immediate bounce to the sender ?
Hello is it possible to immediately send bounce to a sender in case of problem on my server instead of delaying it ? thanks
Re: OT aol.com no mx record ???
Zitat von Ralf Hildebrandt : * Robert Schetterer : >> [snip] yes it changed again, so there should be no problem anymore Frankly I didn't see a problem before. Less idiots on the internet, where's the problem? Na,na... Sowas kurz vor Weihnachten Gruß & fröhliches Fest Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: Postfix and external content filter
On Tuesday 21 December 2010 17:56:29 Noel Jones wrote: > On 12/21/2010 11:46 AM, Stuart Bailey wrote: > > Hello, > > > > I have a postfix server accepting emails on port 25 from the > > Internet, and > > > > delivering to cyrus. > > > > There is another sever running Mail Marshall on Windows, that > > is used as the > > > > content filter. I have configured postfix master.cf as follows: > > > > smtp inet n - n - - smtpd > > > > -o content_filter=mm:[172.16.0.9]:25 > > > > -o receive_override_options=no_address_mappings > > > > mm unix - - - - 10 smtp > > > > -o smtp_send_xforward_command=yes > > > > -o disable_mime_output_conversion=yes > > > > -o disable_dns_lookups=yes > > > > -o smtp_generic_maps= > > > > 0.0.0.0:10027 inet n - - - - smtpd > > > > -o content_filter= > > > > -o local_recipient_maps= > > > > -o relay_recipient_maps= > > > > -o smtpd_restriction_classes= > > > > -o smtpd_delay_reject=no > > > > -o smtpd_client_restrictions=permit_mynetworks,reject > > > > -o smtpd_helo_restrictions= > > > > -o smtpd_sender_restrictions= > > > > -o smtpd_recipient_restrictions=permit_mynetworks,reject > > > > -o smtpd_data_restrictions=reject_unauth_pipelining > > > > -o smtpd_end_of_data_restrictions= > > > > -o mynetworks=127.0.0.0/8,172.16.0.0/16 > > > > -o smtpd_error_sleep_time=0 > > > > -o smtpd_soft_error_limit=1001 > > > > -o smtpd_hard_error_limit=1000 > > > > -o smtpd_client_connection_count_limit=0 > > > > -o smtpd_client_connection_rate_limit=0 > > > > -o > > > > receive_override_options=no_header_body_checks,no_unknown_recipient_check > >s > > > > Mail marshall is configured to send emails to port 10027. This > > works OK. > > > > However, if Mail Marshall detects SPAM, rather than modify the > > header and send > > > > it on, it responds directly with a 550 error code. > > Unfortunately, postfix then > > > > notifies the email originator that the message has bounced, > > generating > > > > backscatter. > > > > Is there anyway I can configure postfix to drop / discard > > these messages > > > > rather than notify the originator? > > If you can't configure mail marshall to tag+deliver or > quarantine, then it's unsuitable for use as a postfix > content_filter. > > You may be able to use mail marshall as a postfix > smtpd_proxy_filter, but that has performance implications you > will need to investigate. > http://www.postfix.org/SMTPD_PROXY_README.html > > >-- Noel Jones Thanks Noel, I'll try this today. Will this method work when SMTP_AUTH is enabled in Postfix? This is the main reason for directong mail to postfix before Mail Marshall, since Mail Marshall will not do SMTP_AUTH. -- Stuart Bailey BSc (hons) CEng CITP MBCS LinuSoft (Managing Director) Linux Specialist & Software Developer ~~~ Phone: (0845) 658 3563 Direct: +44 (0)1953 878162 Fax:+44 (0) 1603 858583 ~~~ http://www.linusoft.co.uk http://www.bluetoothadvertising.org.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: immediate bounce to the sender ?
On 12/22/10 10:07 AM, Frank Bonnet wrote: Hello is it possible to immediately send bounce to a sender in case of problem on my server instead of delaying it ? What kind of a problem ? You should not arbitrarily alter the default status codes postfix sends to clients; even though you can, it is not a good idea to do so unless you understand exactly what the ramifications are. -- J.
Re: immediate bounce to the sender ?
Le 22/12/2010 10:07, Frank Bonnet a écrit : Hello is it possible to immediately send bounce to a sender in case of problem on my server instead of delaying it ? what kind of problem? "problem on my server" is too wide/general. From a philosophical/meta-physical viewpoint, if there is a "problem on" your "server", no tuning of that server will help ;-p if tuning could help then I'd vote for "no problem on the server, never" concrete examples would help
Re: qmgr killed by signal 15
Le 20/12/2010 20:22, Jeff Morris a écrit : [snip] Interestingly, I also received one other off-list response to my email from someone else who is experiencing the exact smae problem. Despite *hours* of Googling, he is the only other person I've managed to come across with this same issue, and here's the kicker... he's on a VPS with 123Systems as well. So there's the commonality. I'm not one to believe in coincidences, so now I'm pretty much convinced that there must be something that 123Systems is doing which is causing this. Either they have some sort of monitoring running on the host which is somehow sending a SIGTERM to qmgr within the guest, or they have done something to their default CentOS image which is causing it (althoguh for the life of me I can't imagine what, since even if I replace the Postfix config files with the config from my other, working VPS, I still get this same behavior.) not sure if this is related, but did you see http://tech.groups.yahoo.com/group/postfix-users/message/269786 http://tech.groups.yahoo.com/group/postfix-users/message/270388 [snip]
multiple tables in header_checks
hai can i define multiple lookup tables in header_checks?.ie: header_checks = regexp:/etc/postfix/header.regexp, pcre:/etc/postfix/header.pcre thanks
DSN action code "expanded" with lmtp_assume_final=yes
Hello we are trying to improve the DSN support of our environment and have set "lmtp_assume_final=yes" at our final mailstore using Cyrus and LMTP over socket. The resulting DSN still set Final-Recipient: rfc822; x...@kwsoft.de Original-Recipient: rfc822;x...@kwsoft.de Action: expanded Status: 2.0.0 Diagnostic-Code: X-Postfix; alias expanded According to RFC 3464 2.3.3 i had expected to see "delivered" as this would be a "final" action code. Tested with Postfix 2.5.6 and 2.7.1, other related parameter are at default. Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: multiple tables in header_checks
On 12/22/10 1:10 PM, Hari Hendaryanto wrote: hai can i define multiple lookup tables in header_checks?.ie: header_checks = regexp:/etc/postfix/header.regexp, pcre:/etc/postfix/header.pcre thanks As documented: header_checks (default: empty) Optional lookup tables for content inspection of primary non-MIME message headers, as specified in the header_checks(5) manual page. Note "tableS". -- J.
Re: multiple tables in header_checks
On 12/22/2010 7:25 PM, Jeroen Geilman wrote: On 12/22/10 1:10 PM, Hari Hendaryanto wrote: hai can i define multiple lookup tables in header_checks?.ie: header_checks = regexp:/etc/postfix/header.regexp, pcre:/etc/postfix/header.pcre thanks As documented: header_checks (default: empty) Optional lookup tables for content inspection of primary non-MIME message headers, as specified in the header_checks(5) manual page. Note "tableS". ahh... thank you, i didn't notice that word
Re: Sender Reputation
Yes, in fact, I ended up using it. Thanks On Wed, Dec 22, 2010 at 2:40 AM, Robert Schetterer wrote: > Am 21.12.2010 23:11, schrieb Roman Gelfand: >> Actually, I am using dspam for content filter. I was looking to add >> sender reputation query results to message header. As it turns out >> opendkim did the trick. >> >> Thanks >> >> On Tue, Dec 21, 2010 at 4:18 PM, mouss wrote: >>> Le 21/12/2010 19:44, Stan Hoeppner a écrit : Roman Gelfand put forth on 12/21/2010 12:29 PM: > > Does anyone know of a server/software compatible with postfix that > performs sender reputation query? You need to be much more specific WRT "sender reputation" Roman. What _precisely_ are you asking us to answer? >>> >>> yeah. >>> >>> - "sender" is ambiguous. do you mean the client IP (or the client domain) or >>> do you mean the envelope sender address (j...@example.com, >>> *...@example.org)? >>> >>> - "reputation" is ambiguous. examples: "never sent spam", "should not send >>> email", "large mail origin", "residential ISP", "in the US", "usually signs >>> with DKIM", "has a strict SPF record", "uses MS Exchange", ... etc. >>> >>> postfix can check DNSBL (reject_rbl_client, ... etc). spamassassin can check >>> that and other stuff such as URIBL, SPF, DKIM, ... etc. >>> > > you may use http://www.dkim-reputation.org/ > too > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria >
Re: DSN action code "expanded" with lmtp_assume_final=yes
lst_ho...@kwsoft.de: > Hello > > we are trying to improve the DSN support of our environment and have > set "lmtp_assume_final=yes" at our final mailstore using Cyrus and > LMTP over socket. > The resulting DSN still set > > Final-Recipient: rfc822; x...@kwsoft.de > Original-Recipient: rfc822;x...@kwsoft.de > Action: expanded > Status: 2.0.0 > Diagnostic-Code: X-Postfix; alias expanded This really means what it says: some alias was expanded *before* LMTP got involved (this includes virtual aliasing. local aliasing, and ~/.forward file expansion). Wietse
How to change - resend recipient in the bounce queue
Dear Postfix Masters Some users have made mistake in the recipient email address. So the message turn into bounce queue that is normal. I would like to know : How to modify mails stored in the bounce queue to change the recipient addresses and put them into the working queue to resend them ? Best regards.
