Disable greylisting on rspamd
Just a quick FYI on disabling rspamd's greylisting module. This is something you will want to go if you run OpenBSD's spamd because it is still the king of first line of defense against spam. # /etc/rspamd/local.d/greylist.conf enabled = false; Then restart rspamd.
Re: greylisting vs round robin
You could use a matching rule to these particular emails and use relay via to specify the host to send it to. However I would think that their system will still hop you around. Worth a shot though. You could ask their postmaster to whitelist you on all of their hosts. Probably the better choice. > > On Dec 6, 2017 at 1:43 AM,wrote: > > > Hi folks, Looking at my opensmtpd log file (see attachment) some EMails are > greylisted by the peer several times. Apparently the receiving ISP has > several MX hosts, probably each running its own local whitelist. :-( Do you > think it would be possible in opensmtpd to avoid hopping from one IP address > to another, when the greylisted EMails are processed again? opensmtpd is > version 6.0.2, running on Debian. Every helpful comment is highly appreciated > Harri >
greylisting vs round robin
Hi folks,
Looking at my opensmtpd log file (see attachment) some EMails
are greylisted by the peer several times. Apparently the
receiving ISP has several MX hosts, probably each running its
own local whitelist. :-(
Do you think it would be possible in opensmtpd to avoid
hopping from one IP address to another, when the greylisted
EMails are processed again?
opensmtpd is version 6.0.2, running on Debian.
Every helpful comment is highly appreciated
Harri
% ( zcat mail.log.{4..1}.gz; cat mail.log ) | grep -i greylist | grep bigisp
Nov 7 14:57:14 mailproxy-example smtpd[119331]: relay: TempFail for
0d2a26cfe2294eca: session=b7187e777bb83a3a, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.216
(mx-v1.bigisp.de), delay=0s, stat=457 Greylisted, please come back later.
Nov 7 15:03:55 mailproxy-example smtpd[119331]: relay: TempFail for
0d2a26cfe2294eca: session=b7187e7abd6d6e31, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.217
(mx-v2.bigisp.de), delay=6m41s, stat=457 Greylisted, please come back later.
Nov 7 15:04:04 mailproxy-example smtpd[119331]: relay: TempFail for
654b3d5f30fed65b: session=b7187e7abd6d6e31, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.217
(mx-v2.bigisp.de), delay=0s, stat=457 Greylisted, please come back later.
Nov 7 15:10:44 mailproxy-example smtpd[119331]: relay: TempFail for
654b3d5f30fed65b: session=b7187e84bff763ce, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.216
(mx-v1.bigisp.de), delay=6m40s, stat=457 Greylisted, please come back later.
Nov 8 15:22:57 mailproxy-example smtpd[119331]: relay: TempFail for
3f15b7e90cd2ef63: session=b7187f68a34c154c, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.218
(mx-v3.bigisp.de), delay=1s, stat=457 Greylisted, please come back later.
Nov 8 15:29:36 mailproxy-example smtpd[119331]: relay: TempFail for
3f15b7e90cd2ef63: session=b7187f6befadda90, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.217
(mx-v2.bigisp.de), delay=6m40s, stat=457 Greylisted, please come back later.
Nov 9 10:51:02 mailproxy-example smtpd[119331]: relay: TempFail for
40fb08780512a754: session=b7187fd9afa71414, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.218
(mx-v3.bigisp.de), delay=0s, stat=457 Greylisted, please come back later.
Nov 9 10:51:03 mailproxy-example smtpd[119331]: relay: TempFail for
581347b24118025c: session=b7187fd9afa71414, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.218
(mx-v3.bigisp.de), delay=1s, stat=457 Greylisted, please come back later.
Nov 9 10:57:43 mailproxy-example smtpd[119331]: relay: TempFail for
40fb08780512a754: session=b7187fed3db16b83, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.216
(mx-v1.bigisp.de), delay=6m41s, stat=457 Greylisted, please come back later.
Nov 9 10:57:44 mailproxy-example smtpd[119331]: relay: TempFail for
581347b24118025c: session=b7187fed3db16b83, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.216
(mx-v1.bigisp.de), delay=6m42s, stat=457 Greylisted, please come back later.
Nov 9 10:58:54 mailproxy-example smtpd[119331]: relay: TempFail for
5a5fa8c0eccb9626: session=b7187ff7a4818ba0, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.218
(mx-v3.bigisp.de), delay=1s, stat=457 Greylisted, please come back later.
Nov 9 11:05:34 mailproxy-example smtpd[119331]: relay: TempFail for
5a5fa8c0eccb9626: session=b7187ffaefedc912, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.218
(mx-v3.bigisp.de), delay=6m40s, stat=457 Greylisted, please come back later.
Nov 17 14:31:29 mailproxy-example smtpd[123933]: relay: TempFail for
8bb5026ac8135c6b: session=266bf548e8c88d6b, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.217
(mx-v2.bigisp.de), delay=0s, stat=457 Greylisted, please come back later.
Nov 17 14:38:10 mailproxy-example smtpd[123933]: relay: TempFail for
8bb5026ac8135c6b: session=266bf54b45686ed0, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.215
(mx-v0.bigisp.de), delay=6m41s, stat=457 Greylisted, please come back later.
