Re: 2.10 problem
not much required, 'man 6 figlet' On Tue, Jun 4, 2013 at 7:09 AM, Jerry postfix-u...@seibercom.net wrote: On Tue, 4 Jun 2013 00:08:17 + Viktor Dukhovni articulated: On Mon, Jun 03, 2013 at 04:45:41PM -0700, Grant wrote: I know this is incredibly vague, but can anyone hazard a guess as to what the problem might be? L O G S L 0 0 G G S L 0 0 G GG S L 0 0 G S L 0 0 G S L 0 0 G S L 0 0 G G S L O G S Someone has way too much time on their hands! -- Jerry ✌ postfix-u...@seibercom.net _ TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
Re: dictionary-attack
On Tue, Mar 26, 2013 at 4:16 PM, Wietse Venema wie...@porcupine.org wrote: Lima Union: [ Charset ISO-8859-1 unsupported, converting... ] Am 26.03.2013 19:36, schrieb Lima Union: Wietse, ok, I'll disable the fqrdns check for now and check the chroot configuration after I return from holidays this is ONE char in the master.cf and if i where you i would not make holidays as long a production server is known misconfigured ok, done, chroot has been disabled and the fqrdns.pcre is working now. After disabling the chroot I issued an 'egrep '(warning|error|fatal|panic):' /var/log/mail' and am seeing many warnings like these, is it ok? Mar 26 15:56:03 relay1 postfix/smtpd[2111]: warning: 178.88.224.150: hostname 178.88.224.150.megaline.telecom.kz verification failed: Name or service not known Mar 26 15:56:03 relay1 postfix/smtpd[1953]: warning: 201.216.208.5: hostname customer-static-201-216-208.5.iplannetworks.net verification failed: Name or service not known Mar 26 15:56:18 relay1 postfix/smtpd[1951]: warning: 63.141.239.151: hostname muv4ward.com verification failed: Name or service not known Mar 26 15:56:31 relay1 postfix/smtpd[1951]: warning: 87.98.228.174: address not listed for hostname www.thedesigninstitution.com Mar 26 15:56:34 relay1 postfix/smtpd[2021]: warning: 64.191.105.74: hostname 64-191-105-74.static.hostnoc.net verification failed: Name or service not known Yes, broken DNS happens. Instead of reject_unknown_client_hostname you could use reject_unknown_reverse_client_hostname which will use the name even if the above checks fail. http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname Also, your chroot jail is missing files. Please complain to the distributor. Wietse Wietse, there's something I don't understand. I've commented out the check_reverse_client_hostname_access, reloaded postfix and am still finding those DNS warnings (ie: hostname 77-121-229-206.dhcp.kram-city.net verification failed: Name or service not known). How to know which setting is triggering that? and is it just a warning, not a reject right? in my main.cf there's no reject_unknown_client_hostname as your suggestion. Here's a copy of my current smtpd_recipient_restrictions settings: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, # warn_if_reject reject_unknown_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, # reject_unknown_sender_domain, # reject_unknown_recipient_domain, reject_unverified_recipient, check_client_access hash:$config_directory/maps/smtpd_client_checks, # check_reverse_client_hostname_access regexp:$config_directory/maps/fqrdns.pcre, check_helo_access hash:$config_directory/maps/smtpd_helo_checks, check_sender_access hash:$config_directory/maps/smtpd_sender_checks, check_sender_access regexp:$config_directory/maps/smtpd_sender_checks.regexp, check_recipient_access hash:$config_directory/maps/smtpd_recipient_checks, reject_non_fqdn_hostname, #reject_unverified_recipient, reject_rbl_client zen.spamhaus.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, reject_rhsbl_client rhsbl.sorbs.net, check_sender_access hash:$config_directory/maps/forged_domain_senders, check_policy_service inet:127.0.0.1:10023, permit Thanks once again. LU
Re: dictionary-attack
