Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[wilfried.es...@essignetz.de]

Am 18.01.2016 um 23:21 schrieb bi...@sent.at:

> So now when I send email with the test string in it it gets rejected, I get 
> this in the reject message
> 
>   : host mx.example.com[###.###.###.###]
>   said: 550 5.7.1 id=04518-01 - Rejected by next-hop MTA on relaying, 
> from
>   MTA(smtp:[127.0.0.1]:50100): 550 5.7.1 554 5.7.1 Message not allowed
>   (in reply to end of DATA command)
> 
> where
> 
>   smtp:[127.0.0.1]:50100
> 
> is what catches the return from before-queue Amavisd.
> 
> So it's rejecting it now!  Thanks a bunch :-)
> 
> One thing, that reject message has the IP/Port (smtp:[127.0.0.1]:50100) of 
> the next-hop MTA in it.
> 
> Can I quiet that message down somewhere to NOT include that info?  Just 
> include the REJECT, but not the IP/Port, maybe referring to it by its 
> 'syslog_name' or something like that?

My reject messages are also containing this information. As this
interfaces aren't accessible from outside, it doesn't bother me much.

As i understand, amavis is putting the "from MTA(smtp
[127.0.0.1]:50100)" into the reject message. I assume, postfix can't
filter this message out, because it's all happening during the smtp
dialog, while getting the mail from sending outside server. You will
have to rewrite amavis, to get this stopped.


Willi

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[billb]

Hi Wilfried

> As i understand, amavis is putting the "from MTA(smtp
> [127.0.0.1]:50100)" into the reject message. I assume, postfix can't
> filter this message out, because it's all happening during the smtp
> dialog, while getting the mail from sending outside server. You will
> have to rewrite amavis, to get this stopped.

I didn't think of that coming from Amavis.  Makes sense now you mention it.

A little digging points to this

amavisd-new: Customizable Reject Message
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=281752

Looks like it's in there already!

Thanks,

Billy

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[Christian Kivalo]

Save the message to a file. And test like this:

% postmap -q - pcre:/etc/postfix/body_checks.pcre 

So does this.

 cat << EOF > /tmp/testfile
 TEST BAD CONTENT
 EOF
 postmap -q - pcre:/etc/postfix/body_checks.pcre You could use the message file from your imap server or look at the raw 
message in your mail program and save that to a file...

Thanks,

Billy


Christian

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[Noel Jones]

On 1/18/2016 3:28 PM, bi...@sent.at wrote:
> Hi Wietse
> 
> On Mon, Jan 18, 2016, at 01:20 PM, Wietse Venema wrote:
>> bi...@sent.at:
>>>  postconf -n | grep body_checks
>>>   body_checks = /etc/postfix/body_checks.pcre
>>
>> That's your problem. You have SPACE before body_checks.
> 
> No sorry .  That's just me.  I indented output 'vs' input like I always do 
> for post readability.
> 

Curious... output of your grep command above doesn't show the pcre:
map type.


> It's literally/unchanged
> 
> $ postconf -n body_checks
> body_checks = pcre:/etc/postfix/body_checks.pcre

but here it does show.  Maybe binary data in main.cf gumming up the
works?  Or just a really bad job of cut/paste?

Also, one of the most common reasons for body/header checks not
matching is due to the message being base64 or quoted-printable
encoded.  You'll need to examine the raw mail message with vi on
your imap server store to see what's really in there.



  -- Noel Jones

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[Patrick Ben Koetter]

* bi...@sent.at :
> Hi Patrick
> 
> Thanks for the reply.
> 
> > To clarify: postscreen never sees a message body. It probes the client IP 
> > and
> > fakes a few SMTP commands, but that's it.
> 
> Ok, took me a couple of rereads, but it's not postscreen doing the check.  
> It's that postscreen is "part 1" of several checks.
> 
> > The right [tm] method would be to use the postconf utility and let it return
> > the parameter setting:
> > 
> > % postconf -n body_checks
> > 
> > If it does not return anything chances are you mistyped the parameter or
> > something similiar. (That's make makes postconf better than grep).
> 
> Ok got that.  Still looks good.
> 
>  postconf -n body_checks
>   body_checks = pcre:/etc/postfix/body_checks.pcre
> 
> > Save the message to a file. And test like this:
> > 
> > % postmap -q - pcre:/etc/postfix/body_checks.pcre  
> So does this.
> 
>  cat << EOF > /tmp/testfile
>  TEST BAD CONTENT
>  EOF
>  postmap -q - pcre:/etc/postfix/body_checks.pcre TEST BAD CONTENT REJECT  554 5.7.1 Message not allowed

You are proving a test with a probe that isn't in question. Test with the
message that failed the test. If your Postfix config is correct, then the
answer lies within the message you sent.

And while you're at it: Please send complete output of 'postconf -n' so we can
get a complete picture. ;)

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[billb]

Hi Patrick

Thanks for the reply.

> To clarify: postscreen never sees a message body. It probes the client IP and
> fakes a few SMTP commands, but that's it.

Ok, took me a couple of rereads, but it's not postscreen doing the check.  It's 
that postscreen is "part 1" of several checks.

> The right [tm] method would be to use the postconf utility and let it return
> the parameter setting:
> 
> % postconf -n body_checks
> 
> If it does not return anything chances are you mistyped the parameter or
> something similiar. (That's make makes postconf better than grep).

Ok got that.  Still looks good.

 postconf -n body_checks
  body_checks = pcre:/etc/postfix/body_checks.pcre

> Save the message to a file. And test like this:
> 
> % postmap -q - pcre:/etc/postfix/body_checks.pcre  /tmp/testfile
 TEST BAD CONTENT
 EOF
 postmap -q - pcre:/etc/postfix/body_checks.pcre 

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[billb]

Hi Noel

> Or just a really bad job of cut/paste?

Damn. Here I am trying to keep things all tidy-like and f'ing it all up with 
cp-n-paste.  Sorry.  Typo.

