Re: Sender address rejected: Domain not found
* Robert Fitzpatrick li...@webtent.net: Your message did not reach some or all of the intended recipients. Subject: LCM Summary Sent: 6/2/2010 10:18 AM The following recipient(s) could not be reached: rob...@webtent.com on 6/2/2010 10:19 AM You do not have permission to send to this recipient. For assistance, contact your system administrator. crprdnbrd10.bankofamerica.com #5.7.1 smtp;550 5.7.1 sscrive...@lcmgroup.com Not Authorized To Send Internet E-mail I guess Exchange didn't like that and did reject the mail. Usually the error message contains info about mailserver generating this message. If you don't see that sender on your postfix gateway, then I guess it's your internal exchange server. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Invalid size declaration?
Today I found this double-bounce: - Forwarded message from Mail Delivery System mailer-dae...@charite.de - bounce-25280...@customer110.goolara.net: host customer110.goolara.net[209.209.90.110] said: 552 Invalid size declaration. (in reply to MAIL FROM command) Reporting-MTA: dns; mail-ausfall.charite.de X-Postfix-Queue-ID: 568AE3DC96 X-Postfix-Sender: rfc822; mailer-dae...@mail-ausfall.charite.de Arrival-Date: Wed, 9 Jun 2010 23:05:13 +0200 (CEST) Final-Recipient: rfc822; bounce-25280...@customer110.goolara.net Action: failed Status: 5.0.0 Remote-MTA: dns; customer110.goolara.net Diagnostic-Code: smtp; 552 Invalid size declaration. --- snip --- I resent the bounce, added the destination to debug_peer_list, and alas: # tail --lines=1000 -f /var/log/mail.log|grep 209.209.90.110 Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: customer110.goolara.net[209.209.90.110]:25: 220 app3, I'm listening! Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: customer110.goolara.net[209.209.90.110]:25: EHLO mail-ausfall.charite.de Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: customer110.goolara.net[209.209.90.110]:25: 250-hello mail-ausfall.charite.de [193.175.72.31:55008], pleased to communicate with you. Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: customer110.goolara.net[209.209.90.110]:25: 250-8BITMIME Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: customer110.goolara.net[209.209.90.110]:25: 250 SIZE 500 Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: maps_find: smtp_discard_ehlo_keyword_address_maps: 209.209.90.110: not found Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: customer110.goolara.net[209.209.90.110]:25: MAIL FROM:hil...@charite.de SIZE=19091 BODY=8BITMIME Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: customer110.goolara.net[209.209.90.110]:25: 552 Invalid size declaration. Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: send attr reason = host customer110.goolara.net[209.209.90.110] said: 552 Invalid size declaration. (in reply to MAIL FROM command) Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: A21B43DC04: to=bounce-25280...@customer110.goolara.net, relay=customer110.goolara.net[209.209.90.110]:25, delay=0.74, delays=0.04/0/0.53/0.18, dsn=5.0.0, status=bounced (host customer110.goolara.net[209.209.90.110] said: 552 Invalid size declaration. (in reply to MAIL FROM command)) Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: customer110.goolara.net[209.209.90.110]:25: RSET Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: customer110.goolara.net[209.209.90.110]:25: 250 RSET performed. Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: customer110.goolara.net[209.209.90.110]:25: QUIT I see no invalid size declaration. What's the problem?
Re: Invalid size declaration?
* Ralf Hildebrandt ralf.hildebra...@charite.de: Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: customer110.goolara.net[209.209.90.110]:25: MAIL FROM:hil...@charite.de SIZE=19091 BODY=8BITMIME Jun 10 13:00:04 mail-ausfall postfix/smtp[7597]: customer110.goolara.net[209.209.90.110]:25: 552 Invalid size declaration. but: Jun 10 13:05:00 mail-ausfall postfix/smtp[10316]: customer110.goolara.net[209.209.90.110]:25: MAIL FROM:hil...@charite.de SIZE=1011 Jun 10 13:05:00 mail-ausfall postfix/smtp[10316]: customer110.goolara.net[209.209.90.110]:25: 250 Address accepted. H. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
[OT] Detecting telnet?
I heard that there are firewalls/security appliances that supposedly can distinguish somebody using telnet from a machine speaking SMTP. I must admit, it sounds feasible (timing between keystrokes etc.), but little useful. Anyway. Is there such a thing? Does anybody use such a thing? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [OT] Detecting telnet?
* Victor Duchovni victor.ducho...@morganstanley.com: Anyway. Is there such a thing? Does anybody use such a thing? Why do you want to discriminate against telnet 25? What do i know? I don't do this nonsense :) 'm just asking Administrators of sites that want to trouble-shoot connectivity issues with your server will use telnet 25 from time to time. There is no need to block this, it is by far the least likely source of any significant spam volume... Indeed. There are faster methods. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [OT] Detecting telnet?
* N. Yaakov Ziskind aw...@ziskind.us: Kinda reminds me of the Donald Westlake story, which described a fine-arts painter who took to counterfeiting $20s; the Secret Service let him go with a slap on the wrist, they said, when they figured out it him hours to produce each note. :-) Exactly my point. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix and Disclaimer
* Stefano Villa st...@pobox.com: I've the task to implement a disclaimer for all mail. What product can I use? Altermime -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen doesn't seem to work anymore
* Ralf Hildebrandt ralf.hildebra...@charite.de: Jun 15 18:30:20 mail postfix/dnsblog[15154]: addr 79.15.172.144 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4 Jun 15 18:30:24 mail postfix/postscreen[14995]: DNSBL rank 1 for 79.15.172.144 again, blacklisted, 15 minutes later. Jun 15 18:30:24 mail postfix/smtpd[12815]: connect from host144-172-static.15-79-b.business.telecomitalia.it[79.15.172.144] Yet it was allow to pass? I used mykey.zen.dq.spamhaus.net with reject_rbl_client, and now I have the ultimate proof: % tail -f /var/log/mail.log|grep zen Jun 15 19:00:32 mail-ausfall postfix/dnsblog[18933]: addr 67.233.124.39 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.10 Jun 15 19:00:32 mail-ausfall postfix/dnsblog[18933]: addr 67.233.124.39 blocked by domain mykey.zen.dq.spamhaus.net as 127.0.0.4 Jun 15 19:00:37 mail-ausfall postfix/smtpd[21734]: NOQUEUE: reject: RCPT from va-67-233-124-39.dhcp.embarqhsd.net[67.233.124.39]: 554 5.7.1 Service unavailable; Client host [67.233.124.39] blocked using mykey.zen.dq.spamhaus.net; http://www.spamhaus.org/query/bl?ip=67.233.124.39 -- Contact postmas...@charite.de for whitelisting; from=sen...@aberystwyth-online.co.uk to=recipi...@charite.de proto=SMTP helo=aberystwyth-online.co.uk -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen doesn't seem to work anymore
* Ralf Hildebrandt ralf.hildebra...@charite.de: I think it was due to me using: postscreen_blacklist_action = drop and no postscreen_dnsbl_action at all. Once I set postscreen_dnsbl_action = drop it seems to work as intended. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
finding things postscreen rejects
Today I got this bounce from somebody whose mail had been rejected: catalog-...@python.org: Protocol error: host mail.python.org[82.94.164.166] refused to talk to me: 220-mail.python.org ESMTP Postfix 521 5.7.1 Blocked by DNSBL It was quite hard finding this in my log, since the bounce from the french system only contained hostnames which would not resolve :( May I recommend that Postfix at least emits the IP in it's rejection message, e.g. like: 521 5.7.1 123.123.123.123 Blocked by DNSBL -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: finding things postscreen rejects
* Wietse Venema wie...@porcupine.org: Ralf Hildebrandt: Today I got this bounce from somebody whose mail had been rejected: catalog-...@python.org: Protocol error: host mail.python.org[82.94.164.166] refused to talk to me: 220-mail.python.org ESMTP Postfix 521 5.7.1 Blocked by DNSBL It was quite hard finding this in my log, since the bounce from the french system only contained hostnames which would not resolve :( May I recommend that Postfix at least emits the IP in it's rejection message, e.g. like: 521 5.7.1 123.123.123.123 Blocked by DNSBL That would be redundant because Postfix already logs: Jun 16 00:00:55 spike postfix/postscreen[78055]: DNSBL rank 1 for 115.174.34.7 If all I have is the bounce from some remote system (which, like I said, contains only bullshit hostnames), then I cannot find the IP from that bounce, since the bounce only contains the Postfix message: 521 5.7.1 Blocked by DNSBL (no IP there) I was only able to find the rejection based on that sender OTHER / PRIOR use email before the incident. I then had a IP range (not even a single IP!) which I could grep for in the log. Admittedly, this only happened ONCE and for an obscure DNSBL which I then removed from the config. I will update the logging once postscreen has a built-in smtp-sink engine that can log the client, helo, sender and recipient. In that case it would be sufficient, yes. Once that is in place postscreen can have weighted DNSBLs and simplified greylisting, and by then it becomes viable for the stable release. Again, that would be really cool. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: finding things postscreen rejects
