Re: postfix-2.11 stable release candidate available
Zitat von wie...@porcupine.org: Postfix 2.11.0 stable release candidate 1 is uploaded to ftp.porcupine.org and will appear on mirror sites in the next 24 hours. 2.11x is running here on different hosts without problems. Andreas
relay mail - smtp_generic_maps
Hi, i want be able to relay mail sent by all of postfix server users. I try do it by smtp_generic_maps. My generic file is: " /.*/myrelaym...@domain.com " my problem is that rewriting is also recipient addres so the mails is send to myrelaym...@domain.com. I know that i can set generic file: " @domain1local myrelaydom...@domain.com @domain2local myrelaydom...@domain.com " and everything is fine, but i want be able to add new domain withouth modification generic file. How can i do it? -- View this message in context: http://postfix.1071664.n5.nabble.com/relay-mail-smtp-generic-maps-tp64189.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: relay mail - smtp_generic_maps
On 1/8/2014 8:31 AM, pgala wrote: > Hi, > > i want be able to relay mail sent by all of postfix server users. I try do > it by smtp_generic_maps. > My generic file is: > " > /.*/myrelaym...@domain.com > " > > my problem is that rewriting is also recipient addres so the mails is send > to myrelaym...@domain.com. > > I know that i can set generic file: > " > @domain1local myrelaydom...@domain.com > @domain2local myrelaydom...@domain.com > " > and everything is fine, but i want be able to add new domain withouth > modification generic file. How can i do it? Generic maps must be told which addresses to rewrite. You can't use a .* wildcard. You may be able to use a Makefile to adjust multiple postfix settings when a "domain" list is updated. -- Noel Jones
Re: relay mail - smtp_generic_maps
but when i use generic file rewriting is field "mail from" and "recipient". I want disabled recipient rewriting and rewrite only field "mail from". Is it possible? .* wildcard is ok when i use regexp, i tested it. -- View this message in context: http://postfix.1071664.n5.nabble.com/relay-mail-smtp-generic-maps-tp64189p64191.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: relay mail - smtp_generic_maps
pgala: > but when i use generic file rewriting is field "mail from" and "recipient". I > want disabled recipient rewriting and rewrite only field "mail from". Is it > possible? > .* wildcard is ok when i use regexp, i tested it. The use case of smtp_generic_maps is to replace all "internal" addresses, whether they are sender or (carbon-copy) recipient, with "external" addresses. Quote from the generic(5) manpage: Typically, one would use the generic(5) table on a system that does not have a valid Internet domain name and that uses something like localdo- main.local instead. The generic(5) table is then used by the smtp(8) client to transform local mail addresses into valid Internet mail addresses when mail has to be sent across the Internet. See the EXAM- PLE section at the end of this document. What is your use case to replace lots of unrelated domain names with one external domain name? Wietse
canonical maps
hi, I have the following problem coming from sendmail: This is how it is set up in virtusertable: @domain.nl %1...@otherdomain.nl us...@domain.nl localuser1 us...@domain.nl localuser2 us...@domain.nl localuser3 I am using postfixadmin and the local users are working. But how do I forward all the other mail? I understand I can do that for a complete domain using canonical_maps option but does it work together with local virtual users? Thanks, Roger
Re: canonical maps
R. Berger: > hi, > > I have the following problem coming from sendmail: > This is how it is set up in virtusertable: > @domain.nl %1...@otherdomain.nl > us...@domain.nl localuser1 > us...@domain.nl localuser2 > us...@domain.nl localuser3 If you can explain what the above means for Sendmail, then someone can try to show how to do the same in Postfix. I suspect that you want to use Postfix virtual_alias_maps instead of canonical_maps. If the equivalent is this (in terms of hash: files): /etc/postfix/main.cf: virtual_alias_maps = hash:/etc/postfix/virtual ... /etc/postfix/virtual us...@domain.nl localus...@example.com us...@domain.nl localus...