Without any monkeying by me,

postconf -n body_checks
body_checks = pcre:/etc/postfix/body_checks.pcre

postconf -n | grep body_checks
body_checks = pcre:/etc/postfix/body_checks.pcre

> Also, one of the most common reasons for body/header checks not
> matching is due to the message being base64 or quoted-printable
> encoded.  You'll need to examine the raw mail message with vi on
> your imap server store to see what's really in there.

Yeah thought about that.  No weird encoding.  And testing the message sent and 
the message received with the "postmap -q" both work.

Thanks,

Billy

body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[billb]

Hi

I'm building my 1st Postfix server and working on getting Postscreen setup.

I RTFM here

  http://www.postfix.org/POSTSCREEN_README.html 

Where it says

 The third layer performs light-weight content inspection with the Postfix
 built-in header_checks and body_checks. This can block unacceptable 
attachments such as
 executable programs, and worms or viruses with easy-to-recognize signatures. 

So in my main.cf I added

 body_checks = /etc/postfix/body_checks.pcre

Checked that it's in there

 postconf -n | grep body_checks
  body_checks = /etc/postfix/body_checks.pcre

and edited

 /etc/postfix/body_checks.pcre
  /TEST BAD CONTENT/  REJECT  554 5.7.1 Message not allowed

Then I test it with

 postmap -q "TEST BAD CONTENT" pcre:/etc/postfix/body_checks.pcre 
  REJECT  554 5.7.1 [P5] Message not allowed

So it looks ok to me.

But then I send myself a test message from gmail, making sure the text "TEST 
BAD CONTENT" is in the body.

And it passes right through :-(

I'm not sure what to look at as to why or how it's getting through.  Just 
coming up to speed on how to debug stuff.

I'd appreciate a hand.

Thanks,

Billy

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[billb]

Re-looking at my config, I set up Postfix to 

 1) receive via postfix
 2) hand off what passes postscreen and the body_checks to amavis

So I have

 master.cf

  [mx.example.com]:25  inet  n  -  n  -  1  postscreen
-o smtpd_service_name=ps-int

  ps-int  pass  -  -  n  -  -  smtpd
-o receive_override_options=no_address_mappings
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_connection_count_limit=20
-o smtpd_proxy_filter=127.0.0.1:5
-o smtpd_proxy_options=speed_adjust
-o smtpd_proxy_timeout=300s
-o syslog_name=postfix/ps-int

   ..


Which then hands-off to amavisd listening on 127.0.0.1:5

Like I said above, and verified with postconf,

 main.cf
   ..
   body_checks=pcre:/etc/postfix/body_checks.pcre
   ..
  
IIUC the 'ps-int' smtpd instance should be using body_checks from main.cf.

So this should work, right?

Unless ... the body_checks doesn't happen soon enough? And it gets passed to 
Amavisd *before* ever hitting that check?

Do I  need some kind of a separate additional smtpd instance in there to pass 
to FROM ps-int BEFORE passing to the Amavisd filter?

Thanks,

Billy

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[Patrick Ben Koetter]

* bi...@sent.at :
> Hi
> 
> I'm building my 1st Postfix server and working on getting Postscreen setup.
> 
> I RTFM here
> 
>   http://www.postfix.org/POSTSCREEN_README.html 
> 
> Where it says
> 
>  The third layer performs light-weight content inspection with the Postfix
>  built-in header_checks and body_checks. This can block unacceptable 
> attachments such as
>  executable programs, and worms or viruses with easy-to-recognize signatures. 

To clarify: postscreen never sees a message body. It probes the client IP and
fakes a few SMTP commands, but that's it.

However your content test should work.


> So in my main.cf I added
> 
>  body_checks = /etc/postfix/body_checks.pcre
> 
> Checked that it's in there
> 
>  postconf -n | grep body_checks
>   body_checks = /etc/postfix/body_checks.pcre

The right [tm] method would be to use the postconf utility and let it return
the parameter setting:

% postconf -n body_checks

If it does not return anything chances are you mistyped the parameter or
something similiar. (That's make makes postconf better than grep).


> and edited
> 
>  /etc/postfix/body_checks.pcre
>   /TEST BAD CONTENT/  REJECT  554 5.7.1 Message not allowed
> 
> Then I test it with
> 
>  postmap -q "TEST BAD CONTENT" pcre:/etc/postfix/body_checks.pcre 
>   REJECT  554 5.7.1 [P5] Message not allowed
> 
> So it looks ok to me.
> 
> But then I send myself a test message from gmail, making sure the text "TEST 
> BAD CONTENT" is in the body.
> 
> And it passes right through :-(

Save the message to a file. And test like this:

% postmap -q - pcre:/etc/postfix/body_checks.pcre https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[Wietse Venema]

bi...@sent.at:
>  postconf -n | grep body_checks
>   body_checks = /etc/postfix/body_checks.pcre

That's your problem. You have SPACE before body_checks.

Wietse

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[billb]

Hi Wietse

On Mon, Jan 18, 2016, at 01:20 PM, Wietse Venema wrote:
> bi...@sent.at:
> >  postconf -n | grep body_checks
> >   body_checks = /etc/postfix/body_checks.pcre
> 
> That's your problem. You have SPACE before body_checks.

No sorry .  That's just me.  I indented output 'vs' input like I always do for 
post readability.

It's literally/unchanged

$ postconf -n body_checks
body_checks = pcre:/etc/postfix/body_checks.pcre

here.

Thanks,

Billy

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[wilfried.es...@essignetz.de]

Hi,

seems you are using amavis in before-queue mode?. As i remember, a
proxy-smtpd, doesn't do any header- and body-checks

The more interresting master.cf lines are the ones who get the mail from
amavis. Do you have somthing like

-o receive_override_options=no_header_body_checks
or
-o body_checks=
there ?


