Trace client
Hello,
I'm having problems with mail accumulating in the incoming queue under
heavy load (2500+ SMTPd processes). The queue manager stops for a long
time once in a while after trying to communicate with the "trace" client,
as shown in a trace from cleanup below:
--
open("public/qmgr", O_WRONLY|O_NONBLOCK) = 14
fstat64(14, {st_mode=S_IFIFO|0622, st_size=0, ...}) = 0
lstat64("public/qmgr", {st_mode=S_IFIFO|0622, st_size=0, ...}) = 0
fcntl64(14, F_GETFL)= 0x801 (flags O_WRONLY|O_NONBLOCK)
fcntl64(14, F_SETFL, O_WRONLY|O_NONBLOCK) = 0
poll([{fd=14, events=POLLOUT}], 1, 1) = 0
close(14) = 0
--
From what I've been able to piece together the communication in this
case flows as this:
qmgr->trace->cleanup->qmgr
Files accumulating in the incoming queue in this situation have mode
0700. Since this indicates that they are ready to be moved to the
active queue, it hints of a problem with the queue manager. Of
course, there's plenty of resources (memory, CPU, I/O) still available
in the server.
I've tried setting trigger_timeout to 1s but it doesn't help very much.
I found a very similar report from a while ago about the "bounce" client:
http://archives.neohapsis.com/archives/postfix/2000-12/0351.html
Wietse acknowledged the problem and released a solution a few days
later. I quote him below:
"The problem is that qmgr blocks while bouncing. At present, the
bounce client interface is synchronous: when bouncing mail, the
qmgr has to wait until the bounce message is queued, which involves
another cleanup daemon process, which produces another qmgr trigger.
Normally, all this happens in a split second. However, if the qmgr
FIFO is filled up, the cleanup process that queues the bounce
message will block $trigger_timeout seconds while attempting to
trigger the qmgr. And since the qmge is waiting for the bounce
message to be queued, qmgr also blocks for $trigger_timeout seconds,
which is undesirable.
So you guys have found a little deadlock that happens when mail
bounces while a lot of mail is being submitted so that the qmgr
FIFO fills up. Fortunately, Postfix has time limits on everything
so it survives the deadlock."
I've checked the Postfix release log and found the following related
entries:
20001208
Bugfix: while processing massive amounts of one-recipient
mail, qmgr could deadlock for 10 seconds while sending a
bounce message. All queue manager bounce send requests are
now implemented asynchronously. Files: global/abounce.[hc]
(asynchronous bounce client), qmgr/qmgr_active.c. Problem
reported by El Bunzo (webpower.nl) and Tiger Technologies
(tigertech.com).
20021116
New trace service. This is used for reporting if a recipient
is deliverable (sendmail -bv) and for producing a record
of delivery attempts (sendmail -v). The report is sent via
email, using the bounce daemon. Files: global/trace.[hc].
This required replacing the bounce/defer logfile format by
an extensible name=value format. Files: global/bounce_log.c,
bounce/bounce_append_service.c.
So here's my question: would it be possible to make the trace client
interface asynchronous as well? I believe it would help a lot in this
case, since I've tried disabling delivery status notifications and the problem
disappeared. The only messages I'm able to see in the incoming queue
in this situation have mode 0600 and that means the bottleneck (not a
very good term, since messages don't accumulate anymore) has shifted to
the cleanup process. Unfortunately, leaving DSNs off isn't an option for
me.
Thank you very much,
Eduardo Stelmaszczyk
Re: Trace client
On Mon, Apr 18, 2011 at 07:27:25AM -0300, Eduardo M. Stelmaszczyk wrote: > I'm having problems with mail accumulating in the incoming queue under > heavy load (2500+ SMTPd processes). The queue manager stops for a long > time once in a while after trying to communicate with the "trace" client, > as shown in a trace from cleanup below: Are you using "reject_unverified_sender" or "reject_unverified_recipient"? http://www.postfix.org/DEBUG_README.html#mail Is the load the cause or a symptom of the delay? What non-default entries are found in your master.cf file? -- Viktor.
