why postfix duplicate files

2017-10-25 Thread Poliman - Serwis 
Hi, I have found in my /etc/postfix directory list of duplicated files. I
attach .txt file with this list. I don't do anything with postfix from few
months. If it's not normal please tell me how fix it.

-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*
root@s1:/etc/postfix# ls -l
total 332
-rw-r--r-- 1 root root 1569 Oct 24 09:28 blacklist_helo
-r 1 root root 1569 Oct 24 09:28 blacklist_helo~
-rw-r--r-- 1 root root0 Oct 24 09:28 body_checks
-rw-r--r-- 1 root root  424 Apr 25  2017 dh2048.pem
-rw-r--r-- 1 root root  153 Apr 13  2017 dynamicmaps.cf
-rw-r--r-- 1 root root0 Oct 24 09:28 header_checks
-rw-r--r-- 1 root root  605 Oct 24 09:28 helo_access
-r 1 root root  605 Oct 24 09:28 helo_access~
-rw-r--r-- 1 root root 5681 Oct 24 15:14 main.cf
-rw-r--r-- 1 root root 5681 Oct 24 15:14 main.cf~
-rw-r--r-- 1 root root 5681 Oct 24 09:28 main.cf~2
-rw-r--r-- 1 root root 5682 Oct 24 09:28 main.cf~3
-rw-r--r-- 1 root root27126 Oct 24 09:25 main.cf.proto
-rw-r--r-- 1 root root 7803 Oct 24 09:28 master.cf
-r 1 root root 7803 Oct 24 09:28 master.cf~
-r 1 root root 6236 Apr 14  2017 master.cf~2
-rw-r--r-- 1 root root 6068 Oct 24 09:25 master.cf.proto
-rw-r--r-- 1 root root0 Oct 24 09:28 mime_header_checks
-rw-r- 1 root postfix   231 Oct 24 09:28 mysql-virtual_client.cf
-rw-r- 1 root postfix   231 Oct 24 09:28 mysql-virtual_client.cf~
-rw-r- 1 root postfix   221 Oct 24 09:28 mysql-virtual_domains.cf
-rw-r- 1 root postfix   221 Oct 24 09:28 mysql-virtual_domains.cf~
-rw-r- 1 root postfix   218 Oct 24 09:28 mysql-virtual_email2email.cf
-rw-r- 1 root postfix   218 Oct 24 09:28 mysql-virtual_email2email.cf~
-rw-r- 1 root postfix   317 Oct 24 09:28 mysql-virtual_forwardings.cf
-rw-r- 1 root postfix   317 Oct 24 09:28 mysql-virtual_forwardings.cf~
-rw-r- 1 root postfix   216 Oct 24 09:28 mysql-virtual_gids.cf
-rw-r- 1 root postfix   216 Oct 24 09:28 mysql-virtual_gids.cf~
-rw-r- 1 root postfix   288 Oct 24 09:28 mysql-virtual_mailboxes.cf
-rw-r- 1 root postfix   288 Oct 24 09:28 mysql-virtual_mailboxes.cf~
-rw-r- 1 root postfix   271 Oct 24 09:28 mysql-virtual_outgoing_bcc.cf
-rw-r- 1 root postfix   271 Oct 24 09:28 mysql-virtual_outgoing_bcc.cf~
-rw-r- 1 root postfix   541 Oct 24 09:28 mysql-virtual_policy_greylist.cf
-rw-r- 1 root postfix   346 Oct 24 09:28 mysql-virtual_policy_greylist.cf~
-rw-r- 1 root postfix   252 Oct 24 09:28 mysql-virtual_recipient.cf
-rw-r- 1 root postfix   252 Oct 24 09:28 mysql-virtual_recipient.cf~
-rw-r- 1 root postfix   224 Oct 24 09:28 mysql-virtual_relaydomains.cf
-rw-r- 1 root postfix   224 Oct 24 09:28 mysql-virtual_relaydomains.cf~
-rw-r- 1 root postfix   230 Oct 24 09:28 mysql-virtual_relayrecipientmaps.cf
-rw-r- 1 root postfix   230 Oct 24 09:28 
mysql-virtual_relayrecipientmaps.cf~
-rw-r- 1 root postfix   249 Oct 24 09:28 mysql-virtual_sender.cf
-rw-r- 1 root postfix   249 Oct 24 09:28 mysql-virtual_sender.cf~
-rw-r- 1 root postfix   320 Oct 24 09:28 mysql-virtual_sender_login_maps.cf
-rw-r- 1 root postfix   320 Oct 24 09:28 mysql-virtual_sender_login_maps.cf~
-rw-r- 1 root postfix   227 Oct 24 09:28 mysql-virtual_transports.cf
-rw-r- 1 root postfix   227 Oct 24 09:28 mysql-virtual_transports.cf~
-rw-r- 1 root postfix   217 Oct 24 09:28 mysql-virtual_uids.cf
-rw-r- 1 root postfix   217 Oct 24 09:28 mysql-virtual_uids.cf~
-rw-r--r-- 1 root root0 Oct 24 09:28 nested_header_checks
-rw-r--r-- 1 root root21233 Apr 13  2016 postfix-files
-rwxr-xr-x 1 root root 9344 Apr 13  2016 postfix-script
-rwxr-xr-x 1 root root29446 Apr 13  2016 post-install
drwxr-xr-x 2 root root 4096 Apr 13  2016 sasl
-rw-r--r-- 1 root root 2167 Apr 14  2017 smtpd.cert
-rw-r- 1 root root 3272 Apr 14  2017 smtpd.key
-rw-r--r-- 1 root root   35 Oct 24 09:28 tag_as_foreign.re
-rw-r--r-- 1 root root   35 Oct 24 09:28 tag_as_foreign.re~
-rw-r--r-- 1 root root   35 Oct 24 09:28 tag_as_originating.re
-rw-r--r-- 1 root root   35 Oct 24 09:28 tag_as_originating.re~