Nov 27 12:23:16 mailproxy-example smtpd[128520]: relay: TempFail for
6675c67d74f917d2: session=2d4fc6fbef6099cf, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.218
(mx-v3.bigisp.de), delay=1s, stat=457 Greylisted, please come back later.
Nov 27 12:29:56 mailproxy-example smtpd[128520]: relay: TempFail for
6675c67d74f917d2: session=2d4fc6fe42cd1f52, from=,
to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.216
(mx-v1.bigisp.de), delay=6m41s, stat=457 Greylisted, please come back later.
% dig @8.8.8.8 bigisp.de MX +short
1 mx.bigisp.de.
% host mx.bigisp.de
mx.bigisp.de has address 192.168.92.215
mx.bigisp.de has address 192.168.92.217
mx.bigisp.de has address 192.168.92.218
mx.bigisp.de has address 192.168.92.216
Re: Greylisting
On Wed, Sep 14, 2016 at 07:22:21AM -0500, Edgar Pettijohn wrote: > What is in your blacklist. A table may be what you're looking for. > DUH. thanks for correcting me, I was out of my mind. rephrasing: shouldn't this be: reject from any sender for any -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Wed, 14 Sep 2016 07:22:21 -0500 Edgar Pettijohn wrote: > What is in your blacklist. A table may be what you're > looking for. Domains with @ character before. @123.com @yahoo.de @yahoo.com @whatever.com So ca. 145 lines. Nice day & Thank you Silvio pgp_o6uKEQcBU.pgp Description: PGP signature
Re: Greylisting
What is in your blacklist. A table may be what you're looking for.
Sent from my iPhone
> On Sep 14, 2016, at 6:56 AM, Silvio Siefke wrote:
>
> On Wed, 14 Sep 2016 11:32:51 +0200
> Gilles Chehade wrote:
>
>> shouldn't this be:
>>
>>reject from any recipient for any
>
> I try with same result. Blacklist goes on.
>
>
> Thank you & Nice day
> Silvio
>
> Sep 14 13:53:45 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp
> event=connected address=98.138.91.123 host=nm30-vm6.bullet.mail.ne1.yahoo.com
> Sep 14 13:53:46 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp
> event=starttls ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES128-GCM-SHA256,
> bits=128"
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp
> event=message msgid=16116e62 from=
> to= size=2400 ndest=1 proto=ESMTP
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta
> event=connecting address=smtp://127.0.0.1:10024 host=localhost
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta
> event=connected
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp
> event=closed reason=quit
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp
> event=connected address=127.0.0.1 host=localhost
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp
> event=message msgid=ba4f51c6 from=
> to= size=3355 ndest=1 proto=ESMTP
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: mda
> event=delivery evpid=ba4f51c6c3f4a2d7 from=
> to= user=siefke method=maildir delay=0s result=Ok
> stat=Delivered
> Sep 14 13:53:47 vps296466.ovh.net amavis[20722]: (20722-11) Passed SPAMMY
> {RelayedTaggedInbound}, [127.0.0.1] [98.138.89.252]
> -> , Message-ID:
> <1184748261.935278.1473854025...@mail.yahoo.com>, mail_id: aUBo0X4GAEWV,
> Hits: 1.652, size: 2434, queued_as: 250 2.0.0: ba4f51c6 Message accepted for
> delivery, dkim_sd=s2048:yahoo.com, 614 ms
> Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta
> event=delivery evpid=16116e624d9f8d9c from=
> to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1
> (localhost) delay=1s result=Ok stat=250 2.0.0 from
> MTA(smtp:[127.0.0.1]:10025): 250 2.0.0: ba4f51c6 Message accepted for delivery
> Sep 14 13:53:57 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta
> event=closed reason=quit messages=1
> Sep 14 13:53:57 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp
> event=closed reason=quit
>
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Wed, 14 Sep 2016 11:32:51 +0200
Gilles Chehade wrote:
> shouldn't this be:
>
> reject from any recipient for any
I try with same result. Blacklist goes on.
