Re: Identifing bounce messages whene queue lifetime is expired
i...@itrezero.it: > Hi all. > I usually receive DSN messages from my postfix in the format as below. > They are sent to a script for regex analysis. > My question: is there a way to customize these "undelivered mail" messages > when thay come from emails not delivered because max lifetime in the queue > is expired? > It seems like a lifetime-expired-bounce message has the same > format/text/codes as a normal bounce for "user or domain not found". Or is > there any way to identify former messages (= lifetime-expired ones) looking > for some error codes, strings, etc. ? > Thank you very much for your help. > -Francesco The text at the beginning of a bounce message is configurable; see "man 5 bounce". The remainder of the message is formatted according to RFCs, and is therefore not configurable. Wietse
Re: [MASSMAIL]Re: per-milter configuration
? ?: > FYI: > > This per-milter configuration is wrong: > > { inet:127.0.0.1:9027, > default_action = tempfail, > protocol = 3, > connect_timeout = 180, > command_timeout = 180, > content_timeout = 600 } MILTER_README says: 1 /etc/postfix/main.cf: 2 smtpd_milters = { inet:host:port, 3 connect_timeout=10s, default_action=accept } Instead of a server endpoint, we now have a list enclosed in {}. ... Inside the list, syntax is similar to what we already know from main.cf: items separated by space or comma. There is one difference: YOU MUST ENCLOSE A SETTING IN PARENTHESES, AS IN "{ NAME = VALUE }", IF YOU WANT TO HAVE SPACE OR COMMA WITHIN A VALUE OR AROUND "=". The text that is in BOLD FONT is shown in upper case above. So, what is wrong with the documentation? Wietse
Identifing bounce messages whene queue lifetime is expired
Hi all. I usually receive DSN messages from my postfix in the format as below. They are sent to a script for regex analysis. My question: is there a way to customize these "undelivered mail" messages when thay come from emails not delivered because max lifetime in the queue is expired? It seems like a lifetime-expired-bounce message has the same format/text/codes as a normal bounce for "user or domain not found". Or is there any way to identify former messages (= lifetime-expired ones) looking for some error codes, strings, etc. ? Thank you very much for your help. -Francesco Bounce message example obtained when queue lifetime was expired on my postfix - >From MAILER-DAEMON Tue Oct 4 17:57:08 2016 Return-Path: <> X-Original-To: bouncexx...@.it Delivered-To: rr...@localhost.tt.it Received: by mx4..it (Postfix) id 03D28CE450; Tue, 4 Oct 2016 17:57:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=.it; s=default; t=1475596621; bh=qSsNQZkXj2y3zLnJB4Jq1e1C6Xz/rIerI6S66JHdb2A=; h=Date:From:Subject:To:MIME-Version:Content-Type:Message-Id; b=QE7N+oIVDQawNpiBAgiYG8X1MNEzzcsCF3uVoq3ZULwA08meYbAUlNGudawvXb0yH PP6WGMm6g81yM5FNphCr0XTSmUl5IHCc6oWRhsSejXg3N9PxzxHDbvXYow/F+MQxeO xMLDS0aSKpr7ZUAE5r6ZHjymUFLhwuAQG2nmkQdA= Date: Tue, 4 Oct 2016 17:57:01 +0200 (CEST) From: mailer-dae...@mx4..it (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: bouncexx...@.it Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="D2778CF145.1475596621/mx4..it" Message-Id: <20161004155701.03d28ce...@mx4..it> This is a MIME-encapsulated message. --D2778CF145.1475596621/mx4..it Content-Description: Notification Content-Type: text/plain; charset=us-ascii This is the mail system at host mx4..it. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system: delivery temporarily suspended: lost connection with mx4.hotmail.com[65.55.92.152] while sending RCPT TO --D2778CF145.1475596621/mx4..it Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; mx4..it X-Postfix-Queue-ID: D2778CF145 X-Postfix-Sender: rfc822; bouncey...@.it Arrival-Date: Thu, 29 Sep 2016 17:22:35 +0200 (CEST) Final-Recipient: rfc822; yy...@hotmail.it Original-Recipient: rfc822; yy...@hotmail.it Action: failed Status: 4.4.2 Diagnostic-Code: X-Postfix; delivery temporarily suspended: lost connection with mx4.hotmail.com[65.55.92.152] while sending RCPT TO --D2778CF145.1475596621/mx4..it Content-Description: Undelivered Message Content-Type: message/rfc822 [.] --- Questa e-mail è stata controllata per individuare virus con Avast antivirus. https://www.avast.com/antivirus
Re: e-mail filtering base on the IP
On 2016-10-04 13:28, Zalezny Niezalezny wrote: is it possible to route messages base on the sender IP address ? yes its possible (sadly) So for example from host A I would like to route all messages to host Z and from the rest of the hosts to host Y. google found this one here https://www.howtoforge.com/community/threads/postfix-relay-one-domain-to-smarthost-a-all-else-to-smarthost-b.62955/ Is it possible some how to configure it ? its much much more simple in dns
Re: sorbs.net blacklist too aggressive?