Am 18.01.2016 um 22:34 schrieb bi...@sent.at:
> Re-looking at my config, I set up Postfix to 
> 
>  1) receive via postfix
>  2) hand off what passes postscreen and the body_checks to amavis
> 
> So I have
> 
>  master.cf
> 
>   [mx.example.com]:25  inet  n  -  n  -  1  postscreen
> -o smtpd_service_name=ps-int
> 
>   ps-int  pass  -  -  n  -  -  smtpd
> -o receive_override_options=no_address_mappings
> -o smtpd_authorized_xforward_hosts=127.0.0.0/8
> -o smtpd_client_connection_count_limit=20
> -o smtpd_proxy_filter=127.0.0.1:5
> -o smtpd_proxy_options=speed_adjust
> -o smtpd_proxy_timeout=300s
> -o syslog_name=postfix/ps-int
> 
>..
> 
> 
> Which then hands-off to amavisd listening on 127.0.0.1:5
> 
> Like I said above, and verified with postconf,
> 
>  main.cf
>..
>body_checks=pcre:/etc/postfix/body_checks.pcre
>..
>   
> IIUC the 'ps-int' smtpd instance should be using body_checks from main.cf.
> 
> So this should work, right?
> 
> Unless ... the body_checks doesn't happen soon enough? And it gets passed to 
> Amavisd *before* ever hitting that check?
> 
> Do I  need some kind of a separate additional smtpd instance in there to pass 
> to FROM ps-int BEFORE passing to the Amavisd filter?
> 
> Thanks,
> 
> Billy
> 

Re: body_checks with postscreen. Test works at blocking, but 'real mail' slips through?

[billb]

Hi Wilfried

> seems you are using amavis in before-queue mode?

Yep, at this first step it's before-queue

> As i remember, a proxy-smtpd, doesn't do any header- and body-checks

Ok, so I must have missed that :-/  I don't yet grok all the details of 
before-VS-after queuing.  WOrkinf on that - it's pretty thick stuff.

> The more interresting master.cf lines are the ones who get the mail from
> amavis. Do you have somthing like

>   -o receive_override_options=no_header_body_checks

Yep, I had

 -o receive_override_options=...,no_header_body_checks

on the next hop that received back from the 1st-step before-queue Amavisd

So changing that

 - -o receive_override_options=...,no_header_body_checks
 + -o receive_override_options=...

Then figuring out that 'postfix reload' isn't enough and that I had to restart 
postfix, it works!

So now when I send email with the test string in it it gets rejected, I get 
this in the reject message

: host mx.example.com[###.###.###.###]
said: 550 5.7.1 id=04518-01 - Rejected by next-hop MTA on relaying, 
from
MTA(smtp:[127.0.0.1]:50100): 550 5.7.1 554 5.7.1 Message not allowed
(in reply to end of DATA command)

where

smtp:[127.0.0.1]:50100

is what catches the return from before-queue Amavisd.

So it's rejecting it now!  Thanks a bunch :-)

One thing, that reject message has the IP/Port (smtp:[127.0.0.1]:50100) of the 
next-hop MTA in it.

Can I quiet that message down somewhere to NOT include that info?  Just include 
the REJECT, but not the IP/Port, maybe referring to it by its 'syslog_name' or 
something like that?

Thanks,

Billy

Re: postscreen test

[lst_hoe02]

Zitat von Victor Duchovni victor.ducho...@morganstanley.com:


On Thu, Jul 16, 2009 at 05:21:13PM -0400, Rob Foehl wrote:


Possible substitutes include concierge or valet, or perhaps any of the less
specific guard, sentry, sentinel, ...


I think sentry is short, and simple, and can even be thought of as a
contraction of smtp and entry. A bit less corny than prefix IMHO
(sorry Patrick, nothing personal).


I too would prefare something you can easy search for. The word  
prefix would be to broad in use IMHO.


Regards

Andreas

Re: postscreen test

[Victoriano Giralt]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/16/09 16:19, Terry Carmen wrote:
 prefix? It fixes things before they become a problem...

 Great name! I like it!
+1

- -- 
Victoriano Giralt
Systems Manager
Central ICT Services
University of Malaga
SPAIN
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Remi - http://enigmail.mozdev.org/

iD8DBQFKYDjYV6+mDjj1PTgRAq3CAJoCIDs2nNzccgdUXjt/A8zd06r92ACeLIEz
vmInQK7KHjWXF3XUfcND6yQ=
=llzT
-END PGP SIGNATURE-

Re: postscreen test

[Wietse Venema]

Victor Duchovni:
 On Thu, Jul 16, 2009 at 05:21:13PM -0400, Rob Foehl wrote:
 
  Possible substitutes include concierge or valet, or perhaps any of the less 
  specific guard, sentry, sentinel, ...
 
 I think sentry is short, and simple, and can even be thought of as a
 contraction of smtp and entry. A bit less corny than prefix IMHO
 (sorry Patrick, nothing personal).

sentry is good. 

In a similar class is triage, which I mention in the postscreen
manpage at http://www.postfix.org/postscreen.8.html

Wietse

Re: postscreen test

[Wietse Venema]

Reko Turja:
 Another figure from Greek mythology that has lent his hame to even a 
 special drinks cabinet: Tantalus
 
 The mail server is there, you can even see it, but when you try to 
 reach it it becomes unaccessible.

That is almost too good; it could a name for a complete product.

Wietse

Re: postscreen test

[Robert Schetterer]

Wietse Venema schrieb:
 Victor Duchovni:
 On Thu, Jul 16, 2009 at 05:21:13PM -0400, Rob Foehl wrote:

 Possible substitutes include concierge or valet, or perhaps any of the less 
 specific guard, sentry, sentinel, ...
 I think sentry is short, and simple, and can even be thought of as a
 contraction of smtp and entry. A bit less corny than prefix IMHO
 (sorry Patrick, nothing personal).
 
 sentry is good. 
 
 In a similar class is triage, which I mention in the postscreen
 manpage at http://www.postfix.org/postscreen.8.html
 
   Wietse

sentry is used by lots of other things

http://en.wikipedia.org/wiki/Sentry

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: postscreen test

[Robert Schetterer]

Reko Turja schrieb:
 Another figure from Greek mythology that has lent his hame to even a
 special drinks cabinet: Tantalus
 
 The mail server is there, you can even see it, but when you try to reach
 it it becomes unaccessible.
 
 -Reko

why not orcus *g
http://en.wikipedia.org/wiki/Orcus

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: postscreen test

[Patrick Ben Koetter]

* Wietse Venema postfix-users@postfix.org:
 Victor Duchovni:
  On Thu, Jul 16, 2009 at 05:21:13PM -0400, Rob Foehl wrote:
  
   Possible substitutes include concierge or valet, or perhaps any of the 
   less 
   specific guard, sentry, sentinel, ...
  