Re: why postfix duplicate files

2017-10-25 Thread Petri Riihikallio 
> Hi, I have found in my /etc/postfix directory list of duplicated files. I 
> attach .txt file with this list. I don't do anything with postfix from few 
> months. If it's not normal please tell me how fix it.

Many editors (Vim, Emacs, Nano?) create backup files with a tilde appended to 
the end of the filename. Postfix doesn’t generate them.

Someone has edited those files yesterday. If it wasn’t you, who was it? (S)he 
has root access. Could be a badly written cron script, too.

-- 
Cheers
Petri
https://metis.fi/en/petri
tel:+358400505939




smime.p7s
Description: S/MIME cryptographic signature

Re: why postfix duplicate files

2017-10-25 Thread Mauricio Tavares 
On Wed, Oct 25, 2017 at 3:46 AM, Petri Riihikallio
 wrote:
>> Hi, I have found in my /etc/postfix directory list of duplicated files. I 
>> attach .txt file with this list. I don't do anything with postfix from few 
>> months. If it's not normal please tell me how fix it.
>
> Many editors (Vim, Emacs, Nano?) create backup files with a tilde appended to 
> the end of the filename. Postfix doesn’t generate them.
>
> Someone has edited those files yesterday. If it wasn’t you, who was it? (S)he 
> has root access. Could be a badly written cron script, too.
>
  I would agree it sounds like backup files because of the 3
versions of master.cf, the oldest of which (master.cf~2) is from
April. Petri, sounds like it is time for you to find out who and what
is doing what in your system. postfix has better things to do than
play musical chairs with your files. I would also suggest if this is a
production machine for your work to check out something like ansible
or puppet and a source code repository to store your configs.

> --
> Cheers
> Petri
> https://metis.fi/en/petri
> tel:+358400505939
>
>

Re: Troubleshooting "SSL_accept error" that happens with only one domain , iship.com (a UPS company)

2017-10-25 Thread Petri Riihikallio 
> da...@justemail.net wrote on 25.10.2017 at 2:35:
> 
> Hello,
> 
> My office receives email from UPS, since we're a customer.
> 
> One of the domains that UPS emails from is apparently "iship.com".
> 
> We're not getting those emails.

You and UPS require different sets of ciphers and have none in common. Either 
you have tinkered with server cipher requirements or UPS has edited their 
client cipher list. Check your postconf -n to find out if its you.
http://www.postfix.org/TLS_README.html#server_cipher

Testing with openssl s_client doesn’t prove anything about Postfix cipher 
settings (except that the connection is possible if no setting denies it.)

