>Q: Is it safe to clear ldaplistdb?
yes
>Q: What is the best way to do it?
GUI, database tools ??
>Q: Shouldn't such entries get deleted automatically?
Is the entry wrong? Does the age matters anyway?
>On forceLDAPcrossCheck, ASSP does not use VRFY, although it is available:
set 'VRFYLog' to diagnostic
>HELP
>502 5.5.2 Error: command not recognized
A mail server that does not support the HELP command. Makes this sense?
>Anyway, when Postfix answers to VRFY with
>252 2.0.0 blahb...@web.de
The replies are checked against '$vrfyOKRE'.
The default value is
$vrfyOKRE = qr/^25[01]$/;
so - 252 will not match - means it is not OK - means invalid
address/domain
>On forceLDAPcrossCheck, ASSP does not use VRFY, although it is available:
"RCPT TO" is used as failover, if VRFY is not announced or rejected by the
MTA
>Same, of course, when using "RCPT TO" - Postfix has to accept any
>address that looks valid - not just local addresses.
And why you use postfix to validate your local mail addresses, if it is
unable to validate them ?
>:2018/01/29 12:01:22 [Worker_10000] Info: localdomains was changed -
>removed the now not matching temporary local domain entry '@web.de' from
>ldaplistdb
ldapcrosscheck removes such entries of "temporary local domain"
>Q: What is "temporary local domain"?
>Q: How does a domain get listed as "temporary local"?
ASSP got OK from postfix for a ...@web.de address - @web.de is than added
to local domains temporary - it is not in the list of localdomais but
valid
Check your setting of 'LDAPFail'!
AGAIN:
If your postfix is unable to validate local addresses as valid and all
other addresses as invalid locals - DO NOT use it to verify local mail
addresses for assp!
Thomas
Von: "Zrin Ziborski" <zrin+a...@ziborski.net>
An: assp-test@lists.sourceforge.net
Datum: 31.01.2018 00:17
Betreff: Re: [Assp-test] UnknownLocalSender / SpoofedSender for
non-local domain
Q: Is it safe to clear ldaplistdb?
Q: What is the best way to do it?
I see very old entries, like
ti...@ziborski.net|::|[2016-11-22,13:03:12] VRFY
Q: Shouldn't such entries get deleted automatically?
Settings:
DoVRFY: on
ldaplistdb: DB:
LDAPcrossCheckInterval: 24
MaxLDAPlistDays: 30
VRFYforceRCPTTO: <empty>
On forceLDAPcrossCheck, ASSP does not use VRFY, although it is available:
...
220 mx1.safemail.at ESMTP Postfix
EHLO mx1.safemail.at
250-mx1.safemail.at
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
HELP
502 5.5.2 Error: command not recognized
MAIL FROM:<postmas...@mx1.safemail.at>
250 2.1.0 Ok
RCPT TO:<lindsay...@ziborski.net>
250 2.1.5 Ok
QUIT
221 2.0.0 Bye
...
Anyway, when Postfix answers to VRFY with
252 2.0.0 blahb...@web.de
it means "I don't know whether the address is valid"
and perhaps "it doesn't look invalid"
ASSP should not assume that the address is local!
Same, of course, when using "RCPT TO" - Postfix has to accept any
address that looks valid - not just local addresses.
Checking the logs, I've found this (and similar entries, some with
domains containing line breaks in the name (!?!)):
:2018/01/29 12:01:22 [Worker_10000] Info: localdomains was changed -
removed the now not matching temporary local domain entry '@web.de' from
ldaplistdb
Q: What is "temporary local domain"?
Q: How does a domain get listed as "temporary local"?
Thank you,
best regards,
Zrin Ziborski
Am 30.01.2018 um 11:13 schrieb Thomas Eckardt:
>>252 2.0.0 blahb...@web.de
>
> This is the wrong answer from your postfix. If assp sees this reply, it
> will cache 'web.de' as local domain for a while. Because, if
> blahb...@web.deis valid, web.de must be a local domain.
>
> Thomas
>
>
>
>
>
> Von: "Zrin Ziborski" <zrin+a...@ziborski.net>
> An: assp-test@lists.sourceforge.net
> Datum: 30.01.2018 10:43
> Betreff: Re: [Assp-test] UnknownLocalSender / SpoofedSender for
> non-local domain
> ------------------------------------------------------------------------
>
>
>
> Did check that - there was no "web.de" anywhere to find.
