Re: postscreen feature request
On Monday, March 9, 2015 4:21 PM, Noel Jones njo...@megan.vbhcs.org wrote: For performance reasons, postscreen does not do PTR lookups, nor will PTR lookups be added to postscreen in the foreseeable future. I'm not sure how one (type of) dns query is a performance concern, and another is not, see below. Either use one of the many RBLs that list dynamic clients, or put it's quite possible, however these RBLs are hardly complete, so the regex match still makes sense. your PTR check in one of the smtpd_*_restrictions. I'd rather avoid this since I don't want zombies to occupy smtpd processes. Albert
Re: Chained content filters
El 2015-03-09 21:31, Roger Walters escribió: Hello, I have a few chained content filters based on pipe, so when the first script ends its task, it sends the processed headers to the second script and so on. It is clear how to get the content back to Postfix as an input, using the sendmail command. My question is how can the last content filter tell to Postfix that the message has been put on hold, has been temporarily or permanently rejected? When one has just one content filter I know that it's enough to print the command using some sprintf-like function, but I don't know how to do it when there are many chained content filters. Any idea? Thank you. I don't know if it's the best way to go (not even if it should work) but you could add a header in the last content filter and add an entry in the header_checks table so that e-mail is put on hold/rejected/etc, and use the same sendmail command you use to reinject the e-mail to Postfix. Something like: header_checks = regex:/etc/postfix/header_checks /etc/postfix/header_checks: ^Your-Header-Definition$ HOLD This mail must be revised Regards, Nicolás
Re: postscreen feature request
Kov?cs Albert: On Monday, March 9, 2015 4:21 PM, Noel Jones njo...@megan.vbhcs.org wrote: For performance reasons, postscreen does not do PTR lookups, nor will PTR lookups be added to postscreen in the foreseeable future. I'm not sure how one (type of) dns query is a performance concern, and another is not, see below. You see no performance difference between querying a small number of well-operated DNS servers that are chosen by the local sysadmin, versus random DNS servers all over the Internet that are determined by the sender's IP address? I'd rather avoid this since I don't want zombies to occupy smtpd processes. With postscreen, zombies don't get to occupy smtpd processes, by using DNSBLs and pregreet tests. Wietse
Re: Exception for authenticated user when using reject_authenticated_sender_login_mismatch.
Hi Viktor, Viktor Dukhovni wrote: On Tue, Mar 10, 2015 at 02:33:08AM +, Mick wrote: You'd have to look at postfix.org documentation I'm afraid. One of: http://www.postfix.org/mysql_table.5.html That was generally enlightening. RHS? Royal Horticultural Society ;-) How about right-hand-side. Doh! Don't want to ever spend that much time banging my head against a brick wall again. It'll get easier, but not if you're unwilling to read the documentation. First read the book, for the concepts, then the docs for the latest up-to-date details. I hope so. It is nice to have the book of postfix. The official documentation contains short examples, not complete system walk-throughs. Enjoy the book. I'm only on chapter 2, page 10 and so far, Stopped to look at http://www.ntp.org seeing as my clock is 39 seconds slow! In for a penny, in for a pound. If I carry on enjoying the book (which I'm sure I will), I may purchase a hard copy, though not at the current Amazon.co.uk price. Many thanks, Mick.
Re: Discussion about SPF signatures / Email security.
