Re: smtp-cache problem
Hmm, ok, I did search but found nothing. I'll check again. --Thomas Am 22.02.2017 um 21:51 schrieb Wietse Venema: > Thomas Minor: >> Hello, >> >> I might have a problem with the smtp_connection cache. >> Regarding documentation, the cache is enabled on demand by default. > This question was already answered. Use youe search engine. > > Wietse -- Thomas Minor, Development H & R Netzwerk GmbH Am Königsweg 9 48599 Gronau-Epe Sitz:Gronau / Westf. Handelsregister: Amtsgericht Coesfeld, HRB 5886 Geschäftsführer: Harald Beine --
smtpd_restriction_classes & Copy rejected emails
Hi Team, I use smtpd_restriction_classes extensively to set who can receive from who and who can send it to, this is a company policy and its needed. setup is simple Spam Filter (Postfix - Multiple Servers) ---> Internal Email Server (Postfix + Dovecot) We use recipient bcc maps on the MX servers to copy the filtered users email to monitoring email box. i get both rejected and non rejected email on to this. is there anyway i can setup postfix only to copy the rejected email to the monitoring email account ? rgds
Re: smtp-cache problem
Am 24.02.2017 um 09:03 schrieb Thomas Minor: Hmm, ok, I did search but found nothing. I'll check again. http://marc.info/?t=14876316702&r=1&w=2 -- Alex JOST
Re: smtpd_restriction_classes & Copy rejected emails
Kev: > Hi Team, > > I use smtpd_restriction_classes extensively to set who can receive from > who and who can send it to, this is a company policy and its needed. > > setup is simple > > Spam Filter (Postfix - Multiple Servers) ---> Internal Email Server > (Postfix + Dovecot) > > We use recipient bcc maps on the MX servers to copy the filtered users > email to monitoring email box. i get both rejected and non rejected > email on to this. is there anyway i can setup postfix only to copy the > rejected email to the monitoring email account ? When the Postfix SMTP server rejects a message, that message is not received. Wietse
Simple (attempted) AUTH logging?
Very low priority question here... I don't announce or accept AUTH on my public port 25 postfix smtpd service, before or after STARTTLS, yet there is always a constant trickle of probes that do attempt it. On rare occasions, there are days-long concerted efforts from a wide array of source addresses. It would be nice to have a little bit of simple logging for these (failed/rejected) AUTH attempts. Basically, it would be nice to be able to quickly decide between "oh yeah, of course that's hopeless, ignore it" and "hmmm, that looks disturbing, I'd better dig into what's going on there". I don't see any postfix config options related to this sort of thing. (Well, almost, but smtpd_sasl_authenticated_header doesn't do any good in this situation.) Am I missing something? Thanks. - James
Re: Simple (attempted) AUTH logging?
On 2/24/2017 1:05 PM, James wrote: > Very low priority question here... > > I don't announce or accept AUTH on my public port 25 postfix smtpd > service, before or after STARTTLS, yet there is always a constant > trickle of probes that do attempt it. > > On rare occasions, there are days-long concerted efforts from a wide > array of source addresses. > > It would be nice to have a little bit of simple logging for these > (failed/rejected) AUTH attempts. > > Basically, it would be nice to be able to quickly decide between "oh > yeah, of course that's hopeless, ignore it" and "hmmm, that looks > disturbing, I'd better dig into what's going on there". > > I don't see any postfix config options related to this sort of > thing. (Well, almost, but smtpd_sasl_authenticated_header doesn't > do any good in this situation.) > > Am I missing something? > > Thanks. > > - James Current versions of postfix will log that AUTH was attempted, but do not log what the client sends. You can grep the logs for 'auth=0' to see unsuccessful auth attempts. postfix/smtpd[58629]: disconnect from unknown[192.168.0.33] ehlo=1 auth=0/1 commands=1/2 -- Noel Jones
Re: Simple (attempted) AUTH logging?
Current versions of postfix will log that AUTH was attempted, but do not log what the client sends. You can grep the logs for 'auth=0' to see unsuccessful auth attempts. postfix/smtpd[58629]: disconnect from unknown[192.168.0.33] ehlo=1 auth=0/1 commands=1/2 -- Noel Jones Yes, that's exactly what I have, hence my comments about seeing it happening. I have a few entries in my bash history that I call up a few times a day to pull "interesting" lines from several logs. I was hoping there might be some setting that would cause log entries like: postfix/smtpd[12345]: NOQUEUE: AUTH rejected from client.example.com[0.1.2.3], sasl_method=PLAIN, sasl_username=spam_r_us As long as the sasl_username was obviously hopeless then I wouldn't worry... but if they started using something that I thought they shouldn't know about then I'd start getting worried. If no such setting exists then how many folks would consider it to be a reasonable feature request? - James
Re: Simple (attempted) AUTH logging?
On 2/24/2017 5:55 PM, James wrote: >> Current versions of postfix will log that AUTH was attempted, but do >> not log what the client sends. You can grep the logs for 'auth=0' >> to see unsuccessful auth attempts. >> >> postfix/smtpd[58629]: disconnect from unknown[192.168.0.33] ehlo=1 >> auth=0/1 commands=1/2 >> >> -- Noel Jones > > Yes, that's exactly what I have, hence my comments about seeing it > happening. > > I have a few entries in my bash history that I call up a few times a > day to pull "interesting" lines from several logs. > > I was hoping there might be some setting that would cause log > entries like: > > postfix/smtpd[12345]: NOQUEUE: AUTH rejected from > client.example.com[0.1.2.3], sasl_method=PLAIN, sasl_username=spam_r_us > > As long as the sasl_username was obviously hopeless then I wouldn't > worry... but if they started using something that I thought they > shouldn't know about then I'd start getting worried. > > If no such setting exists then how many folks would consider it to > be a reasonable feature request? > > - James > I'm pretty sure the sasl_username part of the log (and probably the method too) is supplied by the sasl library, which is never called when sasl isn't offered. When sasl isn't offered but the client sends AUTH anyway, it should be possible for postfix to log the (sanitized) AUTH command the client sends, but it will be encoded. The encoding as recorded in the log may be (I think likely) broken by the log sanitizer. My impression is this won't be as useful as you hope. Or my analysis could be flawed. Maybe Wietse or others has something to add. -- Noel Jones
