Re: Strange behavior Postfix 3.1.4 address verification
Hello. Here is the log after disabling the reject reasons: Jul 28 07:44:04 mail postfix/smtpd[12265]: connect from itexchange16.itbspa.local[192.168.116.200] Jul 28 07:44:05 mail postfix/smtpd[12265]: Anonymous TLS connection established from itexchange16.itbspa.local[192.168.116.200]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Jul 28 07:44:05 mail postfix/verify[12269]: cache btree:/var/lib/postfix/verify_cache full cleanup: retained=0 dropped=0 entries Jul 28 07:44:05 mail postfix/cleanup[12270]: 3xJd7n0QgSz110M: message-id=<3xjd7n0qgsz1...@mail.itbspa.de> Jul 28 07:44:05 mail postfix/qmgr[12176]: 3xJd7n0QgSz110M: from=, size=223, nrcpt=1 (queue active) Jul 28 07:44:05 mail postfix/smtp[12271]: Untrusted TLS connection established to 172.18.1.11[172.18.1.11]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits) Jul 28 07:44:10 mail postfix/smtp[12271]: 3xJd7n0QgSz110M: to= , relay=172.18.1.11[172.18.1.11]:25, delay=5.1, delays=0/0.02/0.1/5, dsn=2.1.5, status=deliverable (250 2.1.5 Recipient OK) Jul 28 07:44:10 mail postfix/qmgr[12176]: 3xJd7n0QgSz110M: removed Jul 28 07:44:11 mail postgrey[789]: action=pass, reason=client whitelist, client_name=itexchange16.itbspa.local, client_address=192.168.116.200, sender=ebenb...@itbspa.de, recipient=j.wallin...@bspa.de Jul 28 07:44:11 mail postfix/smtpd[12265]: NOQUEUE: reject: RCPT from itexchange16.itbspa.local[192.168.116.200]: 450 4.1.1 : Recipient address rejected: unverified address: Address verification in progress; from= to= proto=ESMTP helo= Jul 28 07:44:11 mail postfix/smtpd[12265]: disconnect from itexchange16.itbspa.local[192.168.116.200] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6 -- View this message in context: http://postfix.1071664.n5.nabble.com/Strange-behavior-Postfix-3-1-4-address-verification-tp91564p91585.html Sent from the Postfix Users mailing list archive at Nabble.com.
RE: Deciphering maillog transaction that resulted in reply to spammer
>Did you configure your content filter to send a bounce message? Not intentionally. >Jul 26 19:05:57 mail1 postfix/smtpd[11093]: 67FB13910: >client=localhost[127.0.0.1] > >Jul 26 19:05:57 mail1 postfix/cleanup[11094]: 67FB13910: >message-id=> >That is not a Postfix-generated message ID. Is that from your content filter? I presume it must be then. Amavis It appears as if the message gets sent through amavis; amavis has some trouble with it, and it comes back to postfix as a reject, then it appears to get sent back through amavis again on its way to attempt a reject reply? I was hoping someone would help me with a tour of the log steps of what's handing off to what along the way. I get the jist of what's happening, but I'm trying to learn the details. Or even better someone who uses amavis happens to know what I'm doing wrong. Or if I'm trying to fix something that's not broken. Here's my master.cf FWIW Aside, I just noticed 2 lines starting with smtp. Is that an error on my part? Thanks, Scott submission inet n - n - - smtpd -o content_filter= -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o syslog_name=postfix-submission -o milter_macro_daemon_name=ORIGINATING smtp-amavis unix - - n - 3 smtp -o disable_dns_lookups=yes -o smtp_send_xforward_command=yes smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd -o cleanup_service_name=pre-cleanup tlsproxy unix - - n - 0 tlsproxy dnsblogunix - - n - 0 dnsblog pickup fifo n - n 60 1 pickup -o cleanup_service_name=pre-cleanup pre-cleanup unix n - n - 0 cleanup -o virtual_alias_maps= -o canonical_maps= -o sender_canonical_maps= -o recipient_canonical_maps= -o masquerade_domains= cleanupunix n - n - 0 cleanup -o mime_header_checks= -o nested_header_checks= -o body_checks= 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks qmgr unix n - n 300 1 qmgr rewriteunix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtualunix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache discardunix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr retry unix - - n - - error proxywrite unix - - n - 1 proxymap
RE: List posting question
>Do you have concrete evidence that the posting actually reaches the list host, >and isn't blocked at a point closer to you? Yes, but I figured it out. It was right there in front of me in the auto-reply/bounce message. Just missed it. Apologies for the static.
