Re: Content filtering using MySQL table

2008-07-28 Thread mouss 

Jeff Weinberger wrote:

Hi:

I"m using content filtering by using the following (this is the example) 
syntax in master.cf:


smtp  inet  ...other stuff here, do not change...   smtpd
-o content_filter=myfilter:myfilter
myfilter unix  -   n   n   -   10  pipe
   flags..

All is working as expected.

According to the directive documentation, the content_filter directive I 
am using above can take a transport(5) table (hash:, pcre:, etc.) to use 
different transports for different domains



no, it does not. it is the value of content_filter that has the same 
syntax as the _result_ from a transport map. content_filter may not be a 
map.




Does anyone know if I can use a MySQL lookup for this? with a syntax like:

[snip]




if you want per recipient filtering, use multiple instances and then use 
transport_maps insted of content_filter. alternatively, do the check in 
the filter.


note that using a FILTER statement in a check_recipient_access call 
doesn't always work "as intended", because one content_filter is used 
even if there are multiple recipients.

Re: Wildcard for domain instead of user?

2008-07-28 Thread mouss 

Jeff Weinberger wrote:
I don't know if this is possible in a virtual alias (or even virtual) 
set up, but I would like to be able to set up a user name with a 
wildcard domain. Here's what I mean:


I host several domains. I would like the address 
'[EMAIL PROTECTED]' to go to the same place (me). So my initial 
thought was to set up in my virtual alias table an entry like this:


[EMAIL PROTECTED]  [EMAIL PROTECTED]



As Wietse said, do not intercept mail sent to domains you handle.

I use MySQL lookup tables. Will this work? is there a different way to 
specify the wildcard? is there a different approach I should take to 
making this work?


configure you sql statement to return "[EMAIL PROTECTED]" when '%u' is 
postmaster and '%d' is one of _your_ domains.

Re: dovecot.sieve file location?

2008-07-28 Thread mouss 

kbajwa wrote:

CentOS 5.2
Postfix-2.3.3
Dovecot-1.1.1
Dovecot.Sieve-1.1.5

I have setup with:

home_mailbox = Maildir/ (/etc/postfix/main.cf)  &

mail-location = maildir:~/Maildir (/etc/dovecot.conf)


I have created a 'test' user to test Sieve 'Vacation' setup. My questions
are:

1. Which folder '.dovecot.sieve' script is copied into? Is it 'home/test'
-or- 'home/test/Maildir' or someplace else?

2. '.dovecot.sieve' script parameter ":days 1" means that the reply is sent
once a day. Is it possible to send the reply 'immediately'? 



Welcome to the postfix mailing-list. for dovecot related questions, 
please ask on dovecot list.



(that said, .dovecot.sieve should be in the home directory of the user).

Re: LD_PRELOAD + Postfix problems

2008-07-28 Thread infaga03 

> - Understand that Postfix refuses [EMAIL PROTECTED]:port as an email
>   destination.
>
>   Wietse
>

Ok Wietse, thanks for the info... Do you know if there's any GPL mail
server accepting [EMAIL PROTECTED]:port as an email destination?

Thanks

Antonio

blacklist whitelist per domain

2008-07-28 Thread Furs 

Hi everybody.

I'm trying to find a solution with postfix that permits
a whitelist and blacklist per domain.

Every domain has to have its own list.

I found header checks it's a possible solution.

but, there is another one? Can I use "sender/recipient" access
where I can put with "regexp" or "pcre"

if/domain1/
   domain2 OK
   domain3 REJECT
endif

where domain1 is a recipient domain and domain2 and domain3 are
a sender domains.

Thank you very much.


Mensaje enviado desde el WebMail de OPENWIRED.NET

Re: Rewriting Subject line, adding an X-header?

2008-07-28 Thread Ville Walveranta 
As discussed in "Header check and script" thread, I modified the
yammer sub in Client.pm (yes, I'm sure it's not very pretty; my Perl
skills are very rusty.. but it seems to work). It doesn't yet check
for the end of the header (i.e. for a blank line) to prevent
replacement in the body as well, but I did both the addition of
"X-Spam: yes" header and cleanup of the Subject line in the content
filter. My question is, does this violate any RFCs? The resultant
header includes the "X-Spam: yes" in between of Delivered-To and From
lines, like so:

--
Delivered-To: [EMAIL PROTECTED]
X-Spam: yes  < this was added
From: Some User <[EMAIL PROTECTED]>
To: Ville Walveranta <[EMAIL PROTECTED]>
Subject: This is spam!  < "**SPAM**" was removed
Date: Mon, 28 Jul 2008 09:58:26 + (UTC)
--

I'd rather do both in the content filter as down the line there are
likely other change actions that needs to be done, and thus the single
action that can be done with header_checks isn't very useful.

Here's the modified yammer sub:

--[begin excerpt from smtpprox MSDW/SMTP/Client.pm]--
sub yammer {
my ($self, $fh) = (@_);
my $spamheader = "X-Spam: yes\r\n";
my $spam = 0;
local (*_);
local ($/) = "\r\n";
while (<$fh>) {
if ($_ =~ m/^Subject:\s*\*\*SPAM\*\*\s+/i) {
$spam = 1;
}
}
seek( $fh, 0, 0);
if ($spam == 1) {
$self->{sock}->print($spamheader) or die "$0: write error: $!\n";
}
while (<$fh>) {
s/^\./../;
if ($spam == 1) {
s/^Subject:\s*\*\*SPAM\*\*\s+/Subject: /i;
}
$self->{sock}->print($_) or die "$0: write error: $!\n";
}
$self->{sock}->print(".\r\n") or die "$0: write error: $!\n";
}
--[end excerpt from smtpprox MSDW/SMTP/Client.pm]--

Re: blacklist whitelist per domain

2008-07-28 Thread Robert Felber 
On Mon, Jul 28, 2008 at 11:52:52AM +0200, Furs wrote:
> 
> Hi everybody.
> 
> I'm trying to find a solution with postfix that permits
> a whitelist and blacklist per domain.

You may want to use restriction classes[1] or, more sophisticated,
a policy server. You can write your own policy server[2] or install
an existing policy server, for example postfwd[3].

1) http://www.postfix.org/RESTRICTION_CLASS_README.html
2) http://www.postfix.org/SMTPD_POLICY_README.html
3) http://www.postfwd.org/


-- 
Robert Felber (PGP: 896CF30B)
Munich, Germany

Re: LD_PRELOAD + Postfix problems

2008-07-28 Thread Wietse Venema 
[EMAIL PROTECTED]:
> 
> > - Understand that Postfix refuses [EMAIL PROTECTED]:port as an email
> >   destination.
> >
> > Wietse
> >
> 
> Ok Wietse, thanks for the info... Do you know if there's any GPL mail
> server accepting [EMAIL PROTECTED]:port as an email destination?

That would be a security hole.

