Re: DNS RBL error
* John Peach : > Your nslookup shows you using 207.172.3.20 as a nameserver: > > 20.3.172.207.in-addr.arpa name = auth1.dns.rcn.net > > Your ISP's nameserver. You need to run your own, so that you query > spamhaus directly. They are counting all the hits from RCN. apt-get install pdns-recursor -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: DNS RBL error
* donovan jeffrey j : > ins2:~ root# cat /etc/resolv.conf > search beth.k12.pa.us > nameserver 10.135.1.2 > nameserver 209.96.96.2 > nameserver 207.172.3.20 > > ins2:~ root# nslookup zen.spamhaus.org > Server: 207.172.3.20 > Address:207.172.3.20#53 > > ** server can't find zen.spamhaus.org: REFUSED > > > okay,.. Ill have to check this. to make sure my queries to zen are directly > from my mail system does that sound right ? Yes. Install a local caching DNS which directly queries the internet ... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Client Access Reject List
* Carlos Mennens : > I have a /etc/postfix/client_access file which holds IP's are known > clients that refuse to stop sending my junk. I submit the IP in the > file as follows: > > 68.69.110.81REJECT executiveonlinelearning.com > > My question is as the list grows in length, is it correct to be able > to identify the domain / sender as I did above after 'REJECT' as a > kind of tag or note for myself? Yes. > This way I can better search though logs if I need to review something. > > Or can I only add it as: > > 68.69.110.81REJECT You can also use that form, because the rejection is caused by an IP anyway - so all you need is grep for the IP in your /etc/postfix/client_access file -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: How to forward mail when mailbox not localy existing
* Yannick : > Hi, > > In the context of migration from an MSExchaneg to Postfix , > > I 'm tring to reproduce a functionality: > Until we have migrated all the 300 mailboxes, I want to put my new Postfix as > a front end. > It would firstly receive the SMTP stream: if the recipient mailbox is localy > existing on it then deliver localy (maildir format) and if the mailbox is not > yet exising (user not migret) it would then transferred the mail to the old > server. luser_relay -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
MIA: mstone author / maintainer
I'm trying to get in contact with the mstone author/maintainer. Both dac at x.cx and dchristian at google.com are non-operational :( Who knows his current address? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postfix multi-instances and qmail co-existence
* Patrick Chemla : > Hi, > > I am trying to upgrade smoothly from qmail mono-instance to > postfix-multi-instances. > > When I start the new postfix installation, I get the warning: > postfix/postfix-script: warning: /usr/lib/sendmail and > /usr/sbin/sendmail differ > postfix/postfix-script: warning: Replace one by a symbolic link to the other > > and if I check the files: > ls -l /usr/lib/sendmail /usr/sbin/sendmail > lrwxrwxrwx 1 root root 23 jun 19 2009 /usr/lib/sendmail -> > /var/qmail/bin/sendmail > -rwxr-xr-x 1 root root 581869 avr 23 12:04 /usr/sbin/sendmail > > Should I set the 2 linked to the same file ? /usr/sbin/sendmail ? > /var/qmail/bin/sendmail ? rm /usr/lib/sendmail and link /usr/lib/sendmail to /usr/sbin/sendmail (which is hopefully the postfix sendmail) > What will arrive if qmail uses /usr/sbin/sendmail or postfix uses > /var/qmail/bin/sendmail ? ? Nothing, you disabled qmail I hope. > Whenever, postfix starts, all instances, and I can process messages. > Is this a correct production environnement? I wouldn't think so. Why is qmail still there when you already moved to postfix? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: .forward files
* Alexander Erameh : > Is there any reason why Postfix doesn't read .forward files set up in users > Mail folders, even after modifying main.cf to include the forward_path > option. Yes. If postfix/local is not involved, the files will be ignored. > Do I have to disable /etc/postfix/virtual which was hitherto handling > forwarding? Hard to tell, without logs or postconf -n output. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Webmaster for Postfix.org
* osuser g : > Does any one know how has access the content on Postfix.org ? > Whom should one contact for updates/improvements to content? Wietse comes to mind. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: header_checks
* J.D. Bronson : > I am seeing random spam come in with this consistent type of 'from': > > (r...@www.cheapquotesonline.com) > (r...@chat.biznizpro.com) > (r...@safetyaboutonline.net) With the () around the address? > ..they all begin with 'ret@' and I need some help creating a > header_check (and/or body check) to catch this. > > I tried this, but it didnt work: > > /^From:.ret@/REJECT unsolicited email /^From:.*ret@/REJECT unsolicited email or /^From: ret@/REJECT unsolicited email or /^From:\b*ret@/REJECT unsolicited email -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: stumped: postfix silently won't start
* Len Conrad : > May 20 10:37:35 s...@sl1.hctc.net postfix/master[29415]: dict_eval: const Don't run master verbosely. I had a similar problem once when I umounted the /var/spool/postfix on a DRBD system. There were POstfix processes still lingering around (ps auxwww|grep postfix) which I all killed, after that it would work again. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: relay local domains to a specific server
* Patrick Chemla : > Hi, > > I am managing my emails on 2 Postfix 2.7 servers. > > A front smtpd server receives all messages from outside and inside > users, and a back server handles email boxes for local domains > deliveries. > > I am trying to send directly messages from the front smtpd to the > back server without looking to MX from DNS. > > So, in the /etc/postfix/transport file, I put lines as follow: > > example1.com:[10.0.0.2] > example2.com:[10.0.0.2] > example3.com:[10.0.0.2] > example4.com:[10.0.0.2] > > exampleN.com are domains to relay directly to internal server > 10.0.0.2 without looking to DNS (using brackets). > > I have run postmap transport and postfix reload. postfix reload is not needed (I think) > I made some simple tests puting mails through a telnet to port 25 of > the front server. > > It still lookup for MX for domains exampleN.com and delivers through > an outside address. How do you know that? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: relay local domains to a specific server
* Patrick Chemla : > Le 23/05/2010 19:16, Ralf Hildebrandt a écrit : > >>I made some simple tests puting mails through a telnet to port 25 of > >>> the front server. > >>> > It still lookup for MX for domains exampleN.com and > >>delivers through > >>> an outside address. > >How do you know that? > > > I just look at the maillog and I can find the IP address of the > external server where it tries to deliver. Please share the maillog with us. Like the welcome message of this list instructs you to. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: I've inherited a botnet target
* brian : > organisation). The old domain points to this new server in order to > redirect web traffic. AFAIK, there were never any email addresses > used under the old domain. But, now I've set up postfix, I'm seeing > thousands of failed attempts to send to various fictitious DOMAIN.com > addresses. These are properly being blocked 554/relay access denied. Which domain is the old one, which is the new one? > myhostname = demeter.DOMAIN.org > mydomain = DOMAIN.org > myorigin = $mydomain > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost > relayhost = > mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 > smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination Shouldn'T you use at least ONE RBL? E.g.: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination reject_rbl_client zen.spamhaus.org -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: I've inherited a botnet target
* brian : > Correct. The SPAM problem is not directed at legitimate accounts > (yet). All of these rejections are for fictitious accounts under the > .com domain. I don't want to accept anything at all for that domain. > However, I must keep the domain pointed at this new server in order > to catch web traffic and redirect it. So set a fake MX record pointing to localhost -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: I've inherited a botnet target
* brian : > On 10-05-26 03:31 PM, Matt Hayes wrote: > > > >I wonder if using something like postscreen from the 2.8-snapshots would > >help to curtail some of the resource usage. > > > > Thanks, I'll check it out. However, I'd feel more optimistic about it > if it was named prescreen ;-) It's postfix, not prefix. But then -- postscreen is using an RBL... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: I've inherited a botnet target
