Re: Filtering spam received from multiple users

2011-04-12 Thread Stan Hoeppner
Jose Hales-Garcia put forth on 4/11/2011 8:00 PM: On Apr 11, 2011, at 3:44 PM, Stan Hoeppner wrote: My first idea for handling these messages is writing a filter in header_checks using regexp. Is this the best approach to take using Postfix 2.4.3? Probably not. Provide the full

Re: selective greylisting with a long delay

2011-04-12 Thread Stan Hoeppner
pf at alt-ctrl-del.org put forth on 4/11/2011 7:32 PM: Just because most of the emails are spam, doesn't mean that most of their customers are spammers. After all, the spammers are sending a lot more mail than legit sites do. If the ISP has multiple /15's and /16's, I think that blocking

Re: use of smtp(d)_tls_CAfile with opportunistic TLS?

2011-04-12 Thread email builder
I'm wondering about the usefulness of smtp(d)_tls_CAfile(path) when using opportunistic encryption in both incoming and outgoing connections. The TLS_README suggests that certificate and key files be left empty for opportunistic smtp processes, but it doesn't talk specifically

Re: selective greylisting with a long delay

2011-04-12 Thread Bernhard Rohrer
My first port of call here would be to enable features like - DKIM - SPF - reverse DNS lookup for the connecting host, where several things can be done: - match connecting IP to hostname in helo or mail from - match connecting ip to claimed sending domain in helo or mail from (check MX and A)

authenticated smtp relay and ssl/tls

2011-04-12 Thread Fabien COMBERNOUS
Hi there, Is it possible to ask postfix to relay mail to an authenticated smtp service ? This remote smtp service is using ssl or tls. I know it is possible to relay mail to an authenticated smtp service but without ssl/tls. Any peace of information or howto about this is welcome. Best

RE: authenticated smtp relay and ssl/tls

2011-04-12 Thread Gabriel S. Craciun
http://www.dslreports.com/faq/6456 -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Fabien COMBERNOUS Sent: Tuesday, April 12, 2011 12:12 PM To: postfix-users@postfix.org Subject: authenticated smtp relay and ssl/tls Hi

Re: Nulls not being stripped from incoming mail

2011-04-12 Thread Wietse Venema
Rich Wales: I'm running Postfix 2.8.1 and Cyrus 2.3.16 on an Ubuntu 10.04 (Lucid) server. I'm having trouble with incoming mail from Google's Postini help forum. The messages I'm getting contain null characters in the body, so Cyrus is saying 554 5.6.0 Message contains NUL characters (in

Re: selective greylisting with a long delay

2011-04-12 Thread Noel Jones
On 4/12/2011 3:19 AM, Bernhard Rohrer wrote: My first port of call here would be to enable features like - DKIM - SPF - reverse DNS lookup for the connecting host, where several things can be done: Nope. This class of spammers carefully follow the RFCs and use SPF and DKIM. - match

Re: authenticated smtp relay and ssl/tls

2011-04-12 Thread Noel Jones
On 4/12/2011 4:12 AM, Fabien COMBERNOUS wrote: Hi there, Is it possible to ask postfix to relay mail to an authenticated smtp service ? This remote smtp service is using ssl or tls. I know it is possible to relay mail to an authenticated smtp service but without ssl/tls. Any peace of

Re: Nulls not being stripped from incoming mail

2011-04-12 Thread Wietse Venema
Wietse Venema: I added message_strip_characters = \0 to my Postfix's main.cf and did a reload of Postfix, but this doesn't seem to have had any effect on the problem. I did a Google search and found various complaints over the years from people claiming message_strip_characters = \0

Re: use of smtp(d)_tls_CAfile with opportunistic TLS?

2011-04-12 Thread Noel Jones
On 4/12/2011 2:17 AM, email builder wrote: Am I correct to infer that both smtp(d)_tls_CAfile settings only serve a purpose when you want to verify client/server certificates? If that's the case, why does the example at the bottom of TLS_README use both the CAfile settings with only

Re: Filtering spam received from multiple users

2011-04-12 Thread Mikael Bak
Stan Hoeppner wrote: [snip] Received: from [190.221.28.39] (unknown [190.221.28.39]) In this example, reject_unknown_reverse_client_hostname would have generated a 450 rejection. You should always use reject_unknown_reverse_client_hostname at minimum, or the more restrictive

Reject /Discard outbound domain?