Thank you & Nice day
Silvio
Sep 14 13:53:45 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp
event=connected address=98.138.91.123 host=nm30-vm6.bullet.mail.ne1.yahoo.com
Sep 14 13:53:46 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp
event=starttls ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES128-GCM-SHA256,
bits=128"
Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp
event=message msgid=16116e62 from=
to= size=2400 ndest=1 proto=ESMTP
Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta
event=connecting address=smtp://127.0.0.1:10024 host=localhost
Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta
event=connected
Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp
event=closed reason=quit
Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp
event=connected address=127.0.0.1 host=localhost
Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp
event=message msgid=ba4f51c6 from=
to= size=3355 ndest=1 proto=ESMTP
Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: mda
event=delivery evpid=ba4f51c6c3f4a2d7 from=
to= user=siefke method=maildir delay=0s result=Ok
stat=Delivered
Sep 14 13:53:47 vps296466.ovh.net amavis[20722]: (20722-11) Passed SPAMMY
{RelayedTaggedInbound}, [127.0.0.1] [98.138.89.252] ->
, Message-ID:
<1184748261.935278.1473854025...@mail.yahoo.com>, mail_id: aUBo0X4GAEWV, Hits:
1.652, size: 2434, queued_as: 250 2.0.0: ba4f51c6 Message accepted for
delivery, dkim_sd=s2048:yahoo.com, 614 ms
Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta
event=delivery evpid=16116e624d9f8d9c from=
to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1
(localhost) delay=1s result=Ok stat=250 2.0.0 from MTA(smtp:[127.0.0.1]:10025):
250 2.0.0: ba4f51c6 Message accepted for delivery
Sep 14 13:53:57 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta
event=closed reason=quit messages=1
Sep 14 13:53:57 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp
event=closed reason=quit
pgpwjKl1wmY_B.pgp
Description: PGP signature
Re: Greylisting
On Wed, Sep 14, 2016 at 11:29:42AM +0200, Silvio Siefke wrote: > On Tue, 13 Sep 2016 17:19:41 -0500 > Edgar Pettijohn wrote: > > > > reject from any recipient > > accept from any recipient for domain relay via > > "smtp://127.0.0.1:10024" > shouldn't this be: reject from any recipient for any -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Tue, 13 Sep 2016 17:19:41 -0500
Edgar Pettijohn wrote:
> reject from any recipient
> accept from any recipient for domain relay via
> "smtp://127.0.0.1:10024"
A short question, must it be or !? I try with
yahoo address and smtpd accept message.
[root@vps296466 smtpd]# cat tables/blacklist.conf | grep yahoo
@yahoo.ca
@yahoo.co.jp
@yahoo.com
@yahoo.de
@yahoo.fr
Or must write complete email adress? But when understand man right, the
@ character should be enough?
[root@vps296466 smtpd]# cat /var/log/mail.log | grep "yahoo.com"
Sep 14 11:23:26 vps296466.ovh.net smtpd[24372]: bc83839eb54c0922 smtp
event=connected address=98.138.91.33 host=nm2-vm1.bullet.mail.ne1.yahoo.com
Sep 14 11:23:27 vps296466.ovh.net smtpd[24372]: bc83839eb54c0922 smtp
event=message msgid=ce304eef from=
to= size=7724 ndest=1 proto=ESMTP
Sep 14 11:23:28 vps296466.ovh.net smtpd[24372]: bc8383a977352dc4 smtp
event=message msgid=8fd15e5c from=
to= size=8652 ndest=1 proto=ESMTP
Sep 14 11:23:28 vps296466.ovh.net smtpd[24372]: mda
event=delivery evpid=8fd15e5cb247caf5 from=
to= user=siefke method=maildir delay=0s result=Ok
stat=Delivered
Sep 14 11:23:28 vps296466.ovh.net amavis[20723]: (20723-09) Passed CLEAN
{RelayedInbound}, [127.0.0.1] [98.138.87.3] ->
, Message-ID:
<1222940824.822595.1473845005...@mail.yahoo.com>, mail_id: WShDvIinoj8k, Hits:
0.041, size: 7998, queued_as: 250 2.0.0: 8fd15e5c Message accepted for
delivery, dkim_sd=s2048:yahoo.com, 1026 ms
Sep 14 11:23:28 vps296466.ovh.net smtpd[24372]: bc8383a8728477d2 mta
event=delivery evpid=ce304eeff462ddd8 from=
to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1
(localhost) delay=1s result=Ok stat=250 2.0.0 from MTA(smtp:[127.0.0.1]:10025):
250 2.0.0: 8fd15e5c Message accepted for delivery
Sep 14 11:24:33 vps296466.ovh.net smtpd[24453]: affa20c3f40ca15b smtp
event=connected address=98.138.90.153 host=nm5-vm2.bullet.mail.ne1.yahoo.com
Sep 14 11:24:34 vps296466.ovh.net smtpd[24453]: affa20c3f40ca15b smtp
event=message msgid=16d34819 from=
to= size=7727 ndest=1 proto=ESMTP
Sep 14 11:24:35 vps296466.ovh.net smtpd[24453]: affa20cecdccb12e smtp
event=message msgid=9f89264e from=
to= size=8653 ndest=1 proto=ESMTP
Sep 14 11:24:35 vps296466.ovh.net smtpd[24453]: mda
event=delivery evpid=9f89264e36ce54ed from=
to= user=siefke method=maildir delay=0s result=Ok
stat=Delivered
Sep 14 11:24:35 vps296466.ovh.net amavis[20722]: (20722-10) Passed CLEAN
{RelayedInbound}, [127.0.0.1] [98.138.89.250] ->
, Message-ID:
<1072319885.884110.1473845073...@mail.yahoo.com>, mail_id: L3g4TkRjpM0p, Hits:
0.041, size: 8001, queued_as: 250 2.0.0: 9f89264e Message accepted for
delivery, dkim_sd=s2048:yahoo.com, 1234 ms
Sep 14 11:24:35 vps296466.ovh.net smtpd[24453]: affa20cda72cc805 mta
event=delivery evpid=16d34819bccdb51e from=
to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1
(localhost) delay=1s result=Ok stat=250 2.0.0 from MTA(smtp:[127.0.0.1]:10025):
250 2.0.0: 9f89264e Message accepted for deliver
Thank you & Nice Day
Silvio
--
Silvio Siefke
pgp7GMSRd6Hee.pgp
Description: PGP signature
Re: Greylisting
On Tue, 13 Sep 2016 17:19:41 -0500 Edgar Pettijohn wrote: > ... > cat > /etc/smtpd/tables/myusers.conf << "EOF" > u...@domain.tld > us...@domain.tld > EOF Thank you. Silvio -- Silvio Siefke pgpmetNDUS9zK.pgp Description: PGP signature
Re: Greylisting
On 16-09-13 12:33:53, Edgar Pettijohn wrote:
>
>
> Sent from my iPhone
>
> > On Sep 13, 2016, at 11:55 AM, Silvio Siefke wrote:
> >
> > On Mon, 12 Sep 2016 14:07:29 -0500
> > Edgar Pettijohn wrote:
> >
> >> For anyone to answer that you would need to provide your smtpd.conf
> >> possibly logs, etc...