Wietse

Re: Expiration log messages

2008-07-28 Thread Wietse Venema 
[EMAIL PROTECTED]:
> What log message should I look for when a message has been deferred  
> and Postfix has decided it is undeliverable? (I'm parsing the log and  
> need to know how to distinguish this from an actual bounce.) Will the  
> log contain a 5xx message for that mail?

Look at the "status=deferred" and "delay=" fields.

Wietse

Re: Expiration log messages

2008-07-28 Thread Victor Duchovni 
On Sun, Jul 27, 2008 at 09:32:34PM -0400, [EMAIL PROTECTED] wrote:

> What log message should I look for when a message has been deferred  
> and Postfix has decided it is undeliverable? (I'm parsing the log and  
> need to know how to distinguish this from an actual bounce.) Will the  
> log contain a 5xx message for that mail?
> 

Postfix logs the actual response code from the SMTP server. If a message
is too old to be deferred (again), it logs:

postfix/qmgr[10495]: 6ACBCD8C7A0: from=<[EMAIL PROTECTED]>,
status=expired, returned to sender

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Ordering of received vs. delivered messages

2008-07-28 Thread Jérôme Oufella 
I have a question regarding the queue handling methods in Postfix.

Is there a way to guarantee that messages that come in through the
smtpd(8) server, will be delivered to local mailboxes in the exact
same order by the local(8) delivery agent ? Under normal, but also
non-normal times, heavy incoming traffic for example.

Also, I have the same question if the message destination address is a
virtual alias, that points to several destinations, let's say 1 local
and 1 remote. Will a busy remote defer the delivery of the local
recipient of the message ?

Thanks for your hints.

Jerome

Re: blacklist whitelist per domain

2008-07-28 Thread Brian Evans - Postfix List 

Furs wrote:

Hi everybody.

I'm trying to find a solution with postfix that permits
a whitelist and blacklist per domain.

Every domain has to have its own list.

I found header checks it's a possible solution.

but, there is another one? Can I use "sender/recipient" access
where I can put with "regexp" or "pcre"

if/domain1/
   domain2 OK
   domain3 REJECT
endif

where domain1 is a recipient domain and domain2 and domain3 are
a sender domains.
  


This will not work.  See Robert Felber's post for more options.

As documented, the if of a header check MUST be the same as the 
comparison after.
The if is to a way to check the existence of a header. All actions in 
the if block MUST include the same expression as the if and, optionally, 
further checks on the same header.

Re: Ordering of received vs. delivered messages

2008-07-28 Thread Victor Duchovni 
On Mon, Jul 28, 2008 at 11:51:20AM -0400, J?r?me Oufella wrote:

> I have a question regarding the queue handling methods in Postfix.
> 
> Is there a way to guarantee that messages that come in through the
> smtpd(8) server, will be delivered to local mailboxes in the exact
> same order by the local(8) delivery agent ? Under normal, but also
> non-normal times, heavy incoming traffic for example.

No, but if the system is not too busy, and the incoming queue is serviced
by qmgr(8) in a timely fashion, the delivery to any single mailbox will
be approximately time-ordered.

> Also, I have the same question if the message destination address is a
> virtual alias, that points to several destinations, let's say 1 local
> and 1 remote. Will a busy remote defer the delivery of the local
> recipient of the message ?

Postfix performs delivery to different destinations separately and in
parallel.

For two nexthops sharing the same transport, until the transport
process limit is reached, one congested nexthop will not slow down
another congested nexthop. With default process and concurrency limits,
no *single* slow nexthop will saturate the transport process limit.

Until the active queue is saturated, one congested transport will not
stall delivery for another transport.

Do read QSHAPE_README.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Ordering of received vs. delivered messages

2008-07-28 Thread Wietse Venema 
=?ISO-8859-1?Q?J=E9r=F4me_Oufella?=:
> I have a question regarding the queue handling methods in Postfix.
> 
> Is there a way to guarantee that messages that come in through the
> smtpd(8) server, will be delivered to local mailboxes in the exact
> same order by the local(8) delivery agent ?

There is no first-in/first-out guarantee, except when the queue is empty.

> Under normal, but also
> non-normal times, heavy incoming traffic for example.
> 
> Also, I have the same question if the message destination address is a
> virtual alias, that points to several destinations, let's say 1 local
> and 1 remote. Will a busy remote defer the delivery of the local
> recipient of the message ?

Postfix schedules local and smtp deliveries in parallel.

Wietse

Postfix Bootcamp / School

2008-07-28 Thread Carlos Williams 
Does anyone know if  there is a recommended U.S. school / training
camp that offers a Postfix support? I checked the Postfix website and
there appears to be some but they're international.

My company has training funds & the only thing I would really like to
have a better understanding of is Postfix and how to make it my server
as smooth as possible.

I know many people are going to recommend "The Book of Postfix" which
I own 2 copies of (work and home) but would still like to attend
something more direct.

Thanks!

-- 
Man your battle stations...

SMTP-AUTH with crypt passwords in SQL backend

2008-07-28 Thread Juan Miscaro 
Hi everybody,

I have STARTTLS, SMTP-AUTH, and SASL running with cleartext passwords
in a SQL backend for a while now.  I am trying to switch over from
cleartext to crypt in terms of my passwords stored in MySQL.  I have
things running for IMAP with crypt.  For SMTP-AUTH I am using the same
SQL table and password.  I thought all I would need to do is edit my
smtpd.conf file (point to the encrypted table column and specify crypt
as password format) but I'm getting

postfix/smtpd[6085]: warning: SASL authentication failure: Password
verification failed
postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL PLAIN
authentication failed: authentication failure
postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL LOGIN
authentication failed: authentication failure

Here is my smtpd.conf:

pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN

#log_level: 2

sql_engine: mysql
sql_hostnames:  localhost
sql_database:   mail
sql_user:   postfix
sql_passwd: yeahright
sql_select: SELECT crypt FROM virtual_users WHERE email = '[EMAIL 
PROTECTED]'
sql_usessl: no
password_format: crypt

What am I missing?

/juan

Re: SMTP-AUTH with crypt passwords in SQL backend

2008-07-28 Thread mouss 

Juan Miscaro wrote:

Hi everybody,

I have STARTTLS, SMTP-AUTH, and SASL running with cleartext passwords
in a SQL backend for a while now.  I am trying to switch over from
cleartext to crypt in terms of my passwords stored in MySQL.  I have
things running for IMAP with crypt.  For SMTP-AUTH I am using the same
SQL table and password. 


you forgot to tell us what sasl implementatoin you use. I guess it's 
cyrus-sasl...



