Re: Problem with mysql postfix backend with amavisd
Hello, On 06/26/2014 06:09 PM, Viktor Dukhovni wrote: On Thu, Jun 26, 2014 at 05:08:28PM +0200, rsmits-l wrote: virtual_alias_maps = hash:/home/postfix/namen, mysql:/home/postfix/forwardsqlconnect.cf Can anyone help with this error? Mysql database performance issue is not the case. After extensive monitoring we found that max connections and memory is fine. Turns out that perhaps the monitoring was misleading, and perhaps connection limits were exceeded. Well, it turns out it was the mysql idle time was set to short. (120 seconds) after we increased it to 1 hour there are no problems. I am not sure if i will use the proxy: parameter. If the mailserver is under a high load maybe the proxymap is a delay ? I will test this with more mailservers and see if there is a difference. wait_timeout= 120 interactive_timeout = 120 Greetings, Richard.
Problem with make makefiles shared=yes
I used to build Postfix like this: make tidy CCARGS='-Wl,--as-needed -I/usr/include/sasl -DHAS_CDB -DUSE_TLS -DHAS_PCRE -DUSE_SASL_AUTH -DUSE_CYRUS_SASL' \ AUXLIBS=-Wl,--as-needed -lpcre -lssl -lcrypto -lcdb -lsasl2 -lnsl -lresolv make makefiles \ time make -j postfix stop; make -j upgrade postfix start sleep 2 postfix flush this still works OK with 0629! Changing to: make tidy CCARGS='-Wl,--as-needed -I/usr/include/sasl -DHAS_CDB -DUSE_TLS -DHAS_PCRE -DUSE_SASL_AUTH -DUSE_CYRUS_SASL' \ AUXLIBS=-Wl,--as-needed -lpcre -lssl -lcrypto -lcdb -lsasl2 -lnsl -lresolv make makefiles shared=yes \ time make -j postfix stop; make -j upgrade postfix start sleep 2 postfix flush Results in: ... make: Nothing to be done for update'. [src/tlsmgr] gcc -Wmissing-prototypes -Wformat -Wno-comment -I. -I../../include -Wl,--as-needed -I/usr/include/sasl -DHAS_CDB -DUSE_TLS -DHAS_PCRE -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DSNAPSHOT -DUSE_DYNAMIC_LIBS -UUSE_DYNAMIC_MAPS -g -O -I. -I../../include -DLINUX2 -Wl,-rpath,/usr/lib/postfix -o tlsmgr tlsmgr.o ../../lib/libpostfix-master.so ../../lib/libpostfix-tls.so ../../lib/libpostfix-dns.so ../../lib/libpostfix-global.so ../../lib/libpostfix-util.so -Wl,--as-needed -lpcre -lssl -lcrypto -lcdb -lsasl2 -lnsl -lresolv -ldb -ldl ../../lib/libpostfix-dns.so: undefined reference to __res_search' ../../lib/libpostfix-dns.so: undefined reference to __dn_expand' collect2: error: ld returned 1 exit status make: *** [tlsmgr] Error 1 make: *** [update] Error 1 What am I doing wrong here? -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Problem with make makefiles shared=yes
Ralf Hildebrandt: make tidy CCARGS='-Wl,--as-needed -I/usr/include/sasl -DHAS_CDB -DUSE_TLS -DHAS_PCRE -DUSE_SASL_AUTH -DUSE_CYRUS_SASL' \ AUXLIBS=-Wl,--as-needed -lpcre -lssl -lcrypto -lcdb -lsasl2 -lnsl -lresolv make makefiles shared=yes \ time make -j postfix stop; make -j upgrade postfix start sleep 2 postfix flush Results in: ... make: Nothing to be done for update'. [src/tlsmgr] gcc -Wmissing-prototypes -Wformat -Wno-comment -I. -I../../include -Wl,--as-needed -I/usr/include/sasl -DHAS_CDB -DUSE_TLS -DHAS_PCRE -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DSNAPSHOT -DUSE_DYNAMIC_LIBS -UUSE_DYNAMIC_MAPS -g -O -I. -I../../include -DLINUX2 -Wl,-rpath,/usr/lib/postfix -o tlsmgr tlsmgr.o ../../lib/libpostfix-master.so ../../lib/libpostfix-tls.so ../../lib/libpostfix-dns.so ../../lib/libpostfix-global.so ../../lib/libpostfix-util.so -Wl,--as-needed -lpcre -lssl -lcrypto -lcdb -lsasl2 -lnsl -lresolv -ldb -ldl ../../lib/libpostfix-dns.so: undefined reference to __res_search' ../../lib/libpostfix-dns.so: undefined reference to __dn_expand' collect2: error: ld returned 1 exit status make: *** [tlsmgr] Error 1 make: *** [update] Error 1 What am I doing wrong here? No idea. When I do: $ make $ make tidy $ make makefiles shared=yes $ make All commands complete without error (postfix-2.12-20140629 on FC Linux). Ditto with SSL turned on (make makefiles CCARGS=-DUSE_TLS AUXLIBS='-lssl -lcrypto'). Try without -Wl,--as-needed. Wietse