On Tue, March 10, 2015 09:38, L. D. James wrote: This email message is confidential and/or privileged. It is to be used by the intended recipient only. Use of the information contained in this email by anyone other than the intended recipient is strictly prohibited. If you have received this message in error, please notify the sender immediately and promptly destroy any record of this email. -- I love reading this crap at the end of institutional email. Which translated roughly means: We sent this message via the cheapest possible means available to us because we put profits above all else, especially the privacy of your correspondence with us. However, if this postcard does end up in the hands of anyone other than the addressee then please do not read it. In fact we prohibit whatever unknown person or persons that may come to possess a copy of this message, of which there are an unknown number, from reading any of it. Including this warning. The penalty for non-compliance to be determined later, maybe, whenever. P.S. Report yourself to the authorities and destroy the evidence. It seems to me that we are are graduating far too many lawyer wannabes and not nearly enough people who can think. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: REJECT - when sending - 501 Syntax error in parameters or arguments
On Mon, March 9, 2015 17:55, Viktor Dukhovni wrote: On Mon, Mar 09, 2015 at 05:08:24PM -0400, James B. Byrne wrote: I have no idea what is going on. So it seems, but you're also thinking clearly. Thank you. I will show this to my wife. However, that statement may reduce your stature in her eyes. Anyway, back to the problem at hand. I cannot see what the difficulty is. This is what the peer_debug shows: Mar 10 08:44:50 inet08 postfix/smtpd[4686]: disconnect from localhost[127.0.0.1] Mar 10 08:44:50 inet08 postfix-p25/smtpd[4671]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 72803609C3; from=y...@harte-lyne.ca to=x...@cuttingedgegrowersupply.com proto=ESMTP helo=inet08.hamilton.harte-lyne.ca Mar 10 08:44:50 inet08 postfix-p25/smtpd[4671]: disconnect from inet08.hamilton.harte-lyne.ca[216.185.71.28] Mar 10 08:44:50 inet08 postfix/smtp[4688]: smtp_stream_setup: maxtime=300 enable_deadline=0 Mar 10 08:44:51 inet08 postfix/smtp[4688]: mx00.1and1.com[74.208.5.3]:25: 220 perfora.net (mxeueus003) Nemesis ESMTP Service ready Mar 10 08:44:51 inet08 postfix/smtp[4688]: mx00.1and1.com[74.208.5.3]:25: EHLO inet08.hamilton.harte-lyne.ca Mar 10 08:44:51 inet08 postfix/smtp[4688]: mx00.1and1.com[74.208.5.3]:25: 250-perfora.net Hello inet08.hamilton.harte-lyne.ca [216.185.71.28] Mar 10 08:44:51 inet08 postfix/smtp[4688]: mx00.1and1.com[74.208.5.3]:25: 250-SIZE 157286400 Mar 10 08:44:51 inet08 postfix/smtp[4688]: mx00.1and1.com[74.208.5.3]:25: 250 STARTTLS Mar 10 08:44:51 inet08 postfix/smtp[4688]: server features: 0x1019 size 157286400 Mar 10 08:44:51 inet08 postfix/smtp[4688]: smtp_stream_setup: maxtime=300 enable_deadline=0 Mar 10 08:44:51 inet08 postfix/smtp[4688]: mx00.1and1.com[74.208.5.3]:25: STARTTLS Mar 10 08:44:51 inet08 postfix/smtp[4688]: mx00.1and1.com[74.208.5.3]:25: 220 OK Mar 10 08:44:51 inet08 postfix/smtp[4688]: send attr request = lookup Mar 10 08:44:51 inet08 postfix/smtp[4688]: send attr cache_type = smtp Mar 10 08:44:51 inet08 postfix/smtp[4688]: send attr cache_id = smtpcuttingedgegrowersupply.commx00.1and1.com74.208.5.318925CFD1994908231EE664DD71B50A35145D12071DA608E6A2F6BB29D6F49EF Mar 10 08:44:51 inet08 postfix/smtp[4688]: private/tlsmgr: wanted attribute: status Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute name: status Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute value: 4294967295 Mar 10 08:44:51 inet08 postfix/smtp[4688]: private/tlsmgr: wanted attribute: session Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute name: session Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute value: (end) Mar 10 08:44:51 inet08 postfix/smtp[4688]: private/tlsmgr: wanted attribute: (list terminator) Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute name: (end) Mar 10 08:44:51 inet08 postfix/smtp[4688]: send attr request = seed Mar 10 08:44:51 inet08 postfix/smtp[4688]: send