* "Jan-Kaspar Münnich" : > In general RBLs work fine against these dictionary attacks. But in this > special case where not one address exists at the targeted domain, I > doubt that RBLs would decrease server load, since that would add one > more DNS lookup. I wouldn't see a big problem there, even thousands of > 554s normally don't stress Postfix too much. * One could also turn off postfix. * Or disable smtpd * Or (if there's a spare IP) point the mx to the spare IP and run smtp-sink there! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: I've inherited a botnet target
* Matt Hayes : > postscreen doesn't require you to use RBL's during its checks, Ah yes, the earlytalking and all. > however, you have the ability to do so. The nice thing about doing RBL > checks in postscreen is it stops connections from getting to the SMTPD, > thus reducing system load. That's how I'm using it here. It's amazing :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: I've inherited a botnet target
* LuKreme : > It's in 2.7 only, yes? I'm still running 2.6. It's in the snapshots > Just add: > > postscreen_dnsbl_sites zen.spamhous.org > > To a 2.7 config? No, you really have to read the README, since there are changes to master.cf as well! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: I've inherited a botnet target
* Nataraj : > How does rate limiting work in conjunction with postscreen? Just like without postscreen -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: illegal address syntax
* Jonathan Tripathy : > Hi Everyone, > > I'm currently in the middle of watching a customer's mail.log file. > He is trying to send an email to a lot of people at once (Something > like 5000), however the logs don't reflect this. Instead I'm seeing: > > May 27 10:32:41 server1 postfix/smtpd[8144]: connect from > office1.domain.local[10.86.1.101] > May 27 10:32:43 server1 postfix/smtpd[8144]: warning: Illegal address > syntax from office1.domain.local[10.86.1.101] in RCPT command: > > May 27 10:32:44 server1 postfix/smtpd[8144]: warning: Illegal address > syntax from office1.domain.local[10.86.1.101] in RCPT command: > > May 27 10:32:55 server1 postfix/smtpd[8144]: too many errors after > RCPT from office1.domain.local[10.86.1.101] > May 27 10:37:55 server1 postfix/smtpd[8144]: disconnect from > office1.domain.local[10.86.1.101] > > The above is happening over and over again (minute or so) with no > sign of the other emails being sent. Presumably, the client (Outlook > 2003) keeps retrying.. Korrekt. The mail never gets sent > As you can see, the client is trying to send an email to 2 email > address with a + in it, which postfix doesn't seem to like. Yes. > This may be the case, and may be ok, however my concern is that why > aren't I seeing any emails being sent to the other 4998 valid > addresses? Is there anything I can do to force postfix use those > addresses? too many errors after... raise the soft_error_limit and/or the hard_error_limit -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: illegal address syntax
* Jonathan Tripathy : > > >too many errors after... > > > >raise the soft_error_limit and/or the hard_error_limit > > > > Ah! So my postfix server has a limit then. Where can I put these > settings? In main.cf ? Yes, like almost all settings... smtpd_hard_error_limit = 1000 smtpd_soft_error_limit = 1000 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: illegal address syntax
* Jonathan Tripathy : > Even after removing those 2 address from the list, we are still > getting the "too many errors after RCPT from > office1.domain.local[10.86.1.101]" (Of course, the 2 email addresses > aren't mentioned anymore) And what's it complaining about now (BTW, that's why one uses mailing list manager like mailman!)? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postscreen DNSBL checks preferable over reject_client_rbl ?
* Jeroen Geilman : > Hi all, > > I upgraded recently to 2.7.0 and thought I'd take advantage of the > nice separation of duties that postscreen provides. > > It looks as if moving my RBLs to postscreen means they're no longer > needed in my *_restrictions - is there a scenario where this would > not be the case ? No. But you can still have OTHER RBLs in *_restrictions > Does postscreen also log any DNSBL hits ? Yes > I can't seem to find any so far. May 30 23:33:15 mail-ausfall postfix/dnsblog[31351]: addr 222.168.14.205 blocked by domain zen.spamhaus.org as 127.0.0.4 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Sender address rejected: Domain not found
* Robert Fitzpatrick : > I am getting a lot of these for various domains... > > Jun 2 07:21:08 esmtp postfix/smtpd[55535]: NOQUEUE: reject: RCPT > from mail.cypresspartners.com[72.242.211.227]: 450 4.1.8 > : Sender address > rejected: Domain not found; > from= > to= proto=ESMTP helo= > > I assume these are legitimate rejects since the helo domain is > cypresspartners.com and I did not find an A record for that domain. > Is that correct? No. $ host onlinealert.bankofamerica.com Host onlinealert.bankofamerica.com not found: 3(NXDOMAIN) $ host -t mx onlinealert.bankofamerica.com Host onlinealert.bankofamerica.com not found: 3(NXDOMAIN) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Sender address rejected: Domain not found
* Matt Hayes : > It appears that mail.cypresspartners.com is a postfix server which > appears, to me at least, to be sending out spam. http://www.robtex.com/ip/72.242.211.227.html#blacklists They should stick to trees, no servers. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Sender address rejected: Domain not found
* Robert Fitzpatrick : > Your message did not reach some or all of the intended recipients. > > Subject: LCM Summary > Sent: 6/2/2010 10:18 AM > > The following recipient(s) could not be reached: > > rob...@webtent.com on 6/2/2010 10:19 AM > You do not have permission to send to this recipient. For > assistance, contact your system administrator. >sscrive...@lcmgroup.com Not Authorized To Send Internet E-mail> I guess Exchange didn't like that and did reject the mail. Usually the error message contains info about "mailserver generating this message". If you don't see that sender on your postfix gateway, then I guess it's your internal exchange server. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
"Invalid size declaration"?
Today I found this double-bounce: - Forwarded message from Mail Delivery System - : host customer110.goolara.net[209.209.90.110] said: 552 Invalid size declaration. (in reply to MAIL FROM command) Reporting-MTA: dns; mail-ausfall.charite.de X-Postfix-Queue-ID: 568AE3DC96 X-Postfix-Sender: rfc822; mailer-dae...@mail-ausfall.charite.de Arrival-Date: Wed, 9 Jun 2010 23:05:13 +0200 (CEST) Final-Recipient: rfc822; bounce-25280...@customer110.goolara.net Action: failed Status: 5.0.0 Remote-MTA: dns; customer110.goolara.net Diagnostic-Code: smtp; 552 Invalid size declaration. --- snip --- I resent the bounce, added the destination to debug_peer_list, and alas: # tail --lines=1000 -f /var/log/mail.log|grep 209.209.90.110 Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: < customer110.goolara.net[209.209.90.110]:25: 220 app3, I'm listening! Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: > customer110.goolara.net[209.209.90.110]:25: EHLO mail-ausfall.charite.de Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: < customer110.goolara.net[209.209.90.110]:25: 250-hello mail-ausfall.charite.de [193.175.72.31:55008], pleased to communicate with you. Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: < customer110.goolara.net[209.209.90.110]:25: 250-8BITMIME Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: < customer110.goolara.net[209.209.90.110]:25: 250 SIZE 500 Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: maps_find: smtp_discard_ehlo_keyword_address_maps: 209.209.90.110: not found Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: > customer110.goolara.net[209.209.90.110]:25: MAIL FROM: SIZE=19091 BODY=8BITMIME Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: < customer110.goolara.net[209.209.90.110]:25: 552 Invalid size declaration. Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: send attr reason = host customer110.goolara.net[209.209.90.110] said: 552 Invalid size declaration. (in reply to MAIL FROM command) Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: A21B43DC04: to=, relay=customer110.goolara.net[209.209.90.110]:25, delay=0.74, delays=0.04/0/0.53/0.18, dsn=5.0.0, status=bounced (host customer110.goolara.net[209.209.90.110] said: 552 Invalid size declaration. (in reply to MAIL FROM command)) Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: > customer110.goolara.net[209.209.90.110]:25: RSET Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: < customer110.goolara.net[209.209.90.110]:25: 250 RSET performed. Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: > customer110.goolara.net[209.209.90.110]:25: QUIT I see no invalid size declaration. What's the problem?
