Re: How to reject mails where from address and to address is myself.

2019-05-29 Thread anant 

 Please see the relevant headers.
 
RETURN-PATH:  Received: from dnsbsnl.isac.gov.in
(dnserns.isac.gov.in [172.20.2.58])  by services.isac.gov.in (Postfix)
with ESMTP id 4BEB0C4F8214  for ; Thu, 30 May 2019
05:41:02 +0530 (IST) Received-SPF: Permerror (SPF Permanent Error:
Unknown mechanism found: ipv4:200.1.12.0/24) identity=mailfrom;
client-ip=200.1.12.1; helo=smtp03.mppee.gob.ve;
envelope-from=ire...@mppee.gob.ve; receiver=yog...@isac.gov.in
Received: from smtp03.mppee.gob.ve (smtp03.mppee.gob.ve [200.1.12.1])
by dnsbsnl.isac.gov.in (Postfix) with ESMTP id 7D3128066FAF  for
; Thu, 30 May 2019 05:40:57 +0530 (IST) List-Help:
 Message-ID:
 FROM: 
Content-Type: multipart/related;  boundary="C1CA3BF65E387" MIME-Version: 1.0 TO: 
yog...@isac.gov.INAbuse-Reports-To:  Subject: =?utf-8?Q?***SPAM-UTM***?=  yogeen X-Mailer: Inxmail 
EE 4.7.4.638 X-aid: 7598214175 X-Sender: ire...@mppee.gob.ve Date: Thu, 30 May 2019 02:09:58 +0200 X-Complaints-To: 
 List-Subscribe:  
,   
 Feedback-ID: 
b5y6mjmp4aw6d7pp1fkwbwbs8837rxeb6vjtbod1wd81p7r:none:yreihnhm X-Greylist: Sender succeeded SMTP AUTH, not delayed by 
milter-greylist-4.3.9 (smtp03.mppee.gob.ve [0.0.0.0]); Wed, 29 May 2019 20:11:27 -0400 (VET) X-Copyrighted-Material: Please 
visit http://www.company.com/privacy.htm X-Virus-Scanned: clamav-milter 0.99 at smtp03.mppee.gob.ve X-Virus-Status: Clean 
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.3.9 (smtp03.mppee.gob.ve [0.0.0.0]); Wed, 29 May 2019 
20:11:40 -0400 (VET) X-SpamInfo: FortiGuard-AntiSpam ip, connection black ip
200.1.12.1

Regards,
anant.

- Message from Michael  -
   Date: Tue, 28 May 2019 07:10:50 -0500
   From: Michael 
Subject: Re: How to reject mails where from address and to address is myself.
     To: postfix-users@postfix.org


Your email filter should be able to quarantine or discard any email
that fails the SPF check.

If you want to take it further, you can add a DMARC record after
ensuring that your SPF and DKIM are working properly. Again, your
filter will need to correctly handle any email that fails DMARC.

Can you post the headers of one of the emails?

On 2019-05-28 6:19 am, an...@ursc.gov.in wrote:

Dear List,

Lot of SPAM mails are being received where from and to address is
myself and the mail has contents which are dirty/bad.

The original sender id will be different.

How to handle such mails.

--
Anant S Athavale
--
IMPORTANT NOTE:

ISRO Satellite Centre (ISAC) was renamed as U R Rao Satellite Centre (URSC).
Hence, the existing domain (isac.gov.in) is changed to new domain
ursc.gov.in
resulting into change of e-mail address from u...@isac.gov.in to
u...@ursc.gov.in.
Please note this change and update your contact details for new domain
(ursc.gov.in).
--
Confidentiality Notice: This e-mail message, including any
attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.--


- End message from Michael  -
 

 Anant S Athavale
--
IMPORTANT NOTE:

ISRO Satellite Centre (ISAC) was renamed as U R Rao Satellite Centre (URSC).
Hence, the existing domain (isac.gov.in) is changed to new domain ursc.gov.in
resulting into change of e-mail address from u...@isac.gov.in to
u...@ursc.gov.in.
Please note this change and update your contact details for new domain
(ursc.gov.in).
--
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
--

Re: opendmarc.dat Permission denied issues

2019-05-29 Thread Kris Deugau 

On Thu, May 30, 2019 12:52 am, Benny Pedersen wrote:

li...@sbt.net.au skrev den 2019-05-29 06:09:



change /var/run to /var/tmp

if you reboot with your config you will loose data

/var/tmp must not be cleaned after boots, /tmp will be cleaned on boot


/tmp and /var/tmp may be emptied at any time;  they are not intended for 
persistent data.  Sockets and temporary working files are fine;  I 
wouldn't put anything in either one that I expected to keep around for 
very long.