@example.com us...@domain.nl localus...@example.com @domain.nl @otherdomain.nl Then you are accepting mail with non-existent recipient addresses and forwarding it to otherdomain.nl. That is bad. Such mail will bounce and you become a backscatter source. Instead, use this: /etc/postfix/main.cf: virtual_alias_maps = hash:/etc/postfix/virtual ... virtual_alias_domains = otherdomain.nl ... /etc/postfix/virtual us...@domain.nl localus...@example.com us...@domain.nl localus...@example.com us...@domain.nl localus...@example.com That will reject mail for users that you haven't defined. Wietse > I am using postfixadmin and the local users are working. > But how do I forward all the other mail? I understand I can do that for > a complete domain using canonical_maps option but does it work together > with local virtual users? > > Thanks, > Roger > > >
Re: canonical maps
Wietse Venema schreef op 8-1-2014 20:20: R. Berger: hi, I have the following problem coming from sendmail: This is how it is set up in virtusertable: @domain.nl %1...@otherdomain.nl us...@domain.nl localuser1 us...@domain.nl localuser2 us...@domain.nl localuser3 If you can explain what the above means for Sendmail, then someone can try to show how to do the same in Postfix. I suspect that you want to use Postfix virtual_alias_maps instead of canonical_maps. If the equivalent is this (in terms of hash: files): /etc/postfix/main.cf: virtual_alias_maps = hash:/etc/postfix/virtual ... /etc/postfix/virtual us...@domain.nllocalus...@example.com us...@domain.nllocalus...@example.com us...@domain.nllocalus...@example.com @domain.nl @otherdomain.nl Then you are accepting mail with non-existent recipient addresses and forwarding it to otherdomain.nl. That is bad. Such mail will bounce and you become a backscatter source. Instead, use this: /etc/postfix/main.cf: virtual_alias_maps = hash:/etc/postfix/virtual ... virtual_alias_domains = otherdomain.nl ... /etc/postfix/virtual us...@domain.nl localus...@example.com us...@domain.nl localus...@example.com us...@domain.nl localus...@example.com That will reject mail for users that you haven't defined. Wietse It's not exactly a catchall. @domain.nl%1...@otherdomain.nl means that somen...@domain.nl is send to somen...@otherdomain.nl So if there is no catchall for otherdomain.nl there is no catchall for domain.nl both domains are local btw. So basically you have 3 local users which are directly connected to domain.nl and the rest has to be forwarded to another domain if the username in front of the @ exists. I am using postfixadmin and the local users are working. But how do I forward all the other mail? I understand I can do that for a complete domain using canonical_maps option but does it work together with local virtual users? Thanks, Roger
Re: canonical maps
R. Berger: > It's not exactly a catchall. > @domain.nl%1...@otherdomain.nl > means that somen...@domain.nl is send to somen...@otherdomain.nl I wrote that you will accept mail for non-existent recipients in otherdomain.nl. That is bad. Your system will be sending backscatter mail to innocent people. Wietse
Re: canonical maps
Wietse Venema schreef op 8-1-2014 20:47: R. Berger: It's not exactly a catchall. @domain.nl%1...@otherdomain.nl means that somen...@domain.nl is send to somen...@otherdomain.nl I wrote that you will accept mail for non-existent recipients in otherdomain.nl. That is bad. Your system will be sending backscatter mail to innocent people. Wietse Why is that? Otherdomain has 29 users In sendmail, when I use "@domain.nl %1...@otherdomain.nl" domain.nl wil automatically have 29 users also. If there is a mail send to n...@domain.nl and n...@otherdomain.nl does not exist, it will be rejected. In postfixadmin this will be a domain alias but that isn't working with local virtual users. Roger
Re: canonical maps
R. Berger: > > R. Berger: > >> It's not exactly a catchall. > >> @domain.nl%1...@otherdomain.nl > >> means that somen...@domain.nl is send to somen...@otherdomain.nl > > I wrote that you will accept mail for non-existent recipients in > > otherdomain.nl. > > That is bad. > > Your system will be sending backscatter mail to innocent people. > Why is that? Because you never explained what the Sendmail configuration does. With Postfix you will have to enumerate all 29 recipients. Wietse