Re: Problem with make makefiles shared=yes
* Wietse Venema postfix-users@postfix.org: Try without -Wl,--as-needed. That was the culprit! -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Logging DNSBL rejections
Hello; I'm working with Debian GNU/Linux 7 and Postfix 2.9.6 I've configured a Postfix service with this (real rbl instead of example): $ postconf -e 'smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client rbl.example.net' $ postconf -e 'postscreen_dnsbl_sites = rbl.example.net' $ service postfix reload Spam delivery has been reduced with this, but I cannot investigate false positives because nothing of this (RBL) is logged to /var/log/mail.log nor /var/log/syslog What do I need to do to Postfix logs DNSBL/RBL events? Thanks.
Re: Logging DNSBL rejections
Narcis Garcia: Hello; I'm working with Debian GNU/Linux 7 and Postfix 2.9.6 I've configured a Postfix service with this (real rbl instead of example): $ postconf -e 'smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client rbl.example.net' $ postconf -e 'postscreen_dnsbl_sites = rbl.example.net' $ service postfix reload Spam delivery has been reduced with this, but I cannot investigate false positives because nothing of this (RBL) is logged to /var/log/mail.log nor /var/log/syslog What do I need to do to Postfix logs DNSBL/RBL events? Postfix logs all rejects, and all successful/failed deliveries with severity mail.info. It is possible that you have Postfix chroot turned on without proper configuration. In master.cf, change the fourth column into 'n' in the line smtp smtpd. Then type postfix reload and see if your SMTP server logging is fixed. Then, fix the fourth column of all other Postfix services, too. Wietse
Re: Logging DNSBL rejections
Doing this (unpriv to n) and restarting service I get the following from /var/log/mail.log : error: incorrect SMTP server privileges: uid=0 euid=0 fatal: the Postfix SMTP server must run with $mail_owner privileges warning: process /usr/lib/postfix/smtpd pid 14987 exit status 1 warning: /usr/lib/postfix/smtpd: bad command startup -- throttling $ postconf | grep -e 'mail_owner' mail_owner = postfix El 01/07/14 16:30, Wietse Venema ha escrit: Narcis Garcia: Hello; I'm working with Debian GNU/Linux 7 and Postfix 2.9.6 I've configured a Postfix service with this (real rbl instead of example): $ postconf -e 'smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client rbl.example.net' $ postconf -e 'postscreen_dnsbl_sites = rbl.example.net' $ service postfix reload Spam delivery has been reduced with this, but I cannot investigate false positives because nothing of this (RBL) is logged to /var/log/mail.log nor /var/log/syslog What do I need to do to Postfix logs DNSBL/RBL events? Postfix logs all rejects, and all successful/failed deliveries with severity mail.info. It is possible that you have Postfix chroot turned on without proper configuration. In master.cf, change the fourth column into 'n' in the line smtp smtpd. Then type postfix reload and see if your SMTP server logging is fixed. Then, fix the fourth column of all other Postfix services, too. Wietse
Re: Logging DNSBL rejections
Narcis Garcia: Doing this (unpriv to n) and restarting service I get the following from /var/log/mail.log : Should be: the chroot column that's fifth. My mistake. error: incorrect SMTP server privileges: uid=0 euid=0 fatal: the Postfix SMTP server must run with $mail_owner privileges warning: process /usr/lib/postfix/smtpd pid 14987 exit status 1 warning: /usr/lib/postfix/smtpd: bad command startup -- throttling $ postconf | grep -e 'mail_owner' mail_owner = postfix El 01/07/14 16:30, Wietse Venema ha escrit: Narcis Garcia: Hello; I'm working with Debian GNU/Linux 7 and Postfix 2.9.6 I've configured a Postfix service with this (real rbl instead of example): $ postconf -e 'smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client rbl.example.net' $ postconf -e 'postscreen_dnsbl_sites = rbl.example.net' $ service postfix reload Spam delivery has been reduced with this, but I cannot investigate false positives because nothing of this (RBL) is logged to /var/log/mail.log nor /var/log/syslog What do I need to do to Postfix logs DNSBL/RBL events? Postfix logs all rejects, and all successful/failed deliveries with severity mail.info. It is possible that you have Postfix chroot turned on without proper configuration. In master.cf, change the fourth column into 'n' in the line smtp smtpd. Then type postfix reload and see if your SMTP server logging is fixed. Then, fix the fourth column of all other Postfix services, too. Wietse
Re: Logging DNSBL rejections
Note that with default configuration Potstfix is already logging all other events, except RBL ones, because in Debian chroot logging by syslog is well configured in /etc/rsyslog.d/postfix.conf I've deactivated temporarily chroot, and I'm still waiting if there is some news about reject_rbl_client events being logged. El 01/07/14 16:47, Narcis Garcia ha escrit: Doing this (unpriv to n) and restarting service I get the following from /var/log/mail.log : error: incorrect SMTP server privileges: uid=0 euid=0 fatal: the Postfix SMTP server must run with $mail_owner privileges warning: process /usr/lib/postfix/smtpd pid 14987 exit status 1 warning: /usr/lib/postfix/smtpd: bad command startup -- throttling $ postconf | grep -e 'mail_owner' mail_owner = postfix El 01/07/14 16:30, Wietse Venema ha escrit: Narcis Garcia: Hello; I'm working with Debian GNU/Linux 7 and Postfix 2.9.6 I've configured a Postfix service with this (real rbl instead of example): $ postconf -e 'smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client rbl.example.net' $ postconf -e 'postscreen_dnsbl_sites = rbl.example.net' $ service postfix reload Spam delivery has been reduced with this, but I cannot investigate false positives because nothing of this (RBL) is logged to /var/log/mail.log nor /var/log/syslog What do I need to do to Postfix logs DNSBL/RBL events? Postfix logs all rejects, and all successful/failed deliveries with severity mail.info. It is possible that you have Postfix chroot turned on without proper configuration. In master.cf, change the fourth column into 'n' in the line smtp smtpd. Then type postfix reload and see if your SMTP server logging is fixed. Then, fix the fourth column of all other Postfix services, too. Wietse
Re: Logging DNSBL rejections
Narcis Garcia: Note that with default configuration Potstfix is already logging all other events, except RBL ones, because in Debian chroot logging by syslog is well configured in /etc/rsyslog.d/postfix.conf I've deactivated temporarily chroot, and I'm still waiting if there is some news about reject_rbl_client events being logged. Postfix logs all rejects and all successful/failed deliveries with severity mail.info. It has done this since 1997 before it was even named Postfix. To find out where mail.info is logged: $ logger -p mail.info this is a test... and watch your logfiles for changes. If your syslog daemon logs mail.info in a different file than warnings or errors, then that just makes logfile analysis more difficult than it needs to be. Wietse
Re: Logging DNSBL rejections
