Re: pcre matching
- On 18 Aug, 2015, at 17:15, Alex mysqlstud...@gmail.com wrote: I'm trying to match a pattern in a header_checks pcre file and can't figure out why it's not matching. In /etc/postfix/header_checks.pcre, I have: /^From:.*exampleuser@gmail\.com$/ REJECT That regular expression matches text that starts with 'From:' exampleuser does not start with 'From:' and does not contain @gmail.com or even end with that text, so why should the postmap command show a match? Hope this helps. Regards, wolfgang
Re: Stan Hoeppner's fqrdns.pcre file?
- On 26 Apr, 2015, at 20:32, Michael Orlitzky mich...@orlitzky.com wrote: Here's my copy, modified to add a header rather than reject outright. I assume that means you use it in header_checks? Cheers, wolfgang
Re: Tracing why there's a NDN
Hi, your logs show: - On 26 Mar, 2015, at 23:44, @lbutlr krem...@kreme.com wrote: Mar 26 02:55:38 mail postfix/smtp[7534]: 3lCKqM0QcJzJMnf: to=*gmailuser*@gmail.com, orig_to=*localuser*.com, relay=gmail-smtp-in.l.google.com[74.125.193.26]:25, delay=115, delays=46/0.02/38/31, dsn=5.7.0, status=bounced (host gmail-smtp-in.l.google.com[74.125.193.26] said: 552-5.7.0 This message was blocked because its content presents a potential 552-5.7.0 security issue. Please visit 552-5.7.0 http://support.google.com/mail/bin/answer.py?answer=6590 to review our 552 5.7.0 message content and attachment content guidelines. b10si4404184igx.11 - gsmtp (in reply to end of DATA command)) So gmail has rejected to accept that message and has put out a *final* message: 552-5.7.0 This message was blocked. Thus the mail was bounced: status=bounced. That is not a temp failure. So postfix tries to send a NDN to the sender of the blocked mail. Mar 26 02:56:08 mail postfix/smtp[7534]: 3lCKsQ6KCHzJMnj: to=overspill...@akirchheimer.com, relay=none, delay=30, delays=0/0/30/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=akirchheimer.com.inbound10.mxlogicmx.net type=A: Host not found, try again) The MX record of the sender address of the mail that gmail has blocked cannot be resolved in DNS: Host not found, try again. Therefore, the NDN cannot be delivered. That is a temp failure and delivery will be retried until the host can be found in DNS or the queue lifetime of that NDN expires. Is the NDN being generated because of the gmail temp failure? There is no gmail temp failure, see above. Hope this helps, wolfgang
Re: Mail Server Accused of Spam!
In an older episode, on 2014-03-17 07:22, Thomas Harold wrote: GMail has the ability where those users could setup GMail to pull from your POP3 server. There's no need for you to be forwarding mail to a GMail account. (It's under Settings, Accounts in GMail.) Note: That means that users would save their credentials in their GMail preferences on the gmail servers. If that's fine with your security requirements, fine. Cheers, wolfgang
Re: Relay Restrictions Check_recipient_Access
In an older episode, on 2014-03-10 21:32, Blake wrote: In short I have several systems sending emails to invalid addresses which are bounced by Google. I would like to reject the messages at the postfix system using an access list. I thought this configuration would work but it is not having the desired effect. smtpd_relay_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/blacklist_recipient, reject_unverified_recipient, reject If the systems in question are in $mynetworks, that would allow them to send all mails before /etc/postfix/blacklist_recipient is checked. In that case, you should put check_recipient_access hash:/etc/postfix/blacklist_recipient _before_ permit_mynetworks IMHO. I have also tried without any success. smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/blacklist_recipient http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions says: Access restrictions for mail relay control that the Postfix SMTP server applies in the context of the RCPT TO command, before smtpd_recipient_restrictions. If I am not mistaken, that means that permit_mynetworks (from your smtpd_relay_restrictions) would match before your smtpd_recipient_restrictions would be considered. Hope this helps, wolfgang
Re: Aw: Re: Problem with filtering GMX emails in sender_access
In an older episode, on 2014-02-23 00:38, Peter Marius wrote: So it is just a coincidence that the MAIL FROM and From: match for web.de? Both ways of usage are common and legitimate, so I would not call it a coincidence. See https://de.wikipedia.org/wiki/SMTP#Protokoll Nothing wrong/fishy with the way GMX is using it? Nothing wrong as far as I can tell. Where would I filter the actual From: of the header? In Postfix or Dovecot? I found header_checks, but maybe there is a simpler comand where I can reuse the sender_access file? In my view, header_checks is the only way to match From: header lines reliably in Postfix. Your posted sender_access file would not work for that since it does not contain any information which header line is supposed to be matched. See http://www.postfix.org/header_checks.5.html or man 5 header_checks on your server. Hint: /^From:.*whatever/ action I am not a dovecot expert, but I would rather use sieve in Dovecot than header checks in Postfix if I had the choice. BTW: I find DISCARD daring for such a filter, are you really sure you will not miss any important information concerning your freemailer accounts by simply sending those mails to oblivion? Cheers, wolfgang
