Can I use multiple files for each?
yes, all the params that accept access files can use multiple files.
relay_domains = hash:/etc/postfix/transport, hash:/etc/postfix/others
transport_maps = hash:/etc/postfix/transport, hash:/etc/postfix/others
basic IMGate uses the same file(s) for both
Has anyone figured out how to stop this at the IMGate? I'm running CLAM AV
and it hasn't stopped one of these yet :( I got 196 (the highest number
yet) sober stopped at my IMail server antivirus just yesterday.
I'm having mixed success' aka mixed failure. iow, I'm catching a
number with
Now this sounds like the kind of anti-spammer offense that could really=20
hurt the spammers badly. They can't sell anything if their websites are=20
continually DDoS'ded.
This makes much more sense that having our MX tarpitting.
1. There's millions more PC users' machines to enlist in the
said: 554 : Sender address rejected: ACL from_senders_slet
--AAD8F346D7.1101813085/mailface.roving.com Content-De
slet, spamlist extended is an old, outdated, non-maintained filter that
should not be used. It was a list of [EMAIL PROTECTED] that the list
maintainer had decided was a spammer
Is starting services/processes at boot time as easy as creating program.sh
in /usr/local/etc/rd.d and placing the proper startup command the the
program.sh file then chmod 755 program.sh ?
As Tom said, and as documented in :
man rc
and then search for
/rc\.d
Len
Transcript of session follows.
Out: 220 mx2.taisweb.net - ESMTP - Postfix - Attn: UCE not permitted.
Violators will be prosecuted.
In: EHLO mgw2.meiway.com
Out: 250-mx2.taisweb.net
Out: 250-PIPELINING
Out: 250-SIZE 500
Out: 250-ETRN
Out: 250 8BITMIME
In: MAIL
I have smtpd_recipient_restrictions check_recipient_maps working and
dynamically updating this list/map for the domains that I host, but now
I (am just getting around to.. ) would like to perform recipient address
verification for the very few domains for which I relay mail, but don't
Getting this error in log.
fatal: open database /etc/postfix/helo_hostnames.regexp.db: No such file
or directory
you need to put
pcre:/etc/postfix/helo_hostnames.regexp
postfix defaults to hash: and therefore with no pcre:, it tries find the
hash: .db file
Len
- Xeon Processor 2.4 G +
- Can support At least 2 G RAM
- RAID 1 with SCSI
way too powerful, but what volume of msgs received/sent per day?
At this point my budget is probably about $5000.
for 1 box? you can buy a 1U box appropriate for 90% of MXs for $1000 max.
Len
I added a new domain to the Postfix/Imail IMGate configuration with only
around 30 or 40 additional accounts and am now having Imail/SMTP
problems. Basically the SMTP server on Imail (8.05) dies regularly. The
queuemanager is set with the following:
Delivery Threads: 30
Maximum retries: 15
I just figured out that the first one is looking for non-printable
characters in the Subject line.
all 8-bit characters which are illegal in general in headers. must be
preceded by iso/utf escape code.
This filter should not be used if you have legit traffic with foreign in
their language
I need to setup a IMGate box that can handle around 120,000 messages a
day, what should I be using as far as processor and memory
2 GHz, 2 GB
. Also,
theoretically, what are the limits that postfix could handle as far as
messages an hour with a P4 2.8 HT with a gig of Ram.
here's a traffic
All ideas or pointers appreciated.
egrep for yahoo group's IPs in your log files
whitelist yahoo groups IPs.
Len
header_checks = (non-mime headers)
mime_header_checks = $header_checks
I don't understand the above, is this another type of check using regexp
like the existing header/body checks regexp?
yes, mime_header_checks was added when postfix upgraded its mime processing.
