Disable greylisting on rspamd
Just a quick FYI on disabling rspamd's greylisting module. This is something you will want to go if you run OpenBSD's spamd because it is still the king of first line of defense against spam. # /etc/rspamd/local.d/greylist.conf enabled = false; Then restart rspamd.
Re: greylisting vs round robin
You could use a matching rule to these particular emails and use relay via to specify the host to send it to. However I would think that their system will still hop you around. Worth a shot though. You could ask their postmaster to whitelist you on all of their hosts. Probably the better choice. > > On Dec 6, 2017 at 1:43 AM,wrote: > > > Hi folks, Looking at my opensmtpd log file (see attachment) some EMails are > greylisted by the peer several times. Apparently the receiving ISP has > several MX hosts, probably each running its own local whitelist. :-( Do you > think it would be possible in opensmtpd to avoid hopping from one IP address > to another, when the greylisted EMails are processed again? opensmtpd is > version 6.0.2, running on Debian. Every helpful comment is highly appreciated > Harri >
greylisting vs round robin
Hi folks, Looking at my opensmtpd log file (see attachment) some EMails are greylisted by the peer several times. Apparently the receiving ISP has several MX hosts, probably each running its own local whitelist. :-( Do you think it would be possible in opensmtpd to avoid hopping from one IP address to another, when the greylisted EMails are processed again? opensmtpd is version 6.0.2, running on Debian. Every helpful comment is highly appreciated Harri % ( zcat mail.log.{4..1}.gz; cat mail.log ) | grep -i greylist | grep bigisp Nov 7 14:57:14 mailproxy-example smtpd[119331]: relay: TempFail for 0d2a26cfe2294eca: session=b7187e777bb83a3a, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.216 (mx-v1.bigisp.de), delay=0s, stat=457 Greylisted, please come back later. Nov 7 15:03:55 mailproxy-example smtpd[119331]: relay: TempFail for 0d2a26cfe2294eca: session=b7187e7abd6d6e31, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.217 (mx-v2.bigisp.de), delay=6m41s, stat=457 Greylisted, please come back later. Nov 7 15:04:04 mailproxy-example smtpd[119331]: relay: TempFail for 654b3d5f30fed65b: session=b7187e7abd6d6e31, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.217 (mx-v2.bigisp.de), delay=0s, stat=457 Greylisted, please come back later. Nov 7 15:10:44 mailproxy-example smtpd[119331]: relay: TempFail for 654b3d5f30fed65b: session=b7187e84bff763ce, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.216 (mx-v1.bigisp.de), delay=6m40s, stat=457 Greylisted, please come back later. Nov 8 15:22:57 mailproxy-example smtpd[119331]: relay: TempFail for 3f15b7e90cd2ef63: session=b7187f68a34c154c, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.218 (mx-v3.bigisp.de), delay=1s, stat=457 Greylisted, please come back later. Nov 8 15:29:36 mailproxy-example smtpd[119331]: relay: TempFail for 3f15b7e90cd2ef63: session=b7187f6befadda90, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.217 (mx-v2.bigisp.de), delay=6m40s, stat=457 Greylisted, please come back later. Nov 9 10:51:02 mailproxy-example smtpd[119331]: relay: TempFail for 40fb08780512a754: session=b7187fd9afa71414, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.218 (mx-v3.bigisp.de), delay=0s, stat=457 Greylisted, please come back later. Nov 9 10:51:03 mailproxy-example smtpd[119331]: relay: TempFail for 581347b24118025c: session=b7187fd9afa71414, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.218 (mx-v3.bigisp.de), delay=1s, stat=457 Greylisted, please come back later. Nov 9 10:57:43 mailproxy-example smtpd[119331]: relay: TempFail for 40fb08780512a754: session=b7187fed3db16b83, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.216 (mx-v1.bigisp.de), delay=6m41s, stat=457 Greylisted, please come back later. Nov 9 10:57:44 mailproxy-example smtpd[119331]: relay: TempFail for 581347b24118025c: session=b7187fed3db16b83, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.216 (mx-v1.bigisp.de), delay=6m42s, stat=457 Greylisted, please come back later. Nov 9 10:58:54 mailproxy-example smtpd[119331]: relay: TempFail for 5a5fa8c0eccb9626: session=b7187ff7a4818ba0, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.218 (mx-v3.bigisp.de), delay=1s, stat=457 Greylisted, please come back later. Nov 9 11:05:34 mailproxy-example smtpd[119331]: relay: TempFail for 5a5fa8c0eccb9626: session=b7187ffaefedc912, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.218 (mx-v3.bigisp.de), delay=6m40s, stat=457 Greylisted, please come back later. Nov 17 14:31:29 mailproxy-example smtpd[123933]: relay: TempFail for 8bb5026ac8135c6b: session=266bf548e8c88d6b, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.217 (mx-v2.bigisp.de), delay=0s, stat=457 Greylisted, please come back later. Nov 17 14:38:10 mailproxy-example smtpd[123933]: relay: TempFail for 8bb5026ac8135c6b: session=266bf54b45686ed0, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.215 (mx-v0.bigisp.de), delay=6m41s, stat=457 Greylisted, please come back later. Nov 27 12:23:16 mailproxy-example smtpd[128520]: relay: TempFail for 6675c67d74f917d2: session=2d4fc6fbef6099cf, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.218 (mx-v3.bigisp.de), delay=1s, stat=457 Greylisted, please come back later. Nov 27 12:29:56 mailproxy-example smtpd[128520]: relay: TempFail for 6675c67d74f917d2: session=2d4fc6fe42cd1f52, from=, to=, rcpt=<->, source=10.0.11.115, relay=192.168.92.216 (mx-v1.bigisp.de), delay=6m41s, stat=457 Greylisted, please come back later. % dig @8.8.8.8 bigisp.de MX +short 1 mx.bigisp.de. % host mx.bigisp.de mx.bigisp.de has address 192.168.92.215 mx.bigisp.de has address 192.168.92.217 mx.bigisp.de has address 192.168.92.218 mx.bigisp.de has address 192.168.92.216
Re: Greylisting
On Wed, Sep 14, 2016 at 07:22:21AM -0500, Edgar Pettijohn wrote: > What is in your blacklist. A table may be what you're looking for. > DUH. thanks for correcting me, I was out of my mind. rephrasing: shouldn't this be: reject from any sender for any -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Wed, 14 Sep 2016 07:22:21 -0500 Edgar Pettijohn wrote: > What is in your blacklist. A table may be what you're > looking for. Domains with @ character before. @123.com @yahoo.de @yahoo.com @whatever.com So ca. 145 lines. Nice day & Thank you Silvio pgp_o6uKEQcBU.pgp Description: PGP signature
Re: Greylisting
What is in your blacklist. A table may be what you're looking for. Sent from my iPhone > On Sep 14, 2016, at 6:56 AM, Silvio Siefke wrote: > > On Wed, 14 Sep 2016 11:32:51 +0200 > Gilles Chehade wrote: > >> shouldn't this be: >> >>reject from any recipient for any > > I try with same result. Blacklist goes on. > > > Thank you & Nice day > Silvio > > Sep 14 13:53:45 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp > event=connected address=98.138.91.123 host=nm30-vm6.bullet.mail.ne1.yahoo.com > Sep 14 13:53:46 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp > event=starttls ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES128-GCM-SHA256, > bits=128" > Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp > event=message msgid=16116e62 from= > to= size=2400 ndest=1 proto=ESMTP > Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta > event=connecting address=smtp://127.0.0.1:10024 host=localhost > Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta > event=connected > Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp > event=closed reason=quit > Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp > event=connected address=127.0.0.1 host=localhost > Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp > event=message msgid=ba4f51c6 from= > to= size=3355 ndest=1 proto=ESMTP > Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: mda > event=delivery evpid=ba4f51c6c3f4a2d7 from= > to= user=siefke method=maildir delay=0s result=Ok > stat=Delivered > Sep 14 13:53:47 vps296466.ovh.net amavis[20722]: (20722-11) Passed SPAMMY > {RelayedTaggedInbound}, [127.0.0.1] [98.138.89.252] > -> , Message-ID: > <1184748261.935278.1473854025...@mail.yahoo.com>, mail_id: aUBo0X4GAEWV, > Hits: 1.652, size: 2434, queued_as: 250 2.0.0: ba4f51c6 Message accepted for > delivery, dkim_sd=s2048:yahoo.com, 614 ms > Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta > event=delivery evpid=16116e624d9f8d9c from= > to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1 > (localhost) delay=1s result=Ok stat=250 2.0.0 from > MTA(smtp:[127.0.0.1]:10025): 250 2.0.0: ba4f51c6 Message accepted for delivery > Sep 14 13:53:57 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta > event=closed reason=quit messages=1 > Sep 14 13:53:57 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp > event=closed reason=quit > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Wed, 14 Sep 2016 11:32:51 +0200 Gilles Chehade wrote: > shouldn't this be: > > reject from any recipient for any I try with same result. Blacklist goes on. Thank you & Nice day Silvio Sep 14 13:53:45 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp event=connected address=98.138.91.123 host=nm30-vm6.bullet.mail.ne1.yahoo.com Sep 14 13:53:46 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp event=starttls ciphers="version=TLSv1.2, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128" Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp event=message msgid=16116e62 from= to= size=2400 ndest=1 proto=ESMTP Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta event=connecting address=smtp://127.0.0.1:10024 