I thought all I would need to do is edit my
smtpd.conf file (point to the encrypted table column and specify crypt
as password format) but I'm getting



cyrus-sasl does not support encrypted mysql passwords. try something else.

note that:
- if you are using dovecot, then you'd better use dovecot as a sasl 
implementation
- if you are using courier, then you'd better use authdaemon via 
cyrus-sasl.





postfix/smtpd[6085]: warning: SASL authentication failure: Password
verification failed
postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL PLAIN
authentication failed: authentication failure
postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL LOGIN
authentication failed: authentication failure

Here is my smtpd.conf:

pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN

#log_level: 2

sql_engine: mysql
sql_hostnames:  localhost
sql_database:   mail
sql_user:   postfix
sql_passwd: yeahright
sql_select: SELECT crypt FROM virtual_users WHERE email = '[EMAIL 
PROTECTED]'
sql_usessl: no
password_format: crypt

What am I missing?


you missed the fact that we have no idea about your configuration. you 
are asking questions as though we all have similar configs. we don't.

Re: Postfix Bootcamp / School

2008-07-28 Thread Carlos Williams 
On Mon, Jul 28, 2008 at 1:59 PM, mouss <[EMAIL PROTECTED]> wrote:
> and you're where? and you'd pay what?

I am in Orlando, FL. Price depends on the length of training. I guess
I would like to leave that open to see what that is worth.

Ideally we would pay to have a consultant come down to Orlando or do
over the phone support to build a new system from scratch and assist
us in configuration of Postfix, RBL, Spam, and other mail features
based on our environment. Since I can't seem to find anyone who offers
such a service, I guessed a Postfix support class was the next best
thing. Price is really dependent on what is offered and included for
what length of time.

- Carlos

Re: blacklist whitelist per domain

2008-07-28 Thread mouss 

Furs wrote:

Hi everybody.

I'm trying to find a solution with postfix that permits
a whitelist and blacklist per domain.


whitelist/blacklist what? a client IP? a client domain? a helo? a sender 
? ... etc.





Every domain has to have its own list.


no. but a single list should do.



I found header checks it's a possible solution.



to do what?




but, there is another one? Can I use "sender/recipient" access
where I can put with "regexp" or "pcre"

if/domain1/
   domain2 OK
   domain3 REJECT
endif


in the case where domain1, domain2 and domain3 are completely different 
(i.e. the general case), the rule above matches NOTHING. bad example.





where domain1 is a recipient domain and domain2 and domain3 are
a sender domains.



What problem are you trying to solve? give real examples.

Re: Postfix Bootcamp / School

2008-07-28 Thread Carlos Williams 
On Mon, Jul 28, 2008 at 2:10 PM, Daniel L. Miller <[EMAIL PROTECTED]> wrote:
> Hmmm...I always wanted to see Florida

To be clear, I am fully capable of installing a vanilla Postfix server
up and getting it to send and receive email. I am looking for someone
who has extensive Postfix understanding and knowledge. Just someone
who can explain the in's and out's of the server and make sure it is
running at top level including 3rd party add-ons like Amavisd-new,
Spamassassin, and Clamav.

- Carlos

Re: SMTP-AUTH with crypt passwords in SQL backend

2008-07-28 Thread Patrick Ben Koetter 
* Juan Miscaro <[EMAIL PROTECTED]>:
> Hi everybody,
> 
> I have STARTTLS, SMTP-AUTH, and SASL running with cleartext passwords
> in a SQL backend for a while now.  I am trying to switch over from
> cleartext to crypt in terms of my passwords stored in MySQL.  I have
> things running for IMAP with crypt.  For SMTP-AUTH I am using the same
> SQL table and password.  I thought all I would need to do is edit my
> smtpd.conf file (point to the encrypted table column and specify crypt
> as password format) but I'm getting
> 
> postfix/smtpd[6085]: warning: SASL authentication failure: Password
> verification failed
> postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL PLAIN
> authentication failed: authentication failure
> postfix/smtpd[6085]: warning: modemcableBLAH[69.10.10.10]: SASL LOGIN
> authentication failed: authentication failure
> 
> Here is my smtpd.conf:
> 
> pwcheck_method: auxprop
> auxprop_plugin: sql
> mech_list: PLAIN LOGIN
> 
> #log_level: 2
> 
> sql_engine: mysql
> sql_hostnames:  localhost
> sql_database:   mail
> sql_user:   postfix
> sql_passwd: yeahright
> sql_select: SELECT crypt FROM virtual_users WHERE email = '[EMAIL 
> PROTECTED]'
> sql_usessl: no
> password_format: crypt
> 
> What am I missing?

1. The so called FROST patch, which adds functionality to Cyrus SASL to have
it verify crypted MySQL password. You patch, and you loose shared-secret
mechanism functionality and are left to use plaintext passwords only.

2. You don't patch, but don't use the sql auxprop_plugin. Instead you
configure saslauthd to use PAM and PAM to use the Mysql Plugin. Again, you
gain crypted passwords and loose shared-secret mechanisms.

[EMAIL PROTECTED]

-- 
The Book of Postfix

saslfinger (debugging SMTP AUTH):

Re: SMTP-AUTH with crypt passwords in SQL backend

2008-07-28 Thread Juan Miscaro 
2008/7/28 mouss <[EMAIL PROTECTED]>:
> Juan Miscaro wrote:
>>
>> Hi everybody,
>>
>> I have STARTTLS, SMTP-AUTH, and SASL running with cleartext passwords
>> in a SQL backend for a while now.  I am trying to switch over from
>> cleartext to crypt in terms of my passwords stored in MySQL.  I have
>> things running for IMAP with crypt.  For SMTP-AUTH I am using the same
>> SQL table and password.
>
> you forgot to tell us what sasl implementatoin you use. I guess it's
> cyrus-sasl...

Yes, I'm using Cyrus-SASL.

>> I thought all I would need to do is edit my
>> smtpd.conf file (point to the encrypted table column and specify crypt
>> as password format) but I'm getting
>>
>
> cyrus-sasl does not support encrypted mysql passwords. try something else.

:(

> - if you are using courier, then you'd better use authdaemon via cyrus-sasl.

Ah.  That would be nice!  I am indeed running Courier.

I updated smtpd.conf and everything seems to be working.  Thanks!

> you missed the fact that we have no idea about your configuration. you are
> asking questions as though we all have similar configs. we don't.

My apologies.

/juan

Re: Rewriting Subject line, adding an X-header?

2008-07-28 Thread Ville Walveranta 
Here's the completed code that includes the "blank line check" -- the
body is neither scanned for "Subject: **SPAM**" (saves time and
prevents false positives) nor is the substitution string run against
the body (so that any occurrences of "Subject: **SPAM**" are not
touched in the body).