Re: how add X-AntiAbuse header
2011/4/18 fakessh :
> I would like to add anti-abuse headers. I just spent a good little time to
> watch list archives and found no answers
>
> example of a header that I want to appear in my mail
>
> X-AntiAbuse: This header was added to track abuse, please include it with any
> abuse report
> X-AntiAbuse: Primary Hostname - medford.localsev.com
> X-AntiAbuse: Original Domain - hotmail.com
> X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
> X-AntiAbuse: Sender Address Domain - in-ex.s
Hi,
With MIMEDefang you can do that.
http://www.mimedefang.org/
For example:
/etc/mail/mimedefang-filter
action_add_header("X-AntiAbuse-Helo", "$Helo");
action_add_header("X-AntiAbuse-Relayhostname", "$RelayHostname");
action_add_header("X-AntiAbuse-Relayaddr", "$RelayAddr");
action_add_header("X-AntiAbuse-Sender", "$Sender ");
action_add_header("X-AntiAbuse-Score", "$hits ($score) $names");
and much more.
Best regards,
Morten
Re: Trace client
Eduardo M . Stelmaszczyk: > Hello, > > I'm having problems with mail accumulating in the incoming queue under > heavy load (2500+ SMTPd processes). The queue manager stops for a long > time once in a while after trying to communicate with the "trace" client, > as shown in a trace from cleanup below: Before we get into stracing processes and disscussing solutions, can you first report what Postfix is doing? Presumably, there is activity in the maillog file leading up to the trouble. It is even conceivable that there are warning messages, where Postfix is trying to tell you that something is not right. Wietse
Re: how add X-AntiAbuse header
Le lundi 18 avril 2011 13:10, Morten P.D. Stevens a écrit :
> 2011/4/18 fakessh :
> > I would like to add anti-abuse headers. I just spent a good little time
> > to watch list archives and found no answers
> >
> > example of a header that I want to appear in my mail
> >
> > X-AntiAbuse: This header was added to track abuse, please include it with
> > any abuse report
> > X-AntiAbuse: Primary Hostname - medford.localsev.com
> > X-AntiAbuse: Original Domain - hotmail.com
> > X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
> > X-AntiAbuse: Sender Address Domain - in-ex.s
>
> Hi,
>
> With MIMEDefang you can do that.
> http://www.mimedefang.org/
>
> For example:
>
> /etc/mail/mimedefang-filter
>
> action_add_header("X-AntiAbuse-Helo", "$Helo");
> action_add_header("X-AntiAbuse-Relayhostname", "$RelayHostname");
> action_add_header("X-AntiAbuse-Relayaddr", "$RelayAddr");
> action_add_header("X-AntiAbuse-Sender", "$Sender ");
> action_add_header("X-AntiAbuse-Score", "$hits ($score) $names");
>
> and much more.
>
> Best regards,
>
> Morten
thanks Morten
and how to configure In My postfix. I think as a type sid-milter milter or
other milter ,
enlighten me please.
Give me a specific example of configuration with postfix
--
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
pgpDbQCVnXxG0.pgp
Description: PGP signature
Re: how add X-AntiAbuse header
On 4/18/2011 6:46 AM, fakessh wrote:
Le lundi 18 avril 2011 13:10, Morten P.D. Stevens a écrit :
2011/4/18 fakessh:
I would like to add anti-abuse headers. I just spent a good little time
to watch list archives and found no answers
example of a header that I want to appear in my mail
X-AntiAbuse: This header was added to track abuse, please include it with
any abuse report
X-AntiAbuse: Primary Hostname - medford.localsev.com
X-AntiAbuse: Original Domain - hotmail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - in-ex.s
Hi,
With MIMEDefang you can do that.
http://www.mimedefang.org/
For example:
/etc/mail/mimedefang-filter
action_add_header("X-AntiAbuse-Helo", "$Helo");
action_add_header("X-AntiAbuse-Relayhostname", "$RelayHostname");
action_add_header("X-AntiAbuse-Relayaddr", "$RelayAddr");
action_add_header("X-AntiAbuse-Sender", "$Sender ");
action_add_header("X-AntiAbuse-Score", "$hits ($score) $names");
and much more.
Best regards,
Morten
thanks Morten
and how to configure In My postfix. I think as a type sid-milter milter or
other milter ,
enlighten me please.
Give me a specific example of configuration with postfix
Configuring postfix to use a milter is very easy.