host=localhost Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta event=connected Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898de601e6da38 smtp event=closed reason=quit Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp event=connected address=127.0.0.1 host=localhost Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp event=message msgid=ba4f51c6 from= to= size=3355 ndest=1 proto=ESMTP Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: mda event=delivery evpid=ba4f51c6c3f4a2d7 from= to= user=siefke method=maildir delay=0s result=Ok stat=Delivered Sep 14 13:53:47 vps296466.ovh.net amavis[20722]: (20722-11) Passed SPAMMY {RelayedTaggedInbound}, [127.0.0.1] [98.138.89.252] -> , Message-ID: <1184748261.935278.1473854025...@mail.yahoo.com>, mail_id: aUBo0X4GAEWV, Hits: 1.652, size: 2434, queued_as: 250 2.0.0: ba4f51c6 Message accepted for delivery, dkim_sd=s2048:yahoo.com, 614 ms Sep 14 13:53:47 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta event=delivery evpid=16116e624d9f8d9c from= to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1 (localhost) delay=1s result=Ok stat=250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0: ba4f51c6 Message accepted for delivery Sep 14 13:53:57 vps296466.ovh.net smtpd[24878]: c0898df00dc26a1e mta event=closed reason=quit messages=1 Sep 14 13:53:57 vps296466.ovh.net smtpd[24878]: c0898df1e75a56eb smtp event=closed reason=quit pgpwjKl1wmY_B.pgp Description: PGP signature
Re: Greylisting
On Wed, Sep 14, 2016 at 11:29:42AM +0200, Silvio Siefke wrote: > On Tue, 13 Sep 2016 17:19:41 -0500 > Edgar Pettijohn wrote: > > > > reject from any recipient > > accept from any recipient for domain relay via > > "smtp://127.0.0.1:10024" > shouldn't this be: reject from any recipient for any -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Tue, 13 Sep 2016 17:19:41 -0500 Edgar Pettijohn wrote: > reject from any recipient > accept from any recipient for domain relay via > "smtp://127.0.0.1:10024" A short question, must it be or !? I try with yahoo address and smtpd accept message. [root@vps296466 smtpd]# cat tables/blacklist.conf | grep yahoo @yahoo.ca @yahoo.co.jp @yahoo.com @yahoo.de @yahoo.fr Or must write complete email adress? But when understand man right, the @ character should be enough? [root@vps296466 smtpd]# cat /var/log/mail.log | grep "yahoo.com" Sep 14 11:23:26 vps296466.ovh.net smtpd[24372]: bc83839eb54c0922 smtp event=connected address=98.138.91.33 host=nm2-vm1.bullet.mail.ne1.yahoo.com Sep 14 11:23:27 vps296466.ovh.net smtpd[24372]: bc83839eb54c0922 smtp event=message msgid=ce304eef from= to= size=7724 ndest=1 proto=ESMTP Sep 14 11:23:28 vps296466.ovh.net smtpd[24372]: bc8383a977352dc4 smtp event=message msgid=8fd15e5c from= to= size=8652 ndest=1 proto=ESMTP Sep 14 11:23:28 vps296466.ovh.net smtpd[24372]: mda event=delivery evpid=8fd15e5cb247caf5 from= to= user=siefke method=maildir delay=0s result=Ok stat=Delivered Sep 14 11:23:28 vps296466.ovh.net amavis[20723]: (20723-09) Passed CLEAN {RelayedInbound}, [127.0.0.1] [98.138.87.3] -> , Message-ID: <1222940824.822595.1473845005...@mail.yahoo.com>, mail_id: WShDvIinoj8k, Hits: 0.041, size: 7998, queued_as: 250 2.0.0: 8fd15e5c Message accepted for delivery, dkim_sd=s2048:yahoo.com, 1026 ms Sep 14 11:23:28 vps296466.ovh.net smtpd[24372]: bc8383a8728477d2 mta event=delivery evpid=ce304eeff462ddd8 from= to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1 (localhost) delay=1s result=Ok stat=250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0: 8fd15e5c Message accepted for delivery Sep 14 11:24:33 vps296466.ovh.net smtpd[24453]: affa20c3f40ca15b smtp event=connected address=98.138.90.153 host=nm5-vm2.bullet.mail.ne1.yahoo.com Sep 14 11:24:34 vps296466.ovh.net smtpd[24453]: affa20c3f40ca15b smtp event=message msgid=16d34819 from= to= size=7727 ndest=1 proto=ESMTP Sep 14 11:24:35 vps296466.ovh.net smtpd[24453]: affa20cecdccb12e smtp event=message msgid=9f89264e from= to= size=8653 ndest=1 proto=ESMTP Sep 14 11:24:35 vps296466.ovh.net smtpd[24453]: mda event=delivery evpid=9f89264e36ce54ed from= to= user=siefke method=maildir delay=0s result=Ok stat=Delivered Sep 14 11:24:35 vps296466.ovh.net amavis[20722]: (20722-10) Passed CLEAN {RelayedInbound}, [127.0.0.1] [98.138.89.250] -> , Message-ID: <1072319885.884110.1473845073...@mail.yahoo.com>, mail_id: L3g4TkRjpM0p, Hits: 0.041, size: 8001, queued_as: 250 2.0.0: 9f89264e Message accepted for delivery, dkim_sd=s2048:yahoo.com, 1234 ms Sep 14 11:24:35 vps296466.ovh.net smtpd[24453]: affa20cda72cc805 mta event=delivery evpid=16d34819bccdb51e from= to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1 (localhost) delay=1s result=Ok stat=250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0: 9f89264e Message accepted for deliver Thank you & Nice Day Silvio -- Silvio Siefke pgp7GMSRd6Hee.pgp Description: PGP signature