  I think sentry is short, and simple, and can even be thought of as a
  contraction of smtp and entry. A bit less corny than prefix IMHO
  (sorry Patrick, nothing personal).
 
 sentry is good. 
 
 In a similar class is triage, which I mention in the postscreen
 manpage at http://www.postfix.org/postscreen.8.html

Two more names:

  refuse
  drop(down)


I am very much in favor of greek or latin mythology, but I think prefix and
both words above are more in the tradition of describing what the program does
e.g.  pickup, cleanup, tlsmgr etc. which I actually like very much about
Postfix naming convention.

p...@rick



-- 
The Book of Postfix
http://www.postfix-book.com
saslfinger (debugging SMTP AUTH):
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/

Re: postscreen test

[Simon Waters]

Winnow from winnowing.

Re: postscreen test

[José Luis Tallón]

Patrick Ben Koetter wrote:
 * Wietse Venema postfix-users@postfix.org:
   
 Victor Duchovni:
 
 On Thu, Jul 16, 2009 at 05:21:13PM -0400, Rob Foehl wrote:

   
 Possible substitutes include concierge or valet, or perhaps any of the 
 less 
 specific guard, sentry, sentinel, ...
 
 I think sentry is short, and simple, and can even be thought of as a
 contraction of smtp and entry. A bit less corny than prefix IMHO
 (sorry Patrick, nothing personal).
   
 sentry is good. 

 In a similar class is triage, which I mention in the postscreen
 manpage at http://www.postfix.org/postscreen.8.html
 

 Two more names:

   refuse
   drop(down)


 I am very much in favor of greek or latin mythology, but I think prefix and
 both words above are more in the tradition of describing what the program does
 e.g.  pickup, cleanup, tlsmgr etc. which I actually like very much about
 Postfix naming convention.
   
screener, then.
Oh, wait ...


but then, there is also anvil

J.L.

Re: postscreen test

[Noel Jones]

Ralf Hildebrandt wrote:

* Noel Jones njo...@megan.vbhcs.org:


corona


Corona, St.George, what's it with the beer names?



Corona - outer atmosphere of a star
I can't help it if someone named a beer that too.  Makes more 
sense for our purpose, I'll give them a call.


I like sentry too.

  -- Noel Jones

Re: postscreen test

[Gaby Vanhegan]

On 17 Jul 2009, at 13:50, Noel Jones wrote:


I like sentry too.



Along that theme: doorman?  bouncer? examiner? customs?  patrol?

G.

--
Expounding the theory of infinite Abelian Badgers
http://playr.co.uk/

Re: postscreen test

[Ralf Hildebrandt]

* Noel Jones njo...@megan.vbhcs.org:
 Ralf Hildebrandt wrote:
 * Noel Jones njo...@megan.vbhcs.org:

 corona

 Corona, St.George, what's it with the beer names?


 Corona - outer atmosphere of a star

Latin for Crown

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

RE: postscreen test

[Goodman, Michael]

I like turpis

http://en.wiktionary.org/wiki/turpis

Latin

[edit] Adjective

turpis m. and f., turpe n.; third declension

   1. ugly, unsightly; foul, filthy
   2. (of sound) cacophonous, disagreeable
   3. (figuratively) base, infamous, scandalous, dishonorable, shameful, 
disgraceful

Or modified as postturpis

Michael Goodman
Senior System Administrator
-
Email:   mgood...@constantcontact.com
Phone: 781-370-8632
Mobile: 617-232-3121
-
 

Re: postscreen test

[Wietse Venema]

Ralf Hildebrandt:
 * Noel Jones njo...@megan.vbhcs.org:
  Ralf Hildebrandt wrote:
  * Noel Jones njo...@megan.vbhcs.org:
 
  corona
 
  Corona, St.George, what's it with the beer names?
 
 
  Corona - outer atmosphere of a star
 
 Latin for Crown

Good names I have seen sofar that suggest what the program does:
sentry (the guard at the gate) and triage (the action of deciding
which patients to service).

Wietse

Re: postscreen test

[Bill Landry]

Wietse Venema wrote:
 Ralf Hildebrandt:
 * Noel Jones njo...@megan.vbhcs.org:
 Ralf Hildebrandt wrote:
 * Noel Jones njo...@megan.vbhcs.org:

 corona
 Corona, St.George, what's it with the beer names?

 Corona - outer atmosphere of a star
 Latin for Crown
 
 Good names I have seen sofar that suggest what the program does:
 sentry (the guard at the gate) and triage (the action of deciding
 which patients to service).

How about sentinel

–noun
1. a person or thing that watches or stands as if watching.
2. a soldier stationed as a guard to challenge all comers and prevent a
surprise attack: to stand sentinel.
3. Also called tag. Computers. a symbol, mark, or other labeling device
indicating the beginning or end of a unit of information.

–verb (used with object)
4. to watch over or guard as a sentinel.

Bill

Re: postscreen test

[Gaby Vanhegan]

On 17 Jul 2009, at 15:02, Wietse Venema wrote:


Good names I have seen sofar that suggest what the program does:
sentry (the guard at the gate) and triage (the action of deciding
which patients to service).



St Peter?

--
Being drunk is feeling sophisticated without being able to say it.
http://www.playr.co.uk/

Re: postscreen test

[Robert Lopez]

On Fri, Jul 17, 2009 at 8:02 AM, Wietse Venemawie...@porcupine.org wrote:
 Ralf Hildebrandt:
 * Noel Jones njo...@megan.vbhcs.org:
  Ralf Hildebrandt wrote:
  * Noel Jones njo...@megan.vbhcs.org:
 
  corona
 
  Corona, St.George, what's it with the beer names?
 
 
  Corona - outer atmosphere of a star

 Latin for Crown

 Good names I have seen sofar that suggest what the program does:
 sentry (the guard at the gate) and triage (the action of deciding
 which patients to service).

        Wietse



From the point of view of one who has been easily confused by
definitions of terms I want to also join the no to bouncer and I
agree with all the reasons others have stated.