attr size = 32 Mar 10 08:44:51 inet08 postfix/smtp[4688]: private/tlsmgr: wanted attribute: status Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute name: status Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute value: 0 Mar 10 08:44:51 inet08 postfix/smtp[4688]: private/tlsmgr: wanted attribute: seed Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute name: seed Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute value: mqhut6wDydKDxO7whN0qzL19PS0kZukKoBHS6x9h6JE= Mar 10 08:44:51 inet08 postfix/smtp[4688]: private/tlsmgr: wanted attribute: (list terminator) Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute name: (end) Mar 10 08:44:51 inet08 postfix/smtp[4688]: send attr request = update Mar 10 08:44:51 inet08 postfix/smtp[4688]: send attr cache_type = smtp Mar 10 08:44:51 inet08 postfix/smtp[4688]: send attr cache_id = smtpcuttingedgegrowersupply.commx00.1and1.com74.208.5.318925CFD1994908231EE664DD71B50A35145D12071DA608E6A2F6BB29D6F49EF Mar 10 08:44:51 inet08 postfix/smtp[4688]: send attr session = [data 1312 bytes] Mar 10 08:44:51 inet08 postfix/smtp[4688]: private/tlsmgr: wanted attribute: status Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute name: status Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute value: 0 Mar 10 08:44:51 inet08 postfix/smtp[4688]: private/tlsmgr: wanted attribute: (list terminator) Mar 10 08:44:51 inet08 postfix/smtp[4688]: input attribute name: (end) Mar 10 08:44:51 inet08 postfix/smtp[4688]: smtp_stream_setup: maxtime=300 enable_deadline=0 Mar 10 08:44:51 inet08 postfix/smtp[4688]: mx00.1and1.com[74.208.5.3]:25: EHLO inet08.hamilton.harte-lyne.ca Mar 10 08:44:51 inet08 postfix/smtp[4688]: mx00.1and1.com[74.208.5.3]:25: 250-perfora.net Hello inet08.hamilton.harte-lyne.ca [216.185.71.28] Mar 10 08:44:51 inet08 postfix/smtp[4688]: mx00.1and1.com[74.208.5.3]:25: 250 SIZE 157286400 Mar 10 08:44:51 inet08 postfix/smtp[4688]: server features: 0x1009 size 157286400 Mar 10 08:44:51
Re: Chained content filters
Roger Walters: Hello, I have a few chained content filters based on pipe, so when the first script ends its task, it sends the processed headers to the second script and so on. It is clear how to get the content back to Postfix as an input, using the sendmail command. My question is how can the last content filter tell to Postfix that the message has been put on hold, has been temporarily or permanently rejected? If you concatenate filters, then each filter must propagate any successor's reject status to its predecessor. As documented in: http://www.postfix.org/pipe.8.html http://www.postfix.org/FILTER-README.html The hold response is not documented, therefore it is not supported. When one has just one content filter I know that it's enough to print the command using some sprintf-like function, but I don't know how to do it when there are many chained content filters. Is that a question about UNIX command pipes? Wietse
Re: Chained content filters
2015-03-10 12:31 GMT+00:00 Wietse Venema wie...@porcupine.org: Roger Walters: Hello, I have a few chained content filters based on pipe, so when the first script ends its task, it sends the processed headers to the second script and so on. It is clear how to get the content back to Postfix as an input, using the sendmail command. My question is how can the last content filter tell to Postfix that the message has been put on hold, has been temporarily or permanently rejected? If you concatenate filters, then each filter must propagate any successor's reject status to its predecessor. As documented in: http://www.postfix.org/pipe.8.html http://www.postfix.org/FILTER-README.html The hold response is not documented, therefore it is not supported. Ok, I'll check whether SpamAssassin supports status propagation in this way. Thank you. When one has just one content filter I know that it's enough to print the command using some sprintf-like function, but I don't know how to do it when there are many chained content filters. Is that a question about UNIX command pipes? Except the SpamAssassin filter (which is the first, by the way), yes. The rest are bash/python scripts. Thank you, Roger Wietse