Re: Problem with filtering GMX emails in sender_access
In an older episode, on 2014-02-22 20:47, Peter Marius wrote: Return-Path: #123456...@gmx.net From: GMX Magazin maili...@gmxnet.de My understanding was that sender_access will filter the address in From:, but obviously it does not? See http://www.postfix.org/postconf.5.html#check_sender_access Is GMX doing something wrong here? Seems like they are using another From: in the negotiation phase than in the later data transfer? MAIL FROM (in the above Postfix documentation) is what you call negotiation phase. From: is something else. See https://en.wikipedia.org/wiki/Return-Path Regards, wolfgang
Re: converting .qmail files to .forward
Hello Wietse, is the colon in aliases files optional? If not, aren't there colons missing below? Cheers, wolfgang In an older episode, on 2013-11-24 16:45, Wietse Venema wrote: Second option: /etc/aliases: (or whatever the location of the sendmail aliases file) westcoast-users jamieh tomk jamieh jamie.how...@somedomain.com After editing, do postalias hash:/etc/aliases Third option: /etc/aliases: (or whatever the location of the sendmail aliases file) westcoast-users :include:/some/where/westcoast-list owner-westcoast-users: jam...@example.com jamieh jamie.how...@somedomain.com
Re: Sending a lot of emails
In an older episode, on 2013-07-19 20:06, Dominik George wrote: Hi, the key is that by sendmail, we mean the sendmail command. Postfix has a sendmail-compatible frontend. You can just use the mail command like so: $ mail -a From: Your Name yourm...@example.com -s Your Subject recpm...@example.com EOT Your Text EOT Run $ mail --help to see the precise syntax. Newer mail(x) versions use -a to attach files. Hope this helps. wolfgang
Re: Block before Recipient address rejected: User unknown?
On 2013-07-11 14:30, Juerg Reimann wrote: Is there a way to reject a certain sender email address before he gets a 550 5.1.1 em@i.l: Recipient address rejected: User unknown? When I add the sender to header_check, he still gets first the User unknown reject when he sends to an unknown user... See http://www.postfix.org/postconf.5.html#check_sender_access
Re: Local UNIX accounts, aliasing rejecting mail to non-public UNIX accounts
In an older episode, on 2013-06-25 18:16, Viktor Dukhovni wrote: deamon: root $ uptime | mail -s uptime daemon@localhost As you may not have noticed, the alias deamon is _not_ the same word as daemon
Re: undelivered-Email
In an older episode, on 2013-03-02 15:37, Reindl Harald wrote: sorry, but postfix is only the messenger ask postmas...@cyberia.net.sa I think that Ejaz is postmas...@cyberia.net.sa: Mohammed Ejaz Sr,Systems Administrator Middle East Internet Company (CYBERIA) Riyadh , Saudi Arabia Phone: +966-1-4647114 Ext: 140 Mobile +966-562311787 Fax: +966-1-4654735 E-mail: me...@cyberia.net.sa
Re: Configurable sender address for recipient verification
I think there is some misunderstanding here. On 2013-01-10 01:38, Daniel L. Miller wrote: On 1/9/2013 4:26 PM, Wietse Venema wrote: How about: don't address-verify a mailing list that you are subscribed to. Doing so is pointless. Worse, it may cause mail delivery delays when they use VERP-style sender addresses that are different with each mailing list posting. Wietse's above text refers to SENDER address verification if I am not mistaken. If you are subscribed to a mailing list, that would mean: your server asks the MX host for the envelope sender address of the mailing list message if that host would accept a mail for that envelope sender address. Fair enough. How do I turn off recipient address verification for my mailing lists? I see a way of forcing sender verification - but I don't see a particular method for NOT verifying recipients. You keep asking about recipient verification. I dont understand how that relates to mailing lists you are subscribed to. Does your phrase my mailing lists refer to mailing lists you are subscribed to? check_recipient_access = hash:/etc/postfix/maps/mailing_lists That means: postfix will query /etc/postfix/maps/mailing_lists to see if it should accept mails for local or virtual recipients. /etc/postfix/maps/mailing_lists mailingl...@mailingserver.comOK I think that mailingl...@mailingserver.com is neither a local nor a virtual address on your postfix server but the To: header line in mailing list mails like e.g. postfix-users@postfix.org. If so, that is nothing that your server sees in smtpd connections at all, that is part of the mail DATA and nothing your smtpd_recpient_restrictions will hit ... I think you should post log lines that show what happens on your server so that the problem becomes more clear. Hope this helps. Cheers, wolfgang
Re: pop client for postfix.
