Problem with sendmail -bs from postfix 2.9.0
Hello
I have problem with sendmail -bs from postfix 2.9.0. It is killed by
segmentation fault when it is called by for example pine.
More precisely /usr/lib/postfix/smtpd is killed after reading MAIL FROM:
Log from this event:
Feb 16 18:45:34 main postfix/smtpd[15966]: connect from localhost[127.0.0.1]
Feb 16 18:45:34 main postfix/smtpd[15966]: smtp_stream_setup: maxtime=300
enable_deadline=0
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]: 220
main.bszx.eu.org ESMTP Postfix
Feb 16 18:45:34 main postfix/smtpd[15966]: watchdog_pat: (nil)
Feb 16 18:45:34 main postfix/smtpd[15966]: vstream_fflush_some: fd 1 flush 36
Feb 16 18:45:34 main postfix/smtpd[15966]: vstream_buf_get_ready: fd 0 got 16
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]: EHLO
localhost
Feb 16 18:45:34 main postfix/smtpd[15966]: match_list_match: localhost: no match
Feb 16 18:45:34 main postfix/smtpd[15966]: match_list_match: 127.0.0.1: no match
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]:
250-main.bszx.eu.org
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]:
250-PIPELINING
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]: 250-SIZE
2
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]: 250-VRFY
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]: 250-ETRN
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]:
250-ENHANCEDSTATUSCODES
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]: 250-8BITMIME
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]: 250 DSN
Feb 16 18:45:34 main postfix/smtpd[15966]: watchdog_pat: (nil)
Feb 16 18:45:34 main postfix/smtpd[15966]: vstream_fflush_some: fd 1 flush 126
Feb 16 18:45:34 main postfix/smtpd[15966]: vstream_buf_get_ready: fd 0 got 6
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]: RSET
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]: 250 2.0.0 Ok
Feb 16 18:45:34 main postfix/smtpd[15966]: watchdog_pat: (nil)
Feb 16 18:45:34 main postfix/smtpd[15966]: vstream_fflush_some: fd 1 flush 14
Feb 16 18:45:34 main postfix/smtpd[15966]: vstream_buf_get_ready: fd 0 got 30
Feb 16 18:45:34 main postfix/smtpd[15966]: localhost[127.0.0.1]: MAIL
FROM:b...@bszx.eu.org
Feb 16 18:45:34 main postfix/smtpd[15966]: extract_addr: input:
b...@bszx.eu.org
Feb 16 18:45:34 main postfix/smtpd[15966]: extract_addr: in:
b...@bszx.eu.org, result: b...@bszx.eu.org
I have done some debugging and I have found that smtpd had been killed in
smtpd_check_rewrite by access to uninitialized local_rewrite_clients
Attached patch fixes that problem but I don't know if it is correct
solution.
--
Pozdrawiam
Bartek Szady
--- postfix-2.9.0/src/smtpd/smtpd.c.orig2012-02-16 19:55:40.0
+0100
+++ postfix-2.9.0/src/smtpd/smtpd.c 2012-02-16 20:49:02.0 +0100
@@ -2353,12 +2353,14 @@
return (-1);
}
}
-err = smtpd_check_rewrite(state);
-if (err != 0) {
- /* XXX Reset access map side effects. */
- mail_reset(state);
- smtpd_chat_reply(state, %s, err);
- return (-1);
+if (SMTPD_STAND_ALONE(state) == 0) {
+err = smtpd_check_rewrite(state);
+if (err != 0) {
+ /* XXX Reset access map side effects. */
+ mail_reset(state);
+ smtpd_chat_reply(state, %s, err);
+ return (-1);
+}
}
/*
Simulate ISP
Have a nice day. I've one postfix on Debian Squeeze that works fine. I'd like now to mount an other postif on an other Squeeze, that will simulate my ISP (I'm teacher). Then, my first postix will become a relay and will send mails to my ISP Postfix. I'm not able to find informations about configuration of the ISP machine. Is it possible to have some keywords to start my resarchs on the net ? Thanks for all. Best regards.