transport rule question
Hi, For reasons beyond my control, one of the hosts we need to relay to is occasionally dropping out of dns. We relay to it based on an ldap map which returns: relay:[office365relay.clarku.edu] That host is a CNAME for an external vendor. It's not hard to guess which one. When it drops out, the message bounces: Jan 8 13:50:28 mothra.clarku.edu postfix/smtp[27291]: E1614684CCD: to=, relay=none, delay=0.18, delays=0.06/0.03/0.1/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=office365relay.clarku.edu type=A: Host not found) I'd prefer it to defer. I'm not sure why it's not deferring - is it the relay: line, or the [] enclosure, or something else? Thanks for your time, Aaron --- Aaron Bennett Manager of Systems Administration Clark University ITS W:508.793.7315
Re: canonical maps
Wietse Venema schreef op 8-1-2014 21:46: R. Berger: R. Berger: It's not exactly a catchall. @domain.nl%1...@otherdomain.nl means that somen...@domain.nl is send to somen...@otherdomain.nl I wrote that you will accept mail for non-existent recipients in otherdomain.nl. That is bad. Your system will be sending backscatter mail to innocent people. Why is that? Because you never explained what the Sendmail configuration does. With Postfix you will have to enumerate all 29 recipients. Wietse OK, sorry about that. Anyway thanks a lot and thanks for the excellent software!
Re: transport rule question
Aaron Bennett: > Hi, > > For reasons beyond my control, one of the hosts we need to relay > to is occasionally dropping out of dns. We relay to it based on > an ldap map which returns: > > relay:[office365relay.clarku.edu] > > That host is a CNAME for an external vendor. It's not hard to guess which > one. > > When it drops out, the message bounces: > Jan 8 13:50:28 mothra.clarku.edu postfix/smtp[27291]: E1614684CCD: > to=, relay=none, delay=0.18, delays=0.06/0.03/0.1/0, > dsn=5.4.4, status=bounced (Host or domain name not found. Name > service error for name=office365relay.clarku.edu type=A: Host not > found) > > I'd prefer it to defer. I'm not sure why it's not deferring - is > it the relay: line, or the [] enclosure, or something else? Postfix would defer when it receives no DNS reply. Postfix bounces because the DNS server replies that this DNS record DOES NOT EXIST. To work around, use soft_bounce=yes and watch your queue carefully for mail piling up. Wietse
RE: transport rule question
> -Original Message- > From: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] On Behalf Of Wietse Venema > Sent: Wednesday, January 8, 2014 4:13 PM > To: Postfix users > Subject: Re: transport rule question > Postfix would defer when it receives no DNS reply. > > Postfix bounces because the DNS server replies that this DNS > record DOES NOT EXIST. > > To work around, use soft_bounce=yes and watch your queue > carefully for mail piling up. > > Wietse Thanks, Wietse. I don't want soft_bounce=yes for everything so I'll probably created a dedicated transport for that host. Does that seem reasonable? -Aaron
Re: transport rule question
Aaron Bennett: > > Postfix bounces because the DNS server replies that this DNS > > record DOES NOT EXIST. > > > > To work around, use soft_bounce=yes and watch your queue > > carefully for mail piling up. > > Thanks, Wietse. I don't want soft_bounce=yes for everything so > I'll probably created a dedicated transport for that host. Does > that seem reasonable? I agree. A dedicated "smtp" transport with "-o soft_bounce=yes" allows you to make the workaround specific for this destination. You'll still want to watch the queue, but if these outages are temporary, the problem will resolve itself as Postfix retries deliveries. Wietse
Re: transport rule question
