from:"maurizio"

[pfx] Re: Alias forwarding request

2024-02-18 Thread Maurizio Caloro via Postfix-users

>>> internal only, from m...@domain.com to mar...@domain.com

>>If it is internal only, then you check:
>>`man 5 aliases'
Thanks yes, I have this already tried, But then again, it's not that simple.

>>>There is no need to use any other complicated techniques.
it would have been nice.

>>>Sincerely, Byunghee from South Korea
Meny thanks and Regards

___
Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send
an email to postfix-users-le...@postfix.org

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Alias forwarding request

2024-02-18 Thread Maurizio Caloro via Postfix-users

Hellow Maurizio,

>> Hellow Byunghee

 

Where do you plan to forward your emails? Google Gmail?

>> internal only, from  <mailto:m...@domain.com> m...@domain.com >  
>> <mailto:mar...@domain.com> mar...@domain.com

>> mae for convenience are only a alias from  <mailto:mar...@domain.com> 
>> mar...@domain.com

>> but this addon dont walking like i want.

 

If so, don't do that. Because it is very dangerous. If you are not careful,

your mail server's reputation may suffer. Nevertheless, Really if you want

to do that, use AWS/Mailgun as outbond relay SMTP. 

>> I don't send spam, my mail server is too expensive for that.

>> I also do not send newsletters. I know this tool, but never used.

 

Or deploy DKIM/ARC with full support!

>> dkim running

 

(Never send spam emails to Google Gmail! Very IMPORTANT!)

>> yes and from what you are talking? 

 

Sincerely, Byunghee

>> Regards

 

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Alias forwarding request

2024-02-08 Thread Maurizio Caloro via Postfix-users

Hello

 

Please i need / want, or i don't know which is the more polite form, to forward 
alias to mail, and i reading here other people that done this.

>> Which leads to the conclusion that ${recipient} expands to the recipient 
>> address *after* any address rewriting or aliasing.

But I think I'm right in this one, but me gently asking request last week, will 
be answerd with the message forward to dovecot, ok

writing also Dovecot and what do my eyes seen, no answer, no answer. I can 
imagine what your answer is here  but don't be too clumsy,

because it doesnt go down well.

 

Sorry so i’am back, really ridiculous, for all involved, and somewhat annoyed 
and frustrated. sorry gently gentlemen’s asking one more time

To forwarding alias to emailaddress, mysql are setuped followed:

 

Files :

*   /etc/folder/mysql-virtual_alias_maps.cf
*   /etc/folder/mysql-virtual_mailbox_domains.cf
*   /etc/folder/mysql-virtual_mailbox_maps.cf

 

broken_sasl_auth_clients = yes

virtual_transport = lmtp:unix:private/dovecot-lmtp

dovecot_destination_recipient_limit = 1

virtual_mailbox_maps = proxy:mysql:/etc/folder/mysql-virtual_mailbox_maps.cf

virtual_mailbox_domains = 
proxy:mysql:/etc/folderx/mysql-virtual_mailbox_domains.cf

virtual_alias_maps = proxy:mysql:/etc/folder/mysql-virtual_alias_maps.cf

 

# cat mysql-virtual_alias_maps.cf

hosts = localhost

user = UsernameMailserver

password = PasswortMailserver

dbname = DatabaseName from Mailserver

query = SELECT goto FROM alias WHERE address='%s'

 

# cat mysql-virtual_mailbox_domains.cf

hosts = localhost

user = UsernameMailserver

password = PasswortMailserver

dbname = DatabaseName from Mailserver

query = SELECT domain FROM domain WHERE domain='%s' and backupmx='0' and 
active='1'

 

# cat mysql-virtual_mailbox_maps.cf

hosts = localhost

user = UsernameMailserver

password = PasswortMailserver

dbname = DatabaseName from Mailserver

query = SELECT username FROM mailbox WHERE username = '%s'

 

I'm not usually the type to ask about everything, but here it's very special.

i really hope that we can reach our goal.

 

Lovely thanks

Version 3.5.23

 

--

my toilet paper is blue, maybe this will help| God bless 
you, me not because dont have time

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] why tls library problem?

2024-02-06 Thread Maurizio Caloro via Postfix-users

Please, i see often on log file

 

Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem: 
error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared 
cipher:../ssl/statem/statem_srvr.c:2283:

Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem: 
error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared 
cipher:../ssl/statem/statem_srvr.c:2283:

 

I have to do something here?

Thanks

 

--

Debian bullseye 11.8 | Postifix 3.5.23

 

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: problem to add, alias failed

2024-02-04 Thread Maurizio Caloro via Postfix-users

Thanks for all the messages that i recieved

> GRANT ALL PRIVILEGES ON mailserver.* TO markus@'domain.com 
> <mailto:markus@'domain.com>  

> <mailto:markus@'domain.com> ' IDENTIFIED BY

The problem was that Markus was created on the wrong database 

But me old question still exist, if adding the alias to mar...@domain.com like 
"mae" the

mail will only deliver to mae and not forwarded to mar...@domain.com

SQL i see here this Alias visible.

# SELECT goto FROM alias WHERE goto LIKE '%s%';

postmap -q  <mailto:m...@domain.com> m...@domain.com 
mysql:/etc/postfix/mysql/mysql-virtual-alias-maps.cf

 <mailto:mar...@domain.com> mar...@domain.com

please how i can set to forrwarding this? I think this will by also done on sql 
site?

That the mail from:

m...@domain.com <mailto:m...@domain.com>  >> will be f orrwarded to 
mar...@domain.com <mailto:mar...@domain.com> 

Thanks

-Ursprüngliche Nachricht-
Von: Simon Hoffmann via Postfix-users  
Gesendet: Dienstag, 30. Januar 2024 21:26
An: postfix-users@postfix.org
Betreff: [pfx] Re: problem to add, alias failed

Maurizio Caloro via Postfix-users wrote:

> if adding a new user with postfixadmin 3.3.8 or with cli this will run 

> without problem.

> 

>  

> 

> GRANT ALL PRIVILEGES ON mailserver.* TO  <mailto:markus@'domain.com> 
> markus@'domain.com 

> < <mailto:markus@'domain.com> mailto:markus@'domain.com> ' IDENTIFIED BY 

> '***';

you now have created a database (admin) user that has all privileges on your 
database with the username of markus. With the @domain part you have allowed 
that user to remotely connect to you database if the connection comes from a 
host with a hostname of domain.com (unless mariadb only listens on localhost 
for DB connections).

Please use REVOKE to delete this user. 

To add a new entry to the accounts or alias table, use INSERT INTO 
mailserver.alias VALUES ... according to the DB layout. 

Since you are using postfixadmin, why are you not using the Web UI to add a new 
mailbox?

> 

> 

> but if adding with postfixadmin any alias, this will bounce, with 

> following error

> postfix/lmtp[102470]: 3E101208A1: to= < <mailto:mar...@domain.com> 
> mailto:mar...@domain.com> 

>  <mailto:mar...@domain.com> mar...@domain.com, 
> relay=mail.domain.com[private/dovecot-lmtp],

markus is not a mail user, as explained above. 

However, you just said that adding *any* alias you cannot receive email.

Have you added the other aliases with the same way as above or have you 
actually used the postfixadmin web ui to add those aliases. 

If you have used the web ui, how does you main.cf look like?

Simply adding 

> virtual_transport = lmtp:unix:private/dovecot-lmtp

to the main.cf tells postfix to deliver mail to dovecot, but it neither tells 
postfix nor dovecot to connect to the database to look up if a user exists or 
not.

Since you are talking about aliases, you need to tell postfix a way to query 
the database to get the target email addresses to actually send the email to, 
and dovecot needs to know if a target user exists in order to accept email. 

If you send the (relevant) contents of main.cf to the list someone might be 
able to point out a configuration error. 

For the correct config of dovecot please see the dovecot documentation or ask 
for help on a dovecot mailing list.

Cheers, 

Simon

___

Postfix-users mailing list --  <mailto:postfix-users@postfix.org> 
postfix-users@postfix.org To unsubscribe send an email to  
<mailto:postfix-users-le...@postfix.org> postfix-users-le...@postfix.org

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] problem to add, alias failed

2024-01-30 Thread Maurizio Caloro via Postfix-users

if adding a new user with postfixadmin 3.3.8 or with cli this will run
without problem.

 

GRANT ALL PRIVILEGES ON mailserver.* TO markus@'domain.com
<mailto:markus@'domain.com> ' IDENTIFIED BY
'***';

FLUSH PRIVILEGES;

also on the DATABASES i see the entry

 

Debian 11.8

Postfix 3.5.23

mysql 10.5.21-MariaDB

 

but if adding with postfixadmin any alias, this will bounce, with following
error

 

postfix/lmtp[102470]: 3E101208A1: to= <mailto:mar...@domain.com>
mar...@domain.com, relay=mail.domain.com[private/dovecot-lmtp],

delay=0.12, delays=0.06/0.01/0.02/0.02, dsn=5.1.1, status=bounced (host
mail.domain.com[private/dovecot-lmtp]

said: 550 5.1.1 mar...@domain.com <mailto:mar...@domain.com>  User doesn't
exist: mar...@domain.com <mailto:mar...@domain.com>  (in reply to RCPT TO
command))

 

added :
virtual_transport = lmtp:unix:private/dovecot-lmtp

 

please i dont see the mistake, thanks for any possible update

Maurizio

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: search for compression switch?

2023-07-16 Thread Maurizio Caloro via Postfix-users

>There's no point in postmap'ing cidr tables.

http://www.postfix.org/POSTSCREEN_README.html
 - Permanent allow/denylist test

>Out of curiosity: what's your use case that requires checking the client's
IP against a 47 MB collection of cidr patterns?

Collection of Blacklisted-IP
Tail -n 5 access
123.180.172.22  REJECT
180.117.134.175 REJECT
117.81.108.85   REJECT
77.79.179.242   REJECT
43.155.159.88   REJECT
[snip]

cat access | wc -l
2'294'583

Yes me problem are that this file are to big for me little system

>Regards
>  mks

Mauri

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] search for compression switch?

2023-07-16 Thread Maurizio Caloro via Postfix-users

when i want to provide the file access via postmap, it inflates to double
size.

please is there a compression switch here? 

 

postscreen_access_list = permit_mynetworks,

cidr:/etc/postfix/whitelistCIDR+IP

cidr:/etc/postfix/access

 

root postfix  47M Jul 16 08:34 /etc/postfix/access

root postfix  83M Jul 16 08:35 /etc/postfix/access.db

 

thanks

 

 

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

double filesize after postmap conversion

2023-02-14 Thread Maurizio Caloro

Hello

 

In the meantime I have build a little script that will update daily me <
blacklistAccess > file from

blocklist de, with the listed IP Addresses, after i postmap with < Postfix
lookup table management >

this this will pump up to double size, i dont see any possible compression
functionality. Iam shure 

this possibilites will exist, so frendly try to ask.

 

Postfix lookup table management

-rw-r--r--   1 postfix postfix22M Feb 14 09:46
blacklistAccess

   The file contains 1'028'862 IP like listed

   103.146.224.186
REJECT

101.205.25.59REJECT

1.233.124.209REJECT

122.161.194.186   REJECT

175.156.114.63  REJECT

 

-rw-r--r--   1 postfix postfix42M Feb 14 09:48 blacklistAccess.db

 

Thanks for possible update

Re: SPF fail and domain fail, why?

2023-01-17 Thread Maurizio Caloro



Am 17.01.2023 um 03:34 schrieb Scott Kitterman:


On January 17, 2023 2:25:34 AM UTC, raf  wrote:

On Mon, Jan 16, 2023 at 08:01:10PM +0100, Maurizio Caloro  
wrote:


Hello

Please one more thing about Opendmarc, if send any email to any where
i see in log SPF fail, domain.ch fail ?

Jan 16 19:43:39 nmail opendkim[16490]: B6090404C3: DKIM-Signature field
added (s=nmail, d=caloro.ch)
Jan 16 19:43:39 nmail opendmarc[16483]: B6090404C3: SPF(mailfrom): caloro.ch
fail
Jan 16 19:43:39 nmail opendmarc[16483]: B6090404C3: caloro.ch fail

if recieve any mail from any where, any thing pass
Jan 16 19:37:10 nmail opendkim[13804]: 10003404C3: mailc-bb.linkedin.com
[A.B.C.D] not internal
Jan 16 19:37:10 nmail opendkim[13804]: 10003404C3: not authenticated
Jan 16 19:37:10 nmail opendkim[13804]: 10003404C3: message has signatures
from linkedin.com, mailc.linkedin.com
Jan 16 19:37:10 nmail opendkim[13804]: 10003404C3: signature=muv88Rcz
domain=linkedin.com selector=d2048-201806-01 result="no signature error";
signature=IKaXoyzS domain=mailc.linkedin.com selector=proddkim1024
result="no signature error"
Jan 16 19:37:10 nmail opendkim[13804]: 10003404C3: DKIM verification
successful
Jan 16 19:37:10 nmail opendkim[13804]: 10003404C3: s=d2048-201806-01
d=linkedin.com SSL
Jan 16 19:37:10 nmail opendmarc[15095]: 10003404C3 ignoring
Authentication-Results at 2 from nmail.caloro.ch
Jan 16 19:37:10 nmail opendmarc[15095]: 10003404C3: SPF(mailfrom):
bounce.linkedin.com pass
Jan 16 19:37:10 nmail opendmarc[15095]: 10003404C3: linkedin.com pass

--
on the header from any mail that i send will appair following
Authentication-Results-Original: caloro.ch, calm-ness.ch; spf=fail

# cat opendmarc.conf
AuthservID  caloro.ch, calm-ness.ch
AuthservIDWithJobID false
AutoRestart false
AutoRestartRate     10/1h
Background      true
DNSTimeout  5
HistoryFile /var/spool/postfix/opendmarc/opendmarc.dat
*IgnoreAuthenticatedClients  true*
IgnoreHosts /etc/opendmarc/ignore.hosts
PidFile /var/run/opendmarc/opendmarc.pid
RejectFailures  false
RequiredHeaders true
PublicSuffixList /etc/opendmarc/effective_tld_names.dat
Socketinet:8892@127.0.0.1
SoftwareHeader  true
SPFSelfValidate true
SPFIgnoreResults    false
Syslog  true
SyslogFacility  mail
# TrustedAuthservIDs    nmail.caloro.ch, nmail.calm-ness.ch
TrustedAuthservIDs  caloro.ch, calm-ness.ch
UMask   077
UserID  opendmarc:opendmarc

if checking online dmarc, dkim, spf from domain appair anything correct!
please why me email will fail?

thanks for any hint
Mauri

I could be wrong, but I suspect that the problem is
that you haven't configured OpenDMARC to not check
locally originating mail. According to the first
Received: header, the mail is coming from 37.120.190.188
(which is mentioned in multiple ways in the SPF record),
but your mail server at that IP address shouldn't be
performing this check on outgoing mail.

Perhaps you need to add this to your /etc/opendmarc.conf:

  IgnoreAuthenticatedClients true

Unfortunately, the code doing the SPF check doesn't
explain why it failed. Some do. For example, the

  package on debian would

probably show the IP address that caused the failure.
Maybe it's 127.0.0.1 (or the IP address of an
authenticated submission client).

The internal SPF implementation in OpenDMARC is not a full implementation of 
the protocol.  In general, you are likely to be better off having something SPF 
specific check SPF and then have OpenDMARC consume that result for it's DMARC 
processing.  If you are inclined towards Perl, then postfix-policyd-spf-perl is 
a good choice.  SPF Engine supports either a milter (pyspf-milter) or policy 
server (postfix-policyd-spf-python) interface with Postfix, depending on which 
you prefer, if you're up for a Python based solution.

Scott K

this was bevor always in opendmarc.conf present
    IgnoreAuthenticatedClients true

# opendmarc-check caloro.ch
DMARC record for caloro.ch:
    Sample percentage: 100
    DKIM alignment: strict
    SPF alignment: relaxed
    Domain policy: none
    Subdomain policy: unspecified
    Aggregate report URIs:
mailto:etczb...@ag.dmarcian-eu.com
    Failure report URIs:
    (none)

but please why "fail" appair, i think this will post from opendmarc

Jan 17 19:17:50 nmail opendkim[801]: 6A2F040132: DKIM-Signature field 
added (s=nmail, d=caloro.ch)
Jan 17 19:17:50 nmail opendmarc[766]: 6A2F040132: SPF(mailfrom): 
caloro.ch fail

Jan 17 19:17:50 nmail opendmarc[766]: 6A2F040132: caloro.ch fail


# dig caloro.ch txt
; <<>> DiG 9.11.5-P4-5.1+deb10u8-Debian <<>> caloro.ch t

SPF fail and domain fail, why?

2023-01-16 Thread Maurizio Caloro


Hello

Please one more thing about Opendmarc, if send any email to any where
i see in log SPF fail, domain.ch fail ?

Jan 16 19:43:39 nmail opendkim[16490]: B6090404C3: DKIM-Signature field 
added (s=nmail, d=caloro.ch)
Jan 16 19:43:39 nmail opendmarc[16483]: B6090404C3: SPF(mailfrom): 
caloro.ch fail

Jan 16 19:43:39 nmail opendmarc[16483]: B6090404C3: caloro.ch fail

if recieve any mail from any where, any thing pass
Jan 16 19:37:10 nmail opendkim[13804]: 10003404C3: mailc-bb.linkedin.com 
[A.B.C.D] not internal

Jan 16 19:37:10 nmail opendkim[13804]: 10003404C3: not authenticated
Jan 16 19:37:10 nmail opendkim[13804]: 10003404C3: message has 
signatures from linkedin.com, mailc.linkedin.com
Jan 16 19:37:10 nmail opendkim[13804]: 10003404C3: signature=muv88Rcz 
domain=linkedin.com selector=d2048-201806-01 result="no signature 
error"; signature=IKaXoyzS domain=mailc.linkedin.com 
selector=proddkim1024 result="no signature error"
Jan 16 19:37:10 nmail opendkim[13804]: 10003404C3: DKIM verification 
successful
Jan 16 19:37:10 nmail opendkim[13804]: 10003404C3: s=d2048-201806-01 
d=linkedin.com SSL
Jan 16 19:37:10 nmail opendmarc[15095]: 10003404C3 ignoring 
Authentication-Results at 2 from nmail.caloro.ch
Jan 16 19:37:10 nmail opendmarc[15095]: 10003404C3: SPF(mailfrom): 
bounce.linkedin.com pass

Jan 16 19:37:10 nmail opendmarc[15095]: 10003404C3: linkedin.com pass

--
on the header from any mail that i send will appair following
Authentication-Results-Original: caloro.ch, calm-ness.ch; spf=fail

# cat opendmarc.conf
AuthservID          caloro.ch, calm-ness.ch
AuthservIDWithJobID false
AutoRestart         false
AutoRestartRate         10/1h
Background          true
DNSTimeout  5
HistoryFile /var/spool/postfix/opendmarc/opendmarc.dat
IgnoreAuthenticatedClients  true
IgnoreHosts     /etc/opendmarc/ignore.hosts
PidFile /var/run/opendmarc/opendmarc.pid
RejectFailures  false
RequiredHeaders true
PublicSuffixList /etc/opendmarc/effective_tld_names.dat
Socket  inet:8892@127.0.0.1
SoftwareHeader  true
SPFSelfValidate true
SPFIgnoreResults    false
Syslog      true
SyslogFacility  mail
# TrustedAuthservIDs    nmail.caloro.ch, nmail.calm-ness.ch
TrustedAuthservIDs  caloro.ch, calm-ness.ch
UMask   077
UserID  opendmarc:opendmarc

if checking online dmarc, dkim, spf from domain appair anything correct!
please why me email will fail?

thanks for any hint
Mauri

Re: postfix/pickup question

2023-01-16 Thread Maurizio Caloro




> Am 16.01.2023 um 13:45 schrieb Wietse Venema :
> 
> Maurizio Caloro:
>>> Am 16.01.2023 um 00:53 schrieb Wietse Venema:
>>> What is the name for uid 109?
>>> 
>>>Wietse
>> 
>> postfix:x:109:115::/var/spool/postfix:/bin/false
>> Debian-exim:x:104:109::/var/spool/exim4:/bin/false
> 
> And what are you using to submit mail to Postfix?
Anywhere 2 world

> Some program
> is using the postfix userid.

