[pfx] Re: Strange dnsblog lookup errors
Friday, January 12, 2024, 11:26:33 AM, Wietse Venema via Postfix-users wrote: > Phil Biggs via Postfix-users: >> >> Back in June of 2023 I added list.dnswl.org to postscreen. >> >> Over time I've noticed that I get the occasional lookup error like this: >> >> postfix/dnsblog 17448 - - warning: dnsblog_query: lookup error for DNS query >> 137.52.152.104.list.dnswl.org: Host or domain name not found. Name service >> error for name=137.52.152.104.list.dnswl.org type=A: Host not found, try >> again >> >> As later lookups returned valid results, I had just put that down to some >> glitch with dnswl's servers. > I suspect packet loss somewhere on the path between your system and > list.dnswl.org. I had a few of the above type of error in my maillog > files in the months from June to December 2022, for list.dnswl.org > and zen.spamhaus.org, and some for both. > Wietse > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org Thanks, Wietse. It just seemed strange to me that zen disappeared completely from these logs right after I added dnswl. -- Cheers, Phil ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Strange dnsblog lookup errors
Phil Biggs via Postfix-users: > > Back in June of 2023 I added list.dnswl.org to postscreen. > > Over time I've noticed that I get the occasional lookup error like this: > > postfix/dnsblog 17448 - - warning: dnsblog_query: lookup error for DNS query > 137.52.152.104.list.dnswl.org: Host or domain name not found. Name service > error for name=137.52.152.104.list.dnswl.org type=A: Host not found, try > again > > As later lookups returned valid results, I had just put that down to some > glitch with dnswl's servers. I suspect packet loss somewhere on the path between your system and list.dnswl.org. I had a few of the above type of error in my maillog files in the months from June to December 2022, for list.dnswl.org and zen.spamhaus.org, and some for both. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Strange dnsblog lookup errors
Back in June of 2023 I added list.dnswl.org to postscreen. Over time I've noticed that I get the occasional lookup error like this: postfix/dnsblog 17448 - - warning: dnsblog_query: lookup error for DNS query 137.52.152.104.list.dnswl.org: Host or domain name not found. Name service error for name=137.52.152.104.list.dnswl.org type=A: Host not found, try again As later lookups returned valid results, I had just put that down to some glitch with dnswl's servers. Yesterday I got this error for my ISP's outbound server, which I know is listed with dnswl. I thought I'd have a look at historical logs. Up to the date when I added list.dnswl.org, I had only zen.spamhaus.org in my postscreen_dnsbl_sites. Searching through my logs I see that, up until June last year, I had those same error logs but only for zen. (To be expected, given that it was the only one in use.) After that date, though, every logged error is for list.dnswl.org and there are none for zen.spamhaus.org. Just wondering why that might be. My postscreen config: postscreen_cache_map = btree:/var/db/postfix/postscreen_cache postscreen_greet_action = enforce postscreen_denylist_action = enforce postscreen_dnsbl_allowlist_threshold = -1 postscreen_dnsbl_sites = list.dnswl.org*-6, zen.spamhaus.org*2 postscreen_dnsbl_action = enforce postscreen_dnsbl_threshold = 2 -- Thanks, Phil ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postfix repo
On Thu, Jan 11, 2024 at 07:29:40PM +0100, Benny Pedersen via Postfix-users wrote: > Wietse Venema via Postfix-users skrev den 2024-01-11 15:56: > > natan via Postfix-users: > > > Hi Wietse Have you thought about postfix repo for Debian, just like > > > dovecot has for his relase ? > > > > > > I'm asking by the way > > > > Yes. It will happen some time. > > so next is gentoo ebuilds ? :) No. There is no Postfix binary release build farm, and nobody has volunteered to coördinate binary release engineering at the Postfix project level for all supported platforms. Since there are existing actively maintained Postfix packages for most if not all platforms of interest, it is rather unclear what the point would be of centralising the package builds. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postfix repo
Wietse Venema via Postfix-users skrev den 2024-01-11 15:56: natan via Postfix-users: Hi Wietse Have you thought about postfix repo for Debian, just like dovecot has for his relase ? I'm asking by the way Yes. It will happen some time. so next is gentoo ebuilds ? :) ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postfix repo
On January 11, 2024 2:53:35 PM UTC, natan via Postfix-users wrote: >Hi Wietse Have you thought about postfix repo for Debian, just like dovecot >has for his relase ? > >I'm asking by the way Current postfix updates for supported Debian releases are available through Debian: https://lists.debian.org/debian-stable-announce/2023/12/msg4.html Scott K ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Not a very important problem - smtpd_sender_login_maps
