Re: OT: Yahoo spam load (was: Dead Destination configuration)

[Steve]

 Original-Nachricht 
> Datum: Fri, 2 Dec 2011 12:15:34 -0800 (PST)
> Von: Steve Fatula 
> An: Postfix users 
> Betreff: Re: OT: Yahoo spam load (was: Dead Destination configuration)

> From: Wietse Venema 
> >To: postfix-users@postfix.org 
> >Sent: Friday, December 2, 2011 8:42 AM
> >Subject: OT: Yahoo spam load (was: Dead Destination configuration)
> > 
> >To get some idea of Yahoo spam load (and keyword trends) see
> >http://visualize.yahoo.com/ and click the green buttons.
> >
> > 
> >I wish there was a chart for spam sent FROM yahoo. 99% of our spam comes
> from yahoo (that gets through postscreen).
> 
On my end it is hotmail. Anyway postscreen is as good as you configure and 
use it. There is IMHO no universal valid conclusion about quality when you 
write "that goes through postscreen".

IMHO there is a reason for content filters. They are able to catch those 
remaining messages passing such filter types like postscreen. From the 
viewpoint of such filters (like postscreen) the mail coming from yahoo (or in 
my case hotmail) are legitimate since they are coming from the proper sources, 
obey EHLO/HELO delays, are often digitally signed, are in no blacklist, etc...


> Steve
> 
Steve
-- 
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!   
Jetzt informieren: http://www.gmx.net/de/go/freephone

Re: Rewriting FROM, TO and CC

[Jim Seymour]

On Sun, 4 Dec 2011 08:04:44 +0100
Ignacio  wrote:

[snip]
> 
> The application connects to a smtp server and sent an e-mail as:
> SENDER: user1@domain
> TO: user2@domain;user3@domain
> 
> >From this smtp server we would like to relay e-mail to Corporate
> >Exchange
> server.This server needs authentication to relay e-mail. Since user1
> password changes every week, we would like to set a generic user
> whose password will not change. Therefore, sender must be changed to
> genericuser@domain.
[snip]

Why don't you just set up an alias on the Postfix server that expands
to the recipients you want, and have the application send to the
alias?

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at .

Re: Low Budget Backups

[Jim Seymour]

On Sat, 3 Dec 2011 19:00:55 -0800 (PST)
email builder  wrote:

> 
[snip]
> 
> OK, rsync it is.  
> 
> Can you restore a system crash with a simple
> rsync backed set of duplicate files?
[snip]

Never tried it :p  I suspect not.

TBH: Other than a Unix SYS3 installation, running on a Motorola Delta
box, that was trashed because it was in the middle of an fsck when
the power came back up, and the power twitched again (which will do it
every time on a non-journaled filesystem), I've never had an actual
all-out "crash," per se.  I've had some pretty badly-mangled
filesystems, but nothing I couldn't eventually recover with the aid
of a few file-by-file copies from tape backup.

Then again: My policiy is that if it's important: It's on a RAID
array.

I could probably make my rsync-driven backup script available to you,
if you'd like.  It's production-quality code and I *believe* it's
ready for release.  It's been in-use on my server, here at home,
since February of this year.  The only reason I haven't released it,
yet, is because, well, I kind of never got around to it :p.

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at .

Re: Rewriting FROM, TO and CC

[Ignacio]

Hello Jim,

Thank you very much, but there are more than 1000 possible options, and
they change almost every week. It depends on projects and people involved
in them.

Regards.


