Re: what does these log lines mean?

2018-11-06 Thread Poliman - Serwis 
Both are from one server. I am not cheating. Now I am confused, it's really
strange that these logs are diff. Your earlier message was enough for me.

2018-11-06 12:48 GMT+01:00 B. Reino :

> On Tue, 6 Nov 2018, Poliman - Serwis wrote:
>
> Thank you for answer. I attach .txt file with output of postconf -n.
>>
>
> Your original message showed amavis filtering on ports 10024 and 10026.
> Your postfix configuration shows only amavis on port 10024.
>
> I think your logs don't come from the postfix with the configuration you
> posted.
>
> In any case, what do you need to know?
> Have YOU configured the postfix server, or are you trying to understand
> why something happens (your log lines) on a server which you DO NOT
> administer?
>
> I don't think anybody here has time for puzzles.
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*

Re: what does these log lines mean?

2018-11-06 Thread B. Reino 

On Tue, 6 Nov 2018, Poliman - Serwis wrote:


Thank you for answer. I attach .txt file with output of postconf -n.


Your original message showed amavis filtering on ports 10024 and 10026.
Your postfix configuration shows only amavis on port 10024.

I think your logs don't come from the postfix with the configuration you
posted.

In any case, what do you need to know?
Have YOU configured the postfix server, or are you trying to understand 
why something happens (your log lines) on a server which you DO NOT 
administer?


I don't think anybody here has time for puzzles.

Re: what does these log lines mean?

2018-11-06 Thread Poliman - Serwis 
Thank you for answer. I attach .txt file with output of postconf -n.

2018-11-06 8:05 GMT+01:00 B. Reino :

> On Tue, 6 Nov 2018, Poliman - Serwis wrote:
>
> Sorry for http markup, I got knowledge for the future. Thank you for brief
>> answer. Does each email is filtered by amavisd or only some kind of
>> suspicious?
>>
>
> You're the only one who can answer that question. Did you configure such
> filtering?
>
> You could post your $(postconf -n)
>
> Cheers.
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*
root@s1:~# postconf -n
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
content_filter = amavis:[127.0.0.1]:10024
dovecot_destination_recipient_limit = 1
greylisting = check_policy_service inet:127.0.0.1:10023
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = s1.poliman.net, localhost, localhost.localdomain
myhostname = s1.poliman.net
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
owner_request_special = no
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps 
$virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps 
$virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps 
$sender_canonical_maps $recipient_canonical_maps $relocated_maps 
$transport_maps $mynetworks $smtpd_sender_login_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtp_bind_address = 54.38.202.128
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_message_rate_limit = 100
smtpd_client_restrictions = check_client_access 
mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, 
check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, 
reject_non_fqdn_hostname, reject_invalid_helo_hostname, 
reject_unknown_helo_hostname, check_helo_access 
regexp:/etc/postfix/blacklist_helo
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_destination, check_client_access inline:{91.218.208.22=ok}, 
reject_rbl_client zen.spamhaus.org, check_recipient_access 
mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access 
mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
defer_unauth_destination
smtpd_restriction_classes = greylisting
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = 
proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
smtpd_sender_restrictions = check_sender_access 
regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, 
permit_sasl_authenticated, check_sender_access 
mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access 
regexp:/etc/postfix/tag_as_foreign.re
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
transport_maps = hash:/var/lib/mailman/data/transport-mailman, 
proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, 
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, 
proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf

Re: what does these log lines mean?

2018-11-05 Thread B. Reino 

On Tue, 6 Nov 2018, Poliman - Serwis wrote:


Sorry for http markup, I got knowledge for the future. Thank you for brief
answer. Does each email is filtered by amavisd or only some kind of
suspicious?


You're the only one who can answer that question. Did you configure such 
filtering?


You could post your $(postconf -n)

Cheers.

Re: what does these log lines mean?