> >
> >
> > # generate db using makemap
> > table aliases file:/etc/smtpd/tables/aliases
> > table vdoms file:/etc/smtpd/tables/domains.conf
> > table vusers file:/etc/smtpd/tables/users.conf
> > table blacklist file:/etc/smtpd/tables/blacklist.conf
table myusers file:/etc/smtpd/tables/myusers.conf
> >
> > # See smtpd.conf(5) for more information.
> > pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt"
> > pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key"
> >
> > # Inbound mail smtp, smtps, deliver
> > listen on localhost
> > listen on eth0 port 25 tls pki fr-sb.silviosiefke.com
> > listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth
> >
> > # Receive scanned mails from amavisd-new
> > listen on localhost port 10025 tag Scanned
> >
> > # Deliver locally messages coming back in from scanner
> > accept tagged Scanned from local for domain virtual
> > deliver to maildir "~/maildir"
> > accept from local for local alias deliver to maildir "~/maildir"
> > reject tagged Scanned
> >
>
> *
> > # Forward all mail received for local domains to amavis
reject from any recipient
accept from any recipient for domain relay via
"smtp://127.0.0.1:10024"
cat > /etc/smtpd/tables/myusers.conf << "EOF"
u...@domain.tld
us...@domain.tld
EOF
> > accept from any recipient ! for domain relay via
> > "smtp://127.0.0.1:10024"
> >
> > # Relay anything that came in from authenticated users
> > accept from local for any relay
> >
> >
> > [root@vps296466 smtpd]# cat tables/users.conf
> > postmas...@silviosiefke.comwebmas...@silviosiefke.com
> > ab...@silviosiefke.comwebmas...@silviosiefke.com
> > webmas...@silviosiefke.comsiefke
> >
> >
> > The log, you see listen@ is not in user file but smtpd take it and work
> > with it. Normal should here come User Unknown and a reject.
> >
> I think the rule above marked with '*' is to blame. You are accepting
> everything for your domain and sending it to amavis. Look at adding a
> recipients table from smtpd.conf(5).
>
> >
> > Sep 12 14:44:16 vps296466.ovh.net smtpd[13278]: 6179c6adcf742a0e smtp
> > event=message msgid=2f9f47a5 from=
> > to= size=77294 ndest=1 proto=ESMTP
> > Sep 12 14:44:17 vps296466.ovh.net amavis[2312]: (02312-16-2) Blocked SPAM
> > {DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206]
> > -> , quarantine:
> > spam-AuzhtQ8d1l4e.gz, Message-ID: <8e7f01d20cfd$99f53990$7bf56161@info>,
> > mail_id: AuzhtQ8d1l4e, Hits: 7.122, size: 78330, 1043 ms
> > Sep 12 14:44:17 vps296466.ovh.net smtpd[13278]: 6179c6acfe70e3a5 mta
> > event=delivery evpid=2f9f47a52033a7ab from=
> > to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1
> > (localhost) delay=2s result=Ok stat=250 2.7.0 Ok, discarded, id=02312-16-2
> > - spam
> > Sep 12 19:43:56 vps296466.ovh.net smtpd[13278]: 6179c815f28e0caa smtp
> > event=message msgid=48c3c980 from=
> > to= size=278549 ndest=1 proto=ESMTP
> > Sep 12 19:43:59 vps296466.ovh.net amavis[13651]: (13651-14) Blocked SPAM
> > {DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206]
> > -> , quarantine:
> > spam-rvduM1a2D4oI.gz, Message-ID: ,
> > mail_id: rvduM1a2D4oI, Hits: 7.617, size: 282197, 2268 ms
> > Sep 12 19:43:59 vps296466.ovh.net smtpd[13278]: 6179c81e6b0b89fc mta
> > event=delivery evpid=48c3c980cea50a79 from=
> > to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1
> > (localhost) delay=25s result=Ok stat=250 2.7.0 Ok, discarded, id=13651-14 -
> > spam
> >
> > Thank you for help,
> > Silvio
> >
> > --
> > You received this mail because you are subscribed to misc@opensmtpd.org
> > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
--
Edgar Pettijohn
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Tue, 13 Sep 2016 12:33:53 -0500 Edgar Pettijohn wrote: > I think the rule above marked with '*' is to blame. You are accepting > everything for your domain and sending it to amavis. Look at adding > a recipients table from smtpd.conf(5). Yes now I understand more. It come in and check only domain and give to Amavis. I should use the "user" file in same rules. But how it should goes? I try set virtual in same line, but in relay line is not allowed. Recipients i use with blacklist, but what need to set for accept only my addresses. [root@vps296466 smtpd]# smtpd -n /etc/smtpd/smtpd.conf:28: aliases/virtual may not be used with a relay rule Thank you for help Silvio pgpUI0McgsYXC.pgp Description: PGP signature
Re: Greylisting
Sent from my iPhone
> On Sep 13, 2016, at 11:55 AM, Silvio Siefke wrote:
>
> On Mon, 12 Sep 2016 14:07:29 -0500
> Edgar Pettijohn wrote:
>
>> For anyone to answer that you would need to provide your smtpd.conf
>> possibly logs, etc...
