Re: How to ensure that either FROM or TO is local

2010-01-04 Thread Serge Fonville 
Thx for the reply.

> While it was intended, no doubt, to be very wrong, it failed. Lacking
> a valid CIDR expression, that only matches the single IPv4 address of
> 0.0.0.0, which, having special meaning in networking, is unroutable.
> A setting of equivalent functionality is "mynetworks =".
>
> The OP would be well advised to review the BASIC_CONFIGURATION_README,
> listing in $mynetworks the client networks which should be allowed to
> relay.
I read all the postfix docs I could find...

> If the OP does not wish to allow any to relay on the basis of IP
> address unless using a "local sender", as the $SUBJECT suggests, the
> solution is pretty simple.
>
> main.cf :
> mynetworks = real.IP.add.ress/CIDR[, ...]
> smtpd_recipient_restrictions = reject_unlisted_sender,
>    permit_mynetworks, permit_sasl_authenticated,
>    reject_unauth_destination[, ...]
This did not seem to work as expected.

>> don't know if using smtpd_reject_unlisted_sender would prevent
>> anything going wrong here, but this is likely to make you an open
>> relay.
>
> If the wrong thing had been done correctly ;) I think this would have
> worked too, that is, if I understood the OP's goal correctly.

I'm using a virtual transport for all my mail.
With local mail I meant all mail that goes through this transport.
To verify the 'local' users I use LDAP. It contains all my users and
their email addresses.

So basically, what my 'ideal' configuration would offer

If someone from a none private IP (or localhost) tries to send a mail
it is required to have a recipient that is part of the service that
offers the virtual transport (this way internal people can send to
each other and to people outside the interna; environment.
When someone from a public IP tries to send a mail it is required that
the sender is an unkown address and the recipient is known.

This (I believe) can be resolved by using either two instances. or
some sort of policy daemon.

What I currently don't know is how I would go about and resolve this.

I hope I have clarified any euhh... unclarities

Thanks a lot!

Regards,

Serge Fonville
-- 
http://www.sergefonville.nl

Convince Google!!
They need to support Adsense over SSL
https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528
http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en

Re: 3000 recipients

2010-01-04 Thread Ralf Hildebrandt 
* richard lucassen :
> Hello list,
> 
> I want to send once a week a simple mail to a list of 3000 recipients. I
> can set smtpd_recipient_limit and smtpd_recipient_overshoot_limit to
> higher limits, but is there a better way to handle this?

Use an MLM

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

forward problem: mail delivered twice

2010-01-04 Thread nik600 
Dear all

i've installed a postfix server with mysql support.

i've also set-up a custom filter script shell that calls spamc and
some other custom utils, this script cannot handle multiple
recipients, so i've set

filter_destination_recipient_limit = 1

The problem that i've experienced is that when i've got an entry like
this in the alias table:

+---+--+--+-+-++
| address   | goto
| domain   | created
  | modified| active |
+---+--+--+-+-++
| forwar...@foo.com | i...@foo.com,f...@yahoo.it,f...@libero.it |
foo.com | -00-00 00:00:00 | 2009-12-30 17:37:22 |  1 |
+---+--+--+-+-++

Sending an e-mail to forwar...@foo.com causes that my script is called 4 times:

forwar...@foo.com
i...@foo.com
f...@yahoo.it
f...@libero.it

and the result is that i...@foo.com,f...@yahoo.it,f...@libero.it
receives the mail twice.

postconf -n:
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
disable_vrfy_command = yes
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 10024
mydestination = $transport_maps
mydomain = foo.com
myhostname = mail.foo.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains =
proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf,hash:/etc/postfix/relay
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_host_lookup = native,dns
smtpd_client_connection_count_limit = 50
smtpd_client_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender,reject_rbl_client
sbl-xbl.spamhaus.org,reject_non_fqdn_hostname,reject_non_fqdn_recipient
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_invalid_hostname
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,check_sender_access
hash:/etc/postfix/whitelist/whitelist_reject_non_fqdn_sender,reject_non_fqdn_sender,reject_non_fqdn_sender,reject_unauth_destination,reject_unauth_pipelining,reject_rbl_client
sbl-xbl.spamhaus.org,reject_non_fqdn_hostname,reject_non_fqdn_recipient
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = sasl2/smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_sender_restrictions =
permit_sasl_authenticated,permit_mynetworks,check_sender_access
hash:/etc/postfix/whitelist/whitelist_reject_non_fqdn_sender,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_non_fqdn_hostname,reject_non_fqdn_recipient
strict_rfc821_envelopes = yes
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:102
virtual_mailbox_base = /var/spool/postfix/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 10024
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1000
virtual_transport = virtual
virtual_uid_maps = static:1000

master.cf

smtp  inet  n   -   n   -   -   smtpd
-o content_filter=filter:dummy
9009  inet  n   -   n   -   -   smtpd
-o content_filter=filter:dummy
filterunix  -   n   n   -   20  pipe
flags=Rq user=filter argv=/var/script/filtra_spamc_1.6 -f
${sender} -- ${recipient} ${sasl_username}


Is that behaviour correct?
How can i avoid to call the custom filter for forwar...@foo.com ?

Thanks

-- 
/*/
nik600
http://www.kumbe.it

Re: forward problem: mail delivered twice

2010-01-04 Thread nik600 
On Mon, Jan 4, 2010 at 12:52 PM, nik600  wrote:
> Dear all
>
> i've installed a postfix server with mysql support.
>
> i've also set-up a custom filter script shell that calls spamc and
> some other custom utils, this script cannot handle multiple
> recipients, so i've set
>
> filter_destination_recipient_limit = 1
>
> The problem that i've experienced is that when i've got an entry like
> this in the alias table:
>

I've also tried to change master.cf like:

smtp  inet  n   -   n   -   -   smtpd
-o content_filter=filter:dummy
   -o receive_override_options=no_address_mappings
9009  inet  n   -   n   -   -   smtpd
-o content_filter=filter:dummy
   -o receive_override_options=no_address_mappings

This fix the problem for the forward, but stops to apply custom spam
settings, infact in that case the filter is called only for
forwar...@foo.com and obviosly it doesn't load any custom spam option
of

i...@foo.com
f...@yahoo.it
f...@libero.it

Is it possible to avoid that?

-- 
/*/
nik600
http://www.kumbe.it

Re: possible problem with postfix/local??

2010-01-04 Thread satishkumarp2k1 


Thanks a lot to everyone for suggestions. Couple of questions:

1. I noticed that postfix restarts the appropriate daemons/programs
(smtpd/local) whenever it notices changes in the aliases files. How does it
determine that (based on file's attributes etc.)?? 

2. Does postfix load the alias tables into memory?? I am just trying to
understand whether postfix searches in the memory resident copy of data or
makes a system call to hash tables?

Thanks
-- 
View this message in context: 
http://old.nabble.com/possible-problem-with-postfix-local---tp26939697p27012319.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: forward problem: mail delivered twice

2010-01-04 Thread Wietse Venema 
nik600:
> On Mon, Jan 4, 2010 at 12:52 PM, nik600  wrote:
> > Dear all
> >
> > i've installed a postfix server with mysql support.
> >
> > i've also set-up a custom filter script shell that calls spamc and
> > some other custom utils, this script cannot handle multiple
> > recipients, so i've set
> >
> > filter_destination_recipient_limit = 1
> >
> > The problem that i've experienced is that when i've got an entry like
> > this in the alias table:
> >
> 
> I've also tried to change master.cf like:
> 
> smtp  inet  n   -   n   -   -   smtpd
> -o content_filter=filter:dummy
>-o receive_override_options=no_address_mappings
> 9009  inet  n   -   n   -   -   smtpd
> -o content_filter=filter:dummy
>-o receive_override_options=no_address_mappings

As documented in http://www.postfix.org/FILTER_README.html
you must turn off address_mappings BEFORE or AFTER the
filter NOT on both sides.