Re: Postfix and external content filter
On Wed, Dec 22, 2010 at 10:28:01AM +, Stuart Bailey wrote: > > You may be able to use mail marshall as a postfix > > smtpd_proxy_filter, but that has performance implications you > > will need to investigate. > > http://www.postfix.org/SMTPD_PROXY_README.html > > Thanks Noel, > I'll try this today. > > Will this method work when SMTP_AUTH is enabled in Postfix? This is the main > reason for directong mail to postfix before Mail Marshall, since Mail > Marshall will not do SMTP_AUTH. > It may well continue to work, but not necessarily. A pre-queue proxy is expected to be "transparent", in particular it must generally support or ignore all ESMTP features supported by Postfix, since largely the same SMTP commands will be sent through the proxy as were seen from the upstream client. This said, "STARTTLS" and "AUTH" are special, since these encrypt and or authenticate the delivery *channel*, which extends between the original client and the Internet facing MTA. So proxies DO NOT need to support the STARTTLS or AUTH SMTP commands, but MUST NOT object to: MAIL FROM: AUTH= OR MAIL FROM: AUTH=<> which may be sent by the connecting client (if that client is an MSA). -- Viktor.
Re: How to change - resend recipient in the bounce queue
On 12/22/10 2:41 PM, David Touzeau wrote: Dear Postfix Masters Some users have made mistake in the recipient email address. So the message turn into bounce queue that is normal. I would like to know : How to modify mails stored in the bounce queue to change the recipient addresses and put them into the working queue to resend them ? That is impossible. How does postfix know what the correct recipient address should be ? The purpose of the bounce message is to inform the sender of the mistake. Let it work as designed. -- J.
Re: How to change - resend recipient in the bounce queue
On Wed, Dec 22, 2010 at 02:41:04PM +0100, David Touzeau wrote: > Dear Postfix Masters > > Some users have made mistake in the recipient email address. > So the message turn into bounce queue that is normal. > > I would like to know : > > How to modify mails stored in the bounce queue to change the recipient > addresses and put them into the working queue to resend them ? Not generally possible. Bounces often do not contain complete copies of the original message. -- Viktor.
Re: DSN action code "expanded" with lmtp_assume_final=yes
Zitat von Wietse Venema : lst_ho...@kwsoft.de: Hello we are trying to improve the DSN support of our environment and have set "lmtp_assume_final=yes" at our final mailstore using Cyrus and LMTP over socket. The resulting DSN still set Final-Recipient: rfc822; x...@kwsoft.de Original-Recipient: rfc822;x...@kwsoft.de Action: expanded Status: 2.0.0 Diagnostic-Code: X-Postfix; alias expanded This really means what it says: some alias was expanded *before* LMTP got involved (this includes virtual aliasing. local aliasing, and ~/.forward file expansion). Wietse Ok, this means i can't get a "final" DSN if alias expansion happens before the LMTP delivery, no? We have smtpd (virtual-aliasing to user-id) --> transport-map (lmtp to socket) --> Cyrus LMTP Many Thanks Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: DSN action code "expanded" with lmtp_assume_final=yes
On Wed, Dec 22, 2010 at 02:54:02PM +0100, lst_ho...@kwsoft.de wrote: >> This really means what it says: some alias was expanded *before* >> LMTP got involved (this includes virtual aliasing. local >> aliasing, and ~/.forward file expansion). >> >> Wietse > > Ok, this means i can't get a "final" DSN if alias expansion happens before > the LMTP delivery, no? Because virtual aliasing is potentially many to one, and in any case constitutes final processing of the input address, a recipient resolved via virtual(5) is considered delivered. -- Viktor.
Re: DSN action code "expanded" with lmtp_assume_final=yes
lst_ho...@kwsoft.de: > we are trying to improve the DSN support of our environment and have > set "lmtp_assume_final=yes" at our final mailstore using Cyrus and > LMTP over socket. > The resulting DSN still set > > Final-Recipient: rfc822; x...@kwsoft.de > Original-Recipient: rfc822;x...@kwsoft.de > Action: expanded > Status: 2.0.0 > Diagnostic-Code: X-Postfix; alias expanded Wietse: > This really means what it says: some alias was expanded *before* > LMTP got involved (this includes virtual aliasing. local > aliasing, and ~/.forward file expansion). lst_ho...@kwsoft.de: > Ok, this means i can't get a "final" DSN if alias expansion happens > before the LMTP delivery, no? Postfix tries to minimize the damage from DSN. Postfix compares the result of virtual alias expansion, and it reports "alias expanded" ONLY when the alias produces a different result (the result is more than one address, or the result is only one address but it differs from the original one). RFC 3461 allows three options: 1 - Don't propagate DSN attributes down-stream, and send a "relayed" DSN. Postfix does not do this because it is too ugly. 2 - Propagate ENVID, (NOTIFY minus SUCCESS), RET, and ORCPT to the result from alias expansion and send an "expanded" DSN. This is what Postfix does (except for one-to-one virtual aliases that translate one address into itself). 3 - Propagate ENVID, NOTIFY, RET, and ORCPT to one result from alias expansion only, and send no DSN. Postfix does this with one-to-one virtual aliases that translate one address into itself. The only thing I can change without breaking RFC compliance is to do (3) for all one-on-one virtual aliases. That means Postfix will reveal the "hidden" address to anyone who asks for it (and this trick would not work for local aliases because Postfix does not expand local aliases before it decides what DSN to send. That would run local(8) out of memory when sending mail to a large mailing list). Wietse
Re: DSN action code "expanded" with lmtp_assume_final=yes
On Wed, Dec 22, 2010 at 09:35:59AM -0500, Wietse Venema wrote: > 3 - Propagate ENVID, NOTIFY, RET, and ORCPT to one result from > alias expansion only, and send no DSN. Postfix does this with > one-to-one virtual aliases that translate one address into > itself. > > The only thing I can change without breaking RFC compliance is to > do (3) for all one-on-one virtual aliases. I am curious why the OP is eager to so faithfully support DSN. In my case I explicitly disable "DSN" in the ESMTP response at the incoming perimeter gateway. If they accept the mail, the sending system should consider it delivered. The sender gets to know that the message left or failed to leave his organization, that's all I am willing to disclose. -- Viktor.