1. configure your milter to listen on some local port. eg
127.0.0.1:2550
2. tell postfix to use that same port
# main.cf
smtpd_milters = inet:127.0.0.1:2550
That's all that is usually required.
All other configuration is done in the milter.
You can use a unix socket rather than a TCP port, but
sometimes the permissions and paths get a little tricky,
particularly if using chroot.
http://www.postfix.org/MILTER_README.html
-- Noel Jones
Re: Trace client
Eduardo M . Stelmaszczyk:
> Hello,
>
> I'm having problems with mail accumulating in the incoming queue under
> heavy load (2500+ SMTPd processes). The queue manager stops for a long
> time once in a while after trying to communicate with the "trace" client,
> as shown in a trace from cleanup below:
>
> --
> open("public/qmgr", O_WRONLY|O_NONBLOCK) = 14
> fstat64(14, {st_mode=S_IFIFO|0622, st_size=0, ...}) = 0
> lstat64("public/qmgr", {st_mode=S_IFIFO|0622, st_size=0, ...}) = 0
> fcntl64(14, F_GETFL)= 0x801 (flags O_WRONLY|O_NONBLOCK)
> fcntl64(14, F_SETFL, O_WRONLY|O_NONBLOCK) = 0
> poll([{fd=14, events=POLLOUT}], 1, 1) = 0
> close(14) = 0
The queue manager has a synchronous trace_flush() client, which is
used for DSN NOTIFY=SUCCESS notification, and for sender/recipient
address verification. This trace_flush() client is subject to delays
in the cleanup server:
- trigger_timeout (default 10s) when the qmgr FIFO is full. The
minumum value is 1.
- in_flow_delay (default 1s) when new mail gets ahead of deliveries.
To disable, use "in_flow_delay = 0".
I am not aware of other delays.
If your Postfix is doing address verification on a large scale,
that may not be a good idea.
If your Postfix is sending lots of DSN NOTIFY=SUCCESS messages for
SMTP mail, turn off DSN on the SMTP daemon. One example from
http://www.postfix.org/DSN_README.html shows this:
/etc/postfix/main.cf:
smtpd_discard_ehlo_keyword_address_maps =
cidr:/etc/postfix/esmtp_access
/etc/postfix/esmtp_access:
# Allow DSN requests from local subnet only
192.168.0.0/28 silent-discard
0.0.0.0/0 silent-discard, dsn
::/0silent-discard, dsn
Another option is
/etc/postfix/main.cf:
smtpd_discard_ehlo_keywords = silent-discard, dsn
meaning don't send DSN NOTIFY for anyone.
DSN was added long after the synchronous tls_flush() client
which was not designed for high volume.
Wietse
Postmaster Account Getting Spam
My default account is getting hammered with spam. I've got SA / Amavisd-new working and tagging the messages as ***spam*** however I've just re-configured SA to be a little more aggressive on scoring the messages. My question to the Postfix group is if I can configure a restriction in /etc/postfix directory to prevent repeat offenders from sending email to me. Someone a few years ago on this mailing list assisted me on configuring Postfix to use a 'client_access' & 'client_access.db' file to block IP's as shown below: 95.98.160.248 REJECT 190.64.194.12 REJECT I've noticed that I am now getting spam emails from several different hosts on one single network rather than from a particular host. Can I block the entire network as follows: 95.98.*REJECT I'm sure many on the list wouldn't do this on their personal mail server but I'm looking for a simple method that will stop the junk mail. I know the 'client_access' flat file works fine but it's very tedious to continuously add several IP's from the same network in when I can simply blanket the entire network. If legit mail is blocked due to this, I can review the rule at that time and see if it's safe to lift the block or white-list that one particular client I.P.