On Sun, Dec 4, 2011 at 2:46 PM, Jim Seymour  wrote:

> On Sun, 4 Dec 2011 08:04:44 +0100
> Ignacio  wrote:
>
> [snip]
> >
> > The application connects to a smtp server and sent an e-mail as:
> > SENDER: user1@domain
> > TO: user2@domain;user3@domain
> >
> > >From this smtp server we would like to relay e-mail to Corporate
> > >Exchange
> > server.This server needs authentication to relay e-mail. Since user1
> > password changes every week, we would like to set a generic user
> > whose password will not change. Therefore, sender must be changed to
> > genericuser@domain.
> [snip]
>
> Why don't you just set up an alias on the Postfix server that expands
> to the recipients you want, and have the application send to the
> alias?
>
> Regards,
> Jim
> --
> Note: My mail server employs *very* aggressive anti-spam
> filtering.  If you reply to this email and your email is
> rejected, please accept my apologies and let me know via my
> web form at .
>

Re: Rewriting FROM, TO and CC

[Reindl Harald]

and how does it make a change to configure alias-groups or some
strange header-rewirtes permanently?

again:
it does not make sense to reqirte from/to/cc on an MTA
because the application is too dumb to set the rcpt
which are wanted and CC/FROM does not interest the
MTA because this are only headers

take a look at the smtp references to understand the basics how smtp
is working, the mTA is not intrested in the headers

Am 04.12.2011 17:37, schrieb Ignacio:
> Thank you very much, but there are more than 1000 possible options, and they 
> change almost every week. It depends
> on projects and people involved in them.
> 
> 
> On Sun, Dec 4, 2011 at 2:46 PM, Jim Seymour  > wrote:
> 
> On Sun, 4 Dec 2011 08:04:44 +0100
> Ignacio mailto:sanfermi...@gmail.com>> wrote:
> 
> [snip]
> >
> > The application connects to a smtp server and sent an e-mail as:
> > SENDER: user1@domain
> > TO: user2@domain;user3@domain
> >
> > >From this smtp server we would like to relay e-mail to Corporate
> > >Exchange
> > server.This server needs authentication to relay e-mail. Since user1
> > password changes every week, we would like to set a generic user
> > whose password will not change. Therefore, sender must be changed to
> > genericuser@domain.
> [snip]
> 
> Why don't you just set up an alias on the Postfix server that expands
> to the recipients you want, and have the application send to the
> alias?
> 
> Regards,
> Jim
> --
> Note: My mail server employs *very* aggressive anti-spam
> filtering.  If you reply to this email and your email is
> rejected, please accept my apologies and let me know via my
> web form at .
> 
> 

-- 

Mit besten Grüßen, Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/

http://www.thelounge.net/signature.asc.what.htm



signature.asc
Description: OpenPGP digital signature

Re: Rewriting FROM, TO and CC

[Jim Seymour]

On Sun, 4 Dec 2011 17:37:31 +0100
Ignacio  wrote:

> Hello Jim,
> 
> Thank you very much, but there are more than 1000 possible options,
> and they change almost every week. It depends on projects and
> people involved in them.

One of us is confused.  How would creating an alias and running
newaliases be any harder then mangling the headers (if the latter
would work, which it will not)?

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at .

Re: Rewriting FROM, TO and CC

[/dev/rob0]

Please stop top-posting your replies. Thank you.

On Sunday 04 December 2011 01:04:44 Ignacio wrote:
> Fixing the application is not possible since we don't own
> source code and owner company doesn't want to change it.
> On the application we are just be able to set a smtp server.

A good example of why not to trust proprietary software for your 
important tasks.

> English is not my first language so I probably haven't explain
> the problem very well. I will do my best right now.

This is not a language barrier; this is a ... protocol barrier. It 
seems that you do not understand mail and SMTP very well. Your OP 
sounded as if the headers needed to change for some reason. Since we 
now know that envelope senders and recipients are what matters, it's 
time to move beyond.

Unfortunately elsewhere in the thread you indicated that your example 
sender and recipients are not static. In this post I am again 
answering what you said, not what you might have meant.

> The application connects to a smtp server and sent an e-mail as:
> SENDER: user1@domain
> TO: user2@domain;user3@domain
> 
> From this smtp server we would like to relay e-mail to Corporate
> Exchange server.This server needs authentication to relay e-mail.
> Since user1 password changes every week, we would like to set a
> generic user whose password will not change. Therefore, sender
> must be changed to genericuser@domain.