Re: Deciphering maillog transaction that resulted in reply to spammer
Did you configure your content filter to send a bounce message? Jul 26 19:05:57 mail1 postfix/smtpd[11093]: 67FB13910: client=localhost[127.0.0.1] Jul 26 19:05:57 mail1 postfix/cleanup[11094]: 67FB13910: message-id=That is not a Postfix-generated message ID. Is that from your content filter? Jul 26 19:05:57 mail1 postfix/qmgr[910]: 67FB13910: from=<>, size=3222, nrcpt=1 (queue active) Jul 26 19:05:57 mail1 postfix/smtp[11064]: 67FB13910: to= , relay=none, delay=0.38, delays=0.03/0/0.35/0, dsn=4.4.1, status=deferred (connect to mail.preal.us[5.133.8.185]:25: Connection refused Wietse
Re: List posting question
techlist06: > I'm trying to post: a question, a copy of 20 lines or so of a maillog, and > the output of postconf -n . > > The list does not seem to be accepting it. Maybe because the log has some > IP's and and address of a spammer? What should I do to sanitize it so it > will post? Not sure what's triggering the block. I tried posting it from > my server and from nabble.com as well. Nabble stays at "...not accepted > yet" Do you have concrete evidence that the posting actually reaches the list host, and isn't blocked at a point closer to you? Wietse
Deciphering maillog transaction that resulted in reply to spammer
Postfix 3.2.2, Centos7, amavisd, clamav Upgrading my server, and recently migrated one of my older domains that gets more spam. When checking my mail queue I saw a few deferred messages to addresses that alarmed me. I had a moment of panic thinking maybe I had configured something allowing a relay. Looked and decided I was OK there but I want to understand what caused these deferred messages. I figure I have something set wrong that allowed it in the first place. I *think* it's a bounce where I would not want a bounce. Can someone help me follow/decode this sample transaction? (apologies for the wrapping, copied/pasted out of putty). My comments of the pieces I think I "get" are in-line: Sanitized: myu...@userdomain.org - target recipient mail1.myserver - the server pp.pp.pp.pp and ss.ss.ss.ss primary and secondary IPs of the box. > spammer connects Jul 26 19:05:48 mail1 postfix/postscreen[11080]: CONNECT from [5.133.8.185]:44150 to [pp.pp.pp.pp]:25 > apparently passes postscreen, gets 450 "greylisted" due to after-220 > checks Jul 26 19:05:55 mail1 postfix/postscreen[11080]: NOQUEUE: reject: RCPT from [5.133.8.185]:44150: 450 4.3.2 Service c urrently unavailable; from=, to= , proto=ESMTP, helo= > added to temp whitelist, disconnect Jul 26 19:05:55 mail1 postfix/postscreen[11080]: PASS NEW [5.133.8.185]:44150 Jul 26 19:05:55 mail1 postfix/postscreen[11080]: DISCONNECT [5.133.8.185]:44150 > reconnects to secondary IP and is passed due to previous PASS Jul 26 19:05:55 mail1 postfix/postscreen[11080]: CONNECT from [5.133.8.185]:33753 to [ss.ss.ss.ss]:25 Jul 26 19:05:55 mail1 postfix/postscreen[11080]: PASS OLD [5.133.8.185]:33753 > the rest, and why there was a reply to spammer attempt is fuzzy to me: Jul 26 19:05:56 mail1 postfix/smtpd[11088]: warning: hostname accept.rootp.us does not resolve to address 5.133.8.18 5: Name or service not known Jul 26 19:05:56 mail1 postfix/smtpd[11088]: connect from unknown[5.133.8.185] Jul 26 19:05:56 mail1 postfix/smtpd[11088]: E58673D02: client=unknown[5.133.8.185] Jul 26 19:05:57 mail1 postfix/cleanup[11090]: E58673D02: message-id=<5ad4d5216a4bc054e796b681c153b4ca.16322808.16275 482@pearls.preal.us_jt0> Jul 26 19:05:57 mail1 postfix/qmgr[910]: E58673D02: from= , size=6760, nrcpt=1 ( queue active) Jul 26 19:05:57 mail1 amavis[5520]: (05520-17) ESMTP :10024 /var/spool/amavisd/tmp/amavis-20170726T133617-05520-rH4y Ye3A: -> SIZE=6760 BODY=8BITMIME RET=HDRS Received: from mail1.myserver.com ([127.0.0.1]) by localhost (mail1.myserver.com [127.0.0.1]) (amavisd-new, port 10 024) with ESMTP for ; Wed, 26 Jul 2017 19:05:57 -0500 (CDT) Jul 26 19:05:57 mail1 amavis[5520]: (05520-17) Checking: pqyogYJQxVad [5.133.8.185] -> Jul 26 19:05:57 mail1 amavis[5520]: (05520-17) WARN: MIME::Parser error: unexpected end of header; ; error: couldn't parse head; error near:; ; ; error: part did not end with expected boundary; ; error: unexpected end of parts bef ore epilogue Jul 26 19:05:57 mail1 clamd[788]: SelfCheck: Database status OK. Jul 26 19:05:57 mail1 postfix/smtpd[11093]: connect from localhost[127.0.0.1] Jul 26 19:05:57 mail1 postfix/smtpd[11093]: 67FB13910: client=localhost[127.0.0.1] Jul 26 19:05:57 mail1 postfix/cleanup[11094]: 67FB13910: message-id= Jul 26 19:05:57 mail1 postfix/qmgr[910]: 67FB13910: from=<>, size=3222, nrcpt=1 (queue active) Jul 26 19:05:57 mail1 postfix/smtpd[11093]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Jul 26 19:05:57 mail1 amavis[5520]: (05520-17) waLiP0ZsHz9C(pqyogYJQxVad) SEND from <> -> , ENVID=am.walip0zshz9c.20170727t0005...@mail1.myserver.com BODY=7BIT 250 2.0.0 from MTA(smtp:[1 27.0.0.1]:10025): 250 2.0.0 Ok: queued as 67FB13910 Jul 26 19:05:57 mail1 amavis[5520]: (05520-17) Blocked BAD-HEADER-0 {BouncedInbound,Quarantined}, [5.133.8.185]:3375 3 [5.133.8.185] -> , Queue-ID: E58673D02, Message-ID: <5ad 4d5216a4bc054e796b681c153b4ca.16322808.16275482@pearls.preal.us_jt0>, mail_id: pqyogYJQxVad, Hits: -, size: 6763, 160 ms Jul 26 19:05:57 mail1 postfix/smtp[11091]: E58673D02: to= , relay=127.0.0.1[127.0.0.1]:10024, delay =0.66, delays=0.49/0.01/0.01/0.15, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=05520-17, BOUNCE) Jul 26 19:05:57 mail1 postfix/qmgr[910]: E58673D02: removed Jul 26 19:05:57 mail1 postfix/smtpd[11088]: disconnect from unknown[5.133.8.185] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Jul 26 19:05:57 mail1 postfix/smtp[11064]: connect to mail.preal.us[5.133.8.185]:25: Connection refused Jul 26 19:05:57 mail1 postfix/smtp[11064]: 67FB13910: to= ,