Re: Postmaster Account Getting Spam
* Carlos Mennens : > My default account is getting hammered with spam. I've > got SA / Amavisd-new working and tagging the messages as ***spam*** > however I've just re-configured SA to be a little more aggressive on > scoring the messages. My question to the Postfix group is if I can > configure a restriction in /etc/postfix directory to prevent repeat > offenders from sending email to me. Someone a few years ago on this > mailing list assisted me on configuring Postfix to use a > 'client_access' & 'client_access.db' file to block IP's as shown > below: > > 95.98.160.248 REJECT > 190.64.194.12 REJECT > > I've noticed that I am now getting spam emails from several different > hosts on one single network rather than from a particular host. Can I > block the entire network as follows: > > 95.98.*REJECT 95.98 REJECT -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
bcc maps
Hello All, I just wanted to confirm that if I create a recipient bcc map and have a messages forwarding basically to another address, if that additional address rejects the message it will go back to the sender? If so whats the real difference if I am doing a 1 to 1 bcc between that and adding a mailbox and then a comma separating the copied email address? Thanks! Jack
Re: bcc maps
Jack: > Hello All, > > I just wanted to confirm that if I create a recipient bcc map and have a > messages forwarding basically to another address, if that additional address > rejects the message it will go back to the sender? This depends on your Postfix version. Postfix < 2.3 will send a bounce message, later Postfix versions don't. The documentation for the automatic bcc features wasn't updated when DSN support was added with Postfix 2.3. Wietse
Re: Postmaster Account Getting Spam
On 04/18/11 10:07, Carlos Mennens wrote: > My default account is getting hammered with spam. I've > got SA / Amavisd-new working and tagging the messages as ***spam*** > however I've just re-configured SA to be a little more aggressive on > scoring the messages. My question to the Postfix group is if I can > configure a restriction in /etc/postfix directory to prevent repeat > offenders from sending email to me. Someone a few years ago on this > mailing list assisted me on configuring Postfix to use a > 'client_access' & 'client_access.db' file to block IP's as shown > below: > > 95.98.160.248 REJECT > 190.64.194.12 REJECT > > I've noticed that I am now getting spam emails from several different > hosts on one single network rather than from a particular host. Can I > block the entire network as follows: > > 95.98.*REJECT > > I'm sure many on the list wouldn't do this on their personal mail > server but I'm looking for a simple method that will stop the junk > mail. I know the 'client_access' flat file works fine but it's very > tedious to continuously add several IP's from the same network in when > I can simply blanket the entire network. If legit mail is blocked due > to this, I can review the rule at that time and see if it's safe to > lift the block or white-list that one particular client I.P. If you prevent anyone on that network from sending to postmaster, how are they going to let you know that there's a false positive?
Using rbl_reply_maps with zen
Hi,
I'm trying to configure postfix v2.7.3 on fedora with the best options
for utilizing RBLs, including zen, and was trying to implement
rbl_reply_maps (as per the STRESS_README of all places):
1 /etc/postfix/main.cf:
2 smtpd_client_restrictions =
3 permit_mynetworks
4 reject_rbl_client zen.spamhaus.org=127.0.0.10
5 reject_rbl_client zen.spamhaus.org=127.0.0.11
6 reject_rbl_client zen.spamhaus.org
7
8 rbl_reply_maps = hash:/etc/postfix/rbl_reply_maps
9
10 /etc/postfix/rbl_reply_maps:
11 # With Postfix 2.3-2.5 use "421" to hang up connections.
12 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
13 $rbl_class [$rbl_what] blocked using
14 $rbl_domain${rbl_reason?; $rbl_reason}
15
16 zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
17 $rbl_class [$rbl_what] blocked using
18 $rbl_domain${rbl_reason?; $rbl_reason}
More specifically, my rbl_reply_maps contains:
# With Postfix 2.3-2.5 use "421" to hang up connections.
zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
$rbl_class [$rbl_what] blocked using
$rbl_domain${rbl_reason?; $rbl_reason}
zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
$rbl_class [$rbl_what] blocked using
$rbl_domain${rbl_reason?; $rbl_reason}
When creating the rbl map, however, I receive the following:
[root@mail02t postfix]# postmap rbl_reply_maps
postmap: warning: rbl_reply_maps.db: duplicate entry: "$rbl_class"
postmap: warning: rbl_reply_maps.db: duplicate entry:
"$rbl_domain${rbl_reason?;"
What could I be doing wrong? Where can I find current (and
authoritative) information on UCE with the latest postfix? I've of
course found numerous references, but it seems there aren't any
documents in the last six or twelve months that explain how best to
configure RBLs and other antispam measures.
