Re: how to bypass milters, whitelist hosts

[fakessh]

martin f krafft a écrit :

also sprach Sahil Tandon  [2009.05.23.0037 +0200]:
Why are *_checks and *_milters not end-of-data restrictions, or 
better yet, policy services?
One example: 1.2.3.4 is rejected in an access(5) table referenced 
in smtpd_client_restrictions.  Why wait for END-OF-DATA when you 
know, in advance, that you will not accept mail from 1.2.3.4?


I don't see the relation. If milters and content checks were 
end-of-data restrictions of policy services, there is nothing 
stopping postfix from rejecting a mail at RCPT-time if an earlier 
restriction class return failure.




 HI All,
 look maybe amavisd
 check_policy_service are not allowed ( not work fine ) in my box

Re: suitable webmail

[fakessh]

On Mon, 01 Feb 2010 20:39:49 +0100, mouss  wrote:
> j debert a écrit :
>> it seems that roundcube is popular.
>> 
>> It seems to be most popular among bots as well, according to what my
>> apache logs say. I don't have roundcube but there are frequent
>> attempts to get to php scripts down in the roundcube directories. I'd
>> probably see orders of magnitude more if it weren't for fail2ban. I
>> wonder what it is that makes it so popular?
>> 
> 
> you mean things like
>   GET /roundcube-0.2//bin/msgimport
>   GET /round//bin/msgimport
>   ..
> 
> they're looking for old versions.. See
> http://asert.arbornetworks.com/2009/01/roundcube-webmail-scanning/
> http://stateofsecurity.com/?p=550
> 
> 
> Funnily enough, they don't try SSL.  (note that enforcing SSL for any
> web mail application is a good practice)


the current version of roundcube (0.3.1) does not work with the current
mod_security

I failed to get along with the rules of mod_security. 
I simply removed. 
I just read the security alert and I just delete msgimport.sh

Re: [OT] suitable webmail

[fakessh]

On Mon, 01 Feb 2010 17:17:49 -0500, Charles Marcus
 wrote:
> On 2010-02-01 4:05 PM, Stan Hoeppner wrote:
>> My Roundcube package is currently up to date, and it is a standard
>> Debian package:
>> 
>> [02:21:52][r...@greer]/$ aptitude show roundcube
>> Package: roundcube
>> New: yes
>> State: installed
>> Automatically installed: no
>> Version: 0.2.2-1~bpo50+1
> 
> Eh? 0.3.1 is the current version, so how is 0.2.2 'up to date'?

attention

0.3.1 is the current version , so 0.2.2 is 'up to date'

my postfix are banned ALERTE VIRii

[fakessh]

1 messages rejected with banned file names.
 
 Banned File Names:
.exe,.exe-unix,scellius_600_PLUGIN_linux-2.6.9/bin/request: 1 Times(s)
From:
   209.85.220.217  1 Time(s)
 
ALERTE ALERTE Virii

Re: Reject_unlisted_recipient issue

[fakessh]

just for example my mta return other 

> ===
> $ telnet localhost 25
> ...
> 220 mx.netoyen.net ESMTP Postfix
> EHLO some.host.example
> ...
> MAIL FROM:<>
> 250 2.1.0 Ok
> RCPT TO:
> 250 2.1.5 Ok
> RCPT TO:
> 550 5.1.1 : Recipient address rejected: User
> unknown
> DATA
> 354 End data with .
> Subject: test
> 
> test
> .
> 250 2.0.0 Ok: queued as 093A7E54898
> quit
> 221 2.0.0 Bye
> 
> 
> # tail -f /var/log/maillog
> ...
> ...: 093A7E54898: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1
> : Recipient address rejected: User unknown;
> from=<> to= ...
> ...
> ...: 48517E54871: from=<>, size=624, nrcpt=1 (queue active)
> ...: deliver(mo...@netoyen.net): sieve: msgid=unspecified: stored mail
> into mailbox 'INBOX'
> ...: 48517E54871: to=, relay=dovecot, delay=0.03,
> delays=0.01/0.02/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot
> service)
> ...: 48517E54871: removed
> 
> as you can see, logs say the message was delivered. and I can read it
> with my MUA.



[r...@r13151 ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 r13151.ovh.net ESMTP Postfix (2.5.1)
helo fakessh.eu
250 r13151.ovh.net
mail from:<>
250 2.1.0 Ok
rcpt to:
250 2.1.5 Ok
data
354 End data with .

.
550 5.7.1 can't identify domain in `MAILER-DAEMON'
quit
221 2.0.0 Bye
Connection closed by foreign host.
[r...@r13151 ~]# 

Mar 19 22:09:00 r13151 postfix/qmgr[11363]: F0C69580BC: removed
Mar 19 22:09:04 r13151 postfix/smtpd[26523]: connect from
localhost.localdomain[127.0.0.1]
Mar 19 22:09:57 r13151 postfix/smtpd[26523]: 16AB057F74:
client=localhost.localdomain[127.0.0.1]
Mar 19 22:10:11 r13151 postfix/cleanup[26527]: 16AB057F74:
message-id=<20100319210957.16ab057...@r13151.ovh.net>
Mar 19 22:10:11 r13151 sid-filter[11203]:  can't determine
responsible domain from `MAILER-DAEMON'
Mar 19 22:10:11 r13151 postfix/cleanup[26527]: 16AB057F74: milter-reject:
END-OF-MESSAGE from localhost.localdomain[127.0.0.1]: 5.7.1 can't identify
domain in `MAILER-DAEMON'; from=<> to= proto=SMTP
helo=
Mar 19 22:11:10 r13151 dovecot: imap-login: Login: user=,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
Mar 19 22:11:11 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out

Fwd: Re: Consolidating Virtual Domain Delivery

[fakessh]

 Original Message 
Subject: Re: Consolidating Virtual Domain Delivery
Date: Mon, 29 Mar 2010 00:14:43 +0200
From: fakessh 
To: "Roderick A. Anderson" 

On Sun, 28 Mar 2010 15:00:08 -0700, "Roderick A. Anderson"
 wrote:
> Daniel L'Hommedieu wrote:
>> On Mar 28, 2010, at 15:23, Wietse Venema wrote:
>>> BTW, Postfix 2.3 is no longer maintained. It is almost four years old.
>> 
>> Wietse,
>> 
>> After seeing this comment, I decided to see what versions of postfix I
>> have installed.  The RPM available for both CentOS 5 and RHEL5 is
>> "postfix-2.3.3-2.1.el5_2."  It's interesting that both of these Linux
>> versions offer a version of postfix that is so old...
>> 
>> Maybe I need to look into maintaining postfix manually...
> 
> Please see the thread starting on 23-Mar-2010 "Should I update Postfix?"

> which discusses this.
> 
> 
> \\||/
> Rod


there are specially built rpm for redhat

http://www.linuxmail.info/postfix-rpm-packages/
http://ftp.wl0.org/official/2.5/RPMS-rhel5-i386/
http://ftp.sanguine.net/pub/postfix/official/2.5/RPMS-rhel5-i386/

I use successfully
[r...@r13151 ~]# rpm -qa | grep postfix
postfix-2.5.1-1.mysql.sasl2.vda.rhel5

on my little machine in France


   fakessh

catch-all not working with postfix dovecot lda

[fakessh]

hello all
hello list
hello much many people
hello wieste

the catch-all does not seem to work. 
I, however, a proper definition of it in /etc/postfix/virtual

postconf -n
[r...@r13151 ~]# postconf -n
alias_maps = hash:/etc/aliases
body_checks = regexp:/etc/postfix/body_checks.cf
bounce_notice_recipient = postmaster
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = dksign:[127.0.0.1]:10028
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
double_bounce_sender = no
header_checks = regexp:/etc/postfix/header_checks.cf
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix-2.5.1-documentation/html
in_flow_delay = 10
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maps_rbl_domains = bl.spamcop.net
mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
mydestination = $myhostname, localhost.$mydomain,
localhost,$mydomain,fakessh.eu,renelacroute.fr,nicolaspichot.fr
mydomain = fakessh.eu
mynetworks = 127.0.0.0/8 ,87.98.186.232
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
queue_run_delay = 2000s
readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme
recipient_delimiter = +
relay_domains = 
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_loglevel = 3
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions =
permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
reject_non_fqdn_recipient ,  permit
smtpd_milters = inet:[127.0.0.1]:10040
smtpd_recipient_restrictions = permit_mynetworks  permit_inet_interfaces
permit_sasl_authenticated  reject_unverified_recipient
reject_non_fqdn_sender reject_non_fqdn_recipient
reject_unknown_sender_domain reject_unknown_recipient_domain
reject_unknown_reverse_client_hostname reject_unauth_destination
reject_unauth_pipelining reject_rbl_client zen.spamhaus.org
reject_sender_login_mismatch check_policy_service unix:postgrey/socket
check_sender_access hash:/etc/postfix/check_backscatterer
check_sender_access hash:/etc/postfix/check_spamcannibal
check_policy_service unix:private/spfpolicy reject_rbl_client
bl.spamcop.net reject_rhsbl_sender  dbl.spamhaus.org  reject_rbl_client
cbl.abuseat.org  reject_rbl_client b.barracudacentral.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/cert.csr.p12
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/newcerts/01.pem
smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains = fakessh.eu renelacroute.fr nicolaspichot.fr
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = dovecot

Re: catch-all not working with postfix dovecot lda

[fakessh]

On Tue, 13 Apr 2010 16:02:01 -0500, Noel Jones 
wrote:
> On 4/13/2010 3:34 PM, fakessh wrote:
>> hello all
>> hello list
>> hello much many people
>> hello wieste
>>
>> the catch-all does not seem to work.
> 
> Doesn't work in what way?  Show logs of what happens vs. what 
> you expect to happen.


Apr 13 23:29:51 r13151 dovecot: imap-login: Login: user=,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
Apr 13 23:29:51 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
bytes=8/331
Apr 13 23:29:51 r13151 dovecot: imap-login: Login: user=,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
Apr 13 23:29:52 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
bytes=329/5780
Apr 13 23:31:35 r13151 postfix/smtpd[5501]: connect from
web24304.mail.ird.yahoo.com[87.248.114.201]
Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not list
domain fakessh.eu in BOTH mydestination and virtual_alias_domains
Apr 13 23:31:35 r13151 postfix/smtpd[5501]: NOQUEUE: reject: RCPT from
web24304.mail.ird.yahoo.com[87.248.114.201]: 450 4.1.1 :
Recipient address rejected: undeliverable address: unknown user: "catch";
from= to= proto=SMTP
helo=
Apr 13 23:31:35 r13151 postfix/smtpd[5501]: disconnect from
web24304.mail.ird.yahoo.com[87.248.114.201]

> 
>> I, however, a proper definition of it in /etc/postfix/virtual
> 
> Please show the contents of that file.
> 

fake...@fakessh.eu fakessh
se...@fakessh.eu   serge
webm...@fakessh.eu webmail
renelacro...@renelacroute.fr renelacroute
postmas...@renelacroute.fr   renelacroute
nicolaspic...@nicolaspichot.frnicolaspichot
postmas...@nicolaspichot.fr   nicolaspichot
ab...@fakessh.eu  root
ab...@renelacroute.fr root
ab...@nicolaspichot.frroot
@fakessh  root
@renelacroute.fr  root
@nicolaspichot.fr root
postmas...@fakessh.eu root


> 
>-- Noel Jones
> 
> 
>>
>> postconf -n
>> [r...@r13151 ~]# postconf -n
>> alias_maps = hash:/etc/aliases
>> body_checks = regexp:/etc/postfix/body_checks.cf
>> bounce_notice_recipient = postmaster
>> broken_sasl_auth_clients = yes
>> command_directory = /usr/sbin
>> config_directory = /etc/postfix
>> content_filter = dksign:[127.0.0.1]:10028
>> daemon_directory = /usr/libexec/postfix
>> data_directory = /var/lib/postfix
>> debug_peer_level = 2
>> default_privs = nobody
>> double_bounce_sender = no
>> header_checks = regexp:/etc/postfix/header_checks.cf
>> home_mailbox = Maildir/
>> html_directory = /usr/share/doc/postfix-2.5.1-documentation/html
>> in_flow_delay = 10
>> inet_interfaces = all
>> mail_owner = postfix
>> mail_spool_directory = /var/spool/mail
>> mailbox_command = /usr/libexec/dovecot/deliver
>> mailq_path = /usr/bin/mailq.postfix
>> manpage_directory = /usr/share/man
>> maps_rbl_domains = bl.spamcop.net
>> mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
>> mydestination = $myhostname, localhost.$mydomain,
>> localhost,$mydomain,fakessh.eu,renelacroute.fr,nicolaspichot.fr
>> mydomain = fakessh.eu
>> mynetworks = 127.0.0.0/8 ,87.98.186.232
>> myorigin = $mydomain
>> newaliases_path = /usr/bin/newaliases.postfix
>> queue_directory = /var/spool/postfix
>> queue_run_delay = 2000s
>> readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme
>> recipient_delimiter = +
>> relay_domains =
>> sample_directory = /usr/share/doc/postfix-2.3.3/samples
>> sendmail_path = /usr/sbin/sendmail.postfix
>> setgid_group = postdrop
>> smtp_sasl_security_options = noanonymous
>> smtp_sasl_tls_security_options = noanonymous
>> smtp_sender_dependent_authentication = yes
>> smtp_tls_loglevel = 3
>> smtp_tls_session_cache_database =
>> btree:/var/lib/postfix/smtp_tls_session_cache
>> smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
>> smtpd_client_restrictions =
>>
permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
>> reject_non_fqdn_recipient ,  permit
>> smtpd_milters = inet:[127.0.0.1]:10040
>> smtpd_recipient_restrictions = permit_mynetworks 
permit_inet_interfaces
>> permit_sasl_authenticated  reject_unverified_recipient
>> reject_non_fqdn_sender reject_non_fqdn_recipient
>> reject_unknown_sender_domain reject_unknown_recipient_domain
>> reject_unknown_reverse_client_hostname reject_unauth_destination
>> reject_unauth_pipelining reject_rbl_client zen.spamhaus.org
>> reject_sender_login_mismatch check_policy_service unix:postgrey/socket
>>

Re: catch-all not working with postfix dovecot lda

[fakessh]

On Tue, 13 Apr 2010 18:38:28 -0300, Egberto Monteiro
 wrote:
> Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not
list
> domain fakessh.eu in *BOTH *mydestination and virtual_alias_domains
> 
> 
> 

this error I do not know how to correct
my mail server work correctly with that error