Thats true, and i want excuse me for this topic. The app that causing this was 
opendmarc. I will update this, this evening to release 1.4.2

The option that was cause:
  -failurereports
  -failureReportssendby emailaddress
> 
>Wietse
Meny meny thanks, Regards
Mauri

Re: postfix/pickup question

2023-01-15 Thread Maurizio Caloro


Am 16.01.2023 um 00:53 schrieb Wietse Venema:

What is the name for uid 109?

Wietse


postfix:x:109:115::/var/spool/postfix:/bin/false
Debian-exim:x:104:109::/var/spool/exim4:/bin/false

# id 109
uid=109(postfix) gid=115(postfix) 
groups=115(postfix),121(opendkim),122(debian-spamd),125(opendmarc),128(spamass-milter)


meny thanks for possible update, regards

postfix/pickup question

2023-01-15 Thread Maurizio Caloro


Hello

Please i need your attention, when i send any mail, i have new this:
    >Jan 16 00:20:02 nmail postfix/pickup[18919]: 39E574367B: uid=109 
from=<*postfix*>


i dont found the issue, Can you lure me on the right track

postfix 3.4.23
debian 10.13

--

Jan 16 00:20:02 nmail opendkim[18925]: E5A0640960: DKIM-Signature field 
added (s=nmail, d=caloro.ch)
Jan 16 00:20:02 nmail opendmarc[18926]: E5A0640960: SPF(mailfrom): 
mauri...@caloro.ch pass

Jan 16 00:20:02 nmail opendmarc[18926]: E5A0640960: caloro.ch pass

Jan 16 00:20:02 nmail postfix/pickup[18919]: 39E574367B: uid=109 
from=


Jan 16 00:20:02 nmail opendmarc[18926]: ignoring connection from localhost
Jan 16 00:20:02 nmail postfix/cleanup[18959]: 39E574367B: message

--
Thanks

after update - postfix turble with %i

2023-01-11 Thread Maurizio Caloro


Hello
After updating debian i have little truble with postfix service "postmulti"
varibles, i think that this varible "%i" are not recoginzed correctly 
when start postfix


i try also multiple version to add "  '  " so that the %i can by 
recognize, and after adding
"configure-instance.sh postfix/" this will mount the main.cf but what 
the other

commands "configure-instance.sh postfix/" dont recognize this!?

thanks - Mauri


main.cf
multi_instance_enable = yes

# systemctl status postfix@-.service
● postfix@-.service - Postfix Mail Transport Agent (instance -)
   Loaded: loaded (/lib/systemd/system/postfix@-.service; enabled; 
vendor preset: enabled)

   Active: active (running) since Wed 2023-01-11 19:25:28 CET; 4s ago
 Docs: man:postfix(1)
  Process: 4966 ExecStartPre=/usr/lib/postfix/configure-instance.sh - 
(code=exited, status=0/SUCCESS)
  Process: 5281 ExecStart=/usr/sbin/postmulti -i - -p start 
(code=exited, status=0/SUCCESS)

    Tasks: 3 (limit: 2358)
   Memory: 6.3M
   CGroup: /system.slice/system-postfix.slice/postfix@-.service
   ├─5514 /usr/lib/postfix/sbin/master -w
   ├─5515 pickup -l -t unix -u
   └─5516 qmgr -l -t unix -u

Jan 11 19:25:25 nmail systemd[1]: Starting Postfix Mail Transport Agent 
(instance -)...
Jan 11 19:25:28 nmail postfix/postfix-script[5512]: starting the Postfix 
mail system
Jan 11 19:25:28 nmail postfix/master[5514]: daemon started -- version 
3.4.23, configuration /etc/postfix
Jan 11 19:25:28 nmail systemd[1]: Started Postfix Mail Transport Agent 
(instance -).


# cat postfix@-.service
[Unit]
Description=Postfix Mail Transport Agent (instance %i)
Documentation=man:postfix(1)
PartOf=postfix@-.service
Before=postfix@-.service
ReloadPropagatedFrom=postfix@-.service
After=network-online.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
GuessMainPID=no
ExecStartPre=/usr/lib/postfix/configure-instance.sh %i
ExecStart=/usr/sbin/postmulti -i %i -p start
ExecStop=/usr/sbin/postmulti -i %i -p stop
ExecReload=/usr/sbin/postmulti -i %i -p reload

[Install]
WantedBy=multi-user.target

Re: opendkim - permission issue?

2022-06-26 Thread Maurizio Caloro



On 27.06.2022 00:24, Wietse Venema wrote:

Maurizio Caloro:

setup also opendkim and will appear now the error "
*key data is not secure: / is writeable and owned by uid 110 which is 
not the executing uid (115)*  *or the superuser*"

it's seem that i have permission issue?

Look at the output from:

ls -ld /

Wietse


thanks but stil the same

# ls -ld
drwx-- 2 opendkim opendkim 4096 Jun 27 06:59 .

opendkim - permission issue?

2022-06-26 Thread Maurizio Caloro




setup also opendkim and will appear now the error "key data is not 
secure: / is writeable and owned by uid 110 which is not the executing 
uid (115)"

it's seem that i have permission issue?

# opendkim -V
    opendkim: OpenDKIM Filter v2.11.0
    Compiled with OpenSSL 1.1.1n  15 Mar 2022

systemctl
nmail opendkim: nmail._domainkey.caloro.ch: key data is not secure: / is 
writeable and owned by uid 110 which is not the executing uid (115) or 
the superuser

nmail opendkim: CC0E640: not authenticated
nmail opendkim: CC0E640: DKIM verification successful
nmail opendkim: CC0E640: s=nmail d=caloro.ch SSL
nmail opendkim: nmail._domainkey.caloro.ch: key data is not secure: / is 
writeable and owned by uid 110 which is not the executing uid (115) or 
the superuser

nmail opendkim: 09D30: DKIM-Signature field added (s=nmail, d=caloro.ch)

iam also reading that this "opendkim-testkey: key not secure" would mean 
that DNSSEC

# opendkim-testkey -d caloro.ch -s nmail -
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: key loaded from /etc/opendkim/key/dkim.key
opendkim-testkey: checking key 'nmail._domainkey.caloro.ch'
opendkim-testkey: key not secure
opendkim-testkey: PEM_read_bio_PrivateKey() failed error:0909006C:PEM 
routines:get_name:no start line


cat /etc/passwd /etc/group | grep 115 110
postfix:x:115:
postfix:x:109:115::/var/spool/postfix:/bin/false
opendkim:x:115:121::/var/run/opendkim:/bin/false
messagebus:x:110:
messagebus:x:105:110::/var/run/dbus:/bin/false
bind:x:110:117::/var/cache/bind:/bin/false

File and owner Security also are correct

/etc/bind# ls -la /etc/opendkim/key/
-rw--- 1 opendkim opendkim   51 Jun 26 22:50 dkim.key
-rw--- 1 opendkim opendkim 1675 Jun 26 22:50 nmail.private
-rw--- 1 opendkim opendkim  506 Jun 26 22:50 nmail.txt

thanks for any help
regards

AW: Postfix - Mysql - howto MultipleDomain?

2022-06-19 Thread Maurizio Caloro

Thanks all that Answered

The Private-key now I delte on every entry on main.cf and only the fullchain
are enabled, thanks

One more point, if checking with tls-check the domains: Caloro.ch0 fine,
calm-ness.ch are still error
Remaining. Configure also the local DNS Server with me two domains, but
always finish with this.

tlsCheck-Calm-ness.ch -> Cert Hostname DOES NOT VERIFY (nmail.calm-ness.ch
!= nmail.caloro.ch | DNS:nmail.caloro.ch)
tlsCheck-Calm-ness.ch -> So email is encrypted but the host is not verified

Thanks for any help
Regards
Mauri

-Ursprüngliche Nachricht-
Von: owner-postfix-us...@postfix.org  Im
Auftrag von Viktor Dukhovni
Gesendet: Samstag, 18. Juni 2022 02:49
An: postfix-users@postfix.org
Betreff: Re: Postfix - Mysql - howto MultipleDomain?

On Sat, Jun 18, 2022 at 09:05:07AM +1000, raf wrote:

> Even if the middle pair were in the right order, and even if they 
> successfully replaced the first pair (which might not be a thing 
> anyway), it would still end up with a single RSA certificate, not 
> both.

Correct.  For multiple MTA personalities there's SNI (generally not a good
practice, we have MX records for serving multiple domains on a single SMTP
server).  This requires lookup tables that map various names to non-default
certificate chains.

-- 
Viktor.

Re: Postfix - Mysql - howto MultipleDomain?

2022-06-16 Thread Maurizio Caloro


On 13.06.2022 12:05, Benny Pedersen wrote:
postfixadmin is make it very more helpness, move both domains to 
virtual, and make mydestination only for system users, not possible to 
send direct to from outside of mynetworks


https://www.howtoforge.com/how-to-set-up-a-mail-server-with-postfixadmin-on-debian-11/ 



it world work for older debian aswell, atleast not much need to be 
changed


Hello and first let me thanks for your message

Please i need little more input, now installed successfully this two 
noted domains,
i can mail and runnig with this setup postix,dovecot,mysql, but after 
little tls check
and test will be noted with cert problem on domain calm-ness, added now 
this

signed certificate to main.cf

after sigend and add to smtp_tld_chain_files will recieve
the following error.
    --> Out: 454 4.7.0 TLS not available due to local problem

[snips from main.cf]
mydestination = localhost, localhost.$mydomain, nmail.caloro.ch, 
nmail.calm-ness.ch


smtpd_tls_chain_files =
 /etc/letsencrypt/live/nmail.caloro.ch/privkey.pem,
 /etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem,
 /etc/letsencrypt/live/nmail.calm-ness.ch/fullchain.pem,
 /etc/letsencrypt/live/nmail.calm-ness.ch/privkey.pem,
 /etc/letsencrypt/live/nmail.caloro.ch-ecdsa/privkey.pem,
 /etc/letsencrypt/live/nmail.caloro.ch-ecdsa/fullchain.pem[]
[break]

Transcript of session follows.

 Out: 220 nmail.caloro.ch ESMTP Postfix (Debian/GNU)
 In:  EHLO www11-do.CheckTLS.com
 Out: 250-nmail.caloro.ch
 Out: 250-PIPELINING
 Out: 250-SIZE 25428800
 Out: 250-ETRN
 Out: 250-STARTTLS
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250-DSN
 Out: 250 CHUNKING
 In:  STARTTLS
 Out: 454 4.7.0 TLS not available due to local problem
 In:  QUIT
 Out: 221 2.0.0 Bye

thanks

Postfix - Mysql - howto MultipleDomain?

2022-06-12 Thread Maurizio Caloro


Hello

Here with me Postfix+Dovecot+Mysql Installation on Debian 10 i am 
running now meny years with

a setup from one Domain. Now i need to add a second Domain:
    ->Example1.ch
    ->Example2.ch
i was trying and adding now this second Domain to MYSQL and Postfix, but 
i see this arnt running.


So please exist any little howto, to add multiple Domains to 
Postfix+Mysql setup.

meny thanks for possible help

thanks

AW: Content Transfer Encoding 7bit or 8 bit - MiME - Base64

2022-06-01 Thread Maurizio Caloro




Thanks Viktor, for your fast answer

>There's nothing to solve.  You need a mail user agent (Mutt, Pine, Elm,
Thunderbird, Mail.app, ...) that was updated to support MIME some time in
last 28 years.  A >large fraction (like most) of email messages are MIME
encoded, that's just how it is.>
>--
>Viktor.

Quick short implementation, or exist here any possible example how I can
implement this?
thanks

Content Transfer Encoding 7bit or 8 bit - MiME - Base64

2022-06-01 Thread Maurizio Caloro

 

Hello

 

not often but meny time i will receive email like this, I read a lot about
"content transfer encoding"

but I don't found for this any solution.

 

smtp  inet  n   -   y   -   1   postscreen


-o content_filter=filter:dummy

 

 

"--===5636515821783414225== 

Content-Type: text/html; charset="utf-8" 

Content-Transfer-Encoding: base64 

 

PCFET0NUWVBFIGh0bWw+PGh0bWwgbGFuZz0iZW4iIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8x


OTk5L3hodG1sIiB4bWxuczp2PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOnZtbCIgeG1sbnM6


bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIj48aGVhZD4NCjxtZXRh


"

 

In the meantime i did found any solution, possible any one can help here?

Thanks

AW: AW: RSA and ECDSA - warning: No certs for key at index 1

2022-06-01 Thread Maurizio Caloro



>I don't know much about Acme.sh, but it doesn't look right combining
"--rsa-key-size 4096" and "--key-type ecdsa".
>
>cheers,
>raf

Yes try with command certbot

Maurizio

AW: AW: RSA and ECDSA - warning: No certs for key at index 1

2022-05-31 Thread Maurizio Caloro

Hello Viktor
Thanks for your Answer. the creation of this Cert are the following:

The one key-type are for RSA and ECDSA
Acme.sh certonly --standalone --rsa-key-size 4096 --domain 
nmail.caloro.ch --key-type rsa --cert-name nmail.caloro.ch-rsa
Acme.sh certonly --standalone --rsa-key-size 4096 --domain 
nmail.caloro.ch --key-type ecdsa --cert-name nmail.caloro.ch-ecdsa

yes, iam looking forward and willing to implement this, sorry but I think this 
are similar but now all the same key.

## TLS/SSL
/etc/letsencrypt/live/nmail.caloro.ch/privkey.pem
/etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem
## RSA
/etc/letsencrypt/live/nmail.caloro.ch-rsa/privkey.pem
/etc/letsencrypt/live/nmail.caloro.ch-rsa/fullchain.pem

>These are the same as the below.
Corrected now to other folder(writing error)
## ECDSA
/etc/letsencrypt/live/nmail.caloro.ch-ecdsa/privkey.pem
/etc/letsencrypt/live/nmail.caloro.ch-ecdsa/fullchain.pem

Me goal are to implement this for me server.
->> https://www.postfix.org/TLS_README.html
># Postfix ≥ 3.4.
># Storing keys separately from the associated certificates is not
># recommended.
>smtp_tls_chain_files =
>/etc/postfix/rsakey.pem,
>/etc/postfix/rsacerts.pem,
>/etc/postfix/ecdsakey.pem,
>/etc/postfix/ecdsacerts.pem

>The update remains: stick to just one key type for now.
Yes at this time no forwarding possibilities, thanks for possible update

Maurizio


-Ursprüngliche Nachricht-
Von: owner-postfix-us...@postfix.org  Im 
Auftrag von Viktor Dukhovni
Gesendet: Dienstag, 31. Mai 2022 13:41
An: postfix-users@postfix.org
Betreff: Re: AW: RSA and ECDSA - warning: No certs for key at index 1

On Tue, May 31, 2022 at 01:05:57PM +0200, Maurizio Caloro wrote:

> Today create new my key file RSA, and ECDSA, and signed with certbot.
> 
> ## TLS/SSL
>   /etc/letsencrypt/live/nmail.caloro.ch/privkey.pem
>   /etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem

What does "TLS/SSL" mean?

> ## RSA Key
>   /etc/letsencrypt/live/nmail.caloro.ch-rsa/privkey.pem
>   /etc/letsencrypt/live/nmail.caloro.ch-rsa/fullchain.pem

These are the same as the below.

> ## ECDSA Key
>   /etc/letsencrypt/live/nmail.caloro.ch-rsa/privkey.pem
>   /etc/letsencrypt/live/nmail.caloro.ch-rsa/fullchain.pem

These are the same as the above.

> [main.cf]
> smtpd_tls_chain_files =
>   /etc/letsencrypt/live/nmail.caloro.ch/privkey.pem,
>   /etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem,

What key type is this?

>   /etc/letsencrypt/live/nmail.caloro.ch-rsa/privkey.pem,
>   /etc/letsencrypt/live/nmail.caloro.ch-rsa/fullchain.pem

Perhaps both are RSA keys?  You can only have on certificate per key type.

> # smtpd_tls_cert_file =
> /etc/letsencrypt/live/nmail.caloro.ch-rsa/privkey.pem
> # smtpd_tls_key_file =
> /etc/letsencrypt/live/nmail.caloro.ch-rsa/fullchain.pem
> # smtpd_tls_eccert_file =
> /etc/letsencrypt/live/nmail.caloro.ch-ecdsa/privkey.pem
> # smtpd_tls_eckey_file =
> /etc/letsencrypt/live/nmail.caloro.ch-ecdsa/fullchain.pem

When you specify "chain_files", you should not also attempt to specify 
"key_file", "cert_file", "eckey_file"  and "eccert_file", because these are 
superseded by "chain_file" and ignored.

> smtpd_tls_received_header = yes
> smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

You don't need an "smtpd_tls_CAfile" unless you're soliciting client 
certificates, and even then don't specify the standard trust bundle, that 
causes the TLS handlshake to bloat with the complete list of trusted CA names...

> -- thanks for any update

The update remains: stick to just one key type for now.
-- 
Viktor.

AW: RSA and ECDSA - warning: No certs for key at index 1

2022-05-31 Thread Maurizio Caloro

Hello
Today create new my key file RSA, and ECDSA, and signed with certbot.