Re: Greylisting
On Tue, 13 Sep 2016 17:19:41 -0500 Edgar Pettijohn wrote: > ... > cat > /etc/smtpd/tables/myusers.conf << "EOF" > u...@domain.tld > us...@domain.tld > EOF Thank you. Silvio -- Silvio Siefke pgpmetNDUS9zK.pgp Description: PGP signature
Re: Greylisting
On 16-09-13 12:33:53, Edgar Pettijohn wrote: > > > Sent from my iPhone > > > On Sep 13, 2016, at 11:55 AM, Silvio Siefke wrote: > > > > On Mon, 12 Sep 2016 14:07:29 -0500 > > Edgar Pettijohn wrote: > > > >> For anyone to answer that you would need to provide your smtpd.conf > >> possibly logs, etc... > > > > > > # generate db using makemap > > table aliases file:/etc/smtpd/tables/aliases > > table vdoms file:/etc/smtpd/tables/domains.conf > > table vusers file:/etc/smtpd/tables/users.conf > > table blacklist file:/etc/smtpd/tables/blacklist.conf table myusers file:/etc/smtpd/tables/myusers.conf > > > > # See smtpd.conf(5) for more information. > > pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt" > > pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key" > > > > # Inbound mail smtp, smtps, deliver > > listen on localhost > > listen on eth0 port 25 tls pki fr-sb.silviosiefke.com > > listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth > > > > # Receive scanned mails from amavisd-new > > listen on localhost port 10025 tag Scanned > > > > # Deliver locally messages coming back in from scanner > > accept tagged Scanned from local for domain virtual > > deliver to maildir "~/maildir" > > accept from local for local alias deliver to maildir "~/maildir" > > reject tagged Scanned > > > > * > > # Forward all mail received for local domains to amavis reject from any recipient accept from any recipient for domain relay via "smtp://127.0.0.1:10024" cat > /etc/smtpd/tables/myusers.conf << "EOF" u...@domain.tld us...@domain.tld EOF > > accept from any recipient ! for domain relay via > > "smtp://127.0.0.1:10024" > > > > # Relay anything that came in from authenticated users > > accept from local for any relay > > > > > > [root@vps296466 smtpd]# cat tables/users.conf > > postmas...@silviosiefke.comwebmas...@silviosiefke.com > > ab...@silviosiefke.comwebmas...@silviosiefke.com > > webmas...@silviosiefke.comsiefke > > > > > > The log, you see listen@ is not in user file but smtpd take it and work > > with it. Normal should here come User Unknown and a reject. > > > I think the rule above marked with '*' is to blame. You are accepting > everything for your domain and sending it to amavis. Look at adding a > recipients table from smtpd.conf(5). > > > > > Sep 12 14:44:16 vps296466.ovh.net smtpd[13278]: 6179c6adcf742a0e smtp > > event=message msgid=2f9f47a5 from= > > to= size=77294 ndest=1 proto=ESMTP > > Sep 12 14:44:17 vps296466.ovh.net amavis[2312]: (02312-16-2) Blocked SPAM > > {DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206] > > -> , quarantine: > > spam-AuzhtQ8d1l4e.gz, Message-ID: <8e7f01d20cfd$99f53990$7bf56161@info>, > > mail_id: AuzhtQ8d1l4e, Hits: 7.122, size: 78330, 1043 ms > > Sep 12 14:44:17 vps296466.ovh.net smtpd[13278]: 6179c6acfe70e3a5 mta > > event=delivery evpid=2f9f47a52033a7ab from= > > to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1 > > (localhost) delay=2s result=Ok stat=250 2.7.0 Ok, discarded, id=02312-16-2 > > - spam > > Sep 12 19:43:56 vps296466.ovh.net smtpd[13278]: 6179c815f28e0caa smtp > > event=message msgid=48c3c980 from= > > to= size=278549 ndest=1 proto=ESMTP > > Sep 12 19:43:59 vps296466.ovh.net amavis[13651]: (13651-14) Blocked SPAM > > {DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206] > > -> , quarantine: > > spam-rvduM1a2D4oI.gz, Message-ID: , > > mail_id: rvduM1a2D4oI, Hits: 7.617, size: 282197, 2268 ms > > Sep 12 19:43:59 vps296466.ovh.net smtpd[13278]: 6179c81e6b0b89fc mta > > event=delivery evpid=48c3c980cea50a79 from= > > to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1 > > (localhost) delay=25s result=Ok stat=250 2.7.0 Ok, discarded, id=13651-14 - > > spam > > > > Thank you for help, > > Silvio > > > > -- > > You received this mail because you are subscribed to misc@opensmtpd.org > > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- Edgar Pettijohn -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Tue, 13 Sep 2016 12:33:53 -0500 Edgar Pettijohn wrote: > I think the rule above marked with '*' is to blame. You are accepting > everything for your domain and sending it to amavis. Look at adding > a recipients table from smtpd.conf(5). Yes now I understand more. It come in and check only domain and give to Amavis. I should use the "user" file in same rules. But how it should goes? I try set virtual in same line, but in relay line is not allowed. Recipients i use with blacklist, but what need to set for accept only my addresses. [root@vps296466 smtpd]# smtpd -n /etc/smtpd/smtpd.conf:28: aliases/virtual may not be used with a relay rule Thank you for help Silvio pgpUI0McgsYXC.pgp Description: PGP signature