No log to mail.info file about rbl/dnsbl until now. I've restored chroot option to default for smtp service. $ logger -p mail.info this is a test $ cat /var/log/mail.info | grep -e 'a test' 2014-07-01T17:43:17.257348+02:00 hostname username: this is a test El 01/07/14 17:30, Wietse Venema ha escrit: Narcis Garcia: Note that with default configuration Potstfix is already logging all other events, except RBL ones, because in Debian chroot logging by syslog is well configured in /etc/rsyslog.d/postfix.conf I've deactivated temporarily chroot, and I'm still waiting if there is some news about reject_rbl_client events being logged. Postfix logs all rejects and all successful/failed deliveries with severity mail.info. It has done this since 1997 before it was even named Postfix. To find out where mail.info is logged: $ logger -p mail.info this is a test... and watch your logfiles for changes. If your syslog daemon logs mail.info in a different file than warnings or errors, then that just makes logfile analysis more difficult than it needs to be. Wietse
Re: Logging DNSBL rejections
How can I check in some manner that some of these parameters is working? reject_rbl_client reject_rhsbl_reverse_client reject_rhsbl_helo reject_rhsbl_sender El 01/07/14 17:46, Narcis Garcia ha escrit: No log to mail.info file about rbl/dnsbl until now. I've restored chroot option to default for smtp service. $ logger -p mail.info this is a test $ cat /var/log/mail.info | grep -e 'a test' 2014-07-01T17:43:17.257348+02:00 hostname username: this is a test El 01/07/14 17:30, Wietse Venema ha escrit: Narcis Garcia: Note that with default configuration Potstfix is already logging all other events, except RBL ones, because in Debian chroot logging by syslog is well configured in /etc/rsyslog.d/postfix.conf I've deactivated temporarily chroot, and I'm still waiting if there is some news about reject_rbl_client events being logged. Postfix logs all rejects and all successful/failed deliveries with severity mail.info. It has done this since 1997 before it was even named Postfix. To find out where mail.info is logged: $ logger -p mail.info this is a test... and watch your logfiles for changes. If your syslog daemon logs mail.info in a different file than warnings or errors, then that just makes logfile analysis more difficult than it needs to be. Wietse
Re: Logging DNSBL rejections
Narcis Garcia: How can I check in some manner that some of these parameters is working? reject_rbl_client reject_rhsbl_reverse_client reject_rhsbl_helo reject_rhsbl_sender How can WE check that you have configured them properly? It is possible to configure these so that they will never fire. Wietse
Re: Logging DNSBL rejections
On 7/1/2014 11:18 AM, Wietse Venema wrote: Narcis Garcia: How can I check in some manner that some of these parameters is working? reject_rbl_client reject_rhsbl_reverse_client reject_rhsbl_helo reject_rhsbl_sender How can WE check that you have configured them properly? It is possible to configure these so that they will never fire. Very true. For example, if you are using your ISP's resolvers to query a Spamhaus DNSBL the query may be rejected due to terms of usage violation. Temporary DNS problems will also cause query failures. You need to test your queries to your DNSBLs. Each one should have instructions on their website telling you how. Here are the Spamhaus instructions: http://www.spamhaus.org/faq/section/DNSBL%20Usage#366 Cheers, Stan
Re: Logging DNSBL rejections
Is there any website or service in internet to send a mail test from a blacklisted IP? El 01/07/14 19:12, Stan Hoeppner ha escrit: On 7/1/2014 11:18 AM, Wietse Venema wrote: Narcis Garcia: How can I check in some manner that some of these parameters is working? reject_rbl_client reject_rhsbl_reverse_client reject_rhsbl_helo reject_rhsbl_sender How can WE check that you have configured them properly? It is possible to configure these so that they will never fire. Very true. For example, if you are using your ISP's resolvers to query a Spamhaus DNSBL the query may be rejected due to terms of usage violation. Temporary DNS problems will also cause query failures. You need to test your queries to your DNSBLs. Each one should have instructions on their website telling you how. Here are the Spamhaus instructions: http://www.spamhaus.org/faq/section/DNSBL%20Usage#366 Cheers, Stan
DNSBL verification tool.
