DMARC quarantine results

These are the failing reports from DMARC set to quarantine. Most failures are for SPF, which now I gather from the other post is due to remailing. {Originally I thought the comment was about me using a remailer.] It looks like if you pass DKIM, most ESPs just pass on the message. Since nobody

Re: Special method required for Gmail dkim/spf verification

On Wed, 13 Apr 2016 17:08:57 -0700 li...@lazygranch.com wrote: > Yesterday's Google report had me passing. Could be related to adding > the Google term to DNS. > Hold the presses here. It turns out my domain was spoofed in the report that failed. The IP address used isn't mine. In th

SPF option in Postfix 3

I noticed I was running postfix 3.1.0. Freebsd has rev 3.1.1, so I figured I would upgrade. Fist up, I reviewed the page I used as a starting point for setting up my mail server, namely http://blog.iandreev.com/?p=1604 In the configuration for postfix, the SPF option is not selected. Somewhere

postfix 3.1.1 upgrade from 3.1.0

During the upgrade from postfix 3.1.0 to 3.1.1, the installation script issued the following: -- ===> Creating users Using existing user 'postfix'. Note: the following files or directories still exist but are no longer part of Postfix:

Re: growing size of mail.log file - postfix logs

On Thu, 2 Mar 2017 08:34:59 +0100 Patrick Ben Koetter wrote: > * Poliman - Serwis : > > Hi everyone. In mail.log file I have many lines like below: > > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept > > error from

Re: TLD blocking revisited

the list. On Tue, 20 Sep 2016 04:12:48 +0200 Benny Pedersen <m...@junc.eu> wrote: > On 2016-09-20 04:08, li...@lazygranch.com wrote: > > OK. Would I score it in SpamAssassin? If not, where? Point me in the > > right direction and I assume Google will be my friend. > > make

TLD blocking revisited

The last time TLD blocking came up, the consensus of the hive was not to block based on TLD. (You may recall .xyz being used by Alphabet.) However lately I'm getting a ridiculous number of .stream SPAM coming through. The RBLs are getting about half. https://www.spamhaus.org/statistics/tlds/ I

Re: Blocking "unknown"

On Fri, 30 Sep 2016 06:26:35 -0400 Postfix User wrote: > Postfix-3.2-20160917 with FreeBSD-11.0 /64 bit > > Lately, I have been finding the following entries in the maillog: > > 13643:Sep 30 02:00:40 scorpio postfix/smtpd[83056]: warning: hostname >

Re: Blocking "unknown"

On Sat, 1 Oct 2016 10:59:02 +0100 Allen Coates <znab...@cidercounty.org.uk> wrote: > > > On 01/10/16 10:37, Postfix User wrote: > > On Fri, 30 Sep 2016 17:08:05 -0700, li...@lazygranch.com stated: > > > >> This will pull these hackers off your maillog. >

Re: TLS details not in header as viewed from email client (claws)

econd imap, there shouldn't be any lost mail issues. On Wed, 9 Nov 2016 10:17:04 -0600 Noel Jones <njo...@megan.vbhcs.org> wrote: > On 11/9/2016 9:32 AM, li...@lazygranch.com wrote: > > I posted the entire header from claws. That is the receive header > > sinc

Re: TLS details not in header as viewed from email client (claws)

bits)) (No client certificate requested) by www.inplanesight.org (Postfix) with ESMTPS id 2E255EB20F for <g...@inplanesight.org>; Tue, 8 Nov 2016 07:22:25 + (UTC) On Wed, 9 Nov 2016 09:03:12 -0800 "li...@lazygranch.com" <li...@lazygranch.com> wrote: > "s

bits of encryption

This comes under the notion that if you don't ask, you don't learn. I did some dovecot2 updates, so naturally I decided to test the mail system. When I mail a message to myself, this is the TLS notification: (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) However I do

freeBSD update boost-libs and postfix

Hopefully this isn't a duplicate message. I've been repairing the mail system. Just a FYI that if you update boost-libs with pkg under freeBSD, it loads postfix for some reason. All my .db files were unreadable. I had to postmap and postalias them to make them readable again. I should have