Re: DSN action code "expanded" with lmtp_assume_final=yes
* Victor Duchovni : > I am curious why the OP is eager to so faithfully support DSN. In my > case I explicitly disable "DSN" in the ESMTP response at the incoming > perimeter gateway. Yes, it causes nothing but grief. We had some sender who would ask for DSN, but then not accept it -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: DSN action code "expanded" with lmtp_assume_final=yes
Zitat von Victor Duchovni : On Wed, Dec 22, 2010 at 09:35:59AM -0500, Wietse Venema wrote: 3 - Propagate ENVID, NOTIFY, RET, and ORCPT to one result from alias expansion only, and send no DSN. Postfix does this with one-to-one virtual aliases that translate one address into itself. The only thing I can change without breaking RFC compliance is to do (3) for all one-on-one virtual aliases. I am curious why the OP is eager to so faithfully support DSN. In my case I explicitly disable "DSN" in the ESMTP response at the incoming perimeter gateway. If they accept the mail, the sending system should consider it delivered. The sender gets to know that the message left or failed to leave his organization, that's all I am willing to disclose. For a long time i also prayed "if you don't get a error all is fine". Unfortunately this is more and more not the case. After repeatedly disapearing mail in some content filters it was decided to try some more "modern" concept like DSN. So we set DSN for all outgoing mail (corporate environment). A system was setup which parses DSN reply and set a *visible* status for outgoing mail according to RFCs. As one can't demand something one is not willing to provide we like to *fully* honor DSN requests from clients. If we accept a mail at the border it will be delivered anyway to the user mailbox so sending out a "delivered" DSN status on request is no more disclosure anyway i guess. Many Thanks for your help Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: DSN action code "expanded" with lmtp_assume_final=yes
Zitat von Ralf Hildebrandt : * Victor Duchovni : I am curious why the OP is eager to so faithfully support DSN. In my case I explicitly disable "DSN" in the ESMTP response at the incoming perimeter gateway. Yes, it causes nothing but grief. We had some sender who would ask for DSN, but then not accept it That's why we like to fully accept it, because we ask for it on sending... Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: Postfix and external content filter
On 12/22/2010 4:28 AM, Stuart Bailey wrote: On Tuesday 21 December 2010 17:56:29 Noel Jones wrote: > On 12/21/2010 11:46 AM, Stuart Bailey wrote: > You may be able to use mail marshall as a postfix > smtpd_proxy_filter, but that has performance implications you > will need to investigate. > http://www.postfix.org/SMTPD_PROXY_README.html Thanks Noel, I'll try this today. Will this method work when SMTP_AUTH is enabled in Postfix? This is the main reason for directong mail to postfix before Mail Marshall, since Mail Marshall will not do SMTP_AUTH. Will AUTH work with MM as a proxy? Maybe, but I wouldn't expect it to. For AUTH to work properly, the solution is to enable the submission port 587 and have your clients use that. This gives you better separation of traffic and prevents your clients from being blocked if their ISP or hotspot blocks port 25. -- Noel Jones
Re: DSN action code "expanded" with lmtp_assume_final=yes
Zitat von Wietse Venema : lst_ho...@kwsoft.de: we are trying to improve the DSN support of our environment and have set "lmtp_assume_final=yes" at our final mailstore using Cyrus and LMTP over socket. The resulting DSN still set Final-Recipient: rfc822; x...@kwsoft.de Original-Recipient: rfc822;x...@kwsoft.de Action: expanded Status: 2.0.0 Diagnostic-Code: X-Postfix; alias expanded Wietse: This really means what it says: some alias was expanded *before* LMTP got involved (this includes virtual aliasing. local aliasing, and ~/.forward file expansion). lst_ho...@kwsoft.de: Ok, this means i can't get a "final" DSN if alias expansion happens before the LMTP delivery, no? Postfix tries to minimize the damage from DSN. Postfix compares the result of virtual alias expansion, and it reports "alias expanded" ONLY when the alias produces a different result (the result is more than one address, or the result is only one address but it differs from the original one). RFC 3461 allows three options: 1 - Don't propagate DSN attributes down-stream, and send a "relayed" DSN. Postfix does not do this because it is too ugly. Totaly aggreed. It's ugly and useless. 2 - Propagate ENVID, (NOTIFY minus SUCCESS), RET, and ORCPT to the result from alias expansion and send an "expanded" DSN. This is what Postfix does (except for one-to-one virtual aliases that translate one address into itself). That's the point where the "SUCCESS" get lost before reaching LMTP i guess. We do virtual aliasing (virtual_alias_maps) of the form external.mailaddr...@kwsoft.de --> u...@transport.internal and have a transport map like transport.internal lmtp:unix:/path/to/socket 3 - Propagate ENVID, NOTIFY, RET, and ORCPT to one result from alias expansion only, and send no DSN. Postfix does this with one-to-one virtual aliases that translate one address into itself. This will delegate the generation of DSN downstream. In our case this would be LMTP so "lmtp_assume_final" should get honored? The only thing I can change without breaking RFC compliance is to do (3) for all one-on-one virtual aliases. That means Postfix will reveal the "hidden" address to anyone who asks for it (and this trick would not work for local aliases because Postfix does not expand local aliases before it decides what DSN to send. That would run local(8) out of memory when sending mail to a large mailing list). Wietse The "hidden" address aka alias result will be included as "Final-Recipient" in the DSN, no? Is this field mandatory or may it be ommitted and only "Original-Recipient" sent back? This would be the important recipient anyway because it is the one the message was addressed to. Many Thanks for your help Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: DSN action code "expanded" with lmtp_assume_final=yes
On Wed, Dec 22, 2010 at 05:06:03PM +0100, lst_ho...@kwsoft.de wrote: > For a long time i also prayed "if you don't get a error all is fine". > Unfortunately this is more and more not the case. After repeatedly > disapearing mail in some content filters it was decided to try some more > "modern" concept like DSN. So we set DSN for all outgoing mail (corporate > environment). A system was setup which parses DSN reply and set a *visible* > status for outgoing mail according to RFCs. As one can't demand something > one is not willing to provide we like to *fully* honor DSN requests from > clients. This is an over-earnest mistake I think. You are not "demanding" DSN notices from clients. Rather, you providing your internal senders with best effort notice of email delivery to the recipient. In my case, not only do I not offer "DSN" in EHLO responses for inbound email, I also ignore "DSN" from remote servers in outbound traffic. Thus, (SUCCESS) DSN always tells my internal senders that mail has left our systems and is now the responsibility of the recipient's systems, and conversely remote senders know (from their own servers) that we took ownership of the mail. End-to-end DSN may do more harm than good... > If we accept a mail at the border it will be delivered anyway to the user > mailbox so sending out a "delivered" DSN status on request is no more > disclosure anyway i guess. I would recommend that you go further, and not advertise "DSN" in your inbound MTAs, and likewise ignore DSN in remote MTAs. Use DSN as a purely internal mechanism that informs senders that mail was accepted by the remote organization, with the notice always sent by the sender's outbound border MTA. -- Viktor.
Re: DSN action code "expanded" with lmtp_assume_final=yes
lst_ho...@kwsoft.de: Wietse: > 3 - Propagate ENVID, NOTIFY, RET, and ORCPT to one result from > alias expansion only, and send no DSN. Postfix does this with > one-to-one virtual aliases that translate one address into > itself. ... > The only thing I can change without breaking RFC compliance is to > do (3) for all one-on-one virtual aliases. That means Postfix will > reveal the "hidden" address to anyone who asks for it (and this > trick would not work for local aliases because Postfix does not > expand local aliases before it decides what DSN to send. That > would run local(8) out of memory when sending mail to a large > mailing list). > > The "hidden" address aka alias result will be included as > "Final-Recipient" in the DSN, no? Is this field mandatory or may it be > ommitted and only "Original-Recipient" sent back? This would be the > important recipient anyway because it is the one the message was > addressed to. I have sunk enormous amounts of time into the DSN implementation and am very happy that I have forgotten most of it. The important decisions are documented in comments, that is why I was able to summarize the three choices. Since you are the one who wants to report selectively, why don't you do the home work of finding the text that says what is and what is not required. Wietse
Re: DSN action code "expanded" with lmtp_assume_final=yes
Wietse Venema: > lst_ho...@kwsoft.de: > Wietse: > > 3 - Propagate ENVID, NOTIFY, RET, and ORCPT to one result from > > alias expansion only, and send no DSN. Postfix does this with > > one-to-one virtual aliases that translate one address into > > itself. > ... > > The only thing I can change without breaking RFC compliance is to > > do (3) for all one-on-one virtual aliases. That means Postfix will > > reveal the "hidden" address to anyone who asks for it (and this > > trick would not work for local aliases because Postfix does not > > expand local aliases before it decides what DSN to send. That > > would run local(8) out of memory when sending mail to a large > > mailing list). > > > > The "hidden" address aka alias result will be included as > > "Final-Recipient" in the DSN, no? Is this field mandatory or may it be > > ommitted and only "Original-Recipient" sent back? This would be the > > important recipient anyway because it is the one the message was > > addressed to. > > I have sunk enormous amounts of time into the DSN implementation > and am very happy that I have forgotten most of it. The important > decisions are documented in comments, that is why I was able to > summarize the three choices. > > Since you are the one who wants to report selectively, why don't > you do the home work of finding the text that says what is and what > is not required. FYI, the Final-Recipient field is required. Your best option is to limit the scope of DSN, so that it does not go across your organizational boundary, as described by Victor. In the gateway SMTP server, don't announce DSN to the outside world, and in the gateway SMTP client, ignore DSN announcements from the outside world. Wietse
my server being used for spam