If someone feels like beautifying my Perl code, or optimizing the
logic, I don't mind. ;-)

Ville

--[begin excerpt from smtpprox MSDW/SMTP/Client.pm]--
sub yammer {
my ($self, $fh) = (@_);
my $spamheader = "X-Spam: yes\r\n";
my $spam = 0;
local (*_);
local ($/) = "\r\n";
while (<$fh>) {
if ($_ =~ m/^Subject:\s*\*\*SPAM\*\*\s+/i) {
$spam = 1;
}
if ($_ =~ m/^\s*$/) {
last;
}
}
seek( $fh, 0, 0);
if ($spam == 1) {
$self->{sock}->print($spamheader) or die "$0: write error: $!\n";
}
while (<$fh>) {
s/^\./../;
if ($_ =~ m/^\s*$/) {
$spam = 0;
}
if ($spam == 1) {
s/^Subject:\s*\*\*SPAM\*\*\s+/Subject: /i;
}
$self->{sock}->print($_) or die "$0: write error: $!\n";
}
$self->{sock}->print(".\r\n") or die "$0: write error: $!\n";
}
--[end excerpt from smtpprox MSDW/SMTP/Client.pm]--

Re: Postfix Bootcamp / School

2008-07-28 Thread mouss 

Carlos Williams wrote:

On Mon, Jul 28, 2008 at 1:59 PM, mouss <[EMAIL PROTECTED]> wrote:


I fail to find this in the archives ;-p


and you're where? and you'd pay what?


I am in Orlando, FL. Price depends on the length of training. I guess
I would like to leave that open to see what that is worth.

Ideally we would pay to have a consultant come down to Orlando or do
over the phone support to build a new system from scratch and assist
us in configuration of Postfix, RBL, Spam, and other mail features
based on our environment. Since I can't seem to find anyone who offers
such a service, I guessed a Postfix support class was the next best
thing. Price is really dependent on what is offered and included for
what length of time.



The start of it is a stop. stop forwarding other people mail to the 
public. if you want public help, this list is the right place. if you 
want private help, use a private channel. and no, this list is not for 
private help or business.

Re: Rewriting Subject line, adding an X-header?

2008-07-28 Thread mouss 

Ville Walveranta wrote:

Here's the completed code that includes the "blank line check" -- the
body is neither scanned for "Subject: **SPAM**" (saves time and
prevents false positives) nor is the substitution string run against
the body (so that any occurrences of "Subject: **SPAM**" are not
touched in the body).

If someone feels like beautifying my Perl code, or optimizing the
logic, I don't mind. ;-)

Ville

--[begin excerpt from smtpprox MSDW/SMTP/Client.pm]--
sub yammer {
my ($self, $fh) = (@_);
my $spamheader = "X-Spam: yes\r\n";
my $spam = 0;
local (*_);
local ($/) = "\r\n";
while (<$fh>) {
if ($_ =~ m/^Subject:\s*\*\*SPAM\*\*\s+/i) {
$spam = 1;
}
if ($_ =~ m/^\s*$/) {
last;
}
}
seek( $fh, 0, 0);
if ($spam == 1) {
$self->{sock}->print($spamheader) or die "$0: write error: $!\n";
}
while (<$fh>) {
s/^\./../;
if ($_ =~ m/^\s*$/) {
$spam = 0;
}
if ($spam == 1) {
s/^Subject:\s*\*\*SPAM\*\*\s+/Subject: /i;
}
$self->{sock}->print($_) or die "$0: write error: $!\n";
}
$self->{sock}->print(".\r\n") or die "$0: write error: $!\n";
}



you're removing the blank line. always be careful with "last".

why do you split the while loop? you're changing the code too much...


my $spamheader="X-Spam: Yes";
...
while (<$fh>) {
  s/^\./../;
  if ($spamheader) {
if (/^Subject:\s*\*\*SPAM\*\*\s+/i) {
$_ = "Subject $'";
$self->{sock}->print($spamheader) ...
} elsif { /^$/) {
$spamheader = undef;
}
  }
  $self->{sock}->print($_) or die "$0: write error: $!\n";
}
...

BTW. I think the proxy adds \r\n by itself (and removes them when it 
reads the mail). you need to check this though.


anyway, count me out now.

MTA Rejection Explanation Needed

2008-07-28 Thread Rich Shepard 

   Postfix is rejecting mail from an address that should be allowed in. The
mail log tells me:

Jul 28 13:11:58 salmo postfix/smtpd[17243]: NOQUEUE: reject: RCPT from
wsip-xx-xxx-xx-xx.ph.ph.cox.net[xx.xxx.xx.xxx]: 450 4.1.7
<[EMAIL PROTECTED]>: Sender address rejected: unverified
address: Address verification in progress;
from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]>
proto=ESMTP helo=

   The IP address for cox.net is correct. I've added the 'someserver'.com and
hotmail addresses to /etc/postfix/rhsbl_sender_exceptions with an explicit
'OK'.

   Which address of the three is unverified, and how do I fix this problem?

Rich

--
Richard B. Shepard, Ph.D.   |  IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
 Voice: 503-667-4517  Fax: 503-667-8863

Re: Sender rewriting

2008-07-28 Thread Daniel Bareiro 
On Sunday, 27 July 2008 17:29:41 +0200,
mouss wrote:

Hi mouss.

>> I am trying to configure my home Postfix so that the outgoing mail to
>> an external email from a user of my LAN are rewritten to a valid
>> account of mail, which would be to me especially useful if I would
>> want to send some type of notification to a external mail by means of
>> a bash script.

> why not make the script send the message with
>   sendmail -f $sender ...
> ?

It's a good possibility about which I had not thought. Thanks for this
tip.

>> I was trying of several ways but until the moment I did not obtain
>> that it worked to me.
>>
>> In /etc/postfix/sender_canonical I tried with:
>>
>> @*.myintra.net  [EMAIL PROTECTED]
>>
>> Having in /etc/postfix/main.cf:
>>
>> sender_canonical_maps = regexp:/etc/postfix/sender_canonical

> do not use sender_canonical_maps. use canonical_maps instead (rewrite
> should be "symmetrical").

Mmmm... and, in case of using this table, how it would be the writing in
the inverse sense considering that of a side we are using generic
domains directions?

> But in your case, you probably want smtp_generic_maps.

>> What syntax would have to use?

> you need to learn regexp. @* means one or more '@'. and '.' means any
> character.
>
> to rewrite any [EMAIL PROTECTED] (shell style expression), use
> /@.*\.myintra\.net$/  [EMAIL PROTECTED]

> you should also read
>   http://www.postfix.org/SOHO_README.html

Great! It works! But in the Postfix logs I don't see that sender is
rewritten; the outgoing mail has the user in the local domain. But even
so the relay server take it like a valid user. How it makes the
rewriting?

Thanks for your reply.

Regards,
Daniel
-- 
Daniel Bareiro - GNU/Linux registered user #188.598
Proudly running Debian GNU/Linux with uptime:
18:21:36 up 1 day, 19:37, 13 users,  load average: 0.05, 0.03, 0.00


signature.asc
Description: Digital signature

Re: MTA Rejection Explanation Needed

2008-07-28 Thread Rich Shepard 

On Mon, 28 Jul 2008, Rich Shepard wrote:


  Postfix is rejecting mail from an address that should be allowed in. The
mail log tells me:


  More information.


proto=ESMTP helo=


  I should have written this as 'somedomain.com'.