* Noel Jones njo...@megan.vbhcs.org: I believe Ralf's request is about the smtp rejection message sent to the remote client, not about postfix logging. Yes. ie. the current reject response in postscreen.c around line 920 or so looks something like: if (dnsbl_action == PS_ACT_DROP) { smtp_reply(vstream_fileno(state-smtp_client_stream), state-smtp_client_addr, state-smtp_client_port, 521 5.7.1 Blocked by DNSBL\r\n); state-flags |= PS_FLAG_NOFORWARD; } Often complaints are reported by a remote customer forwarding the reject message by an alternate channel. Exactly. It would be easier to track down customer complaints if the reject message contained 521 5.7.1 Client 192.0.2.1 Blocked by DNSBL That's exactly the form I'd like to see. It doesn't even have to mention the DNSBL used. Just the IP! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: SQLite support in Postfix
* Patrick Ben Koetter p...@state-of-mind.de: A postmap option to create an SQLite file would make sense. Do you mean creating an SQLite database from a flat file that, for example, contains access rules mapping addresses to actions (r...@foo REJECT)? What if there were many files that wanted to be stored in a SQLite database? Creating a database only for one table would be a waste of ressources, I guess. It would make a great tool for a flat-file - database migration: * Use flat files first * verify that it works * then convert into SQLite * verify that it (still) works * then convert into real Database It would actually help the user to use the path that has been recommended by Victor et.al. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Spooling mail Question
* Chris kingpinofdi...@yahoo.com: I am running postfix as a SMTP front-end to my Exchange 2007 system. When Exchange goes down, email is bounced back to the sender as undeliverable. Why? Show some logs for such a case How can I setup postfix to 'spool' email until the backend SMTP server is online? That's the default :) I have enclosed my main.cf, master.cf, and transport configs (at least the non-default ones). postconf -n is very much preferred. The config looks OK so far -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: A list in a file
* Phil Howard ttip...@gmail.com: Been trying to figure that out. I'm wanting to use CDB. But it wasn'tfile.out taking it. I guess what I need to do is give each domain a dummy value. awk '{printf(%s OK\n,$1)}' file file.out postmap file.out -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Mail discarded
* sasashop s...@shoponweb.it: Hi, from a few days much incomings mails are blocked and in log file I have always 'discarded, UBE': Jun 24 13:10:23 mail postfix/qmgr[445]: CB6FD26A1AF: from=x...@email.it, size=49182, nrcpt=1 (queue active) Jun 24 13:10:26 mail postfix/smtp[25251]: CB6FD26A1AF: to=y...@mail.mydomain.com, orig_to=y...@mydomain.com, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=1.3/0/0.01/2.9, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=23600-10) Jun 24 13:10:26 mail postfix/qmgr[445]: CB6FD26A1AF: removed but the domain 'email.it' (but I have this problem with much mail domains) isn't in blacklist and this domain is certainly 'clean'. My doubt is for what reason these mail are blocked ? On my mail server I have SA-3.2.5 with postfix/amavisd-new/clamav. Check the logs amavis is generating Grep for 23600-10 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Mail discarded
* sasashop s...@shoponweb.it: Ralf Hildebrandt wroted: Check the logs amavis is generating Grep for 23600-10 I have only log file '/var/log/mailllog' and in this log file I have, about 23600-10 only this: [r...@mail ~]# grep 2360010 /var/log/maillog Jun 24 13:10:26 mail postfix/smtp[25251]: CB6FD26A1AF: to=y...@mail.mydomain.com, orig_to=y...@mydomain.com, relay=127.0.0.1[127.0.0.1]:10024, delay=4.2, delays=1.3/0/0.01/2.9, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=23600-10) Well, for the future you have to ramp up the loglevel for amavisd -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: header_checks REJECT
* David Hill dh...@mindcry.org: soft_bounce = yes turn it off -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Mail blocked if not HTML
* James R. Marcus jmar...@edhance.com: Sorry I didn't post them before I was just trying to do a sanity check. Here they are: --- Postfix Logs --- Jun 23 16:48:10 relay0 postfix/smtp[30504]: 5ED4F114BBC: to=sa...@2co.commailto:sa...@2co.com, relay=mail.2co.com[64.128.185.221]:25, delay=0.98, delays=0.01/0.01/0.33/0.62, dsn=4.4.2, status=deferred (lost connection with mail.2co.com[64.128.185.221] while sending end of data -- message may Jun 23 18:02:08 relay0 postfix/smtp[1638]: 5ED4F114BBC: enabling PIX CRLF.CRLF workaround for mail.2co.com[64.128.185.221]:25 Jun 23 18:02:18 relay0 postfix/smtp[1638]: 5ED4F114BBC: to=sa...@2co.commailto:sa...@2co.com, relay=mail.2co.com[64.128.185.221]:25, delay=4449, delays=4438/0.03/0.34/10, dsn=4.4.2, status=deferred (lost connection with mail.2co.com[64.128.185.221] while sending end of data -- message may be Jun 23 19:25:27 relay0 postfix/smtp[3204]: 5ED4F114BBC: enabling PIX CRLF.CRLF workaround for mail.2co.com[64.128.185.221]:25 Jun 23 19:25:37 relay0 postfix/smtp[3204]: 5ED4F114BBC: to=sa...@2co.commailto:sa...@2co.com, relay=mail.2co.com[64.128.185.221]:25, delay=9448, delays=9438/0.02/0.08/10, dsn=4.4.2, status=deferred (lost connection with mail.2co.com[64.128.185.221] while sending end of data -- message may be Jun 23 22:12:08 relay0 postfix/smtp[6277]: 5ED4F114BBC: enabling PIX CRLF.CRLF workaround for mail.2co.com[64.128.185.221]:25 Jun 23 22:12:18 relay0 postfix/smtp[6277]: 5ED4F114BBC: to=sa...@2co.commailto:sa...@2co.com, relay=mail.2co.com[64.128.185.221]:25, delay=19449, delays=19438/0.09/0.22/10, dsn=4.4.2, status=deferred (lost connection with mail.2co.com[64.128.185.221] while sending end of data -- message may b Is the CISCO PIX in your organization? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Mail blocked if not HTML
* Matt Hayes domin...@slackadelic.com: ASA: config t no inspect smtp Amen to that! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Greylisting SMTP auth
* Hendrik Pahl p...@team-datentechnik.de: Hi folks, we're having some trouble with greylisting (postgrey) and smtp auth. smtp_recipient_restrictions looks like: It's smtpd_recipient_restrictions permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, warn_if_reject, reject_unknown_sender_domain, warn_if_reject, reject_invalid_hostname, warn_if_reject, reject_non_fqdn_sender, warn_if_reject, reject_non_fqdn_recipient, warn_if_reject, reject_rbl_client ix.dnsbl.manitu.net, check_policy_service inet:127.0.0.1:10030 Now, when a client authenticates the mail is greylisted No, it's not. permit_sasl_authenticated returns OK in that case, and no other restriction fires. Maybe you have more restrictions? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Error between two postfix Command not recognized, RCPT is cut in two words
* Thomas POINDESSOUS poindessous...@foncia.fr: Hi, I have a problem between one of my postfix and a zimbra server (postfix server). sometime (one mail every three days), I got this error : 502 5.5.2 Error: command not recognized (in reply to RCPT TO command) I did a tcpdump to understand why I got this error and I found that one of the RCPT TO: command is cut in two packets. First packet finished by RC and second packet began by PT TO:. And the server doesn't understand this command. Is there a firewall between the two? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Error between two postfix Command not recognized, RCPT is cut in two words
* poindessous...@foncia.fr poindessous...@foncia.fr: Yes, I think this is a cisco asa 5550, with a special filter which protects smtp server. Do you think I should ask to disable it ? Yes. It causes nothing but grief :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: a separate instance for handle bounce only
* Joe Wong joewon...@gmail.com: Hello, I am looking for a way to configure a 2nd postfix instance for handle mail bounce only. Is it possible? 2nd instance on the same machine? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: a separate instance for handle bounce only
* Joe Wong joewon...@gmail.com: Yes, on the same machine. The reason I want to do this is I have sender_dependent_relay_host map defined, it didn't work with null email sender . I want to forward all by bounce to another host for some processing first, so have the idea of creating this 'bounce' postfix instance. Any thought? Simply set the envelope sender to a domain/hostname which ends up on the other host. That's it. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: How to prevent retrying delivery of invalid addresses
* James R. Marcus jmar...@edhance.com: Hi, We send email to new users and frequently they give us false addresses or the address gets entered incorrectly. One example would be instead of aol.com the address gets entered as aol.cm. Yes, it happens. I would like to bounce invalid addresses quickly instead of retrying them for days on end. All you can do in these cases is to add transport_maps entries for those: aol.cm error:User typoed aol.com Its my understanding yahoo.com, hotmail.com etc change our domain's Sender Score based on retrying non existent addresses i.e. usernames. It never reaches those, it goes elsewhere. Because of the typo. I figured this might be a common scenario and read the FAQ on Kyle Dent's site. I don't want to bounce emails that have been deferred. But it has been deferred, just like you write instead of retrying them for days on end. aka deferred! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Reason for blocked access?