Re: Problem with sendmail -bs from postfix 2.9.0
bszx-post...@bszx.eu.org: Hello I have problem with sendmail -bs from postfix 2.9.0. It is killed by segmentation fault when it is called by for example pine. More precisely /usr/lib/postfix/smtpd is killed after reading MAIL FROM: Thanks, this patch is correct. The bug was introduced 20111219 while transforming fatal errors into 4XX replies or warning messages. For this I had to move the smtpd_check_rewrite() call closer to the command loop, but I failed to copy the guard statement a few lines above the old call site. I expect to roll out Postfix 2.9.1 around this weekend. Wietse
Re: Simulate ISP
On Fri, Feb 17, 2012 at 02:17:35PM +, Jean Brico wrote: I've one postfix on Debian Squeeze that works fine. I'd like now to mount an other postif on an other Squeeze, that will simulate my ISP (I'm teacher). Then, my first postix will become a relay and will send mails to my ISP Postfix. I'm not able to find informations about configuration of the ISP machine. Is it possible to have some keywords to start my resarchs on the net ? First thing, don't go on the net for this. Start in the documentation. Read the sources to which it refers if you need general help. Also, wikipedia is pretty good on covering email basics. The BASIC_CONFIGURATION_README.html covers issues that need to be addressed on every Postfix install. Note the part where it talks about relayhost ... that is the ISP server. The ISP will run a MSA (mail submission agent) for their users. SASL AUTH is an essential element of this. See SASL_README.html for the details. That covers setting up the home instance to authenticate with the ISP, and covers setting up the ISP to handle that. For client AUTH, Cyrus SASL is the only supported option. For server AUTH (the ISP), you can choose Cyrus or Dovecot for SASL. IMO the latter is much easier and nicer to work with. STANDARD_CONFIGURATION_README.html does not specifically cover what you're talking about, but is worth a visit. All of the aforementioned HTML files can be found in your own $html_directory, as well as online at http://www.postfix.org/ . Be sure to browse the other titles in the $html_directory while you are there. I keep a link in my browser for ready reference. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Postfix resent messages detection
Hello all, here is my problem: I have several hosting servers, sending mails from authenticated users, web scripts, web pages, and so on... I cannot monitor everything, and our greatest problem is outgoing unauthorized mails. we experience 10'000 mails spam campaigns every week or so... No need to says that this is no good for blacklisting. As I have root access everywhere, I can construct an exhaustive list of allowed sender domains. Then I build up a new mail gateway dedicated to outgoing mails, and configure it as follows: smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access reject_unverified_sender warn_if_reject reject Now I get a warning in my logs every time a potentially unauthorized mails goes out. But I can't have any visibility over redirected mails. We've got several users that configure their mailbox to resend their email on another external mailbox, and we do not want to consider this kind of mail as unwanted! I have seen nothing and everything about this kind of mail, and I wonder if postfix is by any way able to detect this kind of mail...? The real problem, as I understand it, is that I want to configure this Postfix as an independant server, that would be the relayhost of all our hosting servers... If anyone could lead me to enlightenment here... Thanks in advance! Simon
Re: Postfix resent messages detection
Am 17.02.2012 17:00, schrieb Simon Hintermann: Hello all, here is my problem: I have several hosting servers, sending mails from authenticated users, web scripts, web pages, and so on... I cannot monitor everything, and our greatest problem is outgoing unauthorized mails. we experience 10'000 mails spam campaigns every week or so... No need to says that this is no good for blacklisting. As I have root access everywhere, I can construct an exhaustive list of allowed sender domains. Then I build up a new mail gateway dedicated to outgoing mails, and configure it as follows: smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access reject_unverified_sender warn_if_reject reject Now I get a warning in my logs every time a potentially unauthorized mails goes out. But I can't have any visibility over redirected mails. We've got several users that configure their mailbox to resend their email on another external mailbox, and we do not want to consider this kind of mail as unwanted! I have seen nothing and everything about this kind of mail, and I wonder if postfix is by any way able to detect this kind of mail...? The real problem, as I understand it, is that I want to configure this Postfix as an independant server, that would be the relayhost of all our hosting servers... this kind of mail does NOT use smtp at all and so it is not affected by smtpd_* restrictions if your MDA like dovecot or dbmail is forwarding a message it is using the sendmail-binary and the messages are catched by pickup, so the problem you imagine does not exist in almost any setup signature.asc Description: OpenPGP digital signature
Re: Ldap queries optimization