  When I try to traceroute to the sending address I get as far as Cox's
Phoenix servers, then it stalls.

  Using 'dig' on the domain name returns the registed company name and
address, with a specific IP address. Running 'whois' on that IP address
yields a different company; I assume a small Tucson business hosting the
domain name.

  So, I suppose this is the source of the verification error. I'm not
putting specific details in messages that will be archived on the 'Net, but
it seems to convoluted. What I mean is, if a business is using cox.net for
their 'Net access, why wouldn't they have an IP address within Cox's address
block? Why an IP address that resolves to somewhere else?

  This mess involves a new client for me so I would like to figure out how
to receive mail from them ... and get mail sent back to them.

Rich

--
Richard B. Shepard, Ph.D.   |  IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
 Voice: 503-667-4517  Fax: 503-667-8863

Re: MTA Rejection Explanation Needed

2008-07-28 Thread Charles Marcus 

On 7/28/2008 5:03 PM, Rich Shepard wrote:

Postfix is rejecting mail from an address that should be allowed in. The
mail log tells me:

Jul 28 13:11:58 salmo postfix/smtpd[17243]: NOQUEUE: reject: RCPT from
wsip-xx-xxx-xx-xx.ph.ph.cox.net[xx.xxx.xx.xxx]: 450 4.1.7
<[EMAIL PROTECTED]>: Sender address rejected: unverified
address: Address verification in progress;
from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]>
proto=ESMTP helo=

The IP address for cox.net is correct.


It said SENDER address rejected... cox.net was the CLIENT address. The 
SENDER was <[EMAIL PROTECTED]>


Post output of postconf -n

Are you doing SAV (Sender Address Verification)? You should NOT use SAV 
for general mail reception, you should only do SAV probes for sending 
domains you control and/or have gotten explicit permission to do SAV for.



I've added the 'someserver'.com and hotmail addresses to
/etc/postfix/rhsbl_sender_exceptions with an explicit 'OK'.

Which address of the three is unverified, and how do I fix this
problem?


Disable SAV... you will never be able to receive mail from the big 
vendors (gmail, hotmail, yahoo) if you are doing SAV probes all the time...


So

--

Best regards,

Charles

postfix/smtpd[39072]:warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory

2008-07-28 Thread Danny Nielsen 
Hello.

Im having some problem sending mail, i can receive mails but not send.

The system is FreeBSD 6.3, im trying to make a mail server with virtual
domains, and from ports i have installed the following:

postfix-2.4.7,1
courier-authlib-base-0.61.0
courier-authlib-mysql-0.61.0
courier-imap-4.3.1,2
cyrus-sasl-2.1.22_1

The messages from my maillog...

Jul 28 23:08:07 Thor postfix/smtpd[39072]: connect from unknown[XXX]
Jul 28 23:08:14 Thor postfix/smtpd[39072]: warning: SASL authentication
failure: cannot connect to Courier authdaemond: No such file or directory
Jul 28 23:08:14 Thor postfix/smtpd[39072]: warning: SASL authentication
failure: Password verification failed
Jul 28 23:08:14 Thor postfix/smtpd[39072]: warning: unknown[]:
SASL PLAIN authentication failed: generic failure
Jul 28 23:08:14 Thor postfix/smtpd[39072]: warning: SASL authentication
failure: cannot connect to Courier authdaemond: No such file or directory
Jul 28 23:08:14 Thor postfix/smtpd[39072]: warning: unknown[]:
SASL LOGIN authentication failed: generic failure
Jul 28 23:08:18 Thor postfix/smtpd[39072]: disconnect from
unknown[X]

postconf -n...

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = X
myhostname = X
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = $mydestination
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,  reject_non_fqdn_hostname,
reject_non_fqdn_sender,  reject_non_fqdn_recipient,
reject_unauth_destination,  reject_unauth_pipelining,
reject_invalid_hostname,  reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,  reject_rbl_client
blackholes.easynet.nl,  reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,  reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client opm.blitzed.org,  reject_rbl_client dnsbl.njabl.org,
reject_rbl_client list.dsbl.org,  reject_rbl_client multihop.dsbl.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/usr/local/etc/postfix/
mysql_virtual_alias_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /home/mail/virtual
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/
mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 5120
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/
mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 125
virtual_transport = virtual
virtual_uid_maps = static:125


saslfinger -s...

Postfix: 2.4.7
System: FreeBSD 6.3-RELEASE-p1 (SMP) #0: Wed Feb 13 00:11:33 UTC 2008

-- smtpd is linked to --
libsasl2.so.2 => /usr/X11R6/lib/libsasl2.so.2 (0x8007a2000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous


-- listing of /usr/local/lib/sasl2 --
total 748
drwxr-xr-x   2 root  wheel   1024 Jul 28 20:56 .
drwxr-xr-x  18 root  wheel   9728 Jul 28 20:56 ..
-rw-r--r--   1 root  wheel  19412 Jul 28 20:56 libanonymous.a
-rwxr-xr-x   1 root  wheel829 Jul 28 20:56 libanonymous.la
-rwxr-xr-x   1 root  wheel  20008 Jul 28 20:56 libanonymous.so
-rwxr-xr-x   1 root  wheel  20008 Jul 28 20:56 libanonymous.so.2
-rw-r--r--   1 root  wheel  22522 Jul 28 20:56 libcrammd5.a
-rwxr-xr-x   1 root  wheel815 Jul 28 20:56 libcrammd5.la
-rwxr-xr-x   1 root  wheel  24233 Jul 28 20:56 libcrammd5.so
-rwxr-xr-x   1 root  wheel  24233 Jul 28 20:56 libcrammd5.so.2
-rw-r--r--   1 root  wheel  63552 Jul 28 20:56 libdigestmd5.a
-rwxr-xr-x   1 root  wheel838 Jul 28 20:56 libdigestmd5.la
-rwxr-xr-x   1 root  wheel  52754 Jul 28 20:56 libdigestmd5.so
-rwxr-xr-x   1 root  wheel  52754 Jul 28 20:56 libdigestmd5.so.2
-rw-r--r--   1 root  wheel  32244 Jul 28 20:56 libgssapiv2.a
-rwxr-xr-x   1 root  wheel891 Jul 28 20:56 libgssapiv2.la
-rwxr-xr-x   1 root  wheel  34131 Jul 28 20:56 libgssapiv2.so
-rwxr-xr-x   1 root  wheel  34131 Jul 28 20:56 libgssapiv2.so.2
-rw-r--r--   1 root  wheel  19798 Jul 28 20:56 liblogin.a
-rwxr-xr-x   1 root  wheel809 Jul 28 20:56 liblogin.la
-rwxr-xr-x   1 root  wheel  20471 Jul 28 20:56 liblogin.so
-rwxr-xr-x   1 root  wheel  20471 Jul 28 20:56

Re: Rewriting Subject line, adding an X-header?