## TLS/SSL
/etc/letsencrypt/live/nmail.caloro.ch/privkey.pem
/etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem

## RSA Key
/etc/letsencrypt/live/nmail.caloro.ch-rsa/privkey.pem
/etc/letsencrypt/live/nmail.caloro.ch-rsa/fullchain.pem

## ECDSA Key
/etc/letsencrypt/live/nmail.caloro.ch-rsa/privkey.pem
/etc/letsencrypt/live/nmail.caloro.ch-rsa/fullchain.pem

[main.cf]
smtpd_tls_chain_files =
/etc/letsencrypt/live/nmail.caloro.ch/privkey.pem,
/etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem,
/etc/letsencrypt/live/nmail.caloro.ch-rsa/privkey.pem,
/etc/letsencrypt/live/nmail.caloro.ch-rsa/fullchain.pem

# smtpd_tls_cert_file =
/etc/letsencrypt/live/nmail.caloro.ch-rsa/privkey.pem
# smtpd_tls_key_file =
/etc/letsencrypt/live/nmail.caloro.ch-rsa/fullchain.pem
# smtpd_tls_eccert_file =
/etc/letsencrypt/live/nmail.caloro.ch-ecdsa/privkey.pem
# smtpd_tls_eckey_file =
/etc/letsencrypt/live/nmail.caloro.ch-ecdsa/fullchain.pem

smtpd_tls_received_header = yes
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

--
[Mail.log]
May 31 13:00:24 nmail postfix/smtps/smtpd[27271]: warning: key at index 1 in
/etc/letsencrypt/live/nmail.caloro.ch-rsa/privkey.pem does not match next
certificate
May 31 13:00:24 nmail postfix/smtps/smtpd[27271]: warning: TLS library
problem: error:1426D121:SSL routines:ssl_set_cert_and_key:not replacing
certificate:../ssl/ssl_rsa.c:1081:
May 31 13:00:24 nmail postfix/smtps/smtpd[27271]: warning: error loading
private keys and certificates from:
/etc/letsencrypt/live/nmail.caloro.ch/privkey.pem,
/etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem,
/etc/letsencrypt/live/nmail.caloro.ch-rsa/privkey.pem,
/etc/letsencrypt/live/nmail.caloro.ch-rsa/fullchain.pem: disabling TLS
support

-- thanks for any update

RSA and ECDSA - warning: No certs for key at index 1

2022-05-30 Thread Maurizio Caloro

Hello

 

try to install RSA and ECDSA, but it's don't run like normal mode.

I have note here any steps for integrated this and sign it.

 

Postfix mail_version = 3.4.14

 

privkey, fullchaine = normal TLS/SSL, RUN and OK

Postfix RSA = RSA, Failed

Postfix ECC = ECDSA, Failed

 

Generate Certificates.

./acme.sh --issue -d nmail.caloro.ch --keylength 4096 --standalone

./acme.sh --issue -d nmail.caloro.ch --keylength ec-384 -standalone

Als try with certbot, without change.

 

< Main.cf >

smtpd_tls_chain_files =

/etc/letsencrypt/live/nmail.caloro.ch/privkey.pem,

/etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem,

/etc/letsencrypt/live/nmail.caloro.ch/postfix-rsa.crt,

/etc/letsencrypt/live/nmail.caloro.ch/postfix-rsa.key,

/etc/letsencrypt/live/nmail.caloro.ch/postfix_ecc.crt,

/etc/letsencrypt/live/nmail.caloro.ch/postfix_ecc.cer

 

< Log >

May 30 08:37:05 postfix/smtps/smtpd[27908]: warning: No certs for key at
index 1 in /etc/letsencrypt/live/nmail.caloro.ch/postfix-rsa.key
/etc/letsencrypt/live/nmail.caloro.ch/postfix_ecc.key

May 30 08:37:05 postfix/smtps/smtpd[27908]: warning: error loading private
keys and certificates from:

/etc/letsencrypt/live/nmail.caloro.ch/privkey.pem,

/etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem, 

/etc/letsencrypt/live/nmail.caloro.ch/postfix-rsa.crt,

/etc/letsencrypt/live/nmail.caloro.ch/postfix-rsa.key,

/etc/letsencrypt/live/nmail.caloro.ch/postfix_ecc.crt,

/etc/letsencrypt/live/nmail.caloro.ch/postfix_ecc.key: disabling TLS support

 

Meny thanks for any possible hint, Maurizio

AW: postfix/smtpd - Can't connect toMySQL through socket

2022-05-26 Thread Maurizio Caloro



>
>Use proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf instead of
mysql:/etc/postfix/mysql-virtual_alias_maps.cf
>
>That will solve other problems, too, like making too many connections.
>
>   Wietse

Dear Wietse

Thanks meny time, yes it's running now!

Maurizio

postfix/smtpd - Can't connect toMySQL through socket

2022-05-26 Thread Maurizio Caloro

Hello

Ok today adding SSL support to my MariaDB after try to connecting from
postfix to it, I have here this error, that in this moment I don't see any
solution.

 

>May 26 18:32:50 nmail postfix/smtpd[23806]: warning: connect to mysql
server unix:/run/mysqld/mysqld.sock: Can't connect to local MySQL server
through socket '/run/mysqld/mysqld.sock' (2)

>May 26 18:32:50 nmail postfix/smtpd[23806]: warning:
mysql:/etc/postfix/mysql-virtual_alias_maps.cf lookup error for
mauri...@caloro.ch  

 

>May 26 18:36:48 nmail postfix/smtpd[24310]: warning: connect to mysql
server unix:/run/mysqld/mysqld.sock: Can't connect to local MySQL server
through socket '/run/mysqld/mysqld.sock' (2)

>May 26 18:36:48 nmail postfix/smtpd[24310]: warning:
mysql:/etc/postfix/mysql-virtual_alias_maps.cf lookup error for Emailaddress

 

The file "mysql-virtual_alias_maps.cf" exist and if I change the "unix
socket" to the "hosts ip" this will also run without any problem

 

># cat mysql-virtual_alias_maps.cf

>hosts = unix:/run/mysqld/mysqld.sock

># hosts = 127.0.0.1

>user = username

>password = password

>dbname = MailDatabase

>query = SELECT goto FROM alias WHERE address = '%s'

 

The socketfile from mysql are also creating when the mysql will start, also
add 777 to file but without any change

 

# ls -la /run/mysqld/mysqld.sock

srwxrwxrwx 1 mysql mysql 0 May 26 18:37 /run/mysqld/mysqld.sock

 

 

MariaDB are now ready to run with SSL support

MariaDB > sh running-config

+-+--+

| have_ssl| YES

 

 

Thanks for any more help, so that this connection can run more secure.

AW: mysql phpwebadmin

2022-05-26 Thread Maurizio Caloro

Because here I get a useful little possible hint quickly

>Then why are you asking a non-Postfix question?

mysql phpwebadmin

2022-05-26 Thread Maurizio Caloro

Yes i know this are the Postfix-forum..

Why in the PHPAdminClient v5.1, for change the passwd encryption, the "SHA2"
are not available to select? Installed MariaDB 10.3.34-0+deb10u1

thanks

Re: DANE but DNS Provider dont support this

2022-01-24 Thread Maurizio Caloro


On 23/01/2022 22:45, Viktor Dukhovni wrote:

If your domain is hosted by a "managed DNS" provider, with some
sort of web API for adding records, and there is no interface
for adding TLSA records, you're out of luck unless they support
the "unknown" DNS record format:

 https://datatracker.ietf.org/doc/html/rfc3597

For TLSA records that would be, for example:

 _25._tcp.smtp.example.com. IN TYPE52 \# 35 (
 03 01 01
 931ae3524f5dcf103b4c50eaf6db5ec1
 4f5e209c3ec44f14141f4dcad20beed7 )

which is a generic encoding of:

 _25._tcp.smtp.example.com. IN TLSA 3 1 1 
931ae3524f5dcf103b4c50eaf6db5ec14f5e209c3ec44f14141f4dcad20beed7

If your provider supports neither "TLSA" records, nor the generic
(unknown type) encoding, switch to a more competent DNS provider.


please, how did you solve this, also with an external provider, or running
this task on your own bind server?

DANE but DNS Provider dont support this

2022-01-23 Thread Maurizio Caloro


In the mean time installed DANE on local machine,
but my DNS-Provider dont Support this feature?

can i use also .TXT,  please how i can publish this?

thanks

Blacklisted - SASL Login Attempt

2022-01-13 Thread Maurizio Caloro

 

Hello, I see he tried to log in "authentication failed" and failed , but the
IP is blacklisted, please why? should it not be blocked before.

 

--

OS

Debian 10.11 - Postfix - mail_version = 3.4.14

 

--

Main.cf

postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/whitelistCIDR+IP, cidr:/etc/postfix/blacklistIP

 

--

BlacklistIP

root@mail:/etc/postfix# cat blacklistIP |  grep 5.188.206.199

5.188.206.199   REJECT

 

--

Mail.log

Jan 14 07:17:56 nmail postfix/smtps/smtpd[7809]: warning:
unknown[5.188.206.199]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

Jan 14 07:17:57 nmail postfix/smtps/smtpd[7809]: lost connection after AUTH
from unknown[5.188.206.199]

SSL_accept error from unknown

2021-10-18 Thread Maurizio Caloro


Hello

see today logs "SSL_accept Error", please its this a known issue?
installed Postfix 3.4.14, Openssl 1.1.1d, Debian 10.11.

Oct 19 05:59:18 nmail postfix/smtps/smtpd[32720]: SSL_accept error from 
232.115.xx.xx.static.ip.windstream.net[40.138.xx.xx]: lost connection
Oct 19 06:45:31 nmail postfix/smtps/smtpd[688]: SSL_accept error from 
unknown[192.x.x.x]: -1
Oct 19 06:45:31 nmail postfix/smtps/smtpd[688]: warning: TLS library 
problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version 
number:../ssl/record/ssl3_record.c:332


thanks
Mauri

knocking - still exist - how to block?

2021-10-13 Thread Maurizio Caloro



please how i can block this knocking on the door*, try with this 
example.

*

*postscreen_access_list = permit_mynetworks,
    hash:/etc/postfix/senderdomain,
 hash:/etc/postfix/whitelistIP,
    cidr:/etc/postfix/whitelistCIDR*

*
*

*cat ***/etc/postfix/whitelistIP**

**192.146.215.104 PERMIT
 # Rejects
143.204.98.70   REJECT # Amazonses

**

*Oct - 10:19:07 mail postfix/smtps/smtpd[21759]: warning: 
unknown[212.70.149.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct - 10:19:08 mail postfix/smtps/smtpd[21759]: lost connection after 
AUTH from unknown[212.70.149.71]
Oct - 10:19:08 mail postfix/smtps/smtpd[21759]: disconnect from 
unknown[212.70.149.71] ehlo=1 auth=0/1 rset=1 commands=2/3
Oct - 10:20:05 mail postfix/smtps/smtpd[21759]: connect from 
unknown[212.70.149.71]
Oct - 10:20:08 mail postfix/smtps/smtpd[21759]: Anonymous TLS connection 
established from unknown[212.70.149.71]: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)


but without success*

*Thanks*

**

SpamC - connection refused

2021-09-28 Thread Maurizio Caloro

Sending to spamassassin group, and no answer will by appair, possible this
are outdated?

Please how I can fix this connection refused, disabling IPv6 also not help.

 

Sep 28 15:11:22 nmail spamd[3826]: prefork: child states: II

 

Sep 28 15:11:23 nmail spamc[4525]: connect to spamd on 127.0.0.1 failed,
retrying (#1 of 3): Connection refused

Sep 28 15:11:23 nmail spamc[4525]: connect to spamd on 127.0.0.1 failed,
retrying (#2 of 3): Connection refused

Sep 28 15:11:24 nmail spamc[4525]: connect to spamd on 127.0.0.1 failed,
retrying (#3 of 3): Connection refused

 

Sep 28 15:11:24 nmail spamc[4525]: connection attempt to spamd aborted after
3 retries

Sep 28 15:11:24 nmail postfix/pickup[4386]: 2B9D240051: uid=116
from=

--

 

>>ii  spamc 3.4.2-1+deb10u3 amd64  Client for
SpamAssassin spam filtering daemon

>>ii  postfix3.4.14-0+deb10u1 amd64   High-performance mail
transport agent

 

Meny switches like only ipv4 also no result

 

/etc/default/spamsassassin

OPTIONS="--nouser-config --create-prefs --max-children 5 --helper-home-dir
/var/lib/spamassassin --username=debian-spamd --groupname=debian-spamd
--siteconfigpath /etc/spamassassin

-socketpath=/var/spool/postfix/spamass/spamd.sock --socketowner=debian-spamd
--socketgroup=debian-spamd --socketmode=0660"

 

Thanks

Mauri

Search for free MX Backup Service

2021-07-01 Thread Maurizio Caloro

Hello 

 

Searching any Service that offer free any possible MX Backup?

Found kisolabs "dot" com but it seems this service are down

 

Thanks for possible update or help

Regards

Mauri

AW: Milter-Reject

2021-06-18 Thread Maurizio Caloro

Thanks

>The 4.7.1 means "try again later". The remote SMTP client decides when it
retries.

Adding the hostname and/or IP here or exist and other thing that this mail
will be deliver for first try? 
postscreen_access_list = permit_mynetworks,
hash:/etc/postfix/whitelistIP

 Maurizio

Milter-Reject

2021-06-18 Thread Maurizio Caloro

Hello

Not every Email will "reject" about this message, and will be deliver to my
mailbox approx. 30min Later.

Please how I can downsize this time?

 

>Jun 18 14:30:24 nmail postfix/cleanup[32365]: 23A3440631: milter-reject:
END-OF-MESSAGE from deferred1.pod17.euw1.zdsys.com[188.172.137.31]: 4.7.1
Service unavailable

>try again later; from=  i...@apfelkiste.ch to=
 mauri...@caloro.ch proto=ESMTP
helo=

> 

>smtpd_milters = unix:opendkim/opendkim.sock, unix:opendmarc/opendmarc.sock,
unix:private/clamav/clamav-milter.ctl

>non_smtpd_milters = $smtpd_milters

 

Thanks

Mauri

Relay denied - failed from WORLD 2 LAN

2021-05-28 Thread Maurizio Caloro

Hello

want to put this setup into operation and it failed. I have a Postfix server
with this setup and Spamassassin.

in the background there is an HCL Domino server. I was able to E-Mail from
(LAN) to myself (WORLD), but

E-mail that sending (WORLD) to (LAN INSIDE), never arrive.  

 

also didnt see the mechanisms from incomming mail that will send to HCL
Domino Server? try to put this

over submission so also will blocking may Spamers. thanks for help

-

mail_version = 3.4.14

 

log

May 27 22:17:57 srvcar010 postfix/smtpd[9596]: connect from
unknown[117.92.203.30]

May 27 22:17:58 srvcar010 postfix/smtpd[9596]: NOQUEUE: reject: RCPT from
unknown[117.92.203.30]: 450 4.7.25 Client host rejected: cannot find your
hostname, [117.92.203.30]; from=  euaq...@ulis.com
to=  usern...@domain.ch proto=ESMTP
helo=

May 27 22:17:58 srvcar010 postfix/smtpd[9596]: disconnect from
unknown[117.92.203.30] ehlo=1 mail=1 rcpt=0/1 quit=1 commands=3/4

May 27 22:18:01 srvcar010 postfix/postscreen[9582]: CONNECT from
[45.148.10.190]:41226 to [192.168.201.87]:25

--

ay 27 22:18:11 srvcar010 postfix/postscreen[9582]: CONNECT from
[ipaddress]:55328 to [192.168.201.87]:25

May 27 22:18:11 srvcar010 postfix/postscreen[9582]: PASS OLD
[ipaddress]:55328

May 27 22:18:11 srvcar010 postfix/smtpd[9596]: connect from smtp.mailer.ch
[ipaddress]

May 27 22:18:11 srvcar010 postfix/smtpd[9596]: Anonymous TLS connection
established from smtp.mailer.ch[ipaddress]: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

May 27 22:18:11 srvcar010 postfix/smtpd[9596]: NOQUEUE: reject: RCPT from
smtp.mailer.ch[ipaddress]: 554 5.7.1  
usern...@domain.ch: Relay access denied; from= 
usern...@domain.ch to=  usern...@domain.ch
proto=ESMTP helo=

May 27 22:18:11 srvcar010 postfix/smtpd[9596]: disconnect from
smtp.mailer.ch [ipaddress] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1
quit=1 commands=6/8

May 27 22:18:14 srvcar010 postfix/postscreen[9582]: CONNECT from
[45.148.10.190]:39942 to [192.168.201.87]:25

--

root@s:/etc/postfix# postconf -n

alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

append_dot_mydomain = no

biff = no

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

compatibility_level = 2

daemon_directory = /usr/lib/postfix/sbin

data_directory = /var/lib/postfix

debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5

disable_vrfy_command = yes

html_directory = no

inet_interfaces = all

inet_protocols = all

mailbox_size_limit = 0

mailq_path = /usr/bin/mailq

message_size_limit = 25428800

milter_connect_macros = "i j {daemon_name} v {if_name} _"

milter_default_action = accept

milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
{mail_host} {mail_mailer}

milter_protocol = 6

myhostname = mail.carag.com

mynetworks = 80.254.176.41/32, 192.168.201.0/24, 192.168.202.0/24,
127.0.0.0/8

newaliases_path = /usr/bin/newaliases

non_smtpd_milters = $smtpd_milters

postscreen_access_list = permit_mynetworks,

postscreen_bare_newline_action = ignore

postscreen_bare_newline_enable = yes

postscreen_blacklist_action = drop

postscreen_cache_cleanup_interval = 24h

postscreen_cache_map = btree:/var/lib/postfix/postscreen_cache

postscreen_dnsbl_action = enforce

postscreen_dnsbl_reply_map = pcre:/etc/postfix/dnsbl_reply_map.pcre

postscreen_dnsbl_sites = zen.spamhaus.org*3

postscreen_dnsbl_threshold = 3

postscreen_dnsbl_whitelist_threshold = -1

postscreen_greet_action = enforce

postscreen_greet_wait = 4s

postscreen_non_smtp_command_action = drop

postscreen_non_smtp_command_enable = yes

postscreen_pipelining_action = enforce

postscreen_pipelining_enable = yes

postscreen_whitelist_interfaces = 80.254.176.41 static:all

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix

relayhost = 192.168.201.117

sample_directory = /usr/share/doc/postfix

sendmail_path = /usr/sbin/sendmail

setgid_group = postdrop

smtp_address_preference = any

smtp_dns_support_level = dnssec

smtp_header_checks = regexp:/etc/postfix/header_checks

smtp_host_lookup = dns

smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

smtp_tls_cert_file = /etc/letsencrypt/live/mail.carag.com/fullchain.pem

smtp_tls_exclude_ciphers = aNULL, MD5

smtp_tls_key_file = /etc/letsencrypt/live/mail.carag.com/privkey.pem

smtp_tls_loglevel = 1

smtp_tls_mandatory_ciphers = high

smtp_tls_mandatory_exclude_ciphers = aNULL, MD5

smtp_tls_mandatory_protocols = !SSLv2, !TLSv1, !TLSv1.1

smtp_tls_note_starttls_offer = yes

smtp_tls_protocols = !SSLv2, !TLSv1, !TLSv1.1

smtp_tls_security_level = may

smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache

smtp_use_tls = yes

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

AW: mysql entry needed?