2011-04-12 Thread Randy Ramsdell
Hi, I am trying to block all mail going to a certain domain. We use smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_lists and it counterpart: smtpd_restriction_classes = list_blocks list_blocks = check_sender_access hash:/etc/postfix/list_members,reject The

pflogsumm by domain

2011-04-12 Thread Tolga
Hello, Is it possible to have pflogsumm detail the report by domain? eg. 291 messages received by example.com 354 messages received by example.net xxx messages received by example.org and so on... Regards,

Re: authenticated smtp relay and ssl/tls

2011-04-12 Thread Fabien COMBERNOUS
Thank you for URL pointers. On 12/04/2011 13:53, Noel Jones wrote: [...] Yes, TLS and authentication are set up separately in postfix and can be (and frequently are) used together. http://www.postfix.org/SASL_README.html#client_sasl_enable Authentication with a remote smtp without SSL/TLS

Re: Reject /Discard outbound domain?

2011-04-12 Thread Noel Jones
On 4/12/2011 8:28 AM, Randy Ramsdell wrote: Hi, I am trying to block all mail going to a certain domain. We use smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_lists and it counterpart: smtpd_restriction_classes = list_blocks list_blocks = check_sender_access

Re: selective greylisting with a long delay

2011-04-12 Thread Kris Deugau
Stan Hoeppner wrote: Jerry put forth on 4/11/2011 4:39 PM: Stan Hoeppners...@hardwarefreak.com articulated: Why bother with this complex greylisting setup? Simply hammer the big blocks with a CIDR entry and whitelist individual IPs in the range from which you need legit mail. If such IPs

Re: pflogsumm by domain

2011-04-12 Thread James Seymour
On Tue, 12 Apr 2011 17:06:22 +0300 Tolga to...@ozses.net wrote: Hello, Is it possible to have pflogsumm detail the report by domain? eg. 291 messages received by example.com 354 messages received by example.net xxx messages received by example.org [snip] No. Regards, Jim -- Note: My

Re: pflogsumm by domain

2011-04-12 Thread jeffrey j donovan
On Apr 12, 2011, at 10:56 AM, James Seymour wrote: On Tue, 12 Apr 2011 17:06:22 +0300 Tolga to...@ozses.net wrote: Hello, Is it possible to have pflogsumm detail the report by domain? eg. 291 messages received by example.com 354 messages received by example.net xxx messages received

Re: authenticated smtp relay and ssl/tls

2011-04-12 Thread Noel Jones
On 4/12/2011 9:24 AM, Fabien COMBERNOUS wrote: Thank you for URL pointers. On 12/04/2011 13:53, Noel Jones wrote: [...] Yes, TLS and authentication are set up separately in postfix and can be (and frequently are) used together. http://www.postfix.org/SASL_README.html#client_sasl_enable

Re: Reject /Discard outbound domain?

2011-04-12 Thread Randy Ramsdell
Noel Jones wrote: On 4/12/2011 8:28 AM, Randy Ramsdell wrote: Hi, I am trying to block all mail going to a certain domain. We use smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_lists and it counterpart: smtpd_restriction_classes = list_blocks list_blocks =

Re: Reject /Discard outbound domain?

2011-04-12 Thread Noel Jones
On 4/12/2011 10:12 AM, Randy Ramsdell wrote: Noel Jones wrote: On 4/12/2011 8:28 AM, Randy Ramsdell wrote: Hi, I am trying to block all mail going to a certain domain. We use smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_lists and it counterpart:

Re: authenticated smtp relay and ssl/tls

2011-04-12 Thread Fabien COMBERNOUS
Thank you for your answer. On 12/04/2011 17:06, Noel Jones wrote: [...] Port 465 is the deprecated SSL wrapper mode smtps. The postfix smtp client doesn't support wrapper mode. Use the submission port 587 instead, or if you must use 465 see http://www.postfix.org/TLS_README.html#client_smtps

acquire Postfix statistics

2011-04-12 Thread Zhou, Yan
Hi There, How do you gather statistics for messages delivered and processed via Postfix (both inbound and outbound)? For instance, to show on a daily basis, how many messages we have received from each domain, how many messages we have delivered to each domain, etc. I have seen some options

Re: Reject /Discard outbound domain?