On Fri, Feb 17, 2012 at 08:41:31AM +0100, Angel L. Mateo wrote: El 16/02/12 16:35, Viktor Dukhovni escribi?: On Thu, Feb 16, 2012 at 10:49:10AM +0100, Angel L. Mateo wrote: If your LDAP tables contain no bare (just the local part) address lookup keys, you may consider using %u@%d instead of %s in the query definition. That could also avoid some unneeded lookups, otherwise Postfix performs the lookups it needs to, and unless you've failed to index your LDAP attributes appropriately, Postfix is unlikely to be a significant burden on LDAP, nor is LDAP likely to noticeably slow down Postfix. Although I could refine this configuration changes, problem is not ldap indexes. I have all indexes created, openldap is answering all the queries postfix makes. The problem I'm trying to fix is that postfix is making lot of repeated queries. In the transactions I sent in my first email, in one transaction it makes 8 queries, 5 of then was the same query. Some queries are repeated, this should have no significant impact. Focus on overalll performance rather than optimizing non-critical paths. Postfix is not monolithic, so cleanup(8) repeats some queries made by smtpd(8), and in smtpd(8) some queries are repeated because this makes the code more modular. This works well enough for a large number of Postfix sites, it will work for you too if you don't sweat the small stuff. -- Viktor. http://idioms.thefreedictionary.com/don%27t+sweat+the+small+stuff
Re: Postfix resent messages detection
Le 17. 02. 12 17:06, Reindl Harald a écrit : Am 17.02.2012 17:00, schrieb Simon Hintermann: Hello all, here is my problem: I have several hosting servers, sending mails from authenticated users, web scripts, web pages, and so on... I cannot monitor everything, and our greatest problem is outgoing unauthorized mails. we experience 10'000 mails spam campaigns every week or so... No need to says that this is no good for blacklisting. As I have root access everywhere, I can construct an exhaustive list of allowed sender domains. Then I build up a new mail gateway dedicated to outgoing mails, and configure it as follows: smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access reject_unverified_sender warn_if_reject reject Now I get a warning in my logs every time a potentially unauthorized mails goes out. But I can't have any visibility over redirected mails. We've got several users that configure their mailbox to resend their email on another external mailbox, and we do not want to consider this kind of mail as unwanted! I have seen nothing and everything about this kind of mail, and I wonder if postfix is by any way able to detect this kind of mail...? The real problem, as I understand it, is that I want to configure this Postfix as an independant server, that would be the relayhost of all our hosting servers... this kind of mail does NOT use smtp at all and so it is not affected by smtpd_* restrictions if your MDA like dovecot or dbmail is forwarding a message it is using the sendmail-binary and the messages are catched by pickup, so the problem you imagine does not exist in almost any setup Okay... perhaps I explained it poorly, or did I actually not understood a word of your explaination... The case I cannot detect is: SENDER (a...@toto.com) sends an email to b...@domain.com || v WEBSERVER (b...@domain.com forwards all mails to b...@yahoo.com) || v MAIL GATEWAY (local domains: domain.com) sees a mail with a From: a...@toto.com header and says that this is an unwanted mail || v warning and pass to yahoo.com or simply drop... -- Meilleures Salutations Freundliche Grüsse Best regards Simon Hintermann www.ganesh-consulting.ch informations : i...@ganesh-consulting.ch Tél. 021/921 76 74 Fax. 021/964.17.91 Skype : ganesh.consulting
Re: Postfix resent messages detection
Am 17.02.2012 18:31, schrieb Simon Hintermann: Okay... perhaps I explained it poorly, or did I actually not understood a word of your explaination... The case I cannot detect is: SENDER (a...@toto.com) sends an email to b...@domain.com || v WEBSERVER (b...@domain.com forwards all mails to b...@yahoo.com) || v MAIL GATEWAY (local domains: domain.com) sees a mail with a From: a...@toto.com header and says that this is an unwanted mail || v warning and pass to yahoo.com or simply drop... why does WEBSERVER does forward anything? forwarders have to be configured on the MTA/MDA and then your problems does not exist at all signature.asc Description: OpenPGP digital signature
Re: Postfix resent messages detection
On Fri, Feb 17, 2012 at 06:35:11PM +0100, Reindl Harald wrote: Am 17.02.2012 18:31, schrieb Simon Hintermann: SENDER (a...@toto.com) sends an email to b...@domain.com || v WEBSERVER (b...@domain.com forwards all mails to b...@yahoo.com) || v MAIL GATEWAY (local domains: domain.com) sees a mail with a From: a...@toto.com header and says that this is an unwanted mail || v warning and pass to yahoo.com or simply drop... why does WEBSERVER does forward anything? forwarders have to be configured on the MTA/MDA and then your problems does not exist at all I am in a similar situation, and would like to bar people from using the sendmail binary. Having said that, I guess that Simon thinks of the case that the user is using some webmail package, which could very well inject an email with a sender @toto.com into the mail system. Eg. my mutt is configured to set the envelope sender from the 'From:' line, too, and a web application is equivalent to shell access, in his case. Kind regards, --Toni++
Re: Postfix resent messages detection
Le 17. 02. 12 18:35, Reindl Harald a écrit : Am 17.02.2012 18:31, schrieb Simon Hintermann: Okay... perhaps I explained it poorly, or did I actually not understood a word of your explaination... The case I cannot detect is: SENDER (a...@toto.com) sends an email to b...@domain.com || v WEBSERVER (b...@domain.com forwards all mails to b...@yahoo.com) || v MAIL GATEWAY (local domains: domain.com) sees a mail with a From: a...@toto.com header and says that this is an unwanted mail || v warning and pass to yahoo.com or simply drop... why does WEBSERVER does forward anything? forwarders have to be configured on the MTA/MDA and then your problems does not exist at all Okay, the webserver is a Plesk server where users can set an email redirection to their external address. I don't know why, but many users do that. As I cannot handle these sender rules on every single one Plesk I have (qmail or postfix...), I have to set up a mail gateway for outgoing mails. I also have Bluequartz working with sendmail, and Kerio servers, working with custom MTAs. So, as I understood, correct me if I'm wrong, my email gateway does only see an email going from a...@toto.com to b...@yahoo.com, none of which are in my local domains.