> fakessh wrote:
>> On Tue, 13 Apr 2010 16:02:01 -0500, Noel Jones 
>> wrote:
>>   
>>> On 4/13/2010 3:34 PM, fakessh wrote:
>>> 
>>>> hello all
>>>> hello list
>>>> hello much many people
>>>> hello wieste
>>>>
>>>> the catch-all does not seem to work.
>>>>   
>>> Doesn't work in what way?  Show logs of what happens vs. what 
>>> you expect to happen.
>>> 
>>
>>
>> Apr 13 23:29:51 r13151 dovecot: imap-login: Login: user=,
>> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
>> Apr 13 23:29:51 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
>> bytes=8/331
>> Apr 13 23:29:51 r13151 dovecot: imap-login: Login: user=,
>> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
>> Apr 13 23:29:52 r13151 dovecot: IMAP(fakessh): Disconnected: Logged out
>> bytes=329/5780
>> Apr 13 23:31:35 r13151 postfix/smtpd[5501]: connect from
>> web24304.mail.ird.yahoo.com[87.248.114.201]
>> Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not
>> list
>> domain fakessh.eu in BOTH mydestination and virtual_alias_domains
>> Apr 13 23:31:35 r13151 postfix/smtpd[5501]: NOQUEUE: reject: RCPT from
>> web24304.mail.ird.yahoo.com[87.248.114.201]: 450 4.1.1
>> :
>> Recipient address rejected: undeliverable address: unknown user:
"catch";
>> from= to= proto=SMTP
>> helo=
>> Apr 13 23:31:35 r13151 postfix/smtpd[5501]: disconnect from
>> web24304.mail.ird.yahoo.com[87.248.114.201]
>>
>>   
>>>> I, however, a proper definition of it in /etc/postfix/virtual
>>>>   
>>> Please show the contents of that file.
>>>
>>> 
>>
>> fake...@fakessh.eu fakessh
>> se...@fakessh.eu   serge
>> webm...@fakessh.eu webmail
>> renelacro...@renelacroute.fr renelacroute
>> postmas...@renelacroute.fr   renelacroute
>> nicolaspic...@nicolaspichot.frnicolaspichot
>> postmas...@nicolaspichot.fr   nicolaspichot
>> ab...@fakessh.eu  root
>> ab...@renelacroute.fr root
>> ab...@nicolaspichot.frroot
>> @fakessh  root
>> @renelacroute.fr  root
>> @nicolaspichot.fr root
>> postmas...@fakessh.eu root
>>
>>
>>   
>>>-- Noel Jones
>>>
>>>
>>> 
>>>> postconf -n
>>>> [r...@r13151 ~]# postconf -n
>>>> alias_maps = hash:/etc/aliases
>>>> body_checks = regexp:/etc/postfix/body_checks.cf
>>>> bounce_notice_recipient = postmaster
>>>> broken_sasl_auth_clients = yes
>>>> command_directory = /usr/sbin
>>>> config_directory = /etc/postfix
>>>> content_filter = dksign:[127.0.0.1]:10028
>>>> daemon_directory = /usr/libexec/postfix
>>>> data_directory = /var/lib/postfix
>>>> debug_peer_level = 2
>>>> default_privs = nobody
>>>> double_bounce_sender = no
>>>> header_checks = regexp:/etc/postfix/header_checks.cf
>>>> home_mailbox = Maildir/
>>>> html_directory = /usr/share/doc/postfix-2.5.1-documentation/html
>>>> in_flow_delay = 10
>>>> inet_interfaces = all
>>>> mail_owner = postfix
>>>> mail_spool_directory = /var/spool/mail
>>>> mailbox_command = /usr/libexec/dovecot/deliver
>>>> mailq_path = /usr/bin/mailq.postfix
>>>> manpage_directory = /usr/share/man
>>>> maps_rbl_domains = bl.spamcop.net
>>>> mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
>>>> mydestination = $myhostname, localhost.$mydomain,
>>>> localhost,$mydomain,fakessh.eu,renelacroute.fr,nicolaspichot.fr
>>>> mydomain = fakessh.eu
>>>> mynetworks = 127.0.0.0/8 ,87.98.186.232
>>>> myorigin = $mydomain
>>>> newaliases_path = /usr/bin/newaliases.postfix
>>>> queue_directory = /var/spool/postfix
>>>> queue_run_delay = 2000s
>>>> readme_directory = /usr/share/doc/postfix-2.5.1-documentation/readme
>>>> recipient_delimiter = +
&

catch-all not working with postfix dovecot lda

[fakessh]

fakessh a écrit :
> On Tue, 13 Apr 2010 18:38:28 -0300, Egberto Monteiro
>  wrote:
>> Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not
> list
>> domain fakessh.eu in *BOTH *mydestination and virtual_alias_domains
>>
>>
>>
> 
> this error I do not know how to correct
> my mail server work correctly with that error
> 

the warning really means what it says!

you have

mydestination = $myhostname, localhost.$mydomain,
localhost,$mydomain,fakessh.eu,renelacroute.fr,nicolaspichot.fr

virtual_alias_domains = fakessh.eu renelacroute.fr nicolaspichot.fr

so fakessh.eu is in mydestination and in virtual_alias_domains. and the
warning says it should not.

consider reading the docs about address classes. a domain should only
belong to _one_ class.

> (snip]


i correct warning on my log postfix

Apr 14 16:17:13 r13151 dkimproxy.out[813]: DKIM signing - skipped;
message-id=<433688.53298...@web24306.mail.ird.yahoo.com>,
from= 
Apr 14 16:17:13 r13151 postfix/cleanup[8636]: DD2D3580BE:
message-id=<433688.53298...@web24306.mail.ird.yahoo.com>
Apr 14 16:17:13 r13151 postfix/cleanup[8637]: DDDCD580BF:
message-id=<433688.53298...@web24306.mail.ird.yahoo.com>
Apr 14 16:17:14 r13151 postfix/smtp[8638]: E0AE157F74:
to=, relay=127.0.0.1[127.0.0.1]:10028, delay=2.7,
delays=1.7/0.44/0.12/0.36, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
DD2D3580BE)
Apr 14 16:17:14 r13151 postfix/smtpd[8640]: disconnect from
localhost.localdomain[127.0.0.1]
Apr 14 16:17:14 r13151 postfix/qmgr[8067]: DD2D3580BE:
from=, size=2771, nrcpt=1 (queue active)
Apr 14 16:17:14 r13151 postfix/qmgr[8067]: E0AE157F74: removed
Apr 14 16:17:14 r13151 postfix/qmgr[8067]: DDDCD580BF:
from=, size=2777, nrcpt=1 (queue active)
Apr 14 16:17:14 r13151 postfix/smtp[8639]: 137D0580A5:
to=, relay=127.0.0.1[127.0.0.1]:10028, delay=2.7,
delays=2/0.13/0.11/0.46, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
DDDCD580BF)
Apr 14 16:17:14 r13151 postfix/smtpd[8641]: disconnect from
localhost.localdomain[127.0.0.1]
Apr 14 16:17:14 r13151 postfix/qmgr[8067]: 137D0580A5: removed
Apr 14 16:17:14 r13151 clamd[7779]: No stats for Database check - forcing
reload 
Apr 14 16:17:15 r13151 clamd[7779]: Reading databases from /var/clamav 
Apr 14 16:17:32 r13151 postfix/smtpd[8180]: timeout after END-OF-MESSAGE
from localhost.localdomain[127.0.0.1]
Apr 14 16:17:32 r13151 postfix/smtpd[8180]: disconnect from
localhost.localdomain[127.0.0.1]
Apr 14 16:17:45 r13151 clamd[7779]: Database correctly reloaded (1459785
signatures) 
Apr 14 16:17:46 r13151 postfix/smtpd[8180]: connect from
localhost.localdomain[127.0.0.1]
Apr 14 16:17:46 r13151 postfix/smtpd[8652]: connect from
localhost.localdomain[127.0.0.1]
Apr 14 16:17:47 r13151 postfix/smtpd[8180]: 01B0857F74:
client=localhost.localdomain[127.0.0.1]
Apr 14 16:17:47 r13151 postfix/smtpd[8652]: 233AA580A5:
client=localhost.localdomain[127.0.0.1]
Apr 14 16:17:47 r13151 postfix/cleanup[8636]: 01B0857F74:
message-id=<433688.53298...@web24306.mail.ird.yahoo.com>
Apr 14 16:17:47 r13151 postfix/cleanup[8637]: 233AA580A5:
message-id=<433688.53298...@web24306.mail.ird.yahoo.com>
Apr 14 16:17:47 r13151 postfix/smtpd[8180]: disconnect from
localhost.localdomain[127.0.0.1]
Apr 14 16:17:47 r13151 postfix/qmgr[8067]: 01B0857F74:
from=, size=3397, nrcpt=1 (queue active)
Apr 14 16:17:47 r13151 postfix/smtpd[8653]: connect from
localhost.localdomain[127.0.0.1]
Apr 14 16:17:48 r13151 postfix/smtpd[8652]: disconnect from
localhost.localdomain[127.0.0.1]
Apr 14 16:17:48 r13151 postfix/smtpd[8180]: connect from
localhost.localdomain[127.0.0.1]
Apr 14 16:17:48 r13151 postfix/qmgr[8067]: 233AA580A5:
from=, size=3397, nrcpt=1 (queue active)
Apr 14 16:17:48 r13151 postfix/smtpd[8180]: A38B5580C7:
client=localhost.localdomain[127.0.0.1]
Apr 14 16:17:48 r13151 postfix/smtpd[8653]: 4BE35580C3:
client=localhost.localdomain[127.0.0.1]
Apr 14 16:17:48 r13151 postfix/cleanup[8637]: A38B5580C7:
message-id=<433688.53298...@web24306.mail.ird.yahoo.com>
Apr 14 16:17:48 r13151 postfix/cleanup[8636]: 4BE35580C3:
message-id=<433688.53298...@web24306.mail.ird.yahoo.com>
Apr 14 16:17:48 r13151 postfix/smtpd[8653]: disconnect from
localhost.localdomain[127.0.0.1]
Apr 14 16:17:48 r13151 postfix/qmgr[8067]: 4BE35580C3: from=<>, size=3144,
nrcpt=1 (queue active)
Apr 14 16:17:48 r13151 postfix/smtpd[8180]: disconnect from
localhost.localdomain[127.0.0.1]
Apr 14 16:17:48 r13151 postfix/qmgr[8067]: A38B5580C7: from=<>, size=3138,
nrcpt=1 (queue active)
Apr 14 16:17:48 r13151 amavis[7681]: (07681-04) Passed CLEAN, [127.0.0.1]
[90.30.121.52]  -> ,
Message-ID: <433688.53298...@web24306.mail.ird.yahoo.com>, mail_id:
4rtJcaei-Lv3, Hits: 0.001, size: 2942, queued_as: 233AA580A5, 34627 ms
Apr 14 16:17:49 r13151 postfix/lmtp[8644]: DD2D3580BE:
to=, orig_to=,
relay=127.0.0.1[127.0.0.1]:10024, delay=35, delays=0.41/0.05/0.01/35,
dsn=2.0.0, status=sent (250 2.0.0

Re: catch-all not working with postfix dovecot lda

[fakessh]

On Wed, 14 Apr 2010 15:07:51 +, d.h...@yournetplus.com wrote:
> Quoting fakessh :
> 
>> fakessh a écrit :
>>> On Tue, 13 Apr 2010 18:38:28 -0300, Egberto Monteiro
>>>  wrote:
>>>> Apr 13 23:31:35 r13151 postfix/trivial-rewrite[5504]: warning: do not
>>> list
>>>> domain fakessh.eu in *BOTH *mydestination and virtual_alias_domains
>>>>
>>>>
>>>>
>>>
>>> this error I do not know how to correct
>>> my mail server work correctly with that error
>>>
>>
>> the warning really means what it says!
>>
>> you have
>>
>> mydestination = $myhostname, localhost.$mydomain,
>> localhost,$mydomain,fakessh.eu,renelacroute.fr,nicolaspichot.fr
>>
>> virtual_alias_domains = fakessh.eu renelacroute.fr nicolaspichot.fr
>>
>> so fakessh.eu is in mydestination and in virtual_alias_domains. and the
>> warning says it should not.
>>
>> consider reading the docs about address classes. a domain should only
>> belong to _one_ class.
>>
>>> (snip]
>>
>>
>> i correct warning on my log postfix
>>
> 
> [snip]
> 
>> Apr 14 16:19:32 r13151 postfix/cleanup[8771]: warning: regexp map
>> /etc/postfix/body_checks.cf, line 570: unknown regexp option "p":
>> skipping
>> this rule
> 
> Not that this may or may not pertain to the issue, you need to correct
> this.
> 
> [snip]


correct to this error
my log

Apr 14 19:41:29 r13151 postfix/smtpd[17760]: connect from
web24306.mail.ird.yahoo.com[87.248.114.203]
Apr 14 19:41:29 r13151 postfix/cleanup[17766]: B038F57F6F:
message-id=<20100414174129.b038f57...@r13151.ovh.net>
Apr 14 19:41:29 r13151 postfix/qmgr[17715]: B038F57F6F:
from=, size=252, nrcpt=1 (queue active)
Apr 14 19:41:29 r13151 postfix/local[17767]: B038F57F6F:
to=, orig_to=, relay=local,
delay=0.15, delays=0.14/0.01/0/0, dsn=2.0.0, status=deliverable (delivers
to command: /usr/libexec/dovecot/deliver)
Apr 14 19:41:29 r13151 postfix/qmgr[17715]: B038F57F6F: removed
Apr 14 19:41:32 r13151 postgrey[838]: action=pass, reason=client
whitelist, client_name=web24306.mail.ird.yahoo.com,
client_address=87.248.114.203, sender=swiltingse...@yahoo.fr,
recipient=fake...@fakessh.eu 
Apr 14 19:41:33 r13151 postfix/policy-spf[17769]: : SPF none (No
applicable sender policy available): Envelope-from: swiltingse...@yahoo.fr 
Apr 14 19:41:33 r13151 postfix/policy-spf[17769]: handler
sender_policy_framework: is decisive. 
Apr 14 19:41:33 r13151 postfix/policy-spf[17769]: : Policy action=PREPEND
Received-SPF: none (yahoo.fr: No applicable sender policy available)
receiver=r13151.ovh.net; identity=mailfrom;
envelope-from="swiltingse...@yahoo.fr"; helo=web24306.mail.ird.yahoo.com;
client-ip=87.248.114.203 
Apr 14 19:41:33 r13151 postfix/smtpd[17760]: D7AAB57F6F:
client=web24306.mail.ird.yahoo.com[87.248.114.203]
Apr 14 19:41:33 r13151 postfix/cleanup[17766]: D7AAB57F6F:
message-id=<675502.96820...@web24306.mail.ird.yahoo.com>
Apr 14 19:41:34 r13151 postfix/qmgr[17715]: D7AAB57F6F:
from=, size=2301, nrcpt=1 (queue active)
Apr 14 19:41:34 r13151 dkimproxy.out[814]: connect from 127.0.0.1 
Apr 14 19:41:34 r13151 postfix/smtpd[17760]: disconnect from
web24306.mail.ird.yahoo.com[87.248.114.203]
Apr 14 19:41:34 r13151 postfix/smtpd[17774]: connect from
localhost.localdomain[127.0.0.1]
Apr 14 19:41:34 r13151 postfix/smtp[17773]: discarding EHLO keywords:
8BITMIME STARTTLS
Apr 14 19:41:34 r13151 postfix/smtpd[17774]: 3A32457F71:
client=web24306.mail.ird.yahoo.com[87.248.114.203]:34226
Apr 14 19:41:34 r13151 dkimproxy.out[814]: DKIM signing - skipped;
message-id=<675502.96820...@web24306.mail.ird.yahoo.com>,
from= 
Apr 14 19:41:34 r13151 postfix/cleanup[17766]: 3A32457F71:
message-id=<675502.96820...@web24306.mail.ird.yahoo.com>
Apr 14 19:41:34 r13151 postfix/qmgr[17715]: 3A32457F71:
from=, size=2703, nrcpt=1 (queue active)
Apr 14 19:41:34 r13151 postfix/smtp[17773]: D7AAB57F6F:
to=, relay=127.0.0.1[127.0.0.1]:10028, delay=4.8,
delays=4.5/0.01/0.06/0.26, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
3A32457F71)
Apr 14 19:41:34 r13151 postfix/smtpd[17774]: disconnect from
localhost.localdomain[127.0.0.1]
Apr 14 19:41:34 r13151 postfix/qmgr[17715]: D7AAB57F6F: removed
Apr 14 19:41:34 r13151 postfix/smtpd[17778]: connect from
localhost.localdomain[127.0.0.1]
Apr 14 19:41:34 r13151 postfix/smtpd[17778]: A7C4457F6F:
client=localhost.localdomain[127.0.0.1]
Apr 14 19:41:34 r13151 postfix/cleanup[17766]: A7C4457F6F:
message-id=<675502.96820...@web24306.mail.ird.yahoo.com>
Apr 14 19:41:34 r13151 postfix/smtpd[17778]: disconnect from
localhost.localdomain[127.0.0.1]
Apr 14 19:41:34 r13151 postfix/qmgr[17715]: A7C4457F6F:
from=, size=3329, nrcpt=1 (queue active)
Apr 14 19:41:34 r13151 postfix/smtpd[17778]: connect from

Re: catch-all not working with postfix dovecot lda

[fakessh]

On Wed, 14 Apr 2010 14:12:25 -0400, Charles Marcus
 wrote:
> On 2010-04-14 1:47 PM, fakessh wrote:
>> correct to this error
>> my log
> 
> Please do NOT send verbose logs unless requested to do so...
> 
> Disable verbose logging, and then provide a complete log transaction of
> ONLY one message exhibiting the problem.