On Wed, Jan 08, 2014 at 09:02:17PM +, Aaron Bennett wrote: > For reasons beyond my control, one of the hosts we need to relay > to is occasionally dropping out of dns. We relay to it based on > an ldap map which returns: > > relay:[office365relay.clarku.edu] > > That host is a CNAME for an external vendor. It's not hard to > guess which one. office365relay.clarku.edu. IN CNAME clarku-edu.mail.protection.outlook.com. clarku-edu.mail.protection.outlook.com. 10 IN A 207.46.163.170 clarku-edu.mail.protection.outlook.com. 10 IN A 207.46.163.215 clarku-edu.mail.protection.outlook.com. 10 IN A 207.46.163.247 clarku-edu.mail.protection.outlook.com. 10 IN A 207.46.163.138 Ah yes, the same "carefully implemented" nameservers that mishandle TLSA queries with DANE (TLSA is DNS record type 52): $ dig +noall +comment +ans +norecur -t TYPE52 \ _25._tcp.clarku-edu.mail.protection.outlook.com. \ @ns1-proddns.glbdns.o365filtering.com. ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOTIMP, id: 38293 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 while the same query with type "any": $ dig +norecurse +noall +comment +ans -t any \ _25._tcp.clarku-edu.mail.protection.outlook.com. \ @ns1-proddns.glbdns.o365filtering.com. ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58105 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 correctly returns NXDOMAIN. Have you found out whose DNS erroneously returns NXDOMAIN from time to time? Does the CNAME occasionally disappear (clarku.edu's fault) or the A record go away now and then, (problem at hosting provider?) > When it drops out, the message bounces: > Jan 8 13:50:28 mothra.clarku.edu postfix/smtp[27291]: E1614684CCD: > to=, relay=none, delay=0.18, delays=0.06/0.03/0.1/0, > dsn=5.4.4, status=bounced (Host or domain name not found. Name > service error for name=office365relay.clarku.edu type=A: Host not found) Re-configure you transport tables to bypass the CNAME: transport: clarku.edu smtp:[clarku-edu.mail.protection.outlook.com] That'll reveal whether the problem is with the CNAME or the backend A record. > I'd prefer it to defer. I'm not sure why it's not deferring - > is it the relay: line, or the [] enclosure, or something else? To defer after NXDOMAIN, you need soft_bounce. Use a dedicated transport for that. -- Viktor.
Re: transport rule question
On Wed, Jan 08, 2014 at 09:44:15PM +, Aaron Bennett wrote: > Thanks, Wietse. I don't want soft_bounce=yes for everything so > I'll probably created a dedicated transport for that host. Does > that seem reasonable? You'll also have messages addressed to invalid recipients (if any) queued up and retried periodically rather than bounced quickly. There is IIRC not yet a way to soft bounce just address lookup errors. -- Viktor.
Re: transport rule question
Viktor Dukhovni: > On Wed, Jan 08, 2014 at 09:44:15PM +, Aaron Bennett wrote: > > > Thanks, Wietse. I don't want soft_bounce=yes for everything so > > I'll probably created a dedicated transport for that host. Does > > that seem reasonable? > > You'll also have messages addressed to invalid recipients (if any) > queued up and retried periodically rather than bounced quickly. > There is IIRC not yet a way to soft bounce just address lookup > errors. Postfix already has a feature that substitutes remote SMTP server replies (smtp_reply_filter). Maybe it's possible to implement a similar substitution for DNS server responses. If we want to use a regexp-based approach that requires a conversion from DNS reply to text. The text is then transformed by the filter, and then converted back to DNS response. I'm not recommending we do DNS -> XML + XPATH -> DNS. Wietse
Re: transport rule question
On Wed, Jan 08, 2014 at 05:31:37PM -0500, Wietse Venema wrote: > Postfix already has a feature that substitutes remote SMTP server > replies (smtp_reply_filter). > > Maybe it's possible to implement a similar substitution for DNS > server responses. If we want to use a regexp-based approach that > requires a conversion from DNS reply to text. The text is then > transformed by the filter, and then converted back to DNS response. > > I'm not recommending we do DNS -> XML + XPATH -> DNS. I'd prefer to not go there at this time. The OP can put the hostname in question into /etc/hosts, and update that via periodic DNS lookups (which are NOPs when they fail). Then use a transport with smtp_host_lookup=native. This would work quite well if the C-library supports multiple A records for the same name in /etc/hosts as with say various Linux systems that have: $ cat /etc/host.conf multi on An hourly cron job can keep the hosts entries for the fragile CNAME up to date. -- Viktor.