For the rewriting:
http://www.postfix.org/ADDRESS_REWRITING_README.html#canonical
http://www.postfix.org/postconf.5.html#sender_canonical_maps
http://www.postfix.org/canonical.5.html

For the authentication:
http://www.postfix.org/SASL_README.html#client_sasl
http://www.postfix.org/postconf.5.html#smtp_sasl_password_maps

> Also it is needed that
> original sender (user1@domain) became a recipient of e-mail in
> Corporate Exchange server ( I thought this could be achieved by
> setting CC field in the e-mail, but it seems I was wrong).

http://www.postfix.org/postconf.5.html#sender_bcc_maps
containing:
genericuser@domain  user1@domain

> Is postfix able to do this? If not, is there any other app to do
> that?

This is only going to work if the sender is always the same, but 
perhaps you can come up with a mapping which will meet your needs. If 
not, you might be stuck with going back to the software vendor and 
demanding value for your money already spent. (Good luck with that! 
They already have your money!)

> Thank you very much. I hope to have explained better myself.

There was no mention in this post about the senders and recipients 
changing; you consistently used the same four example addresses. So we 
could only assume the problem only involved those addresses.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: OT: Yahoo spam load (was: Dead Destination configuration)

[/dev/rob0]

[not entirely OT, but leaving the subject unchanged]

On Sunday 04 December 2011 04:59:45 Steve wrote:
> > Von: Steve Fatula 
> > >I wish there was a chart for spam sent FROM yahoo. 99% of
> > >our spam comes from yahoo (that gets through postscreen).
> 
> On my end it is hotmail. Anyway postscreen is as good as you
> configure and use it. There is IMHO no universal valid conclusion
> about quality when you write "that goes through postscreen".

The point about "gets through postscreen" probably was that it's not 
safe nor easy to try to block spammer-controlled freemail accounts 
through postscreen. In postscreen, there is no difference between 
freemail spam and real mail from freemail users.

The only reasonable pre-DATA approach to freemail-origin spam is to 
use check_sender_access in smtpd against a list of known bad accounts.

Creation and maintenance of such a list would be a very big chore. 
ISTR someone having attempted to publish a list like this, but it is 
certain to be far from complete, as spammers are signing up new 
accounts and compromising existing credentials all the time. It's 
likewise sure to be a high-maintenance task, since when people find 
that their freemail account has been cracked, they are likely to 
change the password and thus at least temporarily stop the abuse.

> IMHO there is a reason for content filters. They are able to catch
> those remaining messages passing such filter types like
> postscreen. From the viewpoint of such filters (like postscreen)
> the mail coming from yahoo (or in my case hotmail) are legitimate
> since they are coming from the proper sources, obey EHLO/HELO
> delays, are often digitally signed, are in no blacklist, etc...

Exactly the point the other Steve was making.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: OT: Yahoo spam load

[Noel Jones]

On 12/4/2011 2:15 PM, /dev/rob0 wrote:
> The point about "gets through postscreen" probably was that it's not 
> safe nor easy to try to block spammer-controlled freemail accounts 
> through postscreen. In postscreen, there is no difference between 
> freemail spam and real mail from freemail users.
> 
> The only reasonable pre-DATA approach to freemail-origin spam is to 
> use check_sender_access in smtpd against a list of known bad accounts.


I've been using the clamav-milter along with the Sanesecurity add-on
spam signatures to reject quite a bit of the freemail garbage.

YYMV and all that, but I've found clamav+Sanesecurity safe and
effective.

http://www.clamav.net
http://sanesecurity.com/



  -- Noel Jones

SMTP hangs when MySQL is down

[Sebastian Wiesinger]

Hi,

I'm using Postfix with MySQL via proxy:mysql maps. The documentation
states that mails should get deferred if no mysql server is reachable.

However when I shut down MySQL, SMTP transaction freeze after I enter
the "MAIL FROM:<...>" statement.

Any ideas how I can change that? There seems to be no timeout, I left
the SMTP dialog open for a few minutes at least.