On Mon, Mar 25, 2013 at 10:52 AM, Noel Jones njo...@megan.vbhcs.org wrote: On 3/25/2013 7:55 AM, Lima Union wrote: On Sat, Mar 23, 2013 at 11:31 AM, Benny Pedersen m...@junc.eu wrote: Ejaz skrev den 2013-03-23 11:49: ... are you missing http://www.hardwarefreak.com/fqrdns.pcre ? :) very interesting link, as I understand my postfix is not prepared for pcre thus I won't be able to use it, right? $ /usr/sbin/postconf -m btree cidr environ hash internal ldap nis proxy regexp static tcp unix LU You can use this file as a regexp: type. pcre is recommended as it's a little faster than the built-in regexp library on most systems. This particular file doesn't (seem to) have any pcre-specific syntax in it, so should work fine with regexp. You can test it yourself easily enough... # postmap -q foo regexp:fqrdns.pcre (yes, I mean foo; should give no output nor errors) # postmap -q 00.cpe.cableonda.net regexp:fqrdns.pcre REJECT Generic - Please relay via ISP (cableonda.net) (picked at random, shows that matching works) -- Noel Jones ok, it seems that for some reason the check is not being triggered (#847) after a postfix reload and 24 hours of operation in a busy server, any ideas? 835 smtpd_recipient_restrictions = 836 permit_mynetworks, 837 reject_unauth_destination, 838 reject_invalid_helo_hostname, 839 reject_non_fqdn_helo_hostname, 840 # warn_if_reject reject_unknown_helo_hostname, 841 reject_non_fqdn_sender, 842 reject_non_fqdn_recipient, 843 # reject_unknown_sender_domain, 844 # reject_unknown_recipient_domain, 845 reject_unverified_recipient, 846 check_client_access hash:$config_directory/maps/smtpd_client_checks, 847 check_reverse_client_hostname_access regexp:$config_directory/maps/fqrdns.pcre, 848 check_helo_access hash:$config_directory/maps/smtpd_helo_checks, 849 check_sender_access hash:$config_directory/maps/smtpd_sender_checks, 850 check_sender_access regexp:$config_directory/maps/smtpd_sender_checks.regexp, 851 check_recipient_access hash:$config_directory/maps/smtpd_recipient_checks, 852 reject_non_fqdn_hostname, 853 #reject_unverified_recipient, 854 reject_rbl_client zen.spamhaus.org, 855 reject_rbl_client b.barracudacentral.org, 856 reject_rbl_client psbl.surriel.com, 857 reject_rbl_client bl.spamcop.net, 858 reject_rhsbl_client rhsbl.sorbs.net, 859 check_sender_access hash:$config_directory/maps/forged_domain_senders, 860 check_policy_service inet:127.0.0.1:10023, 861 permit Thanks in advance. LU
Re: dictionary-attack
On Tue, Mar 26, 2013 at 1:17 PM, Stan Hoeppner s...@hardwarefreak.com wrote: On 3/26/2013 7:04 AM, Lima Union wrote: ... ok, it seems that for some reason the check is not being triggered (#847) after a postfix reload and 24 hours of operation in a busy server, any ideas? So when you grep Please relay via ISP against your mail log you get nothing? Do you have any warnings or errors related to this parameter? Is this host behind a NAT or proxy that doesn't pass the client rDNS name to Postfix? It may be helpful to post a transaction from your log, addresses obfuscated if need be, so we can verify Postfix is seeing client rDNS strings. 835 smtpd_recipient_restrictions = ... 847 check_reverse_client_hostname_access regexp:$config_directory/maps/fqrdns.pcre, ... This parameter is only supported in 2.6 and later. This is clearly stated in the instructions at the top of the fqrdns.pcre file. What version of Postfix are you running? -- Stan As suggested by Noel I added at the end of the file the WARN and it's logging, thus it's using the file (also checked with postconf -n). Postfix is mail_version 2.7.3. The problem seems to be with the rDNS resolution as suggested by Stan, what I don't know is why it's not working. This MTA is behing a firewall, in a DMZ with a bidirectional mapping (1:1). I issued a grep ': connect from' and everything shown is 'connect from unknown[ip.add.re.ss]'. I'm using pdnsd for caching purposes. My resolv.conf points to 127.0.0.1 and seems to be working fine: $ dig +short -x 209.85.212.54 mail-vb0-f54.google.com. Why postfix is not doing the rDNS? what can I check? Thanks!