2008-07-28 Thread Robert Spencer 
On 7/26/08, Ville Walveranta <[EMAIL PROTECTED]> wrote:
<...>
> The external service tags the spam Subject
> lines with **SPAM**, and currently there is no option to change that
> to a header tag on their side. I would like to do that locally so that
> the Subjects of all of the spam messages in their spam boxes would not
> start with "**SPAM**".

Good idea, I too detest the subject line change.

> So the question is: How do I detect "**SPAM**" on the subject line,
> remove it (i.e. rewrite the Subject line), and add something like
> "X-Spam: yes" into the header of the messages whose Subject includes
> "**SPAM**"?

Can't they add "X-Spam: yes"? For a paid service they're offering you
remarkably little options.

Next question, why add it? If all your spam is coming from one source,
you can just filter on that or have the util that retrieves the spam
dump it straight into a spam folder.

-- 
Robert Spencer

Re: MTA Rejection Explanation Needed

2008-07-28 Thread Rich Shepard 

On Mon, 28 Jul 2008, Charles Marcus wrote:


Post output of postconf -n


alias_database = hash:/etc/aliases
alias_maps = hash:/etc/postfix/aliases, hash:/etc/postfix/major-aliases
body_checks = regexp:/etc/postfix/body_checks
command_directory = /usr/sbin/
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debug_peer_list = petfooddirect.com
default_privs = nobody
default_process_limit = 200
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
in_flow_delay = 1s
inet_interfaces = all
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 32768000
mydestination = $myhostname, mail.$mydomain, localhost.$mydomain,
localhost.$mydomain, $mydomain, /etc/postfix/local/localdomains
mydomain = .com
myhostname = ..com
mynetworks = 192.168.xx.0/24, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /etc/postfix/README_FILES
sample_directory = /etc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/internal_network,permit_mynetworks,
check_client_access hash:/etc/postfix/badaddr,reject_rbl_client
zen.spamhaus.org,reject_rbl_client bl.spamcop.net,
reject_rbl_client list.dsbl.org,reject_rhsbl_sender
dsn.rfc-ignorant.org,reject_unknown_reverse_client_hostname,
check_sender_mx_access cidr:/etc/postfix/bogus_mx,  check_sender_access
hash:/etc/postfix/rhsbl_sender_exceptions,  check_sender_access
hash:/etc/postfix/common_spam_senderdomains,check_sender_access
hash:/etc/postfix/badaddr,  permit
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,reject_unauth_destination,
check_recipient_access hash:/etc/postfix/roleaccount_exceptions,
check_recipient_access hash:/etc/postfix/recipients,
check_helo_access pcre:/etc/postfix/helo_checks,
reject_non_fqdn_recipient,  reject_non_fqdn_sender,
reject_unknown_sender_domain,   reject_non_fqdn_hostname,
reject_invalid_hostname,permit
smtpd_restriction_classes = has_our_domain_as_sender
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
soft_bounce = no
unknown_local_recipient_reject_code = 550

Are you doing SAV (Sender Address Verification)? You should NOT use SAV for 
general mail reception, you should only do SAV probes for sending domains you 
control and/or have gotten explicit permission to do SAV for.


  Not sure if that's enabled under a different name.


Disable SAV... you will never be able to receive mail from the big vendors
(gmail, hotmail, yahoo) if you are doing SAV probes all the time...


  I've had no problems -- and still don't -- receiving mail from gmail,
hotmail, or yahoo accounts except for this one instance.

  The sender (@hotmail.com) is using another company's server
(somedomain.com) between her and cox.net. It's that other company's server
to which I cannot trace the route and where dig and whois do not supply the
same IP address and domain name.

Rich

--
Richard B. Shepard, Ph.D.   |  IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
 Voice: 503-667-4517  Fax: 503-667-8863

Re: Rewriting Subject line, adding an X-header?

2008-07-28 Thread Ville Walveranta 
On Mon, Jul 28, 2008 at 3:08 PM, mouss <[EMAIL PROTECTED]> wrote:
> you're removing the blank line. always be careful with "last".

No, the first pass was just to collect information (i.e. whether the
"**SPAM**" exists on the Subject line). It didn't remove the blank
line in the end of the header.

> why do you split the while loop?

Ok, I revised my version in order to not split the while loop. Same
result as your code, except that the X-Spam header is placed as the
last item of the headers (perhaps cleaner headers, if anyone cares).


my $spamheader = "X-Spam: yes\r\n";
my $check_spam = 1;
my $add_X_spam = 0;
...
while (<$fh>) {
s/^\./../;
if ($check_spam) {
  if (s/^Subject:\s*\*\*SPAM\*\*\s+/Subject: /i) {
$add_X_spam = 1;
  }
  if (/^\s*$/) {
$check_spam = 0;
  }
}
if ($add_X_spam && m/^\s*$/) {
  $_ = $spamheader;
  $add_X_spam = 0;
}
$self->{sock}->print($_) or die "$0: write error: $!\n";
}


> BTW. I think the proxy adds \r\n by itself (and removes them when it reads
> the mail). you need to check this though.

If there is no "\r\n" in the end of the spamheader, the following line
in the resultant header is concatenated (or, in above code, the blank
line and thus the separation between the header and the message body,
is lost).

> anyway, count me out now.

Ok. Thanks for advise on this issue; it helped a lot!

Ville

Re: Rewriting Subject line, adding an X-header?

2008-07-28 Thread Ville Walveranta 
On Mon, Jul 28, 2008 at 4:55 PM, Robert Spencer <[EMAIL PROTECTED]> wrote:
> Can't they add "X-Spam: yes"? For a paid service they're offering you
> remarkably little options.

I'm requesting that change as it would positively identify the spam
messages. They generally seem to buffer the spam on their side and
allow users to access the spam folder though a web interface. However,
some less technical users find it easier to go looking for messages
that have been potentially mistagged as spam in a "Spam" folder in
Outlook rather than by logging to the web interface.

> Next question, why add it? If all your spam is coming from one source,
> you can just filter on that or have the util that retrieves the spam
> dump it straight into a spam folder.

Yeah, spam dump would be an option, but it would be more like a digest
that I would then have to parse and place in the Spam folder, so it
would involve work as well. Going that route there would also be a
delay with the arrival of the messages tagged as spam. If someone is
expecting an email which erroneously gets tagged as spam, at least
they will now have access to it immediately.

The only downside with this setup is, I suppose, that if someone sends
a message with a subject beginning "**SPAM**" it will erroneously go
into the spam folder. But then, if someone sends such a message in
this Age of Spam, perhaps their email deserves to end up in the spam
folder ;-).

Ville

Re: MTA Rejection Explanation Needed

2008-07-28 Thread Sahil Tandon 
Rich Shepard <[EMAIL PROTECTED]> wrote:

> On Mon, 28 Jul 2008, Charles Marcus wrote:

[...]

>> Are you doing SAV (Sender Address Verification)? You should NOT use SAV 
>> for general mail reception, you should only do SAV probes for sending 
>> domains you control and/or have gotten explicit permission to do SAV for.
>
>   Not sure if that's enabled under a different name.