2011-04-12 Thread Randy Ramsdell
Noel Jones wrote: On 4/12/2011 10:12 AM, Randy Ramsdell wrote: Noel Jones wrote: On 4/12/2011 8:28 AM, Randy Ramsdell wrote: Hi, I am trying to block all mail going to a certain domain. We use smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_lists and it

Re: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory

2011-04-12 Thread David Brown
Hello Wietse, thanks for the reply. The mail.log is all I have: Apr 12 15:38:05 myotherhost postfix/smtpd[24105]: NOQUEUE: reject: RCPT from unknown[www.xxx.yyy.zzz]: 550 5.1.1 u...@remotehost.tld: Recipient address rejected: User unknown in local recipient table; from=m...@myhost.tld

Re: authenticated smtp relay and ssl/tls

2011-04-12 Thread Noel Jones
On 4/12/2011 10:31 AM, Fabien COMBERNOUS wrote: Thank you for your answer. On 12/04/2011 17:06, Noel Jones wrote: [...] Port 465 is the deprecated SSL wrapper mode smtps. The postfix smtp client doesn't support wrapper mode. Use the submission port 587 instead, or if you must use 465 see

Re: acquire Postfix statistics

2011-04-12 Thread Randy Ramsdell
Zhou, Yan wrote: Hi There, How do you gather statistics for messages delivered and processed via Postfix (both inbound and outbound)? For instance, to show on a daily basis, how many messages we have received from each domain, how many messages we have delivered to each domain, etc. I have

Re: Reject /Discard outbound domain?

2011-04-12 Thread Noel Jones
On 4/12/2011 10:41 AM, Randy Ramsdell wrote: Noel Jones wrote: Sorry, this is simply related to file format it appears. Ah! A question! main.cf smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_lists protected_lists @someinvaliddomainname.com reject This

Re: Reject /Discard outbound domain?

2011-04-12 Thread Randy Ramsdell
Noel Jones wrote: On 4/12/2011 10:41 AM, Randy Ramsdell wrote: Noel Jones wrote: Sorry, this is simply related to file format it appears. Ah! A question! Well, not really. main.cf smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_lists protected_lists

Re: authenticated smtp relay and ssl/tls

2011-04-12 Thread Fabien COMBERNOUS
On 12/04/2011 17:50, Noel Jones wrote: On 4/12/2011 10:31 AM, Fabien COMBERNOUS wrote: Thank you for your answer. On 12/04/2011 17:06, Noel Jones wrote: [...] Port 465 is the deprecated SSL wrapper mode smtps. The postfix smtp client doesn't support wrapper mode. Use the submission port 587

Re: Nulls not being stripped from incoming mail

2011-04-12 Thread Wietse Venema
Rich sent me a couple files as requested. Of these, File mailnull.txt (UNIX mailbox format) has a null byte at the end of the last line. I send this into Postfix $ tail +2 nullmail.txt | sendmail wietse@localhost When I view my mailbox with less, the last line looks like:

Re: Sender access issue

2011-04-12 Thread Alex
Hi, Okay, I've even put the sender_access map first and it is still rejected. Below is the output from postconf: NEVER put sender whitelists first in smtpd_recipient_restrictions, do put them after reject_unauth_destination, but before any sender-specific restrictions that require a

Re: authenticated smtp relay and ssl/tls

2011-04-12 Thread Victor Duchovni
On Tue, Apr 12, 2011 at 04:24:47PM +0200, Fabien COMBERNOUS wrote: I started by getting certificates of the remote smtp service with the command : [...] Then i put the certificate in the file /etc/postfix/certs/googlesmtp.pem beginning by -BEGIN CERTIFICATE-, ending by -END

Occasional email rejections with no shown explanation

2011-04-12 Thread Eric Cunningham
Hi, on occassion, I'm noting rejected emails without any specific reason logged. Without a reason, it's hard to pinpoint a fix to allow legit emails through. Here's an example from my mail log: Apr 12 13:15:10 postal2 postfix/smtpd[22543]: connect from