Thanks,
Alex
Re: Using rbl_reply_maps with zen
* Alex :
> Hi,
> I'm trying to configure postfix v2.7.3 on fedora with the best options
> for utilizing RBLs, including zen, and was trying to implement
> rbl_reply_maps (as per the STRESS_README of all places):
>
> 1 /etc/postfix/main.cf:
> 2 smtpd_client_restrictions =
> 3 permit_mynetworks
> 4 reject_rbl_client zen.spamhaus.org=127.0.0.10
> 5 reject_rbl_client zen.spamhaus.org=127.0.0.11
> 6 reject_rbl_client zen.spamhaus.org
> 7
> 8 rbl_reply_maps = hash:/etc/postfix/rbl_reply_maps
> 9
> 10 /etc/postfix/rbl_reply_maps:
> 11 # With Postfix 2.3-2.5 use "421" to hang up connections.
> 12 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
> 13 $rbl_class [$rbl_what] blocked using
> 14 $rbl_domain${rbl_reason?; $rbl_reason}
This needs to go on one line
> 16 zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
> 17 $rbl_class [$rbl_what] blocked using
> 18 $rbl_domain${rbl_reason?; $rbl_reason}
This needs to go on one line
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: Using rbl_reply_maps with zen
On Mon, 18 Apr 2011 13:54:11 -0400
Alex wrote:
Hi,
I'm trying to configure postfix v2.7.3 on fedora with the best
options
for utilizing RBLs, including zen, and was trying to implement
rbl_reply_maps (as per the STRESS_README of all places):
1 /etc/postfix/main.cf:
2 smtpd_client_restrictions =
3 permit_mynetworks
4 reject_rbl_client zen.spamhaus.org=127.0.0.10
5 reject_rbl_client zen.spamhaus.org=127.0.0.11
6 reject_rbl_client zen.spamhaus.org
7
8 rbl_reply_maps = hash:/etc/postfix/rbl_reply_maps
9
10 /etc/postfix/rbl_reply_maps:
11 # With Postfix 2.3-2.5 use "421" to hang up connections.
12 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
13 $rbl_class [$rbl_what] blocked using
14 $rbl_domain${rbl_reason?; $rbl_reason}
15
16 zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
17 $rbl_class [$rbl_what] blocked using
18 $rbl_domain${rbl_reason?; $rbl_reason}
More specifically, my rbl_reply_maps contains:
# With Postfix 2.3-2.5 use "421" to hang up connections.
zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
$rbl_class [$rbl_what] blocked using
$rbl_domain${rbl_reason?; $rbl_reason}
zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
$rbl_class [$rbl_what] blocked using
$rbl_domain${rbl_reason?; $rbl_reason}
When creating the rbl map, however, I receive the following:
[root@mail02t postfix]# postmap rbl_reply_maps
postmap: warning: rbl_reply_maps.db: duplicate entry: "$rbl_class"
postmap: warning: rbl_reply_maps.db: duplicate entry:
"$rbl_domain${rbl_reason?;"
What could I be doing wrong? Where can I find current (and
authoritative) information on UCE with the latest postfix? I've of
course found numerous references, but it seems there aren't any
documents in the last six or twelve months that explain how best to
configure RBLs and other antispam measures.
Thanks,
Alex
Did you indent the lines following each zen.spamhaus.org= as such:
zen.spamhaus.local=127.0.0.10 521 4.7.1 Service unavailable;
$rbl_class [$rbl_what] blocked using
$rbl_domain${rbl_reason?; $rbl_reason}
zen.spamhaus.local=127.0.0.11 521 4.7.1 Service unavailable;
$rbl_class [$rbl_what] blocked using
$rbl_domain${rbl_reason?; $rbl_reason}
Your list post doesn't show that.