* Joern Bredereck j...@bw-networx.net: Hi, how can I tell why the following mail has been rejected: Jul 14 08:48:58 zarafa-xen postfix/smtpd[26113]: NOQUEUE: reject: RCPT from ns.gbc.net[212.97.96.201]: 554 5.7.1 ns.gbc.net[212.97.96.201]: Client host rejected: Access denied; from=joerg.hal...@flaig-hommel.de to=m.b...@otec.de proto=ESMTP helo=mail.gbc.net client host rejected would require for the host to be in a check_client_access table, right? Hostname or IP or net or domain, yes. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: TLS not being advertised or not running?
* Theodore Durst tdu...@durstmedia.com: I think I have a configuration issue, but it looks like a strange one on this end. Before going line by line, I thought I would throw this out to the list. I am attempting to set up postfix (send only) with TLS support. TLS was compiled in and postfix does run, it does send mail in the clear. However, we need it to send via TLS. I am wondering if there is a line in main.cf that tells postfix to advertis/offer TLS authentication that is not set. Is there a command to ask postfix if TLS is running? postconf -n -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Different disclaimaer for each domain???
* Adrian P. van Bloois adr...@accu.uu.nl: Hi, Can I automagically attach a different disclaimer for each domain? if so, how? Are there different options? Which program is appending the single disclaimer now? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: info about From: address without domain
* Stefano Villa st...@pobox.com: Hi to all! I've a environmetn with two postfix server, with relaying scope. If I send an email without domain: 220 * helo test 250 relay2.A.com mail from:test 250 2.1.0 Ok it will arrive with the domain suffix A appended. local_header_rewrite_clients = -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: proxymap(8), number of connections, detecting altered tables
* Stefan Foerster cite+postfix-us...@incertum.net: While I agree that it is totally obvious that table are re-read as soon as a new proxymap(8) process is spawned, on a resonably busy system, this won't happen too often. So getting a definitive answer on that one would still be helpful. Has this been answered? It also affects me, so I'd like to know :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Rewrite non FQDN Domains
* Körner, Uwe uwe.koer...@t-systems.ch: Hi all i've been looking for a solution to rewrite a non FQDN to a valid domain with postfix. my users are writing mails to +123...@sms and it should be rewriten to +123...@sms.provider.tld. append_dot_mydomain = yes mydomain = provider.tld which is the default, BTW. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Different disclaimaer for each domain???
* Aravind Divakaran aravind.divaka...@yukthi.com: $SENDMAIL $@ in.$$ That must be $SENDMAIL -i $@ in.$$ -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Is such an SSL attack possible against Postfix?
http://blog.fefe.de/?ts=b2b8f9f8 sorry, it's in german. I'll translate some bits: Sombody went to Torrent trackers and announced blog.fefe.de:443 as Torrent client (for a really popular download I guess). Thus, blog.fefe.de:443 got flooded with torrent-client traffic on the SSL port. Port 25 outgoing will be blocked by most ISPs, but let's assume that's not done by all IPS. It would work with the submission port! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: OT: ISP Blocking of port 25
* Rod Dorman r...@polylogics.com: Have we gone far enough off the topic of Postfix yet for this thread to be declared dead? Yes, especially since this was about SSL attacks. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Feature request: postsuper release but don't delete (cloning?)
* Wietse Venema wie...@porcupine.org: Patrick Ben Koetter: I can put a mail on HOLD and release it later with the postsuper command. That's great for debugging purposes, but only if I need to send the message just once. Would it be possible to expand the postsuper command with an optional command line parameter that releases the message, but does not delete it from the hold queue, so someone who needs to debug can resend it as many times as required until I decide to ditch it? Postfix queue files should not have multiple hard links. Consider using RSYNC to COPY the file from the hold queue to the incoming queue, using the same file name. Once it's there, will it take the same path as the initial mail (on HOLD) would have taken? With the current Postfix queue implementation this is guaranteed not to cause a file name collision as long as the file in the HOLD queue keeps the same (device, inode) numbers. That's ok. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Mixed Setup
* Michael Orlitzky mich...@orlitzky.com: I'll repeat myself. .local is not a reserved suffix. nor is .localdomain, despite what linuxers seem to believe. using such domains is a hijack. you are telling the IETF: we decided to use these suffixes and you cannot use them anymore. This is unacceptable. chose your camp... I know we're getting off-topic, but this has bothered me in the past. What is the alternative here? As far as I know, there are no correct reserved domains. Is one bad choice worse than another? .invalid -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: dnswl doesn't work?
* Chris St Denis ch...@smartt.com: I've setup a dns whitelist from dnswl.org as per the instructions here: http://www.dnswl.org/tech#postfix However I've discovered it doesn't work, because I rejected an email coming from a gmail server that got itself blacklisted by sorbs, but it is on the whitelist. Why is this not working? Wrong filename smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, *check_client_access cidr:/usr/local/etc/postfix/postfix-dnswl-permit,* cidr:/usr/local/etc/postfix/postfix-dnswl-permit server# grep -C 5 '74.125.82.180' /usr/local/etc/postfix/postfix-permit /usr/local/etc/postfix/postfix-permit -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: On the subject of errors from unknown ...