The general rule is to use the defaults. Postfix defaults are set to err on the 
safe side. You’ll gain very little by altering them. If you try to “harden” 
Postfix you usually end up with no connection or fall back to plaintext.

-- 
Cheers
Petri
https://metis.fi/en/petri
tel:+358400505939




smime.p7s
Description: S/MIME cryptographic signature

Re: why postfix duplicate files

2017-10-25 Thread Wietse Venema 
Poliman - Serwis:
> Hi, I have found in my /etc/postfix directory list of duplicated files. I
> attach .txt file with this list. I don't do anything with postfix from few
> months. If it's not normal please tell me how fix it.

Postfix does not duplicate configuration files.

Wietse

Re: Troubleshooting "SSL_accept error" that happens with only one domain , iship.com (a UPS company)

2017-10-25 Thread daveg 
On Wed, Oct 25, 2017, at 03:39 AM, Petri Riihikallio wrote:
> You and UPS require different sets of ciphers and have none in common. Either 
> you have tinkered with server cipher requirements or UPS has edited their 
> client cipher list. Check your postconf -n to find out if its you.
> http://www.postfix.org/TLS_README.html#server_cipher
> 
> Testing with openssl s_client doesn’t prove anything about Postfix cipher 
> settings (except that the connection is possible if no setting denies it.)
> 
> The general rule is to use the defaults. Postfix defaults are set to err on 
> the safe side. You’ll gain very little by altering them. If you try to 
> “harden” Postfix you usually end up with no connection or fall back to 
> plaintext.

I checked the server and this is how it's configured

 postconf -n | grep smtpd | grep tls | grep ciphers
  smtpd_tls_ciphers = medium
  smtpd_tls_exclude_ciphers = EXPORT, LOW, RC4, eNULL, NULL
  smtpd_tls_mandatory_ciphers = medium
  smtpd_tls_mandatory_exclude_ciphers = aNULL
  tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers

 postconf -n | grep smtpd | grep tls | grep protocols
  smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
  smtpd_tls_protocols = !SSLv2, !SSLv3
  tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
  tlsproxy_tls_protocols = $smtpd_tls_protocols

Checking the logs for last 6 months, this is the ONLY domain that these errors 
exist for.  I guess

Any way to check what THEY are trying to use?  Which cipher?

Dave

Re: Troubleshooting "SSL_accept error" that happens with only one domain , iship.com (a UPS company)

2017-10-25 Thread daveg 
On Wed, Oct 25, 2017, at 06:32 AM, Fazzina, Angelo wrote:
> When it works I get this
> 
> Oct 25 09:30:01 mta1 postfix/smtpd[2313]: Anonymous TLS connection 
> established from unknown[60.6.49.148]: TLSv1.2 with cipher 
> DHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Sure, here too.

This server gets lots of mail from lots of domains.   All of them that use TLS 
have that kind of message.

There are no problems with ciphers of any kind.  At least not in the logs.
Except for this one domain.

Dave

Re: Troubleshooting "SSL_accept error" that happens with only one domain , iship.com (a UPS company)

2017-10-25 Thread Matus UHLAR - fantomas 

On Wed, Oct 25, 2017, at 03:39 AM, Petri Riihikallio wrote:

You and UPS require different sets of ciphers and have none in common. Either 
you have tinkered with server cipher requirements or UPS has edited their 
client cipher list. Check your postconf -n to find out if its you.
http://www.postfix.org/TLS_README.html#server_cipher

Testing with openssl s_client doesn’t prove anything about Postfix cipher 
settings (except that the connection is possible if no setting denies it.)

The general rule is to use the defaults. Postfix defaults are set to err
on the safe side.  You’ll gain very little by altering them.  If you try
to “harden” Postfix you usually end up with no connection or fall back to
plaintext.