Re: Postmaster Account Getting Spam
> 95.98.* REJECT # cidr_reject file 95.98.0.0/16 REJECT add reject_client_access cidr:/etc/postfix/cidr_reject to smtpd_*_restriction
Re: Postmaster Account Getting Spam
On 04/18/2011 04:07 PM, Carlos Mennens wrote: My default account is getting hammered with spam. I've got SA / Amavisd-new working and tagging the messages as ***spam*** however I've just re-configured SA to be a little more aggressive on scoring the messages. My question to the Postfix group is if I can configure a restriction in /etc/postfix directory to prevent repeat offenders from sending email to me. I'm sure many on the list wouldn't do this on their personal mail server Since it's mail TO a single recipient, I would not do this on a server at all. Just filter it out on the client using the mailbox the postmaster address is aliased to. That should be very simple if Spamassassin already scored it. -- J.
double mail delivery per user
We are testing a new mail server set-up. During this test period we want for some users deliver their mail as usual but we also want to send the mail to a second postfix mail server: the test environment. Our current working setup: mail filtering with greylist -> amavisd + spamassassin + dspam -> postfix. Final mail delivery with courier maildrop (LDAP support). All lookups (mail delivery address, mail alternate address, final destinations, mailrelays, canonical, etc) with (Open)LDAP lookups. If possible we want to define a mail transport rule per user stored in LDAP which solves the problem of single or multiple delivery. It must be possible but we can't think of any reasonable solution. Has anyone a suggestion how we can solve this problem? -- Regards, Ruud Baart
Re: double mail delivery per user
Ruud Baart put forth on 4/18/2011 5:22 PM: > We are testing a new mail server set-up. During this test period we want > for some users deliver their mail as usual but we also want to send the > mail to a second postfix mail server: the test environment. > > Our current working setup: mail filtering with greylist -> amavisd + > spamassassin + dspam -> postfix. Final mail delivery with courier > maildrop (LDAP support). > > All lookups (mail delivery address, mail alternate address, final > destinations, mailrelays, canonical, etc) with (Open)LDAP lookups. If > possible we want to define a mail transport rule per user stored in LDAP > which solves the problem of single or multiple delivery. > > It must be possible but we can't think of any reasonable solution. Has > anyone a suggestion how we can solve this problem? Please include 'postconf -n' output from the working production server and log entries demonstrating the undesired behavior you are seeing. If you believe any portion of the problem relates to the test Postfix server, include the same information for it as well. -- Stan
Re: how add X-AntiAbuse header
Le lundi 18 avril 2011 14:16, Noel Jones a écrit :
> On 4/18/2011 6:46 AM, fakessh wrote:
> > Le lundi 18 avril 2011 13:10, Morten P.D. Stevens a écrit :
> >> 2011/4/18 fakessh:
> >>> I would like to add anti-abuse headers. I just spent a good little time
> >>> to watch list archives and found no answers
> >>>
> >>> example of a header that I want to appear in my mail
> >>>
> >>> X-AntiAbuse: This header was added to track abuse, please include it
> >>> with any abuse report
> >>> X-AntiAbuse: Primary Hostname - medford.localsev.com
> >>> X-AntiAbuse: Original Domain - hotmail.com
> >>> X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
> >>> X-AntiAbuse: Sender Address Domain - in-ex.s
> >>
> >> Hi,
> >>
> >> With MIMEDefang you can do that.
> >> http://www.mimedefang.org/
> >>
> >> For example:
> >>
> >> /etc/mail/mimedefang-filter
> >>
> >> action_add_header("X-AntiAbuse-Helo", "$Helo");
> >> action_add_header("X-AntiAbuse-Relayhostname", "$RelayHostname");
> >> action_add_header("X-AntiAbuse-Relayaddr", "$RelayAddr");
> >> action_add_header("X-AntiAbuse-Sender", "$Sender ");
> >> action_add_header("X-AntiAbuse-Score", "$hits ($score) $names");
> >>
> >> and much more.
> >>
> >> Best regards,
> >>
> >> Morten
> >
> > thanks Morten
> >
> >
> > and how to configure In My postfix. I think as a type sid-milter milter
> > or other milter ,
> > enlighten me please.
> > Give me a specific example of configuration with postfix
>
> Configuring postfix to use a milter is very easy.
>
> 1. configure your milter to listen on some local port. eg
> 127.0.0.1:2550
>
> 2. tell postfix to use that same port
> # main.cf
> smtpd_milters = inet:127.0.0.1:2550
>
> That's all that is usually required.
>
> All other configuration is done in the milter.
>
> You can use a unix socket rather than a TCP port, but
> sometimes the permissions and paths get a little tricky,
> particularly if using chroot.
