from:"Paul Enlund via Postfix\-users"

[pfx] Re: I don't understand the problem with DMARC and postfix

2024-02-09 Thread Paul Enlund via Postfix-users


Hi

The OP has /var/tmp/opendmarc.dat which will hold the details of why the 
email was treated the way it was.


Paul

On 09/02/2024 15:15, Matus UHLAR - fantomas via Postfix-users wrote:

On 09.02.24 14:58, natan via Postfix-users wrote:
Feb  2 09:02:45 mail134 opendkim[27903]: 888B43B0063: 
smtpfarm4.allegro.pl [91.207.xxx.xxx] not internal

Feb  2 09:02:45 mail134 opendkim[27903]: 888B43B0063: not authenticated
Feb  2 09:02:45 mail134 opendkim[27903]: 888B43B0063: DKIM 
verification successful
Feb  2 09:02:45 mail134 opendkim[27903]: 888B43B0063: s=smtp 
d=allegromail.pl SSL


Feb  2 09:02:45 mail134 opendmarc[29379]: 888B43B0063 ignoring 
Authentication-Results at 0 from mail134.xxx.xxx.pl
Feb  2 09:02:45 mail134 opendmarc[29379]: 888B43B0063 ignoring 
Authentication-Results at 12 from mail134.xxx.xxx.pl


I guess this is from your host so why is it ignoring them?

My machine ignores Authentication-Results from foreign servers.
Are you sure it's not caused by the typu in AuthservID?

Can you post at least first 13 headers from that e-mail?


opendmarc.conf:
AuthservID mail143.xxx.xxx.pl
PidFile /var/run/opendmarc.pid
RejectFailures false
Syslog true
IgnoreAuthenticatedClients true
IgnoreHosts /etc/opendmarc/ignore.hosts
SyslogFacility mail
UMask 0002
UserID opendmarc:opendmarc
HistoryFile /var/tmp/opendmarc.dat

And I have no idea. And I don't know what to pay attention to the 
email itself has the correct structure




___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Odd error

2023-11-21 Thread Paul Enlund via Postfix-users


Hi

Thanks for the insight will find something no doubt.

Just spotted that Postfix sent me this at the time. I cannot see 
anything remiss in it with my eyes


Transcript of session follows.

 Out: 220 mx3.uactech.co.uk ESMTP
 In:  EHLO host.verypinktiger.com
 Out: 250-mx3.uactech.co.uk
 Out: 250-PIPELINING
 Out: 250-SIZE 22971520
 Out: 250-ETRN
 Out: 250-STARTTLS
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250 CHUNKING
 In:  STARTTLS
 Out: 220 2.0.0 Ready to start TLS
 In:  EHLO host.verypinktiger.com
 Out: 250-mx3.uactech.co.uk
 Out: 250-PIPELINING
 Out: 250-SIZE 22971520
 Out: 250-ETRN
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250 CHUNKING
 In:  MAIL FROM:  SIZE=14157
 Out: 250 2.1.0 Ok
 In:  RCPT TO:
 Out: 451 4.3.5 Server configuration error
 In:  DATA
 Out: 554 5.5.1 Error: no valid recipients
 In:  QUIT
 Out: 221 2.0.0 Bye

On 21/11/2023 17:18, Wietse Venema via Postfix-users wrote:

Paul Enlund via Postfix-users:

Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: warning: unknown
smtpd restriction: "OK"
  
On 21/11/2023 15:25, Wietse Venema via Postfix-users wrote:

"OK" is valid only as the first word in a table lookup result.

Response updated for for completeness:

OK is also valid as the first word in a check_policy_service result.

OK is not valid when it appears after other text (in a lookup table
or check_policy_service result).

Paul Enlund via Postfix-users:

Well on first scan no lookup tables look out of order aside to 1 which
had a little white space after the OK's

In a lookup table input file, whitespace *before* OK can produce
the above error, because Postfix will append that text to the
previous line: the result will that "OK" appears after other text.

Now, we could make "OK" more tolerant in newer Postfix releases,
but that will not have an effect on stable releases.
  
	Wietse

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Odd error

2023-11-21 Thread Paul Enlund via Postfix-users


Hi

Well on first scan no lookup tables look out of order aside to 1 which 
had a little white space after the OK's


Will come back to it for a 2nd scan with a fresh head presently

I am wondering if the following is allowed/recommended practice ?

my  last 2 lines of smtpd_recipient_restrictions are:

    check_sender_access proxy:mysql:/etc/postfix/mysql/postgrey_sender.cf
    check_policy_service inet:localhost:6

The check_sender_access allows me to skip the postgrey check for listed 
sender addresses.


This  would have been triggered on the configuration error transaction 
yesterday


On 21/11/2023 15:25, Wietse Venema via Postfix-users wrote:

Paul Enlund via Postfix-users:

Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: warning: unknown
smtpd restriction: "OK"
Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: NOQUEUE: reject:
RCPT from host.verypinktiger.com[89.34.18.125]: 451 4.3.5 Server
configuration error; ...