Re: Open relay

On Fri, 21 Oct 2016 22:56:45 +0200 Paul van der Vlis wrote: > Hello Angelo and others, > > Op 21-10-16 om 22:24 schreef Fazzina, Angelo: > > So what is SASL using in Postfix ? > > Is Postfix calling SASL, which calls PAM, which calls LDAP, to > > check the Password? > >

(Semi OT) RBL shakedown

If you use the uceprotect RBL, note that they are involved in a shakedown to solicit money to be removed from their list. Much like spamrl, I'd suggest not using them since they have an obvious false positive problem. http://www.uceprotect.net/en/rblcheck.php?ipr=107.170.248.198 Their own system

Re: bits of encryption

On Fri, 11 Nov 2016 09:54:48 -0500 "Bill Cole" <postfixlists-070...@billmail.scconsult.com> wrote: > On 11 Nov 2016, at 6:21, li...@lazygranch.com wrote: > > > So is this level of encryption something openssl sets up? > > Yes and no. The partners

Re: Port 587 users question

On Mon, 28 Nov 2016 09:01:41 -0500 btb <b...@bitrate.net> wrote: > On 2016.11.27 20.43, li...@lazygranch.com wrote: > > I should have mentioned the mail system is on a VPS and I'm the only > > user. And yes, trouble makers are on the Internet. > > well, this sim

hacker or server problem

Is this a hack or a server problem. IP was listed in abusedb about a year ago. Nov 16 09:14:36 theranch postfix/smtpd[6094]: connect from unknown[87.236.215.11] Nov 16 09:14:36 theranch postfix/smtpd[6094]: lost connection after AUTH from unknown[87.236.215.11] Nov 16 09:14:36 theranch

Re: hacker or server problem

On Wed, 16 Nov 2016 11:52:14 +0200 Patrick Chemla <patrick.che...@perfaction.net> wrote: > Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit : > > Is this a hack or a server problem. IP was listed in abusedb about a > > year ago. > > > > > > Nov

Re: hacker or server problem

On Wed, 16 Nov 2016 02:26:13 -0800 "li...@lazygranch.com" <li...@lazygranch.com> wrote: > On Wed, 16 Nov 2016 11:52:14 +0200 > Patrick Chemla <patrick.che...@perfaction.net> wrote: > > > Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit : > &g

Re: bits of encryption

On Sat, 12 Nov 2016 15:29:54 -0500 "Bill Cole" <postfixlists-070...@billmail.scconsult.com> wrote: > On 11 Nov 2016, at 14:31, li...@lazygranch.com wrote: > > > On Fri, 11 Nov 2016 09:54:48 -0500 > > "Bill Cole" <postfixlists-070...@

Re: bits of encryption

On Sun, 13 Nov 2016 01:43:17 -0500 "Bill Cole" wrote: > If the NSA/GCHQ capturing all of your SMTP traffic and saving it for > hypothetical future decryption is a realistic and significant > scenario in your threat model, you should reconsider your

Re: Is my server mail account being attacted?

On Thu, 20 Oct 2016 17:13:26 -0400 "Bill Cole" wrote: > On 20 Oct 2016, at 16:39, Keith Williams wrote: > > > No wait... What? > > > > This is no attack. Attack is when you try to break or enforce.. > > This is a probe, and from the probe we can

Re: Execute linux commands after receive a mail...