Wietse

Re: 3000 recipients

2010-01-04 Thread Kenneth Marshall 
On Sun, Jan 03, 2010 at 10:00:32PM +0100, richard lucassen wrote:
> On Sun, 3 Jan 2010 14:28:11 -0600
> Kenneth Marshall  wrote:
> 
> [mlm]
> 
> > I will second that using a real MLM is usually a much, much better
> > option that will allow you to prevent collateral damage to your mail
> > reputation when there is a delivery problem. For example, when using
> > the aliases option, you should only allow the one address/user to send
> > mail to the alias or you open up an avenue for spammers to abuse your
> > system.
> 
> Ok, thanks guys, you have convinced me to use a mlm. I'll dive into that
> matter. I've only played with ezmlm some 10 years ago when I was using
> qmail, but I haven't looked at these mlm's ever since.
> 
> Which mlm would you recommend to use for this purpose? I use Debian
> Lenny with (of course) Postfix.
> 
> R.
> 

I will chime in with a recommendation for mailman. It is easy to
setup and run.

Ken

Re: 3000 recipients

2010-01-04 Thread Mihamina Rakotomandimby 
> richard lucassen  :
> This is for a blind person who handles the
> "mailinglist" himself, so solutions are rather limited.


Installing a MLM is quite easy although on a Windows Family box.

-- 
   Architecte Informatique chez Blueline/Gulfsat:
Administration Systeme, Recherche & Developpement
+261 34 29 155 34 / +261 33 11 207 36

Re: 3000 recipients

2010-01-04 Thread Gaby Vanhegan 

On 4 Jan 2010, at 13:43, Kenneth Marshall wrote:

> I will chime in with a recommendation for mailman. It is easy to
> setup and run.


I'd suggest mlmmj, it works like ezmlm but doesn't require a web interface like 
mailman and works great with Postfix.

Gaby.

--
Expounding the theory of infinite Abelian Badgers
http://playr.co.uk/

Re: forward problem: mail delivered twice

2010-01-04 Thread nik600 
On Mon, Jan 4, 2010 at 2:24 PM, Wietse Venema  wrote:
> nik600:
>> On Mon, Jan 4, 2010 at 12:52 PM, nik600  wrote:
>> > Dear all
>> >
>> > i've installed a postfix server with mysql support.
>> >
>> > i've also set-up a custom filter script shell that calls spamc and
>> > some other custom utils, this script cannot handle multiple
>> > recipients, so i've set
>> >
>> > filter_destination_recipient_limit = 1
>> >
>> > The problem that i've experienced is that when i've got an entry like
>> > this in the alias table:
>> >
>>
>> I've also tried to change master.cf like:
>>
>> smtp      inet  n       -       n       -       -       smtpd
>>         -o content_filter=filter:dummy
>>        -o receive_override_options=no_address_mappings
>> 9009      inet  n       -       n       -       -       smtpd
>>         -o content_filter=filter:dummy
>>        -o receive_override_options=no_address_mappings
>
> As documented in http://www.postfix.org/FILTER_README.html
> you must turn off address_mappings BEFORE or AFTER the
> filter NOT on both sides.
>
>        Wietse
>
the 9009 port is not the filter port, i use both 25 and 9009 because
some providers in italiy blocks the 25 port.

the complete master.cf is

smtp  inet  n   -   n   -   -   smtpd
-o content_filter=filter:dummy
   -o receive_override_options=no_address_mappings
9009  inet  n   -   n   -   -   smtpd
-o content_filter=filter:dummy
   -o receive_override_options=no_address_mappings
filterunix  -   n   n   -   20  pipe
flags=Rq user=filter
argv=/var/programmi/script/filtra_spamc_1.6 -f ${sender} --
${recipient} ${sasl_username}




-- 
/*/
nik600
http://www.kumbe.it

Re: 3000 recipients

2010-01-04 Thread Jerry 
On Mon, 4 Jan 2010 14:01:00 +
Gaby Vanhegan  replied:

>I'd suggest mlmmj, it works like ezmlm but doesn't require a web
>interface like mailman and works great with Postfix.

Personally, I have used DADA Mail in the past. It is written in Perl
and has a web interface for most common configuration settings.
Obviously, it can be configured manually. In fact, some settings are
not exposed in the web interface. Plus, it works fine with Postfix.




--  
Jerry
postfix.u...@yahoo.com

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Yeah, but you're taking the universe out of context.

Re: 3000 recipients

2010-01-04 Thread Gaby Vanhegan 

On 4 Jan 2010, at 14:53, Jerry wrote:

> Personally, I have used DADA Mail in the past. It is written in Perl
> and has a web interface for most common configuration settings.
> Obviously, it can be configured manually. In fact, some settings are
> not exposed in the web interface. Plus, it works fine with Postfix.
> 
>   


I have a preference for MLMs that manage themselves.  Having a web interface 
means that you usually need use some complicated trickery to put a working copy 
of perl/python/whatever inside the web chroot, I'm a big fan of keeping the two 
services apart.

MLMs that are email/self managed are slightly less user friendly but more 
secure for my purposes.

-- 
Uganda Maximum - Enemy of the English Thrust
http://www.playr.co.uk/

Re: Client did not present a certificate

2010-01-04 Thread Victor Duchovni 
On Mon, Jan 04, 2010 at 05:41:18PM +1300, Michael wrote:

> I have not been able to get any message other then "Client did not present a 
> certificate" in message headers despite loading a Commodo email certificate 
> in to Kmail.

What problem are you trying to solve? Does the Kmail client support
client-side SSL certificates? Most MUAs only use user-certs for S/MIME.
Very few MUAs implement client-side STARTTLS certificates.

> smtpd_starttls_timeout = 300s
> smtpd_tls_ask_ccert = yes
> smtpd_tls_auth_only = no
> smtpd_tls_key_file = $smtpd_tls_cert_file
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = may

Where is the setting of "smtpd_tls_cert_file"???

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: 3000 recipients

2010-01-04 Thread richard lucassen 
On Mon, 4 Jan 2010 14:01:00 +
Gaby Vanhegan  wrote:

> > I will chime in with a recommendation for mailman. It is easy to
> > setup and run.
> 
> 
> I'd suggest mlmmj, it works like ezmlm but doesn't require a web
> interface like mailman and works great with Postfix.

Thnx to everyone. I think mailman and mlmmj are good suggestions. I'll
examine all of these and I'll choose the one that fits best to this
rather particular purpose.

R.

-- 
___
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

+--+
| Richard Lucassen, Utrecht|
| Public key and email address:|
| http://www.lucassen.org/mail-pubkey.html |
+--+

header_checks problem

2010-01-04 Thread Christopher Adams 
Hello,

I previously posted this thread, but changed midstream and was given
guidance as to the proper way to post. So, I am starting again.

Summary: I would like to ban an address/domain from posting to my system. I
am using header_checks to do that. After creating a header_checks file and
modifying main.cf to indicate the use of a header_checks file, a message
sent to the server is passed through.

I am posting from testm...@library.state.or.us to
testm...@swiki.osl.state.or.us.