>
> Is it safe to empty the ldaplistdb?
>
> Is it normal that some entries in it contain line breaks?
> Example:
> @ziborski.net|::|[2018-01-30,06:24:27]
> @ziborski.net
> |::|[2018-01-30,08:03:05] VRFY
> @ziborski.net>
> |::|[2018-01-30,06:24:27]
>
> I've checked all of those:
> https://assp.my.net:55555/edit?file=DB-ldaplistdb¬e=1
> https://assp.my.net:55555/edit?file=DB-LDAPShowDB¬e=8
> (I guess it's the very same content)
> ./database/ldaplist
> ./ldaplist
> ./mysql/dbbackup/ldaplist*
>
> Couldn't find "web.de" there.
>
> Several weeks ago I did have a route (transport setting in postfix) for
> outgoing e-mails to web.de through another server, but that shouldnt
> touch local domains (?)
>
> BTW, when manually testung VRFY on the internal port for ASSP->Postfix I
> get following:
>
> 220 mx1.safemail.at ESMTP Postfix
> EHLO localhost
> 250-mx1.safemail.at
> 250-PIPELINING
> 250-SIZE 31457280
> 250-VRFY
> 250-ETRN
> 250-AUTH PLAIN LOGIN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> VRFY postmaster
> 252 2.0.0 postmaster
> VRFY postmas...@safemail.at
> 252 2.0.0 postmas...@safemail.at
> VRFY postmas...@google.com
> 252 2.0.0 postmas...@google.com
> VRFY postmas...@web.de
> 252 2.0.0 postmas...@web.de
> VRFY blahblah
> 550 5.1.1 <blahblah>: Recipient address rejected: User unknown in local
> recipient table
> VRFY blahb...@web.de
> 252 2.0.0 blahb...@web.de
> QUIT
> 221 2.0.0 Bye
>
>
> Thank you,
> best regards,
> Zrin
>
>
> Am 30.01.2018 um 09:18 schrieb Thomas Eckardt:
>> check the content of 'ldaplistdb' and remove all nolocal domain
entries.
>>
>> eg.
>> @web.de
>>
>> Thomas
>>
>>
>>
>>
>> Von: "Zrin Ziborski" <zrin+a...@ziborski.net>
>> An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
>> Datum: 29.01.2018 16:24
>> Betreff: [Assp-test] UnknownLocalSender / SpoofedSender for non-local
>> domain
>>
------------------------------------------------------------------------
>>
>>
>>
>> ASSP version 2.5.5(17223)
>>
>> Helo all,
>>
>> I've noticed [UnknownLocalSender] and [SpoofedSender] in the log for an
>> external incoming e-mail that has non-local from address:
>>
>> 2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] 212.227.15.4
>> <xxx....@web.de> info: found message size announcement: 9.62 kByte
>> 2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in]
[UnknownLocalSender]
>> 212.227.15.4 <xxx....@web.de> [monitoring] (Invalid Local Sender
>> 'xxx....@web.de')
>> 2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] [SpoofedSender]
>> 212.227.15.4 <xxx....@web.de> [scoring] (No Spoofing Allowed
>> 'xxx....@web.de' in 'mailfrom')
>> 2018/01/03 20:47:08 08828-29715 [Worker_1] [TLS-in] 212.227.15.4
>> <xxx....@web.de> Message-Score: added 37 (slValencePB) for No Spoofing
>> Allowed 'xxx....@web.de' in 'mailfrom', total score for this message is
>> now 37
>> 2018/01/03 20:47:09 08828-29715 [Worker_1] [TLS-in] 212.227.15.4
>> <xxx....@web.de> to: rrr....@defrance.at info: remove IP-score from
>> 212.227.15.4 - this mail passed the SPF check
>> 2018/01/03 20:47:09 08828-29715 [Worker_1] [TLS-in] 212.227.15.4
>> <xxx....@web.de> to: rrr....@defrance.at Message-Score: added -5
>> (spfpValencePB) for SPF pass, total score for this message is now 32
>>
>> Settings:
>>
>> LocalAddresses_Flat: <empty>
>> localDomains: file:files/localdomains.txt
> <file://files/localdomains.txt><file://files/localdomains.txt>
>> DoVRFY: on
>>
>> files/localdomains.txt does NOT contain "web.de".
>>
>> LDAP is not used there.
>>
>> What can cause this behavior?
>> What can I do to debug that?
>>
>> Thank you in advance,
>> Zrin
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