Hello again, This time the question is simple: my server is being maliciously used to send spam, and this has to stop. Here are the log entries in question (latest ones): Dec 22 19:03:17 raptor postfix/smtpd[25021]: lost connection after RCPT from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25021]: disconnect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25077]: lost connection after RCPT from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25077]: disconnect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25076]: lost connection after RCPT from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25076]: disconnect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25075]: lost connection after RCPT from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25075]: disconnect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25072]: lost connection after RCPT from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25072]: disconnect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] *Dec 22 19:03:17 raptor postfix/smtpd[25021]: connect from ccibc.eu[89.121.199.170] Dec 22 19:03:17 raptor postfix/smtpd[25021]: 99EB51BC37B: client=ccibc.eu[89.121.199.170] Dec 22 19:03:17 raptor postfix/cleanup[25040]: 99EB51BC37B: message-id=<9be6032fa295cd8058abf1ed7f8dd...@ccibc.eu> Dec 22 19:03:18 raptor postfix/qmgr[23830]: 99EB51BC37B: from=, size=1307600, nrcpt=1 (queue active) Dec 22 19:03:18 raptor postfix/smtpd[25021]: disconnect from ccibc.eu[89.121.199.170]* *Dec 22 19:03:18 raptor postfix/smtp[25079]: 99EB51BC37B: to=, relay=none, delay=0.62, delays=0.61/0/0/0, dsn=5.4.6, status=bounced (m ail for djx.topedge.com loops back to myself) Dec 22 19:03:18 raptor postfix/cleanup[25040]: 42B741BC5C9: message-id=<20101222170318.42b741bc...@raptor.topedge.ro> Dec 22 19:03:18 raptor postfix/qmgr[23830]: 42B741BC5C9: from=<>, size=3425, nrcpt=1 (queue active) Dec 22 19:03:18 raptor postfix/bounce[25080]: 99EB51BC37B: sender non-delivery notification: 42B741BC5C9 Dec 22 19:03:18 raptor postfix/qmgr[23830]: 99EB51BC37B: removed* Dec 22 19:03:18 raptor postfix/smtpd[25077]: connect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:18 raptor postfix/smtpd[25076]: connect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:18 raptor postfix/smtpd[25075]: connect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:18 raptor postfix/smtpd[25072]: connect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:18 raptor postfix/smtpd[25021]: connect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] *Dec 22 19:03:18 raptor postfix/smtp[25081]: 42B741BC5C9: to=, relay=ccibc.eu[89.121.199.170]:25, delay=0.36, delays=0.03/0.01/0.2/0.11, dsn=2 .0.0, status=sent (250 2.0.0 Ok: queued as A298FD61C24) Dec 22 19:03:18 raptor postfix/qmgr[23830]: 42B741BC5C9: removed* Also, I'm having a lot of these kind of entries lately (*Dec 22 19:03:18 raptor postfix/qmgr[23830]: 42B741BC5C9: from=<>, size=3425, nrcpt=1 (queue active)*) with unknown sender. Unfortunately these bounces are what put my server on several backscatter lists. Is there any way to reject these kind of senders "<>" from start (reject_unknown_sender?). Is there any way to insert longer and longer delays for unauthorized connections such as the ones from 88.166.185.164 with each connection attempt? Something like proftpd's throttle module. Thank you and be kind. Point me to the right manual :)) Kind regards, -- Razvan Chitu Network Engineer
Re: my server being used for spam
On 12/22/2010 12:52 PM, Razvan Chitu wrote: > Hello again, > This time the question is simple: my server is being maliciously > used to send spam, and this has to stop. Here are the log entries in > question (latest ones): > > Dec 22 19:03:17 raptor postfix/smtpd[25021]: lost connection after RCPT > from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:17 raptor postfix/smtpd[25021]: disconnect from > dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:17 raptor postfix/smtpd[25077]: lost connection after RCPT > from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:17 raptor postfix/smtpd[25077]: disconnect from > dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:17 raptor postfix/smtpd[25076]: lost connection after RCPT > from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:17 raptor postfix/smtpd[25076]: disconnect from > dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:17 raptor postfix/smtpd[25075]: lost connection after RCPT > from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:17 raptor postfix/smtpd[25075]: disconnect from > dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:17 raptor postfix/smtpd[25072]: lost connection after RCPT > from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:17 raptor postfix/smtpd[25072]: disconnect from > dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > *Dec 22 19:03:17 raptor postfix/smtpd[25021]: connect from > ccibc.eu[89.121.199.170] > Dec 22 19:03:17 raptor postfix/smtpd[25021]: 99EB51BC37B: > client=ccibc.eu[89.121.199.170] > Dec 22 19:03:17 raptor postfix/cleanup[25040]: 99EB51BC37B: > message-id=<9be6032fa295cd8058abf1ed7f8dd...@ccibc.eu> > Dec 22 19:03:18 raptor postfix/qmgr[23830]: 99EB51BC37B: > from=, size=1307600, nrcpt=1 (queue active) > Dec 22 19:03:18 raptor postfix/smtpd[25021]: disconnect from > ccibc.eu[89.121.199.170]* > *Dec 22 19:03:18 raptor postfix/smtp[25079]: 99EB51BC37B: > to=, relay=none, delay=0.62, delays=0.61/0/0/0, > dsn=5.4.6, status=bounced (m > ail for djx.topedge.com loops back to myself) > Dec 22 19:03:18 raptor postfix/cleanup[25040]: 42B741BC5C9: > message-id=<20101222170318.42b741bc...@raptor.topedge.ro> > Dec 22 19:03:18 raptor postfix/qmgr[23830]: 42B741BC5C9: from=<>, > size=3425, nrcpt=1 (queue active) > Dec 22 19:03:18 raptor postfix/bounce[25080]: 99EB51BC37B: sender > non-delivery notification: 42B741BC5C9 > Dec 22 19:03:18 raptor postfix/qmgr[23830]: 99EB51BC37B: removed* > Dec 22 19:03:18 raptor postfix/smtpd[25077]: connect from > dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:18 raptor postfix/smtpd[25076]: connect from > dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:18 raptor postfix/smtpd[25075]: connect from > dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:18 raptor postfix/smtpd[25072]: connect from > dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > Dec 22 19:03:18 raptor postfix/smtpd[25021]: connect from > dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] > *Dec 22 19:03:18 raptor postfix/smtp[25081]: 42B741BC5C9: > to=, relay=ccibc.eu[89.121.199.170]:25, delay=0.36, > delays=0.03/0.01/0.2/0.11, dsn=2 > .0.0, status=sent (250 2.0.0 Ok: queued as A298FD61C24) > Dec 22 19:03:18 raptor postfix/qmgr[23830]: 42B741BC5C9: removed* > > Also, I'm having a lot of these kind of entries lately (*Dec 22 19:03:18 > raptor postfix/qmgr[23830]: 42B741BC5C9: from=<>, size=3425, nrcpt=1 > (queue active)*) with unknown sender. Unfortunately these > bounces are what put my server on several backscatter lists. Is there > any way to reject these kind of senders "<>" from start > (reject_unknown_sender?). Is there any way to insert longer and > longer delays for unauthorized connections such as the ones from > 88.166.185.164 with each connection attempt? Something like proftpd's > throttle module. > > Thank you and be kind. Point me to the right manual :)) > > Kind regards, > > -- > Razvan Chitu > Network Engineer > Is your server configured as an open relay? Show postconf -n output please. -Matt
Re: my server being used for spam
On Wed, 22 Dec 2010 19:52:03 +0200 Razvan Chitu wrote: > Hello again, > This time the question is simple: my server is being maliciously > used to send spam, and this has to stop. Here are the log entries in > question (latest ones): [snip] > Also, I'm having a lot of these kind of entries lately (*Dec 22 > 19:03:18 raptor postfix/qmgr[23830]: 42B741BC5C9: from=<>, size=3425, > nrcpt=1 (queue active)*) with unknown sender. Unfortunately these > bounces are what put my server on several backscatter lists. Is there > any way to reject these kind of senders "<>" from start > (reject_unknown_sender?). Is there any way to insert longer and > longer delays for unauthorized connections such as the ones from > 88.166.185.164 with each connection attempt? Something like proftpd's > throttle module. > > Thank you and be kind. Point me to the right manual :)) Stop accepting mail for non-existent users. > > Kind regards, > -- John
how to keep multiple recipients to different domains in one message?
Hello!
Could someone please tell me if and how I can control the grouping of
recipients in one delivery via pipe?
If I have a content filter and I want it to receive each recipient in
a seperate message I can have them split up with this:
default_destination_recipient_limit = 1
That works fine. But there doesn't seem to be a way to _force_ multiple
recipients. Reading pipe(8) it seems that it would be the normal behaviour
to not split up the recipients up to the configured limit (where the default
is 50). Accordingly the manpage doesn't say how to achieve that, if it does
not happen automatically. It seems that it does depend on the domains of the
recipients though.
I made myself a content filter like this:
127.0.0.1:25000 inet n - n - - smtpd
-o relay_recipient_maps=hash:/etc/postfix/valid_recipients
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o content_filter=my_filter
my_filter unix - n n - - pipe flags=q user=filteruser
null_sender= argv=/tmp/my_filter.sh
--
--sender=${sender}
--recipient=${recipient}
--nexthop=my_nexthop
The valid_recipients-map looks like this:
a...@aaa.test.de stmp:[127.0.0.1]:25001
a...@aaa.test.de stmp:[127.0.0.1]:25002
b...@bbb.test.de stmp:[127.0.0.1]:25001
b...@bbb.test.de stmp:[127.0.0.1]:25002
When I now send a mail to a1 and a2 my filter is called once, with both
recipients included. The same with b1 and b2. But if I mix a1 and b1 then
the filter is called twice, with only one recipient per call.
But I have not set any recipient_limit, so up to 50 recipients should remain
intact.
Also it does not seem to depend on the routing, because that is the
same for a1 and b1. Only the domain makes the difference.
The domains are nothing special, neither mydomain or myorigin or anything
like that.
So the question is: is it necessary for postfix to split up the recipients
which do not share a domainname? Are there any problems or dangers in
keeping all recipients together? Can this behaviour be configured?
The problem for me is, that my filter needs to know all the recipients at
the same time to take the proper action (which is otherwise not mail-
related).
I have postfix 2.7.1, by the way.
Thanks & all the best,
rob
--
tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH
Geschäftsführer: Boris Esser, Elmar Geese
HRB AG Bonn 5168 - USt-ID (VAT): DE122264941
Heilsbachstraße 24, 53123 Bonn, Telefon: +49 228 52675-0
Thiemannstraße 36 a, 12059 Berlin, Telefon: +49 30 5682943-30
Internet: http://www.tarent.de/ • Telefax: +49 228 52675-25
Re: how to keep multiple recipients to different domains in one message?