* Peter Evans pe...@ixp.jp: I would like to direct all mail from places with no reverse dns into a big bit-bucket. Obviously something like 95% of those mails would be going to a bogus address. reject_unknown_reverse_client_hostname Would: header_checks = regexp:/etc/postfix/unknown_catcher Why header_checks? /^Received: unknown/ REDIRECT bitbuc...@domain.com Be the most effective way to catch these? I have a sneaking feeling it would trip up on multiple Received: lines as legitimate mail comes out of corpulent networks. These headers may also be inserted by other systems. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Header information missing
* Alex mysqlstud...@gmail.com: Some non-spam messages have Received headers, but they are always internal non-routable addresses. The majority of the messages have no Received headers at all. ... Check your header_checks file for IGNORE rules. Ah, thanks very much. I should have known to check for something like that. Why would someone add something like this? /^(R|r)eceived:.*in.*$/ IGNORE /^(M|m)essage-(I|i)d:.*in.*$/ IGNORE Because he/she doesn't know regexp Shorter: /^Received:.*in/ /^Message-Id:.*in/ This is SUPPOSED to throw away Received: and Message-Id: Headers containing in. Of course it's utterly suboptimal and probably even incorrectly implemented. ritten to the message, what use does this have? Strip any non-internal headers for privacy, perhaps? Yes. Lousy job. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: smtpd_delay_reject = yes Reject Logging
* junkyardma...@verizon.net junkyardma...@verizon.net: When using the smtpd_delay_reject = yes option, all log messages indicate RCPT stage rejection. e.g. ... NOQUEUE: reject: RCPT from ...; regardless of which type of restriction an option is listed under. For instance a rejection based on the following will indicate RCPT rather than CONNECT as it would if delay reject was not used. smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org Is it possible to have Postfix log with the proper indication of where the restriction is list rather the stage at which it is actually check and carried out? So restriction listed in the smtpd_client_restrictions section would indicate CONNECT, and restrictions listed in smtpd_helo_restrictions section would indicate HELO, smtpd_sender_restrictions indicate FROM, smtpd_recipient_restrictions indicate RCPT, and so forth. Yes, set smtpd_delay_reject = no -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: smtpd_delay_reject = yes Reject Logging
* junkyardma...@verizon.net junkyardma...@verizon.net: Yes it does cause a problem. It does not indicate the stage the rejection is associated with (CONNECT, HELO, FROM, RCPT, etc.). The rejection always happens at the RCPT TO stage in those cases. Thus it's called smtpd_delay_reject. Back in the dawn of Postfix I had this problem that a mailserver would not accept a arejection at a prior stage. Thus it came back over and over again. To be rejected over and over again. Thus smtpd_delay_reject had been introduced, delaying the reject to the RCPT TO: stage NOT MATTER what would have caused the rejection at an earlier stage. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: question about Postfix and DNS (maybe not for this list)
* Christopher Adams adam...@gmail.com: I noticed on our firewall that there were constant connections from the machine running Postfix to addresses all over the world. What kind of connections? Which port? The interesting thing is that the connection is using OpenDNS [208.67.216.132], a public DNS server. Which connection? I do not use OpenDNS in my /etc/resolv.conf file (I have 2 other nameservers listed) Local nameservers or remote nameservers? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Filter deleted without being read messages
* Denis BUCHER dbuche...@hsolutions.ch: Dear all, Due to bugs in Microsoft Outlook sending your message was deleted without being read even when this function is disabled, I need to filter these messages in postfix. The problem is how to be sure to filter only these messages ? 1. It will be very slow if I filter the *body* of all messages on was deleted without being read on or Disposition: automatic-action/MDN-sent-automatically; deleted ? No, since postfix doesn't scan all the body Content-Type: multipart/report; boundary=_=_NextPart_001_01C9C7DF.11F1ACA6; report-type=disposition-notification But how to specify this in postfix ? And if it is not necessary, is there a way to say if this header is present then check the body ? via header_checks -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Speed up queue injection
* Ram r...@netcore.co.in: We have a requirement to send some research analysis mails as quickly as possible. Everyday after the data is available my app generates the mails in eml format in a directory. What is eml format? Currently I have a perl script that makes parallel smtp connections on localhost and sends the mails. This sounds good! Should I send the mails on command line. No, using the postfix sendmail binary is actually slower. There are currently around 50k mails to be delivered ideally within 5-10 mins. How fast are you now? 50.000/10min = 5.000/min = 83/s = that's a lot 50.000/50min = 10.000/min = 186/s = that's even more -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: reject_rbl_client
* Vasya Pupkin postfix-l...@bsrealm.net: Hello. I wonder, how postfix handles multiple entries like this: reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2, reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.4, Will it try to lookup address every time, No or it is smart and will use previous lookup result to compare with next address? Indeed. And that's actually documented -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: reject_rbl_client
* Ralf Hildebrandt ralf.hildebra...@charite.de: Indeed. And that's actually documented http://www.postfix.org/STRESS_README.html Although the above example shows three RBL lookups (lines 4-6), Postfix will only do a single DNS query, so it does not affect the performance. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Speed up queue injection
* Ram r...@netcore.co.in: Mail in plain text format , mime encoded message OK! Currenlty I get 40/s - 45/s That sounds normal. Any filtering (in these cases you should inject in a way that bypasses and filters) But I want it to be atleast 100/s Two machineS? relay boxes Delivery is not at all an issue , because postfix gives it to further relay boxes which are under our control again. Why not inject to the further relay boxes? Do I need to increase the hardware It could be :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: /usr/lib/postfix/smtp: bad command startup -- throttling
* J4 ju...@klunky.co.uk: Dear knowledgeable ones, I have just installed postfix and have some teething problems. This message keeps being displayed: Aug 13 15:41:20 p2aa-app046 postfix/master[4555]: warning: process /usr/lib/postfix/smtp pid 5394 exit status 1 Aug 13 15:41:20 p2aa-app046 postfix/master[4555]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling And Prior to that? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: /usr/lib/postfix/smtp: bad command startup -- throttling
* J4 ju...@klunky.co.uk: Aug 13 16:20:07 pp24-app046 postfix/cleanup[6184]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual Aug 13 16:20:07 pp24-app046 postfix/trivial-rewrite[6185]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual Fix that. Maybe there was a change in BerkeleyDB versions... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: /usr/lib/postfix/smtp: bad command startup -- throttling
* J4 ju...@klunky.co.uk: On 08/13/2010 04:24 PM, Ralf Hildebrandt wrote: * J4 ju...@klunky.co.uk: Aug 13 16:20:07 pp24-app046 postfix/cleanup[6184]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual Aug 13 16:20:07 pp24-app046 postfix/trivial-rewrite[6185]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual Fix that. Maybe there was a change in BerkeleyDB versions... I tried but it does not seem to want to: # postalias -r -d btree virtual postalias: warning: database virtual.db is older than source file virtual postmap !!! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: blocking brand new domains
* p...@alt-ctrl-del.org p...@alt-ctrl-del.org: I find that a lot of spam comes from recently registered, throw away domains. The new domain may be used as the sender, hostname, or name server. Are there any rbl type lists that block fresh domains, for the first 10-15 days of their existence? I'd like to know that as well. There used to be the day old bread BL. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: blocking brand new domains
* p...@alt-ctrl-del.org p...@alt-ctrl-del.org: I find that a lot of spam comes from recently registered, throw away domains. The new domain may be used as the sender, hostname, or name server. Are there any rbl type lists that block fresh domains, for the first 10-15 days of their existence? http://www.mail-archive.com/us...@spamassassin.apache.org/msg57008.html Dunno if Marc is still active -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: blocking brand new domains
http://www.mail-archive.com/us...@spamassassin.apache.org/msg57008.html Dunno if Marc is still active Yes, the hostkarma lists are active, IMO best used in SA because they mix whitelist with blacklist using different return codes. reject_dnsbl_client hostkarma.junkemailfilter.com=127.0.0.6 should work for that particular purpose. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: DNS Whitelisting
* Wietse Venema wie...@porcupine.org: Noel Jones: As I see it, there are two complementary paths we can take with DNS whitelists, each with a slightly different purpose. While these are both useful, neither depends on the other, so postfix can implement either or both. I'll read the entire proposal later. Would this notation work: dnswl1.example.com=127.0.0.2*weight1, dnswl2.example.com=127.0.0.1*weight2 dnsbl3.example.com=127.0.0.3*weight3, dnsbl4.example.com=127.0.0.1*weight4 weightn can be negative? Do we want to allow mixing DNSWLs and DNSBLs in one list? Probably, with positiv and negative weights? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Verification failed error
* Aniruddha mailingdotl...@gmail.com: Hi, Most of my mails are delivered and send without problems. However some domains reject e-mails with the error message below. What can I do to fix this? Is this a DNS error? Or a postfix config problem? Thanks in advance! : host mxb.mail.widexs.nl[213.206.122.196] said: 550-Verification failed for i...@redmijncomputer.nl 550-It appears that the DNS operator for redmijncomputer.nl 550-has installed an invalid MX record with an IP address 550-instead of a domain name on the right hand side. 550 Sender verify failed (in reply to RCPT TO command) $ host -t mx redmijncomputer.nl redmijncomputer.nl mail is handled by 10 95.97.73.154. It should be mail.redmijncomputer.nl instead of 95.97.73.154 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Verification failed error
* Aniruddha mailingdotl...@gmail.com: On Thu, Sep 2, 2010 at 9:58 AM, Ralf Hildebrandt ralf.hildebra...@charite.de wrote: $ host -t mx redmijncomputer.nl redmijncomputer.nl mail is handled by 10 95.97.73.154. It should be mail.redmijncomputer.nl instead of 95.97.73.154 -- Thank you for your quick reply. I'll ask my hosting company to fix this. This means that my configuration is ok and that this problem is a DNS error? I consider a DNS error to be a configuration error. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postfix/smtpd: warning: verification failed
* Boris Dimitrov b...@playtime.bg: Hi group , my question is what this error means , and where in config i can get rid of it. In general I dont want to restrict senders with this option. So don't do it then Sep 2 11:05:35 digital postfix/smtpd[32536]: warning: 92.242.99.142: hostname sputniknet-1-mt.donbass.com verification failed: No address associated with hostname $ host 92.242.99.142 142.99.242.92.in-addr.arpa domain name pointer sputniknet-1-mt.donbass.com. but: $ host sputniknet-1-mt.donbass.com Host sputniknet-1-mt.donbass.com not found: 3(NXDOMAIN) Beat the DNS admin for donbass.com with a large stick. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen bug ?
