Re: Identifing bounce messages whene queue lifetime is expired

[Wietse Venema]

i...@itrezero.it:
> Hi all.
> I usually receive DSN messages from my postfix in the format as below.
> They are sent to a script for regex analysis.
> My question: is there a way to customize these "undelivered mail" messages
> when thay come from emails not delivered because max lifetime in the queue
> is expired? 
> It seems like a lifetime-expired-bounce message has the same
> format/text/codes as a normal bounce for "user or domain not found". Or is
> there any way to identify former messages (= lifetime-expired ones) looking
> for some error codes, strings, etc. ?
> Thank you very much for your help.
> -Francesco

The text at the beginning of a bounce message is configurable; see
"man 5 bounce". The remainder of the message is formatted according
to RFCs, and is therefore not configurable.

Wietse

Re: [MASSMAIL]Re: per-milter configuration

[Wietse Venema]

? ?:
> FYI:
> 
> This per-milter configuration is wrong:
> 
>  { inet:127.0.0.1:9027,
>  default_action = tempfail,
>  protocol = 3,
>  connect_timeout = 180,
>  command_timeout = 180,
>  content_timeout = 600 }

MILTER_README says:

1 /etc/postfix/main.cf:
2 smtpd_milters = { inet:host:port,
3 connect_timeout=10s, default_action=accept }

Instead of a server endpoint, we now have a list enclosed in {}.
...
Inside the list, syntax is similar to what we already know from
main.cf: items separated by space or comma. There is one
difference: YOU MUST ENCLOSE A SETTING IN PARENTHESES, AS IN
"{ NAME = VALUE }", IF YOU WANT TO HAVE SPACE OR COMMA WITHIN
A VALUE OR AROUND "=".

The text that is in BOLD FONT is shown in upper case above.

So, what is wrong with the documentation?

Wietse

Identifing bounce messages whene queue lifetime is expired

[info]

Hi all.
I usually receive DSN messages from my postfix in the format as below.
They are sent to a script for regex analysis.
My question: is there a way to customize these "undelivered mail" messages
when thay come from emails not delivered because max lifetime in the queue
is expired?
It seems like a lifetime-expired-bounce message has the same
format/text/codes as a normal bounce for "user or domain not found". Or is
there any way to identify former messages (= lifetime-expired ones) looking
for some error codes, strings, etc. ?
Thank you very much for your help.
-Francesco

 Bounce message example obtained when queue lifetime was
expired on my postfix -
>From MAILER-DAEMON  Tue Oct  4 17:57:08 2016
Return-Path: <>
X-Original-To: bouncexx...@.it
Delivered-To: rr...@localhost.tt.it
Received: by mx4..it (Postfix)
id 03D28CE450; Tue,  4 Oct 2016 17:57:01 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=.it; s=default;
t=1475596621; bh=qSsNQZkXj2y3zLnJB4Jq1e1C6Xz/rIerI6S66JHdb2A=;
h=Date:From:Subject:To:MIME-Version:Content-Type:Message-Id;
b=QE7N+oIVDQawNpiBAgiYG8X1MNEzzcsCF3uVoq3ZULwA08meYbAUlNGudawvXb0yH
 PP6WGMm6g81yM5FNphCr0XTSmUl5IHCc6oWRhsSejXg3N9PxzxHDbvXYow/F+MQxeO
 xMLDS0aSKpr7ZUAE5r6ZHjymUFLhwuAQG2nmkQdA=
Date: Tue,  4 Oct 2016 17:57:01 +0200 (CEST)
From: mailer-dae...@mx4..it (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: bouncexx...@.it
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="D2778CF145.1475596621/mx4..it"
Message-Id: <20161004155701.03d28ce...@mx4..it>

This is a MIME-encapsulated message.