>
>
> # generate db using makemap
> table aliases file:/etc/smtpd/tables/aliases
> table vdoms file:/etc/smtpd/tables/domains.conf
> table vusers file:/etc/smtpd/tables/users.conf
> table blacklist file:/etc/smtpd/tables/blacklist.conf
>
> # See smtpd.conf(5) for more information.
> pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt"
> pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key"
>
> # Inbound mail smtp, smtps, deliver
> listen on localhost
> listen on eth0 port 25 tls pki fr-sb.silviosiefke.com
> listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth
>
> # Receive scanned mails from amavisd-new
> listen on localhost port 10025 tag Scanned
>
> # Deliver locally messages coming back in from scanner
> accept tagged Scanned from local for domain virtual deliver
> to maildir "~/maildir"
> accept from local for local alias deliver to maildir "~/maildir"
> reject tagged Scanned
>
*
> # Forward all mail received for local domains to amavis
> accept from any recipient ! for domain relay via
> "smtp://127.0.0.1:10024"
>
> # Relay anything that came in from authenticated users
> accept from local for any relay
>
>
> [root@vps296466 smtpd]# cat tables/users.conf
> postmas...@silviosiefke.comwebmas...@silviosiefke.com
> ab...@silviosiefke.comwebmas...@silviosiefke.com
> webmas...@silviosiefke.comsiefke
>
>
> The log, you see listen@ is not in user file but smtpd take it and work
> with it. Normal should here come User Unknown and a reject.
>
I think the rule above marked with '*' is to blame. You are accepting
everything for your domain and sending it to amavis. Look at adding a
recipients table from smtpd.conf(5).
>
> Sep 12 14:44:16 vps296466.ovh.net smtpd[13278]: 6179c6adcf742a0e smtp
> event=message msgid=2f9f47a5 from=
> to= size=77294 ndest=1 proto=ESMTP
> Sep 12 14:44:17 vps296466.ovh.net amavis[2312]: (02312-16-2) Blocked SPAM
> {DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206]
> -> , quarantine:
> spam-AuzhtQ8d1l4e.gz, Message-ID: <8e7f01d20cfd$99f53990$7bf56161@info>,
> mail_id: AuzhtQ8d1l4e, Hits: 7.122, size: 78330, 1043 ms
> Sep 12 14:44:17 vps296466.ovh.net smtpd[13278]: 6179c6acfe70e3a5 mta
> event=delivery evpid=2f9f47a52033a7ab from=
> to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1
> (localhost) delay=2s result=Ok stat=250 2.7.0 Ok, discarded, id=02312-16-2 -
> spam
> Sep 12 19:43:56 vps296466.ovh.net smtpd[13278]: 6179c815f28e0caa smtp
> event=message msgid=48c3c980 from=
> to= size=278549 ndest=1 proto=ESMTP
> Sep 12 19:43:59 vps296466.ovh.net amavis[13651]: (13651-14) Blocked SPAM
> {DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206]
> -> , quarantine:
> spam-rvduM1a2D4oI.gz, Message-ID: ,
> mail_id: rvduM1a2D4oI, Hits: 7.617, size: 282197, 2268 ms
> Sep 12 19:43:59 vps296466.ovh.net smtpd[13278]: 6179c81e6b0b89fc mta
> event=delivery evpid=48c3c980cea50a79 from=
> to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1
> (localhost) delay=25s result=Ok stat=250 2.7.0 Ok, discarded, id=13651-14 -
> spam
>
> Thank you for help,
> Silvio
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Mon, 12 Sep 2016 14:07:29 -0500
Edgar Pettijohn wrote:
> For anyone to answer that you would need to provide your smtpd.conf
> possibly logs, etc...