* fdo...@network-steps.com fdo...@network-steps.com: close database /var/lib/postfix/ps_cache.db: No such file or directory I'm also seeing this, but only very sporadically: Aug 20 08:49:23 mail-ausfall postfix/postscreen[15615]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 20 16:05:43 mail-ausfall postfix/postscreen[28112]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 20 20:54:47 mail-ausfall postfix/postscreen[5827]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 22 00:00:02 mail-ausfall postfix/postscreen[17856]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 23 08:36:09 mail-ausfall postfix/postscreen[4931]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 24 07:37:55 mail-ausfall postfix/postscreen[21289]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 25 08:37:49 mail-ausfall postfix/postscreen[2421]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 25 16:58:53 mail-ausfall postfix/postscreen[30306]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 26 06:59:48 mail-ausfall postfix/postscreen[21834]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 26 09:09:57 mail-ausfall postfix/postscreen[30604]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 26 15:37:12 mail-ausfall postfix/postscreen[2631]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 27 11:09:09 mail-ausfall postfix/postscreen[20718]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 27 16:29:04 mail-ausfall postfix/postscreen[22487]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 28 15:11:20 mail-ausfall postfix/postscreen[2247]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 28 15:17:49 mail-ausfall postfix/postscreen[726]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 29 00:00:03 mail-ausfall postfix/postscreen[6613]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 30 08:21:55 mail-ausfall postfix/postscreen[15896]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 31 08:12:58 mail-ausfall postfix/postscreen[3321]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 31 08:43:35 mail-ausfall postfix/postscreen[22243]: close database /var/lib/postfix/ps_cache.db: No such file or directory Aug 31 09:19:09 mail-ausfall postfix/postscreen[32409]: close database /var/lib/postfix/ps_cache.db: No such file or directory -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen bug ?
* Wietse Venema wie...@porcupine.org: That is a Berkeley DB mis-feature. Newer Postfix snapshots ignore that error. I'm still seeing it with postfix-2.8-20100830: Sep 1 05:14:38 mail postfix/postscreen[17745]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 1 09:49:00 mail postfix/postscreen[25684]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 2 08:26:28 mail postfix/postscreen[2276]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 3 11:46:48 mail postfix/postscreen[19027]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 3 15:01:25 mail postfix/postscreen[14512]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 4 11:46:25 mail postfix/postscreen[29647]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 4 14:50:02 mail postfix/postscreen[25263]: close database /var/lib/postfix/ps_cache.db: No such file or directory Sep 4 14:50:21 mail postfix/postscreen[27086]: close database /var/lib/postfix/ps_cache.db: No such file or directory -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen bug ?
As expected. Notice that this message is informational, not a warning or an error: /* * With some Berkeley DB implementations, close fails with a bogus ENOENT * error, while it reports no errors with put+sync, no errors with * del+sync, and no errors with the sync operation just before this * comment. This happens in programs that never fork and that never share * the database with other processes. The bogus close error has been * reported for programs that use the first/next iterator. Instead of * making Postfix look bad because it reports errors that other programs * ignore, I'm going to report the bogus error as a non-error. */ if (DICT_DB_CLOSE(dict_db-db) 0) msg_info(close database %s: %m, dict_db-dict.name); Not reporting the anomaly at all may mask real problems in the future. Hm, so isn't that a bug in BerkeleyDB then - and should be reported? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Maximum number of delivery of emails
* Victor Duchovni victor.ducho...@morganstanley.com: On Tue, Sep 07, 2010 at 01:50:30PM +0530, Avinash Pawar // Viva wrote: I want to send 1 Lacs emails per hour. Most readers of this (international) list do not know that 1 lac is 100,000. This usage is largely confined to India. Ah! I'm reading Sacred games and they talk about Lakhs of Rupees all the time. It's 100k. Ah! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Limit RCPT TO in Postfix
* Claudio Prono claudio.pr...@atpss.net: Ok, this is right, but is also an information leak... with rcpt to i can enumerate the local users of the system, and for me this is not too good... No way to fix this? Turn off SMTP :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Aggregating/rate-limiting emails
* Yang Zhang yanghates...@gmail.com: Are there any extensions to Postfix that can aggregate multiple outgoing emails into a single email within some time window? Not that I'm aware of. You're thinking of something like a mailing-list digest? We're developing an application that runs on multiple hosts and emails notifications to us (the developers @gmail.com) whenever something goes wrong, via a postfix server. However, we've run into issues where the application spews hundreds of such errors in rapid succession, leading Gmail to bounce our messages. This is why we're interested first and foremost throttling messages, That's easy: either via a policy server OR you use something like smtp_destination_rate_delay = 10s (one mail very 10s) but ideally also aggregating messages together into a periodic digest that is emitted at most once per minute. Any other (low-effort) solution ideas would be appreciated as well. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Local mailserver
* dky hax dky...@gmail.com: Hello guys, I have to configure postfix as mail server locally. After setting up I tried to send mail via telnet only that are not received. The log please? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Local mailserver
* dky hax dky...@gmail.com: This is a part of mail.info: a) turn off verbose logging b) The first line indicates that an email had been delivered locally mail postfix/local[16258]: 51C903E15E: to=t...@test.it, orig_to= t...@test.it, relay=local, delay=9.6, delays=9.5/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to maildir) mail postfix/qmgr[16247]: 51C903E15E: removed mail postfix/smtpd[16253]: localhost[127.0.0.1]: quit mail postfix/smtpd[16253]: localhost[127.0.0.1]: 221 2.0.0 Bye mail postfix/smtpd[16253]: match_hostname: localhost ~? 192.168.1.0/24 mail postfix/smtpd[16253]: match_hostaddr: 127.0.0.1 ~? 192.168.1.0/24 mail postfix/smtpd[16253]: disconnect from localhost[127.0.0.1] mail postfix/smtpd[16253]: master_notify: status 1 mail postfix/smtpd[16253]: connection closed mail postfix/smtpd[16253]: auto_clnt_close: disconnect private/tlsmgr stream mail postfix/smtpd[16253]: rewrite stream disconnect mail postfix/smtpd[16253]: proxymap stream disconnect mail postfix/smtpd[16253]: idle timeout -- exiting -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Local mailserver
* dky hax dky...@gmail.com: Ok, but the mail isn't arrived. t...@mail:~$ mail No mail for test mail doesn't read maildirs -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: error sending/receiving mail
* Christopher Adams adam...@gmail.com: Hello all, I have a server with Postfix and it is not processing mail. I have set up some aliases in /etc/postfix/aliases and after updating them, I run postalias /etc/postfix/aliases. When I send to any of the aliases, here is the message I get back: Out: 220 huck.plinkit.org ESMTP Postfix In: EHLO mail4.state.or.us Out: 250-huck.plinkit.org Out: 250-PIPELINING Out: 250-SIZE 1024 Out: 250-VRFY Out: 250-ETRN Out: 250 8BITMIME In: MAIL From:chris.a.ad...@state.or.us SIZE=4091 Out: 250 Ok In: RCPT To:independe...@plinkit.org Out: 451 Server configuration error Examine the servers log, look for egrep (error|fatal): /var/log/mail.log Here is an entry from the maillog file: If it was related to the error above, it would provide a clue. But it isn't. Following is output from postconf -n AH! smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_invalid_ reject_non_fqdn_ reject_non_fqdn_sender, Garbage! unknown_local_recipient_reject_code = 450 550, not 450 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postscreen update
* Matt Hayes domin...@slackadelic.com: Thanks for the update. I'm working on implementing this now, however, I'm a bit confused with the postscreen_dnsbl_reply_map option. Why? It's just for mapping RBL names. Unless you have a paid subscription with spamhaus.org, you don't need it. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: MX question
