postfix logs, spams and bounce messages
Hi there, Yahoo starts blocking e-mails from our server. It is possible that someone/somehow is sending spams. Please help me find what is sending spam from our server. First please explain to me the following logs (ourdomain is hosted on our server): Feb 3 14:45:57 softexp postfix/smtpd[23394]: NOQUEUE: reject: RCPT from unknown[117.87.x.x]: 554 5.7.1 Service unavailable; Client host [117.87.x.x] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=117.87.x.x; from= to= proto=ESMTP helo= Feb 3 14:45:58 softexp postfix/smtp[23424]: 56966AC86D: to=, relay=d.mx.mail.yahoo.com[66.196.82.7]:25, delay=7.6, delays=0/0.01/7.6/0, dsn=4.7.0, status=undeliverable (host d.mx.mail.yahoo.com[66.196.82.7] refused to talk to me: 421 4.7.0 [TS02] Messages from 80.96.148.194 temporarily deferred due to user complaints - 4.16.56.1; see http://postmaster.yahoo.com/421-ts02.html) What I understand: 1. the client 117.87.x.x tries to connect to our server but is blocked. (it is at spamhouse). It tries to send frm x...@yahoo.com to experienceof...@ourdomain.com. Everything ok till now. 2. what does the second line means? Our server is tring to send to x...@yahoo.com. Why? It is for sure related with the first log line... It is because of some bounce message or what? t looks like Postfix is accepting messages even though the RBL check happened after RCPT. That means even though the message is rejected, Postfix has accepted it, then sent a bounce later. Is this correct? How can I solve it? The output of postconf -n: postconf -n command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debug_peer_list = dom1.com html_directory = no mail_owner = postfix mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man myhostname = mail.dom1.com mynetworks_style = host newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_helo_restrictions = reject_invalid_hostname smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_sender_access hash:/usr/local/etc/postfix/access_sender check_helo_access pcre:/usr/local/etc/postfix/helo_checks reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unverified_recipient reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rhsbl_sender dsn.rfc-ignorant.org permit smtpd_sasl_auth_enable = yes smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unverified_sender, permit unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/usr/local/etc/postfix/valias.txt virtual_gid_maps = static:1000 virtual_mailbox_base = /var/spool/vmail virtual_mailbox_domains = /usr/local/etc/postfix/vhost.txt virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmaps.txt virtual_uid_maps = static:1000
Re: postfix logs, spams and bounce messages
I did the modification and it seems it work better. Since that modification I got no message rejected from yahoo. 1. Could you please explain to me why should the RBL checks be done before Sender Address Verification? And why it is not advisable to do SAV at all? 2. It is correct that my server received spams with forged yahoo address and for every spam it responded to yahoo and yahoo got upset? Thanks everybody. Victor Duchovni wrote: You are doing Sender Address Verification (reject_unverified_sender) before doing RBL checks. Fix this. Do the RBL checks first, and consider not doing SAV at all, but if you do use it, do SAV *last*. smtpd_client_restrictions = ... no reject_unverified_sender ... smtpd_helo_restrictions = ... no reject_unverified_sender ... smtpd_sender_restrictions = ... no reject_unverified_sender ... smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org ... no reject_unverified_sender ... smtpd_data_restrictions = reject_unverified_sender
header_checks & check_sender_access don't work
Hi there, I have 2 problems I want to discuss with you guys. 1. I want to block e-mails from some specific address. So I used header_checks = regexp:/usr/local/etc/postfix/header_checks and in header_checks I have: /^From: badaddr...@domain.com/ REJECT message But nothing happens. 2. I am getting spams from remote smtp servers with forged sender address (it is my address). The e-mail comes from myaddr...@mydomain.com to myaddr...@mydomain.com So, I decided to block all e-mails that come to my servers to my domains (virtual) from remote smtp servers. Fort that a added in check_sender_access hash:/usr/local/etc/postfix/access_sender in smtpd_recipient_restrictions. But surprise, today I got such a e-mail. In access_sender I have: mydomainREJECT message1 I also ran postmap access_sender. Why is that possible? What should I do? Here is the output of postconf -n command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debug_peer_list = domain.com header_checks = regexp:/usr/local/etc/postfix/header_checks html_directory = no mail_owner = postfix mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man myhostname = mail.domain.com mynetworks_style = host newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_helo_restrictions = reject_invalid_hostname permit smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_sender_access hash:/usr/local/etc/postfix/access_sender check_helo_access pcre:/usr/local/etc/postfix/helo_checks reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unverified_recipient reject_rbl_client zen.spamhaus.org, reject_rhsbl_sender dsn.rfc-ignorant.org permit smtpd_sasl_auth_enable = yes smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit soft_bounce = no unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/usr/local/etc/postfix/valias.txt virtual_gid_maps = static:1000 virtual_mailbox_base = /var/spool/vmail virtual_mailbox_domains = /usr/local/etc/postfix/vhost.txt virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmaps.txt Thank you.