2021-05-19 Thread Maurizio

Thanks meny time for your answer

Please i need little more help, friedly ask for little help to recieve any
feedback from following request.
Think possible here mailbox_domain will have been used a few times, but on
me setup I am not so successful.

root@mail:/etc/postfix# cat mysql-virtual_mailbox_domains.cf
user = username
password = StrongPassword
dbname = postfixadmin
hosts = localhost
query = SELECT domain FROM domain WHERE domain = '%s'

--

MariaDB [(none)]> use postfixadmin;
Database changed

MariaDB [postfixadmin]> SELECT domain FROM domain WHERE domain = '%s';
Empty set (0.000 sec)

MariaDB [postfixadmin]> SELECT domain FROM domain WHERE domain = '%s%';
Empty set (0.000 sec)

MariaDB [postfixadmin]> SELECT domain FROM domain;
+---+
| domain|
+---+
| ALL   |
| example.ch|
+---+
2 rows in set (0.001 sec)

Thanks Regards
Mauri




-Ursprüngliche Nachricht-
Von: owner-postfix-us...@postfix.org  Im
Auftrag von post...@ptld.com
Gesendet: Dienstag, 18. Mai 2021 15:53
An: postfix-users@postfix.org
Betreff: Re: mysql entry needed?

On 05-18-2021 9:31 am, Maurizio Caloro wrote:
> Installed Mysql on debian 10.9 and will ask you friendly to receive 
> the
> 5
> command to create this db on my mysql sever.
> 
> Please I don't know the command's and I don't found or see any nice 
> example.

Postfix wont have any examples because it is something you do in sql/mysql,
there are many ways, and each database does it different. 
They assume you know how to use databases.

MySql documentation can be found here:
https://dev.mysql.com/doc/refman/8.0/en/creating-tables.html

But you can google more friendly examples, for example:
https://www.w3schools.com/mysql/mysql_create_table.asp

You have to first decide your table structure, only you will know everything
you will want in the database. Setting up databases with postfix is not for
the casual tutorial copy/paste development.


> virtual_mailbox_domains =mysql:
> /etc/postfix/mysql-virtual_mailbox_domains.cf
> 
> mysql-virtual_mailbox_domains.cf
> username, password, DBName, host
> SELECT domain FROM domain WHERE domain = '%s'

Here is an example of one way for your setup:

main.cf:
virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf

mysql-virtual_mailbox_domains.cf:
hosts = unix:/var/lib/mysql/mysql.sock
dbname = 
user = 
password = 
require_result_set = no
query = SELECT domainName FROM domains WHERE domainName='%s' LIMIT 1

MySQL Commands:
CREATE DATABASE ;
CREATE TABLE domains (domainName VARCHAR(50) NOT NULL PRIMARY KEY); INSERT
INTO domains SET domainName = 'example.com';

mysql entry needed?

2021-05-18 Thread Maurizio Caloro

Hello

Installed Mysql on debian 10.9 and will ask you friendly to receive the 5
command to create this db on my mysql sever.

Please I don't know the command's and I don't found or see any nice example.

Postfix 3.4.14

 

virtual_mailbox_maps =   mysql:
/etc/postfix/mysql-virtual_mailbox_maps.cf

virtual_mailbox_domains =mysql:
/etc/postfix/mysql-virtual_mailbox_domains.cf

virtual_alias_maps =  mysql:
/etc/postfix/mysql-virtual_alias_maps.cf

smtpd_sender_login_maps =mysql:
/etc/postfix/mysql-virtual_sender_permissions.cf

 

mysql-virtual_alias_maps.cf

username, password, DBName, host

SELECT goto FROM alias WHERE address = '%s'

 

mysql-virtual_gid_maps.cf

username, password, DBName, host

SELECT gid FROM mail_users WHERE email = '%s'

 

mysql-virtual_mailbox_domains.cf

username, password, DBName, host

SELECT domain FROM domain WHERE domain = '%s'

 

mysql-virtual_mailbox_maps.cf

username, password, DBName, host

SELECT username FROM mailbox WHERE username = '%s'

 

mysql-virtual_sender_permissions.cf

username, password, DBName, host

query = SELECT DISTINCT username FROM mail_users WHERE email
in ((SELECT mail_virtual.email_full FROM mail_virtual WHERE
mail_virtual.email = '%s' UNION SELECT mail_virtual.destination FROM
mail_virtual WHERE mail_virtual.email = '%s'));

 

thanks for possible update

mysql entry needed?

2021-05-18 Thread Maurizio Caloro

Hello

Installed Mysql on debian 10.9 and will ask you friendly to receive the 5
command to create this db on my mysql sever.

Please I don't know the command's and I don't found or see any nice example.

Postfix 3.4.14

 

virtual_mailbox_maps =   mysql:
/etc/postfix/mysql-virtual_mailbox_maps.cf

virtual_mailbox_domains =mysql:
/etc/postfix/mysql-virtual_mailbox_domains.cf

virtual_alias_maps =  mysql:
/etc/postfix/mysql-virtual_alias_maps.cf

smtpd_sender_login_maps =mysql:
/etc/postfix/mysql-virtual_sender_permissions.cf

 

mysql-virtual_alias_maps.cf

username, password, DBName, host

SELECT goto FROM alias WHERE address = '%s'

 

mysql-virtual_gid_maps.cf

username, password, DBName, host

SELECT gid FROM mail_users WHERE email = '%s'

 

mysql-virtual_mailbox_domains.cf

username, password, DBName, host

SELECT domain FROM domain WHERE domain = '%s'

 

mysql-virtual_mailbox_maps.cf

username, password, DBName, host

SELECT username FROM mailbox WHERE username = '%s'

 

mysql-virtual_sender_permissions.cf

username, password, DBName, host

query = SELECT DISTINCT username FROM mail_users WHERE email
in ((SELECT mail_virtual.email_full FROM mail_virtual WHERE
mail_virtual.email = '%s' UNION SELECT mail_virtual.destination FROM
mail_virtual WHERE mail_virtual.email = '%s'));

 

thanks for possible update

AW: domain.ch in BOTH virtual_mailbox_domains and relay_domains ?

2021-05-13 Thread Maurizio Caloro



>https://git.launchpad.net/spf-engine/tree/README.per_user_whitelisting?h=2.
9.2
>
>then add recipient to it with permisive if if its important to some
>no problem

Please i think spf-engine now It's implement how I can check if thois will
run correctly
Thanks
Mauit

AW: AW: AW: domain.ch in BOTH virtual_mailbox_domains and relay_domains ?

2021-05-13 Thread Maurizio Caloro



>hard reject is not softfails, so even if spf was soft policy its rejected,
but that is simple in spf-engine to make local policy to not reject
softfails, more hint needed ? :=)
Yes please, Outdated spf removed purged. I'am now searching any
instruction/manual to implement this new spf-engine.
python3-spf-engine 2.9.2-0+deb10u1   all
Sender Policy Framework (SPF) processing module
don't found now any link, and or instruction to implement this, spf also are
running like soft ~all, for any help iam realy happy
Meny Thanks

AW: AW: domain.ch in BOTH virtual_mailbox_domains and relay_domains ?

2021-05-13 Thread Maurizio Caloro

>On 2021-05-13 19:07, Maurizio Caloro wrote:
> http://www.openspf.net/Why?s=mfrom;id=n...@domain.com;ip=IP;r=;
And this link arnt running

>4000+ ips and still none spf pass
>https://dmarcian.com/spf-survey/?domain=Domain.com

Thanks Benny
Yes this email are important, please can hope that this will auto-retry?

AW: domain.ch in BOTH virtual_mailbox_domains and relay_domains ?

2021-05-13 Thread Maurizio Caloro

_tls_cert_file = /etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem
smtpd_tls_exclude_ciphers = aNULL, MD5
smtpd_tls_key_file = /etc/letsencrypt/live/nmail.caloro.ch/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
submission_sender_checks = check_sender_access
hash:/etc/postfix/reject_null_sender
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

-Ursprüngliche Nachricht-
Von: Wietse Venema  
Gesendet: Donnerstag, 13. Mai 2021 18:48
An: Maurizio Caloro 
Cc: postfix-users@postfix.org
Betreff: Re: domain.ch in BOTH virtual_mailbox_domains and relay_domains ?

Maurizio Caloro:
> [main.cf]

Don't paste main.cf. use postconf -n output.

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail

TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Thank you for using Postfix.

domain.ch in BOTH virtual_mailbox_domains and relay_domains ?

2021-05-13 Thread Maurizio Caloro

hello

Mail Server with debian 10.9, running fine and without problem, today made
any update

and see the following, i didnt understood from how its this coming.

 

Postfix - Mysql - Dovecot

 

thanks for possible update

 

[postfix-log]

postfix/trivial-rewrite[13162]: warning: do not list domain example.ch in
BOTH virtual_mailbox_domains and relay_domains

 

[main.cf]

myhostname = server.example.ch

mydomain = example.ch

mydestination = $myhostname localhost.$mydomain localhost

relay_domains =

 

[hosts]

127.0.0.1   example.ch   server.example.ch

 

 

 

regards

Mauri

smtpd_policy_maps - Obsolted - Postfix 3.4.14

2021-05-11 Thread Maurizio Caloro

Hello 

 

Mail_version = 3.4.14

 

postconf: warning: /etc/postfix/main.cf: unused parameter: smtpd_policy_maps
= socketmap:inet:127.0.0.1:8461:postfix

postconf: warning: /etc/postfix/main.cf: unused parameter: smtp_policy_maps
= socketmap:inet:127.0.0.1:8461:postfix

 

smtpd_policy_maps  - Obsolted ??

 

netstat

tcp0  0 127.0.0.1:8461  0.0.0.0:*   LISTEN
1000   18181  464/python3

 

meny thanks

mta-sts - main.cf - no trusted TLC Connection string appair

2021-04-20 Thread Maurizio Caloro

Postfix 3.4.14 - Debain 10

 

main.cf [snip]

# SMTP from other servers to yours

disable_vrfy_command = yes

smtpd_delay_reject = yes

smtpd_helo_required = yes

# mta-sts

smtpd_policy_maps = socketmap:inet:127.0.0.1:8461:postfix

 

-

 

# netstat | grep 8461

tcp 127.0.0.1:8461   0.0.0.0:*  LISTEN  1000
3743543   12790/python3

 

-

 

/etc/ # postmap -q caloro.ch socketmap:inet:127.0.0.1:8461:postfix

secure match = nmail.caloro.ch

 

-

 

i was thinking that any of this need to appair inside mail.log

->Trusted TLS connection established

->Verified TLS connection established

 

but not, thanks for any update!

Regards

Mauri

Postscreen - dovecot Sieve

2021-04-13 Thread Maurizio Caloro

Hello

Please iam play now one day with dovecot sieve to filter mails, so that Spam
mail will forwarded to other folders.

This arnt running now, and asking doevcot, no answer are reached out now.

 

smtp  inet  n   -   y   -   1   postscreen
-o content_filter=spamassassin

 

please if this are enabled, it's possible that the Dovecot - Sieve rule are
not working?

Thanks for possible update

Regards

AW: warning: dnsblog_query lookup error

2021-04-08 Thread Maurizio Caloro

>>You should not use public dns servers to query dnsbls as they are likely 
>>blocked due to excessive query volume at the dnsbl. Install and use >>a local 
>>resolver like unbound, knot, bind and use nameserver 127.0.0.1 in 
>>/etc/resolv.conf

root@nmail:/etc/postfix# cat /etc/resolv.conf
nameserver 127.0.0.1
nameserver 8.8.8.8

Please I can ping everything ..

root@nmail:/etc/postfix# ping 42.89.92.40
PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data.
16 packets transmitted, 0 received, 100% packet loss, time 354ms

root@nmail:/etc/postfix# ping 109.75.92.40
PING 109.75.92.40 (109.75.92.40) 56(84) bytes of data.
3 packets transmitted, 0 received, 100% packet loss, time 27ms

Thanks
Mauri
-Ursprüngliche Nachricht-
Von: owner-postfix-us...@postfix.org  Im 
Auftrag von Christian Kivalo
Gesendet: Donnerstag, 8. April 2021 09:02
An: postfix-users@postfix.org
Betreff: Re: warning: dnsblog_query lookup error



On April 8, 2021 8:29:09 AM GMT+02:00, Maurizio Caloro  
wrote:
>Hello
>
>I have the issue with mail from Outlook, or Hotmail this Warning appair 
>and the mail don't deliver to me.
>cat /etc
> 
>
>Apr  8 08:04:24  ail postfix/dnsblog[7379]: warning: dnsblog_query:
>lookup
>error for DNS query 109.75.92.40.list.dnswl.org: Host or domain name 
>not found. Name service error for name=109.75.92.40.list.dnswl.org 
>type=A:
>Host
>not found, try again
>
> 
>
>Apr  8 08:23:10 ail postfix/dnsblog[7943]: warning: dnsblog_query:
>lookup
>error for DNS query 42.89.92.40.list.dnswl.org: Host or domain name not 
>found. Name service error for name=42.89.92.40.list.dnswl.org type=A:
>Host
>not
>
>found, try again
>
> 
>
>postscreen_dnsbl_sites = zen.spamhaus.org*3
>
>b.barracudacentral.org*2
>
>bl.spameatingmonkey.net*2
>
>bl.spamcop.net
>
>dnsbl.sorbs.net
>
>psbl.surriel.com
>
>bl.mailspike.net
>
>list.dnswl.org=127.0.[0..255].0*-2
>
>list.dnswl.org=127.0.[0..255].1*-3
>
>list.dnswl.org=127.0.[0..255].[2..3]*-4
>
> 
>
>root@nmail:/etc/postfix# ping 42.89.92.40
>
>PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data.
>
>181 packets transmitted, 0 received, 100% packet loss, time 482ms
>
> 
>
>root@nmail:/etc/postfix# cat /etc/resolv.conf
>
>nameserver 8.8.8.8
>
>nameserver 46.38.225.230
You should not use public dns servers to query dnsbls as they are likely 
blocked due to excessive query volume at the dnsbl. Install and use a local 
resolver like unbound, knot, bind and use nameserver 127.0.0.1 in 
/etc/resolv.conf
> 
>
>regards
>
>Mauri
>
> 
>
> 

--
Christian Kivalo

warning: dnsblog_query lookup error

2021-04-08 Thread Maurizio Caloro

Hello

I have the issue with mail from Outlook, or Hotmail this Warning appair and
the mail don't deliver to me.

 

Apr  8 08:04:24  ail postfix/dnsblog[7379]: warning: dnsblog_query: lookup
error for DNS query 109.75.92.40.list.dnswl.org: Host or domain name not
found. Name service error for name=109.75.92.40.list.dnswl.org type=A: Host
not found, try again

 

Apr  8 08:23:10 ail postfix/dnsblog[7943]: warning: dnsblog_query: lookup
error for DNS query 42.89.92.40.list.dnswl.org: Host or domain name not
found. Name service error for name=42.89.92.40.list.dnswl.org type=A: Host
not 

found, try again

 

postscreen_dnsbl_sites = zen.spamhaus.org*3

b.barracudacentral.org*2

bl.spameatingmonkey.net*2

bl.spamcop.net

dnsbl.sorbs.net

psbl.surriel.com

bl.mailspike.net

list.dnswl.org=127.0.[0..255].0*-2

list.dnswl.org=127.0.[0..255].1*-3

list.dnswl.org=127.0.[0..255].[2..3]*-4

 

root@nmail:/etc/postfix# ping 42.89.92.40

PING 42.89.92.40 (42.89.92.40) 56(84) bytes of data.

181 packets transmitted, 0 received, 100% packet loss, time 482ms

 

root@nmail:/etc/postfix# cat /etc/resolv.conf

nameserver 8.8.8.8

nameserver 46.38.225.230

 

regards

Mauri

450 4.3.2 - Postscreen

2021-04-07 Thread Maurizio Caloro

 

Hello

Today I have activate postscreen on mailserver, now one email will now
reject but I understood that this

Will be delivered after some time... "this are like in waiting"

 

Apr  7 18:49:36 ail postfix/postscreen[32484]: NOQUEUE: reject: RCPT from
[40.92.73.101]:47169: 450 4.3.2 Service currently unavailable;
from=jemes.c...@hotmail.com  ,
to=mauri...@domain.ch  , proto=ESMTP,
helo=

 

Please how long will this action take, or its possible to shorting this
time?

 

Or I need to understood more about this postrscreen?

Thanks

Update -- master.conf+main.conf now spammail will not deliver to right mailfolder

2021-04-06 Thread Maurizio Caloro

Hello

after modified the hole mail.cf and master.cf postfix 3.4.14 the flush from 
Mail runs better,  that how fell and see mail.log 

one thing, bevor all Spam Email wass delivered to Spam @ domain.ch mailbox, but 
now, this rule don’t have the right effect ☹

 

Thanks for possible update

 

Spamassassin - local.cf

#   Add *SPAM* to the Subject header of spam e-mails

rewrite_header Subject *SPAM*

 

all_spam_to s...@domain.ch  

 

--

 

cat /etc/postfix/main.cf | grep header_checks

smtp_header_checks = regexp:/etc/postfix/header_checks

 

--

 

root@nmail:/etc/postfix# cat header_checks

/^X-Spam-Status: Yes/ REDIRECT s...@domain.ch  

/^Received:/IGNORE

/^subject: *$/   REJECT  Please add subject to your mail.

/^X-Originating-IP:/IGNORE

/^X-Mailer:/IGNORE

/^Received: from .*127.0.0.1*/ IGNORE

 

--

 

master.cf

smtp  inet  n   -   -   -   1   postscreen

-o content_filter=/usr/local/bin/spamassassin

policyd-spf  unix  -   n   n   -   -   spawn

user=policyd-spf argv=/usr/bin/policyd-spf

smtpd pass  -   -   -   -   -   smtpd

dnsblog   unix  -   -   -   -   0   dnsblog

tlsproxy  unix  -   -   -   -   0   tlsproxy

submission inet n   -   n   -   -   smtpd

spam - Women Pictures an sharing Contact

2021-04-05 Thread Maurizio Caloro

Hello

how i can stronger filter or ban E-Mail from Spamers like Hotmail, Outlook,
or any other domains with a lot of women pictures.

I will receive every day 10-20 Email like this..

 

Yes spamassassin, SPF, MX Record, Dkim, Dmarc, tls1.2+1.3, the hole
reputation are still good but to meny spam or rubbish Email

will be transfer I think that I am on the right way with the application
Spamassassin, I also write to userspamassassin group, no

one have answer?? Please friendly ask, I need to know how I can define more
and stronger filtering bad email.