# generate db using makemap
table aliases file:/etc/smtpd/tables/aliases
table vdoms file:/etc/smtpd/tables/domains.conf
table vusers file:/etc/smtpd/tables/users.conf
table blacklist file:/etc/smtpd/tables/blacklist.conf
# See smtpd.conf(5) for more information.
pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt"
pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key"
# Inbound mail smtp, smtps, deliver
listen on localhost
listen on eth0 port 25 tls pki fr-sb.silviosiefke.com
listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth
# Receive scanned mails from amavisd-new
listen on localhost port 10025 tag Scanned
# Deliver locally messages coming back in from scanner
accept tagged Scanned from local for domain virtual deliver to
maildir "~/maildir"
accept from local for local alias deliver to maildir "~/maildir"
reject tagged Scanned
# Forward all mail received for local domains to amavis
accept from any recipient ! for domain relay via
"smtp://127.0.0.1:10024"
# Relay anything that came in from authenticated users
accept from local for any relay
[root@vps296466 smtpd]# cat tables/users.conf
postmas...@silviosiefke.com webmas...@silviosiefke.com
ab...@silviosiefke.com webmas...@silviosiefke.com
webmas...@silviosiefke.com siefke
The log, you see listen@ is not in user file but smtpd take it and work
with it. Normal should here come User Unknown and a reject.
Sep 12 14:44:16 vps296466.ovh.net smtpd[13278]: 6179c6adcf742a0e smtp
event=message msgid=2f9f47a5 from=
to= size=77294 ndest=1 proto=ESMTP
Sep 12 14:44:17 vps296466.ovh.net amavis[2312]: (02312-16-2) Blocked SPAM
{DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206]
-> , quarantine:
spam-AuzhtQ8d1l4e.gz, Message-ID: <8e7f01d20cfd$99f53990$7bf56161@info>,
mail_id: AuzhtQ8d1l4e, Hits: 7.122, size: 78330, 1043 ms
Sep 12 14:44:17 vps296466.ovh.net smtpd[13278]: 6179c6acfe70e3a5 mta
event=delivery evpid=2f9f47a52033a7ab from=
to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1
(localhost) delay=2s result=Ok stat=250 2.7.0 Ok, discarded, id=02312-16-2 -
spam
Sep 12 19:43:56 vps296466.ovh.net smtpd[13278]: 6179c815f28e0caa smtp
event=message msgid=48c3c980 from=
to= size=278549 ndest=1 proto=ESMTP
Sep 12 19:43:59 vps296466.ovh.net amavis[13651]: (13651-14) Blocked SPAM
{DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206]
-> , quarantine:
spam-rvduM1a2D4oI.gz, Message-ID: ,
mail_id: rvduM1a2D4oI, Hits: 7.617, size: 282197, 2268 ms
Sep 12 19:43:59 vps296466.ovh.net smtpd[13278]: 6179c81e6b0b89fc mta
event=delivery evpid=48c3c980cea50a79 from=
to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1
(localhost) delay=25s result=Ok stat=250 2.7.0 Ok, discarded, id=13651-14 - spam
Thank you for help,
Silvio
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Mon, Sep 12, 2016 at 08:49:04PM +0200, Silvio Siefke wrote: > On Sat, 10 Sep 2016 23:06:54 +0200 > Mischa Peters wrote: > > > Have a look at spamd. > > https://www.openbsd.org/spamd/index.html > > > > Also runs on non-OpenBSD. > > Yes spamassassin is running with amavisd-new. That works well, the spam > goes in quarantine. Why does OpenSMTPD accept mails to addresses which > do not exist on the system? This is normal when you use @CATCHALL. > > Regards > Silvio Just to avoid some confusion here: OpenBSD spamd(8) [1] is NOT EQUAL to SpamAssassin spamd(1) [2]. [1] http://man.openbsd.org/OpenBSD-current/man8/spamd.8 [2] http://spamassassin.apache.org/full/3.4.x/doc/spamd.html -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
Sent from my iPhone > On Sep 12, 2016, at 1:49 PM, Silvio Siefke wrote: > > On Sat, 10 Sep 2016 23:06:54 +0200 > Mischa Peters wrote: > >> Have a look at spamd. >> https://www.openbsd.org/spamd/index.html >> >> Also runs on non-OpenBSD. > > Yes spamassassin is running with amavisd-new. That works well, the spam > goes in quarantine. Why does OpenSMTPD accept mails to addresses which > do not exist on the system? For anyone to answer that you would need to provide your smtpd.conf possibly logs, etc... > This is normal when you use @CATCHALL. > > Regards > Silvio -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Sun, 11 Sep 2016 12:17:29 +0200 "Peter N. M. Hansteen" wrote: > If all you've found is 'shell scripts and pf' I don't think you've > looked very closely. Sure when you search OpenSMTPD SPAMASSASSIN only come for OpenBSD really help. This is okay, but I can not install on VPS OpenBSD. For Linux is not really help there. This is okay too, Linux and BSD not really friendly each other and I like OpenSMTPD. > As Mischa mentioned earlier, on OpenBSD and other OSes with PF there's > spamd(8), which was (for example) quite capable of shielding all my > users from the recent 'voicemail' scam using only its default > greylisting (see > http://bsdly.blogspot.com/2016/08/the-voicemail-scammers-never-got-past.html > about that particular incident, links to other articles about spamd(8) > greylisting and related topics therein). That I have spam is not a problem. We all have it. But I understand not, why accept OpenSMTPD Mails for addresses which not active, not in user file. Normal when come this email OpenSMTPD should reject. Regards Silvio -- Silvio Siefke pgpRjNcONhs4o.pgp Description: PGP signature
Re: Greylisting