Re: postscreen feature request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, If you want to block more DUL ip blocks, the easiest way is probably to use some upstream DUL DNSBL providers, and use rbldnsd to create your private DNSBL to provide your own additions. There also is a community-maintained pcre file for smtpd restrictions (located at: http://www.hardwarefreak.com/fqrdns.pcre), that will block many of your candidates at the smtpd level. You could probably get fail2ban or some homegrown logparser create additions to your rbldnsd input file based on the rejections (i.e. postscreen passes, smtpd blocks, ip(-block) is added to rbldnsd, postscreen blocks at next connect). Tom On 10-03-15 16:16, Kovács Albert wrote: On Tuesday, March 10, 2015 1:42 PM, Wietse Venema wie...@porcupine.org wrote: I'm not sure how one (type of) dns query is a performance concern, and another is not, see below. You see no performance difference between querying a small number of well-operated DNS servers that are chosen by the local sysadmin, versus random DNS servers all over the Internet that are determined by the sender's IP address? this isn't exactly what i wrote :-) Obviously querying PTR records may take some time. However, smtpd also needs the PTR record to perform some DNS tests, so sooner or later you need the query. OK, postscreen blocks many of the zombie hosts for sure, so you don't need to perform PTR queries for that many times, however (based on my experience) lots of hosts with names like ppp|dsl|cable|-xx-xx-xx-xx.some.provider.com pass postscreen ending up at smtpd. Anyway I started to use an RBL targeting dynamic IP blocks, and it makes postscreen dropping many such zombies, though no RBL is accurate, so I believe there's still some room for optimization. If there's some deeper guide or you could provide some hints on how postfix does dns resolution, I'd appreciate it, and perhaps I could make it for myself. With postscreen, zombies don't get to occupy smtpd processes, by using DNSBLs and pregreet tests. unfortunately not all of them, that's why I'd improve postscreen to have a better hit ratio. Albert -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJU/yPbAAoJEJPfMZ19VO/16YwQAMCbKHTgIcbltHWd1btMZfcl E5BMs3ILcTK0+ABWJu9F4337SmWbZD/hOjO1F0JTi2UjfvmeyGGLGa+mjrRc2jSS 2I9UhqKF6wv/HI8O39P1NIYkoskav3Vlcimz5bRxtQAQPfhA8wcYiVM+Dun6R90G YgZgjK3YiJOPNtfAvf+iiGPbKst7k/RVgRvyLHq/lcbm8+ykLh5DRvw0Gf2ENlmL ImTClziBYFBvlJuLI9ECZu8RkSCl/5y3tNibjtUgktAUtRXO5jFg6oK0ht1E8hBK qMtRxhQ4Z1nJ8KBz/FR/SiX1qL/kg9TzL+ab5FspzfMxA03GhEVl/CNz7CtU8sUB dNfUayIMRq+5bwxJquixK+ux+8213AqOt5SGtX5sOGw5gLH2NGNk2wHQnZlyzN0n 6CvX0L1ESASRSJCpn2Ipc85EuuYoIE1njVNJiaaSZGE7TEadaCq9Xl9XTFjGOA+N /+mLXd4GgUB+Liuyjs/sxYZbc2KqlY8L4t8a0N0K0gLsTy1ZFnffiUqUJD2crrcm 3PilFNV2dv4Oxj93VbaXAsF4FndGXPfcjs862ct21FIzO+Sbf+SDEdQperxI6ep+ 6fEh0/mNQd+464zcMb0NtaVIrXJ+RhM/FHG+3kOhHuKwtxRslQNplH2lbWWxfquI Tkkf6BBb5sHKTT1W4q0M =7U0a -END PGP SIGNATURE-
Re: REJECT - when sending - 501 Syntax error in parameters or arguments
On Tue, Mar 10, 2015 at 09:21:31AM -0400, James B. Byrne wrote:
Mar 10 08:44:51 inet08 postfix/smtp[4688]: mx00.1and1.com[74.208.5.3]:25:
EHLO inet08.hamilton.harte-lyne.ca
Mar 10 08:44:51 inet08 postfix/smtp[4688]: mx00.1and1.com[74.208.5.3]:25:
250-perfora.net Hello inet08.hamilton.harte-lyne.ca [216.185.71.28]
A well-formed EHLO was sent and accepted.
Mar 10 08:44:51 inet08 postfix/smtp[4688]: EHLO
inet08.hamilton.harte-lyne.ca
Mar 10 08:44:51 inet08 postfix/smtp[4688]: 250-perfora.net Hello
inet08.hamilton.harte-lyne.ca [216.185.71.28]
Ditto after STARTTLS.
Mar 10 08:44:51 inet08 postfix/smtp[4688]: MAIL FROM:y...@harte-lyne.ca
SIZE=1130
Mar 10 08:44:51 inet08 postfix/smtp[4688]: 250 Requested mail action okay,
completed
Mar 10 08:44:51 inet08 postfix/smtp[4688]: RCPT
TO:x...@cuttingedgegrowersupply.com
Mar 10 08:44:52 inet08 postfix/smtp[4688]: 250 OK
Mar 10 08:44:52 inet08 postfix/smtp[4688]: DATA
Mar 10 08:44:52 inet08 postfix/smtp[4688]: 354 Start mail input; end with
CRLF.CRLF
Mar 10 08:44:52 inet08 postfix/smtp[4688]: .
Mar 10 08:44:52 inet08 postfix/smtp[4688]: 250 Requested mail action okay,
completed: id=0MThqw-1Y4oQl30AC-00QU3L
And the message got through.