Re: Greylisting
Sent from my iPhone > On Sep 13, 2016, at 11:55 AM, Silvio Siefke wrote: > > On Mon, 12 Sep 2016 14:07:29 -0500 > Edgar Pettijohn wrote: > >> For anyone to answer that you would need to provide your smtpd.conf >> possibly logs, etc... > > > # generate db using makemap > table aliases file:/etc/smtpd/tables/aliases > table vdoms file:/etc/smtpd/tables/domains.conf > table vusers file:/etc/smtpd/tables/users.conf > table blacklist file:/etc/smtpd/tables/blacklist.conf > > # See smtpd.conf(5) for more information. > pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt" > pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key" > > # Inbound mail smtp, smtps, deliver > listen on localhost > listen on eth0 port 25 tls pki fr-sb.silviosiefke.com > listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth > > # Receive scanned mails from amavisd-new > listen on localhost port 10025 tag Scanned > > # Deliver locally messages coming back in from scanner > accept tagged Scanned from local for domain virtual deliver > to maildir "~/maildir" > accept from local for local alias deliver to maildir "~/maildir" > reject tagged Scanned > * > # Forward all mail received for local domains to amavis > accept from any recipient ! for domain relay via > "smtp://127.0.0.1:10024" > > # Relay anything that came in from authenticated users > accept from local for any relay > > > [root@vps296466 smtpd]# cat tables/users.conf > postmas...@silviosiefke.comwebmas...@silviosiefke.com > ab...@silviosiefke.comwebmas...@silviosiefke.com > webmas...@silviosiefke.comsiefke > > > The log, you see listen@ is not in user file but smtpd take it and work > with it. Normal should here come User Unknown and a reject. > I think the rule above marked with '*' is to blame. You are accepting everything for your domain and sending it to amavis. Look at adding a recipients table from smtpd.conf(5). > > Sep 12 14:44:16 vps296466.ovh.net smtpd[13278]: 6179c6adcf742a0e smtp > event=message msgid=2f9f47a5 from= > to= size=77294 ndest=1 proto=ESMTP > Sep 12 14:44:17 vps296466.ovh.net amavis[2312]: (02312-16-2) Blocked SPAM > {DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206] > -> , quarantine: > spam-AuzhtQ8d1l4e.gz, Message-ID: <8e7f01d20cfd$99f53990$7bf56161@info>, > mail_id: AuzhtQ8d1l4e, Hits: 7.122, size: 78330, 1043 ms > Sep 12 14:44:17 vps296466.ovh.net smtpd[13278]: 6179c6acfe70e3a5 mta > event=delivery evpid=2f9f47a52033a7ab from= > to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1 > (localhost) delay=2s result=Ok stat=250 2.7.0 Ok, discarded, id=02312-16-2 - > spam > Sep 12 19:43:56 vps296466.ovh.net smtpd[13278]: 6179c815f28e0caa smtp > event=message msgid=48c3c980 from= > to= size=278549 ndest=1 proto=ESMTP > Sep 12 19:43:59 vps296466.ovh.net amavis[13651]: (13651-14) Blocked SPAM > {DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206] > -> , quarantine: > spam-rvduM1a2D4oI.gz, Message-ID: , > mail_id: rvduM1a2D4oI, Hits: 7.617, size: 282197, 2268 ms > Sep 12 19:43:59 vps296466.ovh.net smtpd[13278]: 6179c81e6b0b89fc mta > event=delivery evpid=48c3c980cea50a79 from= > to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1 > (localhost) delay=25s result=Ok stat=250 2.7.0 Ok, discarded, id=13651-14 - > spam > > Thank you for help, > Silvio > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Mon, 12 Sep 2016 14:07:29 -0500 Edgar Pettijohn wrote: > For anyone to answer that you would need to provide your smtpd.conf > possibly logs, etc... # generate db using makemap table aliases file:/etc/smtpd/tables/aliases table vdoms file:/etc/smtpd/tables/domains.conf table vusers file:/etc/smtpd/tables/users.conf table blacklist file:/etc/smtpd/tables/blacklist.conf # See smtpd.conf(5) for more information. pki fr-sb.silviosiefke.com certificate "/etc/smtpd/tls/smtpd.crt" pki fr-sb.silviosiefke.com key "/etc/smtpd/tls/smtpd.key" # Inbound mail smtp, smtps, deliver listen on localhost listen on eth0 port 25 tls pki fr-sb.silviosiefke.com listen on eth0 port 587 tls-require pki fr-sb.silviosiefke.com auth # Receive scanned mails from amavisd-new listen on localhost port 10025 tag Scanned # Deliver locally messages coming back in from scanner accept tagged Scanned from local for domain virtual deliver to maildir "~/maildir" accept from local for local alias deliver to maildir "~/maildir" reject tagged Scanned # Forward all mail received for local domains to amavis accept from any recipient ! for domain relay via "smtp://127.0.0.1:10024" # Relay anything that came in from authenticated users accept from local for any relay [root@vps296466 smtpd]# cat tables/users.conf postmas...@silviosiefke.com webmas...