-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106

Re: postscreen test

[Michel Lavondes]

On Thu, July 16, 2009 7:23 pm, Mike Cappella wrote:
 On 7/13/09 5:20 PM, Wietse Venema wrote:
  
   I'm still open for program name suggestions. If someone has a better
   name than swatter or halligan let me know. Once the name changes,
   all the configuration parameters will change, too.

 postcull

postcullis

Re: postscreen test

[Gaby Vanhegan]

On 17 Jul 2009, at 16:29, Michel Lavondes wrote:


On Thu, July 16, 2009 7:23 pm, Mike Cappella wrote:

On 7/13/09 5:20 PM, Wietse Venema wrote:


I'm still open for program name suggestions. If someone has a better
name than swatter or halligan let me know. Once the name  
changes,

all the configuration parameters will change, too.


   postcull


postcullis


Sounds a little like an Irish airline or a dubious sexual act?

--
Bought to you by the Department of Redundancy Department's Recursion  
Division of Recursion

http://playr.co.uk/

Re: postscreen test

[LuKreme]

On 17-Jul-2009, at 09:29, Michel Lavondes wrote:

On Thu, July 16, 2009 7:23 pm, Mike Cappella wrote:

On 7/13/09 5:20 PM, Wietse Venema wrote:


I'm still open for program name suggestions. If someone has a better
name than swatter or halligan let me know. Once the name  
changes,

all the configuration parameters will change, too.


   postcull


postcullis


Well played.

--
You are responsible for your Rose

Re: postscreen test

[Charles Marcus]

On 7/16/2009, Wietse Venema (wie...@porcupine.org) wrote:
 Charon is not too bad. Certainly better than zzapper or zkiller
 and other ugly names that I did not mention.

How about praetorian...

-- 

Best regards,

Charles

Re: postscreen test

[Mike Morris]

On 07/17/2009 05:30 AM, José Luis Tallón wrote:
 Patrick Ben Koetter wrote:
 * Wietse Venema postfix-users@postfix.org:
   
 Victor Duchovni:
 
 On Thu, Jul 16, 2009 at 05:21:13PM -0400, Rob Foehl wrote:

   
 Possible substitutes include concierge or valet, or perhaps any of the 
 less 
 specific guard, sentry, sentinel, ...
 
 I think sentry is short, and simple, and can even be thought of as a
 contraction of smtp and entry. A bit less corny than prefix IMHO
 (sorry Patrick, nothing personal).
   
 sentry is good. 

 In a similar class is triage, which I mention in the postscreen
 manpage at http://www.postfix.org/postscreen.8.html
 
 Two more names:

   refuse
   drop(down)


 I am very much in favor of greek or latin mythology, but I think prefix and
 both words above are more in the tradition of describing what the program 
 does
 e.g.  pickup, cleanup, tlsmgr etc. which I actually like very much about
 Postfix naming convention.
   
 screener, then.
 Oh, wait ...
 
 
 but then, there is also anvil
 
 J.L.
 

Anvil is a name I always liked for a Postfix daemon, and I was also
thinking that building on that theme would be a good idea.  However, I'm
not clever enough to come up with an example.  Vise was all that I
could come up with.

-Mike

Re: postscreen test

[Patrick Ben Koetter]

* Wietse Venema wie...@porcupine.org:
 I'm still open for program name suggestions. If someone has a better
 name than swatter or halligan let me know. Once the name changes,
 all the configuration parameters will change, too.

prefix? It fixes things before they become a problem...

p...@rick


-- 
The Book of Postfix
http://www.postfix-book.com
saslfinger (debugging SMTP AUTH):
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/

Re: postscreen test

[Wietse Venema]

Patrick Ben Koetter:
 * Wietse Venema wie...@porcupine.org:
  I'm still open for program name suggestions. If someone has a better
  name than swatter or halligan let me know. Once the name changes,
  all the configuration parameters will change, too.
 
 prefix? It fixes things before they become a problem...

Cute.

Wietse

RE: postscreen test

[Kammen van, Marco, Springer SBM NL]

 I'm still open for program name suggestions. If someone has a better
 name than swatter or halligan let me know. Once the name changes,
 all the configuration parameters will change, too.

prefix? It fixes things before they become a problem...

p...@rick

So simple yet so good! 
I like it :-D 

Re: postscreen test

[Ralf Hildebrandt]

* Patrick Ben Koetter p...@state-of-mind.de:
 * Wietse Venema wie...@porcupine.org:
  I'm still open for program name suggestions. If someone has a better
  name than swatter or halligan let me know. Once the name changes,
  all the configuration parameters will change, too.
 
 prefix? It fixes things before they become a problem...

I like that one.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: postscreen test

[Brian Evans - Postfix List]

Wietse Venema wrote:
 I'm still open for program name suggestions. If someone has a better
 name than swatter or halligan let me know. Once the name changes,
 all the configuration parameters will change, too.
   

What about an name like trooper?
This is in reference to:
a) A police officer with their radar guns catching speeders
b) A soldier on the front line of battle

Re: postscreen test

[Victor Duchovni]

On Thu, Jul 16, 2009 at 02:43:35PM +0200, Patrick Ben Koetter wrote:

 * Wietse Venema wie...@porcupine.org:
  I'm still open for program name suggestions. If someone has a better
  name than swatter or halligan let me know. Once the name changes,
  all the configuration parameters will change, too.
 
 prefix? It fixes things before they become a problem...

Cute, but it does not start with post, and the existing utilities
all do, breaking the pattern makes it less obvious which commands
are likely to be Postfix utilities...

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: postscreen test

[Wietse Venema]

Victor Duchovni:
 On Thu, Jul 16, 2009 at 02:43:35PM +0200, Patrick Ben Koetter wrote:
 
  * Wietse Venema wie...@porcupine.org:
   I'm still open for program name suggestions. If someone has a better
   name than swatter or halligan let me know. Once the name changes,
   all the configuration parameters will change, too.
  
  prefix? It fixes things before they become a problem...
 
 Cute, but it does not start with post, and the existing utilities
 all do, breaking the pattern makes it less obvious which commands
 are likely to be Postfix utilities...