Sender Address Verification (SAV) is done in Postfix with the  
reject_unverified_sender parameter; see postconf(5) for details.  Before 
employing this feature, make sure you understand its implications and read 
the ADDRESS_VERIFICATION_README.
   
>> Disable SAV... you will never be able to receive mail from the big vendors
>> (gmail, hotmail, yahoo) if you are doing SAV probes all the time...
>
>   I've had no problems -- and still don't -- receiving mail from gmail,
> hotmail, or yahoo accounts except for this one instance.
>
>   The sender (@hotmail.com) is using another company's server
> (somedomain.com) between her and cox.net. It's that other company's server
> to which I cannot trace the route and where dig and whois do not supply the
> same IP address and domain name.

There are several references to access(5) maps in your main.cf; do any of 
them have reject_unverified_sender as an action on the RHS?  Check with:

# grep reject_unverified_sender /path/to/maps/folder/*  

[...]

-- 
Sahil Tandon <[EMAIL PROTECTED]>

Re: Rewriting Subject line, adding an X-header?

2008-07-28 Thread Robert Spencer 
On 7/29/08, Ville Walveranta <[EMAIL PROTECTED]> wrote:
> On Mon, Jul 28, 2008 at 4:55 PM, Robert Spencer <[EMAIL PROTECTED]>
> wrote:
>> Can't they add "X-Spam: yes"? For a paid service they're offering you
>> remarkably little options.
>
> I'm requesting that change as it would positively identify the spam
> messages. They generally seem to buffer the spam on their side and
> allow users to access the spam folder though a web interface. However,
> some less technical users find it easier to go looking for messages
> that have been potentially mistagged as spam in a "Spam" folder in
> Outlook rather than by logging to the web interface.

Your "less technical" users are right, it takes less time to look in a
spam folder than it is to open a browser window and navigate to the
web interface. I would have found it irritating in a very short time
and some users would even given up on the task after a while.

Unfortunately I've known users who never check their spam folder, so
the spam db gets poisoned over time. I hope your has some workaround
for that.

>> Next question, why add it? If all your spam is coming from one source,
>> you can just filter on that or have the util that retrieves the spam
>> dump it straight into a spam folder.
>
> Yeah, spam dump would be an option, but it would be more like a digest
> that I would then have to parse and place in the Spam folder, so it
> would involve work as well.

There are scripts on the Net for splitting digests and you can also
use a script to turn it into a mbox mail file.

> Going that route there would also be a
> delay with the arrival of the messages tagged as spam. If someone is
> expecting an email which erroneously gets tagged as spam, at least
> they will now have access to it immediately.

Okay.

> The only downside with this setup is, I suppose, that if someone sends
> a message with a subject beginning "**SPAM**" it will erroneously go
> into the spam folder. But then, if someone sends such a message in
> this Age of Spam, perhaps their email deserves to end up in the spam
> folder ;-).

I've received legitimate mail with "**SPAM**"  in the subject line and
it wasn't due to software on my side.  I've even seen mail on a
mailing list were a clueless newbie quoted the entire message body in
his mail and every time it went through his spam filter another
"**SPAM**" was added to the subject line. Ouch!

It might help if you check for something in front of it like "Re", but
"Re" is English and if you receive mail from Europe it can land up
becoming something else.

-- 
Robert Spencer

Re: MTA Rejection Explanation Needed

2008-07-28 Thread Rich Shepard 

On Mon, 28 Jul 2008, Sahil Tandon wrote:


Sender Address Verification (SAV) is done in Postfix with the
reject_unverified_sender parameter; see postconf(5) for details.  Before
employing this feature, make sure you understand its implications and read
the ADDRESS_VERIFICATION_README.


Sahil,

  I did have hotmail in common_spam_senderdomains, and just removed it. That
should solve the problem.

  It was so long ago that I last looked at (or edited)
common_spam_senderdomains that I totally forgot what was in there.

Thank you,

Rich

--
Richard B. Shepard, Ph.D.   |  IntegrityCredibility
Applied Ecosystem Services, Inc.|Innovation
 Voice: 503-667-4517  Fax: 503-667-8863

Re: postfix/smtpd[39072]:warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory

2008-07-28 Thread Sahil Tandon 
Danny Nielsen <[EMAIL PROTECTED]> wrote:

> Hello.
> 
> Im having some problem sending mail, i can receive mails but not send.
> 
> The system is FreeBSD 6.3, im trying to make a mail server with virtual
> domains, and from ports i have installed the following:
> 
> postfix-2.4.7,1
> courier-authlib-base-0.61.0
> courier-authlib-mysql-0.61.0
> courier-imap-4.3.1,2
> cyrus-sasl-2.1.22_1
> 
> The messages from my maillog...
> 
> Jul 28 23:08:07 Thor postfix/smtpd[39072]: connect from unknown[XXX]
> Jul 28 23:08:14 Thor postfix/smtpd[39072]: warning: SASL authentication
> failure: cannot connect to Courier authdaemond: No such file or directory
> Jul 28 23:08:14 Thor postfix/smtpd[39072]: warning: SASL authentication
> failure: Password verification failed

[...]

> -- content of /usr/local/lib/sasl2/smtpd.conf --
> pwcheck_method: authdaemond
> log_level: 3
> mech_list: PLAIN LOGIN
> authdaemond_path: /var/run/authdaemond/socket

Is there any trailing whitespace after the word "socket" above?

[...]

-- 
Sahil Tandon <[EMAIL PROTECTED]>

To block backscatter mail

2008-07-28 Thread Carlos Alberto Bernat Orozco 
Hi group

I'm writing to you as my only hope. I'm very dissapointed because I'm
black listed due to a misconfiguration that I haven't found where.

This is the problem. From a time, I've been watching my logs and this
is what I see:

Jul 14 23:48:21 server postfix/qmgr[11448]: A9044104A29: from=<>,
size=3613, nrcpt=1 (queue active)
Jul 14 23:48:21 server postfix/qmgr[11448]: 89CB2104C08:
from=<[EMAIL PROTECTED]>, size=1734, nrcpt=4 (queue active)
Jul 14 23:48:21 server postfix/qmgr[11448]: 5C3651049D2: from=<>,
size=3197, nrcpt=1 (queue active)
Jul 14 23:48:21 server postfix/qmgr[11448]: 5F140104BF2:
from=<[EMAIL PROTECTED]>, size=1799, nrcpt=4 (queue active)

A lot of this. It appears I'm sending backscatter email. The account
"ber" doesn't even exist and the "from=<>" is impossible to block
until moment. I read the next:

http://www.postfix.org/BACKSCATTER_README.html

But here is what I don't know why this happening.