Re: header_checks & check_sender_access don't work
Thank you Noel ! Your regex worked. But related the second problem, how can I block this kind of spams? Spams from remote servers From: myaddr...@myvirtualdomain.com To: myaddr...@myvirtualdomain.com? It is ok for me to block all e-mail that are comming from remote smtp servers From addres...@myvirtualdomains. I don't have tele-workers, peaple that are using other servers to relay their e-mails. Thank you one more time. Dan Noel Jones wrote: ddaas wrote: Hi there, I have 2 problems I want to discuss with you guys. 1. I want to block e-mails from some specific address. So I used header_checks = regexp:/usr/local/etc/postfix/header_checks and in header_checks I have: /^From: badaddr...@domain.com/ REJECT message But nothing happens. 2. I am getting spams from remote smtp servers with forged sender address (it is my address). The e-mail comes from myaddr...@mydomain.com to myaddr...@mydomain.com So, I decided to block all e-mails that come to my servers to my domains (virtual) from remote smtp servers. Fort that a added in check_sender_access hash:/usr/local/etc/postfix/access_sender in smtpd_recipient_restrictions. But surprise, today I got such a e-mail. In access_sender I have: mydomain REJECT message1 I also ran postmap access_sender. Your description and your postconf output seem reasonable. The only explanation for it not working as expected is that the input doesn't match your access map or header check. /^From: badaddr...@domain.com/ REJECT message instead: /^From:.*(<| )badaddr...@domain\.com/ REJECT message note matching addresses in headers is tricky (impossible with a simple regexp). This is "close", but will mis-fire on odd address constructions. In access_sender I have: mydomain REJECT message1 My assumption here is that although the From: header is your domain, the envelope sender isn't. Examining the logs will show the envelope sender. -- Noel Jones
Yahoo and spams
Hello everybody ! We have a lot of clients that have yahoo e-mails. Yahoo accept e-mail from our server but by default sort them as spams. What could it be? Does anyone know what does yahoo like or dislike? They don't have words related to spams, they are not advertisment etc. Related the keywords I think no system could sort the emails as spams. There should be something else. I post the header from such a e-mail (from yahoo): >From Myname Fri Feb 13 07:53:19 2009 Return-Path: Authentication-Results: mta301.mail.mud.yahoo.com from=mydomain.ro; domainkeys=neutral (no sig) Received: from 80.96.x.x (EHLO mail.mydomain.ro) (80.96.x.x) by mta301.mail.mud.yahoo.com with SMTP; Fri, 13 Feb 2009 07:53:21 -0800 Received: from [192.168.0.2] (unknown [95.76.x.x]) by mail.mydomain.ro (Postfix) with ESMTPA id 5779CAEBB3 for ; Fri, 13 Feb 2009 17:53:00 +0200 (EET) Message-ID: <4995976f.5000...@mydomain.ro> Date: Fri, 13 Feb 2009 17:53:19 +0200 From: Myname User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: em...@yahoo.com Subject: test Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Length: 1735 Thanks Dan
Re: Yahoo and spams
Hi, thanks. One more question: I have virtual hosting on my server. This means that the reverse dns of the server ip is ns1.mydomain.com and the EHLO hostname is mail.maindomain.com Could this be a problem? I mean the server tries to reverse the ip and it doesn't get what's in EHLO. Yes it is not a postfix issue. I wrote here because I use postifix as the e-mail server and any configuration or misconfiguration that yahoo.com doesn't like is server related. Sorry, I will not go further with this thread. Thank you mouss wrote: ddaas a écrit : Hello everybody ! We have a lot of clients that have yahoo e-mails. Yahoo accept e-mail from our server but by default sort them as spams. What could it be? Does anyone know what does yahoo like or dislike? They don't have words related to spams, they are not advertisment etc. Related the keywords I think no system could sort the emails as spams. There should be something else. if you send a lot of mail, you need to ask to be whitelisted. there's nothing else you can do and nothing we can do for you. if you can't get whitelisted, you may try asking (some of) your recipients to mark your messages as non spam. this may help you acquire a good "yahoo reputation". (yes, do that with your test accounts, but this may not be enough). of course, if some of your recipients explicitly tag your mail a spam (they hit the "this is spam" button), this will not help you... I post the header from such a e-mail (from yahoo): [snip] the only interesting thing in the headers would have been your IP and your helo name, but you obfuscated them. result: these headers are useless. anyway, this is not a postfix issue.
