Re: Postfix Postscreen Pregreet Test
- Original Message - > From: "Christian Kivalo" > To: postfix-users@postfix.org > Sent: Saturday, January 23, 2016 2:56:25 PM > Subject: Re: Postfix Postscreen Pregreet Test > Am 23. Jänner 2016 04:30:02 MEZ, schrieb Nguyen Nang Thang > : >>- Original Message - >>> From: "Wietse Venema" >>> To: "Postfix users" >>> Sent: Saturday, January 23, 2016 9:57:40 AM >>> Subject: Re: Postfix Postscreen Pregreet Test >> >>> Nguyen Nang Thang: >>>> > Postfix sends: >>>> > >>>> > 220-myhostname ESMTP >>>> > >>>> > Postfix waits $postscreen_greet_wait seconds. >>>> > Bad SMTP clients will greet before $postscreen_greet_wait seconds >>>> > have passed. >>>> > >>>> > 220 myhostname ESMTP >>>> > >>>> > Good SMTP clients will greet now. >>>> >>>> Wietse: >>>> Thanks for your detailed explain. Can you suggest me technical ways >>to manually >>>> test Bad SMTP clients >>>> that greet before $postscreen_greet_wait seconds have passed? >>> >>> echo whatever | nc host 25 >> >>Wietse: >>I dit my test as below: >># nc localhost 25 < /tmp/postscreen-greet-wait.txt >>The output: >>220 gw.mydomain.com ESMTP Postfix (2.10.1) >>250 2.1.0 Ok >>250 2.1.5 Ok >>354 End data with . >>250 2.0.0 Ok: queued as 35CA025E69 >> >>The postfix/postcreeen log does not show info "PREGREET count after >>time from [address]:port text...", >>test message delivered normally (expect: test message prevented by >>postscreen). >>So, is there another way to quickly make smtp connection via "nc" or >>another tool to test the parameter >>"postscreen_greet_wait"? > Do this test from a different device. You probably have localhost in > mynetworks > and have configured >> postscreen_access_list = permit_mynetworks, >> cidr:/etc/postfix/postscreen_access.cidr Christian & Wietse: I've tested successfully the parameter "postscreen_greet_wait" of postscreen as Christian & Wietse's suggestions. Here is the experience: * Shoud test from a different device/host * Technical way to test the parameter "postscreen_greet_wait" via the tool "nc" and "echo": $ echo "Hello. I'm spambot" | nc host 25 Here is the log to show that the parameter "postscreen_greet_wait" works fine: Jan 23 15:09:17 gw postfix/postscreen[8783]: PREGREET 19 after 0 from [IP]:Port: Hello. I'm spambot\n Jan 23 15:09:18 gw postfix/postscreen[8783]: BARE NEWLINE from [IP]:Port after Hello. I'm spambot Jan 23 15:09:18 gw postfix/postscreen[8783]: HANGUP after 0 from [IP]:Port in tests after SMTP handshake Jan 23 15:09:18 gw postfix/postscreen[8783]: DISCONNECT [IP]:Port Note: I have my localhost and my LAN subnet in mynetworks and have configured, so my tests before did not work as expected. Thanks. Regards, N. Thang
Re: Postfix Postscreen Pregreet Test
On 23/01/16 16:30, Nguyen Nang Thang wrote: > Wietse: > I dit my test as below: > # nc localhost 25 < /tmp/postscreen-greet-wait.txt > The output: > 220 gw.mydomain.com ESMTP Postfix (2.10.1) > 250 2.1.0 Ok > 250 2.1.5 Ok > 354 End data with . > 250 2.0.0 Ok: queued as 35CA025E69 > > The postfix/postcreeen log does not show info "PREGREET count after time from > [address]:port text...", > test message delivered normally (expect: test message prevented by > postscreen). > So, is there another way to quickly make smtp connection via "nc" or another > tool to test the parameter > "postscreen_greet_wait"? You would have localhost listed in mynetworks, which by default bypasses the postscreen tests: > postscreen_access_list (default: permit_mynetworks) >Permanent white/blacklist for remote SMTP client IP addresses. > postscreen(8) searches this list immediately after a remote SMTP client > connects. Specify a comma- or whitespace- >separated list of commands (in upper or lower case) or lookup tables. > The search stops upon the first command that fires for the client IP address. > > permit_mynetworks > Whitelist the client and terminate the search if the client > IP address matches $mynetworks. Do not subject the client to any > before/after 220 greeting tests. Pass the > connection immediately to a Postfix SMTP server process. Try the test again from a host that is not listed in mynetworks. Peter