So your original
you see this alos in pflogsumm report
I don't see any ?
look in the smtp and qmgr sections for timeouts for postfix as smtp
client. hmm, there isn't a pflogsumm section for smtpd timeouts, which can
be a major activity:
mx1# egrep -ic smtpd.*timeout /var/log/maillog
18956
I'll see if I
however, I still have no /var/log/maillog
in fbsd, syslogd will not create files, only write to files.
man touch
Insidently, the problem this morning was that we had an infected computer =
in our network that found our imgate box and was spewing like crazy. We =
run declude on the imail box
Currently maintenance. We _are_ changing some of our operations and
this should stop being an issue when completed. In fact , as I think on
this some more , I realize my current script does it this way ( despite
what I wrote initially -- too many interruptions ) but some errors while
updating
http://www.cnn.com/2004/LAW/12/18/spam.lawsuit.ap/index.html
But as reported, the $$$ will never be collected. However, if they are
pursued for the $$$ as OJ Simpson is being pursued, they should be in
poverty forever, I guess, which ought to dissuade others. Or maybe they
could join OJ on
Awesome!!!
one I forgot:
at the very top of every zone file:
$include db.defTTL
... where db.defTTL file contains one line:
$ttl 1d
When you want to change the default TTL for all your zones, you only have
to change one line the $include'd file.
Len
I have tried and tried and have been unsuccessful.
works for everybody else:
List-unsubscribe:
mailto:[EMAIL PROTECTED]
Len
We've got one of our iMail servers sending outbound SMTP traffic through
an IMGate server.
ok
The Question is more related to iMail. Is there a way to make all
traffic leave the IMGate server?
doesn't all traffic leave the IMGate server already? what mail stays on
the IMGate server?
Len
to_recipients_dead)
I suggestes that approach before check_recipient_maps became
available. check_recipient_maps is much better
Len
Mainly because of administration overhead. The residential clients are
actually full blown Postfix/IMAP servers that support up to 100 users per
location.
how can you run an MX without a fixed IP to send to? If they are
businesses, they need to get serious and stop being cheap with
Is there a way to setup an outbound catch of mail that
postfix bcc is per server and postfix doesn't understand in/outbound. you
could setup recipient_bcc_maps for aol so all msgs to aol get bcc to you.
if the message = body contains a defined phrase, forward it to me?
not sure, but I don't
I was unaware of this juicy tidbit. If this is true
test it. telnet to IP for IMail domain x, and use a
RCPT TO:[EMAIL PROTECTED] NOT on that IP, and see if Imail accepts it.
Len
I am experiencing high CPU usage with a slow build-up of cleanup
processes when using the body_checks with the body_checks.regexp file,
especially when using more complex regular expressions.
your main.cf uses pcre: or regexp: file type to access the body_checks
file. pcre: is much more
That is an amazing difference in performance just using pcre:
I am surprised regexp: is still in the docs as an option.
posix regexp is standard with linux and fbsd, pcre is an external library.
Len
I have updated this utility to handle a special case in the
smartermail configuration files in which domain aliases are listed
first.
You can download the new version of the utility at:
http://www.plateaultd.com/tools/smartermail/
thanks,
Len
Where can I find the setting for this filter.
Out: 250 Ok
In: DATA
Out: 354 End data with CRLF.CRLF
Out: 550 Error: Message content rejected
In: QUIT
Out: 221 Bye
header_checks or body_checks
Len
I looked at the 2 files is this the line?=20
/^.*=3D20[a-z]*=3D20[a-z]*=3D20[a-z]*=3D20[a-z]*/ REJECT
coould be, since REJECT has no custom text that would show up in the
reject: line
Len
Hi Len - is there any issues with going to FreeBSD 5.2 or the newest
5.3??
if postfix runs on fbsd 5.3 (or any OS), then IMGate config will run.
I'm staying with 4.10 for now for all my IMGate clients.
From IMGate POV, it really doesn't matter, so it's your choice.
Len
How many Nameservers should/can I give my upstream provider to delegate
my reverse dns to?
1 or more
Can I have the same number we use for domains we
setup with the registrars for non-rDNS ?
zones are totally indepedendt, any NS can serve any zone.
Len
Is there a way to reject password protected zip files?
not with postfix alone.
most AV programs can now be set to reject passworded attachments.