On Thu, 16 Mar 2017 11:29:56 -0500 Noel Jones wrote: > On 3/16/2017 11:18 AM, Gilberto Nunes wrote: > > Hello folks... > > > > I just need execute some command after receive a mail... > > > > I found this site: > > > >

Re: Specify VPN for postfix

Take a look at your header file when using the VPN to email yourself. I think what you want happens automatically. Received: from [10.8.0.6] (unknown [MYIPADDRESS]) 10.8.0.6 is the local IP space created by my VPN. But my IP address also shows up, so hopefully a guru will chime in as to how

Re: TLS warning

On Thu, 25 May 2017 03:02:39 -0400 Rick Leir <rl...@leirtech.com> wrote: > > > On 2017-05-25 02:31 AM, Philip Paeps wrote: > > On 2017-05-24 14:54:34 (+0200), Bastian Blank > > <bastian+postfix-users=postfix@waldi.eu.org> wrote: > >> On

PSA University of Michigan research IP space

http://researchscan288.eecs.umich.edu/ I never could find the research IP space and my email went unanswered. I just blocked the whole university. Link has the IP space as listed below: 141.212.121.0/24 141.212.122.0/24

Re: PSA University of Michigan research IP space

On Thu, 7 Dec 2017 22:59:46 -0500 Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > On Dec 7, 2017, at 9:14 PM, li...@lazygranch.com wrote: > > > > http://researchscan288.eecs.umich.edu/ > > I never could find the research IP space and my email went > >

policyd-spf tip

There are many "problem solving pages" on the interwebs that have wrong information on setting up policyd-spf. The key to make sure you use consistent names in both main.cf and master.cf. Yeah, I know, I'm preaching to the choir, but hopefully the next person with a set up problem finds this

accept email if pass SPF or DKIM

RTFMing, I see that both opendkim and python-policyd-spf have whitelisting capabilities (especially python-policyd-spf). But for the most part, my legitimate incoming email passes DKIM or SPF, but often not both. What I would like to do is accept email that passes either DKIM or SPF, but the

Re: accept email if pass SPF or DKIM

On Wed, 10 Jan 2018 21:59:26 -0500 "Kevin A. McGrail" <kmcgr...@pccc.com> wrote: > On 1/10/2018 9:53 PM, li...@lazygranch.com wrote: > > RTFMing, I see that both opendkim and python-policyd-spf have > > whitelisting capabilities (especially python-policyd-spf)

Re: Request for feedback on SMTPD restrictions

On Sun, 21 Jan 2018 14:35:42 -0600 Noel Jones wrote: > On 1/20/2018 11:56 PM, J Doe wrote: > > Hi, > > > > I have a basic SMTP server set up with what I believe to be good > > smtpd_*_ restrictions, but I was wondering if anyone could provide > > any insight on how to

warning: TLS library problem

postfix/smtpd[14755]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640: Should I be blocking some encryption method? I thought openssl dropped support for the hackable protocols.

Re: python-policyd-spf doesn't check mail from my own domain

On Tue, 30 Jan 2018 10:50:18 + Dominic Raferd <domi...@timedicer.co.uk> wrote: > On 30 January 2018 at 10:11, li...@lazygranch.com > <li...@lazygranch.com> wrote: > > I've installed the opendmarc milter. I'm not rejecting mail from it > > at the moment. I've

Re: python-policyd-spf doesn't check mail from my own domain

On Wed, 31 Jan 2018 07:43:17 + (UTC) Dominic Raferd <domi...@timedicer.co.uk> wrote: > On 31 January 2018 at 03:44, li...@lazygranch.com > <li...@lazygranch.com> wrote: > > On Tue, 30 Jan 2018 10:50:18 + > > Dominic Raferd <domi...@timedicer.co.uk>

python-policyd-spf doesn't check mail from my own domain

I've installed the opendmarc milter. I'm not rejecting mail from it at the moment. I've noticed that if I send myself a message, the policyd-spf milter isn't run. That in turn causes mail I send myself to fail in opendmarc. Any ideas? The various email verifiers do show that my email passes spf.