2018-11-05 Thread Poliman - Serwis 
2018-11-05 17:07 GMT+01:00 Noel Jones :

> On 11/5/2018 3:18 AM, Poliman - Serwis wrote:
> >
> > I have in mail.log file lines like below:
>
> (the http markup you posted screws up the log lines. plain text only
> next time please.)
>
> >
> > Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: filter: RCPT from
> > dedicated-aip61.rev.nazwa.pl
> > [77.55.223.61]:
> > : Sender address triggers FILTER
> > amavis:[127.0.0.1]:10024; from=
> > to=mailto:bi...@skpkrakow.pl>> proto=ESMTP
> > helo= > >
>
> There's a check_sender_access map that results in a FILTER
> statement.  After the mail is accepted, it will be filtered through
> amavisd.
>
> > Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: reject: RCPT from
> > dedicated-aip61.rev.nazwa.pl
> > [77.55.223.61]: 454 4.7.1
> > mailto:bi...@skpkrakow.pl>>: Relay access
> > denied; from= to= > > proto=ESMTP
> > helo= > >
>
> Message is rejected with "Relay access denied".  This means your
> postfix is not configured to accept mail for skpkrakow.pl and the
> client is not authenticated/authorized to relay.
>
> The 454 reject code indicates this is a temporary reject and the
> sender is free to retry.
>
> This could be due to default settings in smtpd_relay_restrictions
> that you haven't set up yet.
>
> > Nov 5 10:14:31 s1
> > postfix/smtpd[27320]: disconnect from dedicated-aip61.rev.nazwa.pl
> > [77.55.223.61] ehlo=2
> > starttls=1 mail=4 rcpt=0/4 rset=3 quit=1 commands=11/15
>
> The client disconnected after sending the number of commands listed.
>  The rcpt=0/4 indicates the client sent 4 RCPT commands, 0 were
> accepted.  The commands=11/15 indicates the client sent 15 total
> commands, 11 were accepted.
>
>
> > Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: filter: RCPT from
> > dedicated-aip61.rev.nazwa.pl
> > [77.55.223.61]:
> > : Sender address triggers FILTER
> > amavis:[127.0.0.1]:10026; from=
> > to=mailto:i...@skpkrakow.pl>> proto=ESMTP
> > helo= > >
>
> Another check_sender_access table with a FILTER result.
>
>
> If you need more help, please see
> http://www.postfix.org/DEBUG_README.html#mail
>
>
>
> >
> > What do they mean?
> >
> >
> >
> > --
> > /Pozdrawiam / Best Regards
> > /
> > /Piotr Bracha/
>
>
>
>
>-- Noel Jones
>

Sorry for http markup, I got knowledge for the future. Thank you for brief
answer. Does each email is filtered by amavisd or only some kind of
suspicious?

-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*

Re: what does these log lines mean?

2018-11-05 Thread Noel Jones 
On 11/5/2018 3:18 AM, Poliman - Serwis wrote:
> 
> I have in mail.log file lines like below:

(the http markup you posted screws up the log lines. plain text only
next time please.)

> 
> Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: filter: RCPT from
> dedicated-aip61.rev.nazwa.pl
> [77.55.223.61]:
> : Sender address triggers FILTER
> amavis:[127.0.0.1]:10024; from=
> to=mailto:bi...@skpkrakow.pl>> proto=ESMTP
> helo= >

There's a check_sender_access map that results in a FILTER
statement.  After the mail is accepted, it will be filtered through
amavisd.

> Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: reject: RCPT from
> dedicated-aip61.rev.nazwa.pl
> [77.55.223.61]: 454 4.7.1
> mailto:bi...@skpkrakow.pl>>: Relay access
> denied; from= to= > proto=ESMTP
> helo= > 

Message is rejected with "Relay access denied".  This means your
postfix is not configured to accept mail for skpkrakow.pl and the
client is not authenticated/authorized to relay.

The 454 reject code indicates this is a temporary reject and the
sender is free to retry.

This could be due to default settings in smtpd_relay_restrictions
that you haven't set up yet.

> Nov 5 10:14:31 s1
> postfix/smtpd[27320]: disconnect from dedicated-aip61.rev.nazwa.pl
> [77.55.223.61] ehlo=2
> starttls=1 mail=4 rcpt=0/4 rset=3 quit=1 commands=11/15

The client disconnected after sending the number of commands listed.
 The rcpt=0/4 indicates the client sent 4 RCPT commands, 0 were
accepted.  The commands=11/15 indicates the client sent 15 total
commands, 11 were accepted.


> Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: filter: RCPT from
> dedicated-aip61.rev.nazwa.pl
> [77.55.223.61]:
> : Sender address triggers FILTER
> amavis:[127.0.0.1]:10026; from=
> to=mailto:i...@skpkrakow.pl>> proto=ESMTP
> helo= >

Another check_sender_access table with a FILTER result.


If you need more help, please see
http://www.postfix.org/DEBUG_README.html#mail



> 
> What do they mean?
> 
> 
> 
> -- 
> /Pozdrawiam / Best Regards
> /
> /Piotr Bracha/




   -- Noel Jones