>
> http://www.postfix.org/MILTER_README.html
>
>
>
>-- Noel Jones
thanks Noel Jones for your return
it works correctly but I do not write to file mimedefang-filter instructions
for writing the header X-anti-abuse
--
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
pgpEFzWFDcZmF.pgp
Description: PGP signature
Re: how add X-AntiAbuse header
fakessh wrote: >hello postfix guru >hello wieste >hello mouss > > > > >I would like to add anti-abuse headers. I just spent a good little time to >watch list archives and found no answers > >example of a header that I want to appear in my mail > >X-AntiAbuse: This header was added to track abuse, please include it with any >abuse report >X-AntiAbuse: Primary Hostname - medford.localsev.com >X-AntiAbuse: Original Domain - hotmail.com >X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12] >X-AntiAbuse: Sender Address Domain - in-ex.s > > > >thanks > > >-- > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 > gpg --keyserver pgp.mit.edu --recv-key 092164A7
Re: how add X-AntiAbuse header
Le mardi 19 avril 2011 01:22, fakessh a écrit :
> Le lundi 18 avril 2011 14:16, Noel Jones a écrit :
> > On 4/18/2011 6:46 AM, fakessh wrote:
> > > Le lundi 18 avril 2011 13:10, Morten P.D. Stevens a écrit :
> > >> 2011/4/18 fakessh:
> > >>> I would like to add anti-abuse headers. I just spent a good little
> > >>> time to watch list archives and found no answers
> > >>>
> > >>> example of a header that I want to appear in my mail
> > >>>
> > >>> X-AntiAbuse: This header was added to track abuse, please include it
> > >>> with any abuse report
> > >>> X-AntiAbuse: Primary Hostname - medford.localsev.com
> > >>> X-AntiAbuse: Original Domain - hotmail.com
> > >>> X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
> > >>> X-AntiAbuse: Sender Address Domain - in-ex.s
> > >>
> > >> Hi,
> > >>
> > >> With MIMEDefang you can do that.
> > >> http://www.mimedefang.org/
> > >>
> > >> For example:
> > >>
> > >> /etc/mail/mimedefang-filter
> > >>
> > >> action_add_header("X-AntiAbuse-Helo", "$Helo");
> > >> action_add_header("X-AntiAbuse-Relayhostname", "$RelayHostname");
> > >> action_add_header("X-AntiAbuse-Relayaddr", "$RelayAddr");
> > >> action_add_header("X-AntiAbuse-Sender", "$Sender ");
> > >> action_add_header("X-AntiAbuse-Score", "$hits ($score) $names");
> > >>
> > >> and much more.
> > >>
> > >> Best regards,
> > >>
> > >> Morten
> > >
> > > thanks Morten
> > >
> > >
> > > and how to configure In My postfix. I think as a type sid-milter milter
> > > or other milter ,
> > > enlighten me please.
> > > Give me a specific example of configuration with postfix
> >
> > Configuring postfix to use a milter is very easy.
> >
> > 1. configure your milter to listen on some local port. eg
> > 127.0.0.1:2550
> >
> > 2. tell postfix to use that same port
> > # main.cf
> > smtpd_milters = inet:127.0.0.1:2550
> >
> > That's all that is usually required.
> >
> > All other configuration is done in the milter.
> >
> > You can use a unix socket rather than a TCP port, but
> > sometimes the permissions and paths get a little tricky,
> > particularly if using chroot.
> >
> > http://www.postfix.org/MILTER_README.html
> >
> >
> >
> >-- Noel Jones
>
> thanks Noel Jones for your return
>
> it works correctly but I do not write to file mimedefang-filter
> instructions for writing the header X-anti-abuse
thanks all
it's work fine greet RTFM with perl
header X-AntiAbuse inserted
greet
nb : i make a post on my blog for explain
--
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
pgphtszsvLE0D.pgp
Description: PGP signature
Re: double mail delivery per user
On Tue, 2011-04-19 at 00:22:33 +0200, Ruud Baart wrote: > We are testing a new mail server set-up. During this test period we > want for some users deliver their mail as usual but we also want to > send the mail to a second postfix mail server: the test environment. [ .. ] > It must be possible but we can't think of any reasonable solution. > Has anyone a suggestion how we can solve this problem? Have you tried virtual aliases? -- Sahil Tandon
Re: Using rbl_reply_maps with zen
Hi,
>> 10 /etc/postfix/rbl_reply_maps:
>> 11 # With Postfix 2.3-2.5 use "421" to hang up connections.