* CT gro...@obsd.us: General postfix question regarding MX lookups.. Does Postfix do an MX lookup on inbound mail as part of spam prevention or some other check.. ? How would that help? What exactly are you trying to achieve? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: MX question
* CT gro...@obsd.us: It was a question that came up in a discussion.. I have had issues in the past when delivering email and I did not have PTR in place.. the email was rejected.. That's not an MX problem, but a missing PTR. Postfix can check for this using: reject_unknown_reverse_client_hostname oder (more harsh) reject_unknown_client_hostname so the question regarding inbound MX lookups came up so I figured I would ask.. A MX lookup is performed to check if the sender domain exists; it can be activated using: reject_unknown_sender_domain -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Problems to understand reject_unlisted_recipients
* Jeroen Geilman jer...@adaptr.nl: On 09/14/2010 04:42 PM, Christian Rößner wrote: Sep 11 10:34:36 mx0 postfix/lmtp[29594]: 40FC3520A6: to=ad4f0.5040...@roessner-net.com, relay=127.0.0.1[127.0.0.1]:24, delay=0.39, delays=0.19/0.06/0.01/0.13, dsn=5.1.1, status=bounced (host 127.0.0.1[127.0.0.1] Who is that ? Dovecot LMTPd said: 550 5.1.1ad4f0.5040...@roessner-net.com User doesn't exist: ad4f0.5040...@roessner-net.com (in reply to RCPT TO command)) It isn't postfix - postfix is SENDING the message there. Yes, that's exactly the problem. Why is postfix accepting mail to non-existant recipients! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Problems to understand reject_unlisted_recipients
* Stan Hoeppner s...@hardwarefreak.com: ad4f0.5040...@roessner-net.com is a message-ID, not an email address. Here it is used as an email-address Then they send spam to that message-ID thinking it's an email address. The RHS is correct, so your Postfix server initially accepts it. And that's the problem. Why? You're apparently relaying to a content filter before doing recipient address verification. As you can see from his postconf -n, he IS doing recipient address verification -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Problems to understand reject_unlisted_recipients
* Christian Rößner c...@roessner-network-solutions.com: The address ad4f0.5040...@roessner-net.com is a non existent address. I used my web.de test-account to send a mail to this fake. Here is the result: So the domain is roessner-net.com postconf -n I'm seeing multiple problems mydomain = roessner-net.de relay_domains = $mydestination lists.roessner-net.de mydestination should not be in relay_domains! And what is mydestination defaulting to? $ postconf -d mydestination mydestination = $myhostname, localhost.$mydomain, localhost But you didn't define $myhostname explicitly. So, danger lurks! smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_non_fqdn_sender reject_unknown_recipient_domain reject_unknown_sender_domain reject_unlisted_recipient reject_unlisted_recipient, OK! reject_unauth_destination virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/virtual_aliases.cf virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap/virtual_domains.cf virtual_transport = lmtp:[127.0.0.1]:24 So: Which address class does roessner-net.com belong to? It's not mydestination, since your debug log says: Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_string: roessner-net.com ~? mx0.roessner-net.de Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_string: roessner-net.com ~? localhost.roessner-net.de Sep 11 11:10:35 mx0 postfix/smtpd[32405]: match_string: roessner-net.com ~? localhost So I guess mydestination = mx0.roessner-net.de, localhost.$mydomain, localhost Meaning: roessner-net.com is not in mydestination. It's not relay_domains, since that's $mydestination and lists.roessner-net.de According to this snippet: Sep 11 11:10:35 mx0 postfix/smtpd[32405]: dict_proxy_lookup: table=ldap:/etc/postfix/ldap/virtual_aliases.cf flags=lock|fold_fix key=ad4f0.5040...@roessner-net.com - status=1 result= Sep 11 11:10:35 mx0 postfix/smtpd[32405]: maps_find: virtual_alias_maps: ad4f0.5040...@roessner-net.com: not found virtual_alias_maps = ldap:/etc/postfix/ldap/virtual_aliases.cf is queried, but the address is not being found. But since roessner-net.com is NOT in virtual_alias_domains, it's not being rejected. But I cannot see why mail to roessner-net.com is accepted AT ALL, since all your log shows is no match. So: Which address class does roessner-net.com belong to? Testing on command line: postmap -q roessner-net.com ldap:/etc/postfix/ldap/virtual_domains.cf virtualDomains Aha. According to this it's in virtual_mailbox_domains! That's the error For your setup I'd say: * make roessner-net.com a relay_domain * use transport_maps to transport it to localhost via LMTP * use relay_recipient_maps -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Pipe to external command
* Fabio Ferrari fabio.ferr...@unimore.it: Hello, I have some problems in implementing a pipe to an external command. As said in the documentation, I've added the line transport_maps = hash:/etc/postfix/transport in the main.cf file, then I edited the transport file and added the line listadipr...@sms.unimo.it pipediprova: then I executed the postmap command to update the db. Then I added the line pipediprova unix - n n - - pipeflags= user=vmail argv=/usr/local/bin/mailtoliste.pl in the master.cf file. But when I try to send mail to the listadipr...@sms.unimo.it address, the maillog says: Sep 13 15:05:45 secchia postfix/smtpd[27379]: NOQUEUE: reject: RCPT from posta1.sms.unimo.it[155.185.44.49]: 550 5.1.1 listadipr...@sms.unimo.it: Recipient address rejected: User unknown in virtual mailbox table; from=ferrari.fa...@gmail.com to=listadipr...@sms.unimo.it proto=SMTP helo=localhost Well, the address is not valid :) User unknown in virtual mailbox table Create the addressr listadipr...@sms.unimo.it virtual_mailbox_maps = hash:/etc/postfix/sql/virtual_mailbox_maps in this map -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Can postfix guarantee durability (fsync)?
* Yang Zhang yanghates...@gmail.com: No. Postfix replies 250 OK: queued as 12345 when the message is QUEUED. Doesn't this contradict your original reply that durability is guaranteed? If there's no fsync, then the message may not have been persisted to non-volatile storage, and will be lost. After the mail had been written to the queue, fsync() is executed. If fsync() succeeded, the reply 250 OK: queued as . is sent back to the client. So unless fsync() lies, the mail is safely on the disk. Then the qmgr decides to e.g. invoke local to perform local delivery. local writes the mail into the Maildir, invokes fsync(). If fsync() succeeded, the qmgr considers the mail delivered and deletes the queuefile. So unless fsync() lies, the mail is safely on the disk. Your initial question was: Can postfix be configured to guarantee durable email receipt? E.g., can it be sure to fsync the mbox/Maildir file and/or directory before it acknowledges successful receipt of an email? THAT is not possible, since the process which is ACCEPTING the mail (smtpd) is NOT the same process that is writing to a local mailbox (local), due due Postfix's non-monolithical design. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Migrating Ver 2.1.5 to Ver 2.5.5
* cajun ca...@cajuninc.com: I'm migrating a working Ver 2.1.5 server to Ver 2.5.5 (on a new box). Two questions: 1) I assume it would not be a good thing just to copy main.cf master.cf along with the associated .db files to the new server as I can see lots has changed. I'm assuming that a line-by-line walk-through and comparison of the old new files is prudent copying over only the portions that I'm sure are relevant. It's usually safe to copy them and let postfix upgrade them 2) I'm pretty sure there are variables in main.cf that are deprecated from the older version to the newer version. Is there a way that I can easily locate these changes to the variables? That's hard :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Problem with Mail not Reaching its Destination
* Shane Dittmar chatter8...@gmail.com: When I came back to try things, I found out that none of the mail I sent to these addresses was being delivered. Originally, the error was that the address could not be found in the virtual users table, but I fixed this by adding to the mydestination parameter. Please show the exact error messages from your log! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postfix message size