Len
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
How can I stop this forgery and add a rule.
try header_checks for
/^subject:.*smith-barney/
Len
I have new IMGate client whose Imail has been saved by IMGate (98% reject
rate) but Imail is still going nuts, doing rapid connect/disconnect to
IMGate 100K times/day, without sending any smtp commands, which of course
is a load on Imail we'd like to remove. (it's not anvil)
Does anybody know
IMGate does an outstanding job of blocking dictionary attacks in front of my
Imail server.
But now my IMGate servers are getting bogged down with all of the dictionary
attacks.
then something's wrong with your config
I have more than 50,000 to unknown recipients so far today, as of
8 am, and
To look at where the connections are coming from?
the connections are from Imail to postfix.
I'll report whether upgrading from RAV to reject_unliseted_recipient fixes
the pb, or not.
Judging from the number of IMail users that have Imail screwing up from
large volumes of unknown users, I
We have tens of thousands of users.
nothing wrong with that
are you running anvil?
No, I'm wondering how much that might help.
it will help some, maybe a lot, esp if single IPs are connecting above the
anvil rate.
are you running RAV (ok for small volumes) or exporting imail users?
No
the .db file gets too big. 1.1 GB is about the limit in fbsd.
Run this address_verify_watchdog.sh once a day, and set the size to suit.
positive/negative caching values can be shortened to keep the file smaller.
#!/bin/sh
AVMAXFSIZE=9
AVFNAME=/var/log/address_verify.map.db
positive/negative caching values can be shortened to keep the file smaller.
this line is wrapped:
mail /dev/null -s `hostname` $AVFNAME exceeded $AVMAXFSIZE bytes and
has been zeroed [EMAIL PROTECTED]
and
it's manually maintained by the verify service.
uh, automatically maintained
Isn't it suggested to use btree style databases for that?
file type hash: IS a b-tree db, it just doesn't scale as well as something
like Sleepy Cat b-tree.
I've got my
address_verify set to this:
# sender address verification feature
address_verify_map = btree:/var/log/address_verify
Out of curiosity, how do others using IMGate handle the huge volume of
postmaster email generated because of the email rejected by postfix? :-)
If postfix is rejecting, there is no postmaster msg.
If you're talking about the notifications sent by postfix, turn them off or
reduce the msgs sent
a stupid little script for piping your egrep searches into, so instead of
having tons of hard-to-read text, there is a blank line skipped after each
search results line.
/usr/local/bin/skipline.sh
#!/bin/sh
awk '{print $0\n}'
exit 0
==
usage:
egrep -i pattern
output a list of
users and their passwords
check the ipswitch imail add-on page
Len
I have a [EMAIL PROTECTED] account on my imail, how do I make imgate accept
the email (show that it exists) and discard all the messages it gets on the
spot.
header_checks.regexp
/to:[EMAIL PROTECTED]/ DISCARD
to be tested.
Len
What's the difference between what you suggested and adding the ^ after the
slash at the beginning of the line?
^ meta-character is PCRE anchor for beginning of line, which is usually a
good idea, but with headers, which are generally short and not very
numerous, leaving off the anchor is not
Law Barring Junk E-Mail Allows a Flood Instead
By TOM ZELLER Jr.
Q year after a sweeping federal antispam law went into effect, there is
more junk e-mail on the Internet than ever, and Levon Gillespie, according
to Microsoft, is one reason.
Lawyers for the company seemed well on the way to
Is anyone having a problem with postfix (Imgate) not delivering
Hotmail and MSN accounts?
it happens from time to time. their MXs get very slow, and postfix
smtp_*_timeouts timeout when trying to send
smtp_connect_timeout = 30s
smtp_data_done_timeout = 600s
smtp_data_init_timeout
I change the SMTP Timeout but they are still getting stopped.
there are serveral SMTP timeouts, you need to increase them all.
smtp_connect_timeout =
smtp_data_done_timeout =
smtp_data_init_timeout =
smtp_data_xfer_timeout =
smtp_helo_timeout =
smtp_mail_timeout =
smtp_quit_timeout =
http://news.com.com/Zombie+trick+expected+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=nefd.top
You are an ISP providing email submission via your mailbox server or
direct-to-imgate where your IPs are trusted for relaying by IP, instead of
via SMTP AUTH. This attack could overwhelm your
One short-term tactic would be for IMGate not to trust IMail's IP for
relaying via mynetworks, but to run SAV/RAV before permit_mynetworks.