In an older episode, on 2012-11-12 09:27, Muhammad Yousuf Khan wrote: i want to pop emails from a main server which is hosted in US and i want to pop all the email from all the accounts to our local LAN accounts in postfix. like the features once available in MailerDeaman. called domain pop and multipop so is there any options in postfix. Thanks, Maybe you should take a look at http://en.wikipedia.org/wiki/Fetchmail Hope this helps, wolfgang
Re: To find Return-Path from postfix queue
In an older episode, on 2012-03-23 09:33, Anirudha Patil wrote: Also any thoughts on if the Return-Path is added by postfix in header or its the same as the envelope sender. The envelope sender is written into the mail as Return-Path by the MDAs (Mail Delivery Agents) when the mail is finally delivered. So yes, they are the same, but the Return-Path is only a reflection of the envelope sender. Hope this helps. wolfgang
Re: To find Return-Path from postfix queue
In an older episode, on 2012-03-23 09:57, Wolfgang Zeikat wrote: The envelope sender is written into the mail as Return-Path by the MDAs (Mail Delivery Agents) when the mail is finally delivered. So yes, they are the same, but the Return-Path is only a reflection of the envelope sender. See http://en.wikipedia.org/wiki/Return-Path
Re: Adding envelope-from in Received headers
In an older episode, on 2012-02-13 09:24, Peter wrote: Is there a way to include the envelope-from address in message Received headers? It's the Return-Path header. AFAIK, Return-Path is not part of the message header during SMTP transport, but it is added by the MDA (mail delivery agent) during delivery. To add the envelope-from address to the mail header, we use: In main.cf: smtpd_data_restrictions = check_sender_access regexp:/etc/postfix/regexp.sender_data In /etc/postfix/regexp.sender_data: /(.*)/ prepend X-Envelope-From: $1 Hope this helps, wolfgang
Re: Adding a dynamic header to all mail passing through Postfix
In an older episode, on 2011-11-22 11:51, Mark Goodge wrote: However, AOL's feedback system removes the recipient email address, so I can't identify the complainer from the report. It does not remove your server's header lines though, including message-ID and postfix queue ids, so you can find the information in your outgoing server's logs. Hope this helps, wolfgang
Re: Automating regular checks that incoming outgoing mails are still working
In an older episode, on 2011-08-21 16:03, Roger Goh wrote: how do I sent an alert email to notify support if outgoing mail is not working anymore? For such cases, I use a perl script that connects to a different SMTP server to send a mail. See attachment. Hope this helps, wolfgang #!/usr/bin/perl # -w # wolfgang.zei...@desy.de # send an email containing STDIN from $ARGV[0] to $ARGV[1] # via SMTP to 127.0.0.1 port 25 # $ARGV[0] can be '' to prevent bounces, # STDIN should then contain a From: header line use Net::SMTP; # qw(smtp); my $sender = $ARGV[0]; shift @ARGV; my $recipient = $ARGV[0]; shift @ARGV; my $recipient2 = $ARGV[0]; shift @ARGV; undef $/; my $text = ; #exit; my $mailer = Net::SMTP-new(other.smtp.server:25) or die $@; $mailer-mail($sender); $mailer-to ($recipient); $mailer-to ($recipient2); $mailer-data(); $mailer-datasend($text); $mailer-dataend(); $mailer-quit or die mail sending failure;
IPv6 address in regexp lookup tables
How would I specify all IPv6 addresses starting with 2001:638:700:1005 in a regexp table? Regards, wolfgang
Re: IPv6 address in regexp lookup tables
In an older episode, on 2011-06-08 01:21, Wietse Venema wrote: /^2001:638:700:1005:/, assuming a /64 or smaller subnet. Thank you, Wietse. I have realized that I actually need to match all IPv6 addresses starting with 2001:638:700:, but /^2001:638:700:/ works fine, too. Best regards, wolfgang
Re: root-alias Problem
In an older episode, on 2011-05-27 09:14, Finzel, Heiko wrote: The following entry was added to the default entries (postmaster: root etc.) of the /etc/aliases: root: -ad...@abcd.de It was mapped with newaliases/ postalias and postfix was reloaded/restarted, then it was tested with postmap -q root hash:/etc/aliases. But if the system is now actually sending mail to root (for example cron, but also mail send via mailx), it will still go to root@##MYORIGIN## and not to the one listed in /etc/aliases. Does #postconf alias_database confirm that /etc/aliases is the file to be used? wolfgang
Re: How to get a list of mails from mail log?