Re: Postfix Postscreen Pregreet Test
Am 23. Jänner 2016 04:30:02 MEZ, schrieb Nguyen Nang Thang : >- Original Message - >> From: "Wietse Venema" >> To: "Postfix users" >> Sent: Saturday, January 23, 2016 9:57:40 AM >> Subject: Re: Postfix Postscreen Pregreet Test > >> Nguyen Nang Thang: >>> > Postfix sends: >>> > >>> > 220-myhostname ESMTP >>> > >>> > Postfix waits $postscreen_greet_wait seconds. >>> > Bad SMTP clients will greet before $postscreen_greet_wait seconds >>> > have passed. >>> > >>> > 220 myhostname ESMTP >>> > >>> > Good SMTP clients will greet now. >>> >>> Wietse: >>> Thanks for your detailed explain. Can you suggest me technical ways >to manually >>> test Bad SMTP clients >>> that greet before $postscreen_greet_wait seconds have passed? >> >> echo whatever | nc host 25 > >Wietse: >I dit my test as below: ># nc localhost 25 < /tmp/postscreen-greet-wait.txt >The output: >220 gw.mydomain.com ESMTP Postfix (2.10.1) >250 2.1.0 Ok >250 2.1.5 Ok >354 End data with . >250 2.0.0 Ok: queued as 35CA025E69 > >The postfix/postcreeen log does not show info "PREGREET count after >time from [address]:port text...", >test message delivered normally (expect: test message prevented by >postscreen). >So, is there another way to quickly make smtp connection via "nc" or >another tool to test the parameter >"postscreen_greet_wait"? Do this test from a different device. You probably have localhost in mynetworks and have configured > postscreen_access_list = permit_mynetworks, > cidr:/etc/postfix/postscreen_access.cidr >Thanks. > >Regards, >N. Thang -- Christian
Re: Postfix Postscreen Pregreet Test
- Original Message - > From: "Wietse Venema" > To: "Postfix users" > Sent: Saturday, January 23, 2016 9:57:40 AM > Subject: Re: Postfix Postscreen Pregreet Test > Nguyen Nang Thang: >> > Postfix sends: >> > >> >220-myhostname ESMTP >> > >> > Postfix waits $postscreen_greet_wait seconds. >> > Bad SMTP clients will greet before $postscreen_greet_wait seconds >> > have passed. >> > >> >220 myhostname ESMTP >> > >> > Good SMTP clients will greet now. >> >> Wietse: >> Thanks for your detailed explain. Can you suggest me technical ways to >> manually >> test Bad SMTP clients >> that greet before $postscreen_greet_wait seconds have passed? > > echo whatever | nc host 25 Wietse: I dit my test as below: # nc localhost 25 < /tmp/postscreen-greet-wait.txt The output: 220 gw.mydomain.com ESMTP Postfix (2.10.1) 250 2.1.0 Ok 250 2.1.5 Ok 354 End data with . 250 2.0.0 Ok: queued as 35CA025E69 The postfix/postcreeen log does not show info "PREGREET count after time from [address]:port text...", test message delivered normally (expect: test message prevented by postscreen). So, is there another way to quickly make smtp connection via "nc" or another tool to test the parameter "postscreen_greet_wait"? Thanks. Regards, N. Thang
Re: Postfix Postscreen Pregreet Test
Nguyen Nang Thang: > > Postfix sends: > > > > 220-myhostname ESMTP > > > > Postfix waits $postscreen_greet_wait seconds. > > Bad SMTP clients will greet before $postscreen_greet_wait seconds > > have passed. > > > > 220 myhostname ESMTP > > > > Good SMTP clients will greet now. > > Wietse: > Thanks for your detailed explain. Can you suggest me technical ways to > manually test Bad SMTP clients > that greet before $postscreen_greet_wait seconds have passed? echo whatever | nc host 25 Wietse
Re: Postfix Postscreen Pregreet Test