I have modified a script that verifies one IP against a list of RBL that can be found here: http://www1.ngtech.co.il/rbl/rblcheck.rb The tool can download the rbl from the online RBL servers list at: http://www1.ngtech.co.il/rbl/rbl.csv If someone has some more RBL to add the list please send me them. Thanks, Eliezer
Re: Logging DNSBL rejections
if I run mail command or swaks, they both make Postfix to send with SMTP from 127.0.0.1 or public IP. Never 127.0.0.2 Can I tell Postfix to make 1 mail sending from 127.0.0.2 ? If so, I suppose the SMTP service listening at TCP/25 will receive the local communication from 127.0.0.2 (?) Thanks for all the answers. El 01/07/14 19:58, Wietse Venema ha escrit: Narcis Garcia: Is there any website or service in internet to send a mail test from a blacklisted IP? Yes. telnet to 127.0.0.2 port 25. Wietse
Re: Logging DNSBL rejections
On 7/1/2014 2:21 PM, Narcis Garcia wrote: if I run mail command or swaks, they both make Postfix to send with SMTP from 127.0.0.1 or public IP. Never 127.0.0.2 Can I tell Postfix to make 1 mail sending from 127.0.0.2 ? If so, I suppose the SMTP service listening at TCP/25 will receive the local communication from 127.0.0.2 (?) You've completely lost your way, you're confused. DNSBL tests are on inbound connections. Here you're talking about sending mail outbound. I think Wietse's answer confused you. Why are you averse to using the standard tools that everyone uses to test DNSBL queries, mainly 'host' and 'dig'? This is all that's needed to confirm your IP DNSBL queries are working, assuming you execute them with the same user permissions as Postfix. Cheers, Stan El 01/07/14 19:58, Wietse Venema ha escrit: Narcis Garcia: Is there any website or service in internet to send a mail test from a blacklisted IP? Yes. telnet to 127.0.0.2 port 25. Wietse
Re: Logging DNSBL rejections
Narcis Garcia: if I run mail command or swaks, they both make Postfix to send with SMTP from 127.0.0.1 or public IP. Never 127.0.0.2 $ telnet 127.0.0.2 25 Then type the SMTP commands. Wietse
Re: Logging DNSBL rejections
At this moment I don't want to check manually if an IP is blacklisted or not (I already had made that exercise). I want my Postfix installation presents a REJECTION to me. I'm looking for a way to send a mail because I want to reach my Postfix and it REJECTS it due to DNSBL rule. If it cannot be done, then I'll need to setup my own DNSBL to manually blacklist another IP (p.e. in the LAN); www DOT zytrax DOT com/books/dns/ch9/dnsbl.html El 01/07/14 21:38, Stan Hoeppner ha escrit: On 7/1/2014 2:21 PM, Narcis Garcia wrote: if I run mail command or swaks, they both make Postfix to send with SMTP from 127.0.0.1 or public IP. Never 127.0.0.2 Can I tell Postfix to make 1 mail sending from 127.0.0.2 ? If so, I suppose the SMTP service listening at TCP/25 will receive the local communication from 127.0.0.2 (?) You've completely lost your way, you're confused. DNSBL tests are on inbound connections. Here you're talking about sending mail outbound. I think Wietse's answer confused you. Why are you averse to using the standard tools that everyone uses to test DNSBL queries, mainly 'host' and 'dig'? This is all that's needed to confirm your IP DNSBL queries are working, assuming you execute them with the same user permissions as Postfix. Cheers, Stan El 01/07/14 19:58, Wietse Venema ha escrit: Narcis Garcia: Is there any website or service in internet to send a mail test from a blacklisted IP? Yes. telnet to 127.0.0.2 port 25. Wietse
Re: Logging DNSBL rejections
Narcis Garcia: At this moment I don't want to check manually if an IP is blacklisted or not (I already had made that exercise). I want my Postfix installation presents a REJECTION to me. I'm looking for a way to send a mail because I want to reach my Postfix and it REJECTS it due to DNSBL rule. Telnet to 127.0.0.2 port 25 then send mail. THIS MAIL SHOULD BE REJECTED by Postfix because almost every DNSBL uses 127.0.0.2 as a test pattern. This is my final attempt to help you. Wietse