On Wed, Dec 22, 2010 at 07:03:24PM +0100, Robert Linden wrote: > Hello! > > Could someone please tell me if and how I can control the grouping of > recipients in one delivery via pipe? > If I have a content filter and I want it to receive each recipient in > a seperate message I can have them split up with this: > > default_destination_recipient_limit = 1 Better to replace "default" with the transport name of the filter. > That works fine. But there doesn't seem to be a way to _force_ multiple > recipients. Reading pipe(8) it seems that it would be the normal behaviour > to not split up the recipients up to the configured limit (where the default > is 50). Accordingly the manpage doesn't say how to achieve that, if it does > not happen automatically. It seems that it does depend on the domains of the > recipients though. > > I made myself a content filter like this: > > 127.0.0.1:25000 inet n - n - - smtpd > -o relay_recipient_maps=hash:/etc/postfix/valid_recipients > -o smtpd_recipient_restrictions=permit_mynetworks,reject > -o content_filter=my_filter Make that: content_filter="my_filter:dummy". Otherwise, each destination domain is a separate sub-queue. -- Viktor.
Re: how to keep multiple recipients to different domains in one message?
Robert Linden: > Hello! > > Could someone please tell me if and how I can control the grouping of > recipients in one delivery via pipe? Deliveries are grouped by the next-hop destination. The next-hop destination is either the recipient's domain, or the destination that you specify with (transport map, relayhost, or content_filter). In your case: the mistake is that you did not specify a destination with your content filter. To fix: content_filter = my_filter:dummy Wietse
Re: How to change - resend recipient in the bounce queue
On 12/22/10 6:56 PM, David Touzeau wrote: Thanks for the information but when domain recipient is not available but in DNS the message is kept for 5 days in the queue That is incorrect. Did you happen to set soft_bounce = yes ? If the DSN cannot be delivered, the original sender was spoofed, and you should not have accepted the message in the first place. Please reply to the LIST. Better is to try to modify it Le mercredi 22 décembre 2010 à 14:51 +0100, Jeroen Geilman a écrit : On 12/22/10 2:41 PM, David Touzeau wrote: > Dear Postfix Masters > > Some users have made mistake in the recipient email address. > So the message turn into bounce queue that is normal. > > I would like to know : > > How to modify mails stored in the bounce queue to change the recipient > addresses and put them into the working queue to resend them ? > That is impossible. How does postfix know what the correct recipient address should be ? The purpose of the bounce message is to inform the sender of the mistake. Let it work as designed. -- J.
Re: my server being used for spam
*For* non-existent or *From *non-existent? I never knew that Postfix had a reject_unknown_sender. Does it have any caveats that I should watch over? Thanks, C.R. On 12/22/2010 7:53 PM, John Peach wrote: On Wed, 22 Dec 2010 19:52:03 +0200 Razvan Chitu wrote: Hello again, This time the question is simple: my server is being maliciously used to send spam, and this has to stop. Here are the log entries in question (latest ones): [snip] Also, I'm having a lot of these kind of entries lately (*Dec 22 19:03:18 raptor postfix/qmgr[23830]: 42B741BC5C9: from=<>, size=3425, nrcpt=1 (queue active)*) with unknown sender. Unfortunately these bounces are what put my server on several backscatter lists. Is there any way to reject these kind of senders "<>" from start (reject_unknown_sender?). Is there any way to insert longer and longer delays for unauthorized connections such as the ones from 88.166.185.164 with each connection attempt? Something like proftpd's throttle module. Thank you and be kind. Point me to the right manual :)) Stop accepting mail for non-existent users. Kind regards, -- Razvan Chitu Network Engineer SC Top Edge Engineering SRL Addr: Str. Calea Bucuresti, Bl. M18b, Craiova, 200529, Romania Tel: 0251-413193 (int. 19) Fax: 0251-413977 Mobile: 0722-636488
Re: my server being used for spam
On Wed, 22 Dec 2010 20:23:51 +0200 Razvan Chitu wrote: > *For* non-existent or *From *non-existent? > I never knew that Postfix had a reject_unknown_sender. Does it have > any caveats that I should watch over? I wrote "for", which is what I meant and is why you get on backscatter lists. > > Thanks, > C.R. > > On 12/22/2010 7:53 PM, John Peach wrote: > > On Wed, 22 Dec 2010 19:52:03 +0200 > > Razvan Chitu wrote: > > > > > >> Hello again, > >> This time the question is simple: my server is being > >> maliciously used to send spam, and this has to stop. Here are the > >> log entries in question (latest ones): > >> > > [snip] > > > >> Also, I'm having a lot of these kind of entries lately (*Dec 22 > >> 19:03:18 raptor postfix/qmgr[23830]: 42B741BC5C9: from=<>, > >> size=3425, nrcpt=1 (queue active)*) with unknown sender. > >> Unfortunately these bounces are what put my server on several > >> backscatter lists. Is there any way to reject these kind of > >> senders "<>" from start (reject_unknown_sender?). Is there any way > >> to insert longer and longer delays for unauthorized connections > >> such as the ones from 88.166.185.164 with each connection attempt? > >> Something like proftpd's throttle module. > >> > >> Thank you and be kind. Point me to the right manual :)) > >> > > Stop accepting mail for non-existent users. > > > > > >> Kind regards, > >> > >> > > > > > -- John
windows avast - postfix 421 error
Server: Centos-5.5 postfix-2.3.3-2.1.centos.mysql_pgsql See server log below. Client: MS Windows XP 2002 sp3 avast-5.0.545 behind a NAT router 66.6.120.250 with avast mail scanner on: C:\telnet smtp 25 421 Connection to host lost C:\ with avast mail scanner off I get the normal: C:\telnet smtp 25 Trying 66.36.120.9... Connected to smtp.rockymountains.net (66.36.120.9). Escape character is '^]'. 220 smtp.rockymountains.net ESMTP Postfix [smtp log]# tail -f maillog | grep 66.36.120.250 Dec 22 11:15:36 smtp postfix/smtpd[8084]: connect from mcw-office.rockymountains.net[66.36.120.250] Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_hostaddr: 66.36.120.250 ~? 66.36.112.0/20 Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 220 smtp.rockymountains.net ESMTP Postfix Dec 22 11:15:36 smtp postfix/smtpd[8084]: < mcw-office.rockymountains.net[66.36.120.250]: EHLO Kitten Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-smtp.rockymountains.net Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-PIPELINING Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-SIZE 1024 Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-VRFY Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-ETRN Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH PLAIN Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_list_match: 66.36.120.250: no match Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH=PLAIN Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-ENHANCEDSTATUSCODES Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-8BITMIME Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250 DSN Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_hostaddr: 66.36.120.250 ~? 66.36.112.0/20 Dec 22 11:15:36 smtp postfix/smtpd[8084]: lost connection after EHLO from mcw-office.rockymountains.net[66.36.120.250] Dec 22 11:15:36 smtp postfix/smtpd[8084]: disconnect from mcw-office.rockymountains.net[66.36.120.250] I didn't send the EHLO command or anything of the other commands, I only did the "telnet smtp 25" command at the command prompt. Apparently avast sends those commands. I have used postfix for many years as the main server for a small town ISP (about 2000 email accounts) and had to replace an old server with this newer one. Many of my customers use avast/windows and can't send. Any ideas what avast does to trigger the (I assume) concurrency limit? Or better yet, what I can do to get it to stop? Maybe point me to a thread? My apologies in advance, if in my searches I somehow missed the thread that has already dealt with this. Joseph Conrad Mountain Computer Wizards, Inc. Buena Vista, Colorado
Re: windows avast - postfix 421 error
Le 22/12/2010 19:38, Joseph Conrad a écrit : Server: Centos-5.5 postfix-2.3.3-2.1.centos.mysql_pgsql See server log below. Client: MS Windows XP 2002 sp3 avast-5.0.545 behind a NAT router 66.6.120.250 with avast mail scanner on: C:\telnet smtp 25 421 Connection to host lost C:\ with avast mail scanner off I get the normal: C:\telnet smtp 25 Trying 66.36.120.9... Connected to smtp.rockymountains.net (66.36.120.9). Escape character is '^]'. 220 smtp.rockymountains.net ESMTP Postfix [smtp log]# tail -f maillog | grep 66.36.120.250 Dec 22 11:15:36 smtp postfix/smtpd[8084]: connect from mcw-office.rockymountains.net[66.36.120.250] Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_hostaddr: 66.36.120.250 ~? 66.36.112.0/20 Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 220 smtp.rockymountains.net ESMTP Postfix Dec 22 11:15:36 smtp postfix/smtpd[8084]:< mcw-office.rockymountains.net[66.36.120.250]: EHLO Kitten Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-smtp.rockymountains.net Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-PIPELINING Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-SIZE 1024 Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-VRFY Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-ETRN Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH PLAIN Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_list_match: 66.36.120.250: no match Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH=PLAIN Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-ENHANCEDSTATUSCODES Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-8BITMIME Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250 DSN Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_hostaddr: 66.36.120.250 ~? 