Puzzling problem
I'm working on a website (as a volunteer - www.vvfh.org), and I have a problem sending mail from a web form. Unfortunately, this is on one of those cloud server deals where I have very little access for troubleshooting purposes. I put the files (the script and the contact page) on another server that I control so I could see what the error messages were, but the form worked fine there. Here's what's happening. When I fill out the form and click on Submit, the script returns a success message but I never receive the mail. I'm sending the mail to an account on the server I control. The cloud hosting setup is saying the mail is delivered successfully, but it's not. Looking at the logs on the receiving server (postfix 2.10.2 on FreeBSD 8.3), the mail is being bounced, but the bounce makes no sense to me at all. Here's a snippet from the mail log: Jan 9 02:49:24 mail postfix/policyd-weight[29824]: child: spawned Jan 9 02:49:26 mail postfix/policyd-weight[29824]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 HELO_IP_IN_CL16_SUBNET=-0.41 (check from: .hostzilla. - helo: .a.free.hostzilla. - helo-domain: .hostzilla.) FROM/MX_MATCHES_UNVR_HELO(DOMAIN)_OR_CL_NAME(DOMAIN)=-1.5 RESOLVED_IP_IS_NOT_HELO=1.5 FROM_MULTIPARTED=1.09; ; rate: -3.82 Jan 9 02:49:26 mail postfix/policyd-weight[29824]: decided action=PREPEND X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 HELO_IP_IN_CL16_SUBNET=-0.41 (check from: .hostzilla. - helo: .a.free.hostzilla. - helo-domain: .hostzilla.) FROM/MX_MATCHES_UNVR_HELO(DOMAIN)_OR_CL_NAME(DOMAIN)=-1.5 RESOLVED_IP_IS_NOT_HELO=1.5 FROM_MULTIPARTED=1.09; rate: -3.82; ; delay: 2s Jan 9 02:49:26 mail postfix/smtpd[29823]: 3D42D2F173C: client=unknown[67.227.164.146] Jan 9 02:49:26 mail postfix/cleanup[29825]: 3D42D2F173C: message-id= Jan 9 02:49:26 mail postfix/qmgr[5989]: 3D42D2F173C: from=, size=1633, nrcpt=1 (queue active) Jan 9 02:49:26 mail postfix/smtpd[29823]: disconnect from unknown[67.227.164.146] Jan 9 02:49:32 mail postfix/pipe[29826]: 3D42D2F173C: to=, relay=filter, delay=7.8, delays=1.8/0.01/0/5.9, dsn=5.3.0, status=bounced (Command died with status 1: "/usr/local/bin/filter.sh". Command output: Jan 9 02:49:28.913 [29829] warn: netset: cannot include 127.0.0.0/32 as it has already been included Jan 9 02:49:28.913 [29829] warn: netset: illegal network address given: '216.58.158.271' rm: out.29827: No such file or directory ) Jan 9 02:49:32 mail postfix/cleanup[29825]: 3B3E82F176C: message-id=<20140109024932.3b3e82f1...@mail.stovebolt.com> Jan 9 02:49:32 mail postfix/qmgr[5989]: 3B3E82F176C: from=<>, size=3973, nrcpt=1 (queue active) Jan 9 02:49:32 mail postfix/bounce[29835]: 3D42D2F173C: sender non-delivery notification: 3B3E82F176C Jan 9 02:49:32 mail postfix/qmgr[5989]: 3D42D2F173C: removed Jan 9 02:49:32 mail postfix/smtp[29795]: 3B3E82F176C: to=, relay=a.free.hostzilla.ws[67.227.165.253]:25, delay=0.24, delays=0.04/0/0.16/0.04, dsn=5.0.0, status=bounced (host a.free.hostzilla.ws[67.227.165.253] said: 550-You do not have sufficient privileges to send mail to this address. Please 550 authenticate and try again. (in reply to RCPT TO command)) Jan 9 02:49:32 mail postfix/qmgr[5989]: 