Mar 10 08:44:52 inet08 postfix/smtp[4688]: 72803609C3:
to=x...@cuttingedgegrowersupply.com,
relay=mx00.1and1.com[74.208.5.3]:25, delay=2.1,
delays=0.1/0.09/0.97/0.99, dsn=2.0.0, status=sent
(250 Requested mail action okay, completed: id=0MThqw-1Y4oQl30AC-00QU3L)
Also per the non-verbose logging.
The original messages seem to have been accepted initially as well:
Mar 9 11:17:08 inet08 postfix/smtp[31780]: C98B061210:
to=x...@cuttingedgegrowersupply.com,
relay=mx01.1and1.com[74.208.5.21]:25, delay=2.4,
delays=0.07/0/1.2/1.1, dsn=2.0.0, status=sent (250 Requested mail
action okay, completed: id=0MIfHC-1YSmVP0rLU-002Hww)
Mar 9 11:17:08 inet08 postfix/smtp[31780]: C98B061210:
to=j...@cuttingedgegrowersupply.com,
relay=mx01.1and1.com[74.208.5.21]:25, delay=2.4,
delays=0.07/0/1.2/1.1, dsn=2.0.0, status=sent (250 Requested mail
action okay, completed: id=0MIfHC-1YSmVP0rLU-002Hww)
One message, two recipients. negligible delay, but you might do
better with the attached collate script.
# perl collate /var/log/maillog |
perl -ne 'BEGIN {$/=\n\n; $relay = shift} print if
m{relay=\Q$relay\E\[}o' \
mx01.1and1.com
Which shows related logging.
But these are the messages that were later reported has giving a 501
error.
Post largely unmunged logs for this claim. (You can obfuscate
address localparts if you like).
--
Viktor.
#! /usr/bin/perl
use strict;
use warnings;
# Postfix delivery agents
my @agents = qw(discard error lmtp local pipe smtp virtual);
my $instre = qr{(?x)
\A # Absolute line start
(?:\S+ \s+){3} # Timestamp, adjust for other time formats
\S+ \s+ # Hostname
(postfix(?:-\S+)?)/ # postfix instance
};
my $cmdpidre = qr{(?x)
\G # Continue from previous match
(\S+)\[(\d+)\]:\s+ # command[pid]:
};
my %smtpd;
my %smtp;
my %transaction;
my $i = 0;
my %seqno;
my %isagent = map { ($_, 1) } @agents;
while () {
next unless m{$instre}ogc; my $inst = $1;
next unless m{$cmdpidre}ogc; my $command = $1; my $pid = $2;
if ($command eq smtpd) {
if (m{\Gconnect from }gc) {
# Start new log
$smtpd{$pid}-{log} = $_; next;
}
$smtpd{$pid}-{log} .= $_;
if (m{\G(\w+): client=}gc) {
# Fresh transaction
my $qid = $inst/$1;
$smtpd{$pid}-{qid} = $qid;
$transaction{$qid} = $smtpd{$pid}-{log};
$seqno{$qid} = ++$i;
next;
}
my $qid = $smtpd{$pid}-{qid};
$transaction{$qid} .= $_
if (defined($qid) exists $transaction{$qid});
delete $smtpd{$pid} if (m{\Gdisconnect from}gc);
next;
}
if ($command eq pickup) {
if (m{\G(\w+): uid=}gc) {
my $qid = $inst/$1;
$transaction{$qid} = $_;
$seqno{$qid} = ++$i;
}
next;
}
# bounce(8) logs transaction start after cleanup(8) already logged
# the message-id, so the cleanup log entry may be first
#
if ($command eq cleanup) {
next unless (m{\G(\w+): }gc);
my $qid = $inst/$1;
$transaction{$qid} .= $_;
$seqno{$qid} = ++$i if (! exists $seqno{$qid});
next;
}
if ($command eq qmgr) {
next unless (m{\G(\w+): }gc);
Full log entries or take a hike (was: REJECT - when sending - 501 Syntax error in parameters or arguments)
On Tue, Mar 10, 2015 at 05:33:38PM +, Viktor Dukhovni wrote: Post largely unmunged logs for this claim. (You can obfuscate address localparts if you like). So it seems you started this thread with: x...@cuttingedgegrowersupply.com: host mx01.1and1.com[74.208.5.21] refused to talk to me: 501 Syntax error in parameters or arguments without disclosing that this was NOT part of a message from your logs, but was rather an out of context excerpt from a bounce, and without checking that the bounce was sent by the server in question. All the while providing configuration information for entirely the wrong machine. Thereby wasting a bunch of my time and yours. You might appreciate that I'm not happy about this. This is the last time I am helping with a request based on a log fragment. If anyone wants help, they'll have to post complete log entries. Requests for help based on short extracts from logs will forthwith be ignored. -- Viktor.