Re: "Invalid size declaration"?
* Ralf Hildebrandt : > Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: > > customer110.goolara.net[209.209.90.110]:25: MAIL FROM: > SIZE=19091 BODY=8BITMIME > Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: < > customer110.goolara.net[209.209.90.110]:25: 552 Invalid size declaration. but: Jun 10 13:05:00 mail-ausfall postfix/smtp[10316]: > customer110.goolara.net[209.209.90.110]:25: MAIL FROM: SIZE=1011 Jun 10 13:05:00 mail-ausfall postfix/smtp[10316]: < customer110.goolara.net[209.209.90.110]:25: 250 Address accepted. H. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Spoofed freemail domains protection not working for postmaster
* Victor Duchovni : > On Thu, Jun 10, 2010 at 09:50:16AM -0400, Wietse Venema wrote: > > > If the postmaster address is excluded from spam checks then you > > may want to change the address_verify_sender setting. > > > > The current default is: > > address_verify_sender = $double_bounce_sender > > > > The older (problematic) default is > > address_verify_sender = postmaster > > > > The final ultimate fix is to make address_verify_sender time-dependent, > > so that it does not become a spam sink itself. > > Making it time-dependent address_verify_sender may somewhat compound > issues with grey-listing at the origin domain. It is useful to have a > value that is stable enough to not repeatedly be subjected to greylisting. Maybe if it changes once a week (configurable), but the idea is good. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
[OT] Detecting "telnet"?
I heard that there are firewalls/security appliances that supposedly can distinguish "somebody using telnet" from "a machine speaking SMTP". I must admit, it sounds feasible (timing between keystrokes etc.), but little useful. Anyway. Is there such a thing? Does anybody use such a thing? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [OT] Detecting "telnet"?
* Victor Duchovni : > > Anyway. Is there such a thing? Does anybody use such a thing? > > Why do you want to discriminate against "telnet 25"? What do i know? I don't do this nonsense :) 'm just asking > Administrators of sites that want to trouble-shoot connectivity issues > with your server will use "telnet 25" from time to time. There is no > need to block this, it is by far the least likely source of any > significant spam volume... Indeed. There are faster methods. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [OT] Detecting "telnet"?
* N. Yaakov Ziskind : > Kinda reminds me of the Donald Westlake story, which described a > fine-arts painter who took to counterfeiting $20s; the Secret Service > let him go with a slap on the wrist, they said, when they figured out > it him hours to produce each note. :-) Exactly my point. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix and Disclaimer
* Stefano Villa : > I've the task to implement a disclaimer for all mail. > What product can I use? Altermime -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
postscreen doesn't seem to work anymore
This is postfix-2.8-20100610 >From my log: mail:~# fgrep 79.15.172.144 /var/log/mail.log Jun 15 18:15:06 mail postfix/dnsblog[12235]: addr 79.15.172.144 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4 Jun 15 18:15:10 mail postfix/postscreen[14995]: DNSBL rank 1 for 79.15.172.144 So it seems to be listed! Jun 15 18:15:10 mail postfix/smtpd[4613]: connect from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] Jun 15 18:15:15 mail postgrey[2007]: action=greylist, reason=new, client_name=host144-172-static.15-79-b.business.telecomitalia.it, client_address=79.15.172.144, sender=back...@oshima-k.ac.jp, recipient=recipi...@charite.de HUH? it was allowed to connect??? Jun 15 18:15:18 mail postfix/smtpd[4613]: NOQUEUE: reject: RCPT from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144]: 450 4.2.0 : Client host rejected: Temporary error - please try again at a later time!; from= to= proto=SMTP helo= it was greylisted Jun 15 18:15:19 mail postfix/smtpd[4613]: disconnect from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] disconnect Jun 15 18:30:20 mail postfix/dnsblog[15154]: addr 79.15.172.144 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4 Jun 15 18:30:24 mail postfix/postscreen[14995]: DNSBL rank 1 for 79.15.172.144 again, blacklisted, 15 minutes later. Jun 15 18:30:24 mail postfix/smtpd[12815]: connect from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] Yet it was allow to pass? Jun 15 18:30:25 mail postgrey[2007]: whitelisted: host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] Jun 15 18:30:25 mail postgrey[2007]: action=pass, reason=triplet found, delay=910, client_name=host144-172-static.15-79-b.business.telecomitalia.it, client_address=79.15.172.144, sender=back...@oshima-k.ac.jp, recipient=recipi...@charite.de Jun 15 18:30:25 mail postfix/smtpd[12815]: NOQUEUE: client=host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] Jun 15 18:30:25 mail amavis[15181]: (15181-19) Checking: tP7FwLCrnqi7 [79.15.172.144] -> # postconf -n |grep screen postscreen_blacklist_action = drop postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net postscreen_greet_action = drop postscreen_whitelist_networks = 141.42.193.0/24, 141.42.202.0/24, 141.42.203.0/24, 141.42.204.0/24, 141.42.206.0/23, 141.42.250.0/24, 193.175.72.0/24, 193.175.74.0/24 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen doesn't seem to work anymore
* Ralf Hildebrandt : > Jun 15 18:30:20 mail postfix/dnsblog[15154]: addr 79.15.172.144 blocked by > domain mykey.zen.dq.spamhaus.net as 127.0.0.4 > Jun 15 18:30:24 mail postfix/postscreen[14995]: DNSBL rank 1 for 79.15.172.144 > > again, blacklisted, 15 minutes later. > > Jun 15 18:30:24 mail postfix/smtpd[12815]: connect from > host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] > Yet it was allow to pass? I used mykey.zen.dq.spamhaus.net with reject_rbl_client, and now I have the ultimate proof: % tail -f /var/log/mail.log|grep zen Jun 15 19:00:32 mail-ausfall postfix/dnsblog[18933]: addr 67.233.124.39 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.10 Jun 15 19:00:32 mail-ausfall postfix/dnsblog[18933]: addr 67.233.124.39 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4 Jun 15 19:00:37 mail-ausfall postfix/smtpd[21734]: NOQUEUE: reject: RCPT from va-67-233-124-39.dhcp.embarqhsd.net[67.233.124.39]: 554 5.7.1 Service unavailable; Client host [67.233.124.39] blocked using mykey.zen.dq.spamhaus.net; http://www.spamhaus.org/query/bl?ip=67.233.124.39 -- Contact postmas...@charite.de for whitelisting; from= to= proto=SMTP helo= -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen doesn't seem to work anymore
* Wietse Venema :
> More thoroughly, when I search for all IP addresses that show up
> in postscreen "DNSBL rank XXX" records:
>
> % egrep "`awk '/DNSBL rank/ { print $NF }' /var/log/maillog | sort -u`"
> /var/log/maillog | grep smtpd
If I try this, I'm getting:
-bash: /bin/egrep: Argument list too long
which is a bad sign
> % postconf -n | grep postscreen
> postscreen_dnsbl_action = drop
> postscreen_dnsbl_sites = zen.spamhaus.org
> postscreen_greet_action = drop
> postscreen_hangup_action = drop
> postscreen_pre_queue_limit = 100
# postconf -n | grep postscreen
postscreen_blacklist_action = drop <- ? blacklist ?