On 11.01.24 14:08, natan via Postfix-users wrote: I know it may seem quite strange, but I need it for my MX ... I need a mapping every single email to the same one in pcre for sender_login_maps.cf for reject_sender_login_mismatch ... smtpd_sender_login_maps = pcre:/etc/postfix/sender_login_maps.cf ... Yes, I can use an existing map - I have such a map for outgoing e-mails But I need a this "wildcard" for my MX that only works for incoming mail something like .*@.* -> *.@.* By "incoming mail" do you mean mail from unauthenticated machines on internet? Why do you want allow them send e-mail as any user? Because that's what such wildcard would to. I just don't want stupid bots to try to play... Perhaps try explaining your problem more deeply? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux - It's now safe to turn on your computer. Linux - Teraz mozete pocitac bez obav zapnut. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postfix repo
Viktor Dukhovni via Postfix-users: > On Thu, Jan 11, 2024 at 03:53:35PM +0100, natan via Postfix-users wrote: > > Hi Wietse Have you thought about postfix repo for Debian, just like dovecot > > has for his relase ? > > > > What is a "Postfix repo for Debian"? Do you mean binary release > packages? What's wrong with the packages from the Debian maintainers? If he means Postfix distributing BINARY packages for Debian, RedHat, *BSD, and so on, then I do not expect that to happen. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postfix repo
On Thu, Jan 11, 2024 at 03:53:35PM +0100, natan via Postfix-users wrote: > Hi Wietse Have you thought about postfix repo for Debian, just like dovecot > has for his relase ? > What is a "Postfix repo for Debian"? Do you mean binary release packages? What's wrong with the packages from the Debian maintainers? -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postfix repo
natan via Postfix-users: > Hi Wietse Have you thought about postfix repo for Debian, just like > dovecot has for his relase ? > > I'm asking by the way Yes. It will happen some time. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Not a very important problem - smtpd_sender_login_maps
On Thu, Jan 11, 2024 at 02:08:28PM +0100, natan via Postfix-users wrote:
> I need a mapping every single email to the same one in pcre for
> sender_login_maps.cf for
>
> reject_sender_login_mismatch
> ...
> smtpd_sender_login_maps = pcre:/etc/postfix/sender_login_maps.cf
> ...
>
> Yes, I can use an existing map - I have such a map for outgoing e-mails
> But I need a this "wildcard" for my MX that only works for incoming mail
> something like .*@.* -> *.@.*
>
> I just don't want stupid bots to try to play...
It is not clear to me what question, if any, you're asking.
With Postfix >= 3.7, a PCRE identity mapping requires no additional
table files:
smtpd_sender_login_maps = pcre:{{/(.*)/ $${1}}}
with earlier releases the requisite file consists of:
/(.*)/ ${1}
--
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] postfix repo
Hi Wietse Have you thought about postfix repo for Debian, just like dovecot has for his relase ? I'm asking by the way -- ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Logging of SMTP smuggling mitigation
Ralf Hildebrandt via Postfix-users: > > Would it be possible to log at least the queue-id as well? Also sender > > and/or recipient would be nice ;-) Or is it for security that no more > > information is logged? > > 20240104 > > Cleanup: when the Postfix SMTP server rejects bare , > log the helo, mail and rcpt information if available. Files: > smtpd/smtpd.c, smtpd/smtpd_check.c. > > Will be in 3.9, but I guess not in the other versions. I will add this and other improvements to the STABLE releases AFTER code has been proven to work in 3.9. This is better than updating stable releases every few days. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Logging of SMTP smuggling mitigation
> Would it be possible to log at least the queue-id as well? Also sender > and/or recipient would be nice ;-) Or is it for security that no more > information is logged? 20240104 Cleanup: when the Postfix SMTP server rejects bare , log the helo, mail and rcpt information if available. Files: smtpd/smtpd.c, smtpd/smtpd_check.c. Will be in 3.9, but I guess not in the other versions. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Not a very important problem - smtpd_sender_login_maps
Hi I know it may seem quite strange, but I need it for my MX ... I need a mapping every single email to the same one in pcre for sender_login_maps.cf for reject_sender_login_mismatch ... smtpd_sender_login_maps = pcre:/etc/postfix/sender_login_maps.cf ... Yes, I can use an existing map - I have such a map for outgoing e-mails But I need a this "wildcard" for my MX that only works for incoming mail something like .*@.* -> *.@.* I just don't want stupid bots to try to play... -- ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Logging of SMTP smuggling mitigation
Hello we use the "new" feature for the mitigation of the SMTP smuggling via > smtpd_forbid_bare_newline = yes in main.cf and wanted to ask if it would be possible to log more information upon such a reject > bare received after DATA (0 bytes) from mail- m121165.qiye.163.com[115.236.121.165] Would it be possible to log at least the queue-id as well? Also sender and/or recipient would be nice ;-) Or is it for security that no more information is logged? Have a good one tobi ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