Postfix daemon names don't start with post. The name postscreen
is used only because I had to get this up and running in very little
time so that I would have some results.

Wietse

Re: postscreen test

[Victor Duchovni]

On Thu, Jul 16, 2009 at 12:19:05PM -0400, Wietse Venema wrote:

 Victor Duchovni:
  On Thu, Jul 16, 2009 at 02:43:35PM +0200, Patrick Ben Koetter wrote:
  
   * Wietse Venema wie...@porcupine.org:
I'm still open for program name suggestions. If someone has a better
name than swatter or halligan let me know. Once the name changes,
all the configuration parameters will change, too.
   
   prefix? It fixes things before they become a problem...
  
  Cute, but it does not start with post, and the existing utilities
  all do, breaking the pattern makes it less obvious which commands
  are likely to be Postfix utilities...
 
 Postfix daemon names don't start with post. The name postscreen
 is used only because I had to get this up and running in very little
 time so that I would have some results.

Oops, you are right of course, this lives in the libexec namespace,
never mind...

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: postscreen test

[Charles Marcus]

On 7/16/2009 11:56 AM, Victor Duchovni wrote:
 I'm still open for program name suggestions. If someone has a better
 name than swatter or halligan let me know. Once the name changes,
 all the configuration parameters will change, too.

 prefix? It fixes things before they become a problem...

 Cute, but it does not start with post, and the existing utilities
 all do, breaking the pattern makes it less obvious which commands
 are likely to be Postfix utilities...

Ok, so how about 'postfix'?

Sorry, couldn't resist...

-- 

Best regards,

Charles

Re: postscreen test

[Mike Cappella]

On 7/13/09 5:20 PM, Wietse Venema wrote:

 I'm still open for program name suggestions. If someone has a better
 name than swatter or halligan let me know. Once the name changes,
 all the configuration parameters will change, too.

   posttriage

or if you have issues w/the French:

   postcull
   postreject
   postdiscard

---
Mike

Re: postscreen test

[Victor Duchovni]

On Thu, Jul 16, 2009 at 12:23:39PM -0700, Mike Cappella wrote:

 On 7/13/09 5:20 PM, Wietse Venema wrote:
 
  I'm still open for program name suggestions. If someone has a better
  name than swatter or halligan let me know. Once the name changes,
  all the configuration parameters will change, too.

The service is an SMTP bouncer, keeping unwanted clients from entering
the premises. We already have a bounce unix service, will having:

smtp  inet  n   -   n   -   1   bouncer
...
bounceunix  -   -   n   -   0   bounce

cause significant confusion?

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: postscreen test

[Wietse Venema]

Victor Duchovni:
 On Thu, Jul 16, 2009 at 12:23:39PM -0700, Mike Cappella wrote:
 
  On 7/13/09 5:20 PM, Wietse Venema wrote:
  
   I'm still open for program name suggestions. If someone has a better
   name than swatter or halligan let me know. Once the name changes,
   all the configuration parameters will change, too.
 
 The service is an SMTP bouncer, keeping unwanted clients from entering
 the premises. We already have a bounce unix service, will having:
 
 smtp  inet  n   -   n   -   1   bouncer
 ...
 bounceunix  -   -   n   -   0   bounce
 
 cause significant confusion?

It's no worse than smtp versus smtpd. If there exists a different
name for the agent at the door, then that might work.  Alas, cerberus
is already in use (by the kerberos authentication system).

Wietse

Re: postscreen test

[Rod Dorman]

On Thursday, July 16, 2009, 16:01:57, Victor Duchovni wrote:
 On Thu, Jul 16, 2009 at 12:23:39PM -0700, Mike Cappella wrote:

 On 7/13/09 5:20 PM, Wietse Venema wrote:
 
  I'm still open for program name suggestions. If someone has a better
  name than swatter or halligan let me know. Once the name changes,
  all the configuration parameters will change, too.

 The service is an SMTP bouncer, keeping unwanted clients from entering
 the premises. We already have a bounce unix service, will having:

 smtp  inet  n   -   n   -   1   bouncer
 ...
 bounceunix  -   -   n   -   0   bounce

 cause significant confusion?

Naming it bouncer might reduce the confusion a smidgen and make it
slightly easier to search for.


-- 
r...@polylogics.com The avalanche has already started, it is too
Rod Dorman  late for the pebbles to vote. - Ambassador Kosh

Re: postscreen test

[Kyle Dent]

Victor Duchovni wrote:

On Thu, Jul 16, 2009 at 02:14:06PM -0700, Mike Cappella wrote:


On 7/16/09 1:01 PM, Victor Duchovni wrote:


The service is an SMTP bouncer, keeping unwanted clients from entering
the premises. We already have a bounce unix service, will having:

 smtp  inet  n   -   n   -   1   bouncer
 ...
 bounceunix  -   -   n   -   0   bounce

cause significant confusion?

While I like the name, please no.  Postfix support lists have had to call 
attention to smtp v. smtpd enough.


I would usually concur, but the bounce service is largely invisible
to users, so confusion is far less likely. You may still be right, but
it is far less significant than with smtp(8) and smtpd(8).



I'm inclined to agree that adding more possible confusion is not a good 
thing even if it is minimal. What about some variation on a propylaeum 
(http://en.wikipedia.org/wiki/Propylaea)? A propylaeum is a gateway that 
sits at the entrance of a sacred enclosure. The most famous one is at 
the Acropolis. Entering the Acropolis was permitted or denied at the 
Propylaeum. A literal reading of the Greek would be something like 'that 
which is before the entrance (or gates)'.


Kyle

Re: postscreen test

[Victor Duchovni]

On Thu, Jul 16, 2009 at 02:14:06PM -0700, Mike Cappella wrote:

 On 7/16/09 1:01 PM, Victor Duchovni wrote:

 The service is an SMTP bouncer, keeping unwanted clients from entering
 the premises. We already have a bounce unix service, will having:

  smtp  inet  n   -   n   -   1   bouncer
  ...
  bounceunix  -   -   n   -   0   bounce

 cause significant confusion?


 While I like the name, please no.  Postfix support lists have had to call 
 attention to smtp v. smtpd enough.

