Re: Spamrl.com RBL problem
On FreeBSD you still need to install postfix from a port. The port install will allow you to switch the MTA preference but you still need to configure an rc entry. Once that is done and postfix starts it will grab the relevant TCP/IP ports. Note that scripts can generally access localhost port 25; any MTA will relay faithfully for a local client. > On Jul 3, 2016, at 00:36, li...@lazygranch.com wrote: > > This is probably more of a freebsd question, but it seems to me that Postfix > should be hogging (bound) to the mail ports, so if something is sending > email, it has to be using Postfix. > > I suppose modifying IPFW to log all mail port activity is also a good idea. > > Wouldn't a script need to be in the rc.d to get fired up when I boot? > > Original Message > From: Matthew McGehrin > Sent: Saturday, July 2, 2016 7:24 PM > To: Postfix users > Subject: Re: Spamrl.com RBL problem > > Hello. > > I would check your local system to see if you have any rogue perl > processes running. These are generally the cause of being blacklisted > for a dictionary attack, which implies that a script is running on your > local server. > > Generally, you can spot them by the amount of CPU time, and they try to > mask the process id. > > The end of DATA command is just the sequence at which it was denied. > It's standard. > > -- Matthew > > > li...@lazygranch.com wrote: >>: host smx1.web-hosting.com[209.188.21.38] said: 550 >> The >> sending IP (my dotted quad) is listed on https://spamrl.com as a source of >> dictionary attacks. (in reply to end of DATA command) >> - >> >> Is the "in reply to end of DATA command" significant? >> >>
Re: Spamrl.com RBL problem
This is probably more of a freebsd question, but it seems to me that Postfix should be hogging (bound) to the mail ports, so if something is sending email, it has to be using Postfix. I suppose modifying IPFW to log all mail port activity is also a good idea. Wouldn't a script need to be in the rc.d to get fired up when I boot? Original Message From: Matthew McGehrin Sent: Saturday, July 2, 2016 7:24 PM To: Postfix users Subject: Re: Spamrl.com RBL problem Hello. I would check your local system to see if you have any rogue perl processes running. These are generally the cause of being blacklisted for a dictionary attack, which implies that a script is running on your local server. Generally, you can spot them by the amount of CPU time, and they try to mask the process id. The end of DATA command is just the sequence at which it was denied. It's standard. -- Matthew li...@lazygranch.com wrote: >: host smx1.web-hosting.com[209.188.21.38] said: 550 > The > sending IP (my dotted quad) is listed on https://spamrl.com as a source of > dictionary attacks. (in reply to end of DATA command) > - > > Is the "in reply to end of DATA command" significant? > >
Re: Is not honoring bounces-to violation of RFC?
On 29 Jun 2016, at 11:45, Chip wrote: I will read up on it. Thank you for the link. Not everyone, I think, who visits this list is an engineer. True, unless you accept Michael Wise's generous functional definition. I'm on the fence there, as I've held job titles calling me an engineer but my only formal engineering training was secondary to theatrical set design and construction, i.e. to make sure actors didn't die in collapses of not quite enough steel and/or wood. All of my education in "software engineering" and "systems engineering" (skills I supposedly have if you believe job titles) is from a handful of low-numbered college classes 25+ years ago and on-the-job/self training But Michael is entirely correct in that nearly everyone subscribed to this list is a de facto mail system "engineer" in that we work with the complexities of configuring and operating mail systems. So even though I don't build bridges, haven't built a stage set in decades, and don't write much ode these days, I DO "drive the trains" of multiple email systems, some of which use Postfix. So I'm an engineer, I guess. And so are you, since you seem to have run both Postfix and Exim systems at least at the "train driver" level (and frankly, railroad engineers ARE engineers to at least the same degree as sysadmins, but most of us just don't have any idea how complex trains can be...) So it would have been easier to understand if the response had been along the lines of: "envelope-from" instead of just FROM since there are a number of Froms in the source code. Someone wrote: "Return-path is a header added by the receiving MTA (usually on final delivery) that contains the envelope sender (MAIL FROM) used by the sending system. Which is accurate, if a bit ecumenical in its nomenclature... It would definitely be helpful if everyone trying to manage mail systems read RFC5598 (https://tools.ietf.org/html/rfc5598) carefully enough and often enough to adopt its formal terminology. Dave Crocker's purpose in writing that RFC was to establish precise standard jargon and a baseline understanding of how email actually works (and is intended to work) for people who should have such an understanding. If you're running a mail server, whether you accept the label "engineer" or not, you should definitely read it.
Re: Spamrl.com RBL problem
Hello. I would check your local system to see if you have any rogue perl processes running. These are generally the cause of being blacklisted for a dictionary attack, which implies that a script is running on your local server. Generally, you can spot them by the amount of CPU time, and they try to mask the process id. The end of DATA command is just the sequence at which it was denied. It's standard. -- Matthew li...@lazygranch.com wrote:: host smx1.web-hosting.com[209.188.21.38] said: 550 The sending IP (my dotted quad) is listed on https://spamrl.com as a source of dictionary attacks. (in reply to end of DATA command) - Is the "in reply to end of DATA command" significant?
Spamrl.com RBL problem
I will start this over to get rid of the HTML mail crap. This is the bounce reply with some sanitizing to keep this message off of the Google bot: This is the mail system at host www.mydomain.com I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system: host smx1.web-hosting.com[209.188.21.38] said: 550 The sending IP (my dotted quad) is listed on https://spamrl.com as a source of dictionary attacks. (in reply to end of DATA command) - Is the "in reply to end of DATA command" significant?
Re: RBL claims I'm doing a dictionary search
* Ralf Hildebrandt: > * li...@lazygranch.com : > > body { font-family: "Calibri","Slate > > Pro",sans-serif,"sans-serif"; color:#262626 } > lang="en-US">I've got this > > RBLhttps://spamrl.com/;that claims my server is > > doing a dictionary search. I see nothing in the maillog. I have checked for > > an open relay using an online website. No other RBLs claim my server is an > > issue. I am the only user that can send email from the > > server.Any ideas > > regarding what else to > > check? > > Could you please turn off HTML. This is illegible. So spamrl.com has the IP or the domain of your server listed? What is the actual rejection message you're getting. -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: RBL claims I'm doing a dictionary search
* li...@lazygranch.com: > body { font-family: "Calibri","Slate > Pro",sans-serif,"sans-serif"; color:#262626 } lang="en-US">I've got this > RBLhttps://spamrl.com/;that claims my server is > doing a dictionary search. I see nothing in the maillog. I have checked for > an open relay using an online website. No other RBLs claim my server is an > issue. I am the only user that can send email from the > server.Any ideas > regarding what else to > check? Could you please turn off HTML. This is illegible. -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
RBL claims I'm doing a dictionary search
I've got this RBLhttps://spamrl.com/ that claims my server is doing a dictionary search. I see nothing in the maillog. I have checked for an open relay using an online website. No other RBLs claim my server is an issue. I am the only user that can send email from the server. Any ideas regarding what else to check?