@silviosiefke.com ab...@silviosiefke.com webmas...@silviosiefke.com webmas...@silviosiefke.com siefke The log, you see listen@ is not in user file but smtpd take it and work with it. Normal should here come User Unknown and a reject. Sep 12 14:44:16 vps296466.ovh.net smtpd[13278]: 6179c6adcf742a0e smtp event=message msgid=2f9f47a5 from= to= size=77294 ndest=1 proto=ESMTP Sep 12 14:44:17 vps296466.ovh.net amavis[2312]: (02312-16-2) Blocked SPAM {DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206] -> , quarantine: spam-AuzhtQ8d1l4e.gz, Message-ID: <8e7f01d20cfd$99f53990$7bf56161@info>, mail_id: AuzhtQ8d1l4e, Hits: 7.122, size: 78330, 1043 ms Sep 12 14:44:17 vps296466.ovh.net smtpd[13278]: 6179c6acfe70e3a5 mta event=delivery evpid=2f9f47a52033a7ab from= to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1 (localhost) delay=2s result=Ok stat=250 2.7.0 Ok, discarded, id=02312-16-2 - spam Sep 12 19:43:56 vps296466.ovh.net smtpd[13278]: 6179c815f28e0caa smtp event=message msgid=48c3c980 from= to= size=278549 ndest=1 proto=ESMTP Sep 12 19:43:59 vps296466.ovh.net amavis[13651]: (13651-14) Blocked SPAM {DiscardedInbound,Quarantined}, [127.0.0.1] [62.141.46.206] -> , quarantine: spam-rvduM1a2D4oI.gz, Message-ID: , mail_id: rvduM1a2D4oI, Hits: 7.617, size: 282197, 2268 ms Sep 12 19:43:59 vps296466.ovh.net smtpd[13278]: 6179c81e6b0b89fc mta event=delivery evpid=48c3c980cea50a79 from= to= rcpt=<-> source=127.0.0.1 relay=127.0.0.1 (localhost) delay=25s result=Ok stat=250 2.7.0 Ok, discarded, id=13651-14 - spam Thank you for help, Silvio -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Mon, Sep 12, 2016 at 08:49:04PM +0200, Silvio Siefke wrote: > On Sat, 10 Sep 2016 23:06:54 +0200 > Mischa Peters wrote: > > > Have a look at spamd. > > https://www.openbsd.org/spamd/index.html > > > > Also runs on non-OpenBSD. > > Yes spamassassin is running with amavisd-new. That works well, the spam > goes in quarantine. Why does OpenSMTPD accept mails to addresses which > do not exist on the system? This is normal when you use @CATCHALL. > > Regards > Silvio Just to avoid some confusion here: OpenBSD spamd(8) [1] is NOT EQUAL to SpamAssassin spamd(1) [2]. [1] http://man.openbsd.org/OpenBSD-current/man8/spamd.8 [2] http://spamassassin.apache.org/full/3.4.x/doc/spamd.html -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
Sent from my iPhone > On Sep 12, 2016, at 1:49 PM, Silvio Siefke wrote: > > On Sat, 10 Sep 2016 23:06:54 +0200 > Mischa Peters wrote: > >> Have a look at spamd. >> https://www.openbsd.org/spamd/index.html >> >> Also runs on non-OpenBSD. > > Yes spamassassin is running with amavisd-new. That works well, the spam > goes in quarantine. Why does OpenSMTPD accept mails to addresses which > do not exist on the system? For anyone to answer that you would need to provide your smtpd.conf possibly logs, etc... > This is normal when you use @CATCHALL. > > Regards > Silvio -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
On Sun, 11 Sep 2016 12:17:29 +0200 "Peter N. M. Hansteen" wrote: > If all you've found is 'shell scripts and pf' I don't think you've > looked very closely. Sure when you search OpenSMTPD SPAMASSASSIN only come for OpenBSD really help. This is okay, but I can not install on VPS OpenBSD. For Linux is not really help there. This is okay too, Linux and BSD not really friendly each other and I like OpenSMTPD. > As Mischa mentioned earlier, on OpenBSD and other OSes with PF there's > spamd(8), which was (for example) quite capable of shielding all my > users from the recent 'voicemail' scam using only its default > greylisting (see > http://bsdly.blogspot.com/2016/08/the-voicemail-scammers-never-got-past.html > about that particular incident, links to other articles about spamd(8) > greylisting and related topics therein). That I have spam is not a problem. We all have it. But I understand not, why accept OpenSMTPD Mails for addresses which not active, not in user file. Normal when come this email OpenSMTPD should reject. Regards Silvio -- Silvio Siefke pgpRjNcONhs4o.pgp Description: PGP signature
Re: Greylisting
On 09/12/16 20:49, Silvio Siefke wrote: > On Sat, 10 Sep 2016 23:06:54 +0200 > Mischa Peters wrote: > >> Have a look at spamd. >> https://www.openbsd.org/spamd/index.html >> >> Also runs on non-OpenBSD. > > Yes spamassassin is running with amavisd-new. I think you may be confusing the OpenBSD spamd(8) program described at that URL with the program that comes with the spamassassin content-filtering system. They are two distinct and quite different programs, but it's more than possible for them to co-exist (even on the same machine if needed, they install to different paths) and they complement each other quite well in such setups. Yes, it is kind of unfortunate that two very different programs come with a binary with the same name, and it has lead to exactly that kind of confusion at times. If you're already using spamassassin, that's fine. If you put the OpenBSD spamd in default greylisting mode in front of spamassassin or other content filtering, the load on your content filtering will almost certainly go down significantly. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. signature.asc Description: OpenPGP digital signature