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net
postscreen_greet_action = drop
postscreen_whitelist_networks = 141.42.193.0/24, 141.42.202.0/24,
141.42.203.0/24, 141.42.204.0/24, 141.42.206.0/23, 141.42.250.0/24,
193.175.72.0/24, 193.175.74.0/24
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen doesn't seem to work anymore
* Ralf Hildebrandt : I think it was due to me using: postscreen_blacklist_action = drop and no postscreen_dnsbl_action at all. Once I set postscreen_dnsbl_action = drop it seems to work as intended. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
finding things postscreen rejects
Today I got this bounce from somebody whose mail had been rejected: : Protocol error: host mail.python.org[82.94.164.166] refused to talk to me: 220-mail.python.org ESMTP Postfix 521 5.7.1 Blocked by DNSBL It was quite hard finding this in my log, since the bounce from the french system only contained hostnames which would not resolve :( May I recommend that Postfix at least emits the IP in it's rejection message, e.g. like: 521 5.7.1 123.123.123.123 Blocked by DNSBL -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: finding things postscreen rejects
* Wietse Venema : > Ralf Hildebrandt: > > Today I got this bounce from somebody whose mail had been rejected: > > > > : Protocol error: host > > mail.python.org[82.94.164.166] refused to talk to me: > > 220-mail.python.org ESMTP Postfix 521 5.7.1 Blocked by DNSBL > > > > It was quite hard finding this in my log, since the bounce from the > > french system only contained hostnames which would not resolve :( > > > > May I recommend that Postfix at least emits the IP in it's rejection > > message, e.g. like: > > > > 521 5.7.1 123.123.123.123 Blocked by DNSBL > > That would be redundant because Postfix already logs: > > Jun 16 00:00:55 spike postfix/postscreen[78055]: DNSBL rank 1 for 115.174.34.7 If all I have is the bounce from some remote system (which, like I said, contains only bullshit hostnames), then I cannot find the IP from that bounce, since the bounce only contains the Postfix message: "521 5.7.1 Blocked by DNSBL" (no IP there) I was only able to find the rejection based on that sender OTHER / PRIOR use email before the incident. I then had a IP range (not even a single IP!) which I could grep for in the log. Admittedly, this only happened ONCE and for an obscure DNSBL which I then removed from the config. > I will update the logging once postscreen has a built-in smtp-sink > engine that can log the client, helo, sender and recipient. In that case it would be sufficient, yes. > Once that is in place postscreen can have weighted DNSBLs and simplified > greylisting, and by then it becomes viable for the stable release. Again, that would be really cool. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: finding things postscreen rejects
* Noel Jones :
> I believe Ralf's request is about the smtp rejection message sent to
> the remote client, not about postfix logging.
Yes.
> ie. the current reject response in postscreen.c around line 920 or
> so looks something like:
>
>if (dnsbl_action == PS_ACT_DROP) {
>smtp_reply(vstream_fileno(state->smtp_client_stream),
> state->smtp_client_addr, state->smtp_client_port,
> "521 5.7.1 Blocked by DNSBL\r\n");
> state->flags |= PS_FLAG_NOFORWARD;
> }
>
> Often complaints are reported by a remote customer forwarding the
> reject message by an alternate channel.
Exactly.
> It would be easier to track down customer complaints if the reject
> message contained "521 5.7.1 Client 192.0.2.1 Blocked by DNSBL"
That's exactly the form I'd like to see. It doesn't even have to
mention the DNSBL used. Just the IP!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: SQLite support in Postfix
* Patrick Ben Koetter : > > A "postmap" option to create an SQLite file would make sense. > > Do you mean creating an SQLite database from a flat file that, for example, > contains access rules mapping addresses to actions (r...@foo REJECT)? > > What if there were many files that wanted to be stored in a SQLite database? > Creating a database only for one table would be a waste of ressources, I > guess. It would make a great tool for a flat-file -> database migration: * Use flat files first * verify that "it works" * then convert into SQLite * verify that "it (still) works" * then convert into "real" Database It would actually help the user to use the path that has been recommended by Victor et.al. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Spooling mail Question
* Chris : > I am running postfix as a SMTP front-end to my Exchange 2007 system. > > When Exchange goes down, email is bounced back to the sender as undeliverable. Why? Show some logs for such a case > How can I setup postfix to 'spool' email until the backend SMTP server is > online? That's the default :) > I have enclosed my main.cf, master.cf, and transport configs (at least the > non-default ones). postconf -n is very much preferred. The config looks OK so far -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: A list in a file
* Phil Howard :
> Been trying to figure that out. I'm wanting to use CDB. But it
> wasn'tfile.out taking it. I guess what I need to do is give each domain a
> dummy value.