Re: Migrating 2.11 to 3.2
On 28/07/17 08:31, Nikolaos Milas wrote: > Yep, I know; As I've mentioned, I prefer to build against ltb openldap, > which has proved to be well-updated and trustworthy. Ok, I prefer to stick to stock CentOS packages where I can and do so as a policy to avoid too many 3rd-party deps. > [I must pay my respect to GhettoForge who are providing reliable updated > packages for numerous software projects.] Thank you. > Interestingly, I've also noticed that postfix binaries are built against > original mysql, although CentOS 7 now uses mariadb as standard. They're built against whatever is provided by mysql-devel, in CentOS 6 that's mysql, in CentOS 7 that's MariaDB: 1:mariadb-devel-5.5.52-1.el7.x86_64 : Files for development of MariaDB/MySQL applications Repo: base Matched from: Provides: mysql-devel = 1:5.5.52-1.el7 > I've tried switching the dependency to mariadb instead, and building > using mariadb works fine as well. Yes, because you're actually building against MariaDB eitehr way and the exact same packages. > Is there a particular reason why mysql is used in the spec file rather > than mariadb (both in the GhettoForge and in the Oostergo versions)? Two reasons: I use the same spec to build for CentOS 6 and CentOS 7, since mysql-devel pulls in mariadb-devel in CentOS 7 anyways, there is no reason to special-case it in the spec. The second reason is that the spec file is historic, in that it was originally from older Fedora, and then CentOS versions and continually updated to keep up with what's new. There is no real reason to change the requirement at this stage since it works just fine the way it is. That said, I might change it in 2020 once CentOS 6 goes EOL. > I am still wondering about the possible cause of the startup problem I > faced. I can't say for sure, but it looks to be permissions-related to me. It might have to do with the way you built and subsequently installed postfix, or it might be an selinux issue that simply isn't present in the GhettoForge packages (assuming you haven't disabled selinux). Peter
List posting question
I'm trying to post: a question, a copy of 20 lines or so of a maillog, and the output of postconf -n . The list does not seem to be accepting it. Maybe because the log has some IP's and and address of a spammer? What should I do to sanitize it so it will post? Not sure what's triggering the block. I tried posting it from my server and from nabble.com as well. Nabble stays at "...not accepted yet" Thanks, Scott -- View this message in context: http://postfix.1071664.n5.nabble.com/List-posting-question-tp91580.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: Migrating 2.11 to 3.2
On 27/7/2017 10:45 μμ, Peter wrote: You don't have to actually rebuild the src.rpms, although you certainly can if you want. There are binary rpms you can just install as per the directions at: http://ghettoforge.org/index.php/Postfix3 Yep, I know; As I've mentioned, I prefer to build against ltb openldap, which has proved to be well-updated and trustworthy. [Additionally, I like to maintain my (slight) rpm-build know-how; it has been very useful in various occasions.] [I must pay my respect to GhettoForge who are providing reliable updated packages for numerous software projects.] Interestingly, I've also noticed that postfix binaries are built against original mysql, although CentOS 7 now uses mariadb as standard. I've tried switching the dependency to mariadb instead, and building using mariadb works fine as well. Is there a particular reason why mysql is used in the spec file rather than mariadb (both in the GhettoForge and in the Oostergo versions)? The main thing to be concerned about here is the possibility of different versions of the compiled berkley db files. Simply re-running postmap on the source files should correct those issues. I haven't noticed any such issues, but I'll keep an eye for possible problems. My concern was that by switching the whole directory I might have missed some files that may have been needed, although I did not notice any such files (by comparing the content of the /etc/postfix/ directories on the two servers) when I tried to resolve the issue. I am still wondering about the possible cause of the startup problem I faced. Cheers, Nick
Re: Migrating 2.11 to 3.2
On 28/07/17 01:51, Nikolaos Milas wrote: > On 27/7/2017 1:50 μμ, Peter wrote: > >>> http://ghettoforge.org/index.php/Packages >> Right, that one is highly recommended, much better than attempting to >> install from source. > > OK, I followed your advice and I rebuilt the rpm(s) using: > > http://mirror.ghettoforge.org/distributions/gf/el/7Server/plus/SRPMS/postfix3-3.2.2-4.gf.el7.src.rpm You don't have to actually rebuild the src.rpms, although you certainly can if you want. There are binary rpms you can just install as per the directions at: http://ghettoforge.org/index.php/Postfix3 > It may have been wrong from my side to simply replace the whole > /etc/postfix/ directory with the one from the original server (as I > initially did). This time I have been more cautious (as I explained above). The main thing to be concerned about here is the possibility of different versions of the compiled berkley db files. Simply re-running postmap on the source files should correct those issues. Peter
Re: Strange behavior Postfix 3.1.4 address verification