Re: dictionary-attack
On Tue, Mar 26, 2013 at 3:14 PM, Benny Pedersen m...@junc.eu wrote: Lima Union skrev den 2013-03-26 13:04: 853 #reject_unverified_recipient, postconf -n not just content listning from main.cf your error might just be that you have # at random lines ok, here it's (hostname/ip anonymized ) alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases biff = no body_checks = regexp:$config_directory/maps/body_checks.regexp bounce_queue_lifetime = 1d bounce_size_limit = 5000 command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 10 delay_warning_time = 6h disable_vrfy_command = yes header_checks = regexp:$config_directory/maps/header_checks.regexp header_size_limit = 5 hopcount_limit = 20 html_directory = /usr/share/doc/postfix-2.7.3-documentation/html inet_interfaces = all initial_destination_concurrency = 5 local_recipient_maps = local_transport = error:local mail delivery is disabled on this machine mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_queue_lifetime = 1d message_size_limit = 13631488 milter_default_action = accept milter_protocol = 2 mime_header_checks = regexp:$config_directory/maps/mime_header_checks.regexp mydestination = mydomain = mycompany.com myhostname = relay1.mycompany.com mynetworks = 10.1.1.24, 10.1.1.25, 127.0.0.0/8 myorigin = $mydomain nested_header_checks = newaliases_path = /usr/bin/newaliases.postfix notify_classes = resource,software,delay queue_directory = /var/spool/postfix queue_minfree = 15000 readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme relay_domains = $mydomain sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name. NO UCE smtpd_client_connection_count_limit = 20 smtpd_client_connection_rate_limit = 50 smtpd_data_restrictions = warn_if_reject reject_unauth_pipelining,permit smtpd_error_sleep_time = 10s smtpd_hard_error_limit = 10 smtpd_helo_required = yes smtpd_junk_command_limit = 5 smtpd_milters = inet:localhost:10025 inet:localhost:10034 smtpd_recipient_limit = 500 smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination,reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,reject_non_fqdn_sender, reject_non_fqdn_recipient,reject_unverified_recipient, check_client_access hash:$config_directory/maps/smtpd_client_checks, check_reverse_client_hostname_access regexp:$config_directory/maps/fqrdns.pcre,check_helo_access hash:$config_directory/maps/smtpd_helo_checks, check_sender_access hash:$config_directory/maps/smtpd_sender_checks, check_sender_access regexp:$config_directory/maps/smtpd_sender_checks.regexp, check_recipient_access hash:$config_directory/maps/smtpd_recipient_checks, reject_non_fqdn_hostname,reject_rbl_client zen.spamhaus.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client psbl.surriel.com,reject_rbl_client bl.spamcop.net,reject_rhsbl_client rhsbl.sorbs.net, check_sender_access hash:$config_directory/maps/forged_domain_senders, check_policy_service inet:127.0.0.1:10023,permit smtpd_soft_error_limit = 5 strict_rfc821_envelopes = yes transport_maps = hash:/etc/postfix/transport unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550 virtual_alias_domains = somecompany.com virtual_alias_maps = hash:/etc/postfix/virtual hash:/etc/postfix/maps/virtual.somecompany.com
Re: dictionary-attack
On Tue, Mar 26, 2013 at 3:20 PM, Benny Pedersen m...@junc.eu wrote: Lima Union skrev den 2013-03-26 18:59: what can I check? dig +trace ipv4.google.com are the trace with hostnames all places ? if you are on ipv6 change ipv4 to ipv6 are you using forwarders that does not support dnssec ? is it working if you use nameserver 8.8.8.8 in resolv.conf ? No ipv6 here and pdnsd is using 8.8.8.8 as DNS server. $ dig +trace ipv4.google.com ; DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 +trace ipv4.google.com ;; global options: printcmd . 199752 IN NS j.root-servers.net. . 199752 IN NS l.root-servers.net. . 199752 IN NS k.root-servers.net. . 199752 IN NS a.root-servers.net. . 199752 IN NS b.root-servers.net. . 199752 IN NS d.root-servers.net. . 199752 IN NS h.root-servers.net. . 199752 IN NS i.root-servers.net. . 199752 IN NS f.root-servers.net. . 199752 IN NS e.root-servers.net. . 199752 IN NS m.root-servers.net. . 199752 IN NS g.root-servers.net. . 199752 IN NS c.root-servers.net. ;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 11 ms com.172800 IN NS k.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. com.172800 IN NS j.gtld-servers.net. com.172800 IN NS g.gtld-servers.net. com.172800 IN NS h.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS f.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS a.gtld-servers.net. com.172800 IN NS i.