- Original Message - > From: "Wietse Venema" > To: "Nguyen Nang Thang" > Cc: "Postfix users" > Sent: Saturday, January 23, 2016 9:09:09 AM > Subject: Re: Postfix Postscreen Pregreet Test > Nguyen Nang Thang: >> >> > domain zen.spamhaus.org as 127.0.0.4 >> >> > Jan 22 00:00:53 spike postfix/postscreen[44350]: PREGREET 16 after 0.69 >> >> > from >> >> > [177.231.207.212]:38026: HELO bryozoann\r\n >> > >> > That is a zombie that speaks before its turn. >> >> Ok, I'm clear about the operation of the parameter "postscreen_greet_wait". >> Log in our email system shows as below: >> Jan 22 00:57:59 gw postfix/postscreen[4837]: CONNECT from >> [201.139.132.41]:37245 >> to [192.168.100.79]:25 >> Jan 22 00:57:59 gw postfix/postscreen[4837]: PREGREET 50 after 0.52 from >> [201.139.132.41]:37245: HELO 201.139.132.41.cable.dyn.cableonline.com.mx\r\n >> => The IP 201.139.132.41 is monitored by Pregreeting test. >> >> But my current concern is that how to manually test the parameter >> "postscreen_greet_wait" by my own test? > > Postfix sends: > > 220-myhostname ESMTP > > Postfix waits $postscreen_greet_wait seconds. > Bad SMTP clients will greet before $postscreen_greet_wait seconds > have passed. > > 220 myhostname ESMTP > > Good SMTP clients will greet now. Wietse: Thanks for your detailed explain. Can you suggest me technical ways to manually test Bad SMTP clients that greet before $postscreen_greet_wait seconds have passed? It's true that we cannot use the "telnet" command to test because I'm thinking scripts/tools are suitable ways to test Bad SMTP client, right? Regards, Thang
Re: Postfix Postscreen Pregreet Test
Nguyen Nang Thang: > >> > domain zen.spamhaus.org as 127.0.0.4 > >> > Jan 22 00:00:53 spike postfix/postscreen[44350]: PREGREET 16 after 0.69 > >> > from > >> > [177.231.207.212]:38026: HELO bryozoann\r\n > > > > That is a zombie that speaks before its turn. > > Ok, I'm clear about the operation of the parameter "postscreen_greet_wait". > Log in our email system shows as below: > Jan 22 00:57:59 gw postfix/postscreen[4837]: CONNECT from > [201.139.132.41]:37245 to [192.168.100.79]:25 > Jan 22 00:57:59 gw postfix/postscreen[4837]: PREGREET 50 after 0.52 from > [201.139.132.41]:37245: HELO 201.139.132.41.cable.dyn.cableonline.com.mx\r\n > => The IP 201.139.132.41 is monitored by Pregreeting test. > > But my current concern is that how to manually test the parameter > "postscreen_greet_wait" by my own test? Postfix sends: 220-myhostname ESMTP Postfix waits $postscreen_greet_wait seconds. Bad SMTP clients will greet before $postscreen_greet_wait seconds have passed. 220 myhostname ESMTP Good SMTP clients will greet now. Wietse
Re: Postfix Postscreen Pregreet Test
- Original Message - > From: "Wietse Venema" > To: "Postfix users" > Sent: Saturday, January 23, 2016 8:21:47 AM > Subject: Re: Postfix Postscreen Pregreet Test > Nguyen Nang Thang: >> > domain zen.spamhaus.org as 127.0.0.4 >> > Jan 22 00:00:53 spike postfix/postscreen[44350]: PREGREET 16 after 0.69 >> > from >> > [177.231.207.212]:38026: HELO bryozoann\r\n > > That is a zombie that speaks before its turn. Ok, I'm clear about the operation of the parameter "postscreen_greet_wait". Log in our email system shows as below: Jan 22 00:57:59 gw postfix/postscreen[4837]: CONNECT from [201.139.132.41]:37245 to [192.168.100.79]:25 Jan 22 00:57:59 gw postfix/postscreen[4837]: PREGREET 50 after 0.52 from [201.139.132.41]:37245: HELO 201.139.132.41.cable.dyn.cableonline.com.mx\r\n => The IP 201.139.132.41 is monitored by Pregreeting test. But my current concern is that how to manually test the parameter "postscreen_greet_wait" by my own test? Because my goal is to test the operation of this parameter manually, but I donot know how to test it. Regards, N. Thang
Re: Postfix Postscreen Pregreet Test
Nguyen Nang Thang: > > domain zen.spamhaus.org as 127.0.0.4 > > Jan 22 00:00:53 spike postfix/postscreen[44350]: PREGREET 16 after 0.69 from > > [177.231.207.212]:38026: HELO bryozoann\r\n That is a zombie that speaks before its turn. Quoting from POSTSCREEN_README" When an SMTP client sends a command before the postscreen_greet_wait time has elapsed, postscreen(8) logs this as: PREGREET count after time from [address]:port text... Translation: the client at [address]:port sent count bytes before its turn to speak. This happened time seconds after the postscreen_greet_wait timer was started. The text is what the client sent (truncated to 100 bytes, and with non-printable characters replaced with C-style escapes such as \r for carriage- return and \n for newline). Wietse