> unverified_recipient_reject_reason = User unknown > unverified_sender_reject_reason = User unknown Please disable these two settings, for example: $ postconf -# unverified_recipient_reject_reason unverified_sender_reject_reason $ postfix reload and report the logs of the problem with these settings. I need to know the true reason why the request is rejected, not the text that you configured in main.cf. Wietse
Re: Change gateway on bounce
Peter, As of Postfix 2.3 you can use smtp_fallback_relay. http://www.postfix.org/postconf.5.html#smtp_fallback_relay Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. With Postfix 2.2 and earlier this parameter is called fallback_relay. -- Matthew Peter wrote: Hey guys, I have been thinking if postfix has capability to forward a bounced email to another server. I know I can relay emails using transport but can I relay (retry) an email from a different server? Let's say the target server says 'blacklisted' and I'd just forward that email to another server so it's sent out from there? Cheers, Peter
Re: Strange behavior Postfix 3.1.4 address verification
postconf -Mf: smtp inet n - y - 1 postscreen smtpd pass - - y - - smtpd -o smtpd_proxy_filter=127.0.0.1:10024 -o smtpd_client_connection_count_limit=20 -o smtpd_proxy_options=speed_adjust dnsblogunix - - y - 0 dnsblog tlsproxy unix - - y - 0 tlsproxy pickup unix n - n 60 1 pickup cleanupunix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewriteunix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discardunix - - n - - discard local unix - n n - - local virtualunix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailmanunix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_proxy_filter=127.0.0.1:10026 -o smtpd_client_connection_count_limit=20 -o smtpd_proxy_options=speed_adjust -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=$submission_recipient_restrictions dovecotunix - n n - - pipe flags=DRh user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension} 127.0.0.1:10025 inet n - n - - smtpd -o syslog_name=postfix/10025 -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_tls_security_level=none -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks postconf -n: address_verify_positive_expire_time = 7d address_verify_positive_refresh_time = 1d alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases allow_min_user = no allow_percent_hack = no biff = no bounce_queue_lifetime = 4h bounce_template_file = /etc/postfix/bounce.de-DE.cf broken_sasl_auth_clients = yes command_directory = /usr/sbin compatibility_level = 2 daemon_directory = /usr/lib/postfix/sbin data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 delay_warning_time = 1h disable_vrfy_command = yes
Re: Strange behavior Postfix 3.1.4 address verification
Waschl: > Hello, > > first the logs: > > Jul 27 12:52:46 mail postfix/smtpd[4341]: connect from > itexchange16.itbspa.local[192.168.116.200] > Jul 27 12:52:46 mail postfix/smtpd[4341]: Anonymous TLS connection > established from itexchange16.itbspa.local[192.168.116.200]: TLSv1.2 with > cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > Jul 27 12:52:46 mail postfix/cleanup[4345]: 3xJ82Q6ycVzyp9: > message-id=<3xj82q6ycvz...@mail.itbspa.de> > Jul 27 12:52:46 mail postfix/qmgr[4150]: 3xJ82Q6ycVzyp9: > from=, size=221, nrcpt=1 (queue active) > Jul 27 12:52:47 mail postfix/smtp[4346]: Untrusted TLS connection > established to 172.18.1.11[172.18.1.11]:25: TLSv1.2 with cipher > ECDHE-RSA-AES256-SHA384 (256/256 bits) > Jul 27 12:52:52 mail postfix/smtp[4346]: 3xJ82Q6ycVzyp9: > to= , relay=172.18.1.11[172.18.1.11]:25, delay=5.1, > delays=0/0.02/0.1/5, dsn=2.1.5, status=deliverable (250 2.1.5 Recipient OK) > Jul 27 12:52:52 mail postfix/qmgr[4150]: 3xJ82Q6ycVzyp9: removed > Jul 27 12:52:52 mail postgrey[705]: action=pass, reason=client whitelist, > client_name=itexchange16.itbspa.local, client_address=192.168.116.200, > sender=ebenb...@itbspa.de, recipient=j.wallin...@bspa.de > Jul 27 12:52:52 mail postfix/smtpd[4341]: NOQUEUE: reject: RCPT from > itexchange16.itbspa.local[192.168.116.200]: 450 4.1.1 : > Recipient address rejected: unverified address: User unknown; > from= to= proto=ESMTP > helo= > Jul 27 12:52:52 mail postfix/smtpd[4341]: disconnect from > itexchange16.itbspa.local[192.168.116.200] ehlo=2 starttls=1 mail=1 rcpt=0/1 > quit=1 commands=5/6 > > The strange thing is that the verification probe is all lowercase while the > mail address has two uppercase letters. The verification probe is succesfull > but the receipient gets rejected. Test with mail address in lowercase works. > Before with Postfix 2.11 everything was fine. Now i have a new mailserver > with Postfix 3.1.4 that acts like described. > > Hope someone can help me... TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix. In particular, note the request for configuration information. Do not cut and paste from files; use 'postconf' command output instead. Wietse
Re: Change gateway on bounce
> On Jul 27, 2017, at 11:17 AM, Peterwrote: > > I have been thinking if postfix has capability to forward a bounced email to > another server. I know I can relay emails using transport but can I relay > (retry) an email from a different server? Let's say the target server says > 'blacklisted' and I'd just forward that email to another server so it's sent > out from there? Yes, but if that server only sends originally refused mail, its "reputation" will be terrible and pretty soon all of its mail will be rejected too. Best to just go with "no means no". If you're sending mail the provider's users don't want, don't try to sneak past their filters. If the recipients do want the mail, work with the receiving system's postmaster to resolve the issue. -- Viktor.