awk '{printf("%s OK\n",$1)}' file > file.out
postmap file.out
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: Mail discarded
* sasashop : > Hi, from a few days much incomings mails are blocked and in log file > I have always 'discarded, UBE': > > Jun 24 13:10:23 mail postfix/qmgr[445]: CB6FD26A1AF: > from=, size=49182, nrcpt=1 (queue active) > Jun 24 13:10:26 mail postfix/smtp[25251]: CB6FD26A1AF: > to=, orig_to=y...@mydomain.com, > relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=1.3/0/0.01/2.9, > dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=23600-10) > Jun 24 13:10:26 mail postfix/qmgr[445]: CB6FD26A1AF: removed > > but the domain 'email.it' (but I have this problem with much mail > domains) isn't in blacklist and this domain is certainly 'clean'. > My doubt is for what reason these mail are blocked ? > On my mail server I have SA-3.2.5 with postfix/amavisd-new/clamav. Check the logs amavis is generating Grep for 23600-10 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Mail discarded
* sasashop : > "Ralf Hildebrandt" wroted: > > > >Check the logs amavis is generating > >Grep for 23600-10 > > I have only log file '/var/log/mailllog' and in this log file I have, > about "23600-10" only this: > > [r...@mail ~]# grep 2360010 /var/log/maillog > Jun 24 13:10:26 mail postfix/smtp[25251]: CB6FD26A1AF: > to=, orig_to=, > relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=1.3/0/0.01/2.9, > dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=23600-10) Well, for the future you have to ramp up the loglevel for amavisd -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: header_checks REJECT
* David Hill : > soft_bounce = yes turn it off -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Mail blocked if not HTML
* James R. Marcus : > Sorry I didn't post them before I was just trying to do a sanity check. Here > they are: > > --- > Postfix Logs > --- > Jun 23 16:48:10 relay0 postfix/smtp[30504]: 5ED4F114BBC: > to=mailto:sa...@2co.com>>, > relay=mail.2co.com[64.128.185.221]:25, delay=0.98, > delays=0.01/0.01/0.33/0.62, dsn=4.4.2, status=deferred (lost connection with > mail.2co.com[64.128.185.221] while sending end of data -- message may > Jun 23 18:02:08 relay0 postfix/smtp[1638]: 5ED4F114BBC: enabling PIX > . workaround for mail.2co.com[64.128.185.221]:25 > Jun 23 18:02:18 relay0 postfix/smtp[1638]: 5ED4F114BBC: > to=mailto:sa...@2co.com>>, > relay=mail.2co.com[64.128.185.221]:25, delay=4449, delays=4438/0.03/0.34/10, > dsn=4.4.2, status=deferred (lost connection with mail.2co.com[64.128.185.221] > while sending end of data -- message may be > Jun 23 19:25:27 relay0 postfix/smtp[3204]: 5ED4F114BBC: enabling PIX > . workaround for mail.2co.com[64.128.185.221]:25 > Jun 23 19:25:37 relay0 postfix/smtp[3204]: 5ED4F114BBC: > to=mailto:sa...@2co.com>>, > relay=mail.2co.com[64.128.185.221]:25, delay=9448, delays=9438/0.02/0.08/10, > dsn=4.4.2, status=deferred (lost connection with mail.2co.com[64.128.185.221] > while sending end of data -- message may be > Jun 23 22:12:08 relay0 postfix/smtp[6277]: 5ED4F114BBC: enabling PIX > . workaround for mail.2co.com[64.128.185.221]:25 > Jun 23 22:12:18 relay0 postfix/smtp[6277]: 5ED4F114BBC: > to=mailto:sa...@2co.com>>, > relay=mail.2co.com[64.128.185.221]:25, delay=19449, > delays=19438/0.09/0.22/10, dsn=4.4.2, status=deferred (lost connection with > mail.2co.com[64.128.185.221] while sending end of data -- message may b Is the CISCO PIX in your organization? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Mail blocked if not HTML
* Matt Hayes : > ASA: > > config t > no inspect smtp Amen to that! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Greylisting & SMTP auth
* Hendrik Pahl : > Hi folks, > > we're having some trouble with greylisting (postgrey) and smtp auth. > > smtp_recipient_restrictions looks like: It's smtpd_recipient_restrictions > permit_sasl_authenticated, permit_mynetworks, > reject_unauth_destination, warn_if_reject, > reject_unknown_sender_domain, warn_if_reject, > reject_invalid_hostname, > warn_if_reject, reject_non_fqdn_sender, > warn_if_reject, reject_non_fqdn_recipient, > warn_if_reject, reject_rbl_client > ix.dnsbl.manitu.net, > check_policy_service inet:127.0.0.1:10030 > > Now, when a client authenticates the mail is greylisted No, it's not. permit_sasl_authenticated returns OK in that case, and no other restriction fires. Maybe you have more restrictions? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: asking ARP for an internal IP 169.254.140.241
* "Stéphane MERLE" : > Hi, > > My ISP (ovh) is complaining about my postfix servers doing wrong ARP > demand, do you have any idea of what can cause this in my postfix > configuration ? I'd think that's more because of the OS or failover. Postfix is several layers above that. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Error between two postfix "Command not recognized", RCPT is cut in two words
* Thomas POINDESSOUS : > > Hi, > > > I have a problem between one of my postfix and a zimbra server (postfix > server). > > > sometime (one mail every three days), I got this error : > 502 5.5.2 Error: command not recognized (in reply to RCPT TO command) > > > I did a tcpdump to understand why I got this error and I found that one of > the "RCPT TO:" command is cut in two packets. > First packet finished by "RC" and second packet began by "PT TO:". And the > server doesn't understand this command. Is there a firewall between the two? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Error between two postfix "Command not recognized", RCPT is cut in two words
* poindessous...@foncia.fr : > Yes, I think this is a cisco asa 5550, with a special filter which protects > "smtp server". > > Do you think I should ask to disable it ? Yes. It causes nothing but grief :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: a separate instance for handle bounce only
* Joe Wong : > Hello, > > I am looking for a way to configure a 2nd postfix instance for > handle mail bounce only. Is it possible? 2nd instance on the same machine? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: a separate instance for handle bounce only
* Joe Wong : > Yes, on the same machine. > > The reason I want to do this is I have sender_dependent_relay_host map > defined, it didn't work with null email sender "<>". I want to > forward all by bounce to another host for some processing first, so > have the idea of creating this 'bounce' postfix instance. Any thought? Simply set the envelope sender to a domain/hostname which ends up on the other host. That's it. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: How to prevent retrying delivery of invalid addresses
* James R. Marcus : > Hi, > We send email to new users and frequently they give us false addresses > or the address gets entered incorrectly. One example would be instead > of aol.com the address gets entered as aol.cm. Yes, it happens. > I would like to bounce invalid addresses quickly instead of retrying > them for days on end. All you can do in these cases is to add transport_maps entries for those: aol.cm error:User typoed aol.com > Its my understanding yahoo.com, hotmail.com etc change our domain's > Sender Score based on retrying non existent addresses i.e. usernames. It never reaches those, it goes elsewhere. Because of the typo. > I figured this might be a common scenario and read the FAQ on Kyle > Dent's site. I don't want to bounce emails that have been deferred. But it has been deferred, just like you write "instead of retrying them for days on end." aka "deferred! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Reason for blocked access?
* Joern Bredereck : > Hi, > > how can I tell why the following mail has been rejected: > > Jul 14 08:48:58 zarafa-xen postfix/smtpd[26113]: NOQUEUE: reject: RCPT > from ns.gbc.net[212.97.96.201]: 554 5.7.1 : > Client host rejected: Access denied; from= > to= proto=ESMTP helo= > > "client host rejected" would require for the host to be in a > "check_client_access" table, right? Hostname or IP or net or domain, yes. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: TLS not being advertised or not running?
* Theodore Durst : > I think I have a configuration issue, but it looks like a strange one > on this end. Before going line by line, I thought I would throw this out > to the list. > > I am attempting to set up postfix (send only) with TLS support. TLS was > compiled in and postfix does run, it does send mail in the clear. > However, we need it to send via TLS. I am wondering if there is a line > in main.cf that tells postfix to advertis/offer TLS authentication that > is not set. Is there a command to ask postfix if TLS is running? postconf -n -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Different disclaimaer for each domain???