 

Spamassassin update to 3.4.5 

body LOCAL_OBFU_VIAGRA
/(?:\b[vu]|\B(?:\\\/|\xCE\xBD))[\W_]{0,3}(?:[il1:\|\*\xCC-\xCF\xEC-\xEF\xA6]
|\xC4[\xA8-\xB0]|\xC4\xBA|\xC4\xBC|\xC4\xBE|\xC5\x80|\xC5\x82|\xC7[\x8F-\x90
]|\xD0[\x86-\x87]|\xD1[\x96-\x97]|\xCE\x8A|\xCE\x90|\xCE\x99|\xCE\xAA|\xCE\x
AF|\xCE\xB9|\xCF\x8A)[\W_]{0,3}(?:[a4\*\@\xC0-\xC5\xAA\xE0-\xE5]|\/\\|\xC4[\
x80-\x85]|\xC7[\x8D-\x8E]|\xC7[\xBA-\xBB]|\xCE\x86|\xCE\x91|\xCE\x94|\xCE\x9
B|\xCE\xAC|\xCE\xB1|\xD0\x90|\xD0\xB0)[\W_]{0,3}(?:[g6]|\xC4[\x9C-\xA3]])[\W
_]{0,3}(?:[r\xAE]|\xC5[\x94-\x99]|\xD1\x93)[\W_]{0,3}(?:[a4]\b|(?:[\*\@\xC0-
\xC5\xAA\xE0-\xE5]|\/\\|\xC4[\x80-\x85]|\xC7[\x8D-\x8E]|\xC7[\xBA-\xBB]|\xCE
\x86|\xCE\x91|\xCE\x94|\xCE\x9B|\xCE\xAC|\xCE\xB1|\xD0\x90|\xD0\xB0)\B)/i

score LOCAL_OBFU_VIAGRA 1.8

describe LOCAL_OBFU_VIAGRA Obfuscated 'VIAGRA' in body

 

describe MANGLED_VIAGRA mangled viagra

body MANGLED_VIAGRA
/(?!viagra)v{1,3}(?:[_\W]{0,5}|[viagra])[iÌÍÎÏìíîï\|1l\!](?:[_\W]{0,5}|[viag
ra])[aÀÁÂÃÄÅàáâãäå4\@](?:[_\W]{0,5}|[viagra])g(?:[_\W]{0,5}|[viagra])r(?:[_\
W]{0,5}|[viagra])[aÀÁÂÃÄÅàáâãäå4\@]/i

scoreMANGLED_VIAGRA 2.5

 

postfix - 3.4.14

smtp  inet  n   -   -   -   1   postscreen
-o content_filter=spamassassin

 

postscreen_dnsbl_sites = zen.spamhaus.org*3



 

meny thanks for help

regards thanks

Mauri

opedmarc and opendkim

2021-03-31 Thread Maurizio Caloro

After integrate tls 1.2, 1.3 now hopefully the last point I will watch...

Please why i will recieve the following fail from Caloro.ch (that's me)

 

Mar 31 nmail opendkim[12519]: 7E66B40237: no signing table match for
'mauri...@caloro.ch'

Mar 31 nmail opendkim[12519]: 7E66B40237: no signature data

Mar 31 nmail opendmarc[1380]: 7E66B40237: SPF(mailfrom): mauri...@caloro.ch
  fail

Mar 31 nmail opendmarc[1380]: 7E66B40237: caloro.ch fail

 

All other domains will be "pass"

Mar 31 nmail opendkim[12519]: BCF4840237: mout-xforward.gmx.net
[82.165.159.12] not internal

Mar 31 nmail opendkim[12519]: BCF4840237: not authenticated

Mar 31 nmail opendkim[12519]: BCF4840237: DKIM verification successful

Mar 31 nmail opendkim[12519]: BCF4840237: s=selector1 d=hotmail.com SSL

Mar 31 nmail opendmarc[1380]: BCF4840237: SPF(mailfrom): mau...@gmx.ch
  pass

Mar 31 nmail opendmarc[1380]: BCF4840237: hotmail.com pass

 

# cat /etc/opendmarc.conf

AuthservID nmail.caloro.ch caloro.ch

PidFile /run/opendmarc/opendmarc.pid

RejectFailures false

Syslog true

SyslogFacility mail

TrustedAuthservIDs nmail.caloro.ch

UMask 0002

UserID opendmarc:postfix

Socket local:/var/spool/postfix/opendmarc/opendmarc.sock

SPFIgnoreResults true

SPFSelfValidate true

RequiredHeaders true

PublicSuffixList /usr/share/publicsuffix/

IgnoreHosts /etc/opendmarc/ignore.hosts

HistoryFile /var/spool/postfix/opendmarc/opendmarc.dat

SoftwareHeader true

 

 

Regards

Mauri

AW: AW: Postfix - ClamAvMilter refused

2021-03-30 Thread Maurizio Caloro



/var/spool/postfix/private/clamav
srw-rw-rw- 1 clamav:postfix 0 Mar 30 16:27 clamav-milter.ctl
srw-rw-rw- 1 clamav:clamav  0 Mar 30 16:27 clamav-milter.ctl
srw-rw-rw- 1 postfix:postfix0 Mar 30 16:27 clamav-milter.ctl

no version will run but exist here any possibilities?

Postfix:
unix:/var/spool/postfix/private/clamav/clamav-milter.ctl: No such file or 
directory

thanks

-Ursprüngliche Nachricht-
Von: Francesc Peñalvez  
Gesendet: Sonntag, 28. März 2021 12:25
An: mauri...@caloro.ch; postfix-users@postfix.org
Betreff: Re: AW: Postfix - ClamAvMilter refused

If you have deleted that line then you want to do it by sockets with 
which in the main.cf of postfix it should be as unix: 
/var/run/clamav/clamd.ctl

El 28/03/2021 a las 12:00, Maurizio Caloro escribió:
> Thanks for your fast answer!
> 
> Delete this line now - MilterSocket inet:127.0.0.1:7357
> 
> # systemctl restart clamav-milter
>   ● clamav-milter.service - LSB: ClamAV virus milter
>  Loaded: loaded (/etc/init.d/clamav-milter; generated)
>  Active: active (running) since Sun 2021-03-28 11:56:41 CEST; 2min 
> 29s ago
> 
> # netstat -ntlp | grep 7357
> 
> telnet> open localhost 7357
> telnet: Unable to connect to remote host: Connection refused
> 
> -Ursprüngliche Nachricht-
> Von: owner-postfix-us...@postfix.org  Im 
> Auftrag von Francesc Peñalvez
> Gesendet: Sonntag, 28. März 2021 11:34
> An: postfix-users@postfix.org
> Betreff: Re: Postfix - ClamAvMilter refused
> 
> At a first glance, I see that you have ClamdSocket configured 2 times,
> one per socket and one per tcp, delete the one you do not want to
> execute and restart, to check if it is listening on the correct port you
> can run netstat -tupan | grep 7357
> 
> El 28/03/2021 a las 11:26, Maurizio Caloro escribió:
>> hello
>>
>> i know that me question are send to Postfix-group, so i will ask you
>> frendly, hopefully meny people use the same setup.
>>
>> running with last Buster install clamav-milter 0.102.4 with Postfix
>> 3.4.14 but it seems that the port 7357 dont open.
>>
>> it will be refused, iam not shure why.
>>
>> -
>>
>> telnet> open localhost 7357
>>
>> telnet: Unable to connect to remote host: Connection refused
>>
>> -
>>
>> main.cf
>>
>> # Milter Sttings
>>
>> #
>>
>> #
>>
>> milter_default_action = accept
>>
>> milter_protocol = 6
>>
>> smtpd_milters = unix:opendkim/opendkim.sock
>> unix:opendmarc/opendmarc.sock inet:127.0.0.1:7357
>>
>> ## smtpd_milters = unix:opendkim/opendkim.sock
>> unix:opendmarc/opendmarc.sock unix:/var/run/postfix/clamav/clamav-milter.ctl
>>
>> non_smtpd_milters = $smtpd_milters
>>
>> -
>>
>> postfix/smtpd[17092]: warning: connect to Milter service
>> inet:127.0.0.1:7357: Connection refused
>>
>> -
>>
>> /etc/clamav# cat clamav-milter.conf
>>
>> #Automatically Generated by clamav-milter postinst
>>
>> #To reconfigure clamav-milter run #dpkg-reconfigure clamav-milter
>>
>> #Please read /usr/share/doc/clamav-base/README.Debian.gz for details
>>
>> MilterSocket unix:/var/run/postfix/clamav/clamav-milter.ctl
>>
>> MilterSocket inet:127.0.0.1:7357
>>
>> FixStaleSocket true
>>
>> User clamav
>>
>> ReadTimeout 120
>>
>> Foreground false
>>
>> PidFile /var/run/clamav/clamav-milter.pid
>>
>> ClamdSocket unix:/var/run/clamav/clamd.ctl
>>
>> ## ClamdSocket unix:/var/run/clamav/clamd.ctl
>>
>> ClamdSocket tcp:localhost:7357
>>
>> OnClean Accept
>>
>> OnInfected Quarantine
>>
>> OnFail Defer
>>
>> AddHeader Replace
>>
>> LogSyslog false
>>
>> LogFacility LOG_LOCAL6
>>
>> LogVerbose false
>>
>> LogInfected Off
>>
>> LogClean Off
>>
>> LogRotate true
>>
>> MaxFileSize 25M
>>
>> SupportMultipleRecipients false
>>
>> TemporaryDirectory /tmp
>>
>> LogFile /var/log/clamav/clamav-milter.log
>>
>> LogTime true
>>
>> LogFileUnlock false
>>
>> LogFileMaxSize 1M
>>
>> MilterSocketGroup postfix
>>
>> MilterSocketMode 666
>>
> 
>

AW: Postfix - ClamAvMilter refused

2021-03-28 Thread Maurizio Caloro

Thanks for your fast answer!

Delete this line now - MilterSocket inet:127.0.0.1:7357

# systemctl restart clamav-milter
● clamav-milter.service - LSB: ClamAV virus milter
   Loaded: loaded (/etc/init.d/clamav-milter; generated)
   Active: active (running) since Sun 2021-03-28 11:56:41 CEST; 2min 
29s ago

# netstat -ntlp | grep 7357

telnet> open localhost 7357
telnet: Unable to connect to remote host: Connection refused

-Ursprüngliche Nachricht-
Von: owner-postfix-us...@postfix.org  Im 
Auftrag von Francesc Peñalvez
Gesendet: Sonntag, 28. März 2021 11:34
An: postfix-users@postfix.org
Betreff: Re: Postfix - ClamAvMilter refused

At a first glance, I see that you have ClamdSocket configured 2 times, 
one per socket and one per tcp, delete the one you do not want to 
execute and restart, to check if it is listening on the correct port you 
can run netstat -tupan | grep 7357

El 28/03/2021 a las 11:26, Maurizio Caloro escribió:
> hello
> 
> i know that me question are send to Postfix-group, so i will ask you 
> frendly, hopefully meny people use the same setup.
> 
> running with last Buster install clamav-milter 0.102.4 with Postfix 
> 3.4.14 but it seems that the port 7357 dont open.
> 
> it will be refused, iam not shure why.
> 
> -
> 
> telnet> open localhost 7357
> 
> telnet: Unable to connect to remote host: Connection refused
> 
> -
> 
> main.cf
> 
> # Milter Sttings
> 
> #
> 
> #
> 
> milter_default_action = accept
> 
> milter_protocol = 6
> 
> smtpd_milters = unix:opendkim/opendkim.sock 
> unix:opendmarc/opendmarc.sock inet:127.0.0.1:7357
> 
> ## smtpd_milters = unix:opendkim/opendkim.sock 
> unix:opendmarc/opendmarc.sock unix:/var/run/postfix/clamav/clamav-milter.ctl
> 
> non_smtpd_milters = $smtpd_milters
> 
> -
> 
> postfix/smtpd[17092]: warning: connect to Milter service 
> inet:127.0.0.1:7357: Connection refused
> 
> -
> 
> /etc/clamav# cat clamav-milter.conf
> 
> #Automatically Generated by clamav-milter postinst
> 
> #To reconfigure clamav-milter run #dpkg-reconfigure clamav-milter
> 
> #Please read /usr/share/doc/clamav-base/README.Debian.gz for details
> 
> MilterSocket unix:/var/run/postfix/clamav/clamav-milter.ctl
> 
> MilterSocket inet:127.0.0.1:7357
> 
> FixStaleSocket true
> 
> User clamav
> 
> ReadTimeout 120
> 
> Foreground false
> 
> PidFile /var/run/clamav/clamav-milter.pid
> 
> ClamdSocket unix:/var/run/clamav/clamd.ctl
> 
> ## ClamdSocket unix:/var/run/clamav/clamd.ctl
> 
> ClamdSocket tcp:localhost:7357
> 
> OnClean Accept
> 
> OnInfected Quarantine
> 
> OnFail Defer
> 
> AddHeader Replace
> 
> LogSyslog false
> 
> LogFacility LOG_LOCAL6
> 
> LogVerbose false
> 
> LogInfected Off
> 
> LogClean Off
> 
> LogRotate true
> 
> MaxFileSize 25M
> 
> SupportMultipleRecipients false
> 
> TemporaryDirectory /tmp
> 
> LogFile /var/log/clamav/clamav-milter.log
> 
> LogTime true
> 
> LogFileUnlock false
> 
> LogFileMaxSize 1M
> 
> MilterSocketGroup postfix
> 
> MilterSocketMode 666
>

Postfix - ClamAvMilter refused

2021-03-28 Thread Maurizio Caloro

hello

i know that me question are send to Postfix-group, so i will ask you
frendly, hopefully meny people use the same setup.

running with last Buster install clamav-milter 0.102.4 with Postfix 3.4.14
but it seems that the port 7357 dont open. 

it will be refused, iam not shure why.

 

-

telnet> open localhost 7357

telnet: Unable to connect to remote host: Connection refused

 

-

main.cf

# Milter Sttings

#

#

milter_default_action = accept

milter_protocol = 6

smtpd_milters = unix:opendkim/opendkim.sock unix:opendmarc/opendmarc.sock
inet:127.0.0.1:7357

## smtpd_milters = unix:opendkim/opendkim.sock unix:opendmarc/opendmarc.sock
unix:/var/run/postfix/clamav/clamav-milter.ctl

non_smtpd_milters = $smtpd_milters

 

-

 

postfix/smtpd[17092]: warning: connect to Milter service
inet:127.0.0.1:7357: Connection refused

-

 

/etc/clamav# cat clamav-milter.conf

#Automatically Generated by clamav-milter postinst

#To reconfigure clamav-milter run #dpkg-reconfigure clamav-milter

#Please read /usr/share/doc/clamav-base/README.Debian.gz for details

MilterSocket unix:/var/run/postfix/clamav/clamav-milter.ctl

MilterSocket inet:127.0.0.1:7357

FixStaleSocket true

User clamav

ReadTimeout 120

Foreground false

PidFile /var/run/clamav/clamav-milter.pid

ClamdSocket unix:/var/run/clamav/clamd.ctl

## ClamdSocket unix:/var/run/clamav/clamd.ctl

ClamdSocket tcp:localhost:7357

OnClean Accept

OnInfected Quarantine

OnFail Defer

AddHeader Replace

LogSyslog false

LogFacility LOG_LOCAL6

LogVerbose false

LogInfected Off

LogClean Off

LogRotate true

MaxFileSize 25M

SupportMultipleRecipients false

TemporaryDirectory /tmp

LogFile /var/log/clamav/clamav-milter.log

LogTime true

LogFileUnlock false

LogFileMaxSize 1M

MilterSocketGroup postfix

MilterSocketMode 666

Question - TLS Implement with meny under domains

2020-10-29 Thread Maurizio Caloro

Hello

 

Please i need little understanding help about setup TLS Certification. i
plan to implement

this on me farm but here i'am not 100% shure about the concept. For example
here i'am run

with a simple DNS Entry "mail.compa...@abc.ch" that will be the postmaster
for meny

company, but on the background i have meny different little domain. 

 

let me short explain.

---> mail.server.ch - that's on front with a public IP
Address

  L--->> 200 people

And inside the Network running here meny other little domain's

   > Tom @ Domain1.ch

 L--->> 20 people

   > Joe @ Domain2.ch

 L--->> 40 people

   > Mon @ Domain3.ch

 L--->> 60 people

if i send now one email to tom @ Domain1.ch this will transfer any time over
"mail.server.ch" to reach

t...@domain1.ch  , also the same way will run now if
tom send one Email to Public Internet EmailAddress.

 

Please now to me question, implement TLS, it's here enough if the
"mail.server.ch" have a valid TLS Certificate?

So that all the E-mail from the different domains 1,2,3 are signed and
trusted!?

 

Thanks and Regards

Mauri

AW: AW: mta-sts service, running, but how do see this?

2020-10-02 Thread Maurizio Caloro

Wietse Venema:
> Maurizio Caloro:
>> > Oct  2 15:54:27 nmail postfix/smtp[30568]: warning: 
>> > smtp_tls_policy_maps, next-hop destination "gmail.com": invalid
attribute name: "servername"
>> 
>> Attribute name 'servername' requires Postfix 3.4 or later.
>>
>>'servername' is used for SNI. It ensures that the remote SMTP server 
>>will
send Postfix a TLS certificate for the recipient's domain.
>>Depending on the destination SNI may not be needed; if you send to
u...@gmail.com, then the default server certificate should work.
>>If you send to a customer domain hosted at Google, then SNI may be
necessary.
>>
>>  Wietse

>Ok, thanks now i see the servername mistake, my debian run with postfix,
mail_version = 3.1.15 And i'am using option " smtp_tls_security_level =
may", i was thinking to add now mta.sts but i >need now more read., to go
forrward... :-/

Please any update help possible?

AW: AW: mta-sts service, running, but how do see this?

2020-10-02 Thread Maurizio Caloro

Wietse Venema:
> Maurizio Caloro:
>> > Oct  2 15:54:27 nmail postfix/smtp[30568]: warning: 
>> > smtp_tls_policy_maps, next-hop destination "gmail.com": invalid
attribute name: "servername"
>> 
>> Attribute name 'servername' requires Postfix 3.4 or later.
>>
>>'servername' is used for SNI. It ensures that the remote SMTP server will
send Postfix a TLS certificate for the recipient's domain.
>>Depending on the destination SNI may not be needed; if you send to
u...@gmail.com, then the default server certificate should work.
>>If you send to a customer domain hosted at Google, then SNI may be
necessary.
>>
>>  Wietse

Ok, thanks now i see the servername mistake, my debian run with postfix,
mail_version = 3.1.15
And i'am using option " smtp_tls_security_level = may", i was thinking to
add now mta.sts but i
need now more read., to go forrward... :-/

AW: mta-sts service, running, but how do see this?

2020-10-02 Thread Maurizio Caloro



>systemctl restart postfix.service
>If everything is done correctly, then for STS connections in the
/var/log/mail.info log instead
>
>root@r:/var/log# cat mail.info | grep mta-sts root@r:/var/log#


If i try to send any Email to gmail domain, then gmail will support and
check mta-sts, will see log entry like:

Main.cf
smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8461:postfix

Mail.info
Oct  2 15:54:27 nmail postfix/qmgr[30484]: D67EF40568:
from=, size=2403, nrcpt=1 (queue active)
Oct  2 15:54:27 nmail postfix/smtp[30568]: warning: smtp_tls_policy_maps,
next-hop destination "gmail.com": invalid attribute name: "servername"
Oct  2 15:54:27 nmail postfix/smtp[30568]: warning: TLS policy lookup for
gmail.com/gmail-smtp-in.l.google.com: client TLS configuration problem
Oct  2 15:54:27 nmail postfix/smtp[30568]: warning: smtp_tls_policy_maps,
next-hop destination "gmail.com": invalid attribute name: "servername"
Oct  2 15:54:27 nmail postfix/smtp[30568]: warning: TLS policy lookup for
gmail.com/alt1.gmail-smtp-in.l.google.com: client TLS configuration problem
Oct  2 15:54:27 nmail postfix/smtp[30568]: warning: smtp_tls_policy_maps,
next-hop destination "gmail.com": invalid attribute name: "servername"
Oct  2 15:54:27 nmail postfix/smtp[30568]: warning: TLS policy lookup for
gmail.com/alt2.gmail-smtp-in.l.google.com: client TLS configuration problem
Oct  2 15:54:27 nmail postfix/smtp[30568]: warning: smtp_tls_policy_maps,
next-hop destination "gmail.com": invalid attribute name: "servername"
Oct  2 15:54:27 nmail postfix/smtp[30568]: warning: TLS policy lookup for
gmail.com/alt3.gmail-smtp-in.l.google.com: client TLS configuration problem
Oct  2 15:54:27 nmail postfix/smtp[30568]: warning: smtp_tls_policy_maps,
next-hop destination "gmail.com": invalid attribute name: "servername"
Oct  2 15:54:27 nmail postfix/smtp[30568]: warning: TLS policy lookup for
gmail.com/alt4.gmail-smtp-in.l.google.com: client TLS configuration problem
Oct  2 15:54:27 nmail postfix/smtp[30568]: D67EF40568:
to=, relay=none, delay=0.23, delays=0.22/0/0.01/0,
dsn=4.7.5, status=deferred (client TLS configuration problem)

Please which problem with TLS i have here???