Re: policyd-spf tip

olicyd-spf are as daemons. I'm new to Centos. I run opensuse on my desktop and had presently have my VPS server on FreeBSD. Due to update issues, I decided to abandon FreeBSD for Centos, since I'm more familiar with Linux than BSD these days. > > On 2017-12-24 22:02, li...@lazygranch

Requesting certificates

I'm not at the point where I want to verify certs and reject mail, because the mail must go through! However I would like at least for postfix to request the cert. (Forgive my terminology here if I am not phrasing this properly.) Basically I would just eyeball the header and look at the cert

Re: Requesting certificates

On Fri, 22 Dec 2017 09:52:13 + Dominic Raferd <domi...@timedicer.co.uk> wrote: > On 22 December 2017 at 09:38, li...@lazygranch.com > <li...@lazygranch.com> wrote: > > > ​... > > From main.cf (sanitized): > > ---

Re: report from google relate to failed dkim

On Wed, 27 Dec 2017 09:37:24 + Dominic Raferd wrote: > On 27 December 2017 at 07:22, Poliman - Serwis > wrote: > > I configured yesterday spf, dkim, dmarc for example.com. Today I > > got report in xml on my mailbox. Attached. One from addresses

Re: Request for feedback on SMTPD restrictions

Replies in the middle of the email for clarity. On Mon, 22 Jan 2018 17:18:42 -0500 "Bill Cole" <postfixlists-070...@billmail.scconsult.com> wrote: > On 21 Jan 2018, at 20:44 (-0500), li...@lazygranch.com wrote: > > > The reverse DNS can only point to one domain >

Spammer rejected, but resends every 10 minutes. Any way to prevent this

Client host rejected: cannot find your reverse hostname, [113.247.6.67]; from=<sale...@tradepro.net> to=<li...@lazygranch.com> proto=ESMTP helo=

Re: Spammer rejected, but resends every 10 minutes. Any way to prevent this

On Tue, 13 Mar 2018 23:35:01 -0400 "Bill Cole" <postfixlists-070...@billmail.scconsult.com> wrote: > On 13 Mar 2018, at 22:51 (-0400), li...@lazygranch.com wrote: > > > I'm getting hit every 10 minutes from this spammer. As you can see > > I am &

Re: clamav as a milter

On Mon, 26 Mar 2018 18:35:19 -0400 Scott Kitterman wrote: > On Monday, March 26, 2018 10:27:57 PM André Rodier wrote: > > Hello all, > > > > Does anyone suffered performance loss when using clamav as a milter > > for postfix? > > > > I would like to scan archives and

repeated relay attempts

Just checking if I have things set up correctly. I'm returning a 554 code (rejected relay) yet the attempts keep coming. Postfix avil is throttling the user, so I assume this isn't a problem. As an FYI, checking MXTOOL blacklist on the offending IP, only blocklist.de has them flagged at the

Re: manitu.net RBL, opinions? Re: postwhite? (why not?)

On Tue, 06 Mar 2018 06:26:49 + MRob wrote: > On 2018-03-05 18:05, Bill Cole wrote: > >> Would you mind sharing which RBLs you recommend to use in > >> postscreen? > > > > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 > > zen.spamhaus.org=127.0.0.3*2

concurrency rate limit

I'm wondering if I have my rate limiting set up correctly. Note I have that perl script that sniffs out dynamic IP addresses, so I am not sure how this user is even getting concurrent connections. From the main.cf: smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks,

Re: Stopping acceptence from unowned networks address as from my domains

On Thu, 7 Feb 2019 05:24:08 +0100 Francesc Peñalvez wrote: > I asked  the same and Vietse Venema answer this: > > Postfix 3.0 and later: > > /etc/postfix/main.cf: > smtpd_sender_restrictions = > permit_mynetworks > permit_sasl_authenticated >

Re: How to block mail coming from a domain

On Thu, 26 Sep 2019 10:46:27 +0200 Enrico Morelli wrote: > On Thu, 26 Sep 2019 10:42:46 +0200 > Enrico Morelli wrote: > > > On Thu, 26 Sep 2019 16:37:14 +0800 > > Wesley Peng wrote: > > > > > on 2019/9/26 16:34, Enrico Morelli wrote: > > > > I tried to put .monster or *.monster in

Block email based on reply field

I have a spammer who uses all sorts of "from" addresses but the same "reply" address. Any way to block this spammer in Postfix.