Re: Greylisting
On Sat, 10 Sep 2016 23:06:54 +0200 Mischa Peters wrote: > Have a look at spamd. > https://www.openbsd.org/spamd/index.html > > Also runs on non-OpenBSD. Yes spamassassin is running with amavisd-new. That works well, the spam goes in quarantine. Why does OpenSMTPD accept mails to addresses which do not exist on the system? This is normal when you use @CATCHALL. Regards Silvio pgplR9eUEdzuY.pgp Description: PGP signature
Re: Greylisting
Hi Peter, That is indeed a great article. Thank you for writing it. It gave me a new appreciation for spamd again. :) Mischa > On 11 Sep 2016, at 12:17, Peter N. M. Hansteen wrote: > >> On 09/10/16 19:10, Silvio Siefke wrote: >> I search with google but I found nothing with greylisting and most about >> spam is with shell scripts and pf. > > If all you've found is 'shell scripts and pf' I don't think you've > looked very closely. > > As Mischa mentioned earlier, on OpenBSD and other OSes with PF there's > spamd(8), which was (for example) quite capable of shielding all my > users from the recent 'voicemail' scam using only its default > greylisting (see > http://bsdly.blogspot.com/2016/08/the-voicemail-scammers-never-got-past.html > about that particular incident, links to other articles about spamd(8) > greylisting and related topics therein). > > - Peter > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >
Re: Greylisting
On 09/10/16 19:10, Silvio Siefke wrote: > I search with google but I found nothing with greylisting and most about > spam is with shell scripts and pf. If all you've found is 'shell scripts and pf' I don't think you've looked very closely. As Mischa mentioned earlier, on OpenBSD and other OSes with PF there's spamd(8), which was (for example) quite capable of shielding all my users from the recent 'voicemail' scam using only its default greylisting (see http://bsdly.blogspot.com/2016/08/the-voicemail-scammers-never-got-past.html about that particular incident, links to other articles about spamd(8) greylisting and related topics therein). - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Greylisting
Hi Silvio, Have a look at spamd. https://www.openbsd.org/spamd/index.html Also runs on non-OpenBSD. Mischa > On 10 Sep 2016, at 19:10, Silvio Siefke wrote: > > Hello, > > is greylisting available in opensmtpd? I have so much spam and I use > blacklist but it will not really work. > > > triolan.net.ua > tpasites.com > sak-ura.net > zwaan.nl > ibece.net > mccurdycandler.com > fischbach.co.uk > hv.be > outlook.com > fischbach.co.uk > ecolelasource.ch > bvniel...@ymail.com > > Can i write so or must be complete address? > > > # Deliver locally messages coming back in from scanner > accept tagged Scanned from local for domain virtual deliver > to maildir "~/maildir" > accept from local for local alias deliver to maildir "~/maildir" > reject tagged Scanned > > I search with google but I found nothing with greylisting and most about > spam is with shell scripts and pf. > > Nice day > Silvio > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >
Greylisting
Hello, is greylisting available in opensmtpd? I have so much spam and I use blacklist but it will not really work. triolan.net.ua tpasites.com sak-ura.net zwaan.nl ibece.net mccurdycandler.com fischbach.co.uk hv.be outlook.com fischbach.co.uk ecolelasource.ch bvniel...@ymail.com Can i write so or must be complete address? # Deliver locally messages coming back in from scanner accept tagged Scanned from local for domain virtual deliver to maildir "~/maildir" accept from local for local alias deliver to maildir "~/maildir" reject tagged Scanned I search with google but I found nothing with greylisting and most about spam is with shell scripts and pf. Nice day Silvio -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: using SPF or DKIM instead of greylisting?
On 2014-05-30 Fri 11:26 AM |, Ji Navr??til wrote: > > I'm using pf greylisting on OpenBSD. More and more emails from Google are > delayed and few are not delivered at all. > Setting greyexp to 48+ hours works fine. You could set it to 4 days. Create one of those shitmail accounts and send your server some 'test' messages. Eventually they'll validate through greylisting. Once low volume regular mails come through, it ceases to be a problem. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: using SPF or DKIM instead of greylisting?