Re: Postfix Postscreen Pregreet Test
- Original Message - > From: "Wietse Venema" > To: "Postfix users" > Cc: postfix-users@postfix.org, u...@porcupine.org > Sent: Saturday, January 23, 2016 7:29:00 AM > Subject: Re: Postfix Postscreen Pregreet Test > Nguyen Nang Thang: >> I donot know how to demonstrate the test "postscreen_greet_wait" to know that >> Postscreen is protecting zombies/spambots that speak before its turn. >> Any tools or ways for this test? > > Turn it on, and let the zombies be your testers. > > Jan 22 00:00:53 spike postfix/postscreen[44350]: CONNECT from > [177.231.207.212]:38026 to [168.100.189.4]:25 > Jan 22 00:00:53 spike postfix/dnsblog[44354]: addr 177.231.207.212 listed by > domain zen.spamhaus.org as 127.0.0.11 > Jan 22 00:00:53 spike postfix/dnsblog[44354]: addr 177.231.207.212 listed by > domain zen.spamhaus.org as 127.0.0.3 > Jan 22 00:00:53 spike postfix/dnsblog[44354]: addr 177.231.207.212 listed by > domain zen.spamhaus.org as 127.0.0.4 > Jan 22 00:00:53 spike postfix/postscreen[44350]: PREGREET 16 after 0.69 from > [177.231.207.212]:38026: HELO bryozoann\r\n > Jan 22 00:00:54 spike postfix/postscreen[44350]: DNSBL rank 2 for > [177.231.207.212]:38026 > Jan 22 00:00:54 spike postfix/postscreen[44350]: NOQUEUE: reject: RCPT from > [177.231.207.212]:38026: 550 5.7.1 Service unavailable; client > [177.231.207.212] blocked using zen.spamhaus.org; > from=, to=, proto=SMTP, > helo= > Jan 22 00:01:01 spike postfix/postscreen[44350]: DISCONNECT > [177.231.207.212]:38026 Wietse Venema: I'm clear that zombies/spambots is my testers. The feature DNSBL works fine. But, I'm not clear that how to know that "SMTP clients speak before its turns" by some tests? I've configured the parameter "postscreen_greet_wait = 6s" due to my goal is find out some ways to test this parameter (not the feature DNSBL that worked fine). Your example log is for the DNSBL, not for the parameter "postscreen_greet_wait", right? Regards, Thang
Re: Postfix Postscreen Pregreet Test
Nguyen Nang Thang: > I donot know how to demonstrate the test "postscreen_greet_wait" to know that > Postscreen is protecting zombies/spambots that speak before its turn. > Any tools or ways for this test? Turn it on, and let the zombies be your testers. Jan 22 00:00:53 spike postfix/postscreen[44350]: CONNECT from [177.231.207.212]:38026 to [168.100.189.4]:25 Jan 22 00:00:53 spike postfix/dnsblog[44354]: addr 177.231.207.212 listed by domain zen.spamhaus.org as 127.0.0.11 Jan 22 00:00:53 spike postfix/dnsblog[44354]: addr 177.231.207.212 listed by domain zen.spamhaus.org as 127.0.0.3 Jan 22 00:00:53 spike postfix/dnsblog[44354]: addr 177.231.207.212 listed by domain zen.spamhaus.org as 127.0.0.4 Jan 22 00:00:53 spike postfix/postscreen[44350]: PREGREET 16 after 0.69 from [177.231.207.212]:38026: HELO bryozoann\r\n Jan 22 00:00:54 spike postfix/postscreen[44350]: DNSBL rank 2 for [177.231.207.212]:38026 Jan 22 00:00:54 spike postfix/postscreen[44350]: NOQUEUE: reject: RCPT from [177.231.207.212]:38026: 550 5.7.1 Service unavailable; client [177.231.207.212] blocked using zen.spamhaus.org; from=, to=, proto=SMTP, helo= Jan 22 00:01:01 spike postfix/postscreen[44350]: DISCONNECT [177.231.207.212]:38026 Wietse
Postfix Postscreen Pregreet Test
Hi all, I've used Postfix/Postcreen to protect zombies/spambots to our email system. Currently, I've setup the pregreet test of Postscreen as configuration below: In main.cf: postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_blacklist_action = enforce postscreen_dnsbl_threshold = 3 postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net*3 b.barracudacentral.org*2 postscreen_dnsbl_action = enforce postscreen_dnsbl_ttl= 1h postscreen_greet_banner = $smtpd_banner postscreen_greet_wait = 6s postscreen_greet_action = enforce I donot know how to demonstrate the test "postscreen_greet_wait" to know that Postscreen is protecting zombies/spambots that speak before its turn. Any tools or ways for this test? Regards, Thang