--D2778CF145.1475596621/mx4..it
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii

This is the mail system at host mx4..it.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

   The mail system

: delivery temporarily suspended: lost connection with
mx4.hotmail.com[65.55.92.152] while sending RCPT TO

--D2778CF145.1475596621/mx4..it
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; mx4..it
X-Postfix-Queue-ID: D2778CF145
X-Postfix-Sender: rfc822; bouncey...@.it
Arrival-Date: Thu, 29 Sep 2016 17:22:35 +0200 (CEST)

Final-Recipient: rfc822; yy...@hotmail.it
Original-Recipient: rfc822; yy...@hotmail.it
Action: failed
Status: 4.4.2
Diagnostic-Code: X-Postfix; delivery temporarily suspended: lost connection
with mx4.hotmail.com[65.55.92.152] while sending RCPT TO

--D2778CF145.1475596621/mx4..it
Content-Description: Undelivered Message
Content-Type: message/rfc822
[.]


---
Questa e-mail è stata controllata per individuare virus con Avast antivirus.
https://www.avast.com/antivirus

Re: e-mail filtering base on the IP

[Benny Pedersen]

On 2016-10-04 13:28, Zalezny Niezalezny wrote:


is it possible to route messages base on the sender IP address ?


yes its possible (sadly)


So for example from host A I would like to route all messages to host
Z and from the rest of the hosts to host Y.


google found this one here

https://www.howtoforge.com/community/threads/postfix-relay-one-domain-to-smarthost-a-all-else-to-smarthost-b.62955/


Is it possible some how to configure it ?


its much much more simple in dns

Re: sorbs.net blacklist too aggressive?

[/dev/rob0]

This thread probably needs to wind down; once again I will suggest 
taking discussions of this nature to a list I co-manage:

   http://spammers.dontlike.us/

On Tue, Oct 04, 2016 at 01:13:00AM -0400, Sean Greenslade wrote:
> On Tue, Oct 04, 2016 at 05:37:33PM +1300, Peter wrote:
> > The main problem with this is that one of the primary advantages 
> > to using a DNSRBL is that it sits in front of SpamAssassin.  
> > DNSRBL blockign does not require deep inspection of message 
> > content so it can be checked first and clients blocked without 
> > wasting valuable server resources on anti-spam techniques that
> > do require deep inspection (such as SA).  If you're only
> > checking the DNSRBLs from within SA itself then you negate
> > this advantage completely.

> That's true, however as I said in my previous message, I personally 
> would rather err on the side of accepting a questionable message. I 
> don't consider it a waste of resources.

The problem with this reasoning is that DNSBLs are far more accurate 
spam detectors than content filters are.  And the reason for that is 
that spam is all about consent (did the sender have permission to 
send to the recipient?) and not about content.

I've seen spam runs from botnets with only a short text message, no 
marketing at all.  It's still spam, coming from a botnet.  That's the 
main reason we have postscreen: to stop the zombie armies.  DNSBL 
scoring is a side benefit which happens to block a bunch of the 
"grayhat" spammers (list washers, et c.)

> There are plenty of valid reasons one may want to accept and store 
> spam messages. Having a corpus of spam allows for [re]training of 
> bayesian filters. It also allows for manual inspection of the types 
> of spam currently in circulation.

DNSBL operators do look at some of the spew that hits their spamtrap 
addresses, yes, and this information helps in tracking malware and 
botnets.  But content-based identification of spam is never going to 
get around the infinite variations that spammers are using, and will 
be using.

That's the nice thing about a spamtrap: the owner of a proper 
spamtrap *knows* that the address has never been used legitimately, 
so every mail it gets is some form of abuse.  It's either spam from 
address harvesting, or confirmation attempts from legitimate bulk 
senders, wherein the address was falsely "subscribed".  (Those 
usually come from botnets also.)

> It allows users the chance to check for false positives and flag 
> them as such.
> 
> In my opinion, outright rejection should be reserved for messages 
> that you are 100% sure are spam.

And a problem with this is that rejection is the best way for an 
actual human sender to know that the mail was not delivered.  In fact 
it is far safer to reject than to accept and put in a spam folder.  A 
few users might be conscientious about checking there, but over time 
that's going to decline (especially if you've stored a bunch of junk 
known to be from botnets, that no one would ever want.)

> I don't consider RBLs to be 100% reliable,

Now you're talking FUD.  You just lumped every DNSBL into a single 
category.  That's wrong.  Do look back at Wietse's post in this 
thread about ROC.