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. ;; Received 505 bytes from 192.58.128.30#53(j.root-servers.net) in 10 ms google.com. 172800 IN NS ns2.google.com. google.com. 172800 IN NS ns1.google.com. google.com. 172800 IN NS ns3.google.com. google.com. 172800 IN NS ns4.google.com. ;; Received 169 bytes from 192.52.178.30#53(k.gtld-servers.net) in 315 ms ipv4.google.com.604800 IN CNAME ipv4.l.google.com. ipv4.l.google.com. 300 IN A 74.125.229.209 ipv4.l.google.com. 300 IN A 74.125.229.211 ipv4.l.google.com. 300 IN A 74.125.229.210 ipv4.l.google.com. 300 IN A 74.125.229.212 ipv4.l.google.com. 300 IN A 74.125.229.208 ;; Received 134 bytes from 216.239.34.10#53(ns2.google.com) in 173 ms
Re: dictionary-attack
On Tue, Mar 26, 2013 at 3:21 PM, Wietse Venema wie...@porcupine.org wrote: Lima Union: working. This MTA is behing a firewall, in a DMZ with a bidirectional mapping (1:1). I issued a grep ': connect from' and everything shown is 'connect from unknown[ip.add.re.ss]'. I'm using pdnsd for caching purposes. My resolv.conf points to 127.0.0.1 and seems to be working fine: $ dig +short -x 209.85.212.54 mail-vb0-f54.google.com. Turn off CHROOT for the SMTP daemon. http://www.postfix.org/DEBUG_README.html#no_chroot A common mistake is to turn on chroot operation in the master.cf file without going through all the necessary steps to set up a chroot environment. This causes Postfix daemon processes to fail due to all kinds of missing files. The example below shows an SMTP server that is configured with chroot turned off: /etc/postfix/master.cf: # = # service type private unpriv chroot wakeup maxproc command # (yes) (yes) (yes) (never) (100) # = smtp inet n - n - - smtpd Inspect master.cf for any processes that have chroot operation not turned off. If you find any, save a copy of the master.cf file, and edit the entries in question. After executing the command postfix reload, see if the problem has gone away. Wietse Wietse, ok, I'll disable the fqrdns check for now and check the chroot configuration after I return from holidays. Thanks all !
Re: dictionary-attack
Am 26.03.2013 19:36, schrieb Lima Union: Wietse, ok, I'll disable the fqrdns check for now and check the chroot configuration after I return from holidays this is ONE char in the master.cf and if i where you i would not make holidays as long a production server is known misconfigured ok, done, chroot has been disabled and the fqrdns.pcre is working now. After disabling the chroot I issued an 'egrep '(warning|error|fatal|panic):' /var/log/mail' and am seeing many warnings like these, is it ok? Mar 26 15:56:03 relay1 postfix/smtpd[2111]: warning: 178.88.224.150: hostname 178.88.224.150.megaline.telecom.kz verification failed: Name or service not known Mar 26 15:56:03 relay1 postfix/smtpd[1953]: warning: 201.216.208.5: hostname customer-static-201-216-208.5.iplannetworks.net verification failed: Name or service not known Mar 26 15:56:18 relay1 postfix/smtpd[1951]: warning: 63.141.239.151: hostname muv4ward.com verification failed: Name or service not known Mar 26 15:56:31 relay1 postfix/smtpd[1951]: warning: 87.98.228.174: address not listed for hostname www.thedesigninstitution.com Mar 26 15:56:34 relay1 postfix/smtpd[2021]: warning: 64.191.105.74: hostname 64-191-105-74.static.hostnoc.net verification failed: Name or service not known
Re: dictionary-attack
On Sat, Mar 23, 2013 at 11:31 AM, Benny Pedersen m...@junc.eu wrote: Ejaz skrev den 2013-03-23 11:49: How do I configure my postfix not to accept the emails which sent on invalid address?, since morning we have been noticed that there huge spam dictionary attack on our server, all originated emails are from random IPs and random from address to the invalid recipient. pretty common, just make sure not to use catch-all in postfix, then logs and count what ips abuse most or is not have there own rir listning (dynamic ips should be smtp auth only) Thanks in advance for you kind help in regards to the control such spam emails. are you missing http://www.hardwarefreak.com/fqrdns.pcre ? :) very interesting link, as I understand my postfix is not prepared for pcre thus I won't be able to use it, right? $ /usr/sbin/postconf -m btree cidr environ hash internal ldap nis proxy regexp static tcp unix LU
Re: warning: network_biopair_interop: error writing 37 bytes to the network: Broken pipe