Here is the line from the header_checks file:

 /^From: testm...@library.state.or.us / REJECT

Log from maillog on swiki.osl.state.or.us:

Jan  4 11:36:13 swiki postfix/qmgr[19204]: EB79ADB4B6E: from=<
testm...@library.state.or.us>, size=791, nrcpt=1 (queue active)
Jan  4 11:36:13 swiki postfix/local[19921]: EB79ADB4B6E: to=<
testm...@swiki.osl.state.or.us>, relay=local, delay=0.01, delays=0/0.01/0/0,
dsn=2.0.0, status=sent (delivered to mailbox)

Header of mail received at testm...@library.state.or.us:

Return-Path: 
X-Original-To: testm...@swiki.osl.state.or.us
Delivered-To: testm...@swiki.osl.state.or.us
Received: from library.state.or.us (www.osl.state.or.us [159.121.122.8])
by listsmart.osl.state.or.us (Postfix) with ESMTP id EB79ADB4B6E
for ; Mon,
4 Jan 2010 11:36:13 -0800 (PST)
Received: by library.state.or.us (Postfix, from userid 552)
id 6993B233FC; Mon,  4 Jan 2010 11:39:52 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
by library.state.or.us (Postfix) with ESMTP id 68F7F32E64
for ; Mon,
4 Jan 2010 11:39:52 -0800 (PST)
Date: Mon, 4 Jan 2010 11:39:52 -0800 (PST)
From: testm...@library.state.or.us
To: testm...@swiki.osl.state.or.us
Subject: testing
Message-ID: 
MIME-Version: 1.0

Output of postconf -n :

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases,
hash:/usr/local/mailman/data/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_privs = nobody
default_verp_delimiters = +=
html_directory = no
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 2097152
mydestination = $myhostname, localhost.$mydomain, localhost.localdomain,
listsmart.$mydomain, swiki.$mydomain
myhostname = listsmart.osl.state.or.us
mynetworks = 159.121.122.0/24, 127.0.0.0/8
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.0.16/README_FILES
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix-2.0.16/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,reject_unauth_destination,   reject_rbl_client
bl.spamcop.net,   reject_rbl_client dnsbl.sorbs.net,   reject_rbl_client
cbl.abuseat.org,   reject_rbl_client ix.dnsbl.manitu.net,
reject_invalid_hostname,   reject_non_fqdn_hostname,
reject_non_fqdn_sender,   reject_non_fqdn_recipient,
reject_unknown_sender_domain,   reject_unknown_recipient_domain,   permit
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/sender_blacklist
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450


Can someone help with this? Thank you.

Re: header_checks problem

2010-01-04 Thread Ralf Hildebrandt 
* Christopher Adams :
> Hello,
> 
> I previously posted this thread, but changed midstream and was given
> guidance as to the proper way to post. So, I am starting again.
> 
> Summary: I would like to ban an address/domain from posting to my system. I
> am using header_checks to do that.

Why? Wouldn't check_sender_access be more appropriate?

>  /^From: testm...@library.state.or.us / REJECT
> 
> Log from maillog on swiki.osl.state.or.us:
> 
> Jan  4 11:36:13 swiki postfix/qmgr[19204]: EB79ADB4B6E: from=<
> testm...@library.state.or.us>, size=791, nrcpt=1 (queue active)

That's the envelope, not the header

> From: testm...@library.state.or.us
There's no " " behind "testm...@library.state.or.us"


> Output of postconf -n :
it lists no header_checks

> Can someone help with this? Thank you.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Postfix Admin Needed

2010-01-04 Thread Sniffty Dugen 
We are currently in need of a seasoned Postfix professional that can
manage a large Postfix, Procmail, Spamassassin, ClamAV, Linux
environment located in Central New Jersey.

Anyone interested please contact me off list.

Re: header_checks problem

2010-01-04 Thread Christopher Adams 
After previously posting a thread about header_checks, someone suggested
using check_sender_access, I tried it and posted a follow up and was
admonished for changing direction. I specifically asked how to proceed and
was told to go back to my original thread, which was header_checks.


Message header: I used the Full Header command in Pine

About the postconf -n, I had that line commented out from a previous test.
Here it is now:

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases,
hash:/usr/local/mailman/data/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_privs = nobody
default_verp_delimiters = +=
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 2097152
mydestination = $myhostname, localhost.$mydomain, localhost.localdomain,
listsmart.$mydomain, swiki.$mydomain
myhostname = listsmart.osl.state.or.us
mynetworks = 159.121.122.0/24, 127.0.0.0/8
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.0.16/README_FILES
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix-2.0.16/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,reject_unauth_destination,   reject_rbl_client
bl.spamcop.net,   reject_rbl_client dnsbl.sorbs.net,   reject_rbl_client
cbl.abuseat.org,   reject_rbl_client ix.dnsbl.manitu.net,
reject_invalid_hostname,   reject_non_fqdn_hostname,
reject_non_fqdn_sender,   reject_non_fqdn_recipient,
reject_unknown_sender_domain,   reject_unknown_recipient_domain,   permit
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/sender_blacklist
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450


I don't understand what you mean by this:

> From: testm...@library.state.or.us
There's no " " behind "testm...@library.state.or.us"


On Mon, Jan 4, 2010 at 12:00 PM, Ralf Hildebrandt <
ralf.hildebra...@charite.de> wrote:

> * Christopher Adams :
> > Hello,
> >
> > I previously posted this thread, but changed midstream and was given
> > guidance as to the proper way to post. So, I am starting again.
> >
> > Summary: I would like to ban an address/domain from posting to my system.
> I
> > am using header_checks to do that.
>
> Why? Wouldn't check_sender_access be more appropriate?
>
> >  /^From: testm...@library.state.or.us / REJECT
> >
> > Log from maillog on swiki.osl.state.or.us:
> >
> > Jan  4 11:36:13 swiki postfix/qmgr[19204]: EB79ADB4B6E: from=<
> > testm...@library.state.or.us>, size=791, nrcpt=1 (queue active)
>
> That's the envelope, not the header
>
> > From: testm...@library.state.or.us
> There's no " " behind "testm...@library.state.or.us"
>
>
> > Output of postconf -n :
> it lists no header_checks
>
> > Can someone help with this? Thank you.
>
> --
> Ralf Hildebrandt
>  Geschäftsbereich IT | Abteilung Netzwerk
>  Charité - Universitätsmedizin Berlin
>  Campus Benjamin Franklin
>  Hindenburgdamm 30 | D-12203 Berlin
>  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
>  ralf.hildebra...@charite.de | http://www.charite.de
>
>


-- 
Christopher Adams
adam...@gmail.com

Re: header_checks problem

2010-01-04 Thread Ralf Hildebrandt 
* Christopher Adams :
> After previously posting a thread about header_checks, someone suggested
> using check_sender_access, I tried it and posted a follow up and was
> admonished for changing direction. I specifically asked how to proceed and
> was told to go back to my original thread, which was header_checks.

OK, but you forgot to actually ADD header_Checks to your main.cf :)

> header_checks = regexp:/etc/postfix/header_checks

ah!

> I don't understand what you mean by this:
> 
> > From: testm...@library.state.or.us
> There's no " " behind "testm...@library.state.or.us"

I mean what I wrote. Look at your header_checks pattern. It has a " "
at the end. The header it's supposed to match does not. As a
consequence, it doesn't match.


> > >  /^From: testm...@library.state.or.us / REJECT
   ^space
Look at the space after testm...@library.state.or.us
Remove it.

A nice twist for analysis is this:

/^From:/ WARN
/^From: testm...@library.state.or.us/ REJECT

That way you can see how postfix percieves the headers.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: 3000 recipients

2010-01-04 Thread Gaby Vanhegan 

On 4 Jan 2010, at 19:23, richard lucassen wrote:

> Thnx to everyone. I think mailman and mlmmj are good suggestions. I'll
> examine all of these and I'll choose the one that fits best to this
> rather particular purpose.


Mailman is a python app, mlmmj is a native C app that works through a local 
postfix alias.

If you're interested, I have a nice script that sets up mlmmj instances very 
easily.

G.