Re: Logging DNSBL rejections
On 1. jul. 2014 22.00.22 CEST, wie...@porcupine.org wrote: Narcis Garcia: At this moment I don't want to check manually if an IP is blacklisted or not (I already had made that exercise). I want my Postfix installation presents a REJECTION to me. I'm looking for a way to send a mail because I want to reach my Postfix and it REJECTS it due to DNSBL rule. Telnet to 127.0.0.2 port 25 then send mail. THIS MAIL SHOULD BE REJECTED by Postfix because almost every DNSBL uses 127.0.0.2 as a test pattern. This is my final attempt to help you. For the record here, his postfix might not listen on 127.0.0.2, and 127.0.0.2 is not a ip, its a result code Confusing result code and telnet ip
Re: Logging DNSBL rejections
Benny Pedersen: [ Charset UTF-8 unsupported, converting... ] On 1. jul. 2014 22.00.22 CEST, wie...@porcupine.org wrote: Narcis Garcia: At this moment I don't want to check manually if an IP is blacklisted or not (I already had made that exercise). I want my Postfix installation presents a REJECTION to me. I'm looking for a way to send a mail because I want to reach my Postfix and it REJECTS it due to DNSBL rule. Telnet to 127.0.0.2 port 25 then send mail. THIS MAIL SHOULD BE REJECTED by Postfix because almost every DNSBL uses 127.0.0.2 as a test pattern. This is my final attempt to help you. For the record here, his postfix might not listen on 127.0.0.2, and 127.0.0.2 is not a ip, its a result code Confusing result code and telnet ip Benny you have no idea what you are talking about. When a client connects from 127.0.0.2, the Postfix DNSBL client will make a query, for example, for 2.0.0.127.zen.spamhaus.org. 2.0.0.127.zen.spamhaus.org has address 127.0.0.4 2.0.0.127.zen.spamhaus.org has address 127.0.0.10 2.0.0.127.zen.spamhaus.org has address 127.0.0.2 That can be used to trigger a reject when the client sends mail. The only glitch is that by default, telnet 127.0.0.1 smtp results in Jul 1 17:09:57 wzv postfix/smtpd[13454]: connect from localhost[127.0.0.1] But that is easily fixed with ifconfig lo 127.0.0.2 netmask 255.0.0.0. Jul 1 17:11:24 wzv postfix/smtpd[13454]: connect from unknown[127.0.0.2] (and don't forget to reset the lo address to 127.0.0.1). QED. Now, if the OP were only willing to cooperate he could have had his answer hours ago. Wietse
Re: Logging DNSBL rejections
My reply had one typo. This is the fixed version. When a client connects from 127.0.0.2, the Postfix DNSBL client will make a query, for example, for 2.0.0.127.zen.spamhaus.org. 2.0.0.127.zen.spamhaus.org has address 127.0.0.4 2.0.0.127.zen.spamhaus.org has address 127.0.0.10 2.0.0.127.zen.spamhaus.org has address 127.0.0.2 That can be used to trigger a reject when the client sends mail. The only glitch is that by default, telnet 127.0.0.2 smtp results in Jul 1 17:09:57 wzv postfix/smtpd[13454]: connect from localhost[127.0.0.1] But that is easily fixed with ifconfig lo 127.0.0.2 netmask 255.0.0.0. Jul 1 17:11:24 wzv postfix/smtpd[13454]: connect from unknown[127.0.0.2] QED. Now, if the OP were only willing to cooperate he could have had his answer hours ago. Wietse
Re: Logging DNSBL rejections
On 1. jul. 2014 23.15.01 CEST, wie...@porcupine.org wrote: Benny Pedersen: [ Charset UTF-8 unsupported, converting... ] Benny you have no idea what you are talking about. Oh Telnet to 127.0.0.1 25 was imho what you mean, not to 127.0.0.2 ? Did i sleep there? When a client connects from 127.0.0.2, the Postfix DNSBL client will make a query, for example, for 2.0.0.127.zen.spamhaus.org. This is not the to ip that is checked, but the from in telnet apply that the tester used 127.0.0.2 and telneted to him self in postfix, non standard config that shows his problem in more detail 2.0.0.127.zen.spamhaus.org has address 127.0.0.4 2.0.0.127.zen.spamhaus.org has address 127.0.0.10 2.0.0.127.zen.spamhaus.org has address 127.0.0.2 If he is calling from 127.0.0.1 it would be 1.0.0.127.dnsbl-servername QED. Now, if the OP were only willing to cooperate he could have had his answer hours ago. Time for my bed now