On 09/12/16 20:49, Silvio Siefke wrote: > On Sat, 10 Sep 2016 23:06:54 +0200 > Mischa Peters wrote: > >> Have a look at spamd. >> https://www.openbsd.org/spamd/index.html >> >> Also runs on non-OpenBSD. > > Yes spamassassin is running with amavisd-new. I think you may be confusing the OpenBSD spamd(8) program described at that URL with the program that comes with the spamassassin content-filtering system. They are two distinct and quite different programs, but it's more than possible for them to co-exist (even on the same machine if needed, they install to different paths) and they complement each other quite well in such setups. Yes, it is kind of unfortunate that two very different programs come with a binary with the same name, and it has lead to exactly that kind of confusion at times. If you're already using spamassassin, that's fine. If you put the OpenBSD spamd in default greylisting mode in front of spamassassin or other content filtering, the load on your content filtering will almost certainly go down significantly. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. signature.asc Description: OpenPGP digital signature
Re: Greylisting
On Sat, 10 Sep 2016 23:06:54 +0200 Mischa Peters wrote: > Have a look at spamd. > https://www.openbsd.org/spamd/index.html > > Also runs on non-OpenBSD. Yes spamassassin is running with amavisd-new. That works well, the spam goes in quarantine. Why does OpenSMTPD accept mails to addresses which do not exist on the system? This is normal when you use @CATCHALL. Regards Silvio pgplR9eUEdzuY.pgp Description: PGP signature
Re: Greylisting
Hi Peter, That is indeed a great article. Thank you for writing it. It gave me a new appreciation for spamd again. :) Mischa > On 11 Sep 2016, at 12:17, Peter N. M. Hansteen wrote: > >> On 09/10/16 19:10, Silvio Siefke wrote: >> I search with google but I found nothing with greylisting and most about >> spam is with shell scripts and pf. > > If all you've found is 'shell scripts and pf' I don't think you've > looked very closely. > > As Mischa mentioned earlier, on OpenBSD and other OSes with PF there's > spamd(8), which was (for example) quite capable of shielding all my > users from the recent 'voicemail' scam using only its default > greylisting (see > http://bsdly.blogspot.com/2016/08/the-voicemail-scammers-never-got-past.html > about that particular incident, links to other articles about spamd(8) > greylisting and related topics therein). > > - Peter > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >
Re: Greylisting
On 09/10/16 19:10, Silvio Siefke wrote: > I search with google but I found nothing with greylisting and most about > spam is with shell scripts and pf. If all you've found is 'shell scripts and pf' I don't think you've looked very closely. As Mischa mentioned earlier, on OpenBSD and other OSes with PF there's spamd(8), which was (for example) quite capable of shielding all my users from the recent 'voicemail' scam using only its default greylisting (see http://bsdly.blogspot.com/2016/08/the-voicemail-scammers-never-got-past.html about that particular incident, links to other articles about spamd(8) greylisting and related topics therein). - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
Hi Silvio, Have a look at spamd. https://www.openbsd.org/spamd/index.html Also runs on non-OpenBSD. Mischa > On 10 Sep 2016, at 19:10, Silvio Siefke wrote: > > Hello, > > is greylisting available in opensmtpd? I have so much spam and I use > blacklist but it will not really work. > > > triolan.net.ua > tpasites.com > sak-ura.net > zwaan.nl > ibece.net > mccurdycandler.com > fischbach.co.uk > hv.be > outlook.com > fischbach.co.uk > ecolelasource.ch > bvniel...@ymail.com > > Can i write so or must be complete address? > > > # Deliver locally messages coming back in from scanner > accept tagged Scanned from local for domain virtual deliver > to maildir "~/maildir" > accept from local for local alias deliver to maildir "~/maildir" > reject tagged Scanned > > I search with google but I found nothing with greylisting and most about > spam is with shell scripts and pf. > > Nice day > Silvio > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >
Greylisting
Hello, is greylisting available in opensmtpd? I have so much spam and I use blacklist but it will not really work. triolan.net.ua tpasites.com sak-ura.net zwaan.nl ibece.net mccurdycandler.com fischbach.co.uk hv.be outlook.com fischbach.co.uk ecolelasource.ch bvniel...@ymail.com Can i write so or must be complete address? # Deliver locally messages coming back in from scanner accept tagged Scanned from local for domain virtual deliver to maildir "~/maildir" accept from local for local alias deliver to maildir "~/maildir" reject tagged Scanned I search with google but I found nothing with greylisting and most about spam is with shell scripts and pf. Nice day Silvio -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: using SPF or DKIM instead of greylisting?
On 2014-05-30 Fri 11:26 AM |, Ji Navr??til wrote: > > I'm using pf greylisting on OpenBSD. More and more emails from Google are > delayed and few are not delivered at all. > Setting greyexp to 48+ hours works fine. You could set it to 4 days. Create one of those shitmail accounts and send your server some 'test' messages. Eventually they'll validate through greylisting. Once low volume regular mails come through, it ceases to be a problem. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: using SPF or DKIM instead of greylisting?