--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/

Re: anti spam measures

2010-01-04 Thread mouss 
Steve a écrit :
>  Original-Nachricht 
>> Datum: Sun, 03 Jan 2010 23:37:18 +0100
>> Von: mouss 
>> An: postfix users list 
>> Betreff: Re: anti spam measures
> 
>> Roman Gelfand a écrit :
>>> I am running postfix with anti spam filter (policyd-weight, sqlgrey,
>>> grossd, dkim, senderid-milter, dspam) .  With this configuration, I am
>>> down to under 10 spams a day.  Looking at my backend server which is
>>> exchange 2007, I find that all of the remaining spam messages have
>>> spam confidence level of 7 or greater, which implies this is blatant
>>> spam.  Is there spam filter software software that works with postfix
>>> that can perform checks similar to that of exchange 2007 spam
>>> confidence level?
>>>
>> we can't really tell since we didn't see the messages that made it
>> through postfix+friends.
>>
>> if the messages contained a URI listed at uribl or surbl, then you could
>> try using uribl/surbl via milter-link or via spamassassin (via
>> amavisd-new).
>>
>> anyway, You can add spamassassin (via amavisd-new) to your chain and see
>>  if it improves your filtering.
>>
> I am for sure one of the people that should keep his mouth shut since I have 
> a to strong bias but SpamAssassin? Why? He is using DSPAM and if I would 
> purpose him another free solution then only something like CMR114 or OSBF-Lua.
> 

because I don't believe he will improve his filtering by adding more
statistical filters (I think: if this was true, he can improve by better
training/tuning of dspam). In contrsat, adding a finely tuned heuristic
filter will certainly improve his results.

one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block fraud
mail that you can't block statistically (because you don't get enough of
it to train a statistical filter). unless if you are a large ISP/MSP
with users who report fraud mail quickly and you train your filter with
these reports quickly.

other examples include: URIBL rules (granted, you can use milter-link),
DNSxL rules applied to Received headers (mail that is "touched" by a
host in Spamhaus SBL is unwanted!)...

Once again, I said "add spamassassin" not replace dspam. This is because
OP wanted to block "more". but adding SA in a way that improves his
results is not effort free. which is why I said:

> 
>> at one time, the question becomes: is the additional effort worth the
>> pain?
>>
> Good question.

I personally am from the school of access control before content
filtering. so I don't feel comfortable arguing for SA vs dspam vs
foofilter.

Re: forward problem: mail delivered twice

2010-01-04 Thread mouss 
nik600 a écrit :
> On Mon, Jan 4, 2010 at 12:52 PM, nik600  wrote:
>> Dear all
>>
>> i've installed a postfix server with mysql support.
>>
>> i've also set-up a custom filter script shell that calls spamc and
>> some other custom utils, this script cannot handle multiple
>> recipients, so i've set
>>
>> filter_destination_recipient_limit = 1
>>
>> The problem that i've experienced is that when i've got an entry like
>> this in the alias table:
>>
> 
> I've also tried to change master.cf like:
> 
> smtp  inet  n   -   n   -   -   smtpd
> -o content_filter=filter:dummy
>-o receive_override_options=no_address_mappings
> 9009  inet  n   -   n   -   -   smtpd
> -o content_filter=filter:dummy
>-o receive_override_options=no_address_mappings
> 
> This fix the problem for the forward, but stops to apply custom spam
> settings, infact in that case the filter is called only for
> forwar...@foo.com and obviosly it doesn't load any custom spam option
> of
> 
> i...@foo.com
> f...@yahoo.it
> f...@libero.it
> 
> Is it possible to avoid that?
> 

if you want your filter to see rewritten addresses, remove the
no_address_mappins option from before-the-filter smtpd listeners and put
it in the after-the-filter smtpd listener(s).

Re: anti spam measures

2010-01-04 Thread Steve 

 Original-Nachricht 
> Datum: Mon, 04 Jan 2010 23:20:04 +0100
> Von: mouss 
> An: postfix-users@postfix.org
> Betreff: Re: anti spam measures

> Steve a écrit :
> >  Original-Nachricht 
> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100
> >> Von: mouss 
> >> An: postfix users list 
> >> Betreff: Re: anti spam measures
> > 
> >> Roman Gelfand a écrit :
> >>> I am running postfix with anti spam filter (policyd-weight, sqlgrey,
> >>> grossd, dkim, senderid-milter, dspam) .  With this configuration, I am
> >>> down to under 10 spams a day.  Looking at my backend server which is
> >>> exchange 2007, I find that all of the remaining spam messages have
> >>> spam confidence level of 7 or greater, which implies this is blatant
> >>> spam.  Is there spam filter software software that works with postfix
> >>> that can perform checks similar to that of exchange 2007 spam
> >>> confidence level?
> >>>
> >> we can't really tell since we didn't see the messages that made it
> >> through postfix+friends.
> >>
> >> if the messages contained a URI listed at uribl or surbl, then you
> could
> >> try using uribl/surbl via milter-link or via spamassassin (via
> >> amavisd-new).
> >>
> >> anyway, You can add spamassassin (via amavisd-new) to your chain and
> see
> >>  if it improves your filtering.
> >>
> > I am for sure one of the people that should keep his mouth shut since I
> have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I
> would purpose him another free solution then only something like CMR114 or
> OSBF-Lua.
> > 
> 
> because I don't believe he will improve his filtering by adding more
> statistical filters (I think: if this was true, he can improve by better
> training/tuning of dspam).
>
Correct.


> In contrsat, adding a finely tuned heuristic
> filter will certainly improve his results.
> 
True.


> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block fraud
> mail that you can't block statistically (because you don't get enough of
> it to train a statistical filter). unless if you are a large ISP/MSP
> with users who report fraud mail quickly and you train your filter with
> these reports quickly.
> 
Or you use other ways to filter them out (not statistically).


> other examples include: URIBL rules (granted, you can use milter-link),
> DNSxL rules applied to Received headers (mail that is "touched" by a
> host in Spamhaus SBL is unwanted!)...
> 
> Once again, I said "add spamassassin" not replace dspam. This is because
> OP wanted to block "more". but adding SA in a way that improves his
> results is not effort free. which is why I said:
> 
Right.


> > 
> >> at one time, the question becomes: is the additional effort worth the
> >> pain?
> >>
> > Good question.
> 
> I personally am from the school of access control before content
> filtering.
>
Me too :)


> so I don't feel comfortable arguing for SA vs dspam vs
> foofilter.
>
As I wrote before: I am to biased in that topic so I am not going to argue 
either.
-- 
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01

Re: anti spam measures

2010-01-04 Thread Roman Gelfand 
Well, it looks like, perhaps, I found the missing link.  After adding
s25r rules and HELO response verification in main.cf, no spam has
siped through.

I think that mostly it was HELO response verification that did it.
BTW, is there a reason not block emails with incorrect HELO response?