3B3E82F176C: removed So the mail is accepted by postfix and handed off to filter.sh where it's bounced back with the message "550-You do not have sufficient privileges to send mail to this address. Please 550 authenticate and try again. (in reply to RCPT TO command))" Huh? The mail is being sent TO a legitimate address from a "foreign" server. Unless it's rejected as spam, it should be delivered. I don't get it. What am I missing? If needed I can post the postconf -n results. Other mail from "foreign" hosts is being delivered properly. For example: Jan 9 04:05:30 mail postfix/postscreen[35241]: CONNECT from [129.110.180.40]:23138 to [216.58.158.171]:25 Jan 9 04:05:36 mail postfix/postscreen[35241]: PASS NEW [129.110.180.40]:23138 Jan 9 04:05:36 mail postfix/smtpd[35245]: warning: database /usr/local/mailman/data/aliases.db is older than source file /usr/local/mailman/data/aliases Jan 9 04:05:36 mail postfix/smtpd[35245]: connect from ip-001.utdallas.edu[129.110.180.40] Jan 9 04:05:36 mail postfix/smtpd[35245]: Anonymous TLS connection established from ip-001.utdallas.edu[129.110.180.40]: TLSv1 with cipher RC4-SHA (128/128 bits) Jan 9 04:05:37 mail postfix/policyd-weight[29824]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_FROM_MX=-3.1; ; rate: -7.6 Jan 9 04:05:37 mail postfix/policyd-weight[29824]: decided action=PREPEND X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_FROM_MX=-3.1; rate: -7.6; ; delay: 1s Jan 9 04:05:37 mail postfix/smtpd[35245]: C27AB2F1513: client=ip-001.utdallas.edu[129.110.180.40] Jan
Re: Puzzling problem
Paul, First thing that caught my eye, is it looks like the reason for the bounce was the filter shell script died: Command died with status 1: "/usr/local/bin/filter.sh". Command output: Jan 9 02:49:28.913 [29829] warn: netset: cannot include 127.0.0.0/32 as it has already been included Jan 9 02:49:28.913 [29829] warn: netset: illegal network address given: '216.58.158.271' rm: out.29827: No such file or directory That is based on this line in your logs: Jan 9 02:49:32 mail postfix/pipe[29826]: 3D42D2F173C: to=, relay=filter, delay=7.8, delays=1.8/0.01/0/5.9, dsn=5.3.0, status=bounced (Command died with status 1: "/usr/local/bin/filter.sh". Command output: Jan 9 02:49:28.913 [29829] warn: netset: cannot include 127.0.0.0/32 as it has already been included Jan 9 02:49:28.913 [29829] warn: netset: illegal network address given: '216.58.158.271' rm: out.29827: No such file or directory ) Does the email send with that filter removed for testing, if possible? It really looks like it is dying in the Filter.sh script, based on the logs you are showing. Since I don't know what that shell script is doing, I can't say much on it, but an educated guess is there is something being injected into the headers of the email message that your filter script doesn't like. Regards, Seann On 1/8/2014 10:11 PM, Paul Schmehl wrote: I'm working on a website (as a volunteer - www.vvfh.org), and I have a problem sending mail from a web form. Unfortunately, this is on one of those cloud server deals where I have very little access for troubleshooting purposes. I put the files (the script and the contact page) on