Change gateway on bounce
Hey guys, I have been thinking if postfix has capability to forward a bounced email to another server. I know I can relay emails using transport but can I relay (retry) an email from a different server? Let's say the target server says 'blacklisted' and I'd just forward that email to another server so it's sent out from there? Cheers, Peter
Re: Protecting mail addresses using check_sasl_access
On 26/7/2017 2:09 μμ, Nikolaos Milas wrote: Can you please confirm that this is a valid configuration? In the meantime I tested this configuration and it does work fine (as I expected)! Any other suggestions, pitfalls and/or comments? I surely appreciate any suggestions, pitfalls and/or comments on this approach! Cheers, Nick
Re: Migrating 2.11 to 3.2
On 27/7/2017 1:50 μμ, Peter wrote: http://ghettoforge.org/index.php/Packages Right, that one is highly recommended, much better than attempting to install from source. OK, I followed your advice and I rebuilt the rpm(s) using: http://mirror.ghettoforge.org/distributions/gf/el/7Server/plus/SRPMS/postfix3-3.2.2-4.gf.el7.src.rpm I uninstalled postfix and re-installed using the new builds; then I copied the migrated (simply transferred from the original server) custom config files to the new config directory (/etc/postfix/). Postfix started fine this time. Things appear running smoothly until now. It may have been wrong from my side to simply replace the whole /etc/postfix/ directory with the one from the original server (as I initially did). This time I have been more cautious (as I explained above). Thanks, Nick
Strange behavior Postfix 3.1.4 address verification
Hello, first the logs: Jul 27 12:52:46 mail postfix/smtpd[4341]: connect from itexchange16.itbspa.local[192.168.116.200] Jul 27 12:52:46 mail postfix/smtpd[4341]: Anonymous TLS connection established from itexchange16.itbspa.local[192.168.116.200]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Jul 27 12:52:46 mail postfix/cleanup[4345]: 3xJ82Q6ycVzyp9: message-id=<3xj82q6ycvz...@mail.itbspa.de> Jul 27 12:52:46 mail postfix/qmgr[4150]: 3xJ82Q6ycVzyp9: from=, size=221, nrcpt=1 (queue active) Jul 27 12:52:47 mail postfix/smtp[4346]: Untrusted TLS connection established to 172.18.1.11[172.18.1.11]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits) Jul 27 12:52:52 mail postfix/smtp[4346]: 3xJ82Q6ycVzyp9: to= , relay=172.18.1.11[172.18.1.11]:25, delay=5.1, delays=0/0.02/0.1/5, dsn=2.1.5, status=deliverable (250 2.1.5 Recipient OK) Jul 27 12:52:52 mail postfix/qmgr[4150]: 3xJ82Q6ycVzyp9: removed Jul 27 12:52:52 mail postgrey[705]: action=pass, reason=client whitelist, client_name=itexchange16.itbspa.local, client_address=192.168.116.200, sender=ebenb...@itbspa.de, recipient=j.wallin...@bspa.de Jul 27 12:52:52 mail postfix/smtpd[4341]: NOQUEUE: reject: RCPT from itexchange16.itbspa.local[192.168.116.200]: 450 4.1.1 : Recipient address rejected: unverified address: User unknown; from= to= proto=ESMTP helo= Jul 27 12:52:52 mail postfix/smtpd[4341]: disconnect from itexchange16.itbspa.local[192.168.116.200] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6 The strange thing is that the verification probe is all lowercase while the mail address has two uppercase letters. The verification probe is succesfull but the receipient gets rejected. Test with mail address in lowercase works. Before with Postfix 2.11 everything was fine. Now i have a new mailserver with Postfix 3.1.4 that acts like described. Hope someone can help me... -- View this message in context: http://postfix.1071664.n5.nabble.com/Strange-behavior-Postfix-3-1-4-address-verification-tp91564.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: Migrating 2.11 to 3.2
On 27/7/2017 1:02 μμ, Pinter Tibor wrote: # rpm -ql postfix | grep files /usr/libexec/postfix/postfix-files Thank you all for your responses. Please see below: # rpm -ql postfix | grep files /usr/share/postfix/postfix-files rpm -qa postfix | grep postfix postfix-3.2.2-2.el7.centos.appletech.x86_64 I've built postfix myself, using: http://repos.oostergo.net/7/SRPMS/postfix-3.2.2-1.el7.centos.src.rpm having adapted it slightly to get built using the ltb openldap libraries (see https://ltb-project.org/download) which I use on all my systems for years. Postfix worked fine after the package installation (with the default config); However it presents this problem when I try to start it with the config I copied from the initial server. Any suggestions on how to correct things without having to rebuild the software? Cheers, Nick