Re: Logging DNSBL rejections
Benny Pedersen: On 1. jul. 2014 23.15.01 CEST, wie...@porcupine.org wrote: Benny Pedersen: Benny you have no idea what you are talking about. Oh Telnet to 127.0.0.1 25 was imho what you mean, not to 127.0.0.2 ? See my follow-up post how to telnet to 127.0.0.2 25, how Postfix logs connect from 127.0.0.2, and how this can trigger a reject from spamhaus.org, or any DNSBL that supports 127.0.0.2 for testing. Wietse
Re: Logging DNSBL rejections
Am 02.07.2014 01:41, schrieb Benny Pedersen: On 1. jul. 2014 23.15.01 CEST, wie...@porcupine.org wrote: Benny Pedersen: [ Charset UTF-8 unsupported, converting... ] Benny you have no idea what you are talking about. Oh Telnet to 127.0.0.1 25 was imho what you mean, not to 127.0.0.2 ? no Did i sleep there? you still sleep When a client connects from 127.0.0.2, the Postfix DNSBL client will make a query, for example, for 2.0.0.127.zen.spamhaus.org. This is not the to ip that is checked, but the from in telnet apply that the tester used 127.0.0.2 and telneted to him self in postfix, non standard config that shows his problem in more detail 2.0.0.127.zen.spamhaus.org has address 127.0.0.4 2.0.0.127.zen.spamhaus.org has address 127.0.0.10 2.0.0.127.zen.spamhaus.org has address 127.0.0.2 If he is calling from 127.0.0.1 it would be 1.0.0.127.dnsbl-servername but nobody talked about 127.0.0.1 QED. Now, if the OP were only willing to cooperate he could have had his answer hours ago. Time for my bed now do so instead keep discuss with the developer of postfix about things he knows better than 99% of people
What does this mean timeout after RSET?
Hi There... We are running Postfix 2.6.14. What we are seeing is that one of our client sent a bulk email yesterday using their LYRIS mailing program. *-bash-3.2# zgrep LYRIS maillog-20140701.gz | wc -l* *6826* So 6826 got through but there’s a few thousand missing they reported. Looking further into this, I can see about 4000+ resets from their IP address, so this might correspond to the missing emails not having been sent. Not sure if my hunch is correct or not. *-bash-3.2# zgrep 10.84.66.53 maillog-20140701.gz | grep RSET | wc -l* *4637* I'm not entirely sure what these RSETs are but they could be that the customer was hammering our mail server and we ran out of smtpd connections/processes to handle it. Talks about it here: http://marc.info/?l=postfix-usersm=104638427320107w=2 \\ snippet of the RSET errors Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8837]: timeout after RSET from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8837]: disconnect from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8838]: timeout after RSET from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8838]: disconnect from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8830]: timeout after RSET from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8830]: disconnect from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8833]: timeout after RSET from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8833]: disconnect from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8836]: timeout after RSET from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8836]: disconnect from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8826]: timeout after RSET from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8826]: disconnect from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8831]: timeout after RSET from unknown[10.84.66.53] Jun 30 12:21:21 cllxprmgtsmtp01 postfix/smtpd[8831]: disconnect from unknown[10.84.66.53] Thanks. Andy