Re: selective greylisting with a long delay

2011-04-12 Thread Jerry
On Tue, 12 Apr 2011 10:54:13 -0400 Kris Deugau kdeu...@vianet.ca articulated: Stan Hoeppner wrote: Jerry put forth on 4/11/2011 4:39 PM: Stan Hoeppners...@hardwarefreak.com articulated: Why bother with this complex greylisting setup? Simply hammer the big blocks with a CIDR entry and

Re: Occasional email rejections with no shown explanation

2011-04-12 Thread Wietse Venema
Eric Cunningham: Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1 myl...@mail.mylife.com: Sender address rejected: Access denied; from=myl...@mail.mylife.com to=e...@whoi.edu proto=ESMTP

Re: authenticated smtp relay and ssl/tls

2011-04-12 Thread Noel Jones
On 4/12/2011 11:30 AM, Fabien COMBERNOUS wrote: http://www.postfix.org/TLS_README.html#client_tls_levels # main.cf smtp_tls_security_level = may It is what i did : smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/spool/postfix/tls/smtp_session_cache Now i get this

Re: Occasional email rejections with no shown explanation

2011-04-12 Thread Eric Cunningham
Wietse Venema wrote: Eric Cunningham: Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1 myl...@mail.mylife.com: Sender address rejected: Access denied; from=myl...@mail.mylife.com to=e...@whoi.edu proto=ESMTP

Re: use of smtp(d)_tls_CAfile with opportunistic TLS?

2011-04-12 Thread email builder
On 4/12/2011 2:17 AM, email builder wrote: Am I correct to infer that both smtp(d)_tls_CAfile settings only serve a purpose when you want to verify client/server certificates? If that's the case, why does the example at the bottom of TLS_README use both the CAfile settings with

Re: Occasional email rejections with no shown explanation

2011-04-12 Thread Darek M
On Tue, Apr 12, 2011 at 3:21 PM, Eric Cunningham e...@whoi.edu wrote: Yes, that's correct, but not intentionally nor explicitly.  I've tried explicitly accepting the sender address in my smtpd_recipient_restrictions' final_sender_access file but that has no effect. -Eric And what's the

Re: Occasional email rejections with no shown explanation

2011-04-12 Thread /dev/rob0
On Tue, Apr 12, 2011 at 02:09:11PM -0400, Eric Cunningham wrote: Hi, on occassion, I'm noting rejected emails without any specific reason logged. Without a reason, it's hard to pinpoint a fix to allow legit emails through. Here's an example from my mail log: Apr 12 13:15:10 postal2

Re: Occasional email rejections with no shown explanation

2011-04-12 Thread Eric Cunningham
Darek M wrote: On Tue, Apr 12, 2011 at 3:21 PM, Eric Cunningham e...@whoi.edu wrote: Yes, that's correct, but not intentionally nor explicitly. I've tried explicitly accepting the sender address in my smtpd_recipient_restrictions' final_sender_access file but that has no effect. -Eric And

Re: Occasional email rejections with no shown explanation

2011-04-12 Thread /dev/rob0
On Tue, Apr 12, 2011 at 03:21:06PM -0400, Eric Cunningham wrote: Wietse Venema wrote: Eric Cunningham: Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1 myl...@mail.mylife.com: Sender address rejected: Access denied;

Re: Occasional email rejections with no shown explanation

2011-04-12 Thread Eric Cunningham
On Tue, Apr 12, 2011 at 03:21:06PM -0400, Eric Cunningham wrote: Wietse Venema wrote: Eric Cunningham: Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1 myl...@mail.mylife.com: Sender address rejected: Access denied;

Re: Occasional email rejections with no shown explanation

2011-04-12 Thread Ralf Hildebrandt
* Eric Cunningham e...@whoi.edu: Darek M wrote: On Tue, Apr 12, 2011 at 3:21 PM, Eric Cunningham e...@whoi.edu wrote: Yes, that's correct, but not intentionally nor explicitly. I've tried explicitly accepting the sender address in my smtpd_recipient_restrictions' final_sender_access file but

Re: smptd_client_restriction

2011-04-12 Thread Ansgar Wiechers
On 2011-04-12 mejaz wrote: Sorry may some lines were not copied properly in my previous Email. Here is the ouput of postconf -n and you will find mynetworks in second last line. [...] transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 In the second last

RE: SASL Authentication and debugging..