Re: Postfix resent messages detection
Am 17.02.2012 18:41, schrieb Toni Mueller: On Fri, Feb 17, 2012 at 06:35:11PM +0100, Reindl Harald wrote: Am 17.02.2012 18:31, schrieb Simon Hintermann: SENDER (a...@toto.com) sends an email to b...@domain.com || v WEBSERVER (b...@domain.com forwards all mails to b...@yahoo.com) || v MAIL GATEWAY (local domains: domain.com) sees a mail with a From: a...@toto.com header and says that this is an unwanted mail || v warning and pass to yahoo.com or simply drop... why does WEBSERVER does forward anything? forwarders have to be configured on the MTA/MDA and then your problems does not exist at all I am in a similar situation, and would like to bar people from using the sendmail binary. people do not software does - as example dbmail if in the dbmail_aliases a external fowarder is defined and since this is NOT using smtp the restrictions are not active here as expected Having said that, I guess that Simon thinks of the case that the user is using some webmail package, which could very well inject an email with a sender @toto.com into the mail system. and that is why smtpd_*_restricitions are enforced: webmail usually uses smtp Eg. my mutt is configured to set the envelope sender from the 'From:' line, too, and a web application is equivalent to shell access, in his case. a webapplication si NOT equivalent to shell access mostly it will NOT run on the same machine as the mailserver even if it does - normally you shpuld DISABLE any shell-commands for php and so the app is forced to use phpmailer as example which can use smtp and so your restrictions are aneforced in all this cases forwrding is never done by a webserver mor is it a topic for smtp restrictions because this are different worlds signature.asc Description: OpenPGP digital signature
Re: Postfix resent messages detection
Am 17.02.2012 18:48, schrieb Simon Hintermann: Okay, the webserver is a Plesk server where users can set an email redirection to their external address. I don't know why, but many users do that. i am out here because i never use such software using server configuartions natevily all of the time and if need/usefull develop my own webinterfaces As I cannot handle these sender rules on every single one Plesk I have (qmail or postfix...), I have to set up a mail gateway for outgoing mails. I also have Bluequartz working with sendmail, and Kerio servers, working with custom MTAs. thats the problem with PLESK and ready software in my setups i can enforce psotfix configurations on one central mysql-database and every single relay on any webserver is using this tables as need readonly for enforcing rules So, as I understood, correct me if I'm wrong, my email gateway does only see an email going from a...@toto.com to b...@yahoo.com, none of which are in my local domains. in your case it may be difficult in my setup it is easy * user has a sender-adress to type we are owning, ever * any host is checking for alloweed senders * forwarding are only done on the gateway so the gateway doe snever see any foreign sender for outigoing messages signature.asc Description: OpenPGP digital signature
Re: Postfix resent messages detection
Simon Hintermann: [restricting the sender address from webmail apps with an SMTP sender access table] Now I get a warning in my logs every time a potentially unauthorized mails goes out. But I can't have any visibility over redirected mails. We've got several users that configure their mailbox to resend their email on another external mailbox, and we do not want to consider this kind of mail as unwanted! [in a follow-up post, a chart with user-webmail app-SMTP gateway] How would the SMTP gateway know the difference between: a) The webmail app tries to send an original submission to the SMTP gateway (with limitations on the SMTP sender address) b) The webmail app tries to forward email to the SMTP gateway (without limitations on the SMTP sender address) and make this distinction while processing the SMTP MAIL FROM command, before the SMTP gateway has received the email message? Wietse
Email encryption check before accepting for transmission
We need to ensure that emails sent by some of our users are encrypted (medical records, reports, etc) before they are sent. We only accept out going mail from our local users by submission (port 587). I realize that this is really the job of the MUA, but I would like to check that emails are in fact encrypted before being sent. If an unencrypted email is encountered transmission would be denied with a suitable message/code. One other thing that we might also need to do is to move the supplied subject into the body of the message and substitute a generic heading, this to prevent the patient name showing up in plain text. I originally thought that the basic checking might be possible using header and/or body checks, but I am not sure if this will be reliable enough. Is any of this possible, if so suggestions as to where to look or solutions. John A
Re: Postfix resent messages detection
Le 17. 02. 12 19:02, Reindl Harald a écrit : Am 17.02.2012 18:48, schrieb Simon Hintermann: Okay, the webserver is a Plesk server where users can set an email redirection to their external address. I don't know why, but many users do that. i am out here because i never use such software using server configuartions natevily all of the time and if need/usefull develop my own webinterfaces As I cannot handle these sender rules on every single one Plesk I have (qmail or postfix...), I have to set up a mail gateway for outgoing mails. I also have Bluequartz working with sendmail, and Kerio servers, working with custom MTAs. thats the problem with PLESK and ready software in my setups i can enforce psotfix configurations on one central mysql-database and every single relay on any webserver is using this tables as need readonly for enforcing rules So, as I understood, correct me if I'm wrong, my email gateway does only see an email going from a...@toto.com to b...@yahoo.com, none of which are in my local domains. in your case it may be difficult in my setup it is easy * user has a sender-adress to type we are owning, ever * any host is checking for alloweed senders * forwarding are only done on the gateway so the gateway doe snever see any foreign sender for outigoing messages Okay I ask myself something now... In my case I cannot discard all unwanted mails, but perhaps can I detect when there are more than 10 messages / minute (for example) from a single not-local domain? That would dramatically decrease the number of outgoing spams from my infrastructure. I don't know if I can do that with postfix...
Re: Email encryption check before accepting for transmission
john: We need to ensure that emails sent by some of our users are encrypted (medical records, reports, etc) before they are sent. We only accept out going mail from our local users by submission (port 587). I realize that this is really the job of the MUA, but I would like to check that emails are in fact encrypted before being sent. If an unencrypted email is encountered transmission would be denied with a suitable message/code. One other thing that we might also need to do is to move the supplied subject into the body of the message and substitute a generic heading, this to prevent the patient name showing up in plain text. Enforcing encryption and hiding the subject in the body are not built-in features of Postfix (or other conventional MTA). It is what one would expect to find in specialized MIME or PGP gateways. There are a few listed at the www.postfix.org site, but the list isn't updated frequently. Wietse
Unable to relay via postfix ... but telnet works...?
