can design and QA a new server. I've just set it to forward spammy messages to a mailbox where I'll review and release messages. If you don't' want to corrupt the destination addresses, you can just tag them as HOLD with /^X-Spam-Level.*\*\*\*\*/ HOLD in /etc/postfix/header_checks which will leave the suspect messages in the Postfix HOLD queue, where you can inspect them with postcat and release or delete them with postsuper. just make sure you have: header_checks=regexp:/etc/postfix/header_checks in your main.cf file. I have no before-queue scanner. I reject everything possible based on the senders IP, existence of an rdns entry and some regular expressions (see Re:RBL). Anything that makes it past there is never rejected or bounced, no matter what. It either goes to the final recipient or is deleted based on corporate policy (chain letters, porn, etc.) Nice! I've been relying on bayesian scanning for the most part. Althought, passing everything concerns me a bit but if the RBL's work, then I think I should be in the clear. This one really underlines the fact that I'm the one that's creating my own problem. The RBLs help a lot, as do the regular expressions in the other referenced thread. Good luck! Terry -- Terry Carmen CNY Support, LLC 315.382.3939 http://cnysupport.com
