Re: postfix virtual domain walking
On 13 Jun 2016, at 17:18, James B. Byrne wrote: 3. If there is nothing that involves Postfix then something like what you propose must be the case. Or someone has gone to some lengths to scan for these addresses using our domain name as a search term. Or more likely: crawled the web indiscriminately, harvesting anything that matches the pattern of an email address. Don't take this personally, but there's really nothing special about your domain. I don't get the same barrage of auth attempts, probably because I don't allow auth on port 25 and I have a fail2ban-like log monitor blocking traffic quite aggressively for auth failures on port 587, PREGREET violations in postscreen, and hits on my website that target various known vulnerabilities. I hover around 2500 firewall entries but that's less of a burden than letting all those bots talk nonsense to userspace servers. I DO get an unending stream of spammers targeting "addresses" in my personal domain that are actually email and Usenet message-ids from a 15-year span during which my mail and news clients used date-based MIDs. They also hit addresses embedded in HTML tags and comments on pages of my website that get essentially no hits other than crawler bots, with new addresses getting hit reliably within a few months. An address I used only for reporting 2 FreeBSD bugs gets targeted. The address I use for this list is my oldest functional address with any form of public exposure that doesn't get spam aimed at it many times per month: almost 9 years old. On the systems I run for paying customers the situation is less bad, but only because so few of the users have any public exposure of their addresses. Most of them never get any spam aimed at them. I can't use the same degree of IP blocking on those systems as I do on my own and the pattern is clear: the same set of users who get spam also get targeted by password-guessing bots.
Re: tracking progress of messages
On 16 Jun 2016, at 10:02, Rob Maidment wrote: Hi Wietse I supposed you're referring to the '-X' command-line option that logs all traffic (to file of FIFO). This appears to be a debugging tool that logs voluminous amounts of data including network conversations. Why are you not concerned about changes in Sendmail debug logging? No I wasn't referring to that. The current solution does not monitor the Sendmail logs, instead it relies on customisations to the Sendmail source code to generate the tracking events. I'd rather not take that approach with Postfix for the reasons I mentioned so I am looking for alternative solutions. MIMEDefang. It's a milter, so it can be called at any or all of the connect time, HELO, MAIL, and RCPT, and always at the end of DATA, receiving the information the MTA can provide at each point. Often it is just used as a way to hook up SpamAssassin and an AV scanner, but it's a great tool to enhance Postfix logging as well. Its config file consists of a set of Perl subroutine implementations to be called at the various stages, so if all you want is an explicit log entry for each SMTP command, each message as a whole, and each MIME part in a message, you could do that with 7 one-line subroutines logging the arguments passed to them.
Re: mysql local_recipient_map
On 06/14/2016 08:02 AM, Wietse Venema wrote: Paul R. Ganci: On 06/14/2016 04:28 AM, Wietse Venema wrote: Paul R. Ganci: If the MYSQL library was handling the host name resolution then why does the postmap -q query succeed? Shouldn't both queries fail? Perhaps you are running postmap as ROOT; Postfix runs as on-root. Indeed I was. Perhaps you have chroot enabled in master.cf. This is the default on debian/ubuntu. See http://www.postfix.org/DEBUG_README.html#no_chroot Change the master.cf entry should to this: smtp inet n - n - - smtpd ---^^^ Using chroot requires additional setup. I am running CentOS 7 which runs postfix chroot. Everything works as expected in this mode except for the mysql configuration. You are suggesting a permissions problem but I have verified that even with world read access the problem occurs. I do not want to run postfix as root. I am okay with the setup as it is now however can you elaborate on what additional setup I would need to get the mysql database to work with a server name rather than a server IP address? I really thought it was as simple as making the config file and then just making the proper entry in main.cf ala: local_recipient_maps = mysql:/etc/postfix/local_recipient_map.cf There is definitely something strange because I just put back the server name and did a postmap query from a non-root account and it works fine. I also verified that I don't have a typo in the main.cf config so I really don't understand what might be different between the mysql access from postfix vs postmap. -- Paul (ga...@nurdog.com) Cell: (303)257-5208
