Re: Spamrl.com RBL problem

2016-07-02 Thread Stefan Caunter 
On FreeBSD you still need to install postfix from a port. The port install will 
allow you to switch the MTA preference but you still need to configure an rc 
entry. Once that is done and postfix starts it will grab the relevant TCP/IP 
ports. Note that scripts can generally access localhost port 25; any MTA will 
relay faithfully for a local client. 

> On Jul 3, 2016, at 00:36, li...@lazygranch.com wrote:
> 
> This is probably more of a freebsd question, but it seems to me that Postfix 
> should be hogging (bound) to the mail ports, so if something is sending 
> email, it has to be using Postfix.
> 
> I ‎suppose modifying IPFW to log all mail port activity is also a good idea.
> 
> Wouldn't a script need to be in the rc.d to get fired up when I boot?
> 
>   Original Message  
> From: Matthew McGehrin
> Sent: Saturday, July 2, 2016 7:24 PM
> To: Postfix users
> Subject: Re: Spamrl.com RBL problem
> 
> Hello.
> 
> I would check your local system to see if you have any rogue perl 
> processes running. These are generally the cause of being blacklisted 
> for a dictionary attack, which implies that a script is running on your 
> local server.
> 
> Generally, you can spot them by the amount of CPU time, and they try to 
> mask the process id.
> 
> The end of DATA command is just the sequence at which it was denied. 
> It's standard.
> 
> -- Matthew
> 
> 
> li...@lazygranch.com wrote:
>> : host smx1.web-hosting.com[209.188.21.38] said: 550 
>> The
>> sending IP (my dotted quad) is listed on https://spamrl.com as a source of
>> dictionary attacks. (in reply to end of DATA command)
>> -
>> 
>> Is the "in reply to end of DATA command" significant? 
>> 
>>

Re: Spamrl.com RBL problem

2016-07-02 Thread lists 
This is probably more of a freebsd question, but it seems to me that Postfix 
should be hogging (bound) to the mail ports, so if something is sending email, 
it has to be using Postfix.

I ‎suppose modifying IPFW to log all mail port activity is also a good idea.

Wouldn't a script need to be in the rc.d to get fired up when I boot?

  Original Message  
From: Matthew McGehrin
Sent: Saturday, July 2, 2016 7:24 PM
To: Postfix users
Subject: Re: Spamrl.com RBL problem

Hello.

I would check your local system to see if you have any rogue perl 
processes running. These are generally the cause of being blacklisted 
for a dictionary attack, which implies that a script is running on your 
local server.

Generally, you can spot them by the amount of CPU time, and they try to 
mask the process id.

The end of DATA command is just the sequence at which it was denied. 
It's standard.

-- Matthew


li...@lazygranch.com wrote:
> : host smx1.web-hosting.com[209.188.21.38] said: 550 
> The
> sending IP (my dotted quad) is listed on https://spamrl.com as a source of
> dictionary attacks. (in reply to end of DATA command)
> -
>
> Is the "in reply to end of DATA command" significant? 
>
>

Re: Is not honoring bounces-to violation of RFC?

2016-07-02 Thread Bill Cole 

On 29 Jun 2016, at 11:45, Chip wrote:


I will read up on it.  Thank you for the link.

Not everyone, I think, who visits this list is an engineer.


True, unless you accept Michael Wise's generous functional definition. 
I'm on the fence there, as I've held job titles calling me an engineer 
but my only formal engineering training was secondary to theatrical set 
design and construction, i.e. to make sure actors didn't die in 
collapses of not quite enough steel and/or wood. All of my education in 
"software engineering" and "systems engineering" (skills I supposedly 
have if you believe job titles) is from a handful of low-numbered 
college classes 25+ years ago and on-the-job/self training


But Michael is entirely correct in that nearly everyone subscribed to 
this list is a de facto mail system "engineer" in that we work with the 
complexities of configuring and operating mail systems. So even though I 
don't build bridges, haven't built a stage set in decades, and don't 
write much ode these days, I DO "drive the trains" of multiple email 
systems, some of which use Postfix. So I'm an engineer, I guess.