Apr 14 20:44:29 r13151 postfix/smtpd[21005]: connect from
web24305.mail.ird.yahoo.com[87.248.114.202]
Apr 14 20:44:29 r13151 postfix/smtpd[21005]: NOQUEUE: reject: RCPT from
web24305.mail.ird.yahoo.com[87.248.114.202]: 450 4.1.1 :
Recipient address rejected: undeliverable address: User unknown in virtual
alias table; from= to= proto=SMTP
helo=
Apr 14 20:44:29 r13151 postfix/smtpd[21005]: disconnect from
web24305.mail.ird.yahoo.com[87.248.114.202]

Re: catch-all not working with postfix dovecot lda

[fakessh]

On Wed, 14 Apr 2010 13:50:34 -0500, Noel Jones 
wrote:
> On 4/14/2010 1:45 PM, fakessh wrote:
>> On Wed, 14 Apr 2010 14:12:25 -0400, Charles Marcus
>>   wrote:


I changed the entries @fakessh to r...@localhost in /etc/postfix/virtual 
postmap then a file  to 
the postfix restart. 

all without success, or rather the same mistake




>> Apr 14 20:44:29 r13151 postfix/smtpd[21005]: connect from
>> web24305.mail.ird.yahoo.com[87.248.114.202]
>> Apr 14 20:44:29 r13151 postfix/smtpd[21005]: NOQUEUE: reject: RCPT from
>> web24305.mail.ird.yahoo.com[87.248.114.202]: 450
4.1.1:
>> Recipient address rejected: undeliverable address: User unknown in
>> virtual
>> alias table; from=  to= 
>> proto=SMTP
>> helo=
>> Apr 14 20:44:29 r13151 postfix/smtpd[21005]: disconnect from
>> web24305.mail.ird.yahoo.com[87.248.114.202]
>>
> 
> As documented, virtual_alias_domains must be rewritten to a 
> different domain.  Change your virtual_alias_maps entry to
> @fakessh.eu  r...@localhost
> 
>-- Noel Jones

Re: catch-all not working with postfix dovecot lda

[fakessh]

On Thu, 15 Apr 2010 08:33:43 -0500, Noel Jones 
wrote:
> On 4/14/2010 3:42 PM, fakessh wrote:
>> On Wed, 14 Apr 2010 13:50:34 -0500, Noel Jones
>> wrote:
>>> On 4/14/2010 1:45 PM, fakessh wrote:
>>>> On Wed, 14 Apr 2010 14:12:25 -0400, Charles Marcus
>>>>    wrote:
>>
>>
>> I changed the entries @fakessh to r...@localhost in
/etc/postfix/virtual
>> postmap then a file  to
>> the postfix restart.
>>
>> all without success, or rather the same mistake
> 
> Then post your new "postconf -n", log entries showing the 
> problem, and file contents.


my postcon -n
[r...@r13151 ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
body_checks = regexp:/etc/postfix/body_checks.cf
bounce_notice_recipient = postmaster
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = dksign:[127.0.0.1]:10028
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_privs = nobody
double_bounce_sender = no
header_checks = regexp:/etc/postfix/header_checks.cf
home_mailbox = Maildir/
html_directory = no
in_flow_delay = 10
inet_interfaces = all
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maps_rbl_domains = bl.spamcop.net
mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
mydestination = $myhostname, localhost.$mydomain
mydomain = r13151.ovh.net
mynetworks = 127.0.0.0/8 ,87.98.186.232
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_run_delay = 2000s
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_delimiter = +
relay_domains = 
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_loglevel = 3
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions =
permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
reject_non_fqdn_recipient ,  permit
smtpd_milters = inet:[127.0.0.1]:10040
smtpd_recipient_restrictions = permit_mynetworks  permit_inet_interfaces
permit_sasl_authenticated  reject_unverified_recipient
reject_non_fqdn_sender reject_non_fqdn_recipient
reject_unknown_sender_domain reject_unknown_recipient_domain
reject_unknown_reverse_client_hostname reject_unauth_destination
reject_unauth_pipelining reject_rbl_client zen.spamhaus.org
reject_sender_login_mismatch check_policy_service unix:postgrey/socket
check_sender_access hash:/etc/postfix/check_backscatterer 
check_policy_service unix:private/spfpolicy reject_rbl_client
bl.spamcop.net reject_rhsbl_sender  dbl.spamhaus.org  reject_rbl_client
cbl.abuseat.org  reject_rbl_client b.barracudacentral.org
smtpd_reject_unlisted_sender = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/sub.class4.server.ca.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/newcerts/01.pem
smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains = fakessh.eu renelacroute.fr nicolaspichot.fr
virtual_alias_maps = hash:/etc/postfix/virtual

> 
> But you already have all the information you need to fix this 
> yourself.
> 
> Key points are
> 1) use fully qualified names in virtual_alias_maps. ie.
> u...@example1.com   u...@example2.com
> 
> *not*
> u...@example1.com   user

my jed /etc/postfix/virtual
#
# AUTHOR(S)
#Wietse Venema
#IBM T.J. Watson Research
#P.O. Box 704
#Yorktown Heights, NY 10598, USA
#
#
VIRTUAL(5$
postmas...@fakessh.eu   r...@localhost.r13151.ovh.net
fake...@fakessh.eu fake...@localhost.r13151.ovh.net
webm...@fakessh.eu webm...@localhost.r13151.ovh.net
se...@fakessh.eu   se...@localhost.r13151.ovh.net
@fakessh   r...@localhost.r13151.ovh.net
renelacro...@renelacroute.fr renelacro...@localhost.r13151.ovh.net
@renelacroute.fr   r...@localhost.r13151.ovh.net
postmas...@renelacroute.fr   r...@localhost.r13151.ovh.net
nicolaspic...@nicolaspichot.fr   nicolaspic...@localhost.r13151.ovh.net
@nicolaspichot.fr   r...@localhost.r13151.ovh.net


> 
> 2) if you want local delivery of the mail, the new domain m

Re: catch-all not working with postfix dovecot lda

[fakessh]

On Fri, 16 Apr 2010 00:26:25 +0200, fakessh  wrote:
> On Thu, 15 Apr 2010 08:33:43 -0500, Noel Jones 
> wrote:
>> On 4/14/2010 3:42 PM, fakessh wrote:
>>> On Wed, 14 Apr 2010 13:50:34 -0500, Noel Jones
>>> wrote:
>>>> On 4/14/2010 1:45 PM, fakessh wrote:
>>>>> On Wed, 14 Apr 2010 14:12:25 -0400, Charles Marcus
>>>>>wrote:
>>>
>>>
>>> I changed the entries @fakessh to r...@localhost in
> /etc/postfix/virtual
>>> postmap then a file  to
>>> the postfix restart.
>>>
>>> all without success, or rather the same mistake
>> 
>> Then post your new "postconf -n", log entries showing the 
>> problem, and file contents.
> 
> 
> my postcon -n
> [r...@r13151 ~]# postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> body_checks = regexp:/etc/postfix/body_checks.cf
> bounce_notice_recipient = postmaster
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = dksign:[127.0.0.1]:10028
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> default_privs = nobody
> double_bounce_sender = no
> header_checks = regexp:/etc/postfix/header_checks.cf
> home_mailbox = Maildir/
> html_directory = no
> in_flow_delay = 10
> inet_interfaces = all
> mail_spool_directory = /var/spool/mail
> mailbox_command = /usr/libexec/dovecot/deliver
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> maps_rbl_domains = bl.spamcop.net
> mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
> mydestination = $myhostname, localhost.$mydomain
> mydomain = r13151.ovh.net
> mynetworks = 127.0.0.0/8 ,87.98.186.232
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> queue_run_delay = 2000s
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
> recipient_delimiter = +
> relay_domains = 
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_sasl_security_options = noanonymous
> smtp_sasl_tls_security_options = noanonymous
> smtp_sender_dependent_authentication = yes
> smtp_tls_loglevel = 3
> smtp_tls_session_cache_database =
> btree:/var/lib/postfix/smtp_tls_session_cache
> smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
> smtpd_client_restrictions =
>
permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
> reject_non_fqdn_recipient ,  permit
> smtpd_milters = inet:[127.0.0.1]:10040
> smtpd_recipient_restrictions = permit_mynetworks  permit_inet_interfaces
> permit_sasl_authenticated  reject_unverified_recipient
> reject_non_fqdn_sender reject_non_fqdn_recipient
> reject_unknown_sender_domain reject_unknown_recipient_domain
> reject_unknown_reverse_client_hostname reject_unauth_destination
> reject_unauth_pipelining reject_rbl_client zen.spamhaus.org
> reject_sender_login_mismatch check_policy_service unix:postgrey/socket
> check_sender_access hash:/etc/postfix/check_backscatterer 
> check_policy_service unix:private/spfpolicy reject_rbl_client
> bl.spamcop.net reject_rhsbl_sender  dbl.spamhaus.org  reject_rbl_client
> cbl.abuseat.org  reject_rbl_client b.barracudacentral.org
> smtpd_reject_unlisted_sender = no
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/auth
> smtpd_sasl_type = dovecot
> smtpd_tls_CAfile = /etc/pki/tls/sub.class4.server.ca.pem
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/pki/tls/newcerts/01.pem
> smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_database =
> btree:/var/lib/postfix/smtpd_tls_session_cache
> smtpd_use_tls = yes
> soft_bounce = no
> tls_random_source = dev:/dev/urandom
> unknown_local_recipient_reject_code = 550
> virtual_alias_domains = fakessh.eu renelacroute.fr nicolaspichot.fr
> virtual_alias_maps = hash:/etc/postfix/virtual
> 
>> 
>> But you already have all the information you need to fix this 
>> yourself.
>> 
>> Key points are
>> 1) use fully qualified names in virtual_alias_maps. ie.
>> u...@example1.com   u...@example2.com
>> 
>> *not*
>> u...@example1.com   user
> 
> my jed /etc/postfix/virtual
> #
> # AUTHOR(S)
> #Wietse Venema
> #IBM T.J. Watson Research
> #P.O. Box 704
> #Yorktown Heights, NY 10598, USA
> #
> #
> VIRTUAL(5$
> postmas...@fakessh.eu   r.

Re: [Dovecot] catch-all not working with postfix dovecot lda

[fakessh]

On Fri, 16 Apr 2010 09:07:55 +1000, Noel Butler 
wrote:
> Postfix must first "know the user(s)"
> therefore this isa  postfix issue and not dovecot
> dovecot deliver assumes the MTA has verified the user to accept mail
> from and does not do further authentication
> 
> 

how to build a catch-all with dovecot lda
the question then. is not a postfix issue

> On Fri, 2010-04-16 at 01:00 +0200, fakessh wrote:
> 
>> its tha archive to the cross post to postfix-users
>> help me
>> 
>> http://www.mail-archive.com/postfix-users@postfix.org/msg22963.html
>> 
>> 
>> 
>> On Fri, 16 Apr 2010 00:26:25 +0200, fakessh  wrote:
>> 
>> On Thu, 15 Apr 2010 08:33:43 -0500, Noel Jones
>>  wrote:
>> 
>> On 4/14/2010 3:42 PM, fakessh wrote:
>> 
>> On Wed, 14 Apr 2010 13:50:34 -0500, Noel
>> Jones wrote:
>> 
>> On 4/14/2010 1:45 PM, fakessh wrote:
>> 
>> On Wed, 14 Apr 2010 14:12:25 -0400, Charles Marcus
>>  wrote: 
>> 
>> I changed the entries @fakessh to r...@localhost in 
>> 
>> /etc/postfix/virtual
>> 
>> postmap then a file to the postfix restart. all without
>> success, or rather the same mistake 
>> 
>> Then post your new "postconf -n", log entries showing the
>> problem,
>> and file contents. 
>> 
>> my postcon -n [r...@r13151 ~]# postconf -n alias_database =
>> hash:/etc/aliases alias_maps = hash:/etc/aliases body_checks =
>> regexp:/etc/postfix/body_checks.cf bounce_notice_recipient = postmaster
>> broken_sasl_auth_clients = yes command_directory = /usr/sbin
>> config_directory = /etc/postfix content_filter =
dksign:[127.0.0.1]:10028
>> daemon_directory = /usr/libexec/postfix debug_peer_level = 2
>> default_privs
>> = nobody double_bounce_sender = no header_checks =
>> regexp:/etc/postfix/header_checks.cf home_mailbox = Maildir/
>> html_directory
>> = no in_flow_delay = 10 inet_interfaces = all mail_spool_directory =
>> /var/spool/mail mailbox_command = /usr/libexec/dovecot/deliver
>> mailq_path =
>> /usr/bin/mailq.postfix manpage_directory = /usr/share/man
>> maps_rbl_domains
>> = bl.spamcop.net mime_header_checks =
>> regexp:/etc/postfix/mime_header_checks.cf mydestination = $myhostname,
>> localhost.$mydomain mydomain = r13151.ovh.net mynetworks = 127.0.0.0/8
>> ,87.98.186.232 myorigin = $mydomain newaliases_path =
>> /usr/bin/newaliases.postfix queue_run_delay = 2000s readme_directory =
>> /usr/share/doc/postfix-2.3.3/README_FILES recipient_delimiter = +
>> relay_domains = sample_directory = /usr/share/doc/postfix-2.3.3/samples
>> sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop
>> smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options
=
>> noanonymous smtp_sender_dependent_authentication = yes
smtp_tls_loglevel
>> =
>> 3 smtp_tls_session_cache_database =
>> btree:/var/lib/postfix/smtp_tls_session_cache smtpd_banner =
$myhostname
>> ESMTP $mail_name ($mail_version) smtpd_client_restrictions = 
>> 
>>
permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
>> 
>> reject_non_fqdn_recipient , permit smtpd_milters =
>> inet:[127.0.0.1]:10040 smtpd_recipient_restrictions = permit_mynetworks
>> permit_inet_interfaces permit_sasl_authenticated
>> reject_unverified_recipient reject_non_fqdn_sender
>> reject_non_fqdn_recipient reject_unknown_sender_domain
>> reject_unknown_recipient_domain reject_unknown_reverse_client_hostname
>> reject_unauth_destination reject_unauth_pipelining reject_rbl_client
>> zen.spamhaus.org reject_sender_login_mismatch check_policy_service
>> unix:postgrey/socket check_sender_access
>> hash:/etc/postfix/check_backscatterer check_policy_service
>> unix:private/spfpolicy reject_rbl_client bl.spamcop.net
>> reject_rhsbl_sender
>> dbl.spamhaus.org reject_rbl_client cbl.abuseat.org reject_rbl_client
>> b.barracudacentral.org smtpd_reject_unlisted_sender = no
>> smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes
>> smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth
>> smtpd_sasl_type = dovecot smtpd_tls_CAfile =
>> /etc/pki/tls/sub.class4.server.ca.pem smtpd_tls_auth_only = yes
>> smtpd_tls_cert_file = /etc/pki/tls/newcerts/01.pem smtpd_tls_key_file =
>> /etc/pki/tls/private/r13151.ovh.net.key smtpd_tls_received_header = yes
>> smtpd_tls_session_cache_database =
>> btree:/var/lib/postfix/smtpd_tls_session_cache smtpd_use_tls = yes
>

Fwd: Re: [Dovecot] catch-all not working with postfix dovecot lda (fwd)

[fakessh]

it may be a problem in dealing with amavisd perl milter

Subject: Re: [Dovecot] catch-all not working with postfix dovecot lda

On Fri, 16 Apr 2010 09:07:55 +1000, Noel Butler 
wrote:
> Postfix must first "know the user(s)"
> therefore this isa  postfix issue and not dovecot
> dovecot deliver assumes the MTA has verified the user to accept mail
> from and does not do further authentication
>
>

how to build a catch-all with dovecot lda
the question then. is not a postfix issue

> On Fri, 2010-04-16 at 01:00 +0200, fakessh wrote:
>
>> its tha archive to the cross post to postfix-users
>> help me
>>
>> http://www.mail-archive.com/postfix-users@postfix.org/msg22963.html
>>
>>
>>
>> On Fri, 16 Apr 2010 00:26:25 +0200, fakessh  wrote:
>>
>> On Thu, 15 Apr 2010 08:33:43 -0500, Noel Jones
>>  wrote:
>>
>> On 4/14/2010 3:42 PM, fakessh wrote:
>>
>> On Wed, 14 Apr 2010 13:50:34 -0500, Noel
>> Jones wrote:
>>
>> On 4/14/2010 1:45 PM, fakessh wrote:
>>
>> On Wed, 14 Apr 2010 14:12:25 -0400, Charles Marcus
>>  wrote:
>>
>> I changed the entries @fakessh to r...@localhost in
>>
>> /etc/postfix/virtual
>>
>> postmap then a file to the postfix restart. all without
>> success, or rather the same mistake
>>
>> Then post your new "postconf -n", log entries showing the
>> problem,
>> and file contents.
>>
>> my postcon -n [r...@r13151 ~]# postconf -n alias_database =
>> hash:/etc/aliases alias_maps = hash:/etc/aliases body_checks =
>> regexp:/etc/postfix/body_checks.cf bounce_notice_recipient = postmaster
>> broken_sasl_auth_clients = yes command_directory = /usr/sbin
>> config_directory = /etc/postfix content_filter =
dksign:[127.0.0.1]:10028
>> daemon_directory = /usr/libexec/postfix debug_peer_level = 2
>> default_privs
>> = nobody double_bounce_sender = no header_checks =
>> regexp:/etc/postfix/header_checks.cf home_mailbox = Maildir/
>> html_directory
>> = no in_flow_delay = 10 inet_interfaces = all mail_spool_directory =
>> /var/spool/mail mailbox_command = /usr/libexec/dovecot/deliver
>> mailq_path =
>> /usr/bin/mailq.postfix manpage_directory = /usr/share/man
>> maps_rbl_domains
>> = bl.spamcop.net mime_header_checks =
>> regexp:/etc/postfix/mime_header_checks.cf mydestination = $myhostname,
>> localhost.$mydomain mydomain = r13151.ovh.net mynetworks = 127.0.0.0/8
>> ,87.98.186.232 myorigin = $mydomain newaliases_path =
>> /usr/bin/newaliases.postfix queue_run_delay = 2000s readme_directory =
>> /usr/share/doc/postfix-2.3.3/README_FILES recipient_delimiter = +
>> relay_domains = sample_directory = /usr/share/doc/postfix-2.3.3/samples
>> sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop
>> smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options
=
>> noanonymous smtp_sender_dependent_authentication = yes
smtp_tls_loglevel
>> =
>> 3 smtp_tls_session_cache_database =
>> btree:/var/lib/postfix/smtp_tls_session_cache smtpd_banner =
$myhostname
>> ESMTP $mail_name ($mail_version) smtpd_client_restrictions =
>>
>>
permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
>>
>> reject_non_fqdn_recipient , permit smtpd_milters =
>> inet:[127.0.0.1]:10040 smtpd_recipient_restrictions = permit_mynetworks
>> permit_inet_interfaces permit_sasl_authenticated
>> reject_unverified_recipient reject_non_fqdn_sender
>> reject_non_fqdn_recipient reject_unknown_sender_domain
>> reject_unknown_recipient_domain reject_unknown_reverse_client_hostname
>> reject_unauth_destination reject_unauth_pipelining reject_rbl_client
>> zen.spamhaus.org reject_sender_login_mismatch check_policy_service
>> unix:postgrey/socket check_sender_access
>> hash:/etc/postfix/check_backscatterer check_policy_service
>> unix:private/spfpolicy reject_rbl_client bl.spamcop.net
>> reject_rhsbl_sender
>> dbl.spamhaus.org reject_rbl_client cbl.abuseat.org reject_rbl_client
>> b.barracudacentral.org smtpd_reject_unlisted_sender = no
>> smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes
>> smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth
>> smtpd_sasl_type = dovecot smtpd_tls_CAfile =
>> /etc/pki/tls/sub.class4.server.ca.pem smtpd_tls_auth_only = yes
>> smtpd_tls_cert_file = /etc/pki/tls/newcerts/01.pem smtpd_tls_key_file =
>> /etc/pki/tls/private/r13151.ovh.net.key smtpd_tls_received_header = yes
>> smtpd_tls_sessi