Hello, At work, we've set up a small Linux server with postfix on it, and configured postfix to use an external SMTP mail server. The related settings in main.cf: myhostname = scm1.ourdomain.commydestination = scm1.ourdomain.com, localhostrelayhost = [externalmailer.ourdomain.com] The external mail server is set up to trust internal connections, so there are no authentication or authorization constraints to worry about. On the Linux server, if I use telnet externalmailer.ourdomain.com 25, and then manually enter in a small email message to send email to an *EXTERNAL* email address (e.g. b...@gmail.com) all the way from HELO... to ...QUIT, this works. The email is successfully received over at gmail.com. However, if I (as user s...@scm1.ourdomain.com) try to use mail b...@gmail.com from the Linux server, then this goes through the Postfix installation which in turn is configured to relay. However, this does not work ultimately. What happens: 1. The message is successfully delivered to the externalmailer.ourdomain.com. I see this recorded in /var/log/mail.log.2. But a few seconds later, a message is delivered back to the sender on our Linux machine, and the relevant part of the error message is as follows: Final-Recipient: rfc822;bob@gmail.comAction: failedStatus: 5.0.0Remote-MTA: smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes; Error transferring to MAILGW1.OURDOMAIN.COM; Maximum hop count exceeded. Message probably in a routing loop. What I would like to ask is what is Postfix doing differently from me when I do a simple telnet to the external mail server? Why am I - by hand - able to send email via the relay, but Postfix is not? I know that I have misconfigured *something* ... but I can't figure out what. I am attaching the full email message below. Any help would be greatly appreciated! Ahmed. Return-Path: X-Original-To: scm@scm1.ourdomain.comDelivered-To: scm@scm1.ourdomain.comReceived: from mailgw.ourdomain.com (mailgw1.ourdomain.com [10.221.2.109])by scm1.ourdomain.com (Postfix) with ESMTP id A7D1D440196for s...@scm1.ourdomain.com; Fri, 17 Feb 2012 22:09:52 +0300 (AST)X-AuditID: c74b5969-b7b85ae01be8-92-4f3ea1446f3bReceived: from mail1.ourdomain.com (mail1.internal.ourdomain.com [10.221.2.110])by mailgw.ourdomain.com (Symantec Messaging Gateway) with SMTP id 88.F0.07144.441AE3F4; Fri, 17 Feb 2012 21:49:40 +0300 (AST)To: s...@scm1.ourdomain.com (SCM User)Subject: DELIVERY FAILURE: Error transferring to MAILGW1.OURDOMAIN.COM; Maximum hop count exceeded. Message probably in a routing loop.X-Mailer: mail (GNU Mailutils 2.2)Date: Fri, 17 Feb 2012 22:09:46 +0300 (AST)From: postmas...@ourdomain.comx-MIMETrack: Itemize by SMTP Server on EXTERNALMAILER/OURDOMAIN(Release 7.0.3|September 26, 2007) at 02/17/2012 10:09:34 PM,Serialize b y Router on mail1/OURDOMAIN(Release 8.0.1|February 07, 2008) at 02/17/2012 10:07:17 PM,Serialize complete at 02/17/2012 10:07:17 PMMessage-ID: of6dfeeb1b.0e59d703-on432579a7.00693efb-432579a7.00690...@ourdomain.comMIME-Version: 1.0Content-Type: multipart/report; report-type=delivery-status; boundary===IFJRGLKFGIR14727182UHRUHIHDX-Brightmail-Tracker: H4sIA+NgFnrFLMWRmVeSWpSXmKPExsXCdZcpT9dloZ2/waZd5hZ7W7uYHBg9Gr+8 ZA5gjOKySUnNySxLJdK3S+DKuLTsGmvBed6KCT8PsjYwPuPuYuTjkBAwkWg5vY0FwhaTuHBv PVsXIxeHkMAFRok1v54xgSREBFQljnzaxAqSEBboZpSY8mwzI0SHkkTPvq9gNouAtsSxiSvY QWw2ATmJ5zevM4M0SAh0MklcfP0TyOHg4BUIldg/RQGkhldAUOLkzCdgm5kFUiVWTuhhm8DI MwtJahaS1CygbmYBdYn184QgwooSU7ofskPYqhKzdjWwQdgyEpundjKC2EIC1xglHu70hrCL Jc6cW846C+wdUYk3rTPAbGEBAYm751aAzYH5ZhaSb0DWsgGtPb3KcBayZ2YhPLOAkX8Vo0hu YmZOerledlpxRlGyXmpKqV5x4iZGYPwc947M3MHYdF37EKMAB6MSD++LTjt/IdbEsuLK3EOM EhzMSiK833KBQrwZVVqUX58UWlOanFhxiZODilGhj1mfpfLDH+z5K18ICQWtmVtLe 7hC4E fnGcP1PL5NQU7SgVs4WR871Xq7xjnfHteyLX/ejlcyZc6vssbyUyceblJrae1FmyIs9/1d5z 3r5y51qvpU2RazYs/PZo44eDs/+X+bh97Uq/G+nJeNpxZvDqC/ZTZ+45tt5zcdH0qqj7ByK/ 837f0GgjqsRSnJFoqMVcVJwIAFdMkpJ9AgAA --==IFJRGLKFGIR14727182UHRUHIHDContent-Type: text/plain; charset=UTF-8Content-Transfer-Encoding: base64 WW91ciBtZXNzYWlDQoNCiAgU3ViamVjdDogVGVzdGluZw0KDQp3YXMgbm90IGRlbGl2ZXJlZCB0bzoNCg0KICBhaG1lZBzeXNjcy5jb20NCg0KYmVjYXVzZToNCg0KICBFcnJvciB0cmFuc2ZlcnJpbmcgdG8gTUFJTEdXM5LRlNIUkMuRURVLlNBOyBNYXhpbXVtIGhvcCBjb3VudCBleGNlZWRlZC4gIE1lc3NhZ2UgcHJvYmFibHkgaW4gYSByb3V0aW5nIGxvb3AuIA0KDQo= --==IFJRGLKFGIR14727182UHRUHIHDContent-Type: message/delivery-status Reporting-MTA: dns;mail1.ourdomain.com Final-Recipient: rfc822;bob@gmail.comAction: failedStatus: 5.0.0Remote-MTA: smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes; Error transferring to MAILGW1.OURDOMAIN.COM Maximum hop count exceeded. Message probably in a routing loop. --==IFJRGLKFGIR14727182UHRUHIHDContent-Type: message/rfc822 Received: from scm1.ourdomain.com ([10.248.200.233]) by externalmailer.ourdomain.com (Lotus Domino Release 7.0.3)
Re: Unable to relay via postfix ... but telnet works...?
