Re: continous attempted connection/timeouts after ehlo
Am 25.08.2012 07:09, schrieb li...@sbt.net.au: > just noticed I have large increase in smtp connections, looking at logs I > noticed a single ip continuous attempting connection, searching for that > IP in maillog I see like; > > is this like a mail attack..? > > Aug 25 14:11:36 postfix/anvil[32254]: statistics: max connection rate > 80/60s for (smtp:203.125.143.198) at Aug 25 14:01:42 Singapore? most likely an attack there is no need to get notified because you can rate-control anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limi = 50 inetnum:203.125.143.196 - 203.125.143.199 netname:LSHMGT-SG descr: LSH MANAGEMENT SERVICES PTE LTD descr: 7 SHENTON WAY #01-02 descr: SINGAPORE CONFERENCE HALL descr: Singapore 068810 country:SG admin-c:PK12-AP tech-c: SH9-AP status: ASSIGNED NON-PORTABLE notify: hostmas...@singnet.com.sg mnt-by: MAINT-SG-SINGNET mnt-irt:IRT-SINGNET-SG changed:hostmas...@singnet.com.sg 20110106 source: APNIC signature.asc Description: OpenPGP digital signature
Re: exceptions for smtpd_end_of_data_restrictions
- Message from Noel Jones - Date: Fri, 24 Aug 2012 23:49:25 -0500 From: Noel Jones Reply-To: postfix users Subject: Re: exceptions for smtpd_end_of_data_restrictions To: postfix-users@postfix.org On 8/24/2012 11:10 PM, an...@isac.gov.in wrote: - Message from Noel Jones - Date: Wed, 22 Aug 2012 06:31:10 -0500 From: Noel Jones Reply-To: postfix users Subject: Re: exceptions for smtpd_end_of_data_restrictions To: postfix-users@postfix.org On 8/22/2012 2:14 AM, an...@isac.gov.in wrote: Dear List, I have this in my main.cf smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:9998 This basically checks for mail size and allows/not allows a mail based on contents of a file. Is there a way to say, not to use this policy service, based on some headers of a mail? You can skip the policy based on envelope information by using a check_*_access map before the policy check. You could also likely do this inside the policy server itself. You cannot skip it based on headers. -- Noel Jones Thanks for your inputs.You are all experts, please share some ideas with me to solve my problem. I have described the requirement in detail as below. Let me explain my current setup and my real requirement. I have a front end for accessing and sending mail (say server A). All mails sent from this (server A) are directed to another server (say server B) for virus/spam check using Amavisd. If the mails are addressed to any internet domain other than ours, mails get forwarded to Server C, else mails are delivered locally. A (Front End Mail) -> B (Virus/Spam scanner) -> C (for delivering to Internet). At server B (for local delivery of mails) we have a size limit of 30 MB. At Server C (for delivery to Internet ) we have a size limit of 30 MB, but using policyd feature of Postfix (at smtpd_end_of_data_restrictions), by default we are restricting to 2 MB and based on the contents of a data file (which is manually edited as and when required) which contains Sender address and allowed size, mails get get delivered to outside domains having higher size. Now, I have been asked to develop another front end at same level as Server A (say server D), to enable users to send mails of large size to Internet users, such that, once a mail is composed and submitted for approval, Based on the content, I can approve or disapprove. Once approved, it should go through Server B and finally server C to get delivered to outside domains. My problem lies at Server C where I am running a policy for sending outside mails. How does that mail be allowed without even looking at policy (exception for policy). Please provide guidance or any other alternative strategy to achieve the requirement. But, it is must that, mail should go through the virus scan. Regards, Anant. Have D submit mail to a dedicated amavisd port on B, which can then submit to a separate port on C with no policy. See amavisd docs about listening on multiple ports, policy banks, etc. For the postfix changes on C, the lazy solution is set up another smtpd listener in master.cf with empty smtpd_end_of_data_restrictions; the better full-featured solution is a separate postfix instance giving full control with separate queue, logging, and stats. -- Noel Jones Thanks. I think, this is the only option. I need to work on this. Thanks. Regards, Anant. - End message from Noel Jones - -- Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. --
Interim NDR
Hi, is it possible to configure Postfix to send an interim non-delivery report? I'm using the default settings so Postfix will try to deliver a mail for 5 days. So if a mail fails to get sent users are only informed after 5 days. I would like to configure Postfix to send a mail after e.g. 4 hours that the delivery has failed and that the system will try to send the message for another 5 days. Is this possible? Rgds, N.
Re: Interim NDR
> I would like to configure Postfix to send a mail after >e.g. 4 hours that the delivery has failed and that the system will try >to send the message for another 5 days. Is this possible? Considering how incredibly annoying those messages were when sendmail used to send them, I hope not. R's, John
Re: Interim NDR
* Nick Rosier : > is it possible to configure Postfix to send an interim non-delivery > report? I'm using the default settings so Postfix will try to deliver > a mail for 5 days. So if a mail fails to get sent users are only > informed after 5 days. I would like to configure Postfix to send a > mail after e.g. 4 hours that the delivery has failed and that the > system will try to send the message for another 5 days. > Is this possible? delay_warning_time = 4h -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Interim NDR
Ralf Hildebrandt wrote: >* Nick Rosier : > >> is it possible to configure Postfix to send an interim non-delivery >> report? > >delay_warning_time = 4h Is there a way to warn postmaster/admin of such? at the moment, i go 'mailq' and check \queuegraph few times daily to watch for potential problems, what can one do get notified of such potential issues ? -- Sent from my moom with K-9 Mail. Please excuse my brevity.