>> 12 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
>> 13 $rbl_class [$rbl_what] blocked using
>> 14 $rbl_domain${rbl_reason?; $rbl_reason}
>
> This needs to go on one line
Ah, thanks, that did it. It should have been more obvious to me.
Thanks again,
Alex
Procmail and permissions problem
Hi,
I've just set up a fedora14 box with postfix v2.7.3, and would like to
use procmail as the delivery agent. In previous systems I've set up,
procmail was setuid root, but on this one it is not. Without it, it
seems it can't write the spool file:
Apr 18 21:39:58 mail02t postfix/local[12142]: 3B07E60053:
to=, relay=local, delay=0.26,
delays=0.13/0.01/0/0.12, dsn=5.2.0, status=bounced (can't create user
output file. Command output: procmail: Couldn't create
"/var/spool/mail/munin" )
Apr 18 21:39:58 mail02t postfix/local[12130]: 3AA966006D:
to=, orig_to=, relay=local, delay=20987,
delays=20987/0.01/0/0.12, dsn=5.2.0, status=bounced (can't create user
output file. Command output: procmail: Couldn't create
"/var/spool/mail/nobody" )
What is the proper way to enable procmail to deliver mail? I've seen
too many varied answers when searching. I've set mailbox_command to
procmail. In case it's necessary, I've included my postconf below. I'd
sure appreciate any ideas you may have.
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/aliases
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks.pcre
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 20
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 5d
message_size_limit = 1024
mydestination = $myhostname, localhost.$mydomain
mydomain = inside.example.com
myhostname = mail02t.example.com
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.6.0/24
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
readme_directory = /usr/share/doc/postfix-2.7.3/README_FILES
relay_domains = $mydestination, $transport_maps
sample_directory = /usr/share/doc/postfix-2.7.3/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_CAfile = /etc/pki/tls/cacert.pem
smtpd_recipient_restrictions =
permit_sasl_authenticated, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain,reject_unauth_pipelining,
reject_unauth_destination, permit_mynetworks, reject_rbl_client
zen.spamhaus.org=127.0.0.10 reject_rbl_client
zen.spamhaus.org=127.0.0.11 reject_rbl_client
zen.spamhaus.orgcheck_client_access
hash:/etc/postfix/client_checks,reject_invalid_hostname,
reject_non_fqdn_hostname, check_helo_access
hash:/etc/postfix/helo_checks, check_recipient_access
pcre:/etc/postfix/recipient_checks, check_sender_access
hash:/etc/postfix/sender_checks,check_client_access
hash:/etc/postfix/client_checks,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname, mail02t.example.com
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_sender_login_mismatch
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
Thanks,
Alex
Re: Procmail and permissions problem
Hi, >> I've just set up a fedora14 box with postfix v2.7.3, and would like to >> use procmail as the delivery agent. In previous systems I've set up, >> procmail was setuid root, but on this one it is not. Without it, it >> seems it can't write the spool file: >> >> Apr 18 21:39:58 mail02t postfix/local[12142]: 3B07E60053: >> to=, relay=local, delay=0.26, >> delays=0.13/0.01/0/0.12, dsn=5.2.0, status=bounced (can't create user >> output file. Command output: procmail: Couldn't create >> "/var/spool/mail/munin" ) >> Apr 18 21:39:58 mail02t postfix/local[12130]: 3AA966006D: >> to=, orig_to=, relay=local, delay=20987, >> delays=20987/0.01/0/0.12, dsn=5.2.0, status=bounced (can't create user >> output file. Command output: procmail: Couldn't create >> "/var/spool/mail/nobody" ) >> > Can you post the output of command "ls -la /var/spool/mail" ? > Most of this problem was caused by wrong permission [root@fc14 ~]# ls -ld /var/spool/mail drwxrwxr-x. 2 root mail 4096 Mar 31 13:25 /var/spool/mail The directory itself is empty. I could set the directory sgid mail, but then users would be able to reach each other's mail, no? All users are not in group mail, anyway. Thanks, Alex