Fwd: Re: [Dovecot] catch-all not working with postfix dovecot lda

[fakessh]

hi all
hi wieste
hi all users of this list
hi much many people


good god, I come with the same question
I always wonder how to build a catch-all
I asked the same question on the list dovecot
http://www.mail-archive.com/postfix-users@postfix.org/msg22963.html
after discussion, it appears that the work of a local delivery agent could
not have catch-all

the mailing list are to share knowledge

ps : god bless all them
its my proper thinks
http://minilien.fr/a0lhww


 Original Message 
Subject: Re: [Dovecot] catch-all not working with postfix dovecot lda
Date: Fri, 16 Apr 2010 12:39:24 +1000
From: Noel Butler 
To: Dovecot Mailing List 

On Fri, 2010-04-16 at 03:50 +0200, fakessh wrote:

> On Fri, 16 Apr 2010 01:53:32 +0200, Pascal Volk
>  wrote:
> > On 04/16/2010 01:18 AM fakessh wrote:
> >> how to build a catch-all with dovecot lda
> >> the question then. is not a postfix issue
> > 
> > Still a Postfix issue.
> > Dovecot doesn't know anything about 'spammy catch all accounts'. Your
> > MTA has to expand the the catch all address to an address which is
known
> > by Dovecot.
> > 
> > 
> > Regards,
> > Pascal
> 
> could very well via a parameter in dovecot.conf accept unknown users. 
> a small patch
> a small patch party
> 
> thanks for advise


This is *NOT* the job of dovecot (or ANY delivery agent), it is the job
of your MTA, in your ,case  postfix, please keep to the postfix list on
this question as that is where the issue is.

Re: catch-all not working with postfix dovecot lda

[fakessh]

On Sat, 17 Apr 2010 14:26:22 +0200, mouss  wrote:
> fakessh a écrit :
>> On Thu, 15 Apr 2010 08:33:43 -0500, Noel Jones 
>> wrote:
>>> On 4/14/2010 3:42 PM, fakessh wrote:
>>>> On Wed, 14 Apr 2010 13:50:34 -0500, Noel
Jones
>>>> wrote:
>>>>> On 4/14/2010 1:45 PM, fakessh wrote:
>>>>>> On Wed, 14 Apr 2010 14:12:25 -0400, Charles Marcus
>>>>>>wrote:
>>>>
>>>> I changed the entries @fakessh to r...@localhost in
>> /etc/postfix/virtual
>>>> postmap then a file  to
>>>> the postfix restart.
>>>>
>>>> all without success, or rather the same mistake
> 
>> [snip]
> 
>> 
>> my jed /etc/postfix/virtual
>> #
>> # AUTHOR(S)
>> #Wietse Venema
>> #IBM T.J. Watson Research
>> #P.O. Box 704
>> #Yorktown Heights, NY 10598, USA
>> #
>> #
>> VIRTUAL(5$
>> postmas...@fakessh.eu   r...@localhost.r13151.ovh.net
>> fake...@fakessh.eu fake...@localhost.r13151.ovh.net
>> webm...@fakessh.eu webm...@localhost.r13151.ovh.net
>> se...@fakessh.eu   se...@localhost.r13151.ovh.net
>> @fakessh   r...@localhost.r13151.ovh.net
> 
> fakessh != fakessh.eu.
> you want:
> 
> @fakessh.eu   r...@localhost.r13151.ovh.net
> 
> 

I have but it does not work


hi wieste
is the girl

>> [snip]

Re: catch-all not working with postfix dovecot lda

[fakessh]

On Sat, 17 Apr 2010 17:16:04 +0200, mouss  wrote:
> fakessh a écrit :
>> On Sat, 17 Apr 2010 14:26:22 +0200, mouss  wrote:
>>> fakessh a écrit :
>>>> On Thu, 15 Apr 2010 08:33:43 -0500, Noel Jones

>>>> wrote:
>>>>> On 4/14/2010 3:42 PM, fakessh wrote:
>>>>>> On Wed, 14 Apr 2010 13:50:34 -0500, Noel
>> Jones
>>>>>> wrote:
>>>>>>> On 4/14/2010 1:45 PM, fakessh wrote:
>>>>>>>> On Wed, 14 Apr 2010 14:12:25 -0400, Charles Marcus
>>>>>>>>wrote:
>>>>>> I changed the entries @fakessh to r...@localhost in
>>>> /etc/postfix/virtual
>>>>>> postmap then a file  to
>>>>>> the postfix restart.
>>>>>>
>>>>>> all without success, or rather the same mistake
>>>> [snip]
>>>> my jed /etc/postfix/virtual
>>>> #
>>>> # AUTHOR(S)
>>>> #Wietse Venema
>>>> #IBM T.J. Watson Research
>>>> #P.O. Box 704
>>>> #Yorktown Heights, NY 10598, USA
>>>> #
>>>> #
>>>> VIRTUAL(5$
>>>> postmas...@fakessh.eu   r...@localhost.r13151.ovh.net
>>>> fake...@fakessh.eu fake...@localhost.r13151.ovh.net
>>>> webm...@fakessh.eu webm...@localhost.r13151.ovh.net
>>>> se...@fakessh.eu   se...@localhost.r13151.ovh.net
>>>> @fakessh   r...@localhost.r13151.ovh.net
>>> fakessh != fakessh.eu.
>>> you want:
>>>
>>> @fakessh.eu r...@localhost.r13151.ovh.net
>>>
>>>
>> 
>> I have but it does not work
>> 
> 
> it is not in the file you showed.
> 
> please show the output of
> postmap -q @fakessh.eu hash:/etc/postfix/virtual


to show my output : thanks mouss
[r...@r13151 ~]# postmap -q @fakessh.eu hash:/etc/postfix/virtual
[r...@r13151 ~]# postmap -q @renelacroute.fr hash:/etc/postfix/virtual
[r...@r13151 ~]# postmap -q @fakessh.eu hash:/etc/postfix/virtual
[r...@r13151 ~]# postmap /etc/postfix/virtual
plus postfix restart

log to my error

Apr 17 17:27:02 r13151 postfix/tlsmgr[24186]: open smtp TLS cache
btree:/var/lib/postfix/smtp_tls_session_cache
Apr 17 17:27:02 r13151 postfix/tlsmgr[24186]: tlsmgr_cache_run_event:
start TLS smtp session cache cleanup
Apr 17 17:27:02 r13151 postfix/smtpd[24185]: connect from
smtp28.orange.fr[80.12.242.101]
Apr 17 17:27:02 r13151 postfix/cleanup[24224]: BF607241BC1:
message-id=<20100417152702.bf607241...@r13151.ovh.net>
Apr 17 17:27:03 r13151 postfix/qmgr[24177]: BF607241BC1:
from=, size=254, nrcpt=1 (queue active)
Apr 17 17:27:03 r13151 postfix/error[24225]: BF607241BC1:
to=, relay=none, delay=0.66, delays=0.46/0.21/0/0,
dsn=5.0.0, status=undeliverable (User unknown in virtual alias table)
Apr 17 17:27:03 r13151 postfix/qmgr[24177]: BF607241BC1: removed
Apr 17 17:27:05 r13151 postfix/smtpd[24185]: NOQUEUE: reject: RCPT from
smtp28.orange.fr[80.12.242.101]: 450 4.1.1 : Recipient
address rejected: undeliverable address: User unknown in virtual alias
table; from= to= proto=ESMTP
helo=
Apr 17 17:27:05 r13151 postfix/smtpd[24185]: disconnect from
smtp28.orange.fr[80.12.242.101]


> 
> after you gather that output, do a new test.
> 
> 
>>>> [snip]

Re: catch-all not working with postfix dovecot lda

[fakessh]

On Sat, 17 Apr 2010 17:29:04 +0200, fakessh  wrote:
> On Sat, 17 Apr 2010 17:16:04 +0200, mouss  wrote:
>> fakessh a écrit :
>>> On Sat, 17 Apr 2010 14:26:22 +0200, mouss 
wrote:
>>>> fakessh a écrit :
>>>>> On Thu, 15 Apr 2010 08:33:43 -0500, Noel Jones
> 
>>>>> wrote:
>>>>>> On 4/14/2010 3:42 PM, fakessh wrote:
>>>>>>> On Wed, 14 Apr 2010 13:50:34 -0500, Noel
>>> Jones
>>>>>>> wrote:
>>>>>>>> On 4/14/2010 1:45 PM, fakessh wrote:
>>>>>>>>> On Wed, 14 Apr 2010 14:12:25 -0400, Charles Marcus
>>>>>>>>>wrote:
>>>>>>> I changed the entries @fakessh to r...@localhost in
>>>>> /etc/postfix/virtual
>>>>>>> postmap then a file  to
>>>>>>> the postfix restart.
>>>>>>>
>>>>>>> all without success, or rather the same mistake
>>>>> [snip]
>>>>> my jed /etc/postfix/virtual
>>>>> #
>>>>> # AUTHOR(S)
>>>>> #Wietse Venema
>>>>> #IBM T.J. Watson Research
>>>>> #P.O. Box 704
>>>>> #Yorktown Heights, NY 10598, USA
>>>>> #
>>>>> #   

>>>>> VIRTUAL(5$
>>>>> postmas...@fakessh.eu   r...@localhost.r13151.ovh.net
>>>>> fake...@fakessh.eu fake...@localhost.r13151.ovh.net
>>>>> webm...@fakessh.eu webm...@localhost.r13151.ovh.net
>>>>> se...@fakessh.eu   se...@localhost.r13151.ovh.net
>>>>> @fakessh   r...@localhost.r13151.ovh.net
>>>> fakessh != fakessh.eu.
>>>> you want:
>>>>
>>>> @fakessh.eur...@localhost.r13151.ovh.net
>>>>

I have to redo the manipulations. and it works
> 
/etc/postfix/virtual
#
VIRTUAL(5$
postmas...@fakessh.eu   r...@localhost.r13151.ovh.net
fake...@fakessh.eu
fake...@localhost.r13151.ovh.net,r...@localhost.r13151.o$
webm...@fakessh.eu
webm...@localhost.r13151.ovh.net,r...@localhost.r13151.o$
se...@fakessh.eu  
se...@localhost.r13151.ovh.net,r...@localhost.r13151.ovh$
ab...@fakessh.eu   r...@localhost.r13151.ovh.net
postmas...@fakessh   r...@localhost.r13151.ovh.net
renelacro...@renelacroute.fr
renelacro...@localhost.r13151.ovh.net,r...@localho$
postmas...@renelacroute.fr   r...@localhost.r13151.ovh.net
nicolaspic...@nicolaspichot.fr  
nicolaspic...@localhost.r13151.ovh.net,r...@lo$
ab...@nicolaspichot.fr   r...@localhost.r13151.ovh.net
postmas...@nicolaspichot.fr  
r...@localhost.r13151.ovh.net
i...@fakessh.eu r...@localhost.r13151.ovh.net
ca...@fakessh.eu r...@localhost.r13151.ovh.net
r...@fakessh.eu r...@localhost.r13151.ovh.net
f...@fakessh.eu r...@localhost.r13151.ovh.net
@fakessh.eur...@localhost.r13151.ovh.net
@renelacroute.fr   r...@localhost.r13151.ovh.net
@nicolaspichot.fr  r...@localhost.r13151.ovh.net

[r...@r13151 ~]# dovecot -n
# 1.2.11: /etc/dovecot.conf
# OS: Linux 2.6.24.5-grsec--grs-ipv4-32 i686 CentOS release 5.4
(Final) 
base_dir: /var/run/dovecot/
log_timestamp: %Y-%m-%d %H:%M:%S 
protocols: imap imaps pop3 pop3s managesieve
listen(default): [::]
listen(imap): [::]
listen(pop3): [::]
listen(managesieve): *:2000
ssl_listen(default): *:993
ssl_listen(imap): *:993
ssl_listen(pop3): *:995
ssl_listen(managesieve): 
ssl_ca_file: /etc/pki/tls/cert.csr.p12
ssl_cert_file: /etc/pki/tls/newcerts/01.pem
ssl_key_file: /etc/pki/tls/private/r13151.ovh.net.key
version_ignore: yes
login_dir: /var/run/dovecot//login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_executable(managesieve): /usr/libexec/dovecot/managesieve-login
mail_location: maildir:~/Maildir:INBOX=~/Maildir/.INBOX
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_executable(managesieve): /usr/libexec/dovecot/managesieve
mail_plugins(default): autocreate
mail_plugins(imap): autocreate
mail_plugins(pop3): autocreate
mail_plugins(managesieve): 
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(managesieve): /usr/lib/dovecot/managesieve
imap_client_workarounds(d

are you there a official version of centos postfix most days can be redhat

[fakessh]

hello postfix network

are you there a official version of centos postfix most days can be redhat
this actual version is 
[r...@r13151 ~]# rpm -qa | grep postfix
postfix-pflogsumm-2.3.3-2.1.el5_2
postfix-2.3.3-2.1.el5_2
This version is outdated and is no longer supported
how to keep the upstream of centos

RE: are you there a official version of centos postfix most days can be redhat

[fakessh]

On Fri, 21 May 2010 21:06:37 -0700, Gary Smith 
wrote:
>> hello postfix network
>> 
>> are you there a official version of centos postfix most days can be
>> redhat
>> this actual version is
>> [r...@r13151 ~]# rpm -qa | grep postfix
>> postfix-pflogsumm-2.3.3-2.1.el5_2
>> postfix-2.3.3-2.1.el5_2
>> This version is outdated and is no longer supported
>> how to keep the upstream of centos
> 
> CentOS/RedHat will always be outdating as they try to stay with binary
> compatible.  Personally, I compile my own RPM's.  I'm sure there are
some
> current ones out there if you look around.