66.36.112.0/20 Dec 22 11:15:36 smtp postfix/smtpd[8084]: lost connection after EHLO from mcw-office.rockymountains.net[66.36.120.250] Dec 22 11:15:36 smtp postfix/smtpd[8084]: disconnect from mcw-office.rockymountains.net[66.36.120.250] I didn't send the EHLO command or anything of the other commands, I only did the "telnet smtp 25" command at the command prompt. Apparently avast sends those commands. you should send them as well (mail programs will do)... but that's not the problem. Try sending with a real MUA (thunderbird, outlook) instead of using telnet and send the logs as you did for telnet. this is just to make sure avast is not detecting the use of the telnet binary/command. many people use avast without problems. so this is certainly a configuration issue. note that it is best to configure mailers to use the submission port with STARTTLS and SASL (AUTH) and configure the AV to "skip" such traffic. the AV would detect viruses when they enter the system and ignore flow when submitting mail, in which case, the AV on the postfix (clamav for example) will do the rest. I have used postfix for many years as the main server for a small town ISP (about 2000 email accounts) and had to replace an old server with this newer one. Many of my customers use avast/windows and can't send. Any ideas what avast does to trigger the (I assume) concurrency limit? Or better yet, what I can do to get it to stop? Maybe point me to a thread? My apologies in advance, if in my searches I somehow missed the thread that has already dealt with this. Joseph Conrad Mountain Computer Wizards, Inc. Buena Vista, Colorado
Re: my server being used for spam
Le 22/12/2010 18:52, Razvan Chitu a écrit : Hello again, This time the question is simple: my server is being maliciously used to send spam, and this has to stop. Here are the log entries in question (latest ones): Dec 22 19:03:17 raptor postfix/smtpd[25021]: lost connection after RCPT from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25021]: disconnect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25077]: lost connection after RCPT from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25077]: disconnect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25076]: lost connection after RCPT from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25076]: disconnect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25075]: lost connection after RCPT from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25075]: disconnect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25072]: lost connection after RCPT from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] Dec 22 19:03:17 raptor postfix/smtpd[25072]: disconnect from dan75-7-88-166-185-164.fbx.proxad.net[88.166.185.164] *Dec 22 19:03:17 raptor postfix/smtpd[25021]: connect from ccibc.eu[89.121.199.170] Dec 22 19:03:17 raptor postfix/smtpd[25021]: 99EB51BC37B: client=ccibc.eu[89.121.199.170] Dec 22 19:03:17 raptor postfix/cleanup[25040]: 99EB51BC37B: message-id=<9be6032fa295cd8058abf1ed7f8dd...@ccibc.eu> Dec 22 19:03:18 raptor postfix/qmgr[23830]: 99EB51BC37B: from=, size=1307600, nrcpt=1 (queue active) Dec 22 19:03:18 raptor postfix/smtpd[25021]: disconnect from ccibc.eu[89.121.199.170]* *Dec 22 19:03:18 raptor postfix/smtp[25079]: 99EB51BC37B: to=, relay=none, delay=0.62, delays=0.61/0/0/0, dsn=5.4.6, status=bounced (m ail for djx.topedge.com loops back to myself) FIX THIS! it would help a lot of you follow the directions in http://www.postfix.org/DEBUG_README.html#mail (you were told to do so when you subscribed to the list, but you may have missed that...). in particular, show the output of 'postconf -n'. and while you are at it, do you want mail for *...@djx.topedge.com? in absence of that, the two guesses of the day are: 1) if you have a NAT box, make sure to use proxy_interfaces = external.ip.of.box 2) you possibly want # postconf -e relay_domains= please do not run the command above unless you understand what it does and make sure it is good for you... [snip]
Length of a Postfix QueueID
How long is a Postfix queueid? Sometimes I'm seeing 10 Hex-Characters, sometimes 11 (on different machines, though). my machine (11): Dec 22 17:04:53 mail postfix/qmgr[2819]: 7B31 41C3 654: removed python.org (10): Dec 22 20:12:21 albatross postfix/qmgr[12586]: 47C8 CEE9 91: removed So what is the minimum? What is the maximum? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Length of a Postfix QueueID
Ralf Hildebrandt: > How long is a Postfix queueid? Sometimes I'm seeing 10 Hex-Characters, > sometimes 11 (on different machines, though). The current implementation, subject to change, uses the inode number followed by the (sub-second portion of the) time in microseconds. The maximal length is determined by the maximal inode number. Wietse > my machine (11): > Dec 22 17:04:53 mail postfix/qmgr[2819]: 7B31 41C3 654: removed > > python.org (10): > Dec 22 20:12:21 albatross postfix/qmgr[12586]: 47C8 CEE9 91: removed > > So what is the minimum? What is the maximum? > > -- > Ralf Hildebrandt > Gesch?ftsbereich IT | Abteilung Netzwerk > Charit? - Universit?tsmedizin Berlin > Campus Benjamin Franklin > Hindenburgdamm 30 | D-12203 Berlin > Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 > ralf.hildebra...@charite.de | http://www.charite.de > > >
Re: Length of a Postfix QueueID
On Wed, Dec 22, 2010 at 02:21:45PM -0500, Wietse Venema wrote: > Ralf Hildebrandt: > > How long is a Postfix queueid? Sometimes I'm seeing 10 Hex-Characters, > > sometimes 11 (on different machines, though). > > The current implementation, subject to change, uses the inode number > followed by the (sub-second portion of the) time in microseconds. > The maximal length is determined by the maximal inode number. Definitely subject to change, but for now: The 5 hex nibbles of microsecond time precede the hex nibbles of the inode number. This (deliberately or not) leads to better temporal locality of directory access when mail is piling in fast. With a hash depth of 1, all mail arriving during the same 1/16th of a second ends up in the same hash directory, with a hash depth of 2, a new directory is used ~245 times a second. The first 5 nibbles range from 0 to F423F, this is why you never see Postfix queue ids starting with F[5-9A-F], F4[3-F] or F42[4-F]. -- Viktor.
windows avast - postfix 421 error
Sorry, I failed to put postconf -n output in my first post... Server: Centos-5.5 postfix-2.3.3-2.1.centos.mysql_pgsql See server log below. Client: MS Windows XP 2002 sp3 avast-5.0.545 behind a NAT router 66.6.120.250 with avast mail scanner on: C:\telnet smtp 25 421 Connection to host lost C:\ with avast mail scanner off I get the normal: C:\telnet smtp 25 Trying 66.36.120.9... Connected to smtp.rockymountains.net (66.36.120.9). Escape character is '^]'. 220 smtp.rockymountains.net ESMTP Postfix [smtp log]# tail -f maillog | grep 66.36.120.250 Dec 22 11:15:36 smtp postfix/smtpd[8084]: connect from mcw-office.rockymountains.net[66.36.120.250] Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_hostaddr: 66.36.120.250 ~? 66.36.112.0/20 Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 220 smtp.rockymountains.net ESMTP Postfix Dec 22 11:15:36 smtp postfix/smtpd[8084]: < mcw-office.rockymountains.net[66.36.120.250]: EHLO Kitten Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-smtp.rockymountains.net Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-PIPELINING Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-SIZE 1024 Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-VRFY Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-ETRN Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH PLAIN Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_list_match: 66.36.120.250: no match Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH=PLAIN Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-ENHANCEDSTATUSCODES Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250-8BITMIME Dec 22 11:15:36 smtp postfix/smtpd[8084]: > mcw-office.rockymountains.net[66.36.120.250]: 250 DSN Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_hostaddr: 66.36.120.250 ~? 66.36.112.0/20 Dec 22 11:15:36 smtp postfix/smtpd[8084]: lost connection after EHLO from mcw-office.rockymountains.net[66.36.120.250] Dec 22 11:15:36 smtp postfix/smtpd[8084]: disconnect from mcw-office.rockymountains.net[66.36.120.250] [smtp log]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 debug_peer_list = 66.36.120.250, 66.36.120.1, 66.36.120.13 html_directory = no in_flow_delay = 1s inet_interfaces = localhost, 66.36.120.9, 66.36.120.12 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = 66.36.112.0/20, 65.183.79.0/24, 127.0.0.0/8 newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_type = dovecot unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual_domain virtual_alias_maps = hash:/etc/postfix/virtual I didn't send the EHLO command or anything of the other commands, I only did the "telnet smtp 25" command at the command prompt. Apparently avast sends those commands. I have used postfix for many years as the main server for a small town ISP (about 2000 email accounts) and had to replace an old server with this newer one. Many of my customers use avast/windows and can't send. Any ideas what avast does to trigger the (I assume) concurrency limit? Or better yet, what I can do to get it to stop? Maybe point me to a thread? My apologies in advance, if in my searches I somehow missed the thread that has already dealt with this. Joseph Conrad Mountain Computer Wizards, Inc. Buena Vista, Colorado
Re: windows avast - postfix 421 error
