How to obtain blacklists IP lists

2016-12-16 Thread Roger Goh
This may have been raised before: we received quite a few malicious emails (containing malicious attachments) & on tracing the senders' IP (from the 'Internet Headers' of the received mails) & key into one of the services below, noted they are malicious & then we manually block them but by then

Re: request improved logging for postfix.

2016-12-16 Thread Noel Jones
On 12/16/2016 10:27 AM, /dev/rob0 wrote: > On Fri, Dec 16, 2016 at 09:56:26AM -0600, Noel Jones wrote: >> No fixes are necessary, other than maybe I should write a tutorial >> on reading logs. > > Oh, a LOG_README, an excellent idea! Later it can branch out into > the various configuration

Re: request improved logging for postfix.

2016-12-16 Thread /dev/rob0
On Fri, Dec 16, 2016 at 09:56:26AM -0600, Noel Jones wrote: > No fixes are necessary, other than maybe I should write a tutorial > on reading logs. Oh, a LOG_README, an excellent idea! Later it can branch out into the various configuration knobs we might eventually see. Do you think you could

RE: request improved logging for postfix.

2016-12-16 Thread Michael Fox
> No fixes are necessary, other than maybe I should write a tutorial > on reading logs. > > -- Noel Jones +1 In particular, your writing style is exceptionally clear! Michael

Re: request improved logging for postfix.

2016-12-16 Thread Noel Jones
On 12/16/2016 5:13 AM, L.P.H. van Belle wrote: > Maybe im totaly incorrect here so correct me if needed. Yes. > Now, Im running Debian Wheezy, postfix ( debian backport ) > 2.11.2-1~bpo70+1. Kernel : 3.2.82-1 > > I’ve increased the debug level in postfix for the domains. Don't use debug

Re: quick DANE question

2016-12-16 Thread Viktor Dukhovni
> On Dec 16, 2016, at 1:39 AM, Alice Wonder wrote: > > When an SMTP server publishes a TLSA record, will DANE enforcing SMTP servers > refuse to connect if the TLSA record matches the certificate but the > certificate has expired? That depends on the TLSA records:

Re: request improved logging for postfix.

2016-12-16 Thread Wietse Venema
>Now, here is an inconistany of logging ( i think ) by postfix. > >I point to this line,: ?sweeper2.stater.com[193.172.8.206]:25: >220-sweeper.stater.com ESMTP ? > >More consistand would be (sweeper2.stater.com[193.172.8.206]):25: >220-sweeper.stater.com ESMTP ? The form: client: request

Re: Recipient verification with sending IP equal to probe IP

2016-12-16 Thread Wietse Venema
Pedro David Marco: > > > >Given your smtpd_mumble_restrictions rule, permit_mynetworks allows > >a client to skip the reject_unverified_whatever check. > > Wietse > > why Wietse? permit_mynetworks is on first place and should basically only > allow loopback according tomynetworks = 127.0.0.0/8

Re: After smtps rejection, fails falling back to smtp (TLS) (Postfix 3.1.0)

2016-12-16 Thread Dominic Raferd
On 14 September 2016 at 13:42, Dominic Raferd wrote: > Thanks for your quick reply Viktor. OK now I understand that what I am > trying to do can't be done. If someone could implement the feature you > suggest (wrapper mode is enabled conditionally, only when the port is

request improved logging for postfix.

2016-12-16 Thread L . P . H . van Belle
Hello,   After the message from yesterday, im asking if the postfix logging can be changed. To improve the loggings and a better more clear reject message.   A small change maybe, i dont know, i’ll show what i mean below. Maybe im totaly incorrect here so correct me if needed.   Now,

Re: Recipient verification with sending IP equal to probe IP

2016-12-16 Thread Pedro David Marco
>Given your smtpd_mumble_restrictions rule, permit_mynetworks allows >a client to skip the reject_unverified_whatever check. > Wietse why Wietse? permit_mynetworks is on first place and should basically only allow loopback according tomynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128