do you have any information on a future release redhat postfix
I'm going to compile my rpm

hello postfix network : with dovecot deliver amavisd not work

[fakessh]

hello all reader
hello list
hello postfix network

since I've installed dovecot deliver. e-mails no longer pass through
amavisd. 
amavisd no longer work. 
c is to say I have no anti-spam and anti virus

my postconf and dovecot -n
[r...@r13151 ~]# postconf -n
alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases
alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases
body_checks = regexp:/etc/postfix/body_checks.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = dkimproxy:[127.0.0.1]:10029
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
double_bounce_sender = no
header_checks = regexp:/etc/postfix/header_checks.cf
home_mailbox = Maildir/
in_flow_delay = 10
inet_interfaces = all
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 2048
mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net
mydomain = r13151.ovh.net
mynetworks = 127.0.0.0/8 ,87.98.186.232
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
queue_run_delay = 200s
readme_directory = /usr/share/doc/postfix-2.5.4/README_FILES
recipient_delimiter = +
relay_domains = 
sample_directory = /usr/share/doc/postfix-2.5.4/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions =
permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
reject_non_fqdn_recipient ,  permit
smtpd_milters = inet:[127.0.0.1]:10040
smtpd_recipient_restrictions = permit_mynetworks  permit_inet_interfaces
permit_sasl_authenticated  reject_unverified_recipient
reject_non_fqdn_sender reject_non_fqdn_recipient
reject_unknown_sender_domain reject_unknown_recipient_domain
reject_unknown_reverse_client_hostname reject_unauth_destination
reject_unauth_pipelining reject_rbl_client zen.spamhaus.org
reject_sender_login_mismatch check_policy_service unix:postgrey/socket
check_sender_access hash:/etc/postfix/check_backscatterer
check_sender_access hash:/etc/postfix/check_spamcannibal
check_policy_service unix:private/spfpolicy  reject_rhsbl_sender
dbl.spamhaus.org reject_rbl_client bl.spamcop.net  reject_rbl_client
cbl.abuseat.org  reject_rbl_client b.barracudacentral.org
check_client_access hash:/etc/postfix/whitelist  reject_rhsbl_helo
dbl.spamhaus.org  reject_rhsbl_client dbl.spamhaus.org
reject_unknown_helo_hostname reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname  check_client_access
pcre:/etc/postfix/ptr-tld.pcre check_client_access
cidr:/etc/postfix/sinokorea.cidr check_client_access
cidr:/etc/postfix/taiwancidr.cidr  check_client_access
regexp:/etc/postfix/blacklist_clients  check_client_access
cidr:/etc/postfix/asian-ip.cidr  reject_rbl_client relays.orbs.org 
reject_rbl_client in.dnsbl.org
smtpd_reject_unlisted_sender = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/certs/class3.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/r13151.ovh.net.crt
smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains = renelacroute.fr , nicolaspichot.fr , fakessh.eu
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = dovecot



[r...@r13151 ~]# dovecot -n 
# 1.2.11: /etc/dovecot.conf
# OS: Linux 2.6.24.5-grsec--grs-ipv4-32 i686 CentOS release 5.5
(Final) 
base_dir: /var/run/dovecot/
log_path: /var/log/maillog
log_timestamp: %Y-%m-%d %H:%M:%S 
protocols: imap imaps pop3 pop3s managesieve
listen(default): [::]
listen(imap): [::]
listen(pop3): [::]
listen(managesieve): *:2000
ssl_listen(default): *:993
ssl_listen(imap): *:993
ssl_listen(pop3): *:995
ssl_listen(managesieve): 
ssl_ca_file: /etc/pki/tls/certs/root.crt
ssl_cert_file: /etc/pki/tls/certs/r13151.ovh.net.crt
ssl_key_file: /etc/pki/tls/private/r13151.ovh.net.key
ssl_verify_client_cert: yes
version_ignore: yes
login_dir: /var/run/dovecot//login
login_executable(default): /usr/libexec/dovecot/

probleme with dk dkim and dlv for miltiple domain

[fakessh]

hello all 


hello postfix network
hello centos network 

I am having problems with my dk and dkim signature of my emails
I have successfully made the process of verification of signatures dnssec
all my domains are correct and good displays on dlv.isc.org
the reason for my problem just the reason that I have updated my postfix
and I have recreated a pair of keys with openssl for dkimproxy

the reason for my questions
one of my domains. in .fr: after validation of signatures by isc dk dkim
said OK
Other areas domains ( other .fr and other .eu ) after validation of
signatures by isc dk dkim said bad


that happens I do not understand


thanks for advice
thanks for help

Re: Postini, Has bad idea for adding ip numbers. This is sendmail example

[fakessh]

postini give access


telnet postini 25
mail from:
rcpt to:
data
some date
.



emails is correctly delivred
its synonymy to open relay

wieste is a women . when do you

[fakessh]

hello

wieste is a women . when do you


its my real @
i respond a you post
duplicate in french please

Re: wieste is a women . when do you

[fakessh]

On Mon, 21 Jun 2010 00:41:21 +0200, fakessh  wrote:
> hello
> 
> wieste is a women . when do you
> 
> 
> its my real @
> i respond a you post
> duplicate in french please


http://www.google.fr/search?q=wieste+is+a+woman&hl=fr&client=safari&rls=en&ei=Z44fTL76NMeS4gbxxZWWDg&start=50&sa=N

 http://www.textfiles.com/magazines/PHRACK/PHRACK52

trouble on my rules check_client_access hash:/etc/postf ix/acces_client

[fakessh]

hello ladies and gents


I do not know if I am in error or in the real
i a file check_client_access hash:/etc/postfix/acces_client

cat /etc/postfix/acces_client
mx3.mail2000.com.tw   REJECT
mx2.mail2000.com.tw   REJECT
mx2.mail.tw.yahoo.com REJECT


I forbid the property to ndd that connect to my gateway
i refuse the access to ndd

and I do not understand I have always log that are generated by syslogd

example
(piece of logwatch)


Relaying denied:
From 114-45-50-88.dynamic.hinet.net[114.45.50.88] to
gk49f...@yahoo.com.tw : 1 Time(s)
From 114-45-53-25.dynamic.hinet.net[114.45.53.25] to
gk49f...@yahoo.com.tw : 1 Time(s)
From 114-45-54-214.dynamic.hinet.net[114.45.54.214] to
gk49f...@yahoo.com.tw : 1 Time(s)


 discarding EHLO keywords: 8BITMIME STARTTLS
 discarding EHLO keywords: 8BITMIME STARTTLS
 1F68858046: to=,
relay=mx2.mail2000.com.tw[203.69.82.34]:25, delay=1.7,
delays=0.23/0.01/1.2/0.29, dsn=2.0.0, status=deliverable (250 Recipient
 OK)
 discarding EHLO keywords: 8BITMIME STARTTLS
 discarding EHLO keywords: 8BITMIME STARTTLS


that happens I should not have any log , logically


thanks for your responce
thanks for advice


nb : in our previous conserne problems. I'm glad I love everyone and gods
bless us every day

Re: trouble on my rules check_client_access hash:/etc/p ostfix/acces_client

[fakessh]

On Thu, 24 Jun 2010 10:09:35 +0200, fakessh  wrote:
> hello ladies and gents
> 
> 
> I do not know if I am in error or in the real
> i a file check_client_access hash:/etc/postfix/acces_client
> 
> cat /etc/postfix/acces_client
> mx3.mail2000.com.tw   REJECT
> mx2.mail2000.com.tw   REJECT
> mx2.mail.tw.yahoo.com REJECT
> 
> 
> I forbid the property to ndd that connect to my gateway
> i refuse the access to ndd
> 
> and I do not understand I have always log that are generated by syslogd
> 
> example
> (piece of logwatch)
> 
> 
> Relaying denied:
> From 114-45-50-88.dynamic.hinet.net[114.45.50.88] to
> gk49f...@yahoo.com.tw : 1 Time(s)
> From 114-45-53-25.dynamic.hinet.net[114.45.53.25] to
> gk49f...@yahoo.com.tw : 1 Time(s)
> From 114-45-54-214.dynamic.hinet.net[114.45.54.214] to
> gk49f...@yahoo.com.tw : 1 Time(s)
> 
> 
>  discarding EHLO keywords: 8BITMIME STARTTLS
>  discarding EHLO keywords: 8BITMIME STARTTLS
>  1F68858046: to=,
> relay=mx2.mail2000.com.tw[203.69.82.34]:25, delay=1.7,
> delays=0.23/0.01/1.2/0.29, dsn=2.0.0, status=deliverable (250 Recipient
>  OK)
>  discarding EHLO keywords: 8BITMIME STARTTLS
>  discarding EHLO keywords: 8BITMIME STARTTLS
> 
> 
> that happens I should not have any log , logically
> 
> 
> thanks for your responce
> thanks for advice
> 
> 
> nb : in our previous conserne problems. I'm glad I love everyone and
gods
> bless us every day




this was a misconfiguration between check_client_access and
check_sender_acces
http://old.nabble.com/Blocking-a-domain-and-user-td22338705.html#a22339092

Re: trouble on my rules check_client_access hash:/etc/p ostfix/acces_client

[fakessh]

On Thu, 24 Jun 2010 11:03:18 +0200, fakessh  wrote:
> On Thu, 24 Jun 2010 10:09:35 +0200, fakessh  wrote:
>> hello ladies and gents
>> 
>> 
>> I do not know if I am in error or in the real
>> i a file check_client_access hash:/etc/postfix/acces_client
>> 
>> cat /etc/postfix/acces_client
>> mx3.mail2000.com.tw   REJECT
>> mx2.mail2000.com.tw   REJECT
>> mx2.mail.tw.yahoo.com REJECT
>> 
>> 
>> I forbid the property to ndd that connect to my gateway
>> i refuse the access to ndd
>> 
>> and I do not understand I have always log that are generated by syslogd
>> 
>> example
>> (piece of logwatch)
>> 
>> 
>> Relaying denied:
>> From 114-45-50-88.dynamic.hinet.net[114.45.50.88] to
>> gk49f...@yahoo.com.tw : 1 Time(s)
>> From 114-45-53-25.dynamic.hinet.net[114.45.53.25] to
>> gk49f...@yahoo.com.tw : 1 Time(s)
>> From 114-45-54-214.dynamic.hinet.net[114.45.54.214] to
>> gk49f...@yahoo.com.tw : 1 Time(s)
>> 
>> 
>>  discarding EHLO keywords: 8BITMIME STARTTLS
>>  discarding EHLO keywords: 8BITMIME STARTTLS
>>  1F68858046: to=,
>> relay=mx2.mail2000.com.tw[203.69.82.34]:25, delay=1.7,
>> delays=0.23/0.01/1.2/0.29, dsn=2.0.0, status=deliverable (250 Recipient
>>  OK)
>>  discarding EHLO keywords: 8BITMIME STARTTLS
>>  discarding EHLO keywords: 8BITMIME STARTTLS
>> 
>> 
>> that happens I should not have any log , logically
>> 
>> 
>> thanks for your responce
>> thanks for advice
>> 
>> 
>> nb : in our previous conserne problems. I'm glad I love everyone and
> gods
>> bless us every day
> 
> 
> 
> 
> this was a misconfiguration between check_client_access and
> check_sender_acces
>
http://old.nabble.com/Blocking-a-domain-and-user-td22338705.html#a22339092


its that too
http://old.nabble.com/Stopping-backscatter-with-before-queue-td20902385i20.html#a21003570

Re: OT: sid-milter package

[fakessh]

On Fri, 25 Jun 2010 23:39:18 +0200, mouss  wrote:
> Jorge Andrea G Carminati a écrit :
>> Hi all! I'm trying to implement sid-milter with Postfix 2.7, but am
>> having some problems while trying to compile release 1.0 under RHEL 5.5
>> (x86_64) as shown below, any ideas? 
> 
> you need to cotact the author of sid-milter or a corresponding
> forum/list. if you want my opinion: if it doesn't work as it is, forget
> about it...
> 
> 
> 


i recently compiled sid-milter into a rpm
without signatures
http://ns.fakessh.eu/sid-milter-1.0.0-1.el5.i386.rpm

work well on my centos 5.5

.spec is in a this post
for building the rpm
http://lists.centos.org/pipermail/centos-fr/2009-December/000378.html





>> [snip]

Re: How to drop the recipient address hostname when delivering mail via LMTP?

[fakessh]

On Fri, 27 Aug 2010 12:22:59 -0400, Victor Duchovni
 wrote:
> On Fri, Aug 27, 2010 at 10:58:37AM -0500, Noel Jones wrote:
> 
>> I think the problem is better solved in the delivery agent.
>>
>> If you're using the postfix LMTP client, this might work:
>> http://www.postfix.org/postconf.5.html#lmtp_generic_maps
>> /^(.*)@server\.example\.com$/$1
>> This will also mangle To: headers.
> 
> Standard-compliant LMTP addresses are (as with SMTP) 
> not . So LMTP servers are expected to correctly map domains
> to mailboxes. It is best to no generate invalid LMTP, mangle the headers, ...


I wonder
What is the best solution to use dovecot lda for its use
or complicate the config using lmtp dovecot
whereas with a simple config we manage to walk amavisd 


what is it the best way

many welcome are smile 

misunderstanding of some connections

[fakessh]

hi all
hi folks
hi wieste : the saincristain of postfix
hi all the postfix network

I consult regularly logs postfix
I consult regularly logs postfix, and he appears regularly attempts to 
connect mx3.mail2000.com.tw

and that is that I do not understand how it happens
I have the following rules in my postfix config

smtpd_recipient_restrictions
check_client_access regexp:/etc/postfix/blacklist_clients
~]# cat  /etc/postfix/blacklist_clients
/\.dynamic\.hinet\.net$/REJECT UCE black-listed.
/\.seed\.hinet\.net$/   REJECT UCE black-listed.
/\.br\.hinet\.net$/ REJECT UCE black-listed.
/\.ms1\.hinet\.net$/  REJECT UCE black-listed.
/\mx3\.mail2000\.com\.tw$/   REJECT
/\mx2\.mail2000\.com\.tw$/   REJECT
/\mx2\.mail\.tw\.yahoo\.com$/ REJECT
/\mx1\.mail\.tw\.yahoo\.com$/ REJECT
/\.HINET-IP\.hinet\.net$/REJECT UCE black-listed.



this may be a confusion between elementary smtpd_client_restrictions 
vs smtpd_recipient_restrictions


many return are welcome
Please take the time to explain well

Re: THREAD CLOSED misunderstanding of some connections

[fakessh]

On Tue, 31 Aug 2010 19:42:26 -0500, Noel Jones 
 wrote:

On 8/31/2010 7:19 PM, fakessh wrote:

hi all
hi folks
hi wieste : the saincristain of postfix
hi all the postfix network

I consult regularly logs postfix
I consult regularly logs postfix, and he appears regularly
attempts to connect mx3.mail2000.com.tw
and that is that I do not understand how it happens
I have the following rules in my postfix config

smtpd_recipient_restrictions
check_client_access regexp:/etc/postfix/blacklist_clients
~]# cat /etc/postfix/blacklist_clients
/\.dynamic\.hinet\.net$/ REJECT UCE black-listed.
/\.seed\.hinet\.net$/ REJECT UCE black-listed.
/\.br\.hinet\.net$/ REJECT UCE black-listed.
/\.ms1\.hinet\.net$/ REJECT UCE black-listed.
/\mx3\.mail2000\.com\.tw$/ REJECT
/\mx2\.mail2000\.com\.tw$/ REJECT
/\mx2\.mail\.tw\.yahoo\.com$/ REJECT
/\mx1\.mail\.tw\.yahoo\.com$/ REJECT
/\.HINET-IP\.hinet\.net$/ REJECT UCE black-listed.



this may be a confusion between elementary
smtpd_client_restrictions vs smtpd_recipient_restrictions

many return are welcome
Please take the time to explain well




Please show the log entries you are wondering about.




I just read the paper item last on the list
http://gabacho.reto.jp/en/anti-spam/anti-spam-system.html#3-1
and I mix between
smtpd_client_restrictions vs smtpd_recipient_restrictions vs 
smtpd_helo_restrictions
postfix config is clearer for me, I made the changes in main.cf. I 
expect tomorrow to be with other logs

THREAD CLOSED

force startssl on port 25

[fakessh]

hi guru of postfix
hi mouss and wieste

hi all the users of ths list

my question is simply

is there a way to force startssl on port 25
or it is not a good method

many returns are welcome

Re: force startssl on port 25

[fakessh]

On Tue, 14 Sep 2010 13:17:56 -0400, Matt Hayes
 wrote:
> On 9/14/2010 1:11 PM, fakessh wrote:
>> hi guru of postfix
>> hi mouss and wieste
>>
>> hi all the users of ths list
>>
>> my question is simply
>>
>> is there a way to force startssl on port 25
>> or it is not a good method
>>
>> many returns are welcome
>>
> 
> 
> I don't recommend doing that as not all MTAs on the internet will be
> able to or want to do SSL from MTA to MTA.
> 
> If you want to offer it, that's fine, but I wouldn't force it.
> 



thanks for your response
no force it

thanks

merci en france
> -Matt

Re: force startssl on port 25

[fakessh]

On Wed, 15 Sep 2010 23:53:03 +0200, mouss  wrote:
> Le 14/09/2010 19:11, fakessh a écrit :
>> hi guru of postfix
>> hi mouss and wieste
>>
>> hi all the users of ths list
>>
>> my question is simply
>>
>> is there a way to force startssl on port 25
>> or it is not a good method
> 
> the short answer is no. you use port 25 to get mail from "public"
> senders. you can't force these users if you want mail from them. you
> can offer starttls and hope that the other side implements it. I'm
> finding that even spammers are using starttls, but I wouldn't ask a
> mailing list to use starttls when the messages are archived all over
> the web...

thanks for you attention mouss
the response is clear and simple

a about
i work on the lib MIME::Lite in perl
my patch
http://pastebin.com/kqUDxpwY
i wonder
what the email not send

Re: Please Help Me Secure My Mail Server

[fakessh]

On Mon, 20 Sep 2010 15:56:35 -0500, Noel Jones 
wrote:
> On 9/20/2010 3:29 PM, bper wrote:
>>
>> Hello,
>>
>> I have set up a postfix-dovecot server with smtp-auth using sasl by
>> following this link:
>> https://help.ubuntu.com/10.04/serverguide/C/postfix.html
>>
>> It seems to be working OK. The only thing is that when I view my logs, I see
>> a lot of 'relaying denied', 'noqueue reject', 'too many errors after rcpt',
>> and 'disconnect' messages from a lot of unknown domain names and ip
>> addresses.
> 
> These are normal messages indicating that postfix is working correctly.
> 
> 
>>
>> I'm hoping that this means that the server is secure and doing its job
>> bouncing mail from unauthorized requests.
>>
>> *** Is that true?
> 
> quickie definitions:
> 
> bounce - accept mail and return it to the (likely forged) sender.  BAD.
> 
> reject - unwanted mail is not accepted.  Notification of legit
> senders is the responsibility of the sender's mail server.  GOOD.
> 
> Your postfix is apparently doing its job rejecting unwanted mail.
> 
> 
> For further analysis, show your "postconf -n" and unaltered log
> entries you don't understand.
> 
> 
> -- Noel Jones
> 
> 
>>
>> Even if it was true, it has to be slowing down the server receiving so many
>> unauthorized requests.
>>
>> *** Is there a way to avoid this or is this just a function of life in the
>> world of email spam? Would a spam filter like Spamassasin help this type of
>> issue?
>>
>> Thanks!