How can I block this? I know I'm not an open relay. So why is this
happening? I send my postconf

# postconf -n
alias_maps = hash:/etc/postfix/aliases, hash:/var/lib/mailman/data/aliases
body_checks = regexp:/etc/postfix/regexp.body, regexp:/etc/postfix/body_checks
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/regexp.header,
regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix-2.2.5/html
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail -Y -a $DOMAIN
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain $mydomain
mydomain = midominio.net.co
myhostname = server.midominio.net.co
mynetworks = 10.0.0.0/16 10.1.0.0/16 127.0.0.0/8 172.16.0.0/16
10.2.0.0/16 x.x.x.x/24
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.5/README_FILES
relay_domains = $mydestination
relayhost =
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Mandriva Linux)
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/access,   permit_mynetworks,
reject_unknown_client,  reject_rbl_client zen.spamhaus.org,
permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,check_helo_access
hash:/etc/postfix/helo.regexp,reject_non_fqdn_hostname,
reject_invalid_hostname,permit
smtpd_recipient_restrictions = check_client_access
hash:/etc/postfix/client_checks,check_sender_access
hash:/etc/postfix/sender_checks, reject_invalid_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_sender_domain,   reject_unknown_recipient_domain,
 permit_mynetworks,  reject_unauth_destination,
check_client_access hash:/etc/postfix/rbl_client_exceptions,
reject_rbl_client zen.spamhaus.org, permit
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/sender_checks,permit_mynetworks,
reject_non_fqdn_sender, reject_unknown_sender_domain,   permit
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554


Please I need some guidance because I don't know how to stop this

Thanks in advanced

To block backscatter mail

2008-07-28 Thread Carlos Alberto Bernat Orozco 
Hi group

I'm writing to you as my only hope. I'm very dissapointed because I'm
black listed due to a misconfiguration that I haven't found where.

This is the problem. From a time, I've been watching my logs and this
is what I see:

Jul 14 23:48:21 server postfix/qmgr[11448]: A9044104A29: from=<>,
size=3613, nrcpt=1 (queue active)
Jul 14 23:48:21 server postfix/qmgr[11448]: 89CB2104C08:
from=<[EMAIL PROTECTED]>, size=1734, nrcpt=4 (queue active)
Jul 14 23:48:21 server postfix/qmgr[11448]: 5C3651049D2: from=<>,
size=3197, nrcpt=1 (queue active)
Jul 14 23:48:21 server postfix/qmgr[11448]: 5F140104BF2:
from=<[EMAIL PROTECTED]>, size=1799, nrcpt=4 (queue active)

A lot of this. It appears I'm sending backscatter email. The account
"ber" doesn't even exist and the "from=<>" is impossible to block
until moment. I read the next:

http://www.postfix.org/BACKSCATTER_README.html

But here is what I don't know why this happening.

How can I block this? I know I'm not an open relay. So why is this
happening? I send my postconf

# postconf -n
alias_maps = hash:/etc/postfix/aliases, hash:/var/lib/mailman/data/aliases
body_checks = regexp:/etc/postfix/regexp.body, regexp:/etc/postfix/body_checks
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/regexp.header,
regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix-2.2.5/html
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail -Y -a $DOMAIN
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain $mydomain
mydomain = midominio.net.co
myhostname = server.midominio.net.co
mynetworks = 10.0.0.0/16 10.1.0.0/16 127.0.0.0/8 172.16.0.0/16
10.2.0.0/16 x.x.x.x/24
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.5/README_FILES
relay_domains = $mydestination
relayhost =
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Mandriva Linux)
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/access,   permit_mynetworks,
reject_unknown_client,  reject_rbl_client zen.spamhaus.org,
permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,check_helo_access
hash:/etc/postfix/helo.regexp,reject_non_fqdn_hostname,
reject_invalid_hostname,permit
smtpd_recipient_restrictions = check_client_access
hash:/etc/postfix/client_checks,check_sender_access
hash:/etc/postfix/sender_checks, reject_invalid_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_sender_domain,   reject_unknown_recipient_domain,
permit_mynetworks,  reject_unauth_destination,
check_client_access hash:/etc/postfix/rbl_client_exceptions,
reject_rbl_client zen.spamhaus.org, permit
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/sender_checks,permit_mynetworks,
reject_non_fqdn_sender, reject_unknown_sender_domain,   permit
strict_rfc821_envelopes = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554


Please I need some guidance because I don't know how to stop this

Thanks in advanced

Re: Rewriting Subject line, adding an X-header?

2008-07-28 Thread Ville Walveranta 
On Mon, Jul 28, 2008 at 7:30 PM, Robert Spencer <[EMAIL PROTECTED]> wrote:
> Your "less technical" users are right, it takes less time to look in a
> spam folder than it is to open a browser window and navigate to the
> web interface. I would have found it irritating in a very short time
> and some users would even given up on the task after a while.

That's true of course. I just probably would not have explored this
option without some users really disliking separate path to view mail
that was tagged spam.

> Unfortunately I've known users who never check their spam folder, so
> the spam db gets poisoned over time. I hope your has some workaround
> for that.

The service(s) that I'm looking at don't seem to so much rely on user
feedback to identify spam. They use RBLs, Bayesian filtering, etc. And
obviously the users have the option to probably black/whitelist items
(and greylisting is also available).

> I've received legitimate mail with "**SPAM**"  in the subject line and
> it wasn't due to software on my side.  I've even seen mail on a
> mailing list were a clueless newbie quoted the entire message body in
> his mail and every time it went through his spam filter another
> "**SPAM**" was added to the subject line. Ouch!

For now those unfortunate emails just have to go to the spam folder.
Maybe I'll either end up with a filtering service that does offer
header tagging, or this current one I'm testing will add the feature
in.

Ville

use default relayhost if sender is local

2008-07-28 Thread gabriele esposito 
I run Debian etch and i use smtp.gmail.com as postfix relayhost.
I also have a list of senders from different domains allowed to relay
smtp traffic on my server .
While for local senders in $myorigin i want my postfix to relay smtp
with gmail , for users in the list i want my local postfix to not
relay and to do it on its own .
this is my postfconf -n:

alias_database = hash:/etc/aliases
alias_maps = $alias_database
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.txt
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks.txt
home_mailbox = Maildir/
inet_interfaces = all
mail_spool_directory = /var/spool/mail
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname, $mydomain, www.$mydomain ,ns2.$mydomain
,ns1.$mydomain ,localhost.$mydomain
mydomain = gabrix.ath.cx
myhostname = mail.gabrix.ath.cx
mynetworks = 127.0.0.0/8, 10.0.0.0/8
myorigin = $myhostname
recipient_delimiter = +
relayhost = [smtp.gmail.com]:587
show_user_unknown_table_name = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_cert_file = /etc/postfix/ssl/smtpcert.pem
smtp_tls_key_file = /etc/postfix/ssl/smtpkey.pem
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Open/OS)
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpcert.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtpkey.pem
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes

I hope i was clear , Thanks !
-- 
http://www.gabrix.ath.cx