2011-04-12 Thread Simon Brereton
From: Simon Brereton Probably not the best place for this, but hopefully someone will tell me what I'm doing wrong anyway.. I've gotten the TLS up and working. And SASL auth seemed to be working. I installed saslfinger and everything was fine there. But when trying to locally inject

Re: Filtering spam received from multiple users

2011-04-12 Thread Stan Hoeppner
Mikael Bak put forth on 4/12/2011 7:31 AM: Stan Hoeppner wrote: [snip] Received: from [190.221.28.39] (unknown [190.221.28.39]) In this example, reject_unknown_reverse_client_hostname would have generated a 450 rejection. You should always use reject_unknown_reverse_client_hostname at

Re: Filtering spam received from multiple users

2011-04-12 Thread Noel Jones
On 4/12/2011 4:19 PM, Stan Hoeppner wrote: Mikael Bak put forth on 4/12/2011 7:31 AM: Stan Hoeppner wrote: [snip] Received: from [190.221.28.39] (unknown [190.221.28.39]) In this example, reject_unknown_reverse_client_hostname would have generated a 450 rejection. You should always use

Re: Nulls not being stripped from incoming mail

2011-04-12 Thread Jeroen Geilman
On 04/12/2011 08:59 PM, Rich Wales wrote: Wietse wrote: However, message_strip_characters has no effect when mail is received with receive_override_options = no_header_body_checks ... This is set either in master.cf or main.cf. And indeed, I have no_header_body_checks

Re: Filtering spam received from multiple users

2011-04-12 Thread Stan Hoeppner
Noel Jones put forth on 4/12/2011 6:56 PM: On 4/12/2011 4:19 PM, Stan Hoeppner wrote: Mikael Bak put forth on 4/12/2011 7:31 AM: Stan Hoeppner wrote: [snip] Received: from [190.221.28.39] (unknown [190.221.28.39]) In this example, reject_unknown_reverse_client_hostname would have

Re: Filtering spam received from multiple users

2011-04-12 Thread Sahil Tandon
On Tue, 2011-04-12 at 16:19:03 -0500, Stan Hoeppner wrote: Mikael Bak put forth on 4/12/2011 7:31 AM: Stan Hoeppner wrote: [snip] Received: from [190.221.28.39] (unknown [190.221.28.39]) In this example, reject_unknown_reverse_client_hostname would have generated a 450 rejection.

Re: SASL Authentication and debugging..

2011-04-12 Thread Patrick Ben Koetter
* Simon Brereton simon.brere...@dada.net: Probably not the best place for this, but hopefully someone will tell me what I'm doing wrong anyway.. I've gotten the TLS up and working. And SASL auth seemed to be working. I installed saslfinger and everything was fine there. But when trying to

Re: Filtering spam received from multiple users

2011-04-12 Thread Stan Hoeppner
Sahil Tandon put forth on 4/12/2011 10:58 PM: On Tue, 2011-04-12 at 16:19:03 -0500, Stan Hoeppner wrote: Mikael Bak put forth on 4/12/2011 7:31 AM: Stan Hoeppner wrote: [snip] Received: from [190.221.28.39] (unknown [190.221.28.39]) In this example, reject_unknown_reverse_client_hostname

RE: SASL Authentication and debugging..

2011-04-12 Thread Simon Brereton
From: owner-postfix-us...@postfix.org [mailto:owner-postfix- us...@postfix.org] On Behalf Of Patrick Ben Koetter * Simon Brereton simon.brere...@dada.net: Probably not the best place for this, but hopefully someone will tell me what I'm doing wrong anyway.. I've gotten the TLS up and

Re: Nulls not being stripped from incoming mail

2011-04-12 Thread Rich Wales
Thanks, Jeroen, for your critique of my master.cf file. Per your suggestions, I'm removing the no_header_body_checks from my smtp configuration. I'm also moving the smtpd_recipient_restrictions into my main.cf, and making sure it's overridden as needed for all other parts of my master.cf file.