-:-
good example of config are available
sign my blog

regards

Re: SPF and greylisting conditioning

[fakessh]

Le dimanche 26 septembre 2010 22:38, mouss a écrit :
>   Le 26/09/2010 12:08, Stan Hoeppner a écrit :
> > Michal Bruncko put forth on 9/26/2010 4:24 AM:
> >> It is possible in some way to configure postfix, that SPF Passed mails
> >> will be automatically accepted with postfix without greylisting?
> >
> > If I may be blunt:  this is a really dumb idea.  Many, maybe all,
> > snowshoe spammers have valid SPF records.  Thus, accepting mail simply
> > because the connecting IP passes SPF muster isn't a bright idea.
>
> some even use an indirect +all to trick filters...
>
> $ host -t txt takeprettypictures.net
> takeprettypictures.net descriptive text "v=spf1 ip4:128.0.0.0/1
> ip4:0.0.0.0/1 -all"
>
> (so the first bit must be 0 or 1. since a bit is either 0 or 1...).


do you like sendmail machine
that adresse is unauthorized for me


-- 
gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgpRL1LwvCuSY.pgp
Description: PGP signature

Re: SPF and greylisting conditioning

[fakessh]

Le dimanche 26 septembre 2010 23:46, mouss a écrit :
>   Le 26/09/2010 23:28, fakessh a écrit :
> > Le dimanche 26 septembre 2010 22:38, mouss a écrit :
> >>Le 26/09/2010 12:08, Stan Hoeppner a écrit :
> >>> Michal Bruncko put forth on 9/26/2010 4:24 AM:
> >>>> It is possible in some way to configure postfix, that SPF Passed mails
> >>>> will be automatically accepted with postfix without greylisting?
> >>>
> >>> If I may be blunt:  this is a really dumb idea.  Many, maybe all,
> >>> snowshoe spammers have valid SPF records.  Thus, accepting mail simply
> >>> because the connecting IP passes SPF muster isn't a bright idea.
> >>
> >> some even use an indirect +all to trick filters...
> >>
> >> $ host -t txt takeprettypictures.net
> >> takeprettypictures.net descriptive text "v=spf1 ip4:128.0.0.0/1
> >> ip4:0.0.0.0/1 -all"
> >>
> >> (so the first bit must be 0 or 1. since a bit is either 0 or 1...).
> >
> > do you like sendmail machine
> > that adresse is unauthorized for me
>
> There's no "address". the SPF record above specifies subnets with a /1
> mask, the union of which is the whole IPv4 space.

the evil for the spammeur 
the -all much have ?all


-- 
gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgpkehDaaHhCK.pgp
Description: PGP signature

migration postfix vers latest release

[fakessh]

hello postfix network
hello wieste 
hello mouss
hello all the reader of this list

I wish to migrate postfix-2.5.4-1 to the latest version of postfix from rpm 
Official
I desire to know the good manners to do
I walk the couple clamd spamassassin postfix postgrey dovecot policyd 
sid-milter dkimproxy
I wish to migrate while sweets following good habits

-- 
gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgp48dYKyPzIr.pgp
Description: PGP signature

Re: rejecting clients greeting me with my own name

[fakessh]

i hijacked the server with the null sender
and the valid recipient
the mail go home



nb : hey madduck
Le lundi 04 octobre 2010 à 20:44 +0200, martin f krafft a écrit :
> also sprach Charles Marcus  [2010.10.04.2029 
> +0200]:
> > > Yes, with my IP.
> > 
> > So your server is hacked?
> 
> I am talking about the argument to HELO/EHLO. No, my server is not
> hacked.
> 
-- 
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7


gpg --keyserver pgp.mit.edu --recv-key 092164A7


signature.asc
Description: Ceci est une partie de message	numériquement signée

Re: Postfix not create Maildir

[fakessh]

you must create them by hand or you have to use plugins dovecot and
sieve



Le vendredi 08 octobre 2010 à 19:11 -0300, Márcio Luciano Donada a
écrit :
> I am configuring a server to read a basic ldap, everything is working
> wonders, but to deliver the e-mail, postfix is not creating the maildir
> of the user, delivering only a mailbox file, but note that the
> configuration that follows below, I have the directive home_mailbox =
> Maildir/. I'm using version 2.6 on FreeBSD 8.2
> 
> body_checks = pcre:/usr/local/etc/postfix/maps/body_checks
> body_checks_size_limit = 51200
> broken_sasl_auth_clients = yes
> command_directory = /usr/local/sbin
> config_directory = /usr/local/etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> daemon_directory = /usr/local/libexec/postfix
> data_directory = /var/db/postfix
> debug_peer_level = 2
> default_destination_concurrency_limit = 20
> default_process_limit = 100
> header_checks = pcre:/usr/local/etc/postfix/maps/header_checks
> home_mailbox = Maildir/
> html_directory = /usr/local/share/doc/postfix
> local_destination_concurrency_limit = 2
> local_recipient_maps = $virtual_mailbox_maps
> local_transport = virtual
> mail_owner = postfix
> mailq_path = /usr/local/bin/mailq
> manpage_directory = /usr/local/man
> message_size_limit = 10485760
> mydestination = $myhostname, localhost.$mydomain, mx.$mydomain, $mydomain
> mydomain = domain.com.br
> myhostname = bt.domain.com.br
> mynetworks = 127.0.0.0/8
> myorigin = $mydomain
> newaliases_path = /usr/local/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/local/share/doc/postfix
> recipient_delimiter = +
> sample_directory = /usr/local/etc/postfix
> sendmail_path = /usr/local/sbin/sendmail
> smtp_tls_note_starttls_offer = yes
> smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP
> smtpd_data_restrictions = reject_unauth_pipelining
> smtpd_recipient_restrictions = reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,   reject_unauth_destination,
>  reject_invalid_hostname,permit_sasl_authenticated,
> permit_mynetworks,  reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rbl_client zen.spamhaus.org, reject_unauth_destination,permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_restrictions = check_client_access
> hash:/usr/local/etc/postfix/maps/sender_access,
>check_sender_access
> hash:/usr/local/etc/postfix/monitoramento/acl_sender,
>  permit_sasl_authenticated,
> check_sender_access hash:/usr/local/etc/postfix/maps/sender,
> reject_sender_login_mismatch,
>  reject_unlisted_recipient,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> reject_unauth_destination,warn_if_reject,
>  permit
> smtpd_tls_CAfile = /usr/local/etc/postfix/certificado/cacert.pem
> smtpd_tls_cert_file = /usr/local/etc/postfix/certificado/smtpd.crt
> smtpd_tls_key_file = /usr/local/etc/postfix/certificado/smtpd.key
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> soft_bounce = no
> tls_random_source = dev:/dev/urandom
> unknown_local_recipient_reject_code = 550
> virtual_gid_maps = static:1002
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_limit = 1
> virtual_mailbox_limit_inbox = yes
> virtual_mailbox_limit_maps = ldap:mailquota
> virtual_mailbox_limit_override = yes
> virtual_mailbox_maps = ldap:mailboxmaps
> virtual_maildir_extended = yes
> virtual_maildir_limit_message = Aviso de Quota Excedida!
> virtual_overquota_bounce = yes
> virtual_uid_maps = static:1002
> 
-- 
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7


gpg --keyserver pgp.mit.edu --recv-key 092164A7


signature.asc
Description: Ceci est une partie de message	numériquement signée

Re: [OFF-TOPIC] Does 2.7 RPM Work on RHEL 6?

[fakessh @]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Le 11.11.2010 22:10, Voytek Eymont a écrit :
> 
> On Fri, November 12, 2010 6:16 am, Carlos Mennens wrote:
>> On Thu, Nov 11, 2010 at 2:07 PM, Victor Duchovni
>>  wrote:
> 
>> This would be no problem except I've never attempted this before and
>> just did some searching on the web for tutorials I can follow since I don't
>> have any experience and honestly I couldn't find much. Does anyone know
>> that level of difficultly involved from turning SRPM's into a RPM file I
>> can use / distribute to others? I have the time and dedication but lack
>> the experience and knowledge.
> 
> Carlos,
> 
> on a couple (if not more) occasions, I've used Simon's SRPMs to make RPMs
> with my desired options (that were not in Simon's default), using info on
> Simon's site, it was proverbially eezy, peezy
> 
> so, the level is easy if not easier, documentation provided is excellent,
> you should be able to follow up each step 'just like that'
> 
> 
> 

i am empaqueted simom mudd rpm's for many compliance with rhel and
centos i use with many succes in my host
the adresse
http://ns.fakessh.eu/postfix-2.7.1-1.pcre.pgsql.mysql.sasl2.dovecot.vda.rhel5.src.rpm

http://ns.fakessh.eu/postfix-2.7.1-1.pcre.pgsql.mysql.sasl2.dovecot.vda.rhel5.i386.rpm
- -- 
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/

iD8DBQFM3IiKtXI/OwkhZKcRAmKAAJ9J4ZOlhk9XYlshGhScL9RPKtkxyQCffgSH
uS+Q0K3ugfskIturOxsLC3o=
=Q3mH
-END PGP SIGNATURE-

Re: Upgrade version 2.5.5 to 2.7.1

[fakessh @]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Le 01.12.2010 21:49, Stan Hoeppner a écrit :
> Bruno Costacurta put forth on 12/1/2010 2:19 PM:
>> Hello,
>>
>> I intend to upgrade Postfix version 2.5.5 to 2.7.1.
>> Are there incompatibilities or specific path for upgrade ?
>> Or any manual re-configuration to be done ?
> 
> I performed this exact backports upgrade about a week ago.  As far as I
> recall, no manual master.cf or main.cf changes were *required* although
> I did make some manual changes due the the following becoming available:
> 
> check_reverse_client_hostname_access
> 
> The only "issue" I've come across is that logwatch doesn't recognize
> Postfix log stamps containing "2.7.1", which is no big deal.
> 
> The 2.7.1 backport is running perfectly here so far.
> 

and how to apply this option too I do not use
check_reverse_client_hostname_access

- -- 
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iD8DBQFM9raUtXI/OwkhZKcRAgsgAJ9fqw76IshgD0z6+oZpDh+r8GtFUQCcDPG5
jodLx1K+3Puqx8dsVwa9Z3A=
=6LOs
-END PGP SIGNATURE-

Re: Compile error

[fakessh @]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Le 15.12.2010 19:22, Eero Volotinen a écrit :
> 2010/12/15 M. Rodrigo Monteiro :
>> Hi!
>>
>> I'm tryind to compile Postfix with Dovecot support.
> 
> Why? Can't you just take precompiled binary?
> 
> --
> Eero

i try with succes compiled postfix with dovecot sasl
http://ns.fakessh.eu/postfix-2.7.2-1.pcre.pgsql.mysql.sasl2.dovecot.vda.rhel5.src.rpm
http://ns.fakessh.eu/
postfix-2.7.2-1.pcre.pgsql.mysql.sasl2.dovecot.vda.rhel5.i386.rpm

that its based on the rpm simon mudd with standard option
consult the doumentation on building rpm



- -- 
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iD8DBQFNCQi5tXI/OwkhZKcRAgOoAJ0S0KXrqxQfZdFBZHJxsI/JSc7UOACeNPAn
iTsXOg9ddOMYD/BLHgVNobw=
=4vAC
-END PGP SIGNATURE-

Re: How not to reject invalid recipient domains (here: aol.com)

[fakessh @]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Le 21.12.2010 10:01, Wolfgang Zeikat a écrit :
> Hi,
> 
> apparently, aol.com is currently not resolved via DNS (at least in
> Germany).
> 
> How can I have postfix queue mails to AOL and retry delivery in that
> case instead of bouncing the mails?
> 
> Regards,
> 
> wolfgang
> 
basic security and well in my opinion the reason for the problem

that

- -- 
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iD8DBQFNEOmbtXI/OwkhZKcRAh19AJ9uG9Bc+iooVtvSo1NLZCWUL14JiQCdE2bQ
5JBa6KsczCNf7P8MEBLeYJk=
=ZGso
-END PGP SIGNATURE-

probleme ipv6

[fakessh @]

Hello postfix network. 

I encounter problems in configuring ipv6. 
I documented on the page but I don
http://www.postfix.org/IPV6_README.html happens not connect in ipv6 on
my mail server. 
My ISP does not support ipv6 I found the error in the ipv6 by visiting
http://dnscheck.iis.se/ he tells me a difficulty connecting ipv6 on my
mail server. I possess a slice ipv6 2001:41 D0: DD6 2:3:: / 64 is my
postconf- n to every detail of my config

 ~]# postconf -n
alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases
alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases
body_checks = regexp:/etc/postfix/body_checks.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = dkimproxy:[127.0.0.1]:10029
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
double_bounce_sender = no
header_checks = regexp:/etc/postfix/header_checks.cf
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix-2.7.2-documentation/html
in_flow_delay = 10
inet_interfaces = all
inet_protocols = all
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 2048
milter_protocol = 6
mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net
mydomain = r13151.ovh.net
mynetworks = 127.0.0.0/8 ,87.98.186.232 , [::1]/128 ,
[2001:41D0:2:3Dd6::]/64
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
parent_domain_matches_subdomains = 
queue_directory = /var/spool/postfix
queue_run_delay = 200s
readme_directory = /usr/share/doc/postfix-2.7.2-documentation/readme
recipient_delimiter = +
relay_domains = 
sample_directory = /usr/share/doc/postfix-2.5.4/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions = permit_mynetworks
reject_unknown_reverse_client_hostname reject_unauth_pipelining
reject_non_fqdn_recipient check_client_access
cidr:/etc/postfix/koreacidr.cidr check_client_access
cidr:/etc/postfix/chinacidr.cidr check_helo_access
hash:/etc/postfix/access_client check_helo_access
hash:/etc/postfix/access_host  check_sender_access
hash:/etc/postfix/access_client check_sender_access
hash:/etc/postfix/access_host check_recipient_access
hash:/etc/postfix/access_client check_recipient_access
hash:/etc/postfix/access_host check_client_access
cidr:/etc/postfix/perso_cidr.cidr check_recipient_access
cidr:/etc/postfix/perso_cidr.cidr check_helo_access
cidr:/etc/postfix/perso_cidr.cidr check_client_access
pcre:/etc/postfix/ptr-tld.pcre check_client_access
cidr:/etc/postfix/sinokorea.cidr check_client_access
cidr:/etc/postfix/taiwancidr.cidr  check_client_access
regexp:/etc/postfix/blacklist_clients  check_client_access
cidr:/etc/postfix/asian-ip.cidr  reject_rbl_client relays.orbs.org
check_client_access cidr:/etc/postfix/taiwanipblocksreject.cidr
check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access
cidr:/etc/postfix/BR_cidr.cidr check_client_access
cidr:/etc/postfix/CN_cidr.cidr check_client_access
cidr:/etc/postfix/UA_cidr.cidr check_client_access
cidr:/etc/postfix/TR_cidr.cidr  check_client_access
cidr:/etc/postfix/VE_cidr.cidr check_client_access
cidr:/etc/postfix/VN_cidr.cidr   permit
smtpd_helo_restrictions = permit_mynetworks check_helo_access
cidr:/etc/postfix/koreacidr.cidr check_helo_access
cidr:/etc/postfix/chinacidr.cidr check_helo_access
hash:/etc/postfix/access_client check_helo_access
hash:/etc/postfix/access_host  check_helo_access
hash:/etc/postfix/access_client check_helo_access
hash:/etc/postfix/access_host check_helo_access
hash:/etc/postfix/access_client check_helo_access
hash:/etc/postfix/access_host check_helo_access
cidr:/etc/postfix/perso_cidr.cidr check_helo_access
pcre:/etc/postfix/ptr-tld.pcre check_helo_access
cidr:/etc/postfix/sinokorea.cidr check_helo_access
cidr:/etc/postfix/taiwancidr.cidr  check_helo_access
regexp:/etc/postfix/blacklist_clients  check_helo_access
cidr:/etc/postfix/asian-ip.cidr  check_helo_access
cidr:/etc/postfix/taiwanipblocksreject.cidr  check_helo_access
cidr:/etc/postfix/IN_cidr.cidr check_helo_access
cidr:/etc/postfix/BR_cidr.cidr check_helo_access
cidr:/etc/postfix/CN_cidr.cidr check_helo_access
cidr:/etc/postfix/UA_cidr.cidr check_helo_access
cidr:/etc/postfix/TR_cidr.cidr  check_helo_access
cidr:/etc/postfix/VE_cidr.cidr check_helo_access
cidr:/etc/postfix/VN_cidr.cidr  reject_unauth_pipelining
reject_

Re: probleme ipv6

[fakessh @]

Hello postfix network. 