A. Abd-Allah: Final-Recipient: rfc822;bob@gmail.comAction: failedStatus: 5.0.0Remote-MTA: smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes; Error transferring to MAILGW1.OURDOMAIN.COM; Maximum hop count exceeded. Message probably in a routing loop. When a mail server receives mail via SMTP, the standard requires that it adds a header with: Received: stuff. Many MTAs count the number of such message header lines and report a Maximum hop count exceeded error because the number exceeds some upper bound. With Postfix, the default is hopcount_limit = 50. Your telnet message had no such header, while the non telnet message presumably had several. That's why one triggers the error and the other does not. Wietse
RE: Unable to relay via postfix ... but telnet works...?
Dr. Wietse, Thank you for your valuable time, not just for this question, but for the entire postfix product. If I understood you correctly, increasing the hop count limit may help in this case. I only see 1 or 2 headers that are being added, but I am not sure. I can try changing the limit and then seeing the effect. Thank you again. Subject: Re: Unable to relay via postfix ... but telnet works...? To: postfix-users@postfix.org Date: Fri, 17 Feb 2012 14:52:41 -0500 From: wie...@porcupine.org A. Abd-Allah: Final-Recipient: rfc822;bob@gmail.comAction: failedStatus: 5.0.0Remote-MTA: smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes; Error transferring to MAILGW1.OURDOMAIN.COM; Maximum hop count exceeded. Message probably in a routing loop. When a mail server receives mail via SMTP, the standard requires that it adds a header with: Received: stuff. Many MTAs count the number of such message header lines and report a Maximum hop count exceeded error because the number exceeds some upper bound. With Postfix, the default is hopcount_limit = 50. Your telnet message had no such header, while the non telnet message presumably had several. That's why one triggers the error and the other does not. Wietse
Re: Unable to relay via postfix ... but telnet works...?
A. Abd-Allah: Dr. Wietse, Thank you for your valuable time, not just for this question, but for the entire postfix product. If I understood you correctly, increasing the hop count limit may help in this case. I only see 1 or 2 headers that are being added, but I am not sure. I can try changing the limit and then seeing the effect. The hop-count limit is reached in the REMOTE mail server. There are two possibilities: - The failing message already has lots of Received: headers (which is something that you may be able to fix by removing some or all). - The REMOTE mail server has an unreasonably-low hop-count limit (which is something that only the remote system adminstrator can fix). Wietse A. Abd-Allah: Final-Recipient: rfc822;bob@gmail.comAction: failedStatus: 5.0.0Remote-MTA: smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes; Error transferring to MAILGW1.OURDOMAIN.COM; Maximum hop count exceeded. Message probably in a routing loop. When a mail server receives mail via SMTP, the standard requires that it adds a header with: Received: stuff. Many MTAs count the number of such message header lines and report a Maximum hop count exceeded error because the number exceeds some upper bound. With Postfix, the default is hopcount_limit = 50. Your telnet message had no such header, while the non telnet message presumably had several. That's why one triggers the error and the other does not. Wietse
I want to route all email to a second server.
I have a postfix with lotus notes setup. That peice is working fine. I use a transport map entry to send the email to the Domino server. What I want to do is send all incoming and outgoing mail to a second server that will be for historical purposes. I will be using cyrus as the mailstore. My challenge is to set up the postfix mail-relay I have in place to send all the email to both the main domino server and the historical cyrus box. How can I do this?