But okay, it's also got a grain of truth.  Even Spamhaus can be 
wrong.  (So can SpamAssassin, for that matter; MUCH more frequently 
IME.)

Here's the deal:
  1. If someone is sending from a Zen-listed host, they WILL have
 delivery problems, and not only with you.  They need to fix
 that.  If Spamhaus was wrong, they need to contact Spamhaus.
  2. If someone is sending from a host listed on multiple DNSBLs,
 ditto, they WILL have delivery problems.  Yes, SORBS is more
 aggressive, but those SORBS-listed hosts have hit spamtraps
 which never should be getting mail.
  3. It's always better to reject and thus notify the sender, than
 to provide more reading material for Dave Null.

Spamhaus are aware of their position in the community.  They do take 
it seriously.  They keep documentation and make samples available.
They are about as close to 100% as is humanly possible.  And do also 
note the "human" word.  Less reliable DNSBLs are fully automated, at 
least for listing, if not for delisting.

> so I would not use them for message rejection. But of course, your 
> setup / users / requirements may be different from mine, so don't 
> take my advice as absolute.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: e-mail filtering base on the IP

[Wietse Venema]

Zalezny Niezalezny:
> Hi,
> 
> is it possible to route messages base on the sender IP address ?
> 
> So for example from host A I would like to route all messages to host Z and
> from the rest of the hosts to host Y.
> 
> Is it possible some how to configure it ?

You can use the FILTER action in a check_client_access table to
deliver an email message via a specific host or message delivery
transport.

some-patternFILTER smtp:host
other-pattern   FILTER special-smtp: (postfix 2.7 or later)

Ditto with policy service:

action=FILTER smtp:host (or special-smtp:)

Wietse

Re: Relay depending on destination ip

[Leonardo Rodrigues]

Em 04/10/16 07:12, Anton Bruckner escreveu:

Hello,
i have following scenario:

Many external mail domains resolve to one single ip address ex 1.2.3.4 after 
dns lookup - is it now possible, to define a rule that says -
relay any mail with destination host "1.2.3.4" to relay host "5.6.7.8" ?

I know that i can do it with a transport rule - but only with names, not ip 
addresses.

Any ideas ?



i have already done that using iptables rules !

iptables -t nat -A POSTROUTING -p tcp --dport 25 -d 
original.destination.ip -j DNAT --to your.relay.ip.host


(or something like that, did not tried the rule, just wrote by head)


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it

e-mail filtering base on the IP

[Zalezny Niezalezny]

Hi,

is it possible to route messages base on the sender IP address ?

So for example from host A I would like to route all messages to host Z and
from the rest of the hosts to host Y.


Is it possible some how to configure it ?


With kind regards

Zalezny

Relay depending on destination ip

[Anton Bruckner]

Hello,
i have following scenario:

Many external mail domains resolve to one single ip address ex 1.2.3.4 after 
dns lookup - is it now possible, to define a rule that says -
relay any mail with destination host "1.2.3.4" to relay host "5.6.7.8" ?

I know that i can do it with a transport rule - but only with names, not ip 
addresses.

Any ideas ?

thank you and best regards,
Anton Bruckner

Re: sorbs.net blacklist too aggressive?

[Michael J Wise]

> On 04/10/16 07:02, Sean Greenslade wrote:
>> On Mon, Oct 03, 2016 at 01:47:28PM -0400, Fongaboo wrote:
>> I personally don't use RBLs as hard blocks. Instead, I have them set up
>> in my spam filter (SpamAssassin) with different weights. That way, if
>> one particular RBL is acting up, I can de-weight it and keep an eye on
>> it without it affecting delivery.
>
> The main problem with this is that one of the primary advantages to
> using a DNSRBL is that it sits in front of SpamAssassin.

Some people would view this as a Feature.
If all you're concerned with is Efficiency, then yes, put some DNSBLs at
the edge.
But if you're trying to do forensics...

Then Fongaboo's approach is the correct one.

One size does NOT fit all, especially with DNSBLs.

Aloha mai Nai`a.
-- 
" So this is how Liberty dies ...  http://kapu.net/~mjwise/
" To Thunderous Applause.