In an older episode, on 2011-02-06 21:23, meyer-jor...@t-online.de wrote: I'm looking for a tool to analyze the postfix mail log. I want to get a clearly arranged list of all passed (and delivered) mails (sender, recipient, date, subject [added as warning line]). I understand that your log contains warning lines listing the subjects of messages. Each of these lines should contain all the data you want - except for multiple recipients: the Subject: line will only contain one recipient, even if the message went to hundreds. If that is enough for you, you could simply fgrep -i Subject: /your/log/file To catch all recipients, you would have to find the respective queue IDs of each mail and search for that. Hope this helps wolfgang
How not to reject invalid recipient domains (here: aol.com)
Hi, apparently, aol.com is currently not resolved via DNS (at least in Germany). How can I have postfix queue mails to AOL and retry delivery in that case instead of bouncing the mails? Regards, wolfgang
Re: How not to reject invalid recipient domains (here: aol.com)
In an older episode, on 2010-12-21 10:01, Wolfgang Zeikat wrote: Hi, apparently, aol.com is currently not resolved via DNS (at least in Germany). As a workaround, it was suggested on the Postfixbuch users list to use a transport map smtp:aol.de That works so far, since aol.de apparently uses the same MX records as aol.com ... Still, I would like to know: How can I have postfix queue mails to AOL and retry delivery in that case instead of bouncing the mails? Regards, wolfgang
Re: smtpd_delay_reject = yes Reject Logging
In an older episode, on 2010-08-10 23:06, Ralf Hildebrandt wrote: You still have to look up which restrictions list contains that rule, though. Yes, there could be different check_sender_access rules - even without smtpd_delay_reject it would be hard to see WHICH ONE fired. They way I do this is to look at the log and play through the restrictions in my head (does it come from mynetwork? no! Next restriction etc.) postmap -q can also be quite helpful ...
Question about check_sender_mx_access
Various sender domains use MX records like mail.spam.domain that point to an IP that has a DSL PTR record, like 123-345-78-9.dsl.some.provid.er Can I catch those using a table entry like /\.dsl\.some\.provid\.er$/ result ? Or would I have to use their IP or their A record, e.g. mail.spam.domain? Regards, wolfgang
Re: swapped postfix for sendmail; now scripts break
In an older episode, on 2010-07-29 21:24, Jay G. Scott wrote: My users have a script like so (sanitized for everyone's sake): /usr/ucb/mail -s a subject \ -r contracts \ -c list o folks\ -b diff list o folks \ real recip list \ some_file ... postfix's sendmail doesn't have a -c (carbon copy) or -b (blind carbon copy) equivalent. -f and -F will fix the from fakery, but the carbon copies are a problem. For the records: /usr/ucb/mail -s test2 -r, Cc: und Bcc: mit /usr/ucb/mail SunOS 5.10 -r wolfgang.zei...@desy.de -c wolfgang.zei...@desy.de,ot...@addre.ss yet.anot...@addre.ss works for me on SunOS 5.10 with postfix. We already installed postfix really early there after removing sendmail. As far as I can tell, the -c option depends on the mail binary, not on the MTA's sendmail binary. -r uses the full name of the user from /etc/password ... Regards, wolfgang
Re: Bounce replies are not coming back through relay
Wietse Venema wrote: Instead of speculating that Postfix does not allow bounces to come back, all the evidence you need is in the logfile. Postfix logs ALL mail delivery attempts, including the attempts that fail. Bounces normally have an empty envelope sender address which should be logged as from= Masao, maybe this helps you to find significant entries in your logs. Regards and Happy Easter, wolfgang
Re: Remove Postfix From Message Headers
On 03/17/2010 01:59 PM, Carlos Mennens wrote: Is it possible to alter the fact that my message headers indicate that my MTA is a Postfix server? You can configure that in main.cf via setting mail_name = See http://www.postfix.org/postconf.5.html#mail_name Regards, wolfgang
Listing relay_domains in a file
The relay_domains documentation says: Specify a list of host or domain names, /file/name patterns ... Would /file/name contain one domain per line? And would changes require postfix reload? Best regards, wolfgang
Re: Listing relay_domains in a file
Thanks for the replies, Wietse and Victor. Victor Duchovni wrote: Would /file/name contain one domain per line? And would changes require postfix reload? Yes, and yes. If you use an indexed table (cdb, hash, btree, ...) instead, the reload is not required, the trivial-rewrite service in reasonably recent Postfix releases will detect the change within ~10 seconds. So far, I have only used indexed tables with entry pairs like something something_else I understand that I could simply postmap a file with one domain per line, correct? Regards, wolfgang
Exclude recipients from pre-queue spamass-milter checks?