Maybe this helps (just googled it...) http://tech.groups.yahoo.com/group/postfix-users/message/273461 Regards. On Thu, Mar 7, 2013 at 1:40 PM, Rishi rishigang...@gmail.com wrote: Hello I've been receiving lots of errors in mail.log Mar 7 11:49:47 mail postfix/smtpd[92520]: warning: network_biopair_interop: error writing 37 bytes to the network: Broken pipe Mar 7 11:50:13 mail postfix/smtpd[92555]: warning: network_biopair_interop: error writing 27 bytes to the network: Broken pipe Mar 7 11:50:56 mail postfix/smtpd[94257]: warning: network_biopair_interop: error writing 37 bytes to the network: Broken pipe Mar 7 11:51:13 mail postfix/smtpd[92520]: warning: network_biopair_interop: error writing 27 bytes to the network: Broken pipe Mar 7 11:51:57 mail postfix/smtpd[92615]: warning: network_biopair_interop: error writing 37 bytes to the network: Broken pipe Mar 7 11:52:24 mail postfix/smtpd[92555]: warning: network_biopair_interop: error writing 27 bytes to the network: Broken pipe Mar 7 11:52:31 mail postfix/smtpd[92555]: warning: network_biopair_interop: error writing 37 bytes to the network: Broken pipe Mar 7 11:52:32 mail postfix/smtpd[92629]: warning: network_biopair_interop: error writing 37 bytes to the network: Broken pipe Mar 7 11:53:08 mail postfix/smtpd[94255]: warning: network_biopair_interop: error writing 27 bytes to the network: Broken pipe Any idea what this means? The customer has been reporting delayed delivery of email. Any tips on what I should look out for in the configuration? Rishi
Latest package for RHEL6
Hi all! does anyone know where I can find the latest postfix release (2.9.x) for RHEL 6 x86_64 from some 'trusted' source? unfortunately Simon Mudd didn't post any package for this platform yet. Thanks in advance. LU
Re: Latest package for RHEL6
On Mon, Oct 22, 2012 at 11:56 AM, Morten Stevens mstev...@imt-systems.com wrote: On 22.10.2012 16:40, Lima Union wrote: Hi all! does anyone know where I can find the latest postfix release (2.9.x) for RHEL 6 x86_64 from some 'trusted' source? unfortunately Simon Mudd didn't post any package for this platform yet. Thanks in advance. LU Hi, I have backported Postfix 2.9.x for my company and I am also package maintainer for Fedora. Here are my latest builds for el6: http://mstevens.fedorapeople.org/el6/postfix/ Best regards, Morten cool!! thank you so much!
Re: [OT] Hotmail change the mail policy yesterday????'
On Thu, May 31, 2012 at 3:37 PM, kazabe kaz...@gmail.com wrote: Hi. From yesterday many servers to i admin has been banned to send messages to hotmail. The error is related to said: 550 SC-001 Do you are experimenting the same issue today? Thanks and regards. Hi, you're not alone, we're having the same issue with hotmail, since yesterday too. The bounce message is: 550 SC-001Mail rejected by Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation. If you are not an email/network admin please contact your Email/Internet Service Provider for help. We're not listed in any RBL list... I've opened a ticket today going to this url: https://support.msn.com/eform.aspx?productKey=edfsmsblct=eformtsst=1wfxredirect=1 Regards, LU.
Re: OT: Yahoo spam load (was: Dead Destination configuration)
On Fri, Dec 2, 2011 at 5:15 PM, Steve Fatula compconsult...@yahoo.com wrote: From: Wietse Venema wie...@porcupine.org To: postfix-users@postfix.org Sent: Friday, December 2, 2011 8:42 AM Subject: OT: Yahoo spam load (was: Dead Destination configuration) To get some idea of Yahoo spam load (and keyword trends) see http://visualize.yahoo.com/ and click the green buttons. I wish there was a chart for spam sent FROM yahoo. 99% of our spam comes from yahoo (that gets through postscreen). Steve I'm having the same problem here, a lot of spam comming from YAHOO mail system. I didn't know about sanesecurity, I'll give it a try, looks very interesting. LU
Re: Easy Administration of Postfix SMTP Relay Server
On Fri, Sep 23, 2011 at 2:51 PM, Kaleb Hosie kho...@nicanada.com wrote: I’m currently tasked with a project of creating a spam server which will receive email for all of our customers, filter it for spam and relay clean mail onto the final destination. The challenge is that it needs to be manageable by someone who doesn’t know Linux. Is there a way to add additional domains without the need to login through SSH? Probably here you'll find other alternatives to webmin that will let you to do that: http://www.postfix.org/addon.html#config HTH
[SOT] Low volume antispam filter broken URL link
Hi all! Unfourtunately the link posted in http://www.postfix.org/addon.html for 'crm114 Postfix howto by Eugene Borukhovich' is broken (google didnt't help either), does anyone by chance have that document? I'm trying to setup a low volume/resources antispam system (any other recommendation is welcomed). TIA. LU.