* Jim McIver jmci...@lmtribune.com: I'm trying to limit the message size to 6 megabytes and in the main.cf I set: message_size_limit = 600 That's not 6 megabytes (message size 5414717 exceeds size limit 5242880 of server 127.0.0.1[127.0.0.1]) 5242880 != 600 I wanted the message so I set message_size_limit = 0 and reloaded postfix. postconf -n |grep size shows: message_size_limit = 0 OK so I figured the message should come through as this is suppose to disable the size limit. I still get: message size 5415340 exceeds size limit 5242880 of server 127.0.0.1 What's running on 127.0.0.1? A virus scanner? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix SMTP server
* motty.cruz motty.c...@gmail.com: Hello, When a client has a typo in the recipient email address it takes 5 days for my SMTP server to notify that the user does not exist or was unable to deliver email. Any idea where to change the option to make it more reliable. Please sho some logs of this behaviour. Is this your server sending out mail someplace else or your server receiving? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Inform postmaster, if message gets on HOLD
* Christian Rößner c...@roessner-network-solutions.com: Hi, simply question: I have configured my postfix that it keeps mails on HOLD, if they come from the webserver and are not addressed to me (i.e. if the webserver tries do relay mail over my MTA). This works pretty well, but how could the postmaster (me) get notified, if new mail is on hold? Use a script to parse your log. E.g. logcheck -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
postscreen vs. (all?|some?) address verification milter(s) in sendmail
Today I found a interesting problem regarding postscreen and a popular (?) address verification milter in sendmail From my logs: Sep 30 15:23:53 mail postfix/postscreen[21955]: NOQUEUE: reject: RCPT from [192.109.31.12]: 550 5.5.1 Protocol error; from=, to=valid.u...@charite.de, proto=SMTP, helo=mail.embl-hamburg.de Sep 30 15:23:53 mail postfix/postscreen[21955]: NOQUEUE: reject: RCPT from [192.109.31.12]: 550 5.5.1 Protocol error; from=postmas...@embl-hamburg.de, to=valid.u...@charite.de, proto=SMTP, helo=mail.embl-hamburg.de The idea of using two different senders is very nice per se, but it seems that the milter is triggering some check within postscreen 192.109.31.12 is running: 220 mail.EMBL-Hamburg.DE ESMTP Sendmail 8.13.8/8.13.8/Debian-2; Thu, 30 Sep 2010 16:06:22 +0200; (No UCE/UBE) logging access from: mail.charite.de(OK)-mail.charite.de [141.42.202.200] I cannot say anything about the milter in use. A prior bug report of mine against Smart Sendmail Filters https://sourceforge.net/tracker/?func=detailaid=2815073group_id=131540atid=721356 The sender address verification sends an HELO *before* the receiving server emits its SMTP banner. Thus, the probe (or the whole server) gets classified as earlytalker and (in my case) gets disconnected immediately. The verification probes must adhere to the SMTP protocol, otherwise they're worthless because they're generating false negatives. I have no doubt that the error is NOT in Postfix, but what exactly does the log excerpt mean? Which protocol error exactly is postscreen complaining about? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen vs. (all?|some?) address verification milter(s) in sendmail
* Victor Duchovni victor.ducho...@morganstanley.com: Do you have a tcpdump capture? From the above it sounds like HELO is sent before the 220 banner. That's a protocol error. No tcpdump, but I have this: Sep 30 15:23:53 mail postfix/postscreen[21955]: CONNECT from 192.109.31.12 Sep 30 15:23:53 mail postfix/postscreen[21955]: PREGREET 27 after 0.01 from 192.109.31.12: HELO mail.embl-hamburg.de?? Sep 30 15:23:53 mail postfix/postscreen[21955]: NOQUEUE: reject: RCPT from [192.109.31.12]: 550 5.5.1 Protocol error; from=, to=valid.recipi...@charite.de, proto=SMTP, helo=mail.embl-hamburg.de Sep 30 15:23:53 mail postfix/postscreen[21955]: NOQUEUE: reject: RCPT from [192.109.31.12]: 550 5.5.1 Protocol error; from=postmas...@embl-hamburg.de, to=valid.recipi...@charite.de, proto=SMTP, helo=mail.embl-hamburg.de Sep 30 15:23:53 mail postfix/postscreen[21955]: DISCONNECT 192.109.31.12 Sep 30 15:53:56 mail postfix/postscreen[10531]: CONNECT from 192.109.31.12 Sep 30 15:53:56 mail postfix/postscreen[10531]: WHITELISTED 192.109.31.12 Sep 30 15:53:56 mail postfix/postscreen[10531]: PASS OLD 192.109.31.12 Sep 30 15:53:56 mail postfix/smtpd[10563]: connect from mail.EMBL-Hamburg.DE[192.109.31.12] Sep 30 15:53:56 mail postfix/smtpd[10563]: NOQUEUE: client=mail.EMBL-Hamburg.DE[192.109.31.12] Sep 30 15:53:56 mail postfix/smtpd[10563]: disconnect from mail.EMBL-Hamburg.DE[192.109.31.12] which seems to back our both assumptions. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen vs. (all?|some?) address verification milter(s) insendmail
* Len Conrad lcon...@go2france.com: I've used pregreet on some very high volume MX for months, and had one FP. I had these two (within one year), both with sendmails with (presumably!) the same (?) milter. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen vs. (all?|some?) address verification milter(s) in sendmail
* Ralf Hildebrandt ralf.hildebra...@charite.de: 192.109.31.12 is running: 220 mail.EMBL-Hamburg.DE ESMTP Sendmail 8.13.8/8.13.8/Debian-2; Thu, 30 Sep 2010 16:06:22 +0200; (No UCE/UBE) logging access from: mail.charite.de(OK)-mail.charite.de [141.42.202.200] I found another one: 220 klx11.klinikum-amberg.de ESMTP mailserver; Thu, 30 Sep 2010 20:55:45 +0200; (No UCE/UBE) logging access from: mail.charite.de(OK)-mail.charite.de [141.42.202.200] That banner looks suspiciously similar! What is this (No UCE/UBE) logging access from: bit in the banner? Is that the default? Could find it in the sendmail sourcecode. # zfgrep -h 550 5.5.1 Protocol error; from=, to= /var/log/OLD/*/mail.log* | awk '{print $10}' | sort | uniq -c|sort -n 1 [169.230.27.17]: 1 [192.109.31.12]: 1 [192.109.31.26]: 1 [194.85.224.36]: 1 [209.253.146.109]: 1 [38.115.159.132]: 1 [65.39.224.170]: 1 [80.146.166.242]: 2 [194.63.247.43]: 2 [195.134.100.81]: 2 [217.25.178.38]: 3 [195.134.100.69]: 3 [217.25.178.9]: 5 [62.245.197.11]: -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Installation Error
* jason hirsh hir...@att.net: I am doing an installation on a new FreeBSD 8.1 box and it fail with postfix: warning: valid_hostname: invalid character 32(decimal): my.domain-server.com remove the trailing or leading space from my.domain-server.com or my.domain-server.com -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: problem blocking sender_address
* Tom Kinghorn thomas.kingh...@gmail.com: Thats 1 slap for me for missing the //'s Well, at least you got the rest of the syntax right. :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: problem blocking sender_address
* Tom Kinghorn thomas.kingh...@gmail.com: Good afternoon list. I apologise for this post. Hey, let's read your post first and decide later if you need to apologize :) I am new to postfix and battling to block a sender who keeps changing digits in the sending address. This sounds like a job for regex: or PCRE: I would like to block the sender using the regex westcoast[0-9]...@gmail.com (to block sender address of westcoast...@gmail.com etc..). Yep. /^westcoast[0-9]...@gmail\.com$/ REJECT However, adding it to the smtpd_sender_restrictions is not working config looks like: smtpd_sender_restrictions = snip check_sender_access regexp:/etc/postfix/sender_access_blacklist_regexp, /snip sender_access_blacklist_regexp contains: #discard westcoast spammer westcoast[0-9]...@gmail.comDISCARD /^westcoast[0-9]...@gmail\.com$/ DISCARD or /^westcoast[0-9]...@gmail\.com$/ REJECT You're lacking the // -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: rejecting clients greeting me with my own name
* Jeroen Geilman jer...@adaptr.nl: Please don't send these redundant messages. It's a good indication of your general messaging skills. On 10/04/2010 07:56 PM, martin f krafft wrote: also sprach Jeroen Geilmanjer...@adaptr.nl [2010.10.04.1822 +0200]: Where, exactly ? The HELO greeting. The real client IP ? That can't be trivially spoofed, and so would actually BE your server. I have seen clients who apparently connect to my MX with the IP and then send the IP after HELO. With YOUR IP ? That's highly unlikely, to the point of unbelievability. I've seen those as well; not from within my networks, but yes. I've seen them! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Character corruption for Chinese (simple and traditional) and Korean texts