We are experimenting with spamass-milter to check mails and reject them if a configured spamassassin score is reached. That part works, but the milter is (of course) applied to all mails after our smtpd_recipient_restrictions lookups return OK for the recipient, i.e. also postmaster@various domains for whom we want to accept every mail. Is it possible to exclude mails from smtpd_milters = unix:/var/run/spamass.sock? Regards, wolfgang
Re: Exclude recipients from pre-queue spamass-milter checks?
Wietse Venema wrote: Is it possible to exclude mails from smtpd_milters = unix:/var/run/spamass.sock? There is no such option. OK. Thank you for the bad news ;) Would we have that option if we use an smtpd_proxy_filter, i.e. spampd? Regards, wolfgang
Re: How to override an MX value for a particular domain only?
Martijn de Munnik wrote: On Nov 4, 2009, at 10:52 PM, Eric B. wrote: How can I instruct Postfix on that server to ignore the MX record being served by the internal DNS and actually query an external DNS server for the MX pointer instead? I looked through the main.cf config file, but can't seem to find anything. Can I configure Postfix to use a different DNS server as opposed to the internal one specified by my resolve.conf file? Any help or suggestions would be appreciated. http://www.postfix.org/postconf.5.html#transport_maps mydomain.com smtp:[realmx.mydomain.com] Martijn's above suggestion will reliably send mail for mydomain.com to realmx.mydomain.com, which is what you may want to do. Note: It does *not* query any DNS server for an MX record for mydomain.com, though. You would need to adapt it manually in case the external MX pointer is changed. Hope this helps, wolfgang
Re: reject_unknown_reverse_client_hostname rejects even if PTR RR is found
Magnus Bäck wrote: Anyway asy70.asy179.tellcom.com.tr is a NXdomain. So maybe postfix tries to look up the name it got from the PTR. reject_unknown_reverse_client_hostname only checks that the PTR lookups succeeds, it doesn't care about the lookup result like reject_unknown_client_hostname does. Sure? The error message Jul 12 09:12:48 rap postfix/smtpd[6597]: NOQUEUE: reject: RCPT from unknown[92.45.179.70]: 450 4.7.1 Client host rejected: cannot find your reverse hostname , [92.45.179.70]; from=eononagenar...@ajsquare.com to=k...@rap.rap.dk proto=ESMTP helo=asy70.asy179.tellcom.com.tr cannot find your reverse hostname sounds different to me. And the documentation http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname does not say that it does not care about the lookup result: reject_unknown_reverse_client_hostname Reject the request when the client IP address has no address-name mapping. This is a weaker restriction than the reject_unknown_client_hostname feature, which requires not only that the address-name and name-address mappings exist, but also that the two mappings reproduce the client IP address. Hope this helps, wolfgang
Re: Force mail to go through primary MX
Noel Jones wrote: Use a check_client_access map to control what IPs can send mail to your server. # main.cf smtpd_client_restrictions = check_client_access cidr:/etc/postfix/allowed_clients # reject all unlisted clients reject Andrew, is your server listed as a secondary MX for the domains in question? If your server is listed as a MX host officially in DNS, you should IMHO not use plain reject there, but rather a 4** error message to make sure that clients connect to the primary MX instead. As far as I can tell, reject would force the clients to give up on that message completely and bounce it to the sender. Hope this helps, wolfgang
OT: Ongoing phishing mail flood
We are currently receiving lots of password phishing mails with envelope sender and From: header [EMAIL PROTECTED] and Reply-To: [EMAIL PROTECTED] The connecting mail servers que41.charter.net[209.225.8.24] que51.charter.net[209.225.8.25] do apparently *not* stop re-connecting after receiving REJECT (554) errors, but keep coming back with the same sender-recipient pairs. Regards, wolfgang