spam to postmaster
am i th eonly one currently receiving a ton of spam with all sorts of job vacation to my postmaster-account all day long? different sender-IPs so abuse to the providr will not help much, problem here is via RFC postmaster must not be filtered and so the spamfirewall does not help in any way how do other people act with such braindead sh**t? signature.asc Description: OpenPGP digital signature
Re: spam to postmaster
On Fri, Feb 17, 2012 at 3:54 PM, Reindl Harald h.rei...@thelounge.net wrote: how do other people act with such braindead sh**t? Look into greylisting it. You'll find that greylisting could very well deal with most of the bots that things like zen.spamhaus.org would normally deal with. And strictly speaking, you're not filtering it -- just making a policy decision to not accept the transaction before the DATA section ;)
Re: Email encryption check before accepting for transmission
Hi, On Fri, Feb 17, 2012 at 01:26:45PM -0500, john wrote: I realize that this is really the job of the MUA, but I would like to check that emails are in fact encrypted before being sent. this can be ensured by running the emails through a (specialized) content filter. suitable message/code. One other thing that we might also need to do is to move the supplied subject into the body of the message and substitute a generic heading, this to prevent the patient name showing up in plain text. This idea could very well be incompatible with the chosen encryption method: Either, the message is already encrypted when it hits the gateway. Then you can't do the subject moving and munging because the gateway can't conceivably decrypt the message, required to put the old subject in there. Or, the message must not be encrypted when it hits the gateway, but be encrypted on the way out. But then, you can't guarantee the confidentiality of the email end-to-end, only gateway to gateway, or gateway to end, depending on what your recipients have. Is any of this possible, if so suggestions as to where to look or solutions. I would try to copy-cat the typical amavisd-new pre-queue setup, substituting amavis with your encryption stuff in the process. Kind regards, --Toni++
Re: Email encryption check before accepting for transmission
On Fri, Feb 17, 2012 at 10:36:09PM +0100, Toni Mueller wrote: On Fri, Feb 17, 2012 at 01:26:45PM -0500, john wrote: Is any of this possible, if so suggestions as to where to look or solutions. I would try to copy-cat the typical amavisd-new pre-queue setup, substituting amavis with your encryption stuff in the process. Better yet, just implement it as another filter in amavisd-new, invoked only for submission mail. That was what amavisd-new was made to do: integrate multiple content filters. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: spam to postmaster
On Fri, Feb 17, 2012 at 03:59:22PM -0500, Peter Blair wrote: On Fri, Feb 17, 2012 at 3:54 PM, Reindl Harald h.rei...@thelounge.net wrote: how do other people act with such braindead sh**t? Look into greylisting it. You'll find that greylisting could very well deal with most of the bots that things like zen.spamhaus.org would normally deal with. And strictly speaking, you're not filtering it -- just making a policy decision to not accept the transaction before the DATA section ;) Personally I do not consider strict RFC interpretation to be worth more than the time it takes to sort through the garbage. All my mail is subjected to Zen and BRBL blockage (with DNSWL and SWL exceptions allowed.) Very little spam here since I decided to do that. (Most of what does get through is to the postmaster addresses, however.) postscreen/smtpd_reject_footer is a safety net. A real sender can view that and figure out alternate means of contact. That has not happened in the time since smtpd_reject_footer was implemented here. I'd much rather give someone a rejection, than accept their mail and miss it in a flood of spam. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: spam to postmaster
Am 17.02.2012 21:59, schrieb Peter Blair: On Fri, Feb 17, 2012 at 3:54 PM, Reindl Harald h.rei...@thelounge.net wrote: how do other people act with such braindead sh**t? Look into greylisting it. You'll find that greylisting could very well deal with most of the bots that things like zen.spamhaus.org would normally deal with. And strictly speaking, you're not filtering it -- just making a policy decision to not accept the transaction before the DATA section ;) barracuda Spamfirewall does filtering ow whitelisting noting between what i do not understand is how fucking stupid people are spamming to postmaster/abuse-addresses signature.asc Description: OpenPGP digital signature
Re: spam to postmaster
On Feb 17, 2012 6:14 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 17.02.2012 21:59, schrieb Peter Blair: On Fri, Feb 17, 2012 at 3:54 PM, Reindl Harald h.rei...@thelounge.net wrote: how do other people act with such braindead sh**t? Look into greylisting it. You'll find that greylisting could very well deal with most of the bots that things like zen.spamhaus.org would normally deal with. And strictly speaking, you're not filtering it -- just making a policy decision to not accept the transaction before the DATA section ;) barracuda Spamfirewall does filtering ow whitelisting noting between what i do not understand is how fucking stupid people are spamming to postmaster/abuse-addresses Because it's one address guaranteed to see it?