* Adrian P. van Bloois : > Hi, > Can I automagically attach a different disclaimer for each domain? > if so, how? Are there different options? Which program is appending the single disclaimer now? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: info about "From:" address without domain
* Stefano Villa : > Hi to all! > I've a environmetn with two postfix server, with relaying scope. > > If I send an email without domain: > > 220 * > helo test > 250 relay2.A.com > mail from:test > 250 2.1.0 Ok > > it will arrive with the domain suffix A appended. local_header_rewrite_clients = -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: proxymap(8), number of connections, detecting altered tables
* Stefan Foerster : > While I agree that it is totally obvious that table are re-read as > soon as a new proxymap(8) process is spawned, on a resonably busy > system, this won't happen too often. So getting a definitive answer on > that one would still be helpful. Has this been answered? It also affects me, so I'd like to know :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Better spam filter for postfix
* Josh Cason : > As most of you guys know. I use mailscanner. I would like > recomendations of what else to use. I prefer a all in one package > like what mailscanner does. It also utilizes clamav and spamassion. So does amavisd-new -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Rewrite non FQDN Domains
* "Körner, Uwe" : > Hi all > > i've been looking for a solution to rewrite a non FQDN to a valid > domain with postfix. my users are writing mails to +123...@sms and it > should be rewriten to +123...@sms.provider.tld. append_dot_mydomain = yes mydomain = provider.tld which is the default, BTW. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Different disclaimaer for each domain???
* Adrian P. van Bloois : > > > Can I automagically attach a different disclaimer for each domain? > > > if so, how? Are there different options? > > > > Which program is appending the single disclaimer now? > None at al. :-) Well, you can use altermime to add disclaimers, either directly (see my book) or from within amavisd-new -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Different disclaimaer for each domain???
* Aravind Divakaran : > $SENDMAIL "$@" http://www.charite.de
Is such an SSL attack possible against Postfix?
http://blog.fefe.de/?ts=b2b8f9f8 sorry, it's in german. I'll translate some bits: Sombody went to Torrent trackers and announced blog.fefe.de:443 as Torrent client (for a really popular download I guess). Thus, blog.fefe.de:443 got flooded with torrent-client traffic on the SSL port. Port 25 outgoing will be blocked by most ISPs, but let's assume that's not done by all IPS. It would work with the submission port! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Is such an SSL attack possible against Postfix?
* Ansgar Wiechers : > The issue with this attack is that it might exhaust CPU resources on the > server without having to saturate the bandwidth, due to cryptographic > operations required by SSL. Correct. > And that it seems to use BitTorrent as a multiplicator, so it doesn't > require a botnet. It brings it's own botnet :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: OT: ISP Blocking of port 25
* Rod Dorman : > Have we gone far enough off the topic of Postfix yet for this thread to > be declared dead? Yes, especially since this was about SSL attacks. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Feature request: postsuper release but don't delete (cloning?)
* Wietse Venema : > Patrick Ben Koetter: > > I can put a mail on HOLD and release it later with the postsuper command. > > That's great for debugging purposes, but only if I need to send the message > > just once. > > > > Would it be possible to expand the postsuper command with an optional > > command > > line parameter that releases the message, but does not delete it from the > > hold > > queue, so someone who needs to debug can resend it as many times as required > > until I decide to ditch it? > > Postfix queue files should not have multiple hard links. > > Consider using RSYNC to COPY the file from the hold queue to the > incoming queue, using the same file name. Once it's there, will it take the same path as the initial mail (on HOLD) would have taken? > With the current Postfix queue implementation this is guaranteed not to > cause a file name collision as long as the file in the HOLD queue keeps > the same (device, inode) numbers. That's ok. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Feature request: postsuper release but don't delete (cloning?)
* Victor Duchovni : > Note, if rsync propagates file permissions before it copies file contents, > an incomplete queue file could be picked up by the queue manager before > it is completely written. So it is safer to rsync outside "incoming" > (in the same file-system) and then rename into "incoming". Good point. rsycn it some place else, the mv it atomically. > The above said, rsync also uses temporary file-names while creating files, Yes. > and uses rename to finalize the file copy only once the contents are > all there, so Wietse's suggestion will likely work, provided rsync's > temp file names don't look like Postfix queue-ids (the queue manager > incoming directory scans skip filenames that don't look like queue-ids). > > The code in question is src/global/mail_queue.c:mail_queue_id_ok() > which skips any filenames that are not alphanumeric (with '_'). > > So provided rsync's temp names include some other chars (I think > it uses ".tempname" to keep temp files "out of view" while they > are being created) there is no need for the intermediate copy... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Mixed Setup
* Michael Orlitzky : > >I'll repeat myself. .local is not a reserved suffix. nor is > >.localdomain, despite what linuxers seem to believe. using such domains > >is a hijack. you are telling the IETF: we decided to use these suffixes > >and you cannot use them anymore. This is unacceptable. chose your camp... > > I know we're getting off-topic, but this has bothered me in the past. > What is the alternative here? As far as I know, there are no > "correct" reserved domains. Is one bad choice worse than another? .invalid -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: dnswl doesn't work?
* Chris St Denis : > I've setup a dns whitelist from dnswl.org as per the instructions > here: http://www.dnswl.org/tech#postfix > > However I've discovered it doesn't work, because I rejected an email > coming from a gmail server that got itself blacklisted by sorbs, but > it is on the whitelist. > > Why is this not working? Wrong filename >smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, > reject_invalid_hostname, > reject_unknown_recipient_domain, > reject_unauth_destination, > reject_invalid_helo_hostname, > reject_non_fqdn_helo_hostname, >*check_client_access cidr:/usr/local/etc/postfix/postfix-dnswl-permit,* cidr:/usr/local/etc/postfix/postfix-dnswl-permit > server# grep -C 5 '74.125.82.180' /usr/local/etc/postfix/postfix-permit /usr/local/etc/postfix/postfix-permit -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: On the subject of "errors from unknown ..."