Re: Centos 7 turn on pypolicyd-spf

FWIW, this is what I have in my master.cf. I am on centos 7. policyunix - n n - 0 spawn user=nobody argv=/usr/libexec/postfix/policyd-spf /etc/python-policyd-spf/policyd-spf.conf

Re: Block email based on reply field

On Wed, 11 Dec 2019 21:56:48 -0500 Viktor Dukhovni wrote: > > On Dec 11, 2019, at 9:38 PM, li...@lazygranch.com wrote: > > > > I have a spammer who uses all sorts of "from" addresses but the same > > "reply" address. Any way to block this spamme

Re: Block email based on reply field

On Wed, 18 Dec 2019 13:10:50 -0500 Viktor Dukhovni wrote: > [ I'm on the list, there's no need to Cc: me directly] > > On Wed, Dec 18, 2019 at 01:36:17AM -0800, li...@lazygranch.com wrote: > > > Viktor Dukhovni wrote: > > > > > header-

gmail reverse host issue

Some gmail gets through, some doesn't. Is there a time limit on the DNS check? A google search finds several timers, but nothing specific to DNS. Log: Feb 17 06:18:10 mydomain postfix/smtpd[2619]: connect from unknown[209.85.219.177] Feb 17 06:18:10 mydomain postfix/smtpd[2619]: Anonymous TLS

repeated connect and disconnect

Is there something I should be doing to mitigate this problem? Oct 8 02:11:42 myserver postfix/smtpd[11630]: connect from unknown[180.123.163.212] Oct 8 02:11:43 myserver postfix/smtpd[11632]: connect from unknown[180.123.163.212] Oct 8 02:11:43 myserver postfix/smtpd[11632]: lost connection

Can a more useful bounce message be provided

My server bounced a message. Here is the server log (sanitized). - Nov 13 02:07:52 myserver postfix/smtpd[27706]: NOQUEUE: reject: RCPT from sonic302-23.consmr.mail.gq1.yahoo.com[98.137.68.149]: 554 5.7.1 Service unavailable; Client host [98.137.68.149] blocked using

Re: 554 bounce message lacks detail

On Fri, 9 Jul 2021 08:38:30 +0200 Matus UHLAR - fantomas wrote: > On 08.07.21 18:48, li...@lazygranch.com wrote: > >I rarely bounced email due to RBLs from someone I actually correspond > >with. However I did bounce a message with the sender receiving this > >message: &

554 bounce message lacks detail

I rarely bounced email due to RBLs from someone I actually correspond with. However I did bounce a message with the sender receiving this message: Sorry, we were unable to deliver your message to the following address. From the maillog: Jul 7 16:35:21 example postfix/smtpd[27776]: NOQUEUE:

Re: Postfix Helo reverse Exception

On Sat, 20 Mar 2021 21:28:31 -0400 Viktor Dukhovni wrote: > On Sat, Mar 20, 2021 at 08:23:20PM -0400, Wietse Venema wrote: > > David Mehler: > > > > I don't want to blanket disable reject_unknown_helo_hostname is > > > there a way I can set a helo exception for this one host/sender? > > > >

Re: connect then disconnect; backscatter?

On Sat, 17 Apr 2021 14:35:37 +0200 Benny Pedersen wrote: > On 2021-04-17 09:58, li...@lazygranch.com wrote: > > I am getting a lot of these: > > > > Apr 17 07:27:10 mydomain postfix/smtpd[21897]: connect from > > mone183.secundiarourous.com[141.98.10.183] > >

Re: connect then disconnect; backscatter?

On Sat, 17 Apr 2021 17:03:51 -0400 (EDT) Wietse Venema wrote: > li...@lazygranch.com: > > I do have "smtpd_sasl_auth_enable = yes" and I use port 587. Before > > I comment out that line, here is the general area of my main.cf > > dealing with sasl. I cut out my

Re: connect then disconnect; backscatter?

On Sat, 17 Apr 2021 18:25:47 -0400 (EDT) Wietse Venema wrote: > li...@lazygranch.com: > > > You should enable SASL auth in master.cf NOT main.cf, and ONLY for > > > a service that needs SASL auth. > > > > > > Otherwise you're turning it on for the

Re: connect then disconnect; backscatter?