I would usually concur, but the bounce service is largely invisible
to users, so confusion is far less likely. You may still be right, but
it is far less significant than with smtp(8) and smtpd(8).

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: postscreen test

[Rob Foehl]

On Thu, 16 Jul 2009, Wietse Venema wrote:


Victor Duchovni:

The service is an SMTP bouncer, keeping unwanted clients from entering
the premises. We already have a bounce unix service, will having:

smtp  inet  n   -   n   -   1   bouncer
...
bounceunix  -   -   n   -   0   bounce

cause significant confusion?


It's no worse than smtp versus smtpd. If there exists a different
name for the agent at the door, then that might work.  Alas, cerberus
is already in use (by the kerberos authentication system).


Possible substitutes include concierge or valet, or perhaps any of the 
less specific guard, sentry, sentinel, ...


-Rob

Re: postscreen test

[Victor Duchovni]

On Thu, Jul 16, 2009 at 05:21:13PM -0400, Rob Foehl wrote:

 Possible substitutes include concierge or valet, or perhaps any of the less 
 specific guard, sentry, sentinel, ...

I think sentry is short, and simple, and can even be thought of as a
contraction of smtp and entry. A bit less corny than prefix IMHO
(sorry Patrick, nothing personal).

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: postscreen test

[Sahil Tandon]

On Thu, 16 Jul 2009, Victor Duchovni wrote:

 On Thu, Jul 16, 2009 at 05:21:13PM -0400, Rob Foehl wrote:
 
  Possible substitutes include concierge or valet, or perhaps any of the less 
  specific guard, sentry, sentinel, ...
 
 I think sentry is short, and simple, and can even be thought of as a
 contraction of smtp and entry. A bit less corny than prefix IMHO
 (sorry Patrick, nothing personal).

+1 for sentry.

-- 
Sahil Tandon sa...@tandon.net

Re: postscreen test

[Michael Orlitzky]

Wietse Venema wrote:

Jose Luis Tallon:

Wietse Venema wrote:

[snip]
It's no worse than smtp versus smtpd. If there exists a different
name for the agent at the door, then that might work.  Alas, cerberus
is already in use (by the kerberos authentication system).
  

And so are Heimdall (KTH's implementation of Kerberos) as well as
Anubis and Horus.
Unless you want to use St.Peter, of course  --- no offense intended,
of course.


I briefly looked for alternatives to St. George, the dragon slayer
but didn't come up with a sexy name.

bouncer would be good if there was not a near name collision.
Would zbouncer be different enough? It's a bit long, though. 


Perhaps, zombo (zombie bouncer)?

[Charon]

Charon is not too bad. Certainly better than zzapper or zkiller
and other ugly names that I did not mention.

Wietse


From http://en.wikipedia.org/wiki/Oedipus,

  Continuing his journey to Thebes, Oedipus encounters the Sphinx who
  would stop all those who traveled to Thebes and ask them a riddle. If
  the travelers were unable to answer correctly, they were eaten by the
  Sphinx; if they were successful, they would be able to continue their
  journey.

Short, no collisions, and has an 'x' to supply coolness. I am partial to 
prefix, though, and agree that bouncer would just confuse people.

Re: postscreen test

[Ralf Hildebrandt]

* Victor Duchovni victor.ducho...@morganstanley.com:

 The service is an SMTP bouncer, keeping unwanted clients from entering
 the premises. We already have a bounce unix service, will having:
 
 smtp  inet  n   -   n   -   1   bouncer
 ...
 bounceunix  -   -   n   -   0   bounce
 
 cause significant confusion?

I already see enough confusion with smtp/smtpd

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: postscreen test

[Ralf Hildebrandt]

* Wietse Venema wie...@porcupine.org:

 It's no worse than smtp versus smtpd. If there exists a different
 name for the agent at the door, then that might work.  Alas, cerberus
 is already in use (by the kerberos authentication system).

And your cerberus is multi-threaded, not multi-headed.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: postscreen test

[Ralf Hildebrandt]

* Victor Duchovni victor.ducho...@morganstanley.com:

 I think sentry is short, and simple, and can even be thought of as a
 contraction of smtp and entry.

Not too bad.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: postscreen test

[Ralf Hildebrandt]

* Noel Jones njo...@megan.vbhcs.org:

 corona

Corona, St.George, what's it with the beer names?

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: postscreen test

[Ralf Hildebrandt]

* Michael Orlitzky mich...@orlitzky.com:

 From http://en.wikipedia.org/wiki/Oedipus,

   Continuing his journey to Thebes, Oedipus encounters the Sphinx who
   would stop all those who traveled to Thebes and ask them a riddle. If
   the travelers were unable to answer correctly, they were eaten by the
   Sphinx; if they were successful, they would be able to continue their
   journey.

 Short, no collisions, and has an 'x' to supply coolness. I am partial to  
 prefix, though, and agree that bouncer would just confuse people.

But then oedipus is more widely know for what he did with his mother.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: postscreen test

[Wietse Venema]

Helga Mayer:
 
 Hi,
 
 I'm testing postscreen on our secondary smtp server.
 First results:
 https://rz-static.uni-hohenheim.de/hmayer/tmp/Screenshot-68.png
 There are hardly anymore rejects. I did not yet adjust mailgraph for the 
 drops.

That is an interesting picture. It looks like dropping the pregreeters
made your reject rates already go down quite a bit. Of course it
is known that spammers prefer to use secondary MX hosts because
these hosts often serve many domains and therefore have more
permissive settings.

This weekend I finally found time to update the non-production
release.  This version should support no DNS blocklists without
panic, and it also has better support for postfix reload.

There are still plenty of rough edges. It does not yet remove entries
from the btree database so the file needs to be renamed periodically,
and it does not yet log the sender/recipient of rejected mail. For
that reason alone I don't recommend turning on DNS blocklist lookups
except for gathering statistics.

I'm still open for program name suggestions. If someone has a better
name than swatter or halligan let me know. Once the name changes,
all the configuration parameters will change, too.