The exact default policy may also vary from *nix to *nix (either across 
Linux/*BSD/"real"-UNIX divisions, or between Linux distributions), and 
will almost certainly vary from system to system according to local 
administrator preference/policy.


The default /var/spool/opendmarc/opendmarc.dat sounds reasonable; 
/var/lib/opendmarc/opendmarc.dat is probably another good choice.  Files 
in these trees are expected to hang around.



li...@sbt.net.au wrote:

following Dominic advice I've set "UMask 0002" as , and, also reverted to
default path, restarted some 10 hours ago, so far, so good, no more fopen
errors

I'll change to /var/tmp next


I'd just leave it in the default location;  unless you have some strong 
reason to put it elsewhere.


-kgd

Re: opendmarc.dat Permission denied issues

2019-05-29 Thread lists 
On Thu, May 30, 2019 12:52 am, Benny Pedersen wrote:
> li...@sbt.net.au skrev den 2019-05-29 06:09:

> change /var/run to /var/tmp
>
> if you reboot with your config you will loose data
>
> /var/tmp must not be cleaned after boots, /tmp will be cleaned on boot
>
>
> permission denied comes from that opendmarc starts as root, and drops
> privelges to user later, and that makes it permision denied for the dat
> file, show ls -l /var/run/ if need more help
>
> if the dat file is owned or created by root, delete it and restart
> opendmarc
>

Benny, thanks

following Dominic advice I've set "UMask 0002" as , and, also reverted to
default path, restarted some 10 hours ago, so far, so good, no more fopen
errors

I'll change to /var/tmp next

thanks for explanation,

Voytek


# ls -l /var/run/
total 32

drwxr-xr-x  3 root  root 80 May 28 22:09 NetworkManager
drwx--  2 opendkim  opendkim 60 May 28 22:09 opendkim
drwx--  2 opendmarc opendmarc60 May 29 18:25 opendmarc
drwxr-xr-x  2 root  root 40 May 28 22:08 plymouth
...

# ls -l /var/run/opendmarc
total 4
-rw-rw-r-- 1 opendmarc opendmarc 6 May 29 18:25 opendmarc.pid

# grep istory  /etc/opendmarc.conf
HistoryFile /var/spool/opendmarc/opendmarc.dat
# HistoryFile /var/run/opendmarc.dat

# ls -l /var/spool/opendmarc/
total 44
-rw-rw-r-- 1 opendmarc opendmarc 41543 May 30 06:42 opendmarc.dat

Re: Postscreen - fatal: btree:/var/db/postfix/postscreen_cache

2019-05-29 Thread Jos Chrispijn 

On 23-5-19 14:27, Wietse Venema wrote:

It is also possible that your kernel can't handle the exclusive
lock request because it is running out of kernel resources. How
often are you restarting/reloading Postfix?

I have some supicions, but let's hear from you first.
Interesting that you ask, as I just checked postfix after a restart and 
it all goes well again.
Decided to restart from cron every 12 hours, but I guess that is just 
symptom suppression


/jos

Re: opendmarc.dat Permission denied issues

2019-05-29 Thread Benny Pedersen 

li...@sbt.net.au skrev den 2019-05-29 06:09:


May 29 13:41:43 geko opendmarc[27677]: AAADD4E821C9:
/var/run/opendmarc.dat: fopen(): Permission denied


change /var/run to /var/tmp

if you reboot with your config you will loose data

/var/tmp must not be cleaned after boots, /tmp will be cleaned on boot

permission denied comes from that opendmarc starts as root, and drops 
privelges to user later, and that makes it permision denied for the dat 
file, show ls -l /var/run/ if need more help


if the dat file is owned or created by root, delete it and restart 
opendmarc

Re: opendmarc.dat Permission denied issues

2019-05-29 Thread lists 
On Wed, May 29, 2019 4:51 pm, Dominic Raferd wrote:
> On Wed, 29 May 2019 at 05:11,  wrote:

>
> I think you need to use a suitable UMask setting in /etc/opendmarc.conf
> e.g. 0002 - see UMask in man opendmarc.conf. And I don't think /var/run is
>  a logical place to put the history file. /var/log maybe?
>

Dominic, thanks

I've used
https://www.stevejenkins.com/blog/2015/03/installing-opendmarc-rpm-via-yum-with-postfix-or-sendmail-for-rhel-centos-fedora/

I can see now there is inconsistency in that writeup, with location of the
.dat

I currently have like:


UMask 007

UserID opendmarc:mail

what about default path /var/run/opendmarc.dat, maybe I'll try that

I'll try UMask 0002

thanks,

V

Re: Relay email based on Sender address / domain

2019-05-29 Thread Juliana Rodrigueiro 
Hi!!