Re: Large ISP which use Postfix
2011/7/14 Peter Tselios s91...@yahoo.gr: Hallo, I need to prepare a presentation for my company because we plan to deploy a new mail system. I need to know the names of some medium to large ISPs that uses Postfix as their SMTP server. Do you know where I can find that information? Thanks Peter Maybe you could try to use smtpscan[1] to guess which mail software is used on remote servers you want. HTH [1]: http://packetstormsecurity.org/search/files/?q=smtpscan
Filtering spam with a partial pattern
Hi all! i'm seeing a huge quantity of spam during this week (~156K messages) all from an smtp addresses that begins with '0-', like: from=0...@cancer.org from=0-1z3ize-...@bxbmail.de from=0...@carnival.com from=0-gentil...@aditi.com from=0-happy-1...@msf.biglobe.ne.jp from=0-downl...@soundviewmortgage.com I tried to reject them by writing a simple rule in my smtpd_sender_checks by simply appending 0- at the beginning of a new line but for some reason it isn't matching the pattern, finally getting rejected by my RBL provider. Anyway I want to avoid doing RBL checks for this case, any ideas why my rule isn't working? any suggetions on how to write a filter for this pattern? TIA! PS: some more info: $ /usr/sbin/postconf -m btree cidr environ hash internal ldap nis proxy regexp static tcp unix $ /usr/sbin/postconf mail_version mail_version = 2.7.3 smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, # warn_if_reject reject_unknown_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, # reject_unknown_sender_domain, # reject_unknown_recipient_domain, reject_unauth_destination, check_client_access hash:$config_directory/maps/smtpd_client_checks, check_helo_access hash:$config_directory/maps/smtpd_helo_checks, check_sender_access hash:$config_directory/maps/smtpd_sender_checks, check_sender_access regexp:$config_directory/maps/smtpd_sender_checks.regexp, check_recipient_access hash:$config_directory/maps/smtpd_recipient_checks, reject_non_fqdn_hostname, reject_unverified_recipient, reject_rbl_client zen.spamhaus.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, reject_rhsbl_client rhsbl.sorbs.net, check_sender_access hash:$config_directory/maps/forged_domain_senders, check_policy_service inet:127.0.0.1:10023, permit smtpd_data_restrictions = warn_if_reject reject_unauth_pipelining, permit
Re: Filtering spam with a partial pattern
On Wed, May 18, 2011 at 10:54 AM, Steve stev...@gmx.net wrote: Original-Nachricht Datum: Wed, 18 May 2011 08:49:25 -0500 Von: Noel Jones njo...@megan.vbhcs.org An: postfix-users@postfix.org Betreff: Re: Filtering spam with a partial pattern On 5/18/2011 8:06 AM, Lima Union wrote: Hi all! i'm seeing a huge quantity of spam during this week (~156K messages) all from an smtp addresses that begins with '0-', like: from=0...@cancer.org from=0-1z3ize-...@bxbmail.de from=0...@carnival.com from=0-gentil...@aditi.com from=0-happy-1...@msf.biglobe.ne.jp from=0-downl...@soundviewmortgage.com I tried to reject them by writing a simple rule in my smtpd_sender_checks by simply appending 0- at the beginning of a new line but for some reason it isn't matching the pattern, finally getting rejected by my RBL provider. Anyway I want to avoid doing RBL checks for this case, any ideas why my rule isn't working? any suggetions on how to write a filter for this pattern? Add to your smtpd_sender_checks.regexp file: /^0-/ REJECT invalid sender address Should that not be: /^0\-/ REJECT invalid sender address -- Noel Jones TIA! OK, thanks, it worked (second option). LU
Re: Filtering spam with a partial pattern
On Wed, May 18, 2011 at 11:07 AM, Noel Jones njo...@megan.vbhcs.org wrote: On 5/18/2011 8:54 AM, Steve wrote: Original-Nachricht Datum: Wed, 18 May 2011 08:49:25 -0500 Von: Noel Jonesnjo...@megan.vbhcs.org An: postfix-users@postfix.org Betreff: Re: Filtering spam with a partial pattern On 5/18/2011 8:06 AM, Lima Union wrote: Hi all! i'm seeing a huge quantity of spam during this week (~156K messages) all from an smtp addresses that begins with '0-', like: from=0...@cancer.org from=0-1z3ize-...@bxbmail.de from=0...@carnival.com from=0-gentil...@aditi.com from=0-happy-1...@msf.biglobe.ne.jp from=0-downl...@soundviewmortgage.com I tried to reject them by writing a simple rule in my smtpd_sender_checks by simply appending 0- at the beginning of a new line but for some reason it isn't matching the pattern, finally getting rejected by my RBL provider. Anyway I want to avoid doing RBL checks for this case, any ideas why my rule isn't working? any suggetions on how to write a filter for this pattern? Add to your smtpd_sender_checks.regexp file: /^0-/ REJECT invalid sender address Should that not be: /^0\-/ REJECT invalid sender address Not necessary. The - is not special outside character classes. -- Noel Jones One last question regarding this, due that the amount of spam is huge I'd like to catch some of these messages, how should I configure Postfix in order to let this kind of messages (beginning with /^0-/ ) bypass all my checks (RBL,etc) and redirect them to my account to review them? is this possible? Thanks once again.