Any suggestions for an ISP not running SAV/RAV due to high mail volume
250k/day
but of the 250K total, how many are outbound? 10%? That's really
and 4 percent of the recipients have bought something advertised =
through
spam within the past year.
That's just great :/really helps the cause.
I'm still for DoSing the spamvertizer's websites. That will kill their
revenue with which they pay for spam. It can be done correctly, but
will do. thanks.
any way to make it search the body of the email.
body_checks.regexp
body checks can kill postfix, so limit scanning with:
body_checks_size_limit =
Len
# egrep -i res.rr.com /var/log/maillog | wc -l
727
# zgrep -i res.rr.com /var/log/maillog.[0-9].gz | wc -l
4155
I would double check your stats, as this figure counts email from/to
res.rr.com
also, smtpd dis/connect's
This would be more accurate:
egrep -ic reject:.*res.rr.com
I just realized that my unknuser2recipients_bad.sh is not working on my
domains
that are sent to two postfix boxes(mail is first sent to my Imgate box and
then
the transport.map sends the message to a second box that scans for viruses),
the unknown user is sent back from Imail to the virus box,
I thought this was the best way to setup postfix with virusscanning.
forget about unknown users. export the known users from the
imail box to the MX.
Some of the domains behind the virusscanner are not on Imail.
if the traffic isn't too big for them, then use RAV for them, and tell
The recommendation to avoid the dictionary attacks is to turn on
tarpitting.
http://support.microsoft.com/kb/842851/
Does anybody have experience with Exchange smtp tarpitting when the volume
of unknown recipients is 20k per hour? For different tarpit delays between
5 and 30 seconds?
Len
I recently had a domain that attracted a lot of spam/address harvesting
traffic leave us and go to another provider and I came to notice that the
new provider was blocking an IP address that belonged to one of our mail
servers. After working with them I realized that they started blocking us
- I don't run SAV, RAV was moved from early to late
For your inbound traffic (which I assume is your biggest volume, esp
inflated with huge volume of unknown recips), that means all the policy
work will be spent, and then RAV says it's not even one of your recipients
anyway.
The whole point
I'm working on setting up an big MX for a high-volume outfit. It's not the
first time I've seen this, and the machine runs fine, only with slower disk
i/o, so check your own hardware.
ATA 66 and above disks require special, polarized, shielded ATA cables,
which have a controller end and a
connect #3 to subsystem private/scache
looks like a postfix bad install, try make upgrade
I cheated (for the most part) copied my Postfix config from my working
box to the new one, changed the names and turned it. The version of
Postfix on the production box is 2.2-20040628, while on the new
I noticed that one of my domains was getting over 500 megs mail sent to
non-existent users one a daily basis. The mail came from a variety of
senders. I then moved the account to a different mail server and now
this new mail server is getting all the traffic, with the similiar
activity of random
One odd problem though. The new server, despite having almost identical
configuration (save for host name and IP address) is spitting out
failure messages in droves. What can I do stop that
stop the failures?
something is different somewhere, just compare the two
main.cf
/etc/aliases
Len
We all know about unix rootkits, but here we see Windows root kits,
ratchetting up PC security problem way up the scale.