* Peter Evans : > I would like to direct all mail from places with no reverse dns into > a big bit-bucket. Obviously something like 95% of those mails would be > going to a bogus address. reject_unknown_reverse_client_hostname > Would: > > header_checks = regexp:/etc/postfix/unknown_catcher Why header_checks? > /^Received: unknown/ > REDIRECT bitbuc...@domain.com > > > Be the most effective way to catch these? I have a sneaking feeling it > would trip up on multiple Received: lines as legitimate mail comes out > of corpulent networks. These headers may also be inserted by other systems. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Header information missing
* Alex : > >> Some non-spam messages have Received headers, but they are always > >> internal non-routable addresses. The majority of the messages have no > >> Received headers at all. > ... > > Check your header_checks file for IGNORE rules. > > Ah, thanks very much. I should have known to check for something like that. > > Why would someone add something like this? > > /^(R|r)eceived:.*in.*$/ IGNORE > /^(M|m)essage-(I|i)d:.*in.*$/ IGNORE Because he/she doesn't know regexp Shorter: /^Received:.*in/ /^Message-Id:.*in/ This is SUPPOSED to throw away Received: and Message-Id: Headers containing "in". Of course it's utterly suboptimal and probably even incorrectly implemented. > ritten to the message, what use does this have? Strip any > non-internal headers for privacy, perhaps? Yes. Lousy job. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: smtpd_delay_reject = yes & Reject Logging
* junkyardma...@verizon.net : > When using the "smtpd_delay_reject = yes" option, all log messages indicate > RCPT stage rejection. e.g. "... NOQUEUE: reject: RCPT from ..."; regardless > of which type of restriction an option is listed under. > > For instance a rejection based on the following will indicate RCPT rather > than CONNECT as it would if delay reject was not used. > > smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org > > > > Is it possible to have Postfix log with the proper indication of where the > restriction is list rather the stage at which it is actually check and > carried out? So restriction listed in the "smtpd_client_restrictions" > section would indicate CONNECT, and restrictions listed in > "smtpd_helo_restrictions" section would indicate HELO, > "smtpd_sender_restrictions" indicate FROM, "smtpd_recipient_restrictions" > indicate RCPT, and so forth. Yes, set smtpd_delay_reject = no -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: smtpd_delay_reject = yes & Reject Logging
* junkyardma...@verizon.net : > Yes it does cause a problem. > It does not indicate the stage the rejection is associated with > (CONNECT, HELO, FROM, RCPT, etc.). The rejection always happens at the RCPT TO stage in those cases. Thus it's called "smtpd_delay_reject". Back in the dawn of Postfix I had this problem that a mailserver would not accept a arejection at a prior stage. Thus it came back over and over again. To be rejected over and over again. Thus smtpd_delay_reject had been introduced, delaying the reject to the RCPT TO: stage NOT MATTER what would have caused the rejection at an earlier stage. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: smtpd_delay_reject = yes & Reject Logging
* Michael Orlitzky : > I think he just wants to know which smtpd restrictions list contains > the rule that caused the rejection. Could be. > An almost-answer: each reject_foo rule has a certain log format > which, once learned, will give you a pretty good idea about the rule > that caused the rejection. Yes indeed. > You still have to look up which restrictions list contains that rule, > though. Yes, there could be different check_sender_access rules - even without smtpd_delay_reject it would be hard to see WHICH ONE fired. They way I do this is to look at the log and play through the restrictions in my head (does it come from mynetwork? no! Next restriction etc.) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: smtpd_delay_reject = yes & Reject Logging
* junkyardma...@verizon.net : > "I think he just wants to know which smtpd restrictions list contains > the rule that caused the rejection." > > Correct. Like I said, even with smtpd_delay_reject = no this is not given. > >An almost-answer: each reject_foo rule has a certain log format > >which, once learned, will give you a pretty good idea about the > >rule that caused the rejection. You still have to look up which > >restrictions list contains that rule, though. Best and only answer, really -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: compile Postfix in static linking
* damian lee : > Thank you for your answer Sahil. > > In fact I don't fully understand the problem. > Do you mean I have to have a "*static* libdb library" inorder to compile my > Postfix in static linking? Of course. Otherwise this lib would have non-static dependencies. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: smtpd_delay_reject = yes & Reject Logging
* Stan Hoeppner : > Michael Orlitzky put forth on 8/10/2010 4:02 PM: > > > I think he just wants to know which smtpd restrictions list contains the > > rule that caused the rejection. > > This is relatively easy to accomplish with custom rejection messages. Simply > insert a unique symbol at the beginning of each rejection message text string > which identifies the rejection stage. This of course would require a separate > access table for each "check_client_access" statement, which can create future > table management headaches to the point it may not be worth the effort. Yes, this only works for check_*_access. Stuff like e.g. reject_unknown_sender_domain have predefined rejection messages, so... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: question about Postfix and DNS (maybe not for this list)
* Christopher Adams : > I noticed on our firewall that there were constant connections from the > machine running Postfix to addresses all over the world. What kind of connections? Which port? > The interesting thing is that the connection is using OpenDNS > [208.67.216.132], a public DNS server. Which connection? > I do not use OpenDNS in my /etc/resolv.conf file (I have 2 other > nameservers listed) Local nameservers or remote nameservers? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Filter "deleted without being read" messages
* Denis BUCHER : > Dear all, > > Due to bugs in Microsoft Outlook sending "your message was deleted > without being read" even when this function is disabled, I need to > filter these messages in postfix. > > The problem is how to be sure to filter only these messages ? > > 1. It will be very slow if I filter the *body* of all messages on > "was deleted without being read on " or "Disposition: > automatic-action/MDN-sent-automatically; deleted" ? No, since postfix doesn't scan all the body > Content-Type: multipart/report; > boundary="_=_NextPart_001_01C9C7DF.11F1ACA6"; > report-type=disposition-notification > > But how to specify this in postfix ? And if it is not necessary, is > there a way to say "if this header is present then check the body" ? via header_checks -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: compile Postfix in static linking
* damian lee : > My compiling platform is an old FC5 with full install > I have found a /usr/lib/libdb-4.3.a file it should be the static linked > version of libdb. Yes, I would think so > so I made a link "ln -s libdb-4.3.a libdb.a " makes me successful pass my > last problem. > but something new com up. > > I got a lot of errors like > > /usr/lib/gcc/i386-redhat-linux/4.1.0/../../../libdb.a(mut_pthread.o): In > function `__db_pthread_mutex_destroy': undefined reference to > `pthread_mutex_destroy' > > It seems my static linked version of libdb doesn't work. > > Any suggestions? Do you need libdb? Maybe just using CBD will suffice? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Speed up queue injection
* Ram : > We have a requirement to send some research analysis mails as quickly as > possible. > > > > Everyday after the data is available my app generates the mails in eml > format in a directory. What is eml format? > Currently I have a perl script that makes parallel smtp connections on > localhost and sends the mails. This sounds good! > Should I send the mails on command line. No, using the postfix sendmail binary is actually slower. > There are currently around 50k mails to be delivered ideally within > 5-10 mins. How fast are you now? 50.000/10min = 5.000/min = 83/s = that's a lot 50.000/50min = 10.000/min = 186/s = that's even more -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: reject_rbl_client
* Vasya Pupkin : > Hello. > > I wonder, how postfix handles multiple entries like this: > > reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2, > reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.4, > > Will it try to lookup address every time, No > or it is smart and will use previous lookup result to compare with next > address? Indeed. And that's actually documented -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: reject_rbl_client
* Ralf Hildebrandt : > Indeed. And that's actually documented http://www.postfix.org/STRESS_README.html Although the above example shows three RBL lookups (lines 4-6), Postfix will only do a single DNS query, so it does not affect the performance. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Speed up queue injection
* Ram : > Mail in plain text format , mime encoded message OK! > Currenlty I get 40/s - 45/s That sounds normal. Any filtering (in these cases you should inject in a way that bypasses and filters) > But I want it to be atleast 100/s Two machineS? relay boxes > Delivery is not at all an issue , because postfix gives it to further > relay boxes which are under our control again. Why not inject to the further relay boxes? > Do I need to increase the hardware It could be :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: /usr/lib/postfix/smtp: bad command startup -- throttling
