Re: deflecting attacks

2009-08-24 Thread lst_hoe02
Zitat von AMP Admin ad...@ampprod.com: Does anyone use iptables or something to defend against attacks? Like if x amount of requests per x amount of time send away. If so I would love some examples. Thanks! We use the following : $IPTABLES -N SMTP-BLOCK $IPTABLES -A SMTP-BLOCK -m limit

DNSBL/RBL-Blacklist

2009-08-24 Thread Schwalbe, Oliver
Helo Newsgroup, i will integrate an DNSBL/RBL-Blacklist to avoid SPAM. So i insert a new row in my main.cf main.cf before: smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname,

Re: DNSBL/RBL-Blacklist

2009-08-24 Thread Justin C. Le Grice
Schwalbe, Oliver wrote: Helo Newsgroup, i will integrate an DNSBL/RBL-Blacklist to avoid SPAM. So i insert a new row in my main.cf main.cf before: smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname,

Re: DNSBL/RBL-Blacklist

2009-08-24 Thread Ralf Hildebrandt
* Schwalbe, Oliver oliver.schwa...@schnellecke.com: reject_rbl_client zen.spamhouse.org, -- new Row inserted reject_rbl_client zen.spamhaus.org 554 5.7.1 Service unavailable; Client host [64.12.206.41] blocked using zen.spamhouse.org;

Re: DNSBL/RBL-Blacklist

2009-08-24 Thread Ralf Hildebrandt
* Ralf Hildebrandt ralf.hildebra...@charite.de: * Schwalbe, Oliver oliver.schwa...@schnellecke.com: reject_rbl_client zen.spamhouse.org, -- new Row inserted reject_rbl_client zen.spamhaus.org 554 5.7.1 Service unavailable; Client

Re: DNSBL/RBL-Blacklist

2009-08-24 Thread Duane Hill
On Mon, 24 Aug 2009, Schwalbe, Oliver wrote: Helo Newsgroup, i will integrate an DNSBL/RBL-Blacklist to avoid SPAM. So i insert a new row in my main.cf main.cf before: [snip] main.cf after: smtpd_recipient_restrictions = permit_mynetworks,

Re: Any C api to access Postfix programmatically?

2009-08-24 Thread Δημήτριος Καραπιπέρης
I came to this solution, a bash script to validate a local recipient employing the SMTP protocol. #!/bin/bash nc localhost 25 EOF | grep '250 2.1.5 Ok' | sed 's/250 2.1.5 Ok/OK/' HELO localhost MAIL FROM: dim...@thessaloniki.gr RCPT TO: $1 QUIT EOF Dimitrios O/H Wietse Venema

Clearing Spam Folders

2009-08-24 Thread Justin C. Le Grice
Hi there. I am new to the world of postfix. I have managed to successfully implement Postfix etc using workaround.org's excellent guide. My current item on the wish list is how to sweep items from the users Spam folders after a defined number of days. I have located this script from

Mail Box

2009-08-24 Thread Roman Gelfand
Can somebody recommend a mail box server software that would be worthy of postfix? Also, if anyone knows of a cool web client. Thanks in advance

Re: Mail Box

2009-08-24 Thread Ralf Hildebrandt
* Roman Gelfand rgelfa...@gmail.com: Can somebody recommend a mail box server software that would be worthy of postfix? Dovecot Also, if anyone knows of a cool web client. Horde Squirrelmail roundcube -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité -

Re: Mail Box

2009-08-24 Thread Mikael Bak
Hi, Roman Gelfand wrote: Can somebody recommend a mail box server software that would be worthy of postfix? dovecot Also, if anyone knows of a cool web client. roundcube

Re: Country IP block list

2009-08-24 Thread Daniel L'Hommedieu
On Aug 23, 2009, at 22:26, Olivier Nicole wrote: Hi, Could someone provide links to sites where IP addresses are grouped by coun= try? ASNs would work too but would prefer IP lists that I could put in a f= ile that my postfix mail gateway could read. Obvious countries like China = and

Re: issues with postfix-ldap

2009-08-24 Thread Brian Evans - Postfix List
Daniel Corbe wrote: Hi, I'm seeing the following errors in my syslog being generated by trivial-rewrite after a MAIL FROM: command hits my MTA. I've been trying to enable LDAP lookups for my mail system without much success. The error messages aren't very helpful (even with verbose

Re: Clearing Spam Folders

2009-08-24 Thread Barney Desmond
2009/8/24 Justin C. Le Grice mailingli...@legrice.co.nz: I am new to the world of postfix. I have managed to successfully implement Postfix etc using workaround.org's excellent guide. My current item on the wish list is how to sweep items from the users Spam folders after a defined number of

Re: Country IP block list

2009-08-24 Thread Mikael Bak
Daniel L'Hommedieu wrote: The spam I see pretty much all originates in China Brazil, with some originating in Korea US. It also pretty much all originates on dynamic IP addresses, so if there's a way to block email from dynamic address ranges, I would very much be interested in that.