On Fri, May 30, 2014 at 11:35:45AM +0200, Gilles Chehade wrote: > On Fri, May 30, 2014 at 11:26:18AM +0200, Ji Navr??til wrote: > > Hello, > > > > I???m using pf greylisting on OpenBSD. More and more emails from Google are > > delayed and few are not delivered at all. > > > > This https://support.google.com/mail/answer/180063 Google article suggest > > to replace greylisting with SPF or DKIM. > > > > What is your anti SPAM strategy please? Are available SPF and DKIM > > configurations examples for OpenSMTPD? > > > > Thak you for your recommendations. > > > > I only use greylisting and fopr big hosts like gmail and yahoo, I have a > script that queries their SPF records to whitelist the MX servers that > they advertise. > I tried to do this, but there were just too many to keep track of, and I noticed that a fair amount of the hosts connecting weren't even in the SPF. Greylisting became less and less helpful, unfortunately. I've been running blacklist-only for a few years. Luckily, I don't have a busy host. -- John D. Verne -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: using SPF or DKIM instead of greylisting?
> On Fri, 30 May 2014 11:45:13 +0200, Ji=C5=99=C3=AD Navr=C3=A1til atil.cz> > wrote: > > > V 30. kv=C4=9Btna 2014 at 11:38:43, Gilles Chehade (gil...@poolp.org) > > naps=C3=A1no: > > > What is your anti SPAM strategy please? Are available SPF and DKIM > > > configurations examples for OpenSMTPD?=C2=A0 > > >=C2=A0 > > > Thak you for your recommendations.=C2=A0 > > >=C2=A0 > >=20 > > I only use greylisting and fopr big hosts like gmail and yahoo, I > > have a script that queries their SPF records to whitelist the MX > > servers that they advertise.=C2=A0 > >=20 > >=20 > > Thank you for quick reply. > >=20 > > That looks as reasonable way for me. Could you share your script, > > please? > > I have quite the same setup than Gilles, though I'm lazier so I use the > list from Peter N. M. Hansteen : http://www.bsdly.net/~peter/nospamd > > > Jiri Navratil > > Cheers, > --=20 > Vigdis I am using bgp-spamd.net whitelisting for my domain in addition to spamd. It currently has ~ 91825 whitelisted ips. I had a similar experience with github trying to send a mail with different IP each time when spamd grey-trapped the first attempt. bgp-spamd whitelisted IPs had all the IPs with which github was trying to send mail. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: using SPF or DKIM instead of greylisting?
On Fri, 30 May 2014 11:45:13 +0200, Jiří Navrátil wrote: > V 30. května 2014 at 11:38:43, Gilles Chehade (gil...@poolp.org) > napsáno: > > What is your anti SPAM strategy please? Are available SPF and DKIM > > configurations examples for OpenSMTPD? > > > > Thak you for your recommendations. > > > > I only use greylisting and fopr big hosts like gmail and yahoo, I > have a script that queries their SPF records to whitelist the MX > servers that they advertise. > > > Thank you for quick reply. > > That looks as reasonable way for me. Could you share your script, > please? I have quite the same setup than Gilles, though I'm lazier so I use the list from Peter N. M. Hansteen : http://www.bsdly.net/~peter/nospamd > Jiri Navratil Cheers, -- Vigdis signature.asc Description: PGP signature
Re: using SPF or DKIM instead of greylisting?
V 30. května 2014 at 11:38:43, Gilles Chehade (gil...@poolp.org) napsáno: > What is your anti SPAM strategy please? Are available SPF and DKIM > configurations examples for OpenSMTPD? > > Thak you for your recommendations. > I only use greylisting and fopr big hosts like gmail and yahoo, I have a script that queries their SPF records to whitelist the MX servers that they advertise. Thank you for quick reply. That looks as reasonable way for me. Could you share your script, please? Jiri Navratil
Re: using SPF or DKIM instead of greylisting?
On Fri, May 30, 2014 at 11:26:18AM +0200, Ji Navr??til wrote: > Hello, > > I???m using pf greylisting on OpenBSD. More and more emails from Google are > delayed and few are not delivered at all. > > This https://support.google.com/mail/answer/180063 Google article suggest to > replace greylisting with SPF or DKIM. > > What is your anti SPAM strategy please? Are available SPF and DKIM > configurations examples for OpenSMTPD? > > Thak you for your recommendations. > I only use greylisting and fopr big hosts like gmail and yahoo, I have a script that queries their SPF records to whitelist the MX servers that they advertise. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
using SPF or DKIM instead of greylisting?
Hello, I’m using pf greylisting on OpenBSD. More and more emails from Google are delayed and few are not delivered at all. This https://support.google.com/mail/answer/180063 Google article suggest to replace greylisting with SPF or DKIM. What is your anti SPAM strategy please? Are available SPF and DKIM configurations examples for OpenSMTPD? Thak you for your recommendations. Best regards, Jiri -- Jiří Navrátil, http://kouc.navratil.cz, +420 222 767 131