another server that I control so I could see what the error messages were, but the form worked fine there. Here's what's happening. When I fill out the form and click on Submit, the script returns a success message but I never receive the mail. I'm sending the mail to an account on the server I control. The cloud hosting setup is saying the mail is delivered successfully, but it's not. Looking at the logs on the receiving server (postfix 2.10.2 on FreeBSD 8.3), the mail is being bounced, but the bounce makes no sense to me at all. Here's a snippet from the mail log: Jan 9 02:49:24 mail postfix/policyd-weight[29824]: child: spawned Jan 9 02:49:26 mail postfix/policyd-weight[29824]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 HELO_IP_IN_CL16_SUBNET=-0.41 (check from: .hostzilla. - helo: .a.free.hostzilla. - helo-domain: .hostzilla.) FROM/MX_MATCHES_UNVR_HELO(DOMAIN)_OR_CL_NAME(DOMAIN)=-1.5 RESOLVED_IP_IS_NOT_HELO=1.5 FROM_MULTIPARTED=1.09; ; rate: -3.82 Jan 9 02:49:26 mail postfix/policyd-weight[29824]: decided action=PREPEND X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 HELO_IP_IN_CL16_SUBNET=-0.41 (check from: .hostzilla. - helo: .a.free.hostzilla. - helo-domain: .hostzilla.) FROM/MX_MATCHES_UNVR_HELO(DOMAIN)_OR_CL_NAME(DOMAIN)=-1.5 RESOLVED_IP_IS_NOT_HELO=1.5 FROM_MULTIPARTED=1.09; rate: -3.82; ; delay: 2s Jan 9 02:49:26 mail postfix/smtpd[29823]: 3D42D2F173C: client=unknown[67.227.164.146] Jan 9 02:49:26 mail postfix/cleanup[29825]: 3D42D2F173C: message-id= Jan 9 02:49:26 mail postfix/qmgr[5989]: 3D42D2F173C: from=, size=1633, nrcpt=1 (queue active) Jan 9 02:49:26 mail postfix/smtpd[29823]: disconnect from unknown[67.227.164.146] Jan 9 02:49:32 mail postfix/pipe[29826]: 3D42D2F173C: to=, relay=filter, delay=7.8, delays=1.8/0.01/0/5.9, dsn=5.3.0, status=bounced (Command died with status 1: "/usr/local/bin/filter.sh". Command output: Jan 9 02:49:28.913 [29829] warn: netset: cannot include 127.0.0.0/32 as it has already been included Jan 9 02:49:28.913 [29829] warn: netset: illegal network address given: '216.58.158.271' rm: out.29827: No such file or directory ) Jan 9 02:49:32 mail postfix/cleanup[29825]: 3B3E82F176C: message-id=<20140109024932.3b3e82f1...@mail.stovebolt.com> Jan 9 02:49:32 mail postfix/qmgr[5989]: 3B3E82F176C: from=<>, size=3973, nrcpt=1 (queue active) Jan 9 02:49:32 mail postfix/bounce[29835]: 3D42D2F173C: sender non-delivery notification: 3B3E82F176C Jan 9 02:49:32 mail postfix/qmgr[5989]: 3D42D2F173C: removed Jan 9 02:49:32 mail postfix/smtp[29795]: 3B3E82F176C: to=, relay=a.free.hostzilla.ws[67.227.165.253]:25, delay=0.24, delays=0.04/0/0.16/0.04, dsn=5.0.0, status=bounced (host a.free.hostzilla.ws[67.227.165.253] said: 550-You do not have sufficient privileges to send mail to this address. Please 550 authenticate and try again. (in reply to RCPT TO command)) Jan 9 02:49:32 mail postfix/qmgr[5989]: 3B3E82F176C: removed So the mail is accepted by postfix and handed off to filter.sh where it's bounced back with the message "550-You do not have sufficient privileges to send mail to this address. Please 550 authenticate and try again. (in reply to RCPT TO command))" Huh? The mail is b