Have the users disable outbound e-mail scanning. I mean, if the file is on their hard drive, it's already been scanned for virii. To scan it again is silly. On 12/22/2010 12:04 PM, Joseph Conrad wrote: Sorry, I failed to put postconf -n output in my first post... Server: Centos-5.5 postfix-2.3.3-2.1.centos.mysql_pgsql See server log below. Client: MS Windows XP 2002 sp3 avast-5.0.545 behind a NAT router 66.6.120.250 with avast mail scanner on: C:\telnet smtp 25 421 Connection to host lost C:\ with avast mail scanner off I get the normal: C:\telnet smtp 25 Trying 66.36.120.9... Connected to smtp.rockymountains.net (66.36.120.9). Escape character is '^]'. 220 smtp.rockymountains.net ESMTP Postfix [smtp log]# tail -f maillog | grep 66.36.120.250 Dec 22 11:15:36 smtp postfix/smtpd[8084]: connect from mcw-office.rockymountains.net[66.36.120.250] Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_hostaddr: 66.36.120.250 ~? 66.36.112.0/20 Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 220 smtp.rockymountains.net ESMTP Postfix Dec 22 11:15:36 smtp postfix/smtpd[8084]:< mcw-office.rockymountains.net[66.36.120.250]: EHLO Kitten Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-smtp.rockymountains.net Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-PIPELINING Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-SIZE 1024 Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-VRFY Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-ETRN Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH PLAIN Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_list_match: 66.36.120.250: no match Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH=PLAIN Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-ENHANCEDSTATUSCODES Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250-8BITMIME Dec 22 11:15:36 smtp postfix/smtpd[8084]:> mcw-office.rockymountains.net[66.36.120.250]: 250 DSN Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_hostaddr: 66.36.120.250 ~? 66.36.112.0/20 Dec 22 11:15:36 smtp postfix/smtpd[8084]: lost connection after EHLO from mcw-office.rockymountains.net[66.36.120.250] Dec 22 11:15:36 smtp postfix/smtpd[8084]: disconnect from mcw-office.rockymountains.net[66.36.120.250] [smtp log]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 debug_peer_list = 66.36.120.250, 66.36.120.1, 66.36.120.13 html_directory = no in_flow_delay = 1s inet_interfaces = localhost, 66.36.120.9, 66.36.120.12 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = 66.36.112.0/20, 65.183.79.0/24, 127.0.0.0/8 newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_type = dovecot unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual_domain virtual_alias_maps = hash:/etc/postfix/virtual I didn't send the EHLO command or anything of the other commands, I only did the "telnet smtp 25" command at the command prompt. Apparently avast sends those commands. I have used postfix for many years as the main server for a small town ISP (about 2000 email accounts) and had to replace an old server with this newer one. Many of my customers use avast/windows and can't send. Any ideas what avast does to trigger the (I assume) concurrency limit? Or better yet, what I can do to get it to stop? Maybe point me to a thread? My apologies in advance, if in my searches I somehow missed the thread that has already dealt with this. Joseph Conrad Mountain Computer Wizards, Inc. Buena Vista, Colorado
Re: windows avast - postfix 421 error
Better keep the discussion on list. more eyes mean more chances to get real help... Le 22/12/2010 21:02, Joseph Conrad a écrit : [snip] Try sending with a real MUA (thunderbird, outlook) instead of using telnet and send the logs as you did for telnet. this is just to make sure avast is not detecting the use of the telnet binary/command. Same log with Outlook, Outlook Express and IncredaMail please tell us more. give all details (including the errors that you see in outlook). also, when you use telnet, what's shown with the 421 code? is there any text after it? are you running more than one anti-virus? are you running any other security software (firewall, ...) on your windows box? can you disable avast firewall (if any) and try again? anyway, your problem doesn't look like a postfix issue. you'll get more help on avast or other forums/list/... if it's an avast concurrent limit thing, you may want to look at: https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=570 https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=345&nav=0,65 good luck... [snip]
Re: windows avast - postfix 421 error
Le 22/12/2010 21:31, Evan Platt a écrit : Have the users disable outbound e-mail scanning. I mean, if the file is on their hard drive, it's already been scanned for virii. To scan it again is silly. The real role of the AV here is to block smtp except to the submission server. but that's only for "residential" users who don't have a firewall to do that. even for such users, a host firewall (Comodo is free) is a better tool at that. but not sure OP can ask his users to disable smtp scanning on their hosts. [snip]
Re: windows avast - postfix 421 error
On 12/22/2010 12:50 PM, mouss wrote: The real role of the AV here is to block smtp except to the submission server. but that's only for "residential" users who don't have a firewall to do that. even for such users, a host firewall (Comodo is free) is a better tool at that. but not sure OP can ask his users to disable smtp scanning on their hosts. I'm confused here - the Avast is at the end users computer, right? Pretty simple. If the user enables Avast mail scanning, and mail can't be sent, then they disable Avast e-mail scanning and it works, tell the user to disable e-mail scanning. Back when I worked at an ISP, we must have told that to users a dozen times a week.
RE: windows avast - postfix 421 error
> Better keep the discussion on list. more eyes mean more chances to get > real help... > > Le 22/12/2010 21:02, Joseph Conrad a écrit : >> [snip] >> >>> Try sending with a real MUA (thunderbird, outlook) instead of using >>> telnet and send the logs as you did for telnet. this is just to make >>> sure avast is not detecting the use of the telnet binary/command. >>> >> >> Same log with Outlook, Outlook Express and IncredaMail >> > > please tell us more. give all details (including the errors that you see > in outlook). An unknown error has occurred. Account: 'pop.rockymountains.net', Server: 'smtp.rockymountains.net', Protocol: SMTP, Server Response: '421 ', Port: 587, Secure(SSL): No, Server Error: 421, Error Number: 0x800CCC67 port 25 gives the same thing. > > also, when you use telnet, what's shown with the 421 code? is there any > text after it? What I posted was the complete conversation with the server, it drops me very quickly. > > are you running more than one anti-virus? are you running any other > security software (firewall, ...) on your windows box? Only running Avast, no firewall or anyother security programs, can't stand gooking up Windoze any more than it is! > > can you disable avast firewall (if any) and try again? When I disable avast outgoing mail scanning (per Evan Platt, thanks!) everything works. > > > anyway, your problem doesn't look like a postfix issue. you'll get more > help on avast or other forums/list/... I believe avast is triggering postfix's concurrent limiting, because I get the 421 error from the postfix server, not avast. When avast sends a 421 error, it looks different. > > > if it's an avast concurrent limit thing, you may want to look at: > > https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=570 > > https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=345&nav=0,65 > I had read these posts while searching for a solution prior to posting here. > > good luck... > >>[snip] > Thanks, sometimes it's better to be lucky than skilled! I keep hoping one of the big guys on this list will point out some stupid mistake I've made. Joseph Conrad
Re: windows avast - postfix 421 error
Joseph Conrad: > Dec 22 11:15:36 smtp postfix/smtpd[8084]: > > mcw-office.rockymountains.net[66.36.120.250]: 220 smtp.rockymountains.net > ESMTP Postfix > Dec 22 11:15:36 smtp postfix/smtpd[8084]: < > mcw-office.rockymountains.net[66.36.120.250]: EHLO Kitten > Dec 22 11:15:36 smtp postfix/smtpd[8084]: > > mcw-office.rockymountains.net[66.36.120.250]: 250-smtp.rockymountains.net > Dec 22 11:15:36 smtp postfix/smtpd[8084]: > > mcw-office.rockymountains.net[66.36.120.250]: 250-PIPELINING > Dec 22 11:15:36 smtp postfix/smtpd[8084]: > > mcw-office.rockymountains.net[66.36.120.250]: 250-SIZE 1024 > Dec 22 11:15:36 smtp postfix/smtpd[8084]: > > mcw-office.rockymountains.net[66.36.120.250]: 250-VRFY > Dec 22 11:15:36 smtp postfix/smtpd[8084]: > > mcw-office.rockymountains.net[66.36.120.250]: 250-ETRN > Dec 22 11:15:36 smtp postfix/smtpd[8084]: > > mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH PLAIN > Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_list_match: 66.36.120.250: > no match > Dec 22 11:15:36 smtp postfix/smtpd[8084]: > > mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH=PLAIN > Dec 22 11:15:36 smtp postfix/smtpd[8084]: > > mcw-office.rockymountains.net[66.36.120.250]: 250-ENHANCEDSTATUSCODES > Dec 22 11:15:36 smtp postfix/smtpd[8084]: > > mcw-office.rockymountains.net[66.36.120.250]: 250-8BITMIME > Dec 22 11:15:36 smtp postfix/smtpd[8084]: > > mcw-office.rockymountains.net[66.36.120.250]: 250 DSN > Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_hostaddr: 66.36.120.250 ~? > 66.36.112.0/20 > Dec 22 11:15:36 smtp postfix/smtpd[8084]: lost connection after EHLO from > mcw-office.rockymountains.net[66.36.120.250] > Dec 22 11:15:36 smtp postfix/smtpd[8084]: disconnect from > mcw-office.rockymountains.net[66.36.120.250] What is your evidence that POSTFIX sends 421? Wietse
Re: windows avast - postfix 421 error