=
Microsoft Warns of New Security Threat
System monitoring programs, called rootkits, may pose a serious danger to
your PC.
smptd processes check the map.db timestamp and kill themselves if it has
changed.
the smtpd processes log their suicide to maillog
Len
Today I incurred a
new client where mail.domain.tld
resolves to 6 IPs. I guess I could use
domain.tld smtp:mail.domain.tld
n.n.n.n=mailhost.domain.tld. (mailhost is our server) But is there a way
to do this with a list of IPs ?
not with transport.map, which is a two-field database.
use:
for fbsd users, it's recommended to keep a recent copy of this handy:
ftp://ftp.freebsd.org/pub/FreeBSD/doc/en/books/handbook/book.pdf.zip
It's 1000 pages, your answers are probably in there somewhere.
Len
Len, have you updated any of the IMGATE files lately?
Not the basic config. I only bother keeping the advanced config as cutting
edge.
Len
I have a user that is trying to send to the domain fronitier.net. On their
The following message could not be delivered to
'[EMAIL PROTECTED]'
the vertical tick marks are not valid characters
Len
so what I'll do is just allow the offending site in mta_clients_bw.
correct
Len
I am finally doing the research to add greylisting (postgrey) to my IMGates
and am wondering if it is still effective or have spammers found a way
around this technique?
still effective.
what has happened is that a few more ISPs and networks operators have
blocked egress to port 25, stopping a
I was convinced so I'm in the process of adding it ( back? ) in to my
IMGate systems. My question is to those that are _not_ greylisting
everyone but only selected domains.
why would you not greylist all msgs?
Len
Error: FTP Unable to get
ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.7-release/Latest/postgrey.tgz:
File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch
has postgrey been ported to fbsd?
grab the .tar.gz from the postgrey website
I had ABSOLUTELY no idea
sav_white_candiates_ptr.sh
#!/bin/sh
DATENOW=`date +%y%m%d_%H%M`
WORKPATH=/var/tmp
WORKFILE=sav_white_can.rpt
MAILTO=[EMAIL PROTECTED]
echo $WORKPATH/$WORKFILE
echo Sender Address Verification Database Report, `date`
$WORKPATH/$WORKFILE
echo $WORKPATH/$WORKFILE
echo $WORKPATH/$WORKFILE
sorry, the was a report for SAV, not postgrey.
Tom and I worked up a report for postgrey that he put on the postgrey site.
greylisting is so harmless, it's almost not worth bothering with
whitelisting, since legit servers whitelist themselves by re-trying once.
Len
Maybe that is part of the problem, I don't see anything related to the
'scache' service in master.cf , should it be there ?
I don't think so. no every postfix process has a line in master.cf
is you OS showing out of file handles or any other filesystem or process
errors?
Len
Does anyone know where I could obtain the imailusers.exe file to export
a user list?
http://www.smartbusiness.com/imail
Len
http://www.alphaworks.ibm.com/tech/fairuce
Sorta like SAV, but a little bit more.
Anybody try the postfix version, yet?
Len
From the SPAM-L list:
It requires Postfix 2.1 or later, Apache with SSL, Java, and JavaMail so
it's unlikely to be deployed too widely.
If it provide nothing an incremental improvemnt, it won't be worth it for
my advanced IMGate conffig.
Len
I just encountered an issue with the main.cf file as provided by Len for the
basic Imgate configuration and hope someone can clarify the situation for
me. The issue came up when I needed to whitelist an email recipient address
for a few of our users to the configuration and came across what looks
Just curious on if any of you are signing up for this service?
http://spf.pobox.com/
I follow the SPF list, here's msg of frustration from recently:
I want an RfC for
v=spf1 a.s.a.p. All these permanent modifications like adding
zone-cut, removing zone-cut, use PRA instead of MAIL FROM,
don't
Personally I'd like to see
Marking Mail Transfer Agents in Reverse DNS with TXT RRs
ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-stumpf-dns-mtamark-03.txt
move forward and get adopted.
Sounds good to me, but so did SPF in the beginning. :)
mtamark has, for me, the same problem as
Anyway here what I have in the /etc/postfix/bodychecks.regexp:
/(bobtests frankly is)/ 554 ACL body_checks_regexp Content of message body =
rejected, content =3D $1
man 5 body_checks
... says there is no 554 action for a match.
smtpd process has SMTP numeric actions
cleanup process has
Also, the big guys will be more likely to start enforcing spf values when
they see many of us have properly setup SPF records.