AW: mta-sts service, running, but how do see this?

2020-10-02 Thread Maurizio Caloro

>> Installing the postfix-mta-sts service, and on my view this will running
>> now, but how i can check this, if this service are running up and
correct?

>Where does this postfix-mta-sts service logs its activities?
>   Wietse






systemctl restart postfix.service
If everything is done correctly, then for STS connections in the
/var/log/mail.info log instead

root@r:/var/log# cat mail.info | grep mta-sts
root@r:/var/log#

mta-sts service, running, but how do see this?

2020-10-02 Thread Maurizio Caloro

Hello together

Installing the postfix-mta-sts service, and on my view this will running
now,

but how i can check this, if this service are running up and correct?

 

after watching mail.log i dont see nothing more then else

 

Main.cf

smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8461:postfix

smtpd_tls_key_file   = /etc/letsencrypt/live/nmail.caloro.ch/privkey.pem

smtpd_tls_cert_file  = /etc/letsencrypt/live/nmail.caloro.ch/fullchain.pem

 

root@r:/lib/systemd/system# netstat -an | grep 8461

tcp0  0 127.0.0.1:8461  0.0.0.0:*   LISTEN

 

root@r :/# systemctl status postfix-mta-sts

  postfix-mta-sts.service - Postfix MTA STS daemon

   Loaded: loaded (/lib/systemd/system/postfix-mta-sts.service; enabled;
vendor preset: enabled)

   Active: active (running) since Fri 2020-10-02 11:10:34 CEST; 20min ago

Main PID: 26294 (mta-sts-daemon)

Tasks: 2 (limit: 4915)

   CGroup: /system.slice/postfix-mta-sts.service

   L-26294 /usr/bin/python3 /usr/local/bin/mta-sts-daemon --config
/etc/mta-sts-daemon.yml

 

Oct 02 11:10:34 nmail.caloro.ch mta-sts-daemon[26294]: 2020-10-02 11:10:34
INFO MAIN: MTA-STS daemon starting...

Oct 02 11:10:34 nmail.caloro.ch mta-sts-daemon[26294]: 2020-10-02 11:10:34
INFO MAIN: Starting eventloop...

Oct 02 11:10:34 nmail.caloro.ch mta-sts-daemon[26294]: 2020-10-02 11:10:34
INFO MAIN: uvloop is not available. Falling back to built-in event loop.

Oct 02 11:10:34 nmail.caloro.ch mta-sts-daemon[26294]: 2020-10-02 11:10:34
INFO MAIN: Eventloop started.

Oct 02 11:10:34 nmail.caloro.ch mta-sts-daemon[26294]: 2020-10-02 11:10:34
INFO MAIN: Server started.

Oct 02 11:10:34 nmail.caloro.ch mta-sts-daemon[26294]: 2020-10-02 11:10:34
INFO MAIN: Proactive policy fetcher started.

Oct 02 11:10:34 nmail.caloro.ch systemd[1]: Started Postfix MTA STS daemon.

Oct 02 11:10:35 nmail.caloro.ch mta-sts-daemon[26294]: 2020-10-02 11:10:35
INFO PF: Proactive policy fetching for all domains in cache started...

Oct 02 11:10:35 nmail.caloro.ch mta-sts-daemon[26294]: 2020-10-02 11:10:35
INFO PF: Proactive policy fetching for all domains in cache finished.

Oct 02 11:15:32 nmail.caloro.ch mta-sts-daemon[26294]: 2020-10-02 11:15:32
WARNING STS: Bad netstring message received

valid ipv4 hostaddr?

2020-06-18 Thread Maurizio Caloro

Hello

Please why appair on log this message?

 

Jun 18 23:16:38 mail postfix/trivial-rewrite[5022]: warning:
valid_ipv4_hostaddr: invalid character 110(decimal): dnsName

 

Port 110 are close, are running only with smtps and imaps.

Thanks for any update

Regards

Mauri

AW: TLS trouble - Cert Fail

2020-06-08 Thread maurizio



>It is a 'self-signed' certificate.
>
>If you believe that the certificate needs to be verifiable, you can pay a
commercial certificate provider, or you can use letsencrypt
>(https://letsencrypt.org) to sign a free certificate for you. There are
instructions for many mail servers including Postfix.
>
>   Wietse

Thanks for you fast answer!
But i ready the self signed can also by signed, and to trust!?!?

root@mail:/etc/ssl/1# openssl ca -in csr.caloro.csr -out crt.caloro.crt
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for /etc/ssl/1/CaKey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2 (0x2)
Validity
Not Before: Jun  8 21:41:50 2020 GMT
Not After : Jun  6 21:41:50 2030 GMT
Subject:
countryName   = CH
stateOrProvinceName   = Luzern
organizationName  = Caloro
organizationalUnitName= IT
commonName= nmail.caloro.ch
emailAddress  = mauri...@caloro.ch
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
53:7A:A8:44:48:1D:3D:17:21:02:D6:48:0E:8F:03:37:F3:D9:03:AA
X509v3 Authority Key Identifier:
 
keyid:DA:E7:04:AC:95:FC:59:C0:E5:3C:90:6A:EB:33:70:3E:18:0C:C4:86

Certificate is to be certified until Jun  6 21:41:50 2030 GMT (3650 days)
Sign the certificate? [y/n]:n
CERTIFICATE WILL NOT BE CERTIFIED

TLS trouble - Cert Fail

2020-06-08 Thread maurizio

Hello

I have little problem to bring my TLS with Postfix running, if check the
result on Checktls.com i have Cert Fail,

Here i have a lot of my configuration settings, need little help to finish
this integration.

 

Debian 9, Postfix Version = 3.1.14, Dovecot 2.2.27 (c0f36b0), OpenSSL 1.1.1g
21 Apr 2020

 

Certificate 1 of 2 in chain: Cert VALIDATION ERROR(S): self signed
certificate in certificate chain

So email is encrypted but the recipient domain is not verified

Cert Hostname VERIFIED (nmail.caloro.ch = nmail.caloro.ch)

Not Valid Before: Jun  8 19:09:45 2020 GMT

Not Valid After: Jun  8 19:09:45 2021 GMT

subject= /C=CH/ST=Luzern/O=Caloro/OU=IT/CN=nmail.caloro.ch

issuer= /C=CH/ST=Luzern/L=Meierskappel/O=Caloro/OU=IT/CN=nmail.caloro.ch

Certificate 2 of 2 in chain: Cert VALIDATION ERROR(S): self signed
certificate in certificate chain

So email is encrypted but the recipient domain is not verified

 

Main.CF

# SMTP from your server to others

smtp_tls_key_file = /etc/ssl/test/key.caloro.key

smtp_tls_cert_file = /etc/ssl/test/crt.caloro.crt

smtp_tls_CAfile = /etc/ssl/test/CaCert.pem

smtp_use_tls = no

smtp_tls_security_level = may

smtp_tls_note_starttls_offer = yes

smtp_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1

smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1

smtp_tls_loglevel = 1

smtp_tls_session_cache_database =

btree:/var/lib/postfix/smtp_tls_session_cache

smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,

DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256,

RSA+AES, RC4, eNULL

 

# SMTP from other servers to yours

smtpd_tls_key_file = /etc/ssl/test/key.caloro.key

smtpd_tls_cert_file = /etc/ssl/test/crt.caloro.crt

smtpd_tls_CAfile = /etc/ssl/test/CaCert.pem

smtp_use_tls = no

smtpd_tls_security_level = may

smtpd_tls_auth_only = yes

smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1

smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1

smtpd_tls_loglevel = 1

smtpd_tls_session_cache_database =

btree:/var/lib/postfix/smtpd_tls_session_cache

smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,

DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256,

RSA+AES, RC4, eNULL

# TLS configuration ends here

 

Dovecot.conf

ssl_cert =

hostname net6-ip74.linkbg.com does not resolve

2020-05-28 Thread maurizio

Hello

Iam not shure if this are normal? In my postfix log this message appair now
2 days.

*   Debian 9 - postfix = 3.1.14

 

May 29 00:59:22 mail postfix/smtpd[12989]: warning: hostname
net6-ip74.linkbg.com does not resolve to address 87.246.7.74: Name or
service not known

May 29 00:59:43 mail postfix/smtpd[12781]: warning: hostname
net6-ip70.linkbg.com does not resolve to address 87.246.7.70: Name or
service not known

May 29 00:59:44 mail postfix/smtpd[12989]: warning: hostname
net6-ip66.linkbg.com does not resolve to address 87.246.7.66: Name or
service not known

May 29 01:00:07 mail postfix/smtpd[12989]: warning: hostname
net6-ip74.linkbg.com does not resolve to address 87.246.7.74: Name or
service not known

May 29 01:00:30 mail postfix/smtpd[12781]: warning: hostname
net6-ip70.linkbg.com does not resolve to address 87.246.7.70: Name or
service not known

May 29 01:00:30 mail postfix/smtpd[12926]: warning: hostname
net6-ip66.linkbg.com does not resolve to address 87.246.7.66: Name or
service not known

 

rootl:/var/log# nslookup 87.246.7.74

Server: 46.38.225.230

Address:46.38.225.230#53

 

Non-authoritative answer:

74.7.246.87.in-addr.arpacanonical name =
74.0-255.7.246.87.in-addr.arpa.

74.0-255.7.246.87.in-addr.arpa  name = net6-ip74.linkbg.com.

 

Authoritative answers can be found from:

0-255.7.246.87.in-addr.arpa nameserver = sns.linkbg.com.

0-255.7.246.87.in-addr.arpa nameserver = pns.linkbg.com.

pns.linkbg.com  internet address = 89.215.246.2

sns.linkbg.com  internet address = 89.215.246.3

 

Thanks for any possible Update

Mauri

AW: signing table match - add refile

2020-05-16 Thread maurizio

Hello

I found the issue from Dkim…. Nice 

But i didnt understood what it’s meaning opendmarc?? 

-domain.ch fail

 

May 16 23:30:57 mail opendkim[29931]: 8979F40528: DKIM-Signature field added 
(s=nmail, d=domain.ch)

May 16 23:30:57 mail opendmarc[29921]: 8979F40528: domain.ch fail

 

Please possible for any update… or how i can fix this ?

Regards

 

 

Von: mauri...@caloro.ch  
Gesendet: Samstag, 16. Mai 2020 22:24
An: 'postfix-users@postfix.org' 
Betreff: signing table match - add refile

 

Hello Today its a opendkim Day

i read from opendkim that i need to add the flag refile, for the message 

"no signing table match for" but no chance, i turn in a circle,

My Email arnt signatured. thanks for any update. DNS Server running

outside from me Server envierment.

 

-Debain 9

-OpenDKIM Filter v2.11.0

-OpenDMARC Filter v1.3.2

-Postfix 3.1.14

 

May 16 22:00:45 mail opendkim[16448]: E096640314:  no signing table match for 
'n...@domain.ch'

May 16 22:00:45 mail opendkim[16448]: E096640314:  no signature data

 

May 16 22:00:45 mail opendmarc[16440]: E096640314: SPF(mailfrom): 
n...@domain.ch   fail

May 16 22:00:45 mail opendmarc[16440]: E096640314: domain.ch fail

 

 

cat /etc/opendkim.conf

Syslog  yes

SyslogSuccess   yes

LogWhy  yes

 

UMask   002

Domain  domain.ch

#KeyFile/etc/dkimkeys/dkim.key

Selectornmail

 

Canonicalizationrelaxed/simple

 

Modesv

#SubDomains no

 

Socket  local:/var/spool/postfix/opendkim/opendkim.sock

PidFile /var/spool/postfix/opendkim/opendkim.pid

 

SignatureAlgorithm  rsa-sha256

 

AutoRestart yes

AutoRestartRate 10/1h

OversignHeaders From

 

#ResolverConfiguration  /etc/unbound/unbound.conf

TrustAnchorFile   /usr/share/dns/root.key

 

UserID  opendkim:opendkim

 

KeyTablerefile:/etc/opendkim/KeyTable

SigningTable  refile:/etc/opendkim/SigningTable

ExternalIgnoreList   refile:/etc/opendkim/TrustedHosts

InternalHosts   refile:/etc/opendkim/TrustedHosts

 

cat /etc/opendkim/KeyTable

nmail._domainkey.domain.ch 
domain.ch:mail/etc/opendkim/keys/caloro.ch/nmail.private

 

cat /etc/opendkim/SigningTable

@domain.ch nmail._domainkey.domain.ch

 

thanks

signing table match - add refile

2020-05-16 Thread maurizio

Hello Today its a opendkim Day

i read from opendkim that i need to add the flag refile, for the message 

"no signing table match for" but no chance, i turn in a circle,

My Email arnt signatured. thanks for any update. DNS Server running

outside from me Server envierment.

 

-Debain 9

-OpenDKIM Filter v2.11.0

-OpenDMARC Filter v1.3.2

-Postfix 3.1.14

 

May 16 22:00:45 mail opendkim[16448]: E096640314:  no signing table match
for 'n...@domain.ch'

May 16 22:00:45 mail opendkim[16448]: E096640314:  no signature data

 

May 16 22:00:45 mail opendmarc[16440]: E096640314: SPF(mailfrom):
n...@domain.ch fail

May 16 22:00:45 mail opendmarc[16440]: E096640314: domain.ch fail

 

 

cat /etc/opendkim.conf

Syslog  yes

SyslogSuccess   yes

LogWhy  yes

 

UMask   002

Domain  domain.ch

#KeyFile/etc/dkimkeys/dkim.key

Selectornmail

 

Canonicalizationrelaxed/simple

 

Modesv

#SubDomains no

 

Socket  local:/var/spool/postfix/opendkim/opendkim.sock

PidFile /var/spool/postfix/opendkim/opendkim.pid

 

SignatureAlgorithm  rsa-sha256

 

AutoRestart yes

AutoRestartRate 10/1h

OversignHeaders From

 

#ResolverConfiguration  /etc/unbound/unbound.conf

TrustAnchorFile   /usr/share/dns/root.key

 

UserID  opendkim:opendkim

 

KeyTablerefile:/etc/opendkim/KeyTable

SigningTable  refile:/etc/opendkim/SigningTable

ExternalIgnoreList   refile:/etc/opendkim/TrustedHosts

InternalHosts   refile:/etc/opendkim/TrustedHosts

 

cat /etc/opendkim/KeyTable

nmail._domainkey.domain.ch
domain.ch:mail/etc/opendkim/keys/caloro.ch/nmail.private

 

cat /etc/opendkim/SigningTable

@domain.ch nmail._domainkey.domain.ch

 

thanks

AW: Permission failed opendkim.sock

2020-05-16 Thread maurizio

Thanks for fast Answer, yes Service postfix, opendkim, opendmarc restarted.

 

*   May 16 12:09:51 mail postfix/smtpd[25681]: warning: connect to Milter 
service unix:/var/spool/postfix/opendkim/opendkim.sock: No such file or 
directory
*   May 16 12:09:51 mail postfix/smtpd[25681]: warning: connect to Milter 
service unix:opendmarc/opendmarc.sock: Permission denied

 

cat /lib/systemd/system/opendkim.service | grep begin [Sevice]

>>[Service]

>>Type=forking

>>PIDFile=/var/spool/postfix/opendkim/opendkim.pid

>>UMask=0007

>>User=

>>Group=postfix

 

cat /lib/systemd/system/opendmarc.service | grep begin [Sevice]

>>[Service]

>>Type=forking

>>PIDFile=/var/run/opendmarc/opendmarc.pid

>>User=

>>Group=postfix

>>ExecStart=/usr/sbin/opendmarc

>>Restart=on-failure

>>ExecReload=/bin/kill -USR1 $MAINPID

 

 

 

---

Von: owner-postfix-us...@postfix.org  Im 
Auftrag von Francesc Peñalvez
Gesendet: Samstag, 16. Mai 2020 11:56
An: postfix-users@postfix.org
Betreff: Re: Permission failed opendkim.sock

 

in the /lib/systemd/system/opendmarc.service file add Group = postfix under 
User =
that will correctly create the sock with correct permissions

El 16/05/2020 a las 11:35, mauri...@caloro.ch   
escribió:

Hello

Here i’am running with Debian Stretch and i have a littel undestanding 
mismatch, please help

 

Postfix write to me 

*   mail postfix/smtpd[4904]: warning: connect to Milter service 
unix:/var/spool/postfix/opendkim/opendkim.sock: No such file or directory
*   mail postfix/smtpd[4904]: warning  connect to Milter service 
unix:opendmarc/opendmarc.sock: Permission denied

 

But i think that i have given the right access – 

drwxr-xr-x  2 opendkim  postfix4096 May 16 11:23 opendkim

*   -rw-rw  1 root root   5 May 16 11:23 opendkim.pid
*   srwxrwx---  1 opendkim postfix0 May 16 11:23 opendkim.sock
*   root@mail:/var/spool/postfix/opendkim#

 

main.cf

*   smtpd_milters = 
unix:/var/spool/postfix/opendkim/opendkim.sock,unix:opendmarc/opendmarc.sock

 

opendkim.conf

*   UserIDopendkim:postfix

 

Thans

Mauri

Permission failed opendkim.sock

2020-05-16 Thread maurizio

Hello

Here i'am running with Debian Stretch and i have a littel undestanding
mismatch, please help

 

Postfix write to me 

*   mail postfix/smtpd[4904]: warning: connect to Milter service
unix:/var/spool/postfix/opendkim/opendkim.sock: No such file or directory
*   mail postfix/smtpd[4904]: warning  connect to Milter service
unix:opendmarc/opendmarc.sock: Permission denied

 

But i think that i have given the right access - 

drwxr-xr-x  2 opendkim  postfix4096 May 16 11:23 opendkim

*   -rw-rw  1 root root   5 May 16 11:23 opendkim.pid
*   srwxrwx---  1 opendkim postfix0 May 16 11:23 opendkim.sock
*   root@mail:/var/spool/postfix/opendkim#

 

main.cf

*   smtpd_milters =
unix:/var/spool/postfix/opendkim/opendkim.sock,unix:opendmarc/opendmarc.sock

 

opendkim.conf

*   UserIDopendkim:postfix

 

Thans

Mauri

unreasonable packet length

2020-03-06 Thread maurizio

Hello

have running a little postix 2.11.3 with Dovecot and ClamAv-Milter

the integration with Clammilter running over TCP, but receive the following
Warning messages.