Thanks

On Mon, Jan 4, 2010 at 5:30 PM, Steve  wrote:
>
>  Original-Nachricht 
>> Datum: Mon, 04 Jan 2010 23:20:04 +0100
>> Von: mouss 
>> An: postfix-users@postfix.org
>> Betreff: Re: anti spam measures
>
>> Steve a écrit :
>> >  Original-Nachricht 
>> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100
>> >> Von: mouss 
>> >> An: postfix users list 
>> >> Betreff: Re: anti spam measures
>> >
>> >> Roman Gelfand a écrit :
>> >>> I am running postfix with anti spam filter (policyd-weight, sqlgrey,
>> >>> grossd, dkim, senderid-milter, dspam) .  With this configuration, I am
>> >>> down to under 10 spams a day.  Looking at my backend server which is
>> >>> exchange 2007, I find that all of the remaining spam messages have
>> >>> spam confidence level of 7 or greater, which implies this is blatant
>> >>> spam.  Is there spam filter software software that works with postfix
>> >>> that can perform checks similar to that of exchange 2007 spam
>> >>> confidence level?
>> >>>
>> >> we can't really tell since we didn't see the messages that made it
>> >> through postfix+friends.
>> >>
>> >> if the messages contained a URI listed at uribl or surbl, then you
>> could
>> >> try using uribl/surbl via milter-link or via spamassassin (via
>> >> amavisd-new).
>> >>
>> >> anyway, You can add spamassassin (via amavisd-new) to your chain and
>> see
>> >>  if it improves your filtering.
>> >>
>> > I am for sure one of the people that should keep his mouth shut since I
>> have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I
>> would purpose him another free solution then only something like CMR114 or
>> OSBF-Lua.
>> >
>>
>> because I don't believe he will improve his filtering by adding more
>> statistical filters (I think: if this was true, he can improve by better
>> training/tuning of dspam).
>>
> Correct.
>
>
>> In contrsat, adding a finely tuned heuristic
>> filter will certainly improve his results.
>>
> True.
>
>
>> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block fraud
>> mail that you can't block statistically (because you don't get enough of
>> it to train a statistical filter). unless if you are a large ISP/MSP
>> with users who report fraud mail quickly and you train your filter with
>> these reports quickly.
>>
> Or you use other ways to filter them out (not statistically).
>
>
>> other examples include: URIBL rules (granted, you can use milter-link),
>> DNSxL rules applied to Received headers (mail that is "touched" by a
>> host in Spamhaus SBL is unwanted!)...
>>
>> Once again, I said "add spamassassin" not replace dspam. This is because
>> OP wanted to block "more". but adding SA in a way that improves his
>> results is not effort free. which is why I said:
>>
> Right.
>
>
>> >
>> >> at one time, the question becomes: is the additional effort worth the
>> >> pain?
>> >>
>> > Good question.
>>
>> I personally am from the school of access control before content
>> filtering.
>>
> Me too :)
>
>
>> so I don't feel comfortable arguing for SA vs dspam vs
>> foofilter.
>>
> As I wrote before: I am to biased in that topic so I am not going to argue 
> either.
> --
> GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
> Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
>

Re: anti spam measures

2010-01-04 Thread Steve 

 Original-Nachricht 
> Datum: Mon, 4 Jan 2010 17:40:29 -0500
> Von: Roman Gelfand 
> An: Steve 
> CC: postfix-users@postfix.org
> Betreff: Re: anti spam measures

> Well, it looks like, perhaps, I found the missing link.  After adding
> s25r rules and HELO response verification in main.cf, no spam has
> siped through.
> 
> I think that mostly it was HELO response verification that did it.
> BTW, is there a reason not block emails with incorrect HELO response?
> 
Yes! Probably half of the sending MTA's out there have issues with setting 
proper HELO/EHLO. I would not block them per default but use your already 
installed policyd-weight and add a higher score to wrong HELO/EHLO (but the 
default in policyd-weight should be already okay).


> Thanks
> 
Steve


> On Mon, Jan 4, 2010 at 5:30 PM, Steve  wrote:
> >
> >  Original-Nachricht 
> >> Datum: Mon, 04 Jan 2010 23:20:04 +0100
> >> Von: mouss 
> >> An: postfix-users@postfix.org
> >> Betreff: Re: anti spam measures
> >
> >> Steve a écrit :
> >> >  Original-Nachricht 
> >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100
> >> >> Von: mouss 
> >> >> An: postfix users list 
> >> >> Betreff: Re: anti spam measures
> >> >
> >> >> Roman Gelfand a écrit :
> >> >>> I am running postfix with anti spam filter (policyd-weight,
> sqlgrey,
> >> >>> grossd, dkim, senderid-milter, dspam) .  With this configuration,
> I am
> >> >>> down to under 10 spams a day.  Looking at my backend server which
> is
> >> >>> exchange 2007, I find that all of the remaining spam messages have
> >> >>> spam confidence level of 7 or greater, which implies this is
> blatant
> >> >>> spam.  Is there spam filter software software that works with
> postfix
> >> >>> that can perform checks similar to that of exchange 2007 spam
> >> >>> confidence level?
> >> >>>
> >> >> we can't really tell since we didn't see the messages that made it
> >> >> through postfix+friends.
> >> >>
> >> >> if the messages contained a URI listed at uribl or surbl, then you
> >> could
> >> >> try using uribl/surbl via milter-link or via spamassassin (via
> >> >> amavisd-new).
> >> >>
> >> >> anyway, You can add spamassassin (via amavisd-new) to your chain and
> >> see
> >> >>  if it improves your filtering.
> >> >>
> >> > I am for sure one of the people that should keep his mouth shut since
> I
> >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I
> >> would purpose him another free solution then only something like CMR114
> or
> >> OSBF-Lua.
> >> >
> >>
> >> because I don't believe he will improve his filtering by adding more
> >> statistical filters (I think: if this was true, he can improve by
> better
> >> training/tuning of dspam).
> >>
> > Correct.
> >
> >
> >> In contrsat, adding a finely tuned heuristic
> >> filter will certainly improve his results.
> >>
> > True.
> >
> >
> >> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block
> fraud
> >> mail that you can't block statistically (because you don't get enough
> of
> >> it to train a statistical filter). unless if you are a large ISP/MSP
> >> with users who report fraud mail quickly and you train your filter with
> >> these reports quickly.
> >>
> > Or you use other ways to filter them out (not statistically).
> >
> >
> >> other examples include: URIBL rules (granted, you can use milter-link),
> >> DNSxL rules applied to Received headers (mail that is "touched" by a
> >> host in Spamhaus SBL is unwanted!)...
> >>
> >> Once again, I said "add spamassassin" not replace dspam. This is
> because
> >> OP wanted to block "more". but adding SA in a way that improves his
> >> results is not effort free. which is why I said:
> >>
> > Right.
> >
> >
> >> >
> >> >> at one time, the question becomes: is the additional effort worth
> the
> >> >> pain?
> >> >>
> >> > Good question.
> >>
> >> I personally am from the school of access control before content
> >> filtering.
> >>
> > Me too :)
> >
> >
> >> so I don't feel comfortable arguing for SA vs dspam vs
> >> foofilter.
> >>
> > As I wrote before: I am to biased in that topic so I am not going to
> argue either.
> > --
> > GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
> > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
> >

-- 
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01

Re: anti spam measures

2010-01-04 Thread Kenneth Marshall 
On Mon, Jan 04, 2010 at 05:40:29PM -0500, Roman Gelfand wrote:
> Well, it looks like, perhaps, I found the missing link.  After adding
> s25r rules and HELO response verification in main.cf, no spam has
> siped through.
> 
> I think that mostly it was HELO response verification that did it.
> BTW, is there a reason not block emails with incorrect HELO response?
> 
> Thanks
> 
None really, unless you need to accept mail from misconfigured
servers. (We do.)

