Talks for meetings

2021-05-30 Thread Russell Coker via luv-main 
The next meeting is on Tuesday and we are a bit short for talks, does anyone 
want to volunteer?

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/

___
luv-main mailing list -- luv-main@luv.asn.au
To unsubscribe send an email to luv-main-le...@luv.asn.au

Re: Talks?

2019-06-25 Thread Craig Sanders via luv-main 
On Sat, Jun 22, 2019 at 09:01:28PM +1000, Russell Coker wrote:
> We are currently having problems where mail Andrew sends to luv-main gets
> blocked by localhost.
>
> # postconf -d|grep mynet
> mynetworks = 127.0.0.0/8 10.10.10.0/24 [::1]/128 [2a01:4f8:140:71f5::]/64
> [fe80::]/64
>
> Below are the relevant log entries.  It seems that ::1 is not being accepted
> as an exclusion for spam checks, from the above you can see that ::1 is in
> mynetworks and from the attached main.cf you can see that permit_mynetworks is
> before other checks.  Any ideas as to what the problem might be and why it
> only seems to affect Andrew's mail?
>
> To clarify, what happens is that outbound mail from the list server is sent to
> localhost and the Postfix instance on localhost is rejecting it.
>
> >From the attached master.cf you can see that localhost is excluded from
> SpamAssassin and ClamAV checks.

> Jun 18 16:21:47 itmustbe postfix/cleanup[23587]: CADE6B0AD: reject: header
> From: achalmers--- via luv-main  from localhost[::1];
> from= to= proto=ESMTP
> helo=: 5.7.1 550 Message rejected Mail from a likely spam
> domain 10002

That's not a standard postfix rejection message, so it's coming from something
else - perhaps one of your smtpd milters?

googling for the error message text (in quotes) doesn't come up with anything,
so it doesn't seem to be a common error message - it's probably a custom rule.
try grepping for ""Mail from a likely spam domain" in your postfix & milter
etc config files..

What domain is the mail coming from? has that domain somehow got itself onto
an RBL?



BTW, the fact that the message even gets a postfix queue id means that postfix
has, at some stage, accepted the message. messages rejected during the initial
smtpd session get tagged with NOQUEUE in the logs instead of a queue id. which
means that it's unlikely to have anything to do with the ::1 address.

Try examining the entire chain of events for a single message - i.e. grep for
the postfix queue ID, e.g. 'grep CADE6B0AD: /var/log/mail.log'.

This may show other related IDs that need to be grepped for if the message is
passed to an external filter and then back into postfix (this is pretty normal
on my postfix box, because I use amavisd as a content_filter, but I don't know
if you'd see the same using a milter).

(i wrote a perl script years ago to do a two-pass search for mail.log entries.
give it a search regexp such as an email address and it'll find all the queue
ids in the log matching that, then it'll grep for those queue ids in the log.
you can find it at http://taz.net.au/postfix/scripts/mailgrep.pl. try it with
something like: 'mailgrep.pl -s "from=
___
luv-main mailing list
luv-main@luv.asn.au
https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main

Talks

2019-06-23 Thread Russell Coker via luv-main 
Andrew says: We need the people that wanted to speak next month to COME 
FORWARD can we ask the list for these ppl to contact me.

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/

___
luv-main mailing list
luv-main@luv.asn.au
https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main

Re: Talks?

2019-06-22 Thread Russell Coker via luv-main 
We are currently having problems where mail Andrew sends to luv-main gets 
blocked by localhost.

# postconf -d|grep mynet
mynetworks = 127.0.0.0/8 10.10.10.0/24 [::1]/128 [2a01:4f8:140:71f5::]/64 
[fe80::]/64

Below are the relevant log entries.  It seems that ::1 is not being accepted 
as an exclusion for spam checks, from the above you can see that ::1 is in 
mynetworks and from the attached main.cf you can see that permit_mynetworks is 
before other checks.  Any ideas as to what the problem might be and why it 
only seems to affect Andrew's mail?

To clarify, what happens is that outbound mail from the list server is sent to 
localhost and the Postfix instance on localhost is rejecting it.

>From the attached master.cf you can see that localhost is excluded from 
SpamAssassin and ClamAV checks. 

Jun 18 16:21:47 itmustbe postfix/cleanup[23587]: CADE6B0AD: reject: header 
From: achalmers--- via luv-main  from localhost[::1]; 
from= to= proto=ESMTP 
helo=: 5.7.1 550 Message rejected Mail from a likely spam 
domain 10002
Jun 18 16:21:47 itmustbe postfix/cleanup[23587]: CD54CB0AD: reject: header 
From: achalmers--- via luv-main  from localhost[::1]; 
from= to= proto=ESMTP 
helo=: 5.7.1 550 Message rejected Mail from a likely spam 
domain 10002
Jun 18 16:21:48 itmustbe postfix/cleanup[23587]: D96C3B0AD: reject: header 
From: achalmers--- via luv-main  from localhost[::1]; 
from= to= proto=ESMTP 
helo=: 5.7.1 550 Message rejected Mail from a likely spam 
domain 10002
Jun 18 16:21:48 itmustbe postfix/cleanup[23587]: 26916B0AD: reject: header 
From: achalmers--- via luv-main  from localhost[::1]; 
from= to= proto=ESMTP 
helo=: 5.7.1 550 Message rejected Mail from a likely spam 
domain 10002

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/letsencrypt/live/www.luv.asn.au/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/www.luv.asn.au/privkey.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/www.luv.asn.au/chain.pem

smtpd_tls_mandatory_protocols = TLSv1
smtpd_use_tls=yes
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_security_level = may

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = luv.asn.au
alias_maps = hash:/etc/aliases,hash:/etc/aliases.mailman
alias_database = hash:/etc/aliases,hash:/etc/aliases.mailman
myorigin = /etc/mailname
mydestination = itmustbe.luv.asn.au, lists.luv.asn.au, tainted.luv.asn.au, 
luv.asn.au, localhost
mydomain = luv.asn.au

relayhost = 
#mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

# We need this so we can just send all @lists email to mailman.
#relay_domains = luv.asn.au, lists.luv.asn.au, lists.wikimedia.org.au
relay_domains = luv.asn.au, lists.luv.asn.au
transport_maps = hash:/etc/postfix/transport
mailman_destination_recipient_limit = 1

smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_pipelining, reject_unknown_client, permit

smtpd_restriction_classes = greylist
greylist = check_policy_service inet:127.0.0.1:10023

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, 
check_policy_service unix:private/spfcheck, reject_unauth_destination, 
reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_hostname, 
reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_pipelining, 
reject_unknown_client, check_recipient_access hash:/etc/postfix/greylist_optin, 
permit

smtpd_data_restrictions = reject_unauth_pipelining, permit

smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_hostname, 
permit

smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, 
reject_unknown_sender_domain, permit

header_checks = regexp:/etc/postfix/regex/header_checks
body_checks = regexp:/etc/postfix/regex/body_checks
mime_header_checks = regexp:/etc/postfix/regex/mime_checks

access_map_reject_code = 554
invalid_hostname_reject_code = 554
maps_rbl_reject_code = 554
reject_code = 550
relay_domains_reject_code = 550
unknown_address_reject_code = 450