 

Mar  6 13:38:53 mail postfix/smtpd[2091]: warning: milter
inet:[127.0.0.1]:3310: unreasonable packet length: 1431194446 > 1073741823

Mar  6 13:38:53 mail postfix/smtpd[2091]: warning: milter
inet:[127.0.0.1]:3310: read error in initial handshake

 

Discussing / Writing with ClanAV are this a possible issue on Postfix,
please any know this problem if sending any Email.

 

Main.cf

# Milter Sttings

milter_clamav = inet:[127.0.0.1]:3310

milter_default_action = accept

milter_mail_macros = "i {mail_addr} {client_addr} {client_name}
{auth_authen}"

milter_opendkim = inet:[127.0.0.1]:8891

milter_opendmarc = inet:[127.0.0.1]:8893

milter_protocol = 6

non_smtpd_milters = $milter_opendkim

smtpd_milters = $milter_clamav,$milter_opendkim,$milter_opendmarc

 

 

 

 

for me little strange that exactly this two lines "error messages" will be
appair in following file: milter8.c

 

[Snip]

 * Receive the packet length.

msg_warn("milter %s: unreasonable packet length: %ld > %ld",

   milter->m.name, (long) pkt_len, (long)
XXX_MAX_DATA);

 

msg_warn("milter %s: read error in initial handshake",
milter->m.name);

/* milter8_read_resp() called milter8_comm_error() */

[Snip]

 

please friendly asking if here any one know this problem, and how i can
troubleshooting this error.

Thanks

Mauri

spf dkim authentication-failure

2018-09-23 Thread Maurizio Caloro

Hello

 

Since last week i become everytime this messages if send any Email, i don't
find me mistake

Please can you give me the right search way that i need to view.. Or what
are here me trouble.

 

opendkim[714]: 8D328402FC: DKIM-Signature field added (s=mail, d=caloro.ch)

 

 

>This is a spf/dkim authentication-failure report for an email message
received from IP 149.20.1.60 on Mon, 24 Sep 2018 11:41:36 +0800.

>Below is some detail information about this message:

>1. SPF-authenticated Identifiers: none;  2. DKIM-authenticated Identifiers:
none;  3. DMARC Mechanism Check Result: Identifier non-aligned, DMARC
mechanism >check failures;

 

Thanks

M

AW: Trouble Postfix ClamSMTP - Help

2018-07-09 Thread maurizio

 

>>>If you didn't already see it, the answers here might help: 

>>>https://serverfault.com/questions/798587/debian-8-cant-get-clamav-to-listen-on-tcp-
>>> 3310 
>>>
>>> . Answer 2 references the same error message.

 

>Yes i have already check this, but without Success, and the error message are 
>other that I mentioned. 

>And this message are now 1 Year, 10 Months old.

 

Now its running like a charm!

 

apt-get remove clamav |  dpkg --purge

apt-get remove clamav-base |  dpkg --purge

apt-get remove clamav-daemon |   dpkg --purge

apt-get remove clamav-freshclam |dpkg --purge

apt-get remove libclamav7 |  dpkg --purge

 

apt-get install clamav clamav-base clamav-daemon clamav-freshclam libclamav7

 

I think the option Purge was magic 

 

Confiugre, Finish, Thanks and sorry for out of topic discussion!!

AW: Trouble Postfix ClamSMTP - Help

2018-07-09 Thread maurizio

>>If you didn't already see it, the answers here might help: 

>>https://serverfault.com/questions/798587/debian-8-cant-get-clamav-to-listen-on-tcp-
>> 3310 
>>
>> . Answer 2 references the same error message.

 

Yes i have already check this, but without Success, and the error message are 
other that I mentioned.

And this message are now 1 Year, 10 Months old.

Trouble Postfix ClamSMTP - Help

2018-07-09 Thread maurizio

Hello

 

Please now i troubleshooting 2 days about my problem with ClamSmtp

and "Postfix" after write ClamAV_Mailinglist the people there are not

helping and im standing still. The possible help solutions are outdated.

 

- Debian   - 8.11, 3.16.56-1+deb8u1

- ClamAV   - 0.100.0+dfsg-0+deb8u1

- ClamSmtp - 1.10-13

- Postfix  - 2.11.3-1+deb8u2

 

So please i know that here are in Postfix Group, kindly will asking if 

other member use this combination with Postfix and Clamsmtp.

 

Sun Jul  8 22:42:25 2018 -> +++ Started at Sun Jul  8 22:42:25 2018

Sun Jul  8 22:42:25 2018 -> Received 3 file descriptor(s) from systemd.

Sun Jul  8 22:42:25 2018 -> clamd daemon 0.100.0 (OS: linux-gnu, ARCH:

x86_64, CPU: x86_64)

Sun Jul  8 22:42:25 2018 -> Running as user clamav (UID 117, GID 123)

Sun Jul  8 22:42:25 2018 -> Log file size limited to 4294967295 bytes.

Sun Jul  8 22:42:25 2018 -> Reading databases from /var/lib/clamav

Sun Jul  8 22:42:25 2018 -> Not loading PUA signatures.

Sun Jul  8 22:42:25 2018 -> Bytecode: Security mode set to "TrustSigned".

Sun Jul  8 22:42:38 2018 -> Loaded 6567119 signatures.

-->>>  Sun Jul  8 22:42:40 2018 -> ERROR: TCP: Received more than two file
descriptors from systemd.

 

clamsmtp are integrated to master.cf and main.cf  "content_filter =
scan:[127.0.0.1]:10025"

if you send any Mail this error will appair in Claim.log file.

 

-->>>  Sun Jul  8 22:42:40 2018 -> ERROR: TCP: Received more than two file
descriptors from systemd.

 

and the Mail never will be delivered

the ports from ClamAV are all open and ready to Answer.

 

 

cat /etc/clamsmtpd.conf


--

#SAMPLE CLAMSMTPD CONFIG FILE

#

--

OutAddress: 10026

Listen: 127.0.0.1:10025

ClamAddress: /run/clamav/clamd.ctl

Header: X-AV-Checked: ClamAV using ClamSMTP

TempDirectory: /var/spool/clamsmtp

PidFile: /run/clamsmtp/clamsmtpd.pid

User: clamav

 

 

cat /etc/postfix/main.cf

content_filter = scan:[127.0.0.1]:10025

receive_override_options = no_address_mappings

 

cat /etc/postfix/master.cf

# ClamSmtp filter (used by content_filter)

scan unix-   -   n   -   16  smtp

-o smtp_send_xforward_command=yes

# -o smtp_data_done_timeout=1200

   # -o disable_dns_lookups=yes

127.0.0.1:10026  inetn   -   n   -   16  smtpd

-o content_filter=

-o local_recipient_maps=

-o relay_recipient_maps=

-o smtpd_restriction_classes=

-o smtpd_client_restrictions=

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks_style=host

-o smtpd_authorized_xforward_hosts=127.0.0.0/8

possiblities to release a mail

2018-05-31 Thread Maurizio Caloro

Hello Together

 

I ask me if are possible to view on console with postfix command witch
mail's are holding back, Status mailtraffic, and so on not mail.log about
different reasons - blacklisted, spam, or score - and to release this mail
for resend a blacklisted mail.

In the meantime I do this steps with ASSP but I see postfix are so stable I
don't think that no possibilities will exist. And I don't will play with 2
or 3 tools if this possibilities with Postfix exist.

 

Please kindly let my view and understand the aspect from us thanx for
discuss this possible aspect.

Regards

Mauri

dkim appair twice

2018-05-09 Thread Maurizio Caloro

Hello

Please i dont understand why me dkim result will appair twice ?

 

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=caloro.ch; s=mail;

t=1525915627; bh=o/rYrKxw/+ndhuZDfXCm7/KqiRRQm1XdBuvSJRaf+S8=;

h=From:To:Subject:Date:From;

b=d/KxFnMoTyVW9Qm4r3UEGM8E7Bmy/74vsa5Y9m/93Vt6yjMWsqVIWB+6TBrOntSLa

2LZmu4/1N+vD1OY6ir6Vnd93kxFkMajrOfInkBoi3YWqsxrw7rnjWrF/6CDhEnnc3Z

B9M9LEVf3cuVTx7cGuw7JnABlC6Rc2MtrSf2ccYA=

From: <***@caloro.ch  >

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=caloro.ch; s=mail;

t=1525915627; bh=o/rYrKxw/+ndhuZDfXCm7/KqiRRQm1XdBuvSJRaf+S8=;

h=From:To:Subject:Date:From;

b=d/KxFnMoTyVW9Qm4r3UEGM8E7Bmy/74vsa5Y9m/93Vt6yjMWsqVIWB+6TBrOntSLa

2LZmu4/1N+vD1OY6ir6Vnd93kxFkMajrOfInkBoi3YWqsxrw7rnjWrF/6CDhEnnc3Z

B9M9LEVf3cuVTx7cGuw7JnABlC6Rc2MtrSf2ccYA=

NOQUEUE: reject: RCPT from

2018-03-12 Thread maurizio

I have only changed the DNSBL now it will come back with "NOQUEUE: reject
RCPT"

 

Mar 12 14:49:53 mail postfix/smtpd[5425]: disconnect from
localhost[127.0.0.1]

Mar 12 14:49:54 mail postfix/smtp[5428]: 759654071A:
to=<*@stamper.itconsult.co.uk>, relay=et05.itconsult.net[135]:25, delay=1.1,
delays=0.1/0/0.68/0.27, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
082FC1AD104)

Mar 12 14:49:54 mail postfix/qmgr[5408]: 759654071A: removed

Mar 12 14:49:55 mail postfix/postscreen[5446]: CONNECT from [IP]:4458 to
[IP]:25

Mar 12 14:49:55 mail postfix/dnsblog[5451]: addr IP listed by domain
list.dnswl.org as 127.0.10.0

Mar 12 14:49:55 mail postfix/smtps/smtpd[5411]: disconnect from
mail.Name.com[IP]

Mar 12 14:50:02 mail postfix/postscreen[5446]: NOQUEUE: reject: RCPT from
[IP]:4458: 450 4.3.2 Service currently unavailable; from=<>,
to=, proto=ESMTP, helo=

Mar 12 14:50:02 mail postfix/postscreen[5446]: PASS NEW [IP]:4458

Mar 12 14:50:02 mail postfix/postscreen[5446]: DISCONNECT [IP]:4458

 

[Main.cf - Section Postscreen snip]

# SPAM parameters

postscreen_access_list = permit_mynetworks, hash:/etc/postfix/access

postscreen_bare_newline_enable = yes

postscreen_bare_newline_action = drop

postscreen_pipelining_enable = yes

postscreen_pipelining_action = drop

postscreen_dnsbl_action = drop

postscreen_dnsbl_sites =

   zen.spamhaus.org*3

   bl.mailspike.net*2

   b.barracudacentral.org*2

   bl.spameatingmonkey.net

   bl.spamcop.net

   psbl.surriel.com

   swl.spamhaus.org*-4

   list.dnswl.org=127.0.[2..15].0*-2

   list.dnswl.org=127.0.[2..15].1*-3

   list.dnswl.org=127.0.[2..15].[2..3]*-4

   wl.mailspike.net=127.0.0.[17;18]*-1

   wl.mailspike.net=127.0.0.[19;20]*-2

postscreen_dnsbl_threshold = 3

postscreen_dnsbl_whitelist_threshold = 0

postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply

postscreen_greet_action = drop

postscreen_non_smtp_command_enable = yes

 

best thanks

Mauri

Postscreen blacklist - Service currently unavailable

2018-03-07 Thread Maurizio Caloro

Hello Together

i will download the Banned Blacklist IP from Internet and add to me Postfix
with Postscreen

after i check the config from Postscreen i have the following
configurations.

 

strange thing are i will become this message von Mail.log

Equal from where i send the email to my domain this error will be appair

- 450 4.3.2 Service currently unavailable

 

Postmap /etc/postfix/access

 

[Main.cf]

postscreen_blacklist_action = drop

postscreen_access_list = permit_mynetworks, hash:/etc/postfix/access

postscreen_bare_newline_enable = yes

postscreen_dnsbl_action = enforce

postscreen_dnsbl_sites =

   zen.spamhaus.org*3

   bl.mailspike.net*3

   b.barracudacentral.org*2

   bl.spameatingmonkey.net

   bl.spamcop.net

   spamtrap.trblspam.com

   ## dnsbl.sorbs.net=127.0.0.[2;3;6;7;10]

   ix.dnsbl.manitu.net

   bl.blocklist.de

   list.dnswl.org=127.0.[0..255].0*-1

   list.dnswl.org=127.0.[0..255].1*-2

   list.dnswl.org=127.0.[0..255].[2..3]*-3

   list.dnswl.org=127.0.[0..255].3*-8

   zen.spamhaus.org=127.0.0.9*25

   zen.spamhaus.org=127.0.0.3*10

   zen.spamhaus.org=127.0.0.2*5

   zen.spamhaus.org=127.0.0.[4..7]*3

   zen.spamhaus.org=127.0.0.[10..11]*3

   swl.spamhaus.org*-10

   iadb.isipp.com=127.0.[0..255].[0..255]*-2

   iadb.isipp.com=127.3.100.[6..200]*-2

   bl.mailspike.net=127.0.0.2*10

   bl.mailspike.net=127.0.0.10*5

   bl.mailspike.net=127.0.0.11*4

   bl.mailspike.net=127.0.0.12*3

   bl.mailspike.net=127.0.0.13*2

   bl.mailspike.net=127.0.0.14*1

   wl.mailspike.net=127.0.0.16*-2

   wl.mailspike.net=127.0.0.17*-4

   wl.mailspike.net=127.0.0.18*-6

   wl.mailspike.net=127.0.0.19*-8

   wl.mailspike.net=127.0.0.20*-10

   backscatter.spameatingmonkey.net*2

   bl.ipv6.spameatingmonkey.net*2

   bl.spameatingmonkey.net*2

   ix.dnsbl.manitu.net*2

   bl.spamcop.net*2

   db.wpbl.info*2

   psbl.surriel.com*2

   torexit.dan.me.uk*2

 

[Master.cf]

#smtp  inet  n   -   n   -   -   smtpd

-o content_filter=spamassassin

smtp  inet  n   -   -   -   1   postscreen

-o content_filter=spamassassin

smtpd pass  -   -   -   -   -   smtpd

dnsblog   unix  -   -   -   -   0   dnsblog

tlsproxy  unix  -   -   -   -   0   tlsproxy

submission inet n   -   -   -   -   smtpd

  -o content_filter=spamassassin



 

[Mail.log]

Mar  4 21:59:40 Dovecot/imap(mca@domain): Info: Disconnected: Logged out
in=1443 out=219620

Mar  4 22:00:13 mail postfix/postscreen[1050]: CONNECT from [IP]:45143 to
[IP]:25

Mar  4 22:00:13 mail postfix/dnsblog[1060]: addr [IP] listed by domain
list.dnswl.org as 127.0.3.0

Mar  4 22:00:13 mail postfix/dnsblog[1076]: addr IP listed by domain
spamtrap.trblspam.com as 185.53.179.6

Mar  4 22:00:13 mail postfix/dnsblog[1077]: addr IP listed by domain
wl.mailspike.net as 127.0.0.20

Mar  4 22:00:19 mail postfix/tlsproxy[1061]: CONNECT from [IP]:45143

Mar  4 22:00:19 mail postfix/tlsproxy[1061]: Anonymous TLS connection
established from [IP]:45143: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384
(256/256 bits)

Mar  4 22:00:19 mail postfix/postscreen[1050]: NOQUEUE: reject: RCPT from
[40.92.69.70]:45143: 450 4.3.2 Service currently unavailable; from=, to:, proto=ESMTP,
helo=

Mar  4 22:00:19 mail postfix/tlsproxy[1061]: DISCONNECT [IP]:45143

Mar  4 22:00:19 mail postfix/postscreen[1050]: HANGUP after 0.16 from
[IP]:45143 in tests after SMTP handshake Mar  4 22:00:19

mail postfix/postscreen[1050]: PASS NEW [IP]:45143 Mar  4 22:00:19 mail
postfix/postscreen[1050]: DISCONNECT [IP]:45143

 

Postfix Version mail_version = 2.11.3

Test E-Mail

2018-03-05 Thread Maurizio Caloro

I think this email will never arivve

 

I have send in the past so meny Question but no are displayed.

 

Possible i'am banned?

AW: Reject but styl connection established

2018-03-05 Thread Maurizio Caloro

Thanks for your fast answer, and sorry for my late reply Ok after reading
and configure me mailserver with postscreen i have the following situation
when i send any mail.

[Main.cf]
postscreen_blacklist_action = drop
postscreen_access_list = permit_mynetworks, hash:/etc/postfix/access

[Master.cf]
## smtp  inet  n   -   n   -   -   smtpd
-o content_filter=spamassassin
smtp  inet  n   -   -   -   1   postscreen
-o content_filter=spamassassin
smtpd pass  -   -   -   -   -   smtpd
dnsblog   unix  -   -   -   -   0   dnsblog
tlsproxy  unix  -   -   -   -   0   tlsproxy
submission inet n   -   -   -   -   smtpd
  -o content_filter=spamassassin


"450 4.3.2 Service currently unavailable" ??

[Mail.log]
Mar  4 21:59:40 Dovecot/imap(mca@domain): Info: Disconnected: Logged out
in=1443 out=219620 Mar  4 22:00:13 mail postfix/postscreen[1050]: CONNECT
from [IP]:45143 to [IP]:25
Mar  4 22:00:13 mail postfix/dnsblog[1060]: addr [IP] listed by domain
list.dnswl.org as 127.0.3.0 Mar  4 22:00:13 mail postfix/dnsblog[1076]: addr
IP listed by domain spamtrap.trblspam.com as 185.53.179.6 Mar  4 22:00:13
mail postfix/dnsblog[1077]: addr IP listed by domain wl.mailspike.net as
127.0.0.20
Mar  4 22:00:19 mail postfix/tlsproxy[1061]: CONNECT from [IP]:45143 Mar  4
22:00:19 mail postfix/tlsproxy[1061]: Anonymous TLS connection established
from [IP]:45143: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
Mar  4 22:00:19 mail postfix/postscreen[1050]: NOQUEUE: reject: RCPT from
[40.92.69.70]:45143: 450 4.3.2 Service currently unavailable; from=, to:, proto=ESMTP,
helo=
Mar  4 22:00:19 mail postfix/tlsproxy[1061]: DISCONNECT [IP]:45143 Mar  4
22:00:19 mail postfix/postscreen[1050]: HANGUP after 0.16 from [IP]:45143 in
tests after SMTP handshake 
Mar  4 22:00:19 mail postfix/postscreen[1050]: PASS NEW [IP]:45143
Mar  4 22:00:19 mail postfix/postscreen[1050]: DISCONNECT [IP]:45143

Equal from where i send the email to my domain this error will be appair.

--

> On Mar 1, 2018, at 12:42 AM, Maurizio Caloro <m@c> wrote:
> 
> I have have create any acceslist to deny, but if  check me situation 
> this will conntecd successfuly to me maschine

Postfix access lists control email delivery not connection establishment.
To control connection establishment use a firewall.  You can also prevent
unwanted clients from reaching the smtpd(8) service via postscreen(8)
blacklists.