Re: rbl checks, best place + ipv6?

2009-08-24 Thread Dave Täht
Mark Martinec mark.martinec+post...@ijs.si writes: On Sunday August 23 2009 04:10:06 Dave Täht wrote: What I found after fighting with an exchange server that what seems to work best is assigning my first mx host to be ipv6 only, and my fallback to be a mx ipv6 and ipv4 host. My choice is

Re: Blocking mail from me to me (was: Country IP block list)

2009-08-24 Thread Martijn de Munnik
On Mon, 2009-08-24 at 10:28 -0400, Daniel L'Hommedieu wrote: On Aug 24, 2009, at 10:10, Mikael Bak wrote: Daniel L'Hommedieu wrote: The spam I see pretty much all originates in China Brazil, with some originating in Korea US. It also pretty much all originates on dynamic IP

Re: Blocking mail from me to me (was: Country IP block list)

2009-08-24 Thread Martijn de Munnik
Most of this spam is also blocked using spamhaus. Also you could add SPF to your own domain so no other servers could send mail using your domain. http://www.openspf.org/Introduction Off course your server should check the SPF records for incoming mail.

Non deterministic usage of STARTTLS

2009-08-24 Thread Julien Vehent
Hello guys, This is my first email on the list, so I hope it doesn't break any rule :) I've been playing around with my postfix logs to evaluate the percentage of MTA that are using STARTTLS when sending me emails. The result is pretty interesting, because some MTA are using TLS, but not all

Re: Non deterministic usage of STARTTLS

2009-08-24 Thread Noel Jones
On 8/24/2009 9:51 AM, Julien Vehent wrote: Hello guys, This is my first email on the list, so I hope it doesn't break any rule :) I've been playing around with my postfix logs to evaluate the percentage of MTA that are using STARTTLS when sending me emails. The result is pretty interesting,

Re: Non deterministic usage of STARTTLS

2009-08-24 Thread Julien Vehent
On Mon, 24 Aug 2009 10:33:31 -0500, Noel Jones njo...@megan.vbhcs.org wrote: On 8/24/2009 9:51 AM, Julien Vehent wrote: Hello guys, This is my first email on the list, so I hope it doesn't break any rule :) I've been playing around with my postfix logs to evaluate the percentage of MTA

Re: Non deterministic usage of STARTTLS

2009-08-24 Thread Noel Jones
Julien Vehent wrote: That message does not indicate a TLS connection. Try using smtpd_tls_loglevel = 1 for a clear indication of when TLS is in use without the noise. -- Noel Jones OK, I did. I will look more closely at the logs to check that again. But, what does this message indicates

Re: Non deterministic usage of STARTTLS

2009-08-24 Thread Wietse Venema
Noel Jones: -- Aug 22 07:52:12 zerhuel postfix/smtpd[2109]: initializing the server-side TLS engine This is logged ONCE when a postfix/smtpd process starts up. Then, it handles one or more SMTP clients. So, 'initializing the server-side TLS engine' is logged only before the FIRST SMTP

Re: Non deterministic usage of STARTTLS

2009-08-24 Thread Julien Vehent
Wietse Venema wrote: Noel Jones: -- Aug 22 07:52:12 zerhuel postfix/smtpd[2109]: initializing the server-side TLS engine This is logged ONCE when a postfix/smtpd process starts up. Then, it handles one or more SMTP clients. So, 'initializing the server-side TLS engine' is logged only

log check_client_access

2009-08-24 Thread Martijn de Munnik
Hi, How can I write a message to syslog when a check_client_access rule matches? thanks, Martijn

Re: Reg:Virtual Aliases forwarding

2009-08-24 Thread Priyanka Tyagi
Thanks for reply, Benny. Just to better explain my problem: Assume, all domains in example : d1.com, d2.com and d3.com have SPF record setup to Pass. I have virtual_alias setup like this: u...@d2.com u...@d3.com. When I send email from u...@d1.com to u...@d2.com. It passes SPF with this

Re: log check_client_access

2009-08-24 Thread /dev/rob0
On Monday 24 August 2009 12:43:16 Martijn de Munnik wrote: How can I write a message to syslog when a check_client_access rule matches? See the WARN result. If you mean that you want to log and to trigger some other action, do note that REJECT and DEFER results are logged anyway. If you're

