Re: Is postscreen really this good?
The Stovebolt Geek: Recently I found out about postscreen on this list. After reading about it, I implemented it in pretty much the default configuration (copied below.) postscreen_bare_newline_action = ignore postscreen_bare_newline_enable = no postscreen_blacklist_action = ignore postscreen_dnsbl_action = ignore postscreen_greet_action = ignore postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_enable = no postscreen_pipelining_action = enforce postscreen_pipelining_enable = no This means postscreen blocks nothing. All it does is send half a greeting banner and wait 6s. I would not expect that to make a major difference in the amount of mail handled by your server. Did you actually look at the maillog file? You should see lots of clients hanging up without sending mail. Wietse
Re: Is postscreen really this good?
On Tue, Oct 09, 2012 at 11:38:57PM -0500, The Stovebolt Geek wrote: I've been running postfix with policyd-weight and spamassassin for years on a small hobby domain that I manage. I usually have a few hundred spam messages in the spam folder after a few days. Recently I found out about postscreen on this list. After reading about it, I implemented it in pretty much the default configuration (copied below.) I run all mail through a filter script (copied below) that routes the mail through spamassassin and then either labels it as spam and puts it in a folder (/var/spool/spam), sends it to me for analysis or sends to the intended recipient. Since implementing postscreen my spam folder is empty and my daily message count has been cut about in half. Is postscreen really that good??? This sounds like an apples to oranges comparison. Have you looked at false positives and false negatives? Cheers, Ken
Re: postscreen on Debian
On Wed, Oct 10, 2012 at 9:43 AM, Peter Berghold salty.cowd...@gmail.comwrote: Am I missing something here or is postscreen missing from Debian 6.0.3? At what version of postfix is postscreen included? OK... found my answer on my own. Nevermind. Looks like Debian squeeze is stuck at postfix 2.7.1 so if I want to use postscreen on my inbound mail server I'll have to build from source. Normally I don't mind, but using puppet to manage packages makes building from source a PITA. -- Peter L. Berghold salty.cowd...@gmail.com http://blog.berghold.net
Re: postscreen on Debian
On 10.10.2012 15:56, Peter Berghold wrote: OK... found my answer on my own. Nevermind. Looks like Debian squeeze is stuck at postfix 2.7.1 so if I want to use postscreen on my inbound mail server I'll have to build from source. http://packages.debian.org/squeeze-backports/postfix -- Herbert
Re: Is postscreen really this good?
--On October 10, 2012 7:12:19 AM -0400 Wietse Venema wie...@porcupine.org wrote: The Stovebolt Geek: Recently I found out about postscreen on this list. After reading about it, I implemented it in pretty much the default configuration (copied below.) postscreen_bare_newline_action = ignore postscreen_bare_newline_enable = no postscreen_blacklist_action = ignore postscreen_dnsbl_action = ignore postscreen_greet_action = ignore postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_enable = no postscreen_pipelining_action = enforce postscreen_pipelining_enable = no This means postscreen blocks nothing. All it does is send half a greeting banner and wait 6s. I would not expect that to make a major difference in the amount of mail handled by your server. Did you actually look at the maillog file? You should see lots of clients hanging up without sending mail. I looked at the maillog and didn't see anything out of the ordinary. Here's an egrep of the log: # egrep '(error|fail|warn)' /var/log/maillog Oct 10 00:16:09 mail postfix/smtpd[71817]: warning: hostname tail.rpdevco.com does not resolve to address 173.232.29.122 Oct 10 00:16:12 mail postfix/smtpd[71817]: warning: hostname tail.rpdevco.com does not resolve to address 173.232.29.122 Oct 10 00:20:30 mail postfix/smtpd[71827]: warning: hostname dynamic-ip-adsl-190.186.20.68.cotas.com.bo does not resolve to address 190.186.20.68: hostname nor servname provided, or not known Oct 10 01:20:35 mail postfix/smtpd[72056]: warning: hostname tw7.com7.tw does not resolve to address 184.82.169.124: hostname nor servname provided, or not known Oct 10 01:25:12 mail postfix/policyd-weight[6870]: decided action=550 temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; client=unknown[220.152.169.130] helo=126.com from=rtyrdudthfffx...@126.com to=fromfrontp...@stovebolt.com; delay: 0s Oct 10 01:25:12 mail postfix/smtpd[72085]: NOQUEUE: reject: RCPT from unknown[220.152.169.130]: 550 5.7.1 fromfrontp...@stovebolt.com: Recipient address rejected: temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; from=rtyrdudthfffx...@126.com to=fromfrontp...@stovebolt.com proto=ESMTP helo=126.com Oct 10 01:33:02 mail postfix/smtpd[72115]: warning: hostname 177.132.27.90.dynamic.adsl.gvt.net.br does not resolve to address 177.132.27.90: hostname nor servname provided, or not known Oct 10 01:51:51 mail postfix/smtpd[72146]: warning: hostname 190-51-206-57.speedy.com.ar does not resolve to address 190.51.206.57: hostname nor servname provided, or not known Oct 10 01:53:53 mail postfix/smtpd[72146]: warning: hostname 190-51-206-57.speedy.com.ar does not resolve to address 190.51.206.57: hostname nor servname provided, or not known Oct 10 01:53:55 mail postfix/policyd-weight[6870]: decided action=550 temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; client=unknown[190.51.206.57] helo=[190.51.206.57] from=nathanaelfeint...@optusnet.com.au to=edi...@stovebolt.com; delay: 0s Oct 10 01:53:55 mail postfix/smtpd[72146]: NOQUEUE: reject: RCPT from unknown[190.51.206.57]: 550 5.7.1 edi...@stovebolt.com: Recipient address rejected: temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; from=nathanaelfeint...@optusnet.com.au to=edi...