I suggest that you start with the output from these commands:

 postconf -n | grep OK
 postconf -P | grep OK

If that produces no match, examine the lookup tables in
this command output:

 postconf -n | grep 'smtpd.*restrictions ='
 postconf -P | grep 'smtpd.*restrictions ='

"OK" is valid only as the first word in a table lookup result.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Odd error

2023-11-21 Thread Paul Enlund via Postfix-users


Hi

I have an odd error in yesterdays mail.log. This is a one off and cannot 
be replicated


Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: connect from 
host.verypinktiger.c

om[89.34.18.125]
Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: Anonymous TLS connection 
establis
hed from host.verypinktiger.com[89.34.18.125]: TLSv1.2 with cipher 
ECDHE-RSA-AES

256-GCM-SHA384 (256/256 bits)
Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: warning: unknown smtpd 
restrictio

n: "OK"
Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: NOQUEUE: reject: RCPT 
from host.v
erypinktiger.com[89.34.18.125]: 451 4.3.5 Server configuration error; 
from=ir...@tigerspecs.co.uk> to= proto=ESMTP 
helo=
ger.com>
Nov 20 15:48:03 kanuka postfix/smtpd[3566272]: disconnect from 
host.verypinktige
r.com[89.34.18.125] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 
commands=5/7


Where/what to start looking for something  that caused this. 'OK'

Paul

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: *.mail.protection.outlook.com reporting "452 4.5.3 Too many recipients (AS780090)" for many domains

2023-10-11 Thread Paul Enlund via Postfix-users


Hi

Interesting read and an answer

https://learn.microsoft.com/en-us/answers/questions/1388575/e-mail-sending-to-offcie-microsoft365-customers-no

Paul

On 11/10/2023 14:06, Ralf Hildebrandt via Postfix-users wrote:

Hi!

Since this morning, various MX hosts in *.mail.protection.outlook.com
reporting are reporting back temporary errors for us:

Exhibit A)

host ohri-ca.mail.protection.outlook.com[104.47.75.228] said: 452 4.5.3 Too 
many recipients (AS780090) [YQBCAN01FT018.eop-CAN01.prod.protection.outlook.com 
2023-10-11T02:11:41.144Z 08DBC99CDEC51952] (in reply to RCPT TO command)
(for a mail with 4 recipients, in that particular case)

Exhibit B)

host fraport-de.mail.protection.outlook.com[52.101.73.16] said: 451 4.7.500 
Server busy. Please try again later from [193.175.73.209]. (S77719) 
[AMS0EPF019E.eurprd05.prod.outlook.com 2023-10-11T01:32:21.804Z 
08DBC9B278D9A989] (in reply to end of DATA command)
(for a single recipient mail)

This is happening for multiple tenants on *.mail.protection.outlook.com
Has anybody made similar observations? According to
https://sendersupport.olc.protection.outlook.com/snds/ : "All of the specified IPs 
have normal status."


___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] ARC signing

2023-09-22 Thread Paul Enlund via Postfix-users

Does anybody know of a working (production level) ARC capable milter 
particularly for a Ubuntu 22.04.2 LTS with postfix 3.6.4 ?


Paul

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Troubleshooting mail loop issue

2023-08-15 Thread Paul Enlund via Postfix-users


Hi

One thing to check is that your MX server allowed recipients is in sync 
with M365 allowed recipients.


Regards Paul

On 14/08/2023 22:23, Alex via Postfix-users wrote:

Hi,
I have what appears to be a complicated mail loop problem that I can't 
figure out. I suspect that their receiving system (M365) is somehow 
reinjecting the message back to our mail server after it's been 
successfully delivered to them.


We are acting as MX for two small companies, and occasionally, when 
companyA emails companyB, it is first received by raven.example.com 
, 209.216.111.115, which is the MX we have 
created for them, processed by amavisd, then routed to the destination 
through our postfix-out instance xavier.example.com 
, 209.216.111.114. The companyB server 
accepts the message, but then somehow companyA appears to connect to 
our server again and send the same message again.


It's very difficult to trace what's happening, so I hoped someone 
could help. I think the sending server is somehow reconnecting to our 
server and resending the same message, but it eventually dies with the 
sending server saying "Error: too many hops". Our server never sees 
that message. They have forwarded the bounce to me and I've pasted it 
here:

https://pastebin.com/ChcnDwjK

It appears like it delivers five different copies, but each version 
has all the received headers of the previous version.


I'm sorry if this is confusing. I've spent probably six hours or more 
reading through this one email trying to trace the problem and 
correlate it with the postfix/amavis logs. I believe it's only 
happened a few times - I don't quite understand all the circumstances 
under which it happens. We also don't always see the reject/too many 
hops message. Here is a recent one:


Aug  4 09:01:13 xavier postfix-115/smtp[125455]: 88D5F246: 
to=, relay=127.0.0.1[127.0.0.1]:11024, delay=0.67, 
delays=0.21/0/0/0.45, dsn=5.4.0, status=bounced (host 
127.0.0.1[127.0.0.1] said: 554 5.4.0 id=136757-17 - Rejected by 
next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:11025): 554 5.4.0 
Error: too many hops (in reply to end of DATA command))


Any ideas for either what's going on with this email or what I can do 
to troubleshoot this further would really be appreciated.


Thanks,
Alex



___
Postfix-users mailing list --postfix-users@postfix.org
To unsubscribe send an email topostfix-users-le...@postfix.org___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: I don't understand the problem with DMARC and postfix

[pfx] Re: Odd error

[pfx] Re: Odd error

[pfx] Odd error

[pfx] Re: *.mail.protection.outlook.com reporting "452 4.5.3 Too many recipients (AS780090)" for many domains

[pfx] ARC signing

[pfx] Re: Troubleshooting mail loop issue

7 matches

Site Navigation

Mail list logo

Footer information