Re: continous attempted connection/timeouts after ehlo
On Sat, August 25, 2012 7:37 pm, Reindl Harald wrote: > Am 25.08.2012 07:09, schrieb li...@sbt.net.au: > most likely an attack > there is no need to get notified because you can rate-control > anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limi = 50 Reindl, thanks how do I monitor to see if it 'kicked in' and from whom ?
Re: continous attempted connection/timeouts after ehlo
On Sat, August 25, 2012 7:37 pm, Reindl Harald wrote: > Am 25.08.2012 07:09, schrieb li...@sbt.net.au: > most likely an attack > there is no need to get notified because you can rate-control > anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limi = 50 Reindl, thanks how do I monitor to see if it 'kicked in' and from whom ? (sorry, hit 'send too quick) is it a 'good idea' to firewall block such when they're from unresolvable host like this ? Host 50.112.115.27.in-addr.arpa. not found: 3(NXDOMAIN) # grep "max connection rate" /var/log/maillog Aug 26 03:45:43 geko postfix/anvil[19189]: statistics: max connection rate 28/1800s for (smtp:27.115.112.50) at Aug 26 03:40:49 ... Aug 26 04:35:43 geko postfix/anvil[19189]: statistics: max connection rate 22/1800s for (smtp:27.115.112.50) at Aug 26 04:35:12 Aug 26 04:45:43 geko postfix/anvil[19189]: statistics: max connection rate 28/1800s for (smtp:27.115.112.50) at Aug 26 04:41:50
Re: continous attempted connection/timeouts after ehlo
Am 26.08.2012 00:29, schrieb li...@sbt.net.au: > On Sat, August 25, 2012 7:37 pm, Reindl Harald wrote: >> Am 25.08.2012 07:09, schrieb li...@sbt.net.au: > >> most likely an attack >> there is no need to get notified because you can rate-control >> anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limi = 50 > > Reindl, thanks > > how do I monitor to see if it 'kicked in' and from whom ? watch your maillog > (sorry, hit 'send too quick) > > is it a 'good idea' to firewall block such when they're from unresolvable > host like this ? > > Host 50.112.115.27.in-addr.arpa. not found: 3(NXDOMAIN) depends on your business i tend to do so at least for some days signature.asc Description: OpenPGP digital signature
Re: Interim NDR
Voytek: [ Charset UTF-8 unsupported, converting... ] > > > Ralf Hildebrandt wrote: > >* Nick Rosier : > > > >> is it possible to configure Postfix to send an interim non-delivery > >> report? > > > >delay_warning_time = 4h > > Is there a way to warn postmaster/admin of such? > at the moment, i go 'mailq' and check \queuegraph few times daily > to watch for potential problems, what can one do get notified of > such potential issues ? Yes, if you really want to. However I haven't used this code since it was written many years ago. Let me know if it still works. Wietse notify_classes (default: resource, software) The list of error classes that are reported to the postmaster. ... delay Send the postmaster copies of the headers of delayed mail. The notification is sent to the address specified with the delay_notice_recipient configuration parameter (default: post- master).
Re: high-speed postfix configuration
On 8/24/2012 10:05 AM, Mike Mitchell wrote: > > On Aug 24, 2012, at 8:11 AM, francis picabia wrote: >> On Thu, Aug 23, 2012 at 1:33 PM, Mike Mitchell wrote: >>> I am attempting to configure a postfix server to handle really high-speed >>> mail delivery. This means I'll be sending (via Java API) potentially tens >>> of thousands as fast as possible (speed matters in this >>> case--emergency-type messages--so 10,000 a minute is desirable), to >>> unpredictable domains. It's likely that in many cases most of the messages >>> will all be going to the same domain, but I won't know what these domains >>> are in advance, and there will always be a decent percentage going to very >>> diverse domains at the same time. >>> >> By the sounds of it, this is an attempt to make email into something it is >> not. >> Email does not do instant messaging. If you need to do emergency broadcasts, >> time sensitive stock purchases, etc., email is not the vehicle for it. > > As I told Francis privately, there are many business reasons for needing this > which are not immediately evident unless you've been in the business > continuity/emergency management industry for some time. If anyone else is > interested in these, I'm happy to explain privately, as well. But the need > to do this is legitimate, and there are currently no better solutions to > large-scale private communications today, including SMS and phone (smartphone > apps have some promise of greater scalability and immediacy, but do not have > the necessary footprint). Many of us understand Mike. One example: There are hundreds of universities in the U.S. with over 10K students, dozens with over 40K students. In the wake of the Virginia Tech shootings people were screaming why something like this wasn't already implemented. I'd bet many unis have now done so. Yes, there are absolutely all kinds of situations where a system like this is needed, and you shouldn't have to explain/justify it to anyone here. Did you get a chance to digest my suggestions on this yet? I gave you nearly everything you need to know implement this with Postfix, sans rewriting the JAVA app for parallel submission. -- Stan