The big guys can force the issue, as only they have the power, but, as they
have shown on PTR and helo hostnames, they refuse to wield their power.
The big guys won't
I think its because of some rogue extension you have installed. Try
removing the extensions you have installed one by one
tools:extension shows no extensions installed.
Len
We've got a new complaint about yahoo groups mail rejecting so I went
looking for the specific reason.
The REJECT is coming from a line in header_checks.regexp
Could someone , who's brain is firing on all cylinders , explain this
regular expression and why it is considered SPAM-ish?
anything yahoo and getting lots of interesting subject lines.
nope, only from yahoo IPs. [EMAIL PROTECTED] means nothing
Len
Would it be possible to move the relay_recipients.map to a database in
either postgresql or mysql.
any access file can be a database, but a full database must be less
efficient than a simple hash file.
I am currently using a database for our
transport list and it seems to be fast since it
Hi, I have added clamav to to my postfix via amavisd-new. I am having a
problem with it though, in that amavisd-new adds a received header to
indicate it was received from postfix. In my Imail/Declude
configuration, I have Declude set to IPBYPASS my gateway server, but
amavisd-new breaks this.
Lately all the spam that's making it through is coming in in this format
Received: from noos.fr (unknown [218.81.144.71]) can you guys help me figure
which setting I have to loose. These are mostly stock recommendations which
Spamassasin is scoring at negative numbers.
assuming noos.fr is the
Thanks Len but I was more concerned about the unknown part as these messages
are not from a single helo hostname
that Class A seems to be assigned to China:
mx1# dig -x 218.0.0.0
; DiG 9.2.3 -x 218.0.0.0
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN,
Isn't there a way to exclude a [EMAIL PROTECTED] from the filtering
otherwise done to [EMAIL PROTECTED] Alternatively, is it possible to
relay messages (to Imail) for some domains via postfix while doing
different filtering than what is done for all other domains?
IIRC, there has been some
okay. but is that due to someone on my end sending to a non exsisting
account
yr postfix logged the reject, so the msg to unknown recipient got into your
postfix from somewhere.
or someone forging my mx stuff. ?
what's mx stuff ?
Len
This is a copy of todays mail.cgi full maillog option. I understand from
reading the pflogsumm site that its not 100% accurate in numbers but I
assume in everything else it is.
There are some things I don't get in it.
I show mail coming into accounts that don't exist.
delivered to non-existent
Does header_checks information apply to the settings I'm going to use in
transport.map and master.cf?
yes, cleanup process sees all msgs
Len
I am setting up IMGate for the first time and I have FreeBSD and Postfix up
and running I just need to get the config files from someone.
Kyle,
I've sent you 2 pairs of msgs, in response to your two requests. Your
system is eating them (they are not bouncing).
In response to your 3rd email
I ran into a Win32 sed issue today while trying to use the port of sed from:
http://unxutils.sourceforge.net/
While trying to delete all blank lines in a file with the following cmd:
sed /^$/d file
it refused to work.
But super-sed from: http://www.student.northpark.edu/pemente/sed/
sed /^$/d file
... doesn't look valid at all. eg, why double quote the de-limited
regex's? I never do that.
That would be true on *nix. But when calling a batch file on Win2k (any
Win32 OS, I think) you need the quotes. At least I have never been able to
get it to work without them.
ok, I
I am having a problem with some of our customers getting marked as spam at
certain other mail servers.
how many other ?
When receiving servers get the message, they scan the hop
for our server which passes, then they scan the hop for the originating
computer -- and since that IP could be on
IMGate is an outbound server for nearly every IMGate site. Aren't you
runnning your outbound through IMGate already?
No, not yet. I haven't been able to convince the powers that be. The
benefits listed on your web site make it look like a great asset, but until
our SmarterMail box starts
1 - 100 of 304 matches
Mail list logo