Re: Migrating 2.11 to 3.2
On 27/07/17 22:44, Postfix User wrote: > You might try one of these URLs: > > http://ghettoforge.org/index.php/Packages Right, that one is highly recommended, much better than attempting to install from source. Once again, though, I'd like to know where the OP got his postfix from, I get the feeling he installed it from source directly. Peter
Re: Migrating 2.11 to 3.2
On Thu, 27 Jul 2017 22:20:36 +1200, Peter stated: >On 27/07/17 21:54, Nikolaos Milas wrote: >> Hello, >> >> We are moving to a new (virtual) server (from CentOS 5 with Postfix >> 2.11.6 to CentOS 7 with Postfix 3.2.2). > >Where did you get Postfix 3.2 from? > > >Peter You might try one of these URLs: http://ghettoforge.org/index.php/Packages ftp://ftp.reverse.net/pub/postfix/index.html -- Jerry
Re: Migrating 2.11 to 3.2
On 27/07/17 21:54, Nikolaos Milas wrote: > Hello, > > We are moving to a new (virtual) server (from CentOS 5 with Postfix > 2.11.6 to CentOS 7 with Postfix 3.2.2). Where did you get Postfix 3.2 from? Peter
Re: Migrating 2.11 to 3.2
On 07/27/2017 11:59 AM, Paul Menzel wrote: Dear Nikolaos, On 07/27/17 11:54, Nikolaos Milas wrote: We are moving to a new (virtual) server (from CentOS 5 with Postfix 2.11.6 to CentOS 7 with Postfix 3.2.2). I have moved the original configuration to the new server and Postfix won't start; I am getting: # systemctl status postfix postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2017-07-27 12:25:14 EEST; 12min ago Process: 21895 ExecStart=/usr/sbin/postfix start (code=exited, status=1/FAILURE) Process: 21893 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS) Process: 21890 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS) Main PID: 14815 (code=killed, signal=TERM) Jul 27 12:25:12 vmail2.noa.gr postfix[21895]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600 Jul 27 12:25:12 vmail2.noa.gr postfix[21895]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600 Jul 27 12:25:12 vmail2.noa.gr postfix[21895]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600 Jul 27 12:25:12 vmail2.noa.gr postfix[21895]: /usr/libexec/postfix/post-install: Error: /etc/postfix/postfix-files is not a file. Jul 27 12:25:12 vmail2.noa.gr postfix/postfix-script[21913]: fatal: unable to create missing queue directories Jul 27 12:25:13 vmail2.noa.gr postfix/postfix-script[21914]: fatal: Postfix integrity check failed! Jul 27 12:25:14 vmail2.noa.gr systemd[1]: postfix.service: control process exited, code=exited status=1 Jul 27 12:25:14 vmail2.noa.gr systemd[1]: Failed to start Postfix Mail Transport Agent. Jul 27 12:25:14 vmail2.noa.gr systemd[1]: Unit postfix.service entered failed state. Jul 27 12:25:14 vmail2.noa.gr systemd[1]: postfix.service failed. I also tried: # /usr/libexec/postfix/post-install create-missing postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600 /usr/libexec/postfix/post-install: Error: /postfix-files is not a file. Can you please let me know what may be the issue here? Please post the output of the commands below. ``` $ ls -l /etc/postfix/ $ file /etc/postfix/postfix-files ``` […] Kind regards, Paul # rpm -ql postfix | grep files /usr/libexec/postfix/postfix-files t
Re: Migrating 2.11 to 3.2
Dear Nikolaos, On 07/27/17 11:54, Nikolaos Milas wrote: We are moving to a new (virtual) server (from CentOS 5 with Postfix 2.11.6 to CentOS 7 with Postfix 3.2.2). I have moved the original configuration to the new server and Postfix won't start; I am getting: # systemctl status postfix postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2017-07-27 12:25:14 EEST; 12min ago Process: 21895 ExecStart=/usr/sbin/postfix start (code=exited, status=1/FAILURE) Process: 21893 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS) Process: 21890 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS) Main PID: 14815 (code=killed, signal=TERM) Jul 27 12:25:12 vmail2.noa.gr postfix[21895]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600 Jul 27 12:25:12 vmail2.noa.gr postfix[21895]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600 Jul 27 12:25:12 vmail2.noa.gr postfix[21895]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600 Jul 27 12:25:12 vmail2.noa.gr postfix[21895]: /usr/libexec/postfix/post-install: Error: /etc/postfix/postfix-files is not a file. Jul 27 12:25:12 vmail2.noa.gr postfix/postfix-script[21913]: fatal: unable to create missing queue directories Jul 27 12:25:13 vmail2.noa.gr postfix/postfix-script[21914]: fatal: Postfix integrity check failed! Jul 27 12:25:14 vmail2.noa.gr