On 25.10.17 05:49, da...@justemail.net wrote:

I checked the server and this is how it's configured

postconf -n | grep smtpd | grep tls | grep ciphers
 smtpd_tls_ciphers = medium
 smtpd_tls_mandatory_ciphers = medium


this looks like you only accept medium grade ciphers ... so no high grade. 
That means, Petri was right about "hardening". use "medium, high"



Any way to check what THEY are trying to use?  Which cipher?


you can capture their connections using tcpdump or wireshark, but I don't
think that's important now...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson.  -- Daffy Duck & Porky Pig

Re: Troubleshooting "SSL_accept error" that happens with only one domain , iship.com (a UPS company)

2017-10-25 Thread daveg 


On Wed, Oct 25, 2017, at 06:45 AM, Matus UHLAR - fantomas wrote:
> > postconf -n | grep smtpd | grep tls | grep ciphers
> >  smtpd_tls_ciphers = medium
> >  smtpd_tls_mandatory_ciphers = medium
> 
> this looks like you only accept medium grade ciphers ... so no high grade. 
> That means, Petri was right about "hardening". use "medium, high"

What do you mean by

  "That means, Petri was right about "hardening". use "medium, high""

?

At

 http://www.postfix.org/postconf.5.html#smtpd_tls_mandatory_ciphers

for

 smtpd_tls_mandatory_ciphers (default: medium)

it says

 medium
Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128-bit or 
longer symmetric bulk-encryption keys. This is the default minimum strength for 
mandatory TLS encryption. The underlying cipherlist is specified via the 
tls_medium_cipherlist configuration parameter, which you are strongly 
encouraged to not change. 

and for

 smtpd_tls_ciphers (default: medium)

it says

The minimum TLS cipher grade that the Postfix SMTP server will use with 
opportunistic TLS encryption. Cipher types listed in smtpd_tls_exclude_ciphers 
are excluded from the base definition of the selected cipher grade. The default 
value is "medium" for Postfix releases after the middle of 2015, "export" for 
older releases. 

For both parameters, a value of 'medium' is 

 (1) a "miniumum strength"
 (2) *includes* high.
 (3) is the default

Why use 'medium, high' ?

Dave

Re: Troubleshooting "SSL_accept error" that happens with only one domain , iship.com (a UPS company)

2017-10-25 Thread Petri Riihikallio 
> I checked the server and this is how it's configured
> 
> postconf -n | grep smtpd | grep tls | grep ciphers
>  smtpd_tls_ciphers = medium
>  smtpd_tls_exclude_ciphers = EXPORT, LOW, RC4, eNULL, NULL
>  smtpd_tls_mandatory_ciphers = medium
>  smtpd_tls_mandatory_exclude_ciphers = aNULL
>  tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers

Both smtpd_*_exclude_ciphers default to empty. Do you know why they are 
non-empty in your config?

Like I wrote earlier: If you try to “harden” Postfix you’ll run into trouble. 
Postfix defaults to as secure as possible without sacrificing functionality.

Perhaps iship.com is running some really old MTA, but it is their decision. In 
that case (after emptying the exclude lists) you can try replacing “medium" 
with “export”. That is not a recommended setting (a.k.a. default) however, so 
try first just without the exclusions.

-- 
Cheers
Petri
https://metis.fi/en/petri
tel:+358400505939




smime.p7s
Description: S/MIME cryptographic signature

Re: why postfix duplicate files

2017-10-25 Thread Poliman - Serwis 
Thank you for answers. Only I have root access with ssh key public/private
files randomly generated, so I suppose there is little probability that
somebody hacked the root. I use nano editor. Can I remove older files with
'~' ?

2017-10-25 12:56 GMT+02:00 Wietse Venema :

> Poliman - Serwis:
> > Hi, I have found in my /etc/postfix directory list of duplicated files. I
> > attach .txt file with this list. I don't do anything with postfix from
> few
> > months. If it's not normal please tell me how fix it.
>
> Postfix does not duplicate configuration files.
>
> Wietse
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*

Re: Troubleshooting "SSL_accept error" that happens with only one domain , iship.com (a UPS company)

2017-10-25 Thread daveg 


On Wed, Oct 25, 2017, at 06:57 AM, Petri Riihikallio wrote:
> > I checked the server and this is how it's configured
> > 
> > postconf -n | grep smtpd | grep tls | grep ciphers
> >  smtpd_tls_ciphers = medium
> >  smtpd_tls_exclude_ciphers = EXPORT, LOW, RC4, eNULL, NULL
> >  smtpd_tls_mandatory_ciphers = medium
> >  smtpd_tls_mandatory_exclude_ciphers = aNULL
> >  tlsproxy_tls_mandatory_exclude_ciphers = 
> > $smtpd_tls_mandatory_exclude_ciphers
> 
> Both smtpd_*_exclude_ciphers default to empty. Do you know why they are 
> non-empty in your config?