I found the error in the ipv6 by visiting http://dnscheck.iis.se/ 
he tells me a difficulty connecting ipv6 address postmas...@fakessh.eu

check my network with http;//dnscheck.iis.se

many returns are welcome
Le jeudi 20 janvier 2011 à 19:20 -0500, Steven King a écrit :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> What is the error that you received? If your ISP does not support IPv6
> you will not be able to use IPv6 connectivity unless you have a PoP
> tunnel or some other type of IPv4-to-IPv6 tunnel going on.
> 
> On 1/20/11 6:50 PM, fakessh @ wrote:
> > Hello postfix network.
> >
> > I encounter problems in configuring ipv6.
> > I documented on the page but I don
> > http://www.postfix.org/IPV6_README.html happens not connect in ipv6 on
> > my mail server.
> > My ISP does not support ipv6 I found the error in the ipv6 by visiting
> > http://dnscheck.iis.se/ he tells me a difficulty connecting ipv6 on my
> > mail server. I possess a slice ipv6 2001:41 D0: DD6 2:3:: / 64 is my
> > postconf- n to every detail of my config
> >
> > ~]# postconf -n
> > alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases
> > alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases
> > body_checks = regexp:/etc/postfix/body_checks.cf
> > broken_sasl_auth_clients = yes
> > command_directory = /usr/sbin
> > config_directory = /etc/postfix
> > content_filter = dkimproxy:[127.0.0.1]:10029
> > daemon_directory = /usr/libexec/postfix
> > data_directory = /var/lib/postfix
> > debug_peer_level = 2
> > default_privs = nobody
> > double_bounce_sender = no
> > header_checks = regexp:/etc/postfix/header_checks.cf
> > home_mailbox = Maildir/
> > html_directory = /usr/share/doc/postfix-2.7.2-documentation/html
> > in_flow_delay = 10
> > inet_interfaces = all
> > inet_protocols = all
> > local_recipient_maps = unix:passwd.byname $alias_maps
> > mail_owner = postfix
> > mail_spool_directory = /var/spool/mail
> > mailbox_command = /usr/libexec/dovecot/deliver
> > mailq_path = /usr/bin/mailq.postfix
> > manpage_directory = /usr/share/man
> > message_size_limit = 2048
> > milter_protocol = 6
> > mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
> > mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net
> > mydomain = r13151.ovh.net
> > mynetworks = 127.0.0.0/8 ,87.98.186.232 , [::1]/128 ,
> > [2001:41D0:2:3Dd6::]/64
> > myorigin = $mydomain
> > newaliases_path = /usr/bin/newaliases.postfix
> > parent_domain_matches_subdomains =
> > queue_directory = /var/spool/postfix
> > queue_run_delay = 200s
> > readme_directory = /usr/share/doc/postfix-2.7.2-documentation/readme
> > recipient_delimiter = +
> > relay_domains =
> > sample_directory = /usr/share/doc/postfix-2.5.4/samples
> > sendmail_path = /usr/sbin/sendmail.postfix
> > setgid_group = postdrop
> > smtp_sasl_security_options = noanonymous
> > smtp_sasl_tls_security_options = noanonymous
> > smtp_sender_dependent_authentication = yes
> > smtp_tls_loglevel = 3
> > smtp_tls_note_starttls_offer = yes
> > smtp_tls_session_cache_database =
> > btree:/var/lib/postfix/smtp_tls_session_cache
> > smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
> > smtpd_client_restrictions = permit_mynetworks
> > reject_unknown_reverse_client_hostname reject_unauth_pipelining
> > reject_non_fqdn_recipient check_client_access
> > cidr:/etc/postfix/koreacidr.cidr check_client_access
> > cidr:/etc/postfix/chinacidr.cidr check_helo_access
> > hash:/etc/postfix/access_client check_helo_access
> > hash:/etc/postfix/access_host check_sender_access
> > hash:/etc/postfix/access_client check_sender_access
> > hash:/etc/postfix/access_host check_recipient_access
> > hash:/etc/postfix/access_client check_recipient_access
> > hash:/etc/postfix/access_host check_client_access
> > cidr:/etc/postfix/perso_cidr.cidr check_recipient_access
> > cidr:/etc/postfix/perso_cidr.cidr check_helo_access
> > cidr:/etc/postfix/perso_cidr.cidr check_client_access
> > pcre:/etc/postfix/ptr-tld.pcre check_client_access
> > cidr:/etc/postfix/sinokorea.cidr check_client_access
> > cidr:/etc/postfix/taiwancidr.cidr check_client_access
> > regexp:/etc/postfix/blacklist_clients check_client_access
> > cidr:/etc/postfix/asian-ip.cidr reject_rbl_client relays.orbs.org
> > check_client_access cidr:/etc/postfix/taiwanipblocksreject.cidr
> > check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access
> > cidr:/etc/postfix/BR_cidr.cidr check

Re: probleme ipv6

[fakessh @]

my ISP does not support ipv6
my service for hosting support ipv6


Le vendredi 21 janvier 2011 à 02:40 +0100, Reindl Harald a écrit :
> What do you exactly mean with
> 
> > My ISP does not support ipv6
> 
> If the ISP for your server does not support IPv6 you
> can not use IPv6 for services
> 
> Am 21.01.2011 02:33, schrieb fakessh @:
> > Hello postfix network. 
> > 
> > I found the error in the ipv6 by visiting http://dnscheck.iis.se/ 
> > he tells me a difficulty connecting ipv6 address postmas...@fakessh.eu
> > 
> > check my network with http;//dnscheck.iis.se
> > 
> > many returns are welcome
> > Le jeudi 20 janvier 2011 à 19:20 -0500, Steven King a écrit :
> > What is the error that you received? If your ISP does not support IPv6
> > you will not be able to use IPv6 connectivity unless you have a PoP
> > tunnel or some other type of IPv4-to-IPv6 tunnel going on.
> 
-- 
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7


signature.asc
Description: Ceci est une partie de message	numériquement signée

probleme ipv6

[fakessh @]

postfix network hello, hello Wieste. 


I think I have successfully configure ipv6 on my server anyway 
dig answer seems good. 
~]$ dig  fakessh.eu @8.8.8.8 +short
2001:41d0:2:3dd6:1234:5678:9abc:def0


and yet sometimes I don not connect to my postfix ipv6 source


I have read the manual and I don 't always happens not all I possess a
slice ipv6 2001:41D0:DD62:3::/64

this my postconf -n
r13151 ~]# postconf -n
alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases
alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases
body_checks = regexp:/etc/postfix/body_checks.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = dkimproxy:[127.0.0.1]:10029
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
double_bounce_sender = no
header_checks = regexp:/etc/postfix/header_checks.cf
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix-2.7.2-documentation/html
in_flow_delay = 10
inet_interfaces = all
inet_protocols = all
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 2048
milter_protocol = 6
mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net
mydomain = r13151.ovh.net
mynetworks = 127.0.0.0/8 ,87.98.186.232 , [::1]/128 ,
[2001:41D0:2:3Dd6::]/64
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
parent_domain_matches_subdomains = 
queue_directory = /var/spool/postfix
queue_run_delay = 200s
readme_directory = /usr/share/doc/postfix-2.7.2-documentation/readme
recipient_delimiter = +
relay_domains = 
sample_directory = /usr/share/doc/postfix-2.5.4/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions = permit_mynetworks
reject_unknown_reverse_client_hostname reject_unauth_pipelining
reject_non_fqdn_recipient check_client_access
cidr:/etc/postfix/koreacidr.cidr check_client_access
cidr:/etc/postfix/chinacidr.cidr check_helo_access
hash:/etc/postfix/access_client check_helo_access
hash:/etc/postfix/access_host  check_sender_access
hash:/etc/postfix/access_client check_sender_access
hash:/etc/postfix/access_host check_recipient_access
hash:/etc/postfix/access_client check_recipient_access
hash:/etc/postfix/access_host check_client_access
cidr:/etc/postfix/perso_cidr.cidr check_recipient_access
cidr:/etc/postfix/perso_cidr.cidr check_helo_access
cidr:/etc/postfix/perso_cidr.cidr check_client_access
pcre:/etc/postfix/ptr-tld.pcre check_client_access
cidr:/etc/postfix/sinokorea.cidr check_client_access
cidr:/etc/postfix/taiwancidr.cidr  check_client_access
regexp:/etc/postfix/blacklist_clients  check_client_access
cidr:/etc/postfix/asian-ip.cidr  reject_rbl_client relays.orbs.org
check_client_access cidr:/etc/postfix/taiwanipblocksreject.cidr
check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access
cidr:/etc/postfix/BR_cidr.cidr check_client_access
cidr:/etc/postfix/CN_cidr.cidr check_client_access
cidr:/etc/postfix/UA_cidr.cidr check_client_access
cidr:/etc/postfix/TR_cidr.cidr  check_client_access
cidr:/etc/postfix/VE_cidr.cidr check_client_access
cidr:/etc/postfix/VN_cidr.cidr   permit
smtpd_helo_restrictions = permit_mynetworks check_helo_access
cidr:/etc/postfix/koreacidr.cidr check_helo_access
cidr:/etc/postfix/chinacidr.cidr check_helo_access
hash:/etc/postfix/access_client check_helo_access
hash:/etc/postfix/access_host  check_helo_access
hash:/etc/postfix/access_client check_helo_access
hash:/etc/postfix/access_host check_helo_access
hash:/etc/postfix/access_client check_helo_access
hash:/etc/postfix/access_host check_helo_access
cidr:/etc/postfix/perso_cidr.cidr check_helo_access
pcre:/etc/postfix/ptr-tld.pcre check_helo_access
cidr:/etc/postfix/sinokorea.cidr check_helo_access
cidr:/etc/postfix/taiwancidr.cidr  check_helo_access
regexp:/etc/postfix/blacklist_clients  check_helo_access
cidr:/etc/postfix/asian-ip.cidr  check_helo_access
cidr:/etc/postfix/taiwanipblocksreject.cidr  check_helo_access
cidr:/etc/postfix/IN_cidr.cidr check_helo_access
cidr:/etc/postfix/BR_cidr.cidr check_helo_access
cidr:/etc/postfix/CN_cidr.cidr check_helo_access
cidr:/etc/postfix/UA_cidr.cidr check_helo_access
cidr:/etc/postfix/TR_cidr.cidr  check_helo_access
cidr:/etc/postfix/VE_cidr.cidr check_helo_access
cidr:/etc/postfix/VN_cidr.cidr  reject_unauth_pipelining
reject_invalid_hostname  permit
smtpd_milters = i

Re: Outbound relayhost distribution

[fakessh @]

the quantity of deferred is yahoo response : this as that that is this
Le vendredi 25 février 2011 à 15:29 -0800, Robert Goodyear a écrit :
> On Feb 25, 2011, at 2:58 PM, Victor Duchovni wrote:
> 
> > On Fri, Feb 25, 2011 at 02:38:16PM -0800, Robert Goodyear wrote:
> > 
> >>> Have you seen problem relays in your upstream relay mix? What real
> >>> symptoms do they exhibit and what is the observed impact on the upstream
> >>> Postfix SMTP client?
> >> 
> >> I'm going to run some analytics on my last 12 months' worth of outbound
> >> messages to get more scientific with my gut instincts here. It's about 270
> >> million messages, and my observation is that when we have a spike of 4 or
> >> 5 million that need to deliver at a certain point in time (surrounding a
> >> critical/time-sensitive product launch) that my deferred queues saturate
> >> too quickly.
> > 
> > 20 million a month is a moderate mail flow if it is mail from ~50-100K
> > users spread out over the day. I would then expect no more than ~1K
> > messages in the deferred queue of each ~4 machines to be about the right
> > quantity of deferred email.
> > 
> > 4 million messages to deliver all at once is a very different problem.
> 
> It is definitely a lumpy distribution -- probably 2 to 3 per month of ~4-5 
> million to North American subscribers, interspersed with smaller regional 
> (outside North America) campaigns of 250-300K that sometimes coincide with 
> one of the big campaigns. Of course I could start building "stovepipes" in my 
> topology to isolate activity so one doesn't affect the other, but then 
> conversely I might have cold MTAs sitting idle when I could be using them. I 
> *do* have some regional points of presence where I have MTAs close to the 
> subscribers for their markets, e.g.: UK, EU and SE Asia; maybe I should 
> experiment with offloading deferred North America queues to them. I wonder if 
> their inherent latency would act as a rate limiter of sorts that would play 
> more nicely with recipient domains?
> 
> Anyway I'm speculating... let me go crazy with SPSS and look for some 
> absolute patterns in the last year here.
> 
> 
-- 
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7


signature.asc
Description: Ceci est une partie de message	numériquement signée

Re: Postfix "Toaster" - replacing vpopmail

[fakessh]

> (MySQL+Postfix+Courier(+Amavisd-new)) and we are quite happy with it.
> Check it at http://www.ispconfig.org

its lol ? ... trool

On Sun, 19 Jul 2009 20:29:08 +0200, Ignacio Garcia  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> 
 -Continued use of Courier-IMAP.  Not so much because I like it, but I
 don't want POP UUIDs changing or any big changes in IMAP quirks that
 suddenly cause users grief.  It seems like Courier+Maildrop is fairly
 common though, so I think I'm safe there.
>>
> 
> We recently moved from a very good, very old and unmaintained
> LDAP+Postfix+Cyrus solution (ISPMan) to ISPConfig version 3
> (MySQL+Postfix+Courier(+Amavisd-new)) and we are quite happy with it.
> Check it at http://www.ispconfig.org
> 
> Ignacio
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkpjZfEACgkQoYMx3fsuWuq8sACggt4mZFqWgiNtdgS5e4vy7D4V
> pxgAn1EZPeH7IDBb9hEjzhOrTrnNzLWe
> =5zCe
> -END PGP SIGNATURE-

Re: Postfix "Toaster" - replacing vpopmail

[fakessh]

work fine on my box CentOS 5.3

http://pastebin.ca/1501508

On Mon, 20 Jul 2009 17:04:41 -0400, Charles Marcus
 wrote:
> On 7/20/2009, LuKreme (krem...@kreme.com) wrote:
>> Before I bought my iTouch last year I thought I was going to hate the
>> touch-screen keyboard, but the auto correction and the editing is so
>> easy that it's not much of an issue. Now with the 3GS I am even
>> willing to type fairly long emails with it since I can easily cut
>> quoted material and can reply to selected portions of an email.
> 
> I've used the iPhone (3 here in the office I have to set up), and
> they're not horrible, but I much prefer the keyboard on my G1...
> 
> --
> 
> Best regards,
> 
> Charles

Re: Domain Key Issues

[fakessh]

uses dkimproxy 1.1

work fine in my box

On Wed, 22 Jul 2009 10:35:12 -0500, Noel Jones 
wrote:
> Zakir Shaikh wrote:
>> Now, my problem is that when I send mails using webmail from the local
>> user configured through vPostmaster then the mails are getting signed
>> BUT the issue is that when the mails sent from different machines using
>> their applicaitons then the messages are delivered but Not signed. [
>> I've already added their IP addreses here: mynetworks = xx.xx.xx.xx in
>> main.cf]
>> What am i Missing?
>> Is this a postfix issue or a Domain Keys issue ?
> 
> This is a Domain Keys issue.  See the -i option to dk-filter
> to add which IPs should be signed.
> 
> And note that Domain Keys is less used these days.  Consider
> dropping it and using DKIM instead.
> 
> 
>-- Noel Jones

Re: Domain Key Issues

[fakessh]

i use dkimproxy 1.1 , I dont use the beta release on my box



On Fri, 24 Jul 2009 19:36:28 +0530 (IST), Zakir Shaikh
 wrote:
> Thanks fakessh,
> 
> Dkimproxy did the Magic!
> works gr8.. for both - Domain Keys & DKIM.
> 
> 
>  Thanks & Regards,
> Zakir H. Shaikh
> 
> 
> 
> 
> ____
> From: fakessh 
> To: Zakir Shaikh 
> Cc: postfix mailing list ;
> njo...@megan.vbhcs.org
> Sent: Friday, 24 July, 2009 4:34:06 PM
> Subject: Re: Domain Key Issues
> 
> 
> uses dkimproxy 1.1
> 
> its work fine on my box
> CentOS 5.3
> On Fri, 24 Jul 2009 16:16:54 +0530 (IST), Zakir Shaikh
>  wrote:
>>> This is a Domain Keys issue.  See the -i option to dk-filter to add
> which
>> IPs should be signed.
>> 
>>> And note that Domain Keys is less used these days.  Consider dropping
> it
>> and using DKIM instead. 
>> 
>>  
>> Thanks for the suggestion.
>> But it is Still Not Working. I tried with the " -i filename "option
>> providing the list of IP-addresses that will sending/relaying the mails
>> through the main server.
>> The file entries have been properly fed with each IP on a different
> line,
>> as mentioned in the man page.
>> 
>> I'm wondering, is there a 100 % solution for the Domain Keys & DKIM
>> implementations ?
>> 
>> 
>> Thanks & Regards,
>> Zakir H. Shaikh
>> 
>> 
>> 
>>   Love Cricket? Check out live scores, photos, video highlights and
>> more. Click here http://cricket.yahoo.com
> 
> 
> 
>   See the Web's breaking stories, chosen by people like you. Check
> out Yahoo! Buzz. http://in.buzz.yahoo.com/

Re: High volume Milter experiences?