Re: Filtering spam with a partial pattern
On Wed, May 18, 2011 at 5:01 PM, Noel Jones njo...@megan.vbhcs.org wrote: On 5/18/2011 1:30 PM, Lima Union wrote: One last question regarding this, due that the amount of spam is huge I'd like to catch some of these messages, how should I configure Postfix in order to let this kind of messages (beginning with /^0-/ ) bypass all my checks (RBL,etc) and redirect them to my account to review them? is this possible? Thanks once again. You can do that, but you'll need to adjust your rules some. The general idea is you need to REDIRECT the mail and then whitelist it before subsequent rules reject it. We'll use a restriction class because postfix can't normally do two actions on one match. Something like: !Caution! http://www.postfix.org/SMTPD_ACCESS_README.html#danger # main.cf smtpd_restriction_classes = REDIRECT_OK REDIRECT_OK = check_sender_access regexp:$config_directory/maps/redirect.regexp permit # redirect.regexp /./ REDIRECT u...@example.com And in your sender.regexp, change the REJECT line to REDIRECT_OK # sender.regexp /^0-/ REDIRECT_OK And then you'll need to change your smtpd_recipient_restrictions to catch these before any other rules reject them. Something like: smtpd_recipient_restrictions = permit_mynetworks, # reject_unauth_destination should be your first reject reject_unauth_destination, # move your sender.regexp here, before any other reject* check_sender_access regexp:$config_directory/maps/smtpd_sender_checks.regexp, # other stuff... reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, check_client_access hash:$config_directory/maps/smtpd_client_checks, check_helo_access hash:$config_directory/maps/smtpd_helo_checks, check_sender_access hash:$config_directory/maps/smtpd_sender_checks, check_sender_access regexp:$config_directory/maps/smtpd_sender_checks.regexp, ... other exiting stuff... Noel, thank you very much for your explanation, I'll review and try it tomorrow. LU.
[SOT]: Postfix/syslog date format
Hi, I believe that this question is slightly OT but I'm seeing this syslog format in Postfix: Apr 10 08:53:12 relay1 postfix/cleanup[16550]:., my question is if there's a way to have also printed the year in the date field? while looking for historic data it can be really useful. I'm running RHEL 5.6 with the default syslog package, I've looked at the man page and googled without much success, any ideas? TIA!
Re: [SOT]: Postfix/syslog date format
On Thu, Apr 14, 2011 at 1:45 PM, /dev/rob0 r...@gmx.co.uk wrote: On Thu, Apr 14, 2011 at 01:19:03PM -0300, Lima Union wrote: Hi, I believe that this question is slightly OT but I'm seeing this syslog format in Postfix: Apr 10 08:53:12 relay1 postfix/cleanup[16550]:., my question is if there's a way to have also printed the year in the date field? while looking for historic data it can be really useful. I'm running RHEL 5.6 with the default syslog package, I've looked at the man page and googled without much success, any ideas? TIA! Aren't you rotating your logs? Pipe them through sed(1) if desired, or just save them in a year/month/day directory tree, such that the year would be part of the pathname. OK I think that I'll simply switch to rsyslog Thanks.