On Fri, May 30, 2014 at 11:35:45AM +0200, Gilles Chehade wrote: > On Fri, May 30, 2014 at 11:26:18AM +0200, Ji Navr??til wrote: > > Hello, > > > > I???m using pf greylisting on OpenBSD. More and more emails from Google are > > delayed and few are not delivered at all. > > > > This https://support.google.com/mail/answer/180063 Google article suggest > > to replace greylisting with SPF or DKIM. > > > > What is your anti SPAM strategy please? Are available SPF and DKIM > > configurations examples for OpenSMTPD? > > > > Thak you for your recommendations. > > > > I only use greylisting and fopr big hosts like gmail and yahoo, I have a > script that queries their SPF records to whitelist the MX servers that > they advertise. > I tried to do this, but there were just too many to keep track of, and I noticed that a fair amount of the hosts connecting weren't even in the SPF. Greylisting became less and less helpful, unfortunately. I've been running blacklist-only for a few years. Luckily, I don't have a busy host. -- John D. Verne -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: using SPF or DKIM instead of greylisting?
> On Fri, 30 May 2014 11:45:13 +0200, Ji=C5=99=C3=AD Navr=C3=A1til atil.cz> > wrote: > > > V 30. kv=C4=9Btna 2014 at 11:38:43, Gilles Chehade (gil...@poolp.org) > > naps=C3=A1no: > > > What is your anti SPAM strategy please? Are available SPF and DKIM > > > configurations examples for OpenSMTPD?=C2=A0 > > >=C2=A0 > > > Thak you for your recommendations.=C2=A0 > > >=C2=A0 > >=20 > > I only use greylisting and fopr big hosts like gmail and yahoo, I > > have a script that queries their SPF records to whitelist the MX > > servers that they advertise.=C2=A0 > >=20 > >=20 > > Thank you for quick reply. > >=20 > > That looks as reasonable way for me. Could you share your script, > > please? > > I have quite the same setup than Gilles, though I'm lazier so I use the > list from Peter N. M. Hansteen : http://www.bsdly.net/~peter/nospamd > > > Jiri Navratil > > Cheers, > --=20 > Vigdis I am using bgp-spamd.net whitelisting for my domain in addition to spamd. It currently has ~ 91825 whitelisted ips. I had a similar experience with github trying to send a mail with different IP each time when spamd grey-trapped the first attempt. bgp-spamd whitelisted IPs had all the IPs with which github was trying to send mail. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: using SPF or DKIM instead of greylisting?
On Fri, 30 May 2014 11:45:13 +0200, Jiří Navrátil wrote: > V 30. května 2014 at 11:38:43, Gilles Chehade (gil...@poolp.org) > napsáno: > > What is your anti SPAM strategy please? Are available SPF and DKIM > > configurations examples for OpenSMTPD? > > > > Thak you for your recommendations. > > > > I only use greylisting and fopr big hosts like gmail and yahoo, I > have a script that queries their SPF records to whitelist the MX > servers that they advertise. > > > Thank you for quick reply. > > That looks as reasonable way for me. Could you share your script, > please? I have quite the same setup than Gilles, though I'm lazier so I use the list from Peter N. M. Hansteen : http://www.bsdly.net/~peter/nospamd > Jiri Navratil Cheers, -- Vigdis signature.asc Description: PGP signature
Re: using SPF or DKIM instead of greylisting?
V 30. května 2014 at 11:38:43, Gilles Chehade (gil...@poolp.org) napsáno: > What is your anti SPAM strategy please? Are available SPF and DKIM > configurations examples for OpenSMTPD? > > Thak you for your recommendations. > I only use greylisting and fopr big hosts like gmail and yahoo, I have a script that queries their SPF records to whitelist the MX servers that they advertise. Thank you for quick reply. That looks as reasonable way for me. Could you share your script, please? Jiri Navratil
Re: using SPF or DKIM instead of greylisting?
On Fri, May 30, 2014 at 11:26:18AM +0200, Ji Navr??til wrote: > Hello, > > I???m using pf greylisting on OpenBSD. More and more emails from Google are > delayed and few are not delivered at all. > > This https://support.google.com/mail/answer/180063 Google article suggest to > replace greylisting with SPF or DKIM. > > What is your anti SPAM strategy please? Are available SPF and DKIM > configurations examples for OpenSMTPD? > > Thak you for your recommendations. > I only use greylisting and fopr big hosts like gmail and yahoo, I have a script that queries their SPF records to whitelist the MX servers that they advertise. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
using SPF or DKIM instead of greylisting?
Hello, I’m using pf greylisting on OpenBSD. More and more emails from Google are delayed and few are not delivered at all. This https://support.google.com/mail/answer/180063 Google article suggest to replace greylisting with SPF or DKIM. What is your anti SPAM strategy please? Are available SPF and DKIM configurations examples for OpenSMTPD? Thak you for your recommendations. Best regards, Jiri -- Jiří Navrátil, http://kouc.navratil.cz, +420 222 767 131
