Re: Filter withdrawals

[Mischa]

>> I’d be up for it. Although I’m still running 5.9 on my mail server, I’m 
>> thinking of upgrading. I knew that filters are experimental (and really to 
>> test the API, not the filters themselves), however I’ve decided to use some 
>> of them and would like to continue doing so. The dnsbl is the one I’d miss 
>> the most. 
>> 
>> All other functionality in my config uses traditional approach, with 
>> relaying over smtp to a daemon (spamd, clamav, dkim_proxy, etc) listening on 
>> lo interface, and all seems to be working fine. 
> 
> Assuming that that is OpenBSD spamd then I may be able to help you
> with your dnsbl desire.
> 
> I have a python script that runs every 15 mins (inside the spamd
> whitelist time) that checks for new entries, looks them up against a
> dnsbl and blacklists if appropriate.  Note that this code would be
> provided "as is" & whilst it works for me I make no guarantees as to
> anything.  It probably isn't suitable for anything vaguely high
> volume.
> 
> A better hack than what I'm doing currently would be to abuse the
> spamd sync feature which provides a much more timely notification of
> activity, but I haven't found the round tuits to do it and am unlikely
> to do so.

I am very interested in that script as well. Would be great to have a blacklist 
function in spamd based on RBLs.

Mischa


--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Filter withdrawals

[John Cox]

>> On 6 Sep 2016, at 14:10, Edgar Pettijohn  wrote:
>> 
>> I'm thinking of starting a support group for others suffering from filter 
>> withdrawal. Upgraded to 6.0 over the weekend and went back to using spampd 
>> and sieve. Is there any other options besides amavis?  I really miss 
>> filter-regex. Haven't had any luck finding a replacement just curious if 
>> anyone out there has any suggestions.
>
>Hi,
>
>I’d be up for it. Although I’m still running 5.9 on my mail server, I’m 
>thinking of upgrading. I knew that filters are experimental (and really to 
>test the API, not the filters themselves), however I’ve decided to use some of 
>them and would like to continue doing so. The dnsbl is the one I’d miss the 
>most. 
>
>All other functionality in my config uses traditional approach, with relaying 
>over smtp to a daemon (spamd, clamav, dkim_proxy, etc) listening on lo 
>interface, and all seems to be working fine. 

Assuming that that is OpenBSD spamd then I may be able to help you
with your dnsbl desire.

I have a python script that runs every 15 mins (inside the spamd
whitelist time) that checks for new entries, looks them up against a
dnsbl and blacklists if appropriate.  Note that this code would be
provided "as is" & whilst it works for me I make no guarantees as to
anything.  It probably isn't suitable for anything vaguely high
volume.

A better hack than what I'm doing currently would be to abuse the
spamd sync feature which provides a much more timely notification of
activity, but I haven't found the round tuits to do it and am unlikely
to do so.

Regards

JC

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: address extensions

[Matthias Teege]

On Wed, Aug 31, 2016 at 12:49:35PM +0200, Gilles Chehade wrote:

Hi,

> On Sat, Aug 27, 2016 at 10:02:31AM +0200, Matthias Teege wrote:
>
> > How to I setup extensions addresses in opensmtpd?
> 
> the upcoming 6.0.0 release will not support it, but next minor release

Many thanks for that. That helps allot.
Matthias


signature.asc
Description: PGP signature

Re: Greylisting

[Silvio Siefke]

On Sat, 10 Sep 2016 23:06:54 +0200
Mischa Peters  wrote:

> Have a look at spamd.
> https://www.openbsd.org/spamd/index.html
> 
> Also runs on non-OpenBSD. 

Yes spamassassin is running with amavisd-new. That works well, the spam
goes in quarantine. Why does OpenSMTPD accept mails to addresses which 
do not exist on the system? This is normal when you use @CATCHALL. 

Regards
Silvio


pgplR9eUEdzuY.pgp
Description: PGP signature

Re: Greylisting

[Joerg Jung]

On Mon, Sep 12, 2016 at 08:49:04PM +0200, Silvio Siefke wrote:
> On Sat, 10 Sep 2016 23:06:54 +0200
> Mischa Peters  wrote:
> 
> > Have a look at spamd.
> > https://www.openbsd.org/spamd/index.html
> > 
> > Also runs on non-OpenBSD. 
> 
> Yes spamassassin is running with amavisd-new. That works well, the spam
> goes in quarantine. Why does OpenSMTPD accept mails to addresses which 
> do not exist on the system? This is normal when you use @CATCHALL. 
> 
> Regards
> Silvio

Just to avoid some confusion here: 

OpenBSD spamd(8) [1] is NOT EQUAL to SpamAssassin spamd(1) [2].


[1] http://man.openbsd.org/OpenBSD-current/man8/spamd.8
[2] http://spamassassin.apache.org/full/3.4.x/doc/spamd.html

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Greylisting

[Silvio Siefke]

On Sun, 11 Sep 2016 12:17:29 +0200
"Peter N. M. Hansteen"  wrote:

> If all you've found is 'shell scripts and pf' I don't think you've
> looked very closely.