The notes I found just reference this article by 

 "An OpenSSL User’s Guide to DROWN"
  https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/
   Posted by Viktor Dukhovni and Emilia Käsper , Mar 1st, 2016 2:59 pm

Which recommended

 # Suggested, not strictly needed:
 #
 smtpd_tls_exclude_ciphers =
 EXPORT, LOW, MD5, SEED, IDEA, RC2
 smtp_tls_exclude_ciphers =
 EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2

and this discussion

 "RC4 in live email servers?"
   
http://postfix.1071664.n5.nabble.com/RC4-in-live-email-servers-td78249.html#a78283
   Viktor Dukhovni, Jul 18, 2015; 1:12pm

Dave

Re: why postfix duplicate files

2017-10-25 Thread Júlio Covolato 


Em 25/10/2017 12:01, Poliman - Serwis escreveu:
Thank you for answers. Only I have root access with ssh key 
public/private files randomly generated, so I suppose there is little 
probability that somebody hacked the root. I use nano editor. Can I 
remove older files with '~' ?


2017-10-25 12:56 GMT+02:00 Wietse Venema >:


Poliman - Serwis:
> Hi, I have found in my /etc/postfix directory list of duplicated files. I
> attach .txt file with this list. I don't do anything with
postfix from few
> months. If it's not normal please tell me how fix it.

Postfix does not duplicate configuration files.

        Wietse




--
/Pozdrawiam / Best Regards
/
/Piotr Bracha/

From nano manual:

|-B, --backup|
   When saving a file, back up the previous version of it to the
   current filename suffixed with a ~. 
Julio Cesar Covolato

check_sasl_access duplicates

2017-10-25 Thread micah anderson 

Hello,

I've configured check_sasl_access to be a sql map, like so:

proxy:mysql:/etc/postfix/checks/check_sasl_access.sql

and that check_sasl_access.sql file has the regular database DBI bits,
and then the following query:

query  = SELECT CONCAT("PREPEND X-User-ID: ", 
encrypt_user_id(mailboxes.user_id)) FROM mailboxes WHERE mailboxes.address = 
'%s';

this encrypt_user_id(mailboxes.user_id) is a stored procedure in the
database which allows me to create a hash of the sasl authenticated
user_id, with a secret, and returns a header value that helps us
identify users (esp. for spamming) from headers, without revealing
information to others.

This all works fine. The only problem is, if I CC or BCC someone, I get
one of these X-User-ID: headers for each additional address that is
included. It is the header for the sasl authenticated user, as expected,
repeated multiple times, once for each address included.

How can I make this only occur once in the header and now repeat it for
every address CC/BCC'd?

thanks!
micah

Re: Virtual Domains/ Users

2017-10-25 Thread cacook 


On 10/24/2017 10:20 AM, cac...@quantum-equities.com wrote:
>
> On 10/23/2017 11:55 AM, Wietse Venema wrote:
>> cac...@quantum-equities.com:
>>> On 10/21/2017 11:25 AM, Wietse Venema wrote:
 cac...@quantum-equities.com:
> How does DNS know where mail.example1.com is?  Should I set it in
> my registrar, in the mail system, in Apache as a virtual domain,
> or where?
 Normally, someone pays a registrar, so that the payer can configure
 the names of DNS servers that hold DNS records for example1.com.

Wietse
>>> Understand, I do have a registrar for my domains, but there I have
>>> always set ns1.{hoster}.com and ns2.{hoster}.com as the DNS servers.?
>>> (I've always used shared hosting in the past, but now am making my first
>>> hosting cloud instance)
>> In addition to the NS records that name these DNS servers, those
>> servers need to contain records for your domain. You can use the 
>> 'dig' tool to verify that:
>>
>> dig ns example1.com. @8.8.8.8
>> dig mx example.com. @8.8.8.8
>>
>> and so on. This uses Google DNS to show what a remote client would get.
>>
>>  Wietse
> Yes this works.  But all my questions have disappeared.

Sending an email from a remote machine pretends like it goes out just
fine.  But it never arrives in the server's mail folder.  Zero goes into
maillog, even with systemctl restart postfix.  TLS is not enabled.


# systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled;
vendor preset: disabled)
   Active: active (running) since Wed 2017-10-25 11:50:18 PDT; 1min 34s ago
  Process: 6944 ExecStop=/usr/sbin/postfix stop (code=exited,
status=0/SUCCESS)
  Process: 6964 ExecStart=/usr/sbin/postfix start (code=exited,
status=0/SUCCESS)
  Process: 6960 ExecStartPre=/usr/libexec/postfix/chroot-update
(code=exited, status=0/SUCCESS)
  Process: 6956 ExecStartPre=/usr/libexec/postfix/aliasesdb
(code=exited, status=0/SUCCESS)
 Main PID: 7037 (master)
   CGroup: /system.slice/postfix.service
   ├─7037 /usr/libexec/postfix/master -w
   ├─7038 pickup -l -t unix -u
   └─7039 qmgr -l -t unix -u

Oct 25 11:50:18 quantum.localdomain systemd[1]: Starting Postfix Mail
Transport Agent...
Oct 25 11:50:18 quantum.localdomain postfix/master[7037]: daemon started
-- version 2.10.1, configuration /etc/postfix
Oct 25 11:50:18 quantum.localdomain systemd[1]: Started Postfix Mail
Transport Agent.


# listen |grep
master
master  7037   root   13u  IPv4 351967  0t0  TCP *:25 (LISTEN)
master  7037   root   14u  IPv6 351968  0t0  TCP *:25 (LISTEN)


# dig ns delphi-real-estate.com. @88.191.249.135

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> ns delphi-real-estate.com.
@88.191.249.135
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35740
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;delphi-real-estate.com.    IN  NS

;; ANSWER SECTION:
delphi-real-estate.com. 28800   IN  NS  nsa.bookmyname.com.
delphi-real-estate.com. 28800   IN  NS  nsc.bookmyname.com.
delphi-real-estate.com. 28800   IN  NS  nsb.bookmyname.com.

;; Query time: 407 msec
;; SERVER: 88.191.249.135#53(88.191.249.135)
;; WHEN: Wed Oct 25 11:10:23 PDT 2017
;; MSG SIZE  rcvd: 116


# dig mx delphi-real-estate.com. @88.191.249.135

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> mx delphi-real-estate.com.
@88.191.249.135
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31336
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;delphi-real-estate.com.    IN  MX

;; ANSWER SECTION:
delphi-real-estate.com. 28800   IN  MX  10
mail.delphi-real-estate.com.

;; Query time: 198 msec
;; SERVER: 88.191.249.135#53(88.191.249.135)
;; WHEN: Wed Oct 25 11:06:16 PDT 2017
;; MSG SIZE  rcvd: 72


0x946C680E.asc
Description: application/pgp-keys

Postfix, clamav and Spamassasin - delete high scoring spam

2017-10-25 Thread Emanuel 

Hello,

I use Postfix, clamav and spamassain to figth the spam in my server.

I my custom_rules from spamassasin i add the following rule to give 100 
points to emails that contain infected attachments.


priority CLAMAV -900
shortcircuit CLAMAV spam
score CLAMAV 200

my question is, can be removed automatically through postfix?

Regards,

Emanuel.

--
envialosimple.com   
Emanuel Gonzalez
Deliverability Specialist
emanuel.gonza...@donweb.com 
www.envialosimple.com 
by donweb 

Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son 
confidenciales, de uso exclusivo para el destinatario del mismo. La 
divulgación y/o uso del mismo sin autorización por parte de DonWeb.com 
queda prohibida.
DonWeb.com no se hace responsable del mensaje por la falsificación y/o 
alteración del mismo.
De no ser Ud el destinatario del mismo y lo ha recibido por error, por 
favor, notifique al remitente y elimínelo de su sistema.
Confidentiality Note: This message and any attachments (the message) are 
confidential and intended solely for the addressees. Any unauthorised 
use or dissemination is prohibited by DonWeb.com.

DonWeb.com shall not be liable  for the message if altered or falsified.
If you are not the intended addressee of this message, please cancel it 
immediately and inform the sender
Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem 
conter dados confidenciais ou privilegiados.
Se você os recebeu por engano ou não é um dos destinatários aos quais 
ela foi endereçada, por favor destrua-a e a todos os seus eventuais 
anexos ou copias realizadas, imediatamente.
É proibida a retenção, distribuição, divulgação ou utilização de 
quaisquer informações aqui contidas.
Por favor, informenos sobre o recebimento indevido desta mensagem, 
retornando-a para o autor.