The logfile shows:

postfix/proxymap[2160]: warning: connect to mysql server localhost: Can't 
connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
postfix/trivial-rewrite[2159]: fatal: 
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf(0,lock|fold_fix): 
table lookup problem
postfix/master[30733]: warning: process /usr/lib/postfix/trivial-rewrite pid 
2159 exit status 1
postfix/trivial-rewrite[2161]: fatal: 
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf(0,lock|fold_fix): 
table lookup problem
postfix/smtpd[1372]: warning: problem talking to service rewrite: Success
postfix/master[30733]: warning: process /usr/lib/postfix/trivial-rewrite pid 
2161 exit status 1
postfix/master[30733]: warning: /usr/lib/postfix/trivial-rewrite: bad command 
startup -- throttling


postfix is Debian Version 2.7.1-1+squeeze1

postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix/html
inet_interfaces = 127.0.0.1, [::1], x.x.x.x
inet_protocols = ipv4, ipv6
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = mx.example.com, localhost.example.com, localhost
myhostname = mx.example.com
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = proxy:mysql:$config_directory/sql/mysql_relay_domains_maps.cf
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/certs/my.crt
smtpd_tls_key_file = /etc/ssl/private/my.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,  
 proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,   
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_gid_maps = static:8
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = 
proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = 
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,   
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_minimum_uid = 101
virtual_transport = dovecot-sa
virtual_uid_maps = static:111


-- 
New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant

Re: SMTP hangs when MySQL is down

[Reindl Harald]

Am 05.12.2011 01:34, schrieb Sebastian Wiesinger:
> I'm using Postfix with MySQL via proxy:mysql maps. The documentation
> states that mails should get deferred if no mysql server is reachable

yes, on the delivering server

if your configuration is mysql-based and mysqld is down
your server must not accept messages because missing
the list of valid RCPT

a replication slave would be a good idea

so you can receive the messages even if your backends are
a mysql storage because the received messages will be deferred
in this case locally and the sender gets a 250 OK




signature.asc
Description: OpenPGP digital signature

Re: OT: Yahoo spam load

[Sahil Tandon]

On Sun, 2011-12-04 at 17:06:02 -0600, Noel Jones wrote:

> On 12/4/2011 2:15 PM, /dev/rob0 wrote:
> > The point about "gets through postscreen" probably was that it's not
> > safe nor easy to try to block spammer-controlled freemail accounts
> > through postscreen. In postscreen, there is no difference between
> > freemail spam and real mail from freemail users.
> > 
> > The only reasonable pre-DATA approach to freemail-origin spam is to
> > use check_sender_access in smtpd against a list of known bad
> > accounts.
> 
> I've been using the clamav-milter along with the Sanesecurity add-on
> spam signatures to reject quite a bit of the freemail garbage.

+1, FWIW.

-- 
Sahil Tandon

Re: SMTP hangs when MySQL is down

[Sahil Tandon]

On Mon, 2011-12-05 at 01:34:17 +0100, Sebastian Wiesinger wrote:

> I'm using Postfix with MySQL via proxy:mysql maps. The documentation
> states that mails should get deferred if no mysql server is reachable.
> 
> However when I shut down MySQL, SMTP transaction freeze after I enter
> the "MAIL FROM:<...>" statement.
> 
> Any ideas how I can change that? There seems to be no timeout, I left
> the SMTP dialog open for a few minutes at least.

Do not use SQL in virtual_mailbox_domains[1]; instead, set the latter to
a regular list.  Then, even when MySQL is down, Postfix will defer mail
with 4.3.0 instead of appearing to freeze.

[1] Actually, you should avoid using SQL or LDAP for any tables used by
the trivial-rewrite(8) daemon.  For context, see:

http://article.gmane.org/gmane.mail.postfix.user/209024
http://article.gmane.org/gmane.mail.postfix.user/168112
http://article.gmane.org/gmane.mail.postfix.user/140543

-- 
Sahil Tandon