Outlook Express error: An unknown error has occurred. Account: 'pop.rockymountains.net', Server: 'smtp.rockymountains.net', Protocol: SMTP, Server Response: '421 ', Port: 587, Secure(SSL): No, Server Error: 421, Error Number: 0x800CCC67 Says it comes from the server, but I guess that could come from avast... I read about avast giving 421 errors, but in every one of the posts avast included it's name. I have tried twice to get Ethereal for windows, but the file comes back corrupt. I am going to get it on another CentOS box and do some sniffing. Joe > Joseph Conrad: >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: > >> mcw-office.rockymountains.net[66.36.120.250]: 220 >> smtp.rockymountains.net >> ESMTP Postfix >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: < >> mcw-office.rockymountains.net[66.36.120.250]: EHLO Kitten >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: > >> mcw-office.rockymountains.net[66.36.120.250]: >> 250-smtp.rockymountains.net >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: > >> mcw-office.rockymountains.net[66.36.120.250]: 250-PIPELINING >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: > >> mcw-office.rockymountains.net[66.36.120.250]: 250-SIZE 1024 >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: > >> mcw-office.rockymountains.net[66.36.120.250]: 250-VRFY >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: > >> mcw-office.rockymountains.net[66.36.120.250]: 250-ETRN >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: > >> mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH PLAIN >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_list_match: >> 66.36.120.250: >> no match >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: > >> mcw-office.rockymountains.net[66.36.120.250]: 250-AUTH=PLAIN >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: > >> mcw-office.rockymountains.net[66.36.120.250]: 250-ENHANCEDSTATUSCODES >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: > >> mcw-office.rockymountains.net[66.36.120.250]: 250-8BITMIME >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: > >> mcw-office.rockymountains.net[66.36.120.250]: 250 DSN >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: match_hostaddr: 66.36.120.250 >> ~? >> 66.36.112.0/20 >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: lost connection after EHLO >> from >> mcw-office.rockymountains.net[66.36.120.250] >> Dec 22 11:15:36 smtp postfix/smtpd[8084]: disconnect from >> mcw-office.rockymountains.net[66.36.120.250] > > What is your evidence that POSTFIX sends 421? > > Wietse >
Fwd: Postfix SMTP server: errors from sc4-scan54.somehost.com[x.x.x.x]
Should I be worried when I see: root+:|sleep 5 as the username? -- Forwarded message -- From: Mail Delivery System Date: Wed, Dec 22, 2010 at 02:33 Subject: Postfix SMTP server: errors from sc4-scan54.someserver.com[x.x.x.x] To: Postmaster Transcript of session follows. Out: 220 someserver.com ESMTP Postfix In: HELO calistolabs.com Out: 250 someserver.com In: MAIL FROM: Out: 250 2.1.0 Ok In: RCPT TO: root+:"|sleep 5 #" Out: 550 5.1.1 : Recipient address rejected: User unknown in local recipient table Session aborted, reason: lost connection For other details, see the local mail logfile
Re: windows avast - postfix 421 error
Joseph Conrad: > Outlook Express error: > > An unknown error has occurred. Account: 'pop.rockymountains.net', Server: > 'smtp.rockymountains.net', Protocol: SMTP, Server Response: '421 ', Port: > 587, Secure(SSL): No, Server Error: 421, Error Number: 0x800CCC67 You mentioned that AVAST is playing man-in-the-middle between the mail application and the mail server. Like this: Outlook Express <=> AVAST <=> POSTFIX. Your logging shows that AVAST hangs up after POSTFIX replies to EHLO (or was it HELO), so this is evidence that POSTIX did not send 421. It would be a safe bet that AVAST was doing that instead. Wietse
Re: Fwd: Postfix SMTP server: errors from sc4-scan54.somehost.com[x.x.x.x]
John Brahy: > Should I be worried when I see: root+:|sleep 5 as the username? > > -- Forwarded message -- > From: Mail Delivery System > Date: Wed, Dec 22, 2010 at 02:33 > Subject: Postfix SMTP server: errors from sc4-scan54.someserver.com[x.x.x.x] > To: Postmaster > > > Transcript of session follows. > > ?Out: 220 someserver.com ESMTP Postfix > ?In: ?HELO calistolabs.com > ?Out: 250 someserver.com > ?In: ?MAIL FROM: > ?Out: 250 2.1.0 Ok > ?In: ?RCPT TO: root+:"|sleep 5 #" > ?Out: 550 5.1.1 : Recipient address rejected: User unknown > in > ? ? local recipient table > > Session aborted, reason: lost connection > > For other details, see the local mail logfile That depends on what NON-POSTFIX programs will handle the mail. POSTFIX does not care if the address has shell operators. Wietse
Re: windows avast - postfix 421 error
Guess Ethereal is WireShark, now. I dug through a dump with WS and didn't see 421 coming from the server. Not got mind around WireShark filters, yet. Yes, that does appear to be the way avast works, by jumping in between. When I telnet to port 25, avast jumps in and sends the EHLO then hangs up. Couldn't see the conversation from telnet, but it was logged by postfix when I turned on peer_debug. I have a trouble ticket with avast, but haven't seen a response. This is painfull, I have a lot of people (~2000) mad at me. OK, maybe just the ones that us avast... Joe > Joseph Conrad: >> Outlook Express error: >> >> An unknown error has occurred. Account: 'pop.rockymountains.net', >> Server: >> 'smtp.rockymountains.net', Protocol: SMTP, Server Response: '421 ', >> Port: >> 587, Secure(SSL): No, Server Error: 421, Error Number: 0x800CCC67 > > You mentioned that AVAST is playing man-in-the-middle between the > mail application and the mail server. > > Like this: Outlook Express <=> AVAST <=> POSTFIX. > > Your logging shows that AVAST hangs up after POSTFIX replies to > EHLO (or was it HELO), so this is evidence that POSTIX did not send > 421. It would be a safe bet that AVAST was doing that instead. > > Wietse >
postfix queue tuning
Hi all, I'm looking for some help of postfix server configuration. hope this is the right place to ask. I have a mail server running iRedMail (which is based on postfix). It sends mails to our subscribers every 4s. I think this doesn't seem to be a very heavy load. however, there're likely 140,000 mails congesting after several days' running. So I tried qshape to analyse the queue, and found that almost all mails are congesting in incoming queue, while active queue reaches it's limit of 20,000 mails. Mails rarely went to deferred queue. I think this means something reaches its limitation. So I checked the following features, and this is the result: 1. CPU is not busy at all 2. Almost 3GB memory left 3. 3.2MB/s disk IO write, 0.01MB/s read. 4. Less than 20 postfix process (while limitation is explicitly set to 100) There seems to be nothing wrong (or did I miss anything?). Can anybody provide some more information on locating the problem? Any help is appreciated. -- Regards, Yaoxing
Why use EGD instead of /dev/urandom in tls_random_source?
Obviously it is well understood that the security of cryptographic software, such as TLS, depends on good random numbers. Postfix's tlsmgr(8) maintains a PRNG pool, which is fed from an external source, configured via tls_random_source, typically /dev/urandom (default on Linux systems). Presumably, the tlsmgr's PRNG takes the data from the tls_random_source and mixes it around in its own pool. The TLS_README[0] talks about the possibility of specifying EGD as a random source, but I'm not sure why you would specify EGD directly as a random source because EGD keeps the kernel pool topped off. Data collected from whatever external hardware random source (eg. Simtec's Entropy Key[1]) is fed to EGD and mixed into /dev/urandom with entropy gathered by other sources by your computer. This is a /feature/ because if someone were able to know ahead of time the random bits the hardware device was emitting, it would be mixed with bits that they cannot know. If you specify EGD directly, you no longer get this mixing. So why would you change the tls_random_source to use EGD instead of /dev/urandom? Could it be because postfix's tls_daemon_random_bytes is set to 32bytes by default, but when EGD is specified tlsmgr is able to read up to 255bytes? This is what TLS_README says under the tlsmgr_controls[2] section: By default, tlsmgr(8) reads 32 bytes from the external entropy source at each seeding event. This amount (256bits) is more than sufficient for generating a 128bit symmetric key. With EGD and device entropy sources, the tlsmgr(8) limits the amount of data read at each step to 255 bytes. If you specify a regular file as entropy source, a larger amount of data can be read. If this is the reason, it seems like an unnecessary and arbitrary restriction on the number of bytes that tlsmgr will read, especially when the system's random pool is kept topped up by EGD and /dev/urandom would be able to handle a larger tls_daemon_random_bytes when EGD is being used. Having to use EGD directly to get a larger number of bytes means that you lose the benefit of having the EGD data mixed in with the system's random pool. micah 0. http://www.postfix.org/TLS_README.html 1. http://www.entropykey.co.uk/ 2. http://www.postfix.org/TLS_README.html#tlsmgr_controls -- pgpAUGJchemwT.pgp Description: PGP signature
Re: postfix queue tuning
Am 23.12.2010 04:59, schrieb Yaoxing: > Hi all, > I'm looking for some help of postfix server configuration. hope this is > the right place to ask. > I have a mail server running iRedMail (which is based on postfix). It > sends mails to our subscribers every 4s. I think this doesn't seem to be > a very heavy load. however, there're likely 140,000 mails congesting > after several days' running. So I tried qshape to analyse the queue, and > found that almost all mails are congesting in incoming queue, while > active queue reaches it's limit of 20,000 mails. Mails rarely went to > deferred queue. I think this means something reaches its limitation. So > I checked the following features, and this is the result: > 1. CPU is not busy at all > 2. Almost 3GB memory left > 3. 3.2MB/s disk IO write, 0.01MB/s read. > 4. Less than 20 postfix process (while limitation is explicitly set to 100) > There seems to be nothing wrong (or did I miss anything?). Can anybody > provide some more information on locating the problem? > Any help is appreciated. > Does your postfix check whether the recipients' exist on your side?