systemd[1]: postfix.service: control process exited, code=exited status=1 Jul 27 12:25:14 vmail2.noa.gr systemd[1]: Failed to start Postfix Mail Transport Agent. Jul 27 12:25:14 vmail2.noa.gr systemd[1]: Unit postfix.service entered failed state. Jul 27 12:25:14 vmail2.noa.gr systemd[1]: postfix.service failed. I also tried: # /usr/libexec/postfix/post-install create-missing postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600 /usr/libexec/postfix/post-install: Error: /postfix-files is not a file. Can you please let me know what may be the issue here? Please post the output of the commands below. ``` $ ls -l /etc/postfix/ $ file /etc/postfix/postfix-files ``` […] Kind regards, Paul
Migrating 2.11 to 3.2
Hello, We are moving to a new (virtual) server (from CentOS 5 with Postfix 2.11.6 to CentOS 7 with Postfix 3.2.2). I have moved the original configuration to the new server and Postfix won't start; I am getting: # systemctl status postfix postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2017-07-27 12:25:14 EEST; 12min ago Process: 21895 ExecStart=/usr/sbin/postfix start (code=exited, status=1/FAILURE) Process: 21893 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS) Process: 21890 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS) Main PID: 14815 (code=killed, signal=TERM) Jul 27 12:25:12 vmail2.noa.gr postfix[21895]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600 Jul 27 12:25:12 vmail2.noa.gr postfix[21895]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600 Jul 27 12:25:12 vmail2.noa.gr postfix[21895]: /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600 Jul 27 12:25:12 vmail2.noa.gr postfix[21895]: /usr/libexec/postfix/post-install: Error: /etc/postfix/postfix-files is not a file. Jul 27 12:25:12 vmail2.noa.gr postfix/postfix-script[21913]: fatal: unable to create missing queue directories Jul 27 12:25:13 vmail2.noa.gr postfix/postfix-script[21914]: fatal: Postfix integrity check failed! Jul 27 12:25:14 vmail2.noa.gr systemd[1]: postfix.service: control process exited, code=exited status=1 Jul 27 12:25:14 vmail2.noa.gr systemd[1]: Failed to start Postfix Mail Transport Agent. Jul 27 12:25:14 vmail2.noa.gr systemd[1]: Unit postfix.service entered failed state. Jul 27 12:25:14 vmail2.noa.gr systemd[1]: postfix.service failed. I also tried: # /usr/libexec/postfix/post-install create-missing postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600 /usr/libexec/postfix/post-install: Error: /postfix-files is not a file. Can you please let me know what may be the issue here? I have checked the queue directory: /var/spool/postfix/ and I don't see anything different between the two installations. Here is my config details: # postconf -n alias_database = hash:/etc/postfix/aliases, hash:/etc/postfix/aliases.d/virtual_aliases alias_maps = hash:/etc/aliases allowed_gein = check_client_access cidr:/etc/postfix/gein_admin_ips.cidr,reject allowed_iaasars = check_client_access cidr:/etc/postfix/iaasars_admin_ips.cidr,reject allowed_list1 = check_sasl_access hash:/etc/postfix/allowed_groupmail_users,reject allowed_list2 = permit_mynetworks,reject allowed_meteo = check_client_access cidr:/etc/postfix/meteo_admin_ips.cidr,reject broken_sasl_auth_clients = yes command_directory = /usr/sbin controlled_senders = check_sender_access hash:/etc/postfix/blocked_senders daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 default_process_limit = 25 delay_logging_resolution_limit = 3 deliver_lock_attempts = 40 dovecot_destination_recipient_limit = 1 gwcheck = reject_unverified_recipient, reject_unauth_destination home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = ipv4, ipv6 local_header_rewrite_clients = static:all mail_name = NOA Mail Srv XAPITI XPICTOY mail_owner = postfix mailbox_command = /usr/lib/dovecot/deliver mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 41943040 milter_default_action = accept mydestination = $myhostname, localhost.$mydomain, localhost mydomain = noa.gr myhostname = vmail2.noa.gr mynetworks = 195.251.204.0/24, 195.251.202.0/23, 194.177.194.0/23, 127.0.0.0/8, 10.201.0.0/16, [2001:648:2011::]/48, 83.212.5.24/29, [2001:648:2ffc:1115::]/64, 62.217.124.0/29, [2001:648:2ffc:126::]/64 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = $smtpd_milters parent_domain_matches_subdomains = postfwdcheck = check_policy_service inet:127.0.0.1:10040 queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_canonical_maps = hash:/etc/postfix/domainrecipientmap relay_domains = $mydestination sample_directory = /usr/share/doc/postfix-2.3.3/samples sender_canonical_maps = hash:/etc/postfix/domainsendermap sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_security_level = may smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject smtpd_delay_reject = yes smtpd_end_of_data_restrictions = check_client_access cidr:/etc/postfix/postfwdpolicy.cidr smtpd_milters = inet:127.0.0.1:8891 smtpd_recipient_restrictions =