Re: Postfix, clamav and Spamassasin - delete high scoring spam

2017-10-25 Thread Robert Schetterer 
Am 25.10.2017 um 20:55 schrieb Emanuel:
> Hello,
> 
> I use Postfix, clamav and spamassain to figth the spam in my server.
> 
> I my custom_rules from spamassasin i add the following rule to give 100
> points to emails that contain infected attachments.
> 
> priority CLAMAV -900
> shortcircuit CLAMAV spam
> score CLAMAV 200
> 
> my question is, can be removed automatically through postfix?
> 
> Regards,
> 
> Emanuel.

with spamass-milter you are able to reject
or use amavis .also works as milter, perhaps best choice to goal what
you like ,cause it is a framework with clamav and spamassassin
i never used the clamav module/rules in spamassassin

> 
> -- 
> envialosimple.com   
> Emanuel Gonzalez
> Deliverability Specialist
> emanuel.gonza...@donweb.com 
> www.envialosimple.com 
> by donweb 
> 
>  
> Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son
> confidenciales, de uso exclusivo para el destinatario del mismo. La
> divulgación y/o uso del mismo sin autorización por parte de DonWeb.com
> queda prohibida.
> DonWeb.com no se hace responsable del mensaje por la falsificación y/o
> alteración del mismo.
> De no ser Ud el destinatario del mismo y lo ha recibido por error, por
> favor, notifique al remitente y elimínelo de su sistema.
> Confidentiality Note: This message and any attachments (the message) are
> confidential and intended solely for the addressees. Any unauthorised
> use or dissemination is prohibited by DonWeb.com.
> DonWeb.com shall not be liable  for the message if altered or falsified.
> If you are not the intended addressee of this message, please cancel it
> immediately and inform the sender
> Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem
> conter dados confidenciais ou privilegiados.
> Se você os recebeu por engano ou não é um dos destinatários aos quais
> ela foi endereçada, por favor destrua-a e a todos os seus eventuais
> anexos ou copias realizadas, imediatamente.
> É proibida a retenção, distribuição, divulgação ou utilização de
> quaisquer informações aqui contidas.
> Por favor, informenos sobre o recebimento indevido desta mensagem,
> retornando-a para o autor.
>  
> 



Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: Virtual Domains/ Users

2017-10-25 Thread Richard 


> Date: Wednesday, October 25, 2017 11:55:13 -0700
> From: cac...@quantum-equities.com
> 
> Sending an email from a remote machine pretends like it goes out
> just fine.  But it never arrives in the server's mail folder. 
> Zero goes into maillog, even with systemctl restart postfix.  TLS
> is not enabled.
> 

You have an MX record pointing from delphi-real-estate.com to
mail.delphi-real-estate.com

  # dig delphi-real-estate.com mx

  ;; QUESTION SECTION:
  ;delphi-real-estate.com.  IN  MX

  ;; ANSWER SECTION:
  delphi-real-estate.com. 28800 IN MX  10 mail.delphi-real-estate.com.

but no A record for mail.delphi-real-estate.com. 

You need to get an A-record for mail.delphi-real-estate.com (which
will point to its IPnumber) added to the dns entries for your domain
at bookmyname.com.

I suspect your test message is sitting on the outgoing mail server
you used and you will get delivery warning and failure messages in
time.

Re: check_sasl_access duplicates

2017-10-25 Thread Noel Jones 
On 10/25/2017 1:54 PM, micah anderson wrote:
> 
> Hello,
> 
> I've configured check_sasl_access to be a sql map, like so:
> 
> proxy:mysql:/etc/postfix/checks/check_sasl_access.sql
> 
> and that check_sasl_access.sql file has the regular database DBI bits,
> and then the following query:
> 
> query  = SELECT CONCAT("PREPEND X-User-ID: ", 
> encrypt_user_id(mailboxes.user_id)) FROM mailboxes WHERE mailboxes.address = 
> '%s';
> 
> this encrypt_user_id(mailboxes.user_id) is a stored procedure in the
> database which allows me to create a hash of the sasl authenticated
> user_id, with a secret, and returns a header value that helps us
> identify users (esp. for spamming) from headers, without revealing
> information to others.
> 
> This all works fine. The only problem is, if I CC or BCC someone, I get
> one of these X-User-ID: headers for each additional address that is
> included. It is the header for the sasl authenticated user, as expected,
> repeated multiple times, once for each address included.
> 
> How can I make this only occur once in the header and now repeat it for
> every address CC/BCC'd?
> 
> thanks!
> micah
> 


Move your check to smtpd_data_restrictions.