This thread probably needs to wind down; once again I will suggest taking discussions of this nature to a list I co-manage: http://spammers.dontlike.us/ On Tue, Oct 04, 2016 at 01:13:00AM -0400, Sean Greenslade wrote: > On Tue, Oct 04, 2016 at 05:37:33PM +1300, Peter wrote: > > The main problem with this is that one of the primary advantages > > to using a DNSRBL is that it sits in front of SpamAssassin. > > DNSRBL blockign does not require deep inspection of message > > content so it can be checked first and clients blocked without > > wasting valuable server resources on anti-spam techniques that > > do require deep inspection (such as SA). If you're only > > checking the DNSRBLs from within SA itself then you negate > > this advantage completely. > That's true, however as I said in my previous message, I personally > would rather err on the side of accepting a questionable message. I > don't consider it a waste of resources. The problem with this reasoning is that DNSBLs are far more accurate spam detectors than content filters are. And the reason for that is that spam is all about consent (did the sender have permission to send to the recipient?) and not about content. I've seen spam runs from botnets with only a short text message, no marketing at all. It's still spam, coming from a botnet. That's the main reason we have postscreen: to stop the zombie armies. DNSBL scoring is a side benefit which happens to block a bunch of the "grayhat" spammers (list washers, et c.) > There are plenty of valid reasons one may want to accept and store > spam messages. Having a corpus of spam allows for [re]training of > bayesian filters. It also allows for manual inspection of the types > of spam currently in circulation. DNSBL operators do look at some of the spew that hits their spamtrap addresses, yes, and this information helps in tracking malware and botnets. But content-based identification of spam is never going to get around the infinite variations that spammers are using, and will be using. That's the nice thing about a spamtrap: the owner of a proper spamtrap *knows* that the address has never been used legitimately, so every mail it gets is some form of abuse. It's either spam from address harvesting, or confirmation attempts from legitimate bulk senders, wherein the address was falsely "subscribed". (Those usually come from botnets also.) > It allows users the chance to check for false positives and flag > them as such. > > In my opinion, outright rejection should be reserved for messages > that you are 100% sure are spam. And a problem with this is that rejection is the best way for an actual human sender to know that the mail was not delivered. In fact it is far safer to reject than to accept and put in a spam folder. A few users might be conscientious about checking there, but over time that's going to decline (especially if you've stored a bunch of junk known to be from botnets, that no one would ever want.) > I don't consider RBLs to be 100% reliable, Now you're talking FUD. You just lumped every DNSBL into a single category. That's wrong. Do look back at Wietse's post in this thread about ROC. But okay, it's also got a grain of truth. Even Spamhaus can be wrong. (So can SpamAssassin, for that matter; MUCH more frequently IME.) Here's the deal: 1. If someone is sending from a Zen-listed host, they WILL have delivery problems, and not only with you. They need to fix that. If Spamhaus was wrong, they need to contact Spamhaus. 2. If someone is sending from a host listed on multiple DNSBLs, ditto, they WILL have delivery problems. Yes, SORBS is more aggressive, but those SORBS-listed hosts have hit spamtraps which never should be getting mail. 3. It's always better to reject and thus notify the sender, than to provide more reading material for Dave Null. Spamhaus are aware of their position in the community. They do take it seriously. They keep documentation and make samples available. They are about as close to 100% as is humanly possible. And do also note the "human" word. Less reliable DNSBLs are fully automated, at least for listing, if not for delisting. > so I would not use them for message rejection. But of course, your > setup / users / requirements may be different from mine, so don't > take my advice as absolute. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: e-mail filtering base on the IP
Zalezny Niezalezny: > Hi, > > is it possible to route messages base on the sender IP address ? > > So for example from host A I would like to route all messages to host Z and > from the rest of the hosts to host Y. > > Is it possible some how to configure it ? You can use the FILTER action in a check_client_access table to deliver an email message via a specific host or message delivery transport. some-patternFILTER smtp:host other-pattern FILTER special-smtp: (postfix 2.7 or later) Ditto with policy service: action=FILTER smtp:host (or special-smtp:) Wietse
Re: Relay depending on destination ip
Em 04/10/16 07:12, Anton Bruckner escreveu: Hello, i have following scenario: Many external mail domains resolve to one single ip address ex 1.2.3.4 after dns lookup - is it now possible, to define a rule that says - relay any mail with destination host "1.2.3.4" to relay host "5.6.7.8" ? I know that i can do it with a transport rule - but only with names, not ip addresses. Any ideas ? i have already done that using iptables rules ! iptables -t nat -A POSTROUTING -p tcp --dport 25 -d original.destination.ip -j DNAT --to your.relay.ip.host (or something like that, did not tried the rule, just wrote by head) -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
e-mail filtering base on the IP
Hi, is it possible to route messages base on the sender IP address ? So for example from host A I would like to route all messages to host Z and from the rest of the hosts to host Y. Is it possible some how to configure it ? With kind regards Zalezny
Relay depending on destination ip
Hello, i have following scenario: Many external mail domains resolve to one single ip address ex 1.2.3.4 after dns lookup - is it now possible, to define a rule that says - relay any mail with destination host "1.2.3.4" to relay host "5.6.7.8" ? I know that i can do it with a transport rule - but only with names, not ip addresses. Any ideas ? thank you and best regards, Anton Bruckner
Re: sorbs.net blacklist too aggressive?
> On 04/10/16 07:02, Sean Greenslade wrote: >> On Mon, Oct 03, 2016 at 01:47:28PM -0400, Fongaboo wrote: >> I personally don't use RBLs as hard blocks. Instead, I have them set up >> in my spam filter (SpamAssassin) with different weights. That way, if >> one particular RBL is acting up, I can de-weight it and keep an eye on >> it without it affecting delivery. > > The main problem with this is that one of the primary advantages to > using a DNSRBL is that it sits in front of SpamAssassin. Some people would view this as a Feature. If all you're concerned with is Efficiency, then yes, put some DNSBLs at the edge. But if you're trying to do forensics... Then Fongaboo's approach is the correct one. One size does NOT fit all, especially with DNSBLs. Aloha mai Nai`a. -- " So this is how Liberty dies ... http://kapu.net/~mjwise/ " To Thunderous Applause.