Cheers,
Ken

> On Mon, Jan 4, 2010 at 5:30 PM, Steve  wrote:
> >
> >  Original-Nachricht 
> >> Datum: Mon, 04 Jan 2010 23:20:04 +0100
> >> Von: mouss 
> >> An: postfix-users@postfix.org
> >> Betreff: Re: anti spam measures
> >
> >> Steve a ?crit :
> >> >  Original-Nachricht 
> >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100
> >> >> Von: mouss 
> >> >> An: postfix users list 
> >> >> Betreff: Re: anti spam measures
> >> >
> >> >> Roman Gelfand a ?crit :
> >> >>> I am running postfix with anti spam filter (policyd-weight, sqlgrey,
> >> >>> grossd, dkim, senderid-milter, dspam) . ?With this configuration, I am
> >> >>> down to under 10 spams a day. ?Looking at my backend server which is
> >> >>> exchange 2007, I find that all of the remaining spam messages have
> >> >>> spam confidence level of 7 or greater, which implies this is blatant
> >> >>> spam. ?Is there spam filter software software that works with postfix
> >> >>> that can perform checks similar to that of exchange 2007 spam
> >> >>> confidence level?
> >> >>>
> >> >> we can't really tell since we didn't see the messages that made it
> >> >> through postfix+friends.
> >> >>
> >> >> if the messages contained a URI listed at uribl or surbl, then you
> >> could
> >> >> try using uribl/surbl via milter-link or via spamassassin (via
> >> >> amavisd-new).
> >> >>
> >> >> anyway, You can add spamassassin (via amavisd-new) to your chain and
> >> see
> >> >> ?if it improves your filtering.
> >> >>
> >> > I am for sure one of the people that should keep his mouth shut since I
> >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I
> >> would purpose him another free solution then only something like CMR114 or
> >> OSBF-Lua.
> >> >
> >>
> >> because I don't believe he will improve his filtering by adding more
> >> statistical filters (I think: if this was true, he can improve by better
> >> training/tuning of dspam).
> >>
> > Correct.
> >
> >
> >> In contrsat, adding a finely tuned heuristic
> >> filter will certainly improve his results.
> >>
> > True.
> >
> >
> >> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block fraud
> >> mail that you can't block statistically (because you don't get enough of
> >> it to train a statistical filter). unless if you are a large ISP/MSP
> >> with users who report fraud mail quickly and you train your filter with
> >> these reports quickly.
> >>
> > Or you use other ways to filter them out (not statistically).
> >
> >
> >> other examples include: URIBL rules (granted, you can use milter-link),
> >> DNSxL rules applied to Received headers (mail that is "touched" by a
> >> host in Spamhaus SBL is unwanted!)...
> >>
> >> Once again, I said "add spamassassin" not replace dspam. This is because
> >> OP wanted to block "more". but adding SA in a way that improves his
> >> results is not effort free. which is why I said:
> >>
> > Right.
> >
> >
> >> >
> >> >> at one time, the question becomes: is the additional effort worth the
> >> >> pain?
> >> >>
> >> > Good question.
> >>
> >> I personally am from the school of access control before content
> >> filtering.
> >>
> > Me too :)
> >
> >
> >> so I don't feel comfortable arguing for SA vs dspam vs
> >> foofilter.
> >>
> > As I wrote before: I am to biased in that topic so I am not going to argue 
> > either.
> > --
> > GRATIS f?r alle GMX-Mitglieder: Die maxdome Movie-FLAT!
> > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
> >
>

Re: anti spam measures

2010-01-04 Thread Steve 

 Original-Nachricht 
> Datum: Mon, 4 Jan 2010 16:45:21 -0600
> Von: Kenneth Marshall 
> An: Roman Gelfand 
> CC: Steve , postfix-users@postfix.org
> Betreff: Re: anti spam measures

> On Mon, Jan 04, 2010 at 05:40:29PM -0500, Roman Gelfand wrote:
> > Well, it looks like, perhaps, I found the missing link.  After adding
> > s25r rules and HELO response verification in main.cf, no spam has
> > siped through.
> > 
> > I think that mostly it was HELO response verification that did it.
> > BTW, is there a reason not block emails with incorrect HELO response?
> > 
> > Thanks
> > 
> None really, unless you need to accept mail from misconfigured
> servers. (We do.)
> 
Most of do (I would guess).


> Cheers,
> Ken
> 
Steve

> > On Mon, Jan 4, 2010 at 5:30 PM, Steve  wrote:
> > >
> > >  Original-Nachricht 
> > >> Datum: Mon, 04 Jan 2010 23:20:04 +0100
> > >> Von: mouss 
> > >> An: postfix-users@postfix.org
> > >> Betreff: Re: anti spam measures
> > >
> > >> Steve a ?crit :
> > >> >  Original-Nachricht 
> > >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100
> > >> >> Von: mouss 
> > >> >> An: postfix users list 
> > >> >> Betreff: Re: anti spam measures
> > >> >
> > >> >> Roman Gelfand a ?crit :
> > >> >>> I am running postfix with anti spam filter (policyd-weight,
> sqlgrey,
> > >> >>> grossd, dkim, senderid-milter, dspam) . ?With this configuration,
> I am
> > >> >>> down to under 10 spams a day. ?Looking at my backend server which
> is
> > >> >>> exchange 2007, I find that all of the remaining spam messages
> have
> > >> >>> spam confidence level of 7 or greater, which implies this is
> blatant
> > >> >>> spam. ?Is there spam filter software software that works with
> postfix
> > >> >>> that can perform checks similar to that of exchange 2007 spam
> > >> >>> confidence level?
> > >> >>>
> > >> >> we can't really tell since we didn't see the messages that made it
> > >> >> through postfix+friends.
> > >> >>
> > >> >> if the messages contained a URI listed at uribl or surbl, then you
> > >> could
> > >> >> try using uribl/surbl via milter-link or via spamassassin (via
> > >> >> amavisd-new).
> > >> >>
> > >> >> anyway, You can add spamassassin (via amavisd-new) to your chain
> and
> > >> see
> > >> >> ?if it improves your filtering.
> > >> >>
> > >> > I am for sure one of the people that should keep his mouth shut
> since I
> > >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and if
> I
> > >> would purpose him another free solution then only something like
> CMR114 or
> > >> OSBF-Lua.
> > >> >
> > >>
> > >> because I don't believe he will improve his filtering by adding more
> > >> statistical filters (I think: if this was true, he can improve by
> better
> > >> training/tuning of dspam).
> > >>
> > > Correct.
> > >
> > >
> > >> In contrsat, adding a finely tuned heuristic
> > >> filter will certainly improve his results.
> > >>
> > > True.
> > >
> > >
> > >> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block
> fraud
> > >> mail that you can't block statistically (because you don't get enough
> of
> > >> it to train a statistical filter). unless if you are a large ISP/MSP
> > >> with users who report fraud mail quickly and you train your filter
> with
> > >> these reports quickly.
> > >>
> > > Or you use other ways to filter them out (not statistically).
> > >
> > >
> > >> other examples include: URIBL rules (granted, you can use
> milter-link),
> > >> DNSxL rules applied to Received headers (mail that is "touched" by a
> > >> host in Spamhaus SBL is unwanted!)...
> > >>
> > >> Once again, I said "add spamassassin" not replace dspam. This is
> because
> > >> OP wanted to block "more". but adding SA in a way that improves his
> > >> results is not effort free. which is why I said:
> > >>
> > > Right.
> > >
> > >
> > >> >
> > >> >> at one time, the question becomes: is the additional effort worth
> the
> > >> >> pain?
> > >> >>
> > >> > Good question.
> > >>
> > >> I personally am from the school of access control before content
> > >> filtering.
> > >>
> > > Me too :)
> > >
> > >
> > >> so I don't feel comfortable arguing for SA vs dspam vs
> > >> foofilter.
> > >>
> > > As I wrote before: I am to biased in that topic so I am not going to
> argue either.
> > > --
> > > GRATIS f?r alle GMX-Mitglieder: Die maxdome Movie-FLAT!
> > > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
> > >
> > 

-- 
Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 -
sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser

Re: anti spam measures

2010-01-04 Thread Steve 

 Original-Nachricht 
> Datum: Mon, 04 Jan 2010 23:47:11 +0100
> Von: "Steve" 
> An: postfix-users@postfix.org
> Betreff: Re: anti spam measures

> 
>  Original-Nachricht 
> > Datum: Mon, 4 Jan 2010 16:45:21 -0600
> > Von: Kenneth Marshall 
> > An: Roman Gelfand 
> > CC: Steve , postfix-users@postfix.org
> > Betreff: Re: anti spam measures
> 
> > On Mon, Jan 04, 2010 at 05:40:29PM -0500, Roman Gelfand wrote:
> > > Well, it looks like, perhaps, I found the missing link.  After adding
> > > s25r rules and HELO response verification in main.cf, no spam has
> > > siped through.
> > > 
> > > I think that mostly it was HELO response verification that did it.
> > > BTW, is there a reason not block emails with incorrect HELO response?
> > > 
> > > Thanks
> > > 
> > None really, unless you need to accept mail from misconfigured
> > servers. (We do.)
> > 
> Most of do (I would guess).
> 
Stupid me. To fast typing:
Most of us do (I would guess).


