Re: SPF still fails; Was: Echange virtual and local domain
On 7/4/21 5:37 AM, Markus Grunwald wrote: > And the error: > > SPF Alignment: Domain not found in SPF > I think you're perhaps just misunderstanding what an "SPF Alignment" error is (according to MXToolbox). If you view this page: https://mxtoolbox.com/problem/spf/spf-alignment?page=prob_spf You will see: "Successful alignment happens when the “Mail-From” address and the “From” address domains are identical." That's all they mean. And in your sample message, they aren't identical: Return-Path: From: Markus Grunwald -- Robert L Mathews, Tiger Technologies
Re: Problems with header checks
On 11/8/19 6:31 AM, Jaroslaw Rafa wrote: > If you do it on incoming mail only, and after DKIM signature has already > been verified, then I think there's no problem. Am I right? Not always, because some people use tools that verify the signature later on, such as this one: https://github.com/lieser/dkim_verifier -- Robert L Mathews
Re: It is possible for Postfix logging to bypass journald?
On 1/9/19 4:05 PM, Curtis wrote: > We recently switched our Postfix mail servers to Ubuntu Server 18, which > uses journald for logging. Since we have monitoring systems that parse > /var/log/maillog, we enabled rsyslog with imuxsock so we still can parse > the log like we did before journald. But, it's unreliable. > > Our monitoring systems are reporting failed deliveries of messages > because of missing log lines in /var/log/maillog. We had this problem. It was fixed by putting this in /etc/systemd/journald.conf: # allow for busy mail logs; allows 1000 per second RateLimitInterval=5s RateLimitBurst=5000 And/or by putting this into /etc/rsyslog.conf: $SystemLogRateLimitInterval 0 (The latter is supposedly no longer necessary, but it used to be, and does not appear to be harmful.) -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
Re: Temporarily block domain.tld from sending?
On 10/8/13 5:15 PM, li...@sbt.net.au wrote: I'm still perplexed with access: the user claims no one else had ftp password, ftp password was a random 8-char alpha/numeric string, can there be any other reason that leaked password...? There are several Windows PC viruses, including the common Gumblar family, that steal saved FTP passwords from files on the computer. They simply have a list of file locations where various FTP clients such as FileZilla and Dreamweaver store saved passwords. They scan all these locations and send any results back to a central server. Some of these viruses also incorporate network sniffing to detect FTP passwords. So even if the password was random and used only on a single computer, it may have been obtained by evildoers if the user checked a remember this password option or ever connected to a non-TLS FTP server. The user should scan any computer that ever used this password for viruses. -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
Re: monitoring with Icinga?
On 6/2/13 9:12 AM, Wietse Venema wrote: For example, periodically send email to mailboxname+timest...@example.com, and parse the to=mailboxname+timest...@example.com and status=delivered out of the logfile record stream. Or, even better, try to retrieve those messages from the actual mailbox using POP3. That way you've simulated everything a user does, end to end. This is not hard to do. Using the Perl modules Net::SMTP and Net::POP3, it's easy to write a Nagios/Icinga check that operates thusly: 1. Using POP3, check for a message with a timestamp in the subject that indicates that it was sent in the last X minutes (where X is the maximum delay you're willing to tolerate). If not found, the result will be CRITICAL. 2. Using POP3, delete every message in the mailbox. 3. Using SMTP, send a new message to the mailbox with a timestamp in the subject. That's all it takes. Each time the check runs, (1) should find the message sent by (3) of the previous check. The timestamp in the subject can be as simple as the epoch seconds. As I wrote on this list 11 years ago(!), In general, the thing I've learned about monitoring is that when possible, check the system by using it, rather [than] looking for changes in side effects (such as logs, or number of processes running, etc.). That's not to say that the other things can't give useful information, too, but if you can check the system by using it, you don't have to worry so much about whether you've added a regexp for every possible log entry and so forth. -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
Re: Postfix, Autoreply
On 5/21/13 1:50 PM, motty cruz wrote: any suggestions? Before you go any further, you should read RFC 3834, Recommendations for Automatic Responses to Electronic Mail: http://tools.ietf.org/html/rfc3834 ... particularly section 2, which begins (with admirable directness) An automatic responder MUST NOT blindly send a response for every message received. If you don't consider those recommendations, your script -- if you get it working -- will do things you won't like. As an example: what would your script do if it ever received a message claiming to be from its own From address (because you sent yourself a message, or because a spammer forged your own address)? It appears that it would send itself an infinite loop of On vacation messages. There are other subtle problems that are difficult to explain here, some of which will cause you to annoy other people on the Internet, not just yourself. This is why people with experience are telling you to use existing software that already takes all of this into account, instead of helping you do something that's universally recognized as unwise. -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
Re: tigertech mirror broken
Frank Cusack wrote: http://www.postfix.org/download.html US, CA, Bay area http://www.tigertech.net/mirrors/postfix-release/index.html goes to a landing page, not a postfix download mirror I'm the person who runs this mirror, and it's now working again. My apologies. We experienced a Sudden Unexpected Learning Event when the files on our primary Web server went away, and the server that it failed over to didn't have a correctly configured mirror copy. That problem will also be fixed. (For those curious about what we learned: If a user's home directory somehow is erroneously set to / in /etc/passwd, and that user was created by a Debian package, apt-get --purge happily deletes the contents of that directory when it deletes the user.) -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