@stovebolt.com proto=ESMTP helo=[190.51.206.57] Oct 10 01:58:51 mail postfix/smtpd[72181]: warning: hostname 190-51-206-57.speedy.com.ar does not resolve to address 190.51.206.57: hostname nor servname provided, or not known Oct 10 02:00:33 mail postfix/smtpd[72181]: warning: hostname customer-187-157-143-94-sta.uninet-ide.com.mx does not resolve to address 187.157.143.94: hostname nor servname provided, or not known Oct 10 02:33:33 mail postfix/smtp[72330]: warning: numeric domain name in resource data of MX record for bettynbud.com: 76.167.181.36 Oct 10 02:45:48 mail postfix/smtpd[72379]: warning: hostname 35.30.32.125.adsl-pool.jlccptt.net.cn does not resolve to address 125.32.30.35: hostname nor servname provided, or not known Oct 10 03:05:33 mail postfix/smtpd[72525]: warning: hostname Charls-60-10.pacenet-india.com does not resolve to address 210.89.60.10: hostname nor servname provided, or not known Oct 10 03:06:28 mail postfix/smtpd[72525]: warning: hostname static.23.40.64.95.buh.evh.ro does not resolve to address 95.64.40.23: hostname nor servname provided, or not known Oct 10 04:16:28 mail postfix/smtpd[78621]: warning: hostname box01.nflk1ck0ff.com does not resolve to address 94.242.224.77: hostname nor servname provided, or not known Oct 10 04:26:22 mail postfix/smtpd[78660]: warning: hostname server-plesk.lumomm.nl does not resolve to address 195.184.64.30 Oct 10 04:33:45 mail postfix/smtpd[78700]: warning: hostname static.23.40.64.95.buh.evh.ro does not resolve to address 95.64.40.23:
Re: AW: How to change queue id?
On 10/03/2012 11:30 PM, Steffen Schebesta wrote: Thanks for all the insightful answers. So, I actually use the long_queue_ids options and I save the queue_ids to a database to later compare them to the queue_ids found in the mail log to parse and mark the bounces. The problem - and thus the source for my question - is that this always means a string compare in the database search which is aweful for performance. Not if you index the queue-ID properly. If the database is central to your bounce handling process, you need this anyway. -- J.
Re: Is postscreen really this good?
I think I may not what's wrong. Here's the master.cf settings:
# grep -v # /usr/local/etc/postfix/master.cf
smtp inet n - n - - smtpd -o
content_filter=filter:dummyr
smtpsinet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
pickupfifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgrunix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounceunix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verifyunix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scacheunix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmailunix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
filterunix - n n - 10 pipe
flags=Rq user=filter argv=/usr/local/bin/filter.sh -f ${sender} --
${recipient}
relay unix - - n - - smtp
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
In reading the docs it says to comment out the smtp line and uncomment the
one that routes to postscreen. I have both uncommented.
# grep -v # /usr/local/etc/postfix/master.cf | grep smtp
smtp inet n - n - - smtpd -o
content_filter=filter:dummyr
smtpsinet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
smtp unix - - n - - smtp
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
relay unix - - n - - smtp
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
The problem is, I also want to route through filter.sh, so how do I do that?
--
Paul Schmehl (g...@stovebolt.com)
The Stovebolt Geek
The Net's Oldest and Most Complete
Resource for Antique Chevy and GM Trucks
http://www.stovebolt.com
Re: Is postscreen really this good?
On 10/10/2012 11:04 AM, Paul Schmehl wrote: I think I may not what's wrong. Here's the master.cf settings: In reading the docs it says to comment out the smtp line and uncomment the one that routes to postscreen. I have both uncommented. # grep -v # /usr/local/etc/postfix/master.cf | grep smtp smtp inet n - n - - smtpd -o content_filter=filter:dummyr smtpsinet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes smtp unix - - n - - smtp bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient relay unix--n--smtp smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd The problem is, I also want to route through filter.sh, so how do I do that? You comment out the first line. Then, do this on the pass line: smtpd pass - - n - - smtpd -o content_filter=filter:dummyr This is all documented in the POSTSCREEN_README. Until you see postscreen lines in your syslog, it's not doing anything. The ignore actions will let you check the log for what would be blocked. Then you can use the enforce action to get results. Brian
Re: Is postscreen really this good?
On 10/10/2012 10:04 AM, Paul Schmehl wrote: In reading the docs it says to comment out the smtp line and uncomment the one that routes to postscreen. I have both uncommented. Yes, that's important, only one will have control of port 25. # grep -v # /usr/local/etc/postfix/master.cf | grep smtp smtp inet n - n - - smtpd -o content_filter=filter:dummyr Yes, the above line must be commented out or removed. Anything postscreen does will be logged: # grep '/postscreen' /var/log/maillog smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd The problem is, I also want to route through filter.sh, so how do I do that? add your -o content_filter override to the new smtpd pass service. -- Noel Jones
Re: Is postscreen really this good?
--On October 10, 2012 10:37:26 AM -0500 Noel Jones njo...@megan.vbhcs.org wrote: add your -o content_filter override to the new smtpd pass service. Thanks, Brian and Noel. I appreciate the help. I read all the readme files, but some of this stuff is above my pay grade. I get confused and am not sure what to do. -- Paul Schmehl (g...@stovebolt.com) The Stovebolt Geek The Net's Oldest and Most Complete Resource for Antique Chevy and GM Trucks http://www.stovebolt.com
Postfix 2.8.x and archive options
Good morning, I know about Postfix's always_bcc that sends all emails to another email mailbox. But are there some other options to archive emails ? For example all emails will be copied to a some direcotory. How do you solve your emails archoves ? Thanks and best regards J.Karliak. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binSufFh4cQgH.bin Description: Veřejný PGP klíč