-- 
Viktor.

WG: Reject but styl connection established

2018-02-28 Thread Maurizio Caloro

Hello

I have have create any acceslist to deny, but if  check me situation this
will conntecd successfuly to me maschine

But i think this way need to negotiat, but styl not working correct, thanks
for any help !

 

Regard

Mauri

 

Postfix 2.11.3

 

# cat /etc/postfix/access | grep 103.233.193.106

103.233.193.106REJECT

103.233.193.106 REJECT

181.49.176.106 REJECT

103.233.193.106 REJECT

 

 

# cat mail.log

Mar  1 00:18:08 mail postfix/smtpd [2178]: connect from
server1.hostict.com[103.233.193.106]

Anonymous TLS connection established from
smtp.elcolombiano.com.co[181.49.176.106]

Anonymous TLS connection established from
server1.hostict.com[103.233.193.106]

Anonymous TLS connection established from
34725.simplecloud.ru[85.143.218.134]

 

[main.cf]

smtpd_sender_restrictions = permit_mynetworks,

## reject_sender_login_mismatch,

check_client_access hash:/etc/postfix/access,

check_sender_access hash:/etc/postfix/access,

  

smtpd_recipient_restrictions = permit_mynetworks,

check_client_access hash:/etc/postfix/access,

check_recipient_access hash:/etc/postfix/access,

..

mail.log - verify_cache.db: No such file or directory

2018-02-05 Thread Maurizio Caloro

Hello 

Last week I had problems with my mail server but now everything 
has settled again. I have in my logs now the following error 
message that I do not understand. As I've seen, this has 
already been discussed a few times. 

Please, how do I tackle this or how can I solve this!? 


[Mail.log] 
Feb  5 14:26:13 mail postfix/verify[17058]: close database 
/var/lib/postfix/verify_cache.db: No such file or directory (possible
Berkeley DB bug) 


Postfix Version - mail_version = 2.11.3 

-rw-r--r--  1 postfix postfix 8192 Feb  5 14:24
/var/lib/postfix/verify_cache.db 

The file still exist, but my Mail.log seems that this arnt here.

Regards 
Mauri

Server will send spam

2018-01-29 Thread Maurizio Caloro

hello

 

Since today me Email Server will be send a lot of rubish, and i dont know
why

please can any one give me here any little Help!

 

I have a lot of "Mail Delivery System " error

and i dont see from where this mails will come and why me Server this email 

will be send!

 

me Server will be run now over 1 Year without any problems, today bang

this nightmare has began.

 

 

---

 

Email Header:

Received: from nmail.caloro.ch ([127.0.0.1])

by mail.caloro.ch.quicksrv.de (Dovecot) with LMTP id
jVs7JJF/b1o9MQAA6bXCFw

for ; Mon, 29 Jan 2018 21:09:53 +0100

Received: by nmail.caloro.ch (Postfix)

id 920EB40932; Mon, 29 Jan 2018 21:09:53 +0100 (CET)

From: "Mail Delivery System" 

To: 

Subject: Undelivered Mail Returned to Sender

Date: Mon, 29 Jan 2018 21:09:53 +0100

Message-ID: <20180129200953.920eb40...@nmail.caloro.ch>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="=_NextPart_000_044F_01D39947.F4F4FBA0"

X-Mailer: Microsoft Outlook 16.0

Thread-Index: AQGsz7jVdWQ+5VNHJiY9kX6ybJXGXg==

 

Reporting-MTA: dns; nmail.caloro.ch

X-Postfix-Queue-ID: 9A2B340929

X-Postfix-Sender: rfc822; mauri...@caloro.ch

Arrival-Date: Mon, 29 Jan 2018 21:09:51 +0100 (CET)

 

Final-Recipient: rfc822; mel.griffi...@btopenworld.com

Original-Recipient: rfc822;mel.griffi...@btopenworld.com

Action: failed

Status: 5.0.0

Remote-MTA: dns; mx.bt.lon5.cpcloud.co.uk

Diagnostic-Code: smtp; 554 Message rejected on 2018/01/29 20:09:54 GMT,
policy

(3.2.1.1) ??? Your message looks like SPAM or has been reported as SPAM

please read www.bt.com/bulksender

 

---

Mail.log

 

D112340267: to=, relay=spamassassin, delay=1.4,
delays=1.1/0/0/0.35, dsn=2.0.0, status=sent (delivered via spamassassin
service)

 

Jan 29 22:37:32 mail postfix/smtp[13948]: 1A47F4070D:
to=, relay=127.0.0.1[127.0.0.1]:10025, delay=0.22,
delays=0.08/0/0.04/0.09, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
2FE0240267)

 

Jan 29 22:37:32 mail postfix/smtp[13943]: 2FE0240267:
to=,
relay=hotmail-com.olc.protection.outlook.com[104.47.4.33]:25, delay=0.69,
delays=0.09/0/0.12/0.48, dsn=2.6.0, status=sent (250 2.6.0
<3c8f77bcc0ef3000e627afa39448c...@gearconn.com> [InternalId=53695681205819,
Hostname=AM5EUR02HT082.eop-

EUR02.prod.protection.outlook.com] 9013 bytes in 0.099, 88.050 KB/sec Queued
mail for delivery)

Jan 29 22:37:32 mail postfix/qmgr[13937]: 2FE0240267: removed

 

postfix/pipe[13574]: E404F4: to=,
relay=spamassassin, delay=0.49, delays=0.31/0/0/0.17, dsn=2.0.0, status=sent
(delivered via spamassassin service)

Jan 29 22:27:31 mail postfix/qmgr[13520]: E404F4: removed

 

Jan 29 22:35:56 mail postfix/smtp[13943]: CD0E5404E1:
to=, relay=mx.danskkabeltv.dk[62.61.141.3]:25,
delay=503, delays=502/0.03/0.66/0.05, dsn=4.2.0, status=deferred (host
mx.danskkabeltv.dk[62.61.141.3] said: 450 4.2.0
: Client host rejected: Greylisted, see
http://postgrey.schweikert.ch/help/uppsalahus.dk.html (in reply to RCPT TO
command))

 

Jan 29 22:58:19 mail postfix/smtp[14296]: A504140462:
to=, relay=mta5.am0.yahoodns.net[74.6.137.64]:25,
delay=27604, delays=27596/5.8/1.6/0.1, dsn=4.7.0, status=deferred (host
mta5.am0.yahoodns.net[74.6.137.64] said: 421 4.7.0 [TSS04] Messages from
37.120.190.188 temporarily deferred due to user complaints - 4.16.55.1; see
https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM
command))

Jan 29 22:58:19 mail postfix/smtp[14318]: A2F6E408C9:
to=, relay=mta7.am0.yahoodns.net[74.6.137.65]:25,
delay=26335, delays=26327/5.8/1.6/0.09, dsn=4.7.0, status=deferred (host
mta7.am0.yahoodns.net[74.6.137.65] said: 421 4.7.0 [TSS04] Messages from
37.120.190.188 temporarily deferred due to user complaints - 4.16.55.1; see
https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM
command))

Jan 29 22:58:19 mail postfix/smtp[14314]: AF1D540460:
to=, relay=mta7.am0.yahoodns.net[98.136.101.117]:25,
delay=40098, delays=40090/5.4/2/0.16, dsn=4.7.0, status=deferred (host
mta7.am0.yahoodns.net[98.136.101.117] said: 421 4.7.0 [TSS04] Messages from
37.120.190.188 temporarily deferred due to user complaints - 4.16.55.1; see
https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM
command))

Jan 29 22:58:20 mail postfix/smtp[14304]: A4C43408CB:
to=, relay=mta5.am0.yahoodns.net[98.137.159.28]:25,
delay=28617, delays=28609/6.1/2.1/0.12, dsn=4.7.0, status=deferred (host
mta5.am0.yahoodns.net[98.137.159.28] said: 421 4.7.0 [TSS04] Messages from
37.120.190.188 temporarily deferred due to user complaints - 4.16.55.1; see
https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM

Jessie - Stretch to jump on Postfix 3.x

2017-10-17 Thread Maurizio Caloro

Hello Together

 

I'am running with Debain Jessie 8.9, i play with the ideea upgrade the
system 8.9 ->Stretch.

Please existing here any complication, or/after the upgrade i need to
reconfigure the hole mailserver?

 

I see that Stretch are armed with Postfix 3.x

 

I know this are not a specific Postfix question, but i am intressed to hear
your expiriences!

 

Regards

Mauri

AW: Ban IP or Host

2017-10-17 Thread Maurizio Caloro

Hello Mauricio

>  Have you tried fail2ban?

Yes, i have installed and configured, this are realy a helping and usefully 
tool!
Thanks for your fast answer!
Maurizio

Ban IP or Host

2017-10-16 Thread Maurizio Caloro

Hello Together
Please i have a lot of this messages, exist here any possibilities to ban
this ip or host, so this will try every view min.

 

Oct 16 12:33:59 mail postfix/smtpd[23436]: warning: hostname walkerj235.com
does not resolve to address 91.200.12.56

Oct 16 12:34:03 mail postfix/smtpd[23436]: warning: unknown[91.200.12.56]:
SASL LOGIN authentication failed: ZuFzc3waA31Zb

Oct 16 12:38:06 mail postfix/smtpd[20167]: warning: hostname walkerj235.com
does not resolve to address 91.200.12.56

Oct 16 12:38:08 mail postfix/smtpd[20167]: warning: unknown[91.200.12.56]:
SASL LOGIN authentication failed: ZuFzc3waA31Zb

Oct 16 12:42:16 mail postfix/smtpd[27854]: warning: hostname walkerj235.com
does not resolve to address 91.200.12.56

Oct 16 12:42:20 mail postfix/smtpd[27854]: warning: unknown[91.200.12.56]:
SASL LOGIN authentication failed: ZuFzc3waA31Zb

Oct 16 12:44:12 mail postfix/smtpd[11374]: warning: unknown[80.82.77.153]:
SASL LOGIN authentication failed: ZuFzc3waA31Zb

Oct 16 12:46:28 mail postfix/smtpd[30250]: warning: hostname walkerj235.com
does not resolve to address 91.200.12.56

Oct 16 12:46:31 mail postfix/smtpd[30250]: warning: unknown[91.200.12.56]:
SASL LOGIN authentication failed: ZuFzc3waA31Zb

Oct 16 12:47:46 mail postfix/smtpd[30250]: warning: unknown[191.96.249.214]:
SASL LOGIN authentication failed: ZuFzc3waA31Zb

Oct 16 12:50:46 mail postfix/smtpd[1148]: warning: hostname walkerj235.com
does not resolve to address 91.200.12.56

 

Thanks for any help

Reards

Mauri

verify_cache.db: No such file or directory - possible Berkeley DB bug ?

2017-03-22 Thread Maurizio Caloro

Hello

>From time to time I see on mail.log the following error message:

Mar 22 23:29:43 mail postfix/verify[2206]: close database
/var/lib/postfix/verify_cache.db: No such file or directory (possible
Berkeley DB bug)

 

I have see found different answer, but I don't know which in further
pursues.

Please what I need to do here ?

 

root@mail:~# ls -la /var/lib/postfix/verify_cache.db

-rw-r--r-- 1 postfix postfix 8192 Mar 22 23:26
/var/lib/postfix/verify_cache.db

 

root@mail:/etc/postfix# postconf -d | grep mail_version

mail_version = 2.11.3

 

Debian 3.16.39-1+deb8u2 (2017-03-07

 

Regards

Mauri

Re: Postfix, Hotmail never arrive

2017-03-07 Thread Maurizio Caloro



Am 05.03.2017 um 21:59 schrieb Geert Stappers:

On Sun, Mar 05, 2017 at 09:00:17PM +0100, Robert Schetterer wrote:

Am 05.03.2017 um 16:27 schrieb Michael Neurohr:

I just tested that with my server with a Hetzner IP address. My mail
goes directly into the Junk Folder. My IP address is not listed on any
blacklist and I have SPF in place. So far I had no Problems with

Hotmail.

Michael


Microsofts info mail ( arrived fast today )
said that my hetzner Ip will whitelisted , but only for small
amount of mail until it has a "good" score and it is not a general
antispam whitelisting.

They recommend to get part of
Junk E-Mail Reporting Program (JMRP)

link in the info mail is



http://support.msn.com/eform.aspx?productKey=edfsjmrpp=support_home_o
ptions_form_byemail=eformts

Visiting that (deep?) link got me redirected
to https://support.microsoft.com/en-us/products/msn


to me that link shows not clearly what to do .

seems they dont care very much about spf dkim etc from now
( however its noted that it stays helpfull )
and prefer their own practice of scoring


If Microsoft is the solution, then I want the problem back.



Hello Together
Today i have contact Microsoft, but i dont have any News.


"My name is 123 and I work with the Outlook.com Deliverability Support Team.

We have reviewed your IP(s) *(*w.x.y.z*) *and determined that messages 
are being filtered (i.e. sent to the Junk folder) based on the 
recommendations of the SmartScreen 
® 
Filter.

"

I have:
-No IP blacklist (Spamhaus)
-DMARC is good
-SPF is good
-DKIM is good (OpenDkim, 2048, rsa-sha256)
-PTR records is good.
-Barracuda SpamScore = 0.0

but me Email will not appair to Hotmail/Outlook.com, and the mail also 
arn't visible in Spam folder?!

Please what i need to do ?

Re: Postfix, Hotmail never arrive

2017-03-05 Thread Maurizio Caloro


Am 05.03.2017 um 16:27 schrieb Michael Neurohr:

On 2017-03-05 10:01, Robert Schetterer wrote:

Am 05.03.2017 um 09:11 schrieb Robert Schetterer:

Hi Viktor, seems that hotmail etc has included some new antispam
procedures and now blocks big ip ranges ( i.e Hetzner ) , spf, dkim etc
does not help
i filled out a form to get my servers ip open again , however their
whole new antispam seems somekind broken


Best Regards
MfG Robert Schetterer


form is at

https://support.live.com/eform.aspx?productKey=edfsmsbl3=eformts=wsignin1.0

in my case it seems that my amount of mail to hotmail wasnt enough to
build a score
the default seems to block ip with no score, which might be ok but
should be overrided by existing spf,dkim ever etc

I just tested that with my server with a Hetzner IP address. My mail
goes directly into the Junk Folder. My IP address is not listed on any
blacklist and I have SPF in place. So far I had no Problems with Hotmail.

Michael


I have check today, the hole day, if add me email Address .(at)Caloro 
allowd Address from Domain/Email
option settings from Hotmail so the mail will arrive Hotmail, if this 
setting are not allowed so no e-mail
from my Domain will appair. But here, are the problem i don't know what 
Email Address from Hotmail i

will be send.

After analyse any mail that i will become from Hotmail, i see that DKIM 
are in use.


DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; 
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; 
bsfdmi+8p1unwVM=; b=tK4f0CP5ay;


now i play with the idea to add the "DKIM" option, at the moment i run with
SPF and DMARC, i never play with the Idea that i need also this Dkim option.

But you here in this Thread have you all three possiblities installed?
 - SPF, DMARC, and DKIM ?

After a quick Search on Blacklisted IP, i don't see me Ip here baned:-)

Thanks for your Answers
Regards
Mauri

Postfix, Hotmail never arrive

2017-03-04 Thread Maurizio Caloro


Hello Together

If i send any mail go @hotmail this will never arrive,  but Postfix Log 
are here in other thing.

(Queued mail for Delivery)

Mar  4 22:45:26 caloro postfix/qmgr[28159]: BD6EB4159E: 
from=, size=569, nrcpt=1 (queue active)
Mar  4 22:45:29 caloro postfix/smtp[26958]: BD6EB4159E: 
to=, relay=mx1.hotmail.com[65.55.33.119]:25, 
delay=2.7, delays=0.49/0.01/1.3/0.9, dsn=2.0.0, status=sent (250 
 Queued mail for 
delivery)


mxtoolbox have 0 Error on me Domain.
Please for any help iam Happy

regards

postfix with possibilities for blackberry integration

2017-03-04 Thread Maurizio Caloro


Hello Together

Please exist any possibilities to integrate me old Black-Berry 7.1 with
Postfix or Dovecot i don't have any BES Server, but here are any
possibilities to Install with Postfix any Protocol to communicate with it?

Thanks for any feedback

Mauri

Generate passw with Postfixadmin to add mysql ?

2017-02-26 Thread Maurizio Caloro

Hello

My setup running with Postfix+Dovecot+Roundcube+Mysql

 

Now I need to add the Password function to roundcube and are available now
with the Passwd plugin, but I need to know

with what hash I need to do this? How will postfixadmin generate the
passwort to add mysql db.

 

In the meantime I have found the right query but, the password don't accect.
I think i will use the wrong "hash"

'UPDATE `postfixadmin`.`mailbox` SET `password` = MD5('123456789A!') WHERE
`mailbox`.`username` = 'n...@domain.dtl'';

 

Thanks for any help

Mauri

AW: free email fax setup postfix integration

2017-02-21 Thread Maurizio Caloro


Am 21.02.2017 um 23:53 schrieb David Mehler:
> Hello,
>
> I am looking for a free email 2 fax system that integrates with 
> postfix. I looked at faximum but that's very out of my range.
>
> Anyone know of any product comparable?
>
> Thanks.
> Dave.
>

Hello

Email2Fax:
https://sourceforge.net/projects/email2fax/?source=directory

Re: similar email address to one account?

2017-02-12 Thread Maurizio Caloro


hello
i have this already done, with "Aliases", but here i don't have success!

mauri...@caloro.ch exist all ready but i will that m...@caloro.ch are 
available
from public, but here i become the message "User unknown in local 
recipient table".


# /etc/aliases
maurizio: mauri...@caloro.ch,m...@caloro.ch,maurizio

# /var/log/mail.log
postfix/smtpd[12798]: NOQUEUE: reject: RCPT from [IP]: 550 5.1.1 
<m...@caloro.ch>: Recipient address rejected: User unknown in local 
recipient table; from=<mau...@gmx.ch> to=<m...@caloro.ch> proto=ESMTP 
helo=


# newaliases

regards
mauri

Am 12.02.2017 um 21:56 schrieb Ansgar Wiechers:

On 2017-02-12 Maurizio Caloro wrote:

i will that following e-mail Adresses (public) goes to one recipent
address (local)

n...@example.com = myname
shortn...@example.com = myname

i need to open differents accounts?, or i configure this with the
Virtual maps?

Virtual maps would work (although it's recommended to use the full
target address, including the domain), but it might be easier to just
define an alias. Add the following 2 lines to /etc/aliases (adjust the
path if your distribution places the file in a different location):

name: myname
shortname: myname

save and run `newaliases`.

Regards
Ansgar Wiechers

similar email address to one account?

2017-02-12 Thread Maurizio Caloro



hello friends

i will that following e-mail Adresses (public) goes to one recipent 
address (local)


n...@example.com = myname
shortn...@example.com = myname

i need to open differents accounts?, or i configure this with the 
Virtual maps?

me problem are that i don't understand this right, please for any feedback.

Regards

1 2 >

1 - 100 of 106 matches

Mail list logo