> 
> > Cheers,
> > Ken
> > 
> Steve
> 
> > > On Mon, Jan 4, 2010 at 5:30 PM, Steve  wrote:
> > > >
> > > >  Original-Nachricht 
> > > >> Datum: Mon, 04 Jan 2010 23:20:04 +0100
> > > >> Von: mouss 
> > > >> An: postfix-users@postfix.org
> > > >> Betreff: Re: anti spam measures
> > > >
> > > >> Steve a ?crit :
> > > >> >  Original-Nachricht 
> > > >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100
> > > >> >> Von: mouss 
> > > >> >> An: postfix users list 
> > > >> >> Betreff: Re: anti spam measures
> > > >> >
> > > >> >> Roman Gelfand a ?crit :
> > > >> >>> I am running postfix with anti spam filter (policyd-weight,
> > sqlgrey,
> > > >> >>> grossd, dkim, senderid-milter, dspam) . ?With this
> configuration,
> > I am
> > > >> >>> down to under 10 spams a day. ?Looking at my backend server
> which
> > is
> > > >> >>> exchange 2007, I find that all of the remaining spam messages
> > have
> > > >> >>> spam confidence level of 7 or greater, which implies this is
> > blatant
> > > >> >>> spam. ?Is there spam filter software software that works with
> > postfix
> > > >> >>> that can perform checks similar to that of exchange 2007 spam
> > > >> >>> confidence level?
> > > >> >>>
> > > >> >> we can't really tell since we didn't see the messages that made
> it
> > > >> >> through postfix+friends.
> > > >> >>
> > > >> >> if the messages contained a URI listed at uribl or surbl, then
> you
> > > >> could
> > > >> >> try using uribl/surbl via milter-link or via spamassassin (via
> > > >> >> amavisd-new).
> > > >> >>
> > > >> >> anyway, You can add spamassassin (via amavisd-new) to your chain
> > and
> > > >> see
> > > >> >> ?if it improves your filtering.
> > > >> >>
> > > >> > I am for sure one of the people that should keep his mouth shut
> > since I
> > > >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and
> if
> > I
> > > >> would purpose him another free solution then only something like
> > CMR114 or
> > > >> OSBF-Lua.
> > > >> >
> > > >>
> > > >> because I don't believe he will improve his filtering by adding
> more
> > > >> statistical filters (I think: if this was true, he can improve by
> > better
> > > >> training/tuning of dspam).
> > > >>
> > > > Correct.
> > > >
> > > >
> > > >> In contrsat, adding a finely tuned heuristic
> > > >> filter will certainly improve his results.
> > > >>
> > > > True.
> > > >
> > > >
> > > >> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block
> > fraud
> > > >> mail that you can't block statistically (because you don't get
> enough
> > of
> > > >> it to train a statistical filter). unless if you are a large
> ISP/MSP
> > > >> with users who report fraud mail quickly and you train your filter
> > with
> > > >> these reports quickly.
> > > >>
> > > > Or you use other ways to filter them out (not statistically).
> > > >
> > > >
> > > >> other examples include: URIBL rules (granted, you can use
> > milter-link),
> > > >> DNSxL rules applied to Received headers (mail that is "touched" by
> a
> > > >> host in Spamhaus SBL is unwanted!)...
> > > >>
> > > >> Once again, I said "add spamassassin" not replace dspam. This is
> > because
> > > >> OP wanted to block "more". but adding SA in a way that improves his
> > > >> results is not effort free. which is why I said:
> > > >>
> > > > Right.
> > > >
> > > >
> > > >> >
> > > >> >> at one time, the question becomes: is the additional effort
> worth
> > the
> > > >> >> pain?
> > > >> >>
> > > >> > Good question.
> > > >>
> > > >> I personally am from the school of access control before content
> > > >> filtering.
> > > >>
> > > > Me too :)
> > > >
> > > >
> > > >> so I don't feel comfortable arguing for SA vs dspam vs
> > > >> foofilter.
> > > >>
> > > > As I wrote before: I am to biased in that topic so I am not going to
> > argue either.
> > > > --
> > > > GRATIS f?r alle GMX-Mitglieder: Die maxdome Movie-FLAT!
> > > > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
> > > >
> > > 
> 
> -- 
> Jetzt ko

Re: anti spam measures

2010-01-04 Thread Roman Gelfand 
On Mon, Jan 4, 2010 at 5:44 PM, Steve  wrote:
>
>  Original-Nachricht 
>> Datum: Mon, 4 Jan 2010 17:40:29 -0500
>> Von: Roman Gelfand 
>> An: Steve 
>> CC: postfix-users@postfix.org
>> Betreff: Re: anti spam measures
>
>> Well, it looks like, perhaps, I found the missing link.  After adding
>> s25r rules and HELO response verification in main.cf, no spam has
>> siped through.
>>
>> I think that mostly it was HELO response verification that did it.
>> BTW, is there a reason not block emails with incorrect HELO response?
>>
> Yes! Probably half of the sending MTA's out there have issues with setting 
> proper HELO/EHLO. I would not block them per default but use your already 
> installed policyd-weight and add a higher score to wrong HELO/EHLO (but the 
> default in policyd-weight should be already okay).

I am a bit surprised at your response.  I would have expected you to
say, a MTA which ignores basic basic configuration rules doesn't
deserve that it's mail should be accepted.  In fact, this is the way I
feel about this.

>
>
>> Thanks
>>
> Steve
>
>
>> On Mon, Jan 4, 2010 at 5:30 PM, Steve  wrote:
>> >
>> >  Original-Nachricht 
>> >> Datum: Mon, 04 Jan 2010 23:20:04 +0100
>> >> Von: mouss 
>> >> An: postfix-users@postfix.org
>> >> Betreff: Re: anti spam measures
>> >
>> >> Steve a écrit :
>> >> >  Original-Nachricht 
>> >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100
>> >> >> Von: mouss 
>> >> >> An: postfix users list 
>> >> >> Betreff: Re: anti spam measures
>> >> >
>> >> >> Roman Gelfand a écrit :
>> >> >>> I am running postfix with anti spam filter (policyd-weight,
>> sqlgrey,
>> >> >>> grossd, dkim, senderid-milter, dspam) .  With this configuration,
>> I am
>> >> >>> down to under 10 spams a day.  Looking at my backend server which
>> is
>> >> >>> exchange 2007, I find that all of the remaining spam messages have
>> >> >>> spam confidence level of 7 or greater, which implies this is
>> blatant
>> >> >>> spam.  Is there spam filter software software that works with
>> postfix
>> >> >>> that can perform checks similar to that of exchange 2007 spam
>> >> >>> confidence level?
>> >> >>>
>> >> >> we can't really tell since we didn't see the messages that made it
>> >> >> through postfix+friends.
>> >> >>
>> >> >> if the messages contained a URI listed at uribl or surbl, then you
>> >> could
>> >> >> try using uribl/surbl via milter-link or via spamassassin (via
>> >> >> amavisd-new).
>> >> >>
>> >> >> anyway, You can add spamassassin (via amavisd-new) to your chain and
>> >> see
>> >> >>  if it improves your filtering.
>> >> >>
>> >> > I am for sure one of the people that should keep his mouth shut since
>> I
>> >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I
>> >> would purpose him another free solution then only something like CMR114
>> or
>> >> OSBF-Lua.
>> >> >
>> >>
>> >> because I don't believe he will improve his filtering by adding more
>> >> statistical filters (I think: if this was true, he can improve by
>> better
>> >> training/tuning of dspam).
>> >>
>> > Correct.
>> >
>> >
>> >> In contrsat, adding a finely tuned heuristic
>> >> filter will certainly improve his results.
>> >>
>> > True.
>> >
>> >
>> >> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block
>> fraud
>> >> mail that you can't block statistically (because you don't get enough
>> of
>> >> it to train a statistical filter). unless if you are a large ISP/MSP
>> >> with users who report fraud mail quickly and you train your filter with
>> >> these reports quickly.
>> >>
>> > Or you use other ways to filter them out (not statistically).
>> >
>> >
>> >> other examples include: URIBL rules (granted, you can use milter-link),
>> >> DNSxL rules applied to Received headers (mail that is "touched" by a
>> >> host in Spamhaus SBL is unwanted!)...
>> >>
>> >> Once again, I said "add spamassassin" not replace dspam. This is
>> because
>> >> OP wanted to block "more". but adding SA in a way that improves his
>> >> results is not effort free. which is why I said:
>> >>
>> > Right.
>> >
>> >
>> >> >
>> >> >> at one time, the question becomes: is the additional effort worth
>> the
>> >> >> pain?
>> >> >>
>> >> > Good question.
>> >>
>> >> I personally am from the school of access control before content
>> >> filtering.
>> >>
>> > Me too :)
>> >
>> >
>> >> so I don't feel comfortable arguing for SA vs dspam vs
>> >> foofilter.
>> >>
>> > As I wrote before: I am to biased in that topic so I am not going to
>> argue either.
>> > --
>> > GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
>> > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
>> >
>
> --
> GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
> Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
>