And so are you, since you seem to have run both Postfix and Exim systems 
at least at the "train driver" level (and frankly, railroad engineers 
ARE engineers to at least the same degree as sysadmins, but most of us 
just don't have any idea how complex trains can be...)


So it would have been easier to understand if the response had been 
along the lines of:


"envelope-from" instead of just FROM since there are a number of Froms 
in the source code.


Someone wrote: "Return-path is a header added by the receiving MTA 
(usually on final

delivery) that contains the envelope sender (MAIL FROM) used by the
sending system.


Which is accurate, if a bit ecumenical in its nomenclature...

It would definitely be helpful if everyone trying to manage mail systems 
read RFC5598 (https://tools.ietf.org/html/rfc5598) carefully enough and 
often enough to adopt its formal terminology. Dave Crocker's purpose in 
writing that RFC was to establish precise standard jargon and a baseline 
understanding of how email actually works (and is intended to work) for 
people who should have such an understanding. If you're running a mail 
server, whether you accept the label "engineer" or not, you should 
definitely read it.

Re: Spamrl.com RBL problem

2016-07-02 Thread Matthew McGehrin 

Hello.

I would check your local system to see if you have any rogue perl 
processes running. These are generally the cause of being blacklisted 
for a dictionary attack, which implies that a script is running on your 
local server.


Generally, you can spot them by the amount of CPU time, and they try to 
mask the process id.


The end of DATA command is just the sequence at which it was denied. 
It's standard.


-- Matthew


li...@lazygranch.com wrote:

: host smx1.web-hosting.com[209.188.21.38] said: 550 The
sending IP (my dotted quad) is listed on https://spamrl.com as a source of
dictionary attacks. (in reply to end of DATA command)
-

Is the "in reply to end of DATA command" significant?

Spamrl.com RBL problem

2016-07-02 Thread lists 
I will start this over to get rid of the HTML mail crap. This is the bounce 
reply with some sanitizing to keep this message off of the Google bot:
 

‎This is the mail system at host www.mydomain.com

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

: host smx1.web-hosting.com[209.188.21.38] said: 550 The
    sending IP (my dotted quad) is listed on https://spamrl.com as a source of
    dictionary attacks. (in reply to end of DATA command)
-

Is the "in reply to end of DATA command" significant? 

Re: RBL claims I'm doing a dictionary search

2016-07-02 Thread Ralf Hildebrandt 
* Ralf Hildebrandt :
> * li...@lazygranch.com :
> >  body {  font-family: "Calibri","Slate 
> > Pro",sans-serif,"sans-serif"; color:#262626 }   > lang="en-US">I've got this 
> > ‎RBLhttps://spamrl.com/;that claims my server is 
> > doing a dictionary search. I see nothing in the maillog. I have checked for 
> > an open relay using an online website. No other RBLs claim my server is an 
> > issue.‎ I am the only user that can send email from the 
> > server.Any ideas 
> > regarding what else to 
> > check?‎
> 
> Could you please turn off HTML. This is illegible.

So spamrl.com has the IP or the domain of your server listed?
What is the actual rejection message you're getting.

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
   
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: RBL claims I'm doing a dictionary search

2016-07-02 Thread Ralf Hildebrandt 
* li...@lazygranch.com :
>  body {  font-family: "Calibri","Slate 
> Pro",sans-serif,"sans-serif"; color:#262626 }   lang="en-US">I've got this 
> ‎RBLhttps://spamrl.com/;that claims my server is 
> doing a dictionary search. I see nothing in the maillog. I have checked for 
> an open relay using an online website. No other RBLs claim my server is an 
> issue.‎ I am the only user that can send email from the 
> server.Any ideas 
> regarding what else to 
> check?‎

Could you please turn off HTML. This is illegible.

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
   
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

RBL claims I'm doing a dictionary search

2016-07-02 Thread lists 
 I've got this ‎RBLhttps://spamrl.com/ that claims my server is doing a dictionary search. I see nothing in the maillog. I have checked for an open relay using an online website. No other RBLs claim my server is an issue.‎ I am the only user that can send email from the server. Any ideas regarding what else to check?‎