On Sun, 18 Apr 2021 21:29:26 +1200 Nick Tait wrote: > On 18/04/21 7:32 pm, li...@lazygranch.com wrote: > > And so it goes. I suppose if this really bugs me I can block the > > server in firewalld. I've yet to see it actually deliver mail. Or > > complain to the d

connect then disconnect; backscatter?

I am getting a lot of these: Apr 17 07:27:10 mydomain postfix/smtpd[21897]: connect from mone183.secundiarourous.com[141.98.10.183] Apr 17 07:27:11 mydomain postfix/smtpd[21897]: disconnect from mone183.secundiarourous.com[141.98.10.183] ehlo=1 auth=0/1 quit=1 commands=2/3 Googling

Re: AUTH rate limit

On Wed, 3 Nov 2021 17:40:30 +0100 Matus UHLAR - fantomas wrote: > >>03.11.21, 10:53 +0100, @lbutlr: > >> > >>> postfix/smtps/smtpd[5554] warning: AUTH command rate limit > >>> exceeded: 4 > >>> > >>> Where is this limit set? I looked through postconf -d | grep auth > >>> looking for something

Re: method to discard email with body containing gmail address

ri, 05 Nov 2021 05:09:12 -0700 (PDT) MIME-Version: 1.0 Reply-To: jm84450...@gmail.com From: Abdulla Shahid Date: Fri, 5 Nov 2021 05:08:57 -0700 Message-ID: On Sat, 06 Nov 2021 10:54:48 -0500 Rob McGee wrote: > On 2021-11-06 06:15, li...@lazygranch.com wrote: > > Most of my spam conta

method to discard email with body containing gmail address

Most of my spam contains a gmail address to reply to the spammer. I would like to discard email whose body contains a gmail address. Since discarding mail could get ugly, I would hope someone on the list can eyeball my plan. I added body_checks = pcre:/etc/postfix/body_checks to main.cf. I made

Re: spam emails with "to:" line missing

On Fri, 15 Apr 2022 11:06:35 +0200 Tinne11 wrote: > > > Am 15.04.2022 um 08:49 schrieb Fourhundred Thecat > > <400the...@gmx.ch>: > > > > Are there any legitimate cases where "to:" might be missing? > > > RFC 5322 says: "The only required header fields are the origination > date field and

Re: spam emails with "to:" line missing

On Fri, 15 Apr 2022 11:06:35 +0200 Tinne11 wrote: > > > Am 15.04.2022 um 08:49 schrieb Fourhundred Thecat > > <400the...@gmx.ch>: > > > > Are there any legitimate cases where "to:" might be missing? > > > RFC 5322 says: "The only required header fields are the origination > date field and

check_client_access

I'm trying to allow-list (formerly whitelist) a TLD. I have these lines in my postfix main.cf: check_client_access hash:/etc/postfix/client_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/rbl_override, For the rbl_override file is

Re: check_client_access

On Sat, 30 Apr 2022 01:11:05 -0400 Viktor Dukhovni wrote: > On Sat, Apr 30, 2022 at 10:28:06AM +1000, raf wrote: > > > > .domain.tld > > > > > > Matches subdomains of domain.tld, but only when the > > > string smtpd_access_maps is not listed in the Postfix > > >

zen.spamhaus.org suggestion in postifx main.cf

Though not currently bouncing my maillog had this message (sanitized because of Google): NOQUEUE: reject: RCPT from avasout-peh-001.plus.net[212.159.14.17]: 554 5.7.1 Service unavailable; Client host [212.159.14.17] blocked using zen.spamhaus.org; Error: open resolver;

Re: zen.spamhaus.org suggestion in postifx main.cf

On Wed, 4 May 2022 20:47:16 +0200 Arrigo Triulzi wrote: > On 4 May 2022, at 20:40, li...@lazygranch.com wrote: > > > > Though not currently bouncing my maillog had this message > > (sanitized because of Google): > > > > NOQUEUE: reject: RCPT from avaso