Sure when you search OpenSMTPD SPAMASSASSIN only come for OpenBSD really
help. This is okay, but I can not install on VPS OpenBSD. For Linux is 
not really help there. This is okay too, Linux and BSD not really friendly
each other and I like OpenSMTPD. 
 
> As Mischa mentioned earlier, on OpenBSD and other OSes with PF there's
> spamd(8), which was (for example) quite capable of shielding all my
> users from the recent 'voicemail' scam using only its default
> greylisting (see
> http://bsdly.blogspot.com/2016/08/the-voicemail-scammers-never-got-past.html
> about that particular incident, links to other articles about spamd(8)
> greylisting and related topics therein).

That I have spam is not a problem. We all have it. But I understand not, why
accept OpenSMTPD Mails for addresses which not active, not in user file. Normal
when come this email OpenSMTPD should reject.  

Regards
Silvio
-- 
Silvio Siefke 


pgpRjNcONhs4o.pgp
Description: PGP signature

Re: Modifying mails in queue

[Wilhelm Schuster]

> On Sep 12, 2016, at 20:22, ultr4l33t  wrote:
> 
> Dear Wilhelm,
> 
> 
> im writing you Offlist because i dont know if the method is use for what
> your problem is about is a "real solution". For me it worked everytime -
> but i guess its a "dirty hack" which should officially not be used...
> 
> The Mails are normally located under /var/spool/smtpd/queue as files.
> 
> In the queue folder there are many subfolders so you may want to use a
> script to replace all
> 
> lmtp://127.0.0.1:10025
> 
> with
> 
> smtp://127.0.0.1:10025
> 
> in these Files.
> Before you do that you should shut down the opensmtpd process (i dont
> know if stopping the mta with smtpctl pause mta is working as well -
> didnt try) and start it after you changed the files. It will take some
> time until the Server starts to hand out these mails but you can skip
> that wait time with smtpctl schedule all.
> 
> Regards
> Marcel

Thanks Marcel,

this helped me fix my problem. Though it definitely seems more like a 
“workaround”. I’m pleasantly surprised that the queue metadata files are in 
plaintext.

I first stopped opensmtpd, ran:

# find /var/spool/smtpd/queue/ -type f ! -name message -exec \
  sed -i 's#mta-relay: lmtp://127.0.0.1:10025#mta-relay: 
smtp://127.0.0.1:10025#' '{}' \;

started opensmtpd again and finally fired off `smtpctl schedule all` and 
watched mail getting delivered.

Cheers, Wilhelm Schuster.



--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Modifying mails in queue

[Edgar Pettijohn]

Sent from my iPhone

> On Sep 12, 2016, at 10:40 AM, Wilhelm Schuster  wrote:
> 
> Hi,
> 
> I’ve set up opensmtpd to first relay every messages to spampd (running on 
> localhost, port 10025) via:
> 
>accept from any for domain "wilhelm.re" relay via smtp://127.0.0.1:10025
> 
> Unfortunately, I had a configuration error where I had opensmtpd relay the 
> messages to lmtp://127.0.0.1:10025, which didn’t work and delivery failed 
> with "Network error on destination MXs”.
> 
> I’ve since corrected the config and mails get delivered again… Except for the 
> ones that arrived in the time window where I had the faulty config, which 
> opensmtpd tries to deliver to lmtp://127.0.0.1:10025 again and again.
> 
> Is there a way I can modify these mails in the queue to get relayed to 
> smtp://127.0.0.1:10025?
> 
> Cheers, Wilhelm Schuster.
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

I know I've seen this asked before. Found this one:

https://marc.info/?l=opensmtpd-misc=143639072009982=2

There are probably others with different solutions.

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Greylisting

[Peter N. M. Hansteen]

On 09/12/16 20:49, Silvio Siefke wrote:
> On Sat, 10 Sep 2016 23:06:54 +0200
> Mischa Peters  wrote:
> 
>> Have a look at spamd.
>> https://www.openbsd.org/spamd/index.html
>>
>> Also runs on non-OpenBSD. 
> 
> Yes spamassassin is running with amavisd-new. 

I think you may be confusing the OpenBSD spamd(8) program described at
that URL with the program that comes with the spamassassin
content-filtering system. They are two distinct and quite different
programs, but it's more than possible for them to co-exist (even on the
same machine if needed, they install to different paths) and they
complement each other quite well in such setups.

Yes, it is kind of unfortunate that two very different programs come
with a binary with the same name, and it has lead to exactly that kind
of confusion at times.

If you're already using spamassassin, that's fine. If you put the
OpenBSD spamd in default greylisting mode in front of spamassassin or
other content filtering, the load on your content filtering will almost
certainly go down significantly.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.



signature.asc
Description: OpenPGP digital signature