Re: anti spam measures

2010-01-04 Thread Steve 

 Original-Nachricht 
> Datum: Mon, 4 Jan 2010 18:08:39 -0500
> Von: Roman Gelfand 
> An: Steve 
> CC: postfix-users@postfix.org
> Betreff: Re: anti spam measures

> On Mon, Jan 4, 2010 at 5:44 PM, Steve  wrote:
> >
> >  Original-Nachricht 
> >> Datum: Mon, 4 Jan 2010 17:40:29 -0500
> >> Von: Roman Gelfand 
> >> An: Steve 
> >> CC: postfix-users@postfix.org
> >> Betreff: Re: anti spam measures
> >
> >> Well, it looks like, perhaps, I found the missing link.  After adding
> >> s25r rules and HELO response verification in main.cf, no spam has
> >> siped through.
> >>
> >> I think that mostly it was HELO response verification that did it.
> >> BTW, is there a reason not block emails with incorrect HELO response?
> >>
> > Yes! Probably half of the sending MTA's out there have issues with
> setting proper HELO/EHLO. I would not block them per default but use your
> already installed policyd-weight and add a higher score to wrong HELO/EHLO 
> (but
> the default in policyd-weight should be already okay).
> 
> I am a bit surprised at your response.  I would have expected you to
> say, a MTA which ignores basic basic configuration rules doesn't
> deserve that it's mail should be accepted.  In fact, this is the way I
> feel about this.
> 
Roman. I do messaging since ages (I did messaging on the mainframe where 
sending electronic mail was still a miracle) and my personal opinion does not 
count. The reality out there is not so black/withe as you might think. There 
are a gazillion of MTAs that are wrong configured and use wrong HELO/EHLO. If 
you have the luxury that you can drop/reject those one that have wrong 
HELO/EHLO then do it. I can't. At least not without a negative impact for my 
customers.

It's +/- like saying any page on the web that does not pass the W3C HTML/XHTML 
validation does not deserve to be displayed. You can imagine that a lot of them 
will fail. And so it is with SMTP. Some mail operators out there are forced to 
use MTAs that are broken and they are not in the position to 
update/upgrade/change the software (for whatever reason) and you would punish 
them just for one single (small) issue like wrong HELO/EHLO? I find this pretty 
hard. (okay, okay. I am *jealous* that you have that luxury).

As I said before: Use a weighted calculation if you can and give a score to 
wrong HELO/EHLO but don't just drop/reject mails from wrong configured MTAs.

The only drop/reject that I do regarding HELO/EHLO is if the remote client is 
claiming to be my server or my IP. Then I reject but other then that I give 
them a score for wrong HELO/EHLO and that's it.


> >
> >
> >> Thanks
> >>
> > Steve
> >
> >
> >> On Mon, Jan 4, 2010 at 5:30 PM, Steve  wrote:
> >> >
> >> >  Original-Nachricht 
> >> >> Datum: Mon, 04 Jan 2010 23:20:04 +0100
> >> >> Von: mouss 
> >> >> An: postfix-users@postfix.org
> >> >> Betreff: Re: anti spam measures
> >> >
> >> >> Steve a écrit :
> >> >> >  Original-Nachricht 
> >> >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100
> >> >> >> Von: mouss 
> >> >> >> An: postfix users list 
> >> >> >> Betreff: Re: anti spam measures
> >> >> >
> >> >> >> Roman Gelfand a écrit :
> >> >> >>> I am running postfix with anti spam filter (policyd-weight,
> >> sqlgrey,
> >> >> >>> grossd, dkim, senderid-milter, dspam) .  With this
> configuration,
> >> I am
> >> >> >>> down to under 10 spams a day.  Looking at my backend server
> which
> >> is
> >> >> >>> exchange 2007, I find that all of the remaining spam messages
> have
> >> >> >>> spam confidence level of 7 or greater, which implies this is
> >> blatant
> >> >> >>> spam.  Is there spam filter software software that works with
> >> postfix
> >> >> >>> that can perform checks similar to that of exchange 2007 spam
> >> >> >>> confidence level?
> >> >> >>>
> >> >> >> we can't really tell since we didn't see the messages that made
> it
> >> >> >> through postfix+friends.
> >> >> >>
> >> >> >> if the messages contained a URI listed at uribl or surbl, then
> you
> >> >> could
> >> >> >> try using uribl/surbl via milter-link or via spamassassin (via
> >> >> >> amavisd-new).
> >> >> >>
> >> >> >> anyway, You can add spamassassin (via amavisd-new) to your chain
> and
> >> >> see
> >> >> >>  if it improves your filtering.
> >> >> >>
> >> >> > I am for sure one of the people that should keep his mouth shut
> since
> >> I
> >> >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and
> if I
> >> >> would purpose him another free solution then only something like
> CMR114
> >> or
> >> >> OSBF-Lua.
> >> >> >
> >> >>
> >> >> because I don't believe he will improve his filtering by adding more
> >> >> statistical filters (I think: if this was true, he can improve by
> >> better
> >> >> training/tuning of dspam).
> >> >>
> >> > Correct.
> >> >
> >> >
> >> >> In contrsat, adding a finely tuned heuristic
> >> >> filter will certainly improve his results.
> >> >>
> >> > True.
> >> >
> >> >
> >> >> on

Re: anti spam measures

2010-01-04 Thread LuKreme 

On Jan 4, 2010, at 16:08, Roman Gelfand  wrote:

would have expected you to
say, a MTA which ignores basic basic configuration rules doesn't
deserve that it's mail should be accepted.  In fact, this is the way I
feel about this.


Seconded.

Re: anti spam measures

2010-01-04 Thread Sahil Tandon 
On Mon, 04 Jan 2010, Steve wrote:

> > > > I think that mostly it was HELO response verification that did it.
> > > > BTW, is there a reason not block emails with incorrect HELO response?
> > > > 
> > > None really, unless you need to accept mail from misconfigured
> > > servers. (We do.)
> > > 
> > Most of do (I would guess).
> > 
> Stupid me. To fast typing:
> Most of us do (I would guess).

Indeed.  This is why macho declarations like "we don't accept mail from
misconfigured servers" are misguided.

-- 
Sahil Tandon