Re: issues with postfix-ldap

2009-08-24 Thread Daniel Corbe
Issues with the depreciated config aside I figured out what the issue was. Burried deep inside the ldap_table(5) man page was my answer: for whatever reason postfix defaults to LDAPv2 instead of LDAPv3. The configuration examples with the newer versions of OpenLDAP try to gently discourage use

Re: log check_client_access

2009-08-24 Thread Martijn de Munnik
On Aug 24, 2009, at 7:57 PM, /dev/rob0 wrote: On Monday 24 August 2009 12:43:16 Martijn de Munnik wrote: How can I write a message to syslog when a check_client_access rule matches? See the WARN result. If you mean that you want to log and to trigger some other action, do note that REJECT

Re: Blocking mail from me to me (was: Country IP block list)

2009-08-24 Thread LuKreme
On 24-Aug-2009, at 08:28, Daniel L'Hommedieu wrote: The one bit of spam I'd like to stop, and I seem to remember seeing talk of it at some point (but I've been unable to find it again) is the spam appears to be from me to me. That is, the spammers who use my email address as the from

Re: log check_client_access

2009-08-24 Thread Martijn de Munnik
On Aug 24, 2009, at 8:31 PM, Martijn de Munnik wrote: On Aug 24, 2009, at 7:57 PM, /dev/rob0 wrote: On Monday 24 August 2009 12:43:16 Martijn de Munnik wrote: How can I write a message to syslog when a check_client_access rule matches? See the WARN result. If you mean that you want to

Re: issues with postfix-ldap

2009-08-24 Thread Victor Duchovni
On Sun, Aug 23, 2009 at 03:55:43PM -0700, Daniel Corbe wrote: acceptdomains_server_host = localhost acceptdomains_server_port = 389 acceptdomains_bind = yes acceptdomains_bind_dn = cn=Manager,dc=corbe,dc=net acceptdomains_bind_pw = xx55ZZ acceptdomains_search_base = dc=corbe,dc=net

Settings for restrictive mail server

2009-08-24 Thread Michael Saldivar
I need some ideas for implementing this uber-restrictive mailserver at my company. Some background: CEO doesn't want to buy Exchange. We have basically 3 user groups: agents, their team leads, and corporate (execs, etc). The goal is: Execs don't want agents to e-mail each other or anyone outside

Re: Blocking mail from me to me

2009-08-24 Thread mouss
LuKreme a écrit : On 24-Aug-2009, at 08:28, Daniel L'Hommedieu wrote: The one bit of spam I'd like to stop, and I seem to remember seeing talk of it at some point (but I've been unable to find it again) is the spam appears to be from me to me. That is, the spammers who use my email address

Re: Block email based on recipient address

2009-08-24 Thread mouss
Gejo Paul a écrit : Hi, My postfix version is postfix-2.3.3-2 main.cf http://main.cf smtpd_recipient_restrictions = check_sender_access ldap:ldapcond, don't do this. don't use a check_sender_access before reject_unauth_destination. put this check under smtpd_sender_restrictions instead.

unknown identities

2009-08-24 Thread Oscar m Cruz
Hi list as soon as possible i need to block all kind of messages coming from an unkown account inside my server, its mean something as taking some unknown identities from my domain for instance: unknownacco...@mydomain.com - to m...@mydomain.comhapping with most of the mail account here the

Re: unknown identities

2009-08-24 Thread Sahil Tandon
On Mon, 24 Aug 2009, Oscar m Cruz wrote: as soon as possible i need to block all kind of messages coming from an unkown account inside my server, its mean something as taking some unknown identities from my domain for instance: unknownacco...@mydomain.com - to m...@mydomain.comhapping

Re: (OT!) Clearing Spam Folders

2009-08-24 Thread Justin C. Le Grice
Barney Desmond wrote: 2009/8/24 Justin C. Le Grice mailingli...@legrice.co.nz: I am new to the world of postfix. I have managed to successfully implement Postfix etc using workaround.org's excellent guide. My current item on the wish list is how to sweep items from the users Spam folders

Re: (OT!) Clearing Spam Folders

2009-08-24 Thread Sahil Tandon
On Tue, 25 Aug 2009, Justin C. Le Grice wrote: Barney Desmond wrote: [...] and how do I use it in a weekly cron job? Put it in a weekly cronjob. I don't mean to come off as rude, but these aren't really good questions, relevant or otherwise. Gee Barney that was really

Re: (OT!) Clearing Spam Folders

2009-08-24 Thread Michael Orlitzky
Justin C. Le Grice wrote: Barney Desmond wrote: 2009/8/24 Justin C. Le Grice mailingli...@legrice.co.nz: I am new to the world of postfix. I have managed to successfully implement Postfix etc using workaround.org's excellent guide. My current item on the wish list is how to sweep items