* J4 : > Dear knowledgeable ones, > > I have just installed postfix and have some teething problems. This > message keeps being displayed: > > Aug 13 15:41:20 p2aa-app046 postfix/master[4555]: warning: process > /usr/lib/postfix/smtp pid 5394 exit status 1 > Aug 13 15:41:20 p2aa-app046 postfix/master[4555]: warning: > /usr/lib/postfix/smtp: bad command startup -- throttling And Prior to that? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: /usr/lib/postfix/smtp: bad command startup -- throttling
* J4 : > Aug 13 16:20:07 pp24-app046 postfix/cleanup[6184]: warning: database > /etc/postfix/virtual.db is older than source file /etc/postfix/virtual > Aug 13 16:20:07 pp24-app046 postfix/trivial-rewrite[6185]: warning: > database /etc/postfix/virtual.db is older than source file > /etc/postfix/virtual Fix that. Maybe there was a change in BerkeleyDB versions... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: /usr/lib/postfix/smtp: bad command startup -- throttling
* J4 : > On 08/13/2010 04:24 PM, Ralf Hildebrandt wrote: > > * J4 : > > > > > >> Aug 13 16:20:07 pp24-app046 postfix/cleanup[6184]: warning: database > >> /etc/postfix/virtual.db is older than source file /etc/postfix/virtual > >> Aug 13 16:20:07 pp24-app046 postfix/trivial-rewrite[6185]: warning: > >> database /etc/postfix/virtual.db is older than source file > >> /etc/postfix/virtual > >> > > Fix that. Maybe there was a change in BerkeleyDB versions... > > > > > I tried but it does not seem to want to: > # postalias -r -d btree virtual > postalias: warning: database virtual.db is older than source file virtual postmap !!! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Resource allocation issue
* Alex : > Hi, > > I'm running an older version of postfix and a 2.6.35 Linux kernel, and > recently started seeing these messages: > > Aug 14 19:52:01 smtp01 postfix/postsuper[2634]: fatal: setuid(103): > Resource temporarily unavailable Anything in dmesg? apparmour? SELinux? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: blocking brand new domains
* p...@alt-ctrl-del.org : > I find that a lot of spam comes from recently registered, throw away > domains. The new domain may be used as the sender, hostname, or name > server. > > Are there any rbl type lists that block fresh domains, for the first > 10-15 days of their existence? I'd like to know that as well. There used to be the "day old bread" BL. > -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: blocking brand new domains
* p...@alt-ctrl-del.org : > I find that a lot of spam comes from recently registered, throw away > domains. The new domain may be used as the sender, hostname, or name > server. > > Are there any rbl type lists that block fresh domains, for the first > 10-15 days of their existence? http://www.mail-archive.com/us...@spamassassin.apache.org/msg57008.html Dunno if Marc is still active -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: blocking brand new domains
> >http://www.mail-archive.com/us...@spamassassin.apache.org/msg57008.html > >Dunno if Marc is still active > > > > Yes, the "hostkarma" lists are active, IMO best used in SA because > they mix whitelist with blacklist using different return codes. reject_dnsbl_client hostkarma.junkemailfilter.com=127.0.0.6 should work for that particular purpose. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: DNS Whitelisting
* Wietse Venema : > Noel Jones: > > As I see it, there are two complementary paths we can take > > with DNS whitelists, each with a slightly different purpose. > > While these are both useful, neither depends on the other, so > > postfix can implement either or both. > > I'll read the entire proposal later. > > Would this notation work: > > dnswl1.example.com=127.0.0.2*weight1, dnswl2.example.com=127.0.0.1*weight2 > dnsbl3.example.com=127.0.0.3*weight3, dnsbl4.example.com=127.0.0.1*weight4 weightn can be negative? > Do we want to allow mixing DNSWLs and DNSBLs in one list? Probably, with positiv and negative weights? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: version of sendmail vacation for postfix
* Daniel Prieto : > So what is the alternative to vacation for Postfix? Huh? Why alternative? The "normal" vacation works just fine. Just read the manpage, there are options to answer to every mail etc. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Verification failed error
* Aniruddha : > Hi, > > Most of my mails are delivered and send without problems. However > some domains reject e-mails with the error message below. What can I > do to fix this? Is this a DNS error? Or a postfix config problem? > Thanks in advance! > > <>: host mxb.mail.widexs.nl[213.206.122.196] said: > 550-Verification failed for 550-It appears that > the DNS operator for redmijncomputer.nl 550-has installed an invalid MX > record with an IP address 550-instead of a domain name on the right hand > side. 550 Sender verify failed (in reply to RCPT TO command) $ host -t mx redmijncomputer.nl redmijncomputer.nl mail is handled by 10 95.97.73.154. It should be mail.redmijncomputer.nl instead of 95.97.73.154 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Verification failed error
* Aniruddha : > On Thu, Sep 2, 2010 at 9:58 AM, Ralf Hildebrandt > wrote: > > > $ host -t mx redmijncomputer.nl > > redmijncomputer.nl mail is handled by 10 95.97.73.154. > > > > It should be mail.redmijncomputer.nl instead of 95.97.73.154 > > -- > Thank you for your quick reply. I'll ask my hosting company to fix > this. This means that my configuration is ok and that this problem is > a DNS error? I consider a DNS error to be a configuration error. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postfix/smtpd: warning: verification failed
* Boris Dimitrov : > Hi group , > my question is what this error means , and where in config i can get rid > of it. In general I dont want to restrict senders with this option. So don't do it then > Sep 2 11:05:35 digital postfix/smtpd[32536]: warning: 92.242.99.142: > hostname sputniknet-1-mt.donbass.com verification failed: No address > associated with hostname $ host 92.242.99.142 142.99.242.92.in-addr.arpa domain name pointer sputniknet-1-mt.donbass.com. but: $ host sputniknet-1-mt.donbass.com Host sputniknet-1-mt.donbass.com not found: 3(NXDOMAIN) Beat the DNS admin for donbass.com with a large stick. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen bug ?
* fdo...@network-steps.com : > close database /var/lib/postfix/ps_cache.db: No such file or directory I'm also seeing this, but only very sporadically: Aug 20 08:49:23 mail-ausfall postfix/postscreen[15615]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 20 16:05:43 mail-ausfall postfix/postscreen[28112]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 20 20:54:47 mail-ausfall postfix/postscreen[5827]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 22 00:00:02 mail-ausfall postfix/postscreen[17856]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 23 08:36:09 mail-ausfall postfix/postscreen[4931]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 24 07:37:55 mail-ausfall postfix/postscreen[21289]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 25 08:37:49 mail-ausfall postfix/postscreen[2421]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 25 16:58:53 mail-ausfall postfix/postscreen[30306]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 26 06:59:48 mail-ausfall postfix/postscreen[21834]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 26 09:09:57 mail-ausfall postfix/postscreen[30604]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 26 15:37:12 mail-ausfall postfix/postscreen[2631]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 27 11:09:09 mail-ausfall postfix/postscreen[20718]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 27 16:29:04 mail-ausfall postfix/postscreen[22487]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 28 15:11:20 mail-ausfall postfix/postscreen[2247]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 28 15:17:49 mail-ausfall postfix/postscreen[726]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 29 00:00:03 mail-ausfall postfix/postscreen[6613]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 30 08:21:55 mail-ausfall postfix/postscreen[15896]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 31 08:12:58 mail-ausfall postfix/postscreen[3321]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 31 08:43:35 mail-ausfall postfix/postscreen[22243]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 31 09:19:09 mail-ausfall postfix/postscreen[32409]: close database /var/lib/postfix/ps_cache.db: No such file or directory -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen bug ?
* Wietse Venema : > That is a Berkeley DB mis-feature. > Newer Postfix snapshots ignore that error. I'm still seeing it with postfix-2.8-20100830: Sep 1 05:14:38 mail postfix/postscreen[17745]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 1 09:49:00 mail postfix/postscreen[25684]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 2 08:26:28 mail postfix/postscreen[2276]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 3 11:46:48 mail postfix/postscreen[19027]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 3 15:01:25 mail postfix/postscreen[14512]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 4 11:46:25 mail postfix/postscreen[29647]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 4 14:50:02 mail postfix/postscreen[25263]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 4 14:50:21 mail postfix/postscreen[27086]: close database /var/lib/postfix/ps_cache.db: No such file or directory -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