* Sharma, Ashish ashish.shar...@hp.com: Hi, I have a setup, where emails received by mail server(postfix) are taken on and the resulting email's body(html or plain text) and attachments are parsed to separate files and saved, for this I use javax mail api. The problem occurs for email body when it is in Chinese (simple and traditional) (charset GB2312, as per email header) or Korean (charset ks_c_5601-1987, as per email header), the resulting parsed email bodies show character corruption (the characters are displayed as '?'). Postfix does not change the contects of a mail. Period. I am unable to understand why rest of the programs like Google mail, Outlook can parse the mail body right while my code could not. Sounds like an error in your code then Please suggest what am I doing wrong? Without knowing your code, it's really hard to tell. Personally, I'd debug by using alway_bcc_maps to a simple mailbox and examine the mails in detail. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix seems to ignore check_policy_service
* John Swift stuperm...@yahoo.com: Hello, We have a Postfix instance that we're attempting to use a mail filter on (specifically policyd). We've used the instructions in the mail filter and added this in our main.cf: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_policy_service inet:127.0.0.1:10031 Show postconf -n output and your master.cf! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Postfix seems to ignore check_policy_service
* John Swift stuperm...@yahoo.com: mydomain = XXX.com myhostname = hq-relaytest-01 myhostname must be a FQDN, probably hq-relaytest-01.$mydomain mynetworks = 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 127.0.0.0/8 Don't test your policyd from there. smtpd_recipient_restrictions = permit_mynetworks, check_policy_service inet:127.0.0.1:10031, reject_unauth_destination, permit Looking good. master.cf: smtp inet n - n - - smtpd No override, looking good. So from where did you test this? You need to be outside 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 127.0.0.0/8 to ever reach check_policy_service inet:127.0.0.1:10031, -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: postscreen segfault
* Vernon A. Fort vf...@provident-solutions.com: Were you seeing the signal 11 errors before turning on verbose logging? Wietse yes, as noted with my previous post. just not as frequent, say one every 4-5 days. I also have a few: Sep 24 13:56:04 mail postfix/master[2823]: warning: process /usr/libexec/postfix/postscreen pid 10525 killed by signal 11 Sep 24 17:33:06 mail postfix/master[2823]: warning: process /usr/libexec/postfix/postscreen pid 27074 killed by signal 11 Sep 29 09:01:04 mail postfix/master[2688]: warning: process /usr/libexec/postfix/postscreen pid 31258 killed by signal 11 Sep 29 21:04:15 mail postfix/master[2688]: warning: process /usr/libexec/postfix/postscreen pid 19613 killed by signal 11 Oct 1 11:33:32 mail postfix/master[2688]: warning: process /usr/libexec/postfix/postscreen pid 18731 killed by signal 11 Oct 1 12:34:14 mail postfix/master[2688]: warning: process /usr/libexec/postfix/postscreen pid 32143 killed by signal 11 Oct 1 20:32:55 mail postfix/master[2688]: warning: process /usr/libexec/postfix/postscreen pid 18259 killed by signal 11 Oct 4 10:53:13 mail postfix/master[2688]: warning: process /usr/libexec/postfix/postscreen pid 11320 killed by signal 11 Oct 4 13:11:42 mail postfix/master[2688]: warning: process /usr/libexec/postfix/postscreen pid 11845 killed by signal 11 Oct 5 11:33:23 mail postfix/master[2688]: warning: process /usr/libexec/postfix/postscreen pid 13677 killed by signal 11 Oct 5 18:51:11 mail postfix/master[2688]: warning: process /usr/libexec/postfix/postscreen pid 6358 killed by signal 11 Oct 6 09:04:56 mail postfix/master[2688]: warning: process /usr/libexec/postfix/postscreen pid 23941 killed by signal 11 Oct 6 17:34:05 mail postfix/master[2688]: warning: process /usr/libexec/postfix/postscreen pid 9903 killed by signal 11 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: PATCH: postscreen segfault
* Vernon A. Fort vf...@provident-solutions.com: Thanks Wietse - installed and running. Same here. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Resend emails from a Maildir
* Patric Falinder patric.falin...@omg.nu: Hi, I'm not really sure if this has to do with Postifx so just tell me if I'm wrong. Is it possible to resend emails that are in a Maildir already? Yes. #!/bin/sh # # verschickt die gesamte Mail eines Benutzers an $1 # USAGE=usage: $0 u...@domain if test $# != 1 then echo $USAGE exit 1 fi if ! grep @ STOP /dev/null $1 STOP then echo $USAGE echo No @ in Mail-address exit 1 fi if ! test -d new -a -d cur -a tmp then echo You are not in Maildir echo there is no new cur tmp exit 1 fi find cur new tmp -type f | xargs --replace /usr/local/scripts/send_mail $1 {} /usr/local/scripts/send_mail #!/bin/sh /usr/local/sbin/mini_sendmail -syour.mail.host -p25 -fnob...@charite.de $1 $2 rm -f $2 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Request for help with redesign of Postfix Configuration File ...
* Christopher Koeber ckoe...@gmail.com: inet_interfaces = all default mydomain = students.wesleyseminary.edu myhostname = students.wesleyseminary.edu I'd say myhostname = students.wesleyseminary.edu which implies mydomain = wesleyseminary.edu Setting mydomain equal to myhostname strikes me as being odd. mynetworks = 127.0.0.0/8 mynetworks_style = subnet If you set mynetworks explicitly, no need to set mynetworks_style myorigin = $mydomain Or rather $myhostname which is the default anyway :) smtpd_banner = students.wesleyseminary.edu ESMTP $mail_name ($mail_version) Lose that, use the default smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination OK -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Fighting Backscatter
* Charles Marcus cmar...@media-brokers.com: As has been told to you more than once, the correct solution is simple... 1. Stop forwarding spam, or As we all know that not really easily done. I might consider a mail ham while other systems consider the mail to be spam. The first step must be to check HOW MANY mails are bouncing at all. A big percentage? And then one needs to check the anti spam methods one is using. And compare them to the checks the real recipient is using. Did the OP show postconf -n yet? 2. Do not forward *any* emails, period. That's probably the simplest solution :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Fighting Backscatter
* martijn.list martijn.l...@gmail.com: 2. Do not forward *any* emails, period. That's probably the simplest solution :) Wouldn't using an owner alias be a solution? (see expand_owner_alias). You can set the owner alias of the forward to some internal address. This internal address will only be used to 'suck-up' the bounces of forwarded messages. Interesting idea! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Is Postfix Checking Spamhaus RBL
* Carlos Mennens carlosw...@gmail.com: My question is why did a message I send from my client (Thunderbird) from my ISP connected PC [74.235.192.80] who is on the PBL get rejected when my mail server the message was sent from is 64.38.48.101. The mail server is not on any PBL so what does it matter if my ISP range of ATT/Bell South is blacklisted. My mail server is remote and clean. I don't understand why this message was blocked from Spamhaus. My Postfix mail server is not on the ISP network what to ever. This is the reject email back to me: Failed Recipient: kenn...@brek.aero Reason: Remote host said: 554 Service unavailable; Client host [vss155.webhosting-email.com] blocked by zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=74.235.192.80 The message above is confusing because [vss155.webhosting-email.com] is NOT 74.235.192.80. That's the IP of where the email originated from in my Thunderbird mail client. From that IP it was transfered via SMTP [25] to 64.38.48.101 and that IP is 'vss155.webhosting-email.com. I hope that was a bit more clear than my 1st ramble... Ah, maybe they're looking at all the headers, which is really stupid! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Is Postfix Checking Spamhaus RBL
* Carlos Mennens carlosw...@gmail.com: Ah, maybe they're looking at all the headers, which is really stupid! Oh so then this is completely something configured wrong on their end using Microsoft Exchange, right? I seriously doubt that exchange can do this. But I guess the error must be someplace on their end. You can reproduce it easily: * send a mail there. When the mail is being blocked, stay connected. * now change your Postfix to REMOVE the OFFENDING HEADER with the problematic IP from the mail: header_checks = pcre:/etc/postfix/header_checks with /the.ip.which.triggers.the.check/ IGNORE * postfix reload * send another mail, from the same ip! (that's why I said: stay connected) I just sent email from the same IP to my personal and friends Postfix mail servers who both use RBL checks to zen.spamhaus.org and they passed through fine. So do we. Can I ask what the normal procedure is for mail? If the latter IP is listed on a PBL but the last received IP is not, does it then allow? Does Postfix only look at the the most recent received client IP for RBL checks and thats all? Of course. Everything else cannot be trusted anyway. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de