Re: spam to postmaster
Am 18.02.2012 00:17, schrieb Simon Brereton: On Feb 17, 2012 6:14 PM, Reindl Harald h.rei...@thelounge.net mailto:h.rei...@thelounge.net wrote: Am 17.02.2012 21:59, schrieb Peter Blair: On Fri, Feb 17, 2012 at 3:54 PM, Reindl Harald h.rei...@thelounge.net mailto:h.rei...@thelounge.net wrote: how do other people act with such braindead sh**t? Look into greylisting it. You'll find that greylisting could very well deal with most of the bots that things like zen.spamhaus.org http://zen.spamhaus.org would normally deal with. And strictly speaking, you're not filtering it -- just making a policy decision to not accept the transaction before the DATA section ;) barracuda Spamfirewall does filtering ow whitelisting noting between what i do not understand is how fucking stupid people are spamming to postmaster/abuse-addresses Because it's one address guaranteed to see it? but usually this exactly the person controls spamfilters and notifies providers about abuse - so no it is not smart making noise to the postmaster signature.asc Description: OpenPGP digital signature
Re: spam to postmaster
On Sat, 18 Feb 2012, Reindl Harald wrote: what i do not understand is how f^%@#!!$ stupid people are spamming to postmaster/abuse-addresses (bowdlerized for comical effect -ed) As near as I can tell, the spammers just run under a few assumptions. RFC requires one to maintain those addresses and have them point to a human-readable address, and with this assumption they are considered viable recipient addresses. Granted, back in the day, we actually *used* these addresses for the purpose, but due to this they've become mostly useless in my opinion. As to why these people would be so stupid to do this, well, consider a spammer. =( -Dennis
Re: spam to postmaster
On Sat, 18 Feb 2012, Reindl Harald wrote: what i do not understand is how %#^%$@!! stupid people are spamming to postmaster/abuse-addresses Oh. One other thing - they don't care. There is no courtesy. They don't care if you scream at them, yell at them, because people are paying them to do this shite, and all they gotta do is conjure up a list of email addresses. Even if they're all here on chez-vrolet.net, they just have to conjure up a list of email addresses and bombard the entire lot. What amuses me, if anything, is that they think we're angry because we don't make the money they do. Personally, I just dislike them because I don't want their garbage in my email, let alone just press delete. I have better things to do with my time. But that's just me steering off topic - sorry. -Dennis
Re: spam to postmaster
Am 18.02.2012 02:46, schrieb Dennis Carr: On Sat, 18 Feb 2012, Reindl Harald wrote: what i do not understand is how %#^%$@!! stupid people are spamming to postmaster/abuse-addresses Oh. One other thing - they don't care. There is no courtesy. They don't care if you scream at them, yell at them, because people are paying them to do this shite, and all they gotta do is conjure up a list of email addresses. Even if they're all here on chez-vrolet.net, they just have to conjure up a list of email addresses and bombard the entire lot. what i do not understand is that i get three days the same idiot spam mail about administration part-time job for 3000$ per month to always the same post-master address in exactly 3 different variants guess it is the best to setup a sieve-filter trahsing this diretly on the server by exact subject signature.asc Description: OpenPGP digital signature
RE: Unable to relay via postfix ... but telnet works...?
Dr. Wietse, Thank you again for your time. I have been an off-and-on-again user of Postfix for many years, and it is a real honor (and surprise!) to get support directly from its originator. The hop-count limit is reached in the REMOTE mail server. I suspected as much, but I wasn't sure. Thanks for clarifying this. There are two possibilities: - The failing message already has lots of Received: headers (which is something that you may be able to fix by removing some or all). It doesn't because the message is being created at the server where Postfix is installed. - The REMOTE mail server has an unreasonably-low hop-count limit (which is something that only the remote system adminstrator can fix). This is the only possibility that remains... and since the system administrator for that system is difficult to communicate with, my guess was that the single innocent Received: header added by Postfix was the tipping point. For this reason, I used the header_checks parameter to strip it off before sending it to the external mail server... ...and now everything works. Thank you very much! Your work makes a real difference. Ahmed.
Re: I want to route all email to a second server.
On Fri, 2012-02-17 at 15:43 -0500, Rich wrote:
I have a postfix with lotus notes setup. That peice is working fine. I
use a transport map entry to send the email to the Domino server.
What I want to do is send all incoming and outgoing mail to a second
server that will be for historical purposes. I will be using cyrus as
the mailstore.
My challenge is to set up the postfix mail-relay I have in place to
send all the email to both the main domino server and the historical
cyrus box. How can I do this?
Do you have all the users created on the cyrus box too ?
In that case
1) create a recipient_bcc_maps regexp file
For eg
/^(.*)@example.com$/ {$1}@cyrus.example.com
2) Define in transport hash file to send to cyrus directly via lmtp on
tcp or send to another smtp server on the cyrus box.
For eg.
cyrus.example.com lmtp:[cyrus.example.com]:24
3) Rewrite the recipient address before sending using lmtp_generic_maps
For eg
@cyrus.example.com @example.com
That should work AFAIK , please test it before you implement though :-)
Thanks
Ram
PS: You seem to have historic reasons for sending to cyrus , infact it
should be other way around. Get rid of the domino and make the cyrus
server a primary server. Domino breaks a lot of standards and there is
hardly any reason why you should prefer it over cyrus.
Re: spam to postmaster
On Fri, 2012-02-17 at 15:49 -0600, /dev/rob0 wrote: On Fri, Feb 17, 2012 at 03:59:22PM -0500, Peter Blair wrote: On Fri, Feb 17, 2012 at 3:54 PM, Reindl Harald h.rei...@thelounge.net wrote: how do other people act with such braindead sh**t? Look into greylisting it. You'll find that greylisting could very well deal with most of the bots that things like zen.spamhaus.org would normally deal with. And strictly speaking, you're not filtering it -- just making a policy decision to not accept the transaction before the DATA section ;) Personally I do not consider strict RFC interpretation to be worth more than the time it takes to sort through the garbage. All my mail is subjected to Zen and BRBL blockage (with DNSWL and SWL exceptions allowed.) Very little spam here since I decided to do that. (Most of what does get through is to the postmaster addresses, however.) postscreen/smtpd_reject_footer is a safety net. A real sender can view that and figure out alternate means of contact. That has not happened in the time since smtpd_reject_footer was implemented here. I'd much rather give someone a rejection, than accept their mail and miss it in a flood of spam. I agree. When really flooded with spam , you would probably miss a real abuse complain. But there are cons of scanning the postmaster messages too. Most complains too will get hit as spam I manually delete the spam messages that come to my abuse@ id. but not before feeding it to a program that automatically creates URI and domain blacklists. These spammers are then blocked from sending to abuse@ addresses.