Re: minor typo in Postfix's change log
On Mon, Mar 28, 2011 at 2:43 PM, Jeroen Geilman jer...@adaptr.nl wrote: On 03/28/2011 02:59 PM, Lima Union wrote: [1] postfix/verify[3209]: close database /var/lib/postfix/verify_cache.db: No such file or directory Are you USING sender or recipient verification ? If so, does the verify daemon run chrooted ? -- J. Sorry for the delay, I'm using recipient verification running Postfix 2.7.2 (Simon J Mudd package) chrooted under RHEL 5.6. I tried several different configurations as suggested[1], but afaik I'll have to upgrade to 2.7.3 in order to have this harmless Berkeley DB bug solved[2] Best regards. [1]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578862 [2]: http://readlist.com/lists/postfix.org/postfix-users/25/127952.html
minor typo in Postfix's change log
Hi, while looking in the change log for some info about an issue I'm having[1] I found a simple typo in the date specified as shown here: 20200102 Workaround: don't report bogus Berkeley DB close errors as fatal errors. All operations before close are already error checked, so the data is known to be safe. File: util/dict_db.c. Didn't know to how to report this in another way (without 'spamming' the ML). Regards. [1] postfix/verify[3209]: close database /var/lib/postfix/verify_cache.db: No such file or directory
Re: couple of doubts about postfix milters
On Tue, Nov 9, 2010 at 10:19 AM, Noel Jones njo...@megan.vbhcs.org wrote: On 11/9/2010 6:18 AM, Lima Union wrote: hi all! as the subject says I have two noob questions: (1) if I configure something like 'smtpd_milters = inet:localhost:10025 inet:localhost:10034' does Postfix respect the order? I mean, will it processs the mail in order, first milter then second milter or what? for example, in this case 10025 is the sid-milter and 10034 is the clamav-milter. Yes, milters are processed in the order specified. (2) currently I'm running postgrey (under the 'smtpd_recipient_restrictions' section) but in a new setup I'd like to have this basic order for an Internet relay server: mail from Internet - sid-milter - postgrey - clamav-milter, how can I achieve that? I don't know how Postfix will route internally the message in this case. The order of internal vs. milter processing is not configurable. You could switch to a greylist milter, there are several to choose from. -- Noel Jones Noel, thanks for your answers. Last doubt, as far as I understand from the documentation, the milter processing happends in smtpd(8) before the 'smtpd_recipient_restrictions' (cleanup(8)) check. Thus if I keep my current configuration for my new setup, using smtpd_milters and postgrey (under 'smtpd_recipient_restrictions') I'll have the following routing: mail from Internet - sid-milter - clamav-milter - all the smtpd_recipient _restrictions included postgrey, is this correct? I think that this isn't the optimal solution because the milter checks occur before smtpd_recipient_restrictions where a lot of client/envelope/rbl/etc cleanup is done. I'll be checking for viruses from clients that don't even send a proper ehlo, etc, thus consuming cpu resources. Thanks for any comment about this. Regards, LU
couple of doubts about postfix milters
hi all! as the subject says I have two noob questions: (1) if I configure something like 'smtpd_milters = inet:localhost:10025 inet:localhost:10034' does Postfix respect the order? I mean, will it processs the mail in order, first milter then second milter or what? for example, in this case 10025 is the sid-milter and 10034 is the clamav-milter. (2) currently I'm running postgrey (under the 'smtpd_recipient_restrictions' section) but in a new setup I'd like to have this basic order for an Internet relay server: mail from Internet - sid-milter - postgrey - clamav-milter, how can I achieve that? I don't know how Postfix will route internally the message in this case. Thanks in advance. LU
Re: couple of doubts about postfix milters
Last doubt, as far as I understand from the documentation, the milter processing happends in smtpd(8) before the 'smtpd_recipient_restrictions' (cleanup(8)) check. Thus if I keep my current configuration for my new setup, using smtpd_milters and postgrey (under 'smtpd_recipient_restrictions') I'll have the following routing: mail from Internet - sid-milter - clamav-milter - all the smtpd_recipient _restrictions included postgrey, is this correct? I think that this isn't the optimal solution because the milter checks occur before smtpd_recipient_restrictions where a lot of client/envelope/rbl/etc cleanup is done. clamav-milter operates on the message data, so all postfix smtpd_*_restrictions -- which operate on the envelope -- will get a chance to reject mail before the data is transmitted. sid-milter operates on the envelope. It will probably run before smtpd_recipient_restrictions, but that's not such a big deal since it's a fairly lightweight process (minimal CPU, but it does trigger a DNS lookup). Now that I've had more coffee and can think better, this modifies the answer I gave earlier -- even though you can't specify sid-miler greylist clamav-milter, that's how it will effectively run. -- Noel Jones I'll be checking for viruses from clients that don't even send a proper ehlo, etc, thus consuming cpu resources. Thanks for any comment about this. Regards, LU Thanks Noel for your explanation, now it's clear. Best regards, LU.