> sender_dependent_default_transport_maps =
> hash:$config_directory/sender_dependant_relayhost_maps.db

Here you should point to the plain text file, not the db. The db file should 
be generated by running the postmap command:

# postmap $config_directory/sender_dependant_relayhost_maps


> however the instance continues to deliver email via the internet route Vs
> route via a GW .
> 
> i have not disabled transport_maps as we are using it to give direction to
> incoming NDRs in a multi instance setup.

During the next hop lookup the transport_maps has priority over everything, so 
if you have a wildcard there for example, your sender based configuration will 
never be reached.

Cheers!

Re: Relay email based on Sender address / domain

2019-05-29 Thread Dominic Raferd 
On Wed, 29 May 2019 at 03:36, VB  wrote:

> Hello All ,  Looking for a suggest
>
> As most of you might have come across the need to route email based on
> sender address / domain , we got into it as well and looking for help :
>
> after some reading we tried to configure :
>
> sender_dependent_default_transport_maps =
> hash:$config_directory/sender_dependant_relayhost_maps.db
>
> in the main.cf file to achieve this .
>
> with the maps layed out this way
>
> sender_dependant_relayhost_maps.db >>
>
> senderDomain1  smtp:Anti-Spam_Gateway1
> senderDomain2  smtp:Anti-Spam_Gateway2
>
>
> however the instance continues to deliver email via the internet route Vs
> route via a GW .
>
> i have not disabled transport_maps as we are using it to give direction to
> incoming NDRs in a multi instance setup.
>
> do these attributes conflict / override , or should a instance has only any
> one of these configured.
>
> + should this be configured in master.cf Vs main.cf


As I read it, default_transport can be overridden by
sender_dependent_default_transport_maps
which can in turn be overridden by transport_maps.

Re: opendmarc.dat Permission denied issues

2019-05-29 Thread Dominic Raferd 
On Wed, 29 May 2019 at 05:11,  wrote:

> i'm trying to setup DKIM & DMARC, set it few days ago, it seemed to be
> working ok(?), well, I did'nt notice errors
>
> noticed today multiple "Permission denied" errors since last night, across
> multiple domains
>
> grep " Permission denied" /var/log/maillog | wc
>1943   19430  200491
>
> May 29 13:41:43 geko opendmarc[27677]: AAADD4E821C9:
> /var/run/opendmarc.dat: fopen(): Permission denied
>
> # grep AAADD4E821C9 /var/log/maillog
> May 29 13:41:41 geko postfix/smtpd[30596]: AAADD4E821C9:
> client=mail01.hello.zendesk.com[142.0.163.127]
> May 29 13:41:42 geko postfix/cleanup[30785]: AAADD4E821C9:
> message-id=<32f4e19952284dd89d4be9c71563d796@2136619493>
> May 29 13:41:42 geko opendmarc[27677]: AAADD4E821C9: SPF(mailfrom):
> bounceb...@hello.zendesk.com pass
> May 29 13:41:43 geko opendmarc[27677]: AAADD4E821C9: zendesk.com pass
> May 29 13:41:43 geko opendmarc[27677]: AAADD4E821C9:
> /var/run/opendmarc.dat: fopen(): Permission denied
> May 29 13:41:43 geko postfix/cleanup[30785]: AAADD4E821C9: milter-reject:
> END-OF-MESSAGE from mail01.hello.zendesk.com[142.0.163.127]: 4.7.1 Service
> unavailable - try again later; from=
> to= proto=ESMTP helo=
>
>
> and, I don't have any such:
>
> # ls /var/run/open*
> /var/run/opendkim:
> opendkim.pid
>
> /var/run/opendmarc:
> opendmarc.pid
>
> in conf i have it as:
>
> # grep opendmarc.dat opendmarc.conf
> # HistoryFile /var/spool/opendmarc/opendmarc.dat
> HistoryFile /var/run/opendmarc.dat
>
> (the write up I was using suggested "/var/run/opendmarc.dat"
>
>
> do I need to... re-create opendmarc.dat ..?
> should it go in conf default path /var/spool/opendmarc ?
>
> what did I screw up this time ?
>
> meantime, removed dmarc from postfix main.cf


I think you need to use a suitable UMask setting in /etc/opendmarc.conf
e.g. 0002 - see UMask in man opendmarc.conf. And I don't think /var/run is
a logical place to put the history file. /var/log maybe?