Re: Use 1 TLS certificate for multiple domains
Thank you Viktor! Totally clear to me now. Greetings 2017-07-26 16:43 GMT+02:00 Viktor Dukhovni: > > > On Jul 26, 2017, at 6:01 AM, Z3us Linux wrote: > > > > I'm running Postfix with MailScanner as a spamfilter for multiple > domains/customers. > > Is it possible to create a TLS configuration to force encryption for a > set of domains with one 1 SSL certificate for the FQDN of the mailserver? > > Deploying an RSA 2048-bit key and matching certificate is generally > sufficient to allow clients that support SMTP STARTTLS to employ > opportunistic TLS. See: > > http://www.postfix.org/TLS_README.html#quick-start > AND http://www.postfix.org/postfix-tls.1.html > > > The MX-records of the hosted domains are pointing to my mailserver > > and my mailserver is forwarding the mail to the destionation mailserver > > of the customer. > > Generate a certificate whose DNS subject alternative name is the DNS > name of your MX host as it appears in the MX records of the customer > domains. > > > Does the SSL certificate need to contain the domainnames of the > > destination domains? > > A few broken senders aside, opportunistic TLS in SMTP does not > validate the server certificate, and it makes little difference > whether the certificate has a matching name, is "expired" or > issued by a CA trusted by the sending SMTP client. > > That said, you should generally try to make your certificate > broadly interoperable, and avoid leaving "expired" certificates > in place, or not having the MX hostname as a DNS subject alternative > name. However, you may, and often should employ your own CA, that > will not be known to the sender. > > > Or is the FQDN of the active mailserver enough for good encryption? > > Some SMTP servers have no names in their certificate at all. See > below my signature for an example. It is not necessarily a good > idea to have such a minimal certificate, but it does interoperate > with the vast majority of sending clients. The 1000-year lifetime > is especially "cute", the administrator of the server in question > truly understands that with opportunistic TLS only the public key > matters, and the certificate is largely devoid of any extraneous > information. > > -- > Viktor. > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > c3:26:2b:13:ca:b1:36:72 > Signature Algorithm: sha256WithRSAEncryption > Issuer: > Validity > Not Before: Jul 27 14:59:59 2014 GMT > Not After : Nov 27 14:59:59 3013 GMT > Subject: > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > Public-Key: (4096 bit) > Modulus: > 00:b6:d3:42:35:68:e9:2a:9e:ba:f8:f0:f4:bf:30: > b5:0b:40:cd:10:4b:20:94:aa:fc:e8:d3:b1:b8:15: > cc:24:ba:7f:95:b5:85:92:e9:d5:97:70:d3:fd:b3: > c9:91:ba:d5:85:5d:c6:6d:98:8b:c3:b3:79:74:a7: > 41:c6:f4:df:14:53:bb:90:21:72:71:ba:e2:56:03: > 0a:0b:a9:db:d5:92:d3:90:58:4e:eb:a4:8b:51:80: > db:5f:56:26:cf:9b:26:a8:2e:42:df:54:14:86:4e: > 1f:ad:b2:9c:57:54:16:7a:39:25:a3:b3:90:97:eb: > 70:92:04:27:10:b6:fd:9e:70:4f:b2:02:e2:fa:6d: > 90:eb:9a:0c:64:3c:31:86:4c:98:99:47:00:75:b6: > d0:bb:80:02:13:c7:43:97:24:ec:1e:3e:b1:1c:d6: > c7:b7:de:fc:e8:bb:c6:d8:20:74:16:09:27:2d:17: > 17:a5:a4:41:d0:f6:60:de:a2:84:fa:e4:8d:dd:1e: > 98:7e:19:75:a4:87:52:18:45:d9:6d:39:3e:2c:b2: > 64:1a:13:37:26:3f:72:8c:7d:fe:2e:d6:26:d7:cc: > 37:aa:06:4a:2f:ea:bc:0f:00:5f:d5:30:79:e8:11: > 21:64:03:b9:91:e5:da:47:6b:7d:43:e6:5e:20:e8: > 1d:1d:1e:3d:b8:57:62:01:98:13:5b:cc:a8:9f:6b: > d2:34:e0:6f:86:b8:ac:9d:89:f1:e9:27:b9:f8:55: > ce:a2:8a:33:2b:ac:3a:65:c0:fb:12:b8:f7:5a:47: > a6:ea:83:80:88:0f:ca:d4:d5:dc:62:5c:08:d9:cf: > e6:ca:fe:32:00:9e:e3:c0:53:99:21:a3:c9:4f:66: > 07:fc:61:e2:20:18:01:7f:61:dd:e1:72:b5:fd:c3: > 97:23:2a:51:bf:42:58:64:0d:2b:4e:cc:85:a0:5e: > 01:52:2b:7b:46:f0:63:19:9b:a3:5e:2c:70:23:36: > a3:a9:3a:b3:60:2e:ad:78:68:96:ce:a4:4c:ea:13: > 77:02:97:c4:55:82:f3:fd:3b:f3:f4:65:4e:dd:3b: > fe:d2:dd:d0:da:29:e8:3e:dd:a9:e3:c6:16:db:eb: > f8:90:72:dc:54:37:17:15:c9:43:1f:de:9d:5b:02: > 5e:03:a9:3e:78:75:15:4d:bc:84:bf:a0:7e:4a:68: > 7d:2b:c6:c5:b5:da:09:8b:f3:45:6e:82:2b:8b:be: > e9:5d:b7:b3:f0:e8:0d:04:8c:e3:b8:ca:23:1d:dc: >