  -- Noel Jones

Re: check_sasl_access duplicates

2017-10-25 Thread micah 
Noel Jones  writes:

> On 10/25/2017 1:54 PM, micah anderson wrote:
>> 
>> Hello,
>> 
>> I've configured check_sasl_access to be a sql map, like so:
>> 
>> proxy:mysql:/etc/postfix/checks/check_sasl_access.sql
>> 
>> and that check_sasl_access.sql file has the regular database DBI bits,
>> and then the following query:
>> 
>> query  = SELECT CONCAT("PREPEND X-User-ID: ", 
>> encrypt_user_id(mailboxes.user_id)) FROM mailboxes WHERE mailboxes.address = 
>> '%s';
>> 
>> this encrypt_user_id(mailboxes.user_id) is a stored procedure in the
>> database which allows me to create a hash of the sasl authenticated
>> user_id, with a secret, and returns a header value that helps us
>> identify users (esp. for spamming) from headers, without revealing
>> information to others.
>> 
>> This all works fine. The only problem is, if I CC or BCC someone, I get
>> one of these X-User-ID: headers for each additional address that is
>> included. It is the header for the sasl authenticated user, as expected,
>> repeated multiple times, once for each address included.
>> 
>> How can I make this only occur once in the header and now repeat it for
>> every address CC/BCC'd?
>
> Move your check to smtpd_data_restrictions.

Thanks, that was indeed the problem.

Re: Postfix, clamav and Spamassasin - delete high scoring spam

2017-10-25 Thread Andrzej A. Filip 
Robert Schetterer  wrote:
> Am 25.10.2017 um 20:55 schrieb Emanuel:
>> Hello,
>> 
>> I use Postfix, clamav and spamassain to figth the spam in my server.
>> 
>> I my custom_rules from spamassasin i add the following rule to give 100
>> points to emails that contain infected attachments.
>> 
>> priority CLAMAV -900
>> shortcircuit CLAMAV spam
>> score CLAMAV 200
>> 
>> my question is, can be removed automatically through postfix?
>> 
>> Regards,
>> 
>> Emanuel.
>
> with spamass-milter you are able to reject
> or use amavis .also works as milter, perhaps best choice to goal what
> you like ,cause it is a framework with clamav and spamassassin
> i never used the clamav module/rules in spamassassin

Using clamav rules in spamassassin may make some sense for unoficial
clamav signatures.  They unofficial signatures effectively detect spam.
They may be used as as substitute for razor/pyzor/dcc in "local test
only" (faster) mode or privacy concerned mode.

-- 
A. Filip

Problems routing to lmtp

2017-10-25 Thread Fabian A. Santiago 
Problem,

I have my email server, running postfix.

I have an lmtp server running in a docker on the same machine.

The docker container (mailman 3) writes the transport maps for mailing lists 
which I have defined in postfix main.cf. they're written and defined as regex.

When I send an email to the list address, it bounces with unknown recipient. 
It's listing the attempted recipient as:

The lmtp address @ the servers fqdn.

Obviously it should take the email addressed to the lists virtual address and 
simply route it to the lmtp server. 

Something isn't right but I followed every doc I could find and it's configured 
appropriately. 

Can anyone take a look at my configs and maybe point it out to me if it's 
something silly? I can provide whatever is asked for. Thanks.


--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC

Re: why postfix duplicate files

2017-10-25 Thread Petri Riihikallio 
>> I don't do anything with postfix from few months.
> 
> Only I have root access with ssh key public/private files randomly generated, 
> so I suppose there is little probability that somebody hacked the root.

I understand you haven’t touched Postfix for months. Still those files have 
modification dates on Tuesday morning.

> I use nano editor. Can I remove older files with '~' ?

Yes

-- 
Cheers
Petri
https://metis.fi/en/petri
tel:+358400505939




smime.p7s
Description: S/MIME cryptographic signature