Wietse

postscreen test

[Helga Mayer]

Hi,

I'm testing postscreen on our secondary smtp server.
First results:
https://rz-static.uni-hohenheim.de/hmayer/tmp/Screenshot-68.png
There are hardly anymore rejects. I did not yet adjust mailgraph for the 
drops.


Statistics:
  UNIQ/TOTAL  EVENT
   536/586PASS NEW
97/119HANGUP
   808/974PREGREET


But I'd prefer not to use DNSBL's by postcreen. It is for the logging.
Users occasionally ask for details if mail did not arrive.

If I try, I get:
Jul  6 10:17:00 smtp2 postfix/postscreen[23670]: PREGREET 34 after 0.52 
from 90.148.159.227: HELO 90-148-159-227.saudi.net.sa??
Jul  6 10:17:00 smtp2 postfix/postscreen[23670]: panic: 
postscreen_dnsbl_done: no blocklist cache entry for 90.148.159.227


in main.cf
postscreen_dnsbl_sites =
postscreen_greet_action = drop

in master.cf
smtp inet  n   -   n   -   1   postscreen
smtpd pass  -   -   n   -   -   smtpd
dnsblog  unix  -   -   n   -   0   dnsblog

I also tried to comment dnsblog - same problem:
# dnsblog  unix  -   -   n   -   0   dnsblog

Jul  6 10:25:14 smtp2 postfix/postscreen[24577]: PREGREET 47 after 0.49 
from 123.219.54.120: HELO p5120-ipbfp402kobeminato.hyogo.ocn.ne.jp??
Jul  6 10:25:14 smtp2 postfix/postscreen[24577]: panic: 
postscreen_dnsbl_done: no blocklist cache entry for 123.219.54.120
Jul  6 10:25:15 smtp2 postfix/master[24571]: warning: process 
/usr/libexec/postfix/postscreen pid 24577 killed by signal 6


What am I doing wrong ?

Regards
Helga Mayer

Re: postscreen test

[Victor Duchovni]

On Mon, Jul 06, 2009 at 10:37:01AM +0200, Helga Mayer wrote:

 But I'd prefer not to use DNSBL's by postcreen. It is for the logging.

More detailed logging is on the roadmap...

 Users occasionally ask for details if mail did not arrive.

 If I try, I get:
 Jul  6 10:17:00 smtp2 postfix/postscreen[23670]: PREGREET 34 after 0.52 
 from 90.148.159.227: HELO 90-148-159-227.saudi.net.sa??
 Jul  6 10:17:00 smtp2 postfix/postscreen[23670]: panic: 
 postscreen_dnsbl_done: no blocklist cache entry for 90.148.159.227

 What am I doing wrong ?

panic is an internal error in the code. This is non-production code.
Which version (mail_version mail_release_date) are you using?

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: postscreen test

[Helga Mayer]

Quoting Victor Duchovni victor.ducho...@morganstanley.com:


On Mon, Jul 06, 2009 at 10:37:01AM +0200, Helga Mayer wrote:


But I'd prefer not to use DNSBL's by postcreen. It is for the logging.


More detailed logging is on the roadmap...


Users occasionally ask for details if mail did not arrive.


It's not only the logging.
We're currently using blacklists after greylisting and after other  
restrictions

to avoid unnecessary queries.
To check the blacklists with postscreen in my opinion would increase the
net traffic and the load on the servers running blacklists.
reject_non_fqdn_hostname e.g. amounts to 30% of all rejects.



If I try, I get:
Jul  6 10:17:00 smtp2 postfix/postscreen[23670]: PREGREET 34 after 0.52
from 90.148.159.227: HELO 90-148-159-227.saudi.net.sa??
Jul  6 10:17:00 smtp2 postfix/postscreen[23670]: panic:
postscreen_dnsbl_done: no blocklist cache entry for 90.148.159.227

What am I doing wrong ?


panic is an internal error in the code. This is non-production code.


If it is a bug and not a feature I can live with it.


Which version (mail_version mail_release_date) are you using?


mail_version = 2.7-20090619-nonprod


Helga


--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users

If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.

Re: postscreen test

[Wietse Venema]

Helga Mayer:
 
 Hi,
 
 I'm testing postscreen on our secondary smtp server.

This is non-production, unsupported, software, that is
available only in postfix-2.7-xx-nonprod releases.

Wietse

 First results:
 https://rz-static.uni-hohenheim.de/hmayer/tmp/Screenshot-68.png
 There are hardly anymore rejects. I did not yet adjust mailgraph for the 
 drops.
 
 Statistics:
UNIQ/TOTAL  EVENT
 536/586PASS NEW
  97/119HANGUP
 808/974PREGREET
 
 
 But I'd prefer not to use DNSBL's by postcreen. It is for the logging.
 Users occasionally ask for details if mail did not arrive.
 
 If I try, I get:
 Jul  6 10:17:00 smtp2 postfix/postscreen[23670]: PREGREET 34 after 0.52 
 from 90.148.159.227: HELO 90-148-159-227.saudi.net.sa??
 Jul  6 10:17:00 smtp2 postfix/postscreen[23670]: panic: 
 postscreen_dnsbl_done: no blocklist cache entry for 90.148.159.227
 
 in main.cf
 postscreen_dnsbl_sites =
 postscreen_greet_action = drop
 
 in master.cf
 smtp inet  n   -   n   -   1   postscreen
 smtpd pass  -   -   n   -   -   smtpd
 dnsblog  unix  -   -   n   -   0   dnsblog
 
 I also tried to comment dnsblog - same problem:
 # dnsblog  unix  -   -   n   -   0   dnsblog
 
 Jul  6 10:25:14 smtp2 postfix/postscreen[24577]: PREGREET 47 after 0.49 
 from 123.219.54.120: HELO p5120-ipbfp402kobeminato.hyogo.ocn.ne.jp??
 Jul  6 10:25:14 smtp2 postfix/postscreen[24577]: panic: 
 postscreen_dnsbl_done: no blocklist cache entry for 123.219.54.120
 Jul  6 10:25:15 smtp2 postfix/master[24571]: warning: process 
 /usr/libexec/postfix/postscreen pid 24577 killed by signal 6
 
 What am I doing wrong ?
 
 Regards
 Helga Mayer