Re: postscreen feature request
On Tuesday, March 10, 2015 1:42 PM, Wietse Venema wie...@porcupine.org wrote: I'm not sure how one (type of) dns query is a performance concern, and another is not, see below. You see no performance difference between querying a small number of well-operated DNS servers that are chosen by the local sysadmin, versus random DNS servers all over the Internet that are determined by the sender's IP address? this isn't exactly what i wrote :-) Obviously querying PTR records may take some time. However, smtpd also needs the PTR record to perform some DNS tests, so sooner or later you need the query. OK, postscreen blocks many of the zombie hosts for sure, so you don't need to perform PTR queries for that many times, however (based on my experience) lots of hosts with names like ppp|dsl|cable|-xx-xx-xx-xx.some.provider.com pass postscreen ending up at smtpd. Anyway I started to use an RBL targeting dynamic IP blocks, and it makes postscreen dropping many such zombies, though no RBL is accurate, so I believe there's still some room for optimization. If there's some deeper guide or you could provide some hints on how postfix does dns resolution, I'd appreciate it, and perhaps I could make it for myself. With postscreen, zombies don't get to occupy smtpd processes, by using DNSBLs and pregreet tests. unfortunately not all of them, that's why I'd improve postscreen to have a better hit ratio. Albert
[SOLVED]: REJECT - when sending - 501 Syntax error in parameters or arguments
The mystery has been solved. The subject emails were not in fact sent through our smtp host but originated from a web application running on a host that is not listed as authorised in our spf. That was the real reason the person reporting the error could not provide me with a copy of their original message, which they cleverly managed to conceal until pressed on the issue this morning. They also resent the same messages manually through our proper mail server immediately after the transmission failures. So, there were entries in our mail host logs that corresponded to the approximate time that the error messages were generated but which showed no transmission errors. The offending web application is now configured to send through our public mail server. Thanks for all the help. It was an educational experience. Hopefully not to be repeated but valuable none-the-less. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: Full log entries or take a hike (was: REJECT - when sending - 501 Syntax error in parameters or arguments)
On Tue, March 10, 2015 14:04, Viktor Dukhovni wrote: On Tue, Mar 10, 2015 at 05:33:38PM +, Viktor Dukhovni wrote: Post largely unmunged logs for this claim. (You can obfuscate address localparts if you like). So it seems you started this thread with: x...@cuttingedgegrowersupply.com: host mx01.1and1.com[74.208.5.21] refused to talk to me: 501 Syntax error in parameters or arguments without disclosing that this was NOT part of a message from your logs, but was rather an out of context excerpt from a bounce, and without checking that the bounce was sent by the server in question. All the while providing configuration information for entirely the wrong machine. Thereby wasting a bunch of my time and yours. You might appreciate that I'm not happy about this. I apologise. That was not my intent. I attempted to locate the relevant log entries and was unsuccessful. Due to the simple fact I was looking in the wrong place. I could not find the entries in the log file so what I had I posted here. My original question was to the effect: What does 501 blah blah mean? Debugging the problem sort of grew out the initial inquiry. I posted what I had because I did not know what type of error I was looking for and thus what might cause it. What is self-evident to you is somewhat obscure for me. It never crossed my mind that email was being sent out from any other server than our public host because we block port 25 outgoing for all but a limited number of hosts. Unfortunately, the web application in question is our fax service and while that application does indeed permit mailing faxes it had not been configured to do so. That host is also on the list of permitted addresses to use TCP25 out because it belongs to our comm block segment. Postfix is also installed on that server to enable administrative email. The web fax configuration default sends SMTP to 127.0.0.1, the user thought that it would simpler to forward a fax via email, and the rest is history. It was only after I confronted the individual with the evidence that traffic was in fact moving to our client that the truth came out. Sincerely, -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