[fakessh]

may be used in
http://milter-manager.sourceforge.net/

On Fri, 31 Jul 2009 21:59:47 +0200, Patrick Ben Koetter
 wrote:
> Did anybody ever measure how many clients a Postfix server using Milter
can
> serve?
> 
> Somewhere hidden in my brain I recall someone on the list reporting
> problems
> with Milter under high load. I am wondering how high the load was and if
> there
> was a solution to the problem?
> 
> Reason I am asking is: I need to plan a rather large system (~600
> messages/sec
> at 150kb average size) and I ask myself if I need to do some tests now or
> if I
> can rely on some others numbers for the moment and do the tests at a
later
> stage.
> 
> Thanks,
> 
> p...@rick
> 
> --
> All technical answers asked privately will be automatically answered on
> the list and archived for public access unless privacy is explicitely
> required and justified.
> 
> saslfinger (debugging SMTP AUTH):
> 

Re: Postfix SMTP server: errors from 6.mail-out.ovh.net[91.121.25.210]

[fakessh]

I just changed the password. sorry i'am r13151.ovh.net

On Tue,  4 Aug 2009 18:06:42 +0200 (CEST), mailer-dae...@r13151.ovh.net
(Mail Delivery System) wrote:
> Transcript of session follows.
> 
>  Out: 220 r13151.ovh.net ESMTP Postfix (2.5.1)
>  In:  HELO 6.mail-out.ovh.net
>  Out: 250 r13151.ovh.net
>  In:  MAIL FROM:
>  Out: 250 2.1.0 Ok
>  In:  RCPT TO:
>  Out: 451 4.3.5 Server configuration error
>  In:  QUIT
>  Out: 221 2.0.0 Bye

Re: Postfix SMTP server: errors from 6.mail-out.ovh.net[91.121.25.210]

[fakessh]

I just changed the password. sorry I'm r13151.ovh.net
On Tue,  4 Aug 2009 18:16:52 +0200 (CEST), mailer-dae...@r13151.ovh.net
(Mail Delivery System) wrote:
> Transcript of session follows.
> 
>  Out: 220 r13151.ovh.net ESMTP Postfix (2.5.1)
>  In:  HELO 6.mail-out.ovh.net
>  Out: 250 r13151.ovh.net
>  In:  MAIL FROM:
>  Out: 250 2.1.0 Ok
>  In:  RCPT TO:
>  Out: 451 4.3.5 Server configuration error
>  In:  QUIT
>  Out: 221 2.0.0 Bye

how well set + anvil

[fakessh]

hi all
hi list

how well set + anvil
I would like to fine tune + anvil

I wish there was not time to expectations identified in the original
configuration of postfix. 
I would minimize the role of + anvil

I often trade very fast mail that are slowed down by anvil

thanks for all your

nb : "Buddha" peace themselve

my problem is solved I'm not sending bounce

[fakessh]

Hi  URGENT


my problem is solved I'm not sending bounce

double_bounce_sender=no
bounce_notice_recipient = postmaster

sorry

startssl and CA autority

[fakessh]

hi all

hi postfix list

I worked all day to develop my certificates
with certificates free of startssl

I based this document
http://translate.google.fr/translate?js=y&prev=_t&hl=fr&ie=UTF-8&u=http%3A%2F%2Fwww.grandville.net%2FOpenSSL%2FLigneDeCommande&sl=fr&tl=en

I realized correctly signed certificates

I read in the doc startssl the need to import this document among the
certificates


how to incorporate the certificates in postfix?


thanks for all your feedback

thanks all your

thanks

nb : je ne parle pas anglais

Re: startssl and CA autority

[fakessh]

On Sun, 29 Nov 2009 03:00:46 +0100, fakessh  wrote:
> hi all
> 
> hi postfix list
> 
> I worked all day to develop my certificates
> with certificates free of startssl
> 
> I based this document
>
http://translate.google.fr/translate?js=y&prev=_t&hl=fr&ie=UTF-8&u=http%3A%2F%2Fwww.grandville.net%2FOpenSSL%2FLigneDeCommande&sl=fr&tl=en
> 
> I realized correctly signed certificates
> 
> I read in the doc startssl the need to import this document among the
> certificates
> 

to import the document 
https://www.startssl.com/certs/sub.class1.client.ca.pem

> 
> how to incorporate the certificates in postfix?
> 
> 
> thanks for all your feedback
> 
> thanks all your
> 
> thanks
> 
> nb : je ne parle pas anglais

Re: startssl and CA autority

[fakessh]

On Sun, 29 Nov 2009 03:06:41 +0100, fakessh  wrote:
> On Sun, 29 Nov 2009 03:00:46 +0100, fakessh  wrote:
>> hi all
>> 
>> hi postfix list
>> 
>> I worked all day to develop my certificates
>> with certificates free of startssl
>> 


I properly set up my certificates as provided for postfix dovecot

everything works well. 
thunderbird stores and accept without complaint, 
and he tells me even though they come from a certification authority


>> 
>> thanks for all your feedback
>> 
>> thanks all your
>> 
>> thanks
>> 
>> nb : je ne parle pas anglais

possible hack to postfix

[fakessh]

hello all
hello list

I think there is a problem in the basic configuration of Postfix
the basic configuration of Postfix is included in the rpm and sources

I accessed the standard configuration file

# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
# 
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
# 
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table


it is then possible to make a 'helo 168.100.189.5' and after this command
to bounce to anyone even with the new postfix


I think it is probably possible. when do you?

Re: Kernel Oops

[fakessh @]

it is necessary to consider the option

parent_domain_matches_subdomains =

Le mardi 08 mars 2011 à 00:45 +0100, mouss a écrit :
> Le 07/03/2011 15:13, Stan Hoeppner a écrit :
> > Noel Jones put forth on 3/7/2011 7:00 AM:
> >> On 3/7/2011 4:47 AM, Stan Hoeppner wrote:
> >>>
> >>> I was taught to always start my expressions with "/^" and end them with
> >>> "$/".  Why did Steven teach me to do this if it's not necessary?
> >>
> >> That's good advice when you're actually matching something.
> > 
> > Ok, so if I'm doing what I've heard called a "fully qualified regular
> > expression", WRT FQrDNS matching, should I use the anchors or not?
> > postmap -q says these all work (the actuals with action and text that is).
> > 
> > /^(\d{1,3}-){3}\d{1,3}\.dynamic\.chello\.sk$/
> 
> .dynamic.chello.skREJECT blah blah
> 
> 
> > /^(\d{1,3}\.){4}dsl\.dyn\.forthnet\.gr$/
> 
> .dyn.forthnet.gr  REJECT blah blah
> 
> > /^(\d{1,3}-){4}adsl-dyn\.4u\.com\.gh$/
> /dyn\.4u.com\.gh$/REJECT blah
> 
> assuming you get real mail from there. otherwise
> .4u.com.ghREJECT blah
> 
> > /^[\d\w]{8}\.[\w]{2}-[\d]-[\d\w]{2}\.dynamic\.ziggo\.nl$/
> 
> ahem? I fail to see what yoy're trying to match here. \d is a \w, so
> [\d\w] is the same as \w. do you mean \W (capital letter)? anyway:
> 
> .dynamic.ziggo.nl  REJECT blah blah
> 
> > /^(\d{1,3}\.){4}dynamic\.snap\.net\.nz$/
> .dynamic.snap.net.nz  REJECT blah
> 
> > /^pppoe-dyn(-\d{1,3}){4}\.kosnet\.ru$/
> /\Wdyn\W.*\.kosnet\.ru$/  REJECT blah
> 
> > 
> >> The special case of .* means, as you know, "anything or nothing". 
> >> There's never a case where it's necessary to explicitly match a leading
> >> or trailing "anything or nothing".
> > 
> > What of the case where you want to match something in the middle of the
> > input string, with extra junk on both ends?
> 
> well, that's what regular expressions are about by default:
> /foo/ means contains foo
> /^foo/ means starts with foo
> /foo$/ means ends with foo
> 
> so
> /^bart.*homer.*marge$/ means: starts with "bart", ends with "marge" and
> somewhere between these contains "homer".
> 
> 
> > 
> >> Consider:
> >> /^.*foo$/
> >>   match the string beginning with anything or nothing, ending with foo.
> >>
> >> can always be simplified to:
> >> /foo$/
> >>   match the string ending with foo.
> >>
> >> This works the same without the ending $ anchor (contains foo, rather
> >> than ends with foo), but helps the illustration.
> > 
> > So, in my examples above, given we're matching rDNS patterns, are the
> > anchors necessary, or helpful?  If not using them means "contains", then
> > they should still match.  What advantage is there to using the anchors
> > when matching rDNS patterns?  Any?
> > 
> >> (In the other special case where you're using $1, $2, etc. substitution
> >> in the result, you might need some form of /^(.*foo)$/ to fill the
> >> substitution buffer, but that's about substitution, not about matching.)
> > 
> > Thank you for the continuing PCRE education Noel, and Ansgar. :)
> > 
> 
-- 
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7


signature.asc
Description: Ceci est une partie de message	numériquement signée

Re: Postfix 2.7.3, 2.6.9, 2.5.12 and 2.4.16 available

[fakessh @]

when is it the official rpm. 
Simon Mudd
the new rpms are still not present



Le lundi 07 mars 2011 à 15:18 -0500, Wietse Venema a écrit :
> [An on-line version of this announcement will be available at
> http://www.postfix.org/announcements/postfix-2.7.3.html]
> 
> Postfix legacy releases 2.7.3, 2.6.9, 2.5.12 and 2.4.16 are available.
> These releases contain a fix for CVE-2011-0411 which allows plaintext
> command injection with SMTP sessions over TLS. This defect was
> introduced with Postfix version 2.2. The same flaw exists in other
> implementations of the STARTTLS command.
> 
> Note: CVE-2011-0411 is an issue only for the minority of SMTP
> clients that actually verify server certificates. Without server
> certificate verification, clients are always vulnerable to
> man-in-the-middle attacks that allow attackers to inject
> plaintext commands or responses into SMTP sessions, and more.
> 
> Postfix 2.8 and 2.9 are not affected.
> 
> The following problems were fixed with the Postfix legacy releases:
> 
> * Fix for CVE-2011-0411: discard buffered plaintext input,
>   after reading the SMTP "STARTTLS" command or response.  
> 
> * Fix to the local delivery agent: look up the "unextended"
>   address in the local aliases database, when that address has
>   a malformed address extension.  
> 
> * Fix to virtual alias expansion: report a tempfail error,
>   instead of silently ignoring recipients that exceed the
>   virtual_alias_expansion_limit or the virtual_alias_recursion_limit.
> 
> * Fix for Solaris: the Postfix event engine was deaf for SIGHUP
>   and SIGALRM signals after the switch from select() to /dev/poll.
>   Symptoms were delayed "postfix reload" response, and killed
>   processes with watchdog timeout values under 100 seconds.
> 
> * Fix for HP-UX: the Postfix event engine was deaf for SIGALRM
>   signals. Symptoms were killed processes with watchdog timeout
>   values under 100 seconds.  
> 
> * Fix for BSD-ish mkdir() to prevent maildir directories from
>   inheriting their group ownership from the parent directory.
> 
> * Fix to the SMTP client: missing support for mail to
>   [ipv6:ipv6addr] address literal destinations.  
> 
> * FreeBSD back-ported closefrom() from FreeBSD 8x to 7x, breaking
>   Postfix builds retroactively.
> 
> Historical note:
> 
> Wietse Venema discovered the problem two weeks before the
> Postfix 2.8 release, and silently fixed it pending further
> investigation. While investigating the problem's scope and
> impact, Victor Duchovni found that many other TLS applications
> were also affected. At that point, CERT/CC was asked to coordinate
> with the problem's resolution.
> 
> You can find the updated Postfix source code at the mirrors listed
> at http://www.postfix.org/.
-- 
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7


signature.asc
Description: Ceci est une partie de message	numériquement signée

how add X-AntiAbuse header

[fakessh]

hello postfix guru
hello wieste
hello mouss




I would like to add anti-abuse headers. I just spent a good little time to 
watch list archives and found no answers

example of a header that I want to appear in my mail

X-AntiAbuse: This header was added to track abuse, please include it with any 
abuse report
X-AntiAbuse: Primary Hostname - medford.localsev.com
X-AntiAbuse: Original Domain - hotmail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - in-ex.s



thanks 


-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgpecB72ZZhQm.pgp
Description: PGP signature

Re: how add X-AntiAbuse header

[fakessh]

Le lundi 18 avril 2011 03:27, Noel Jones a écrit :
> On 4/17/2011 6:28 PM, fakessh wrote:
> > hello postfix guru
> > hello wieste
> > hello mouss
> >
> >
> >
> >
> > I would like to add anti-abuse headers. I just spent a good little time
> > to watch list archives and found no answers
> >
> > example of a header that I want to appear in my mail
> >
> > X-AntiAbuse: This header was added to track abuse, please include it with
> > any abuse report
> > X-AntiAbuse: Primary Hostname - medford.localsev.com
> > X-AntiAbuse: Original Domain - hotmail.com
> > X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
> > X-AntiAbuse: Sender Address Domain - in-ex.s
>
> I think these are Exim headers, at any rate postfix doesn't
> add headers like that.  All that information is already in the
> Received: header postfix adds.
>
> If you want to add additional informative headers, you can use
> an access table or policy service with the PREPEND action, or
> use a milter that adds extra headers.  Note that PREPEND can
> add one single-line header with each call.
> http://www.postfix.org/access.5.html
> http://www.postfix.org/postconf.5.html#check_client_access
> http://www.postfix.org/postconf.5.html#check_sender_access
> http://www.postfix.org/postconf.5.html#check_recipient_access
> http://www.postfix.org/SMTPD_POLICY_README.html
> http://www.postfix.org/MILTER_README.html
>
>
>-- Noel Jones


thank you for your explanations Noel Jones

-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgpUTO5WhVzX3.pgp
Description: PGP signature

Re: how add X-AntiAbuse header

[fakessh]

Le lundi 18 avril 2011 13:10, Morten P.D. Stevens a écrit :
> 2011/4/18 fakessh :
> > I would like to add anti-abuse headers. I just spent a good little time
> > to watch list archives and found no answers
> >
> > example of a header that I want to appear in my mail
> >
> > X-AntiAbuse: This header was added to track abuse, please include it with
> > any abuse report
> > X-AntiAbuse: Primary Hostname - medford.localsev.com
> > X-AntiAbuse: Original Domain - hotmail.com
> > X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
> > X-AntiAbuse: Sender Address Domain - in-ex.s
>
> Hi,
>
> With MIMEDefang you can do that.
> http://www.mimedefang.org/
>
> For example:
>
> /etc/mail/mimedefang-filter
>
> action_add_header("X-AntiAbuse-Helo", "$Helo");
> action_add_header("X-AntiAbuse-Relayhostname", "$RelayHostname");
> action_add_header("X-AntiAbuse-Relayaddr", "$RelayAddr");
> action_add_header("X-AntiAbuse-Sender", "$Sender ");
> action_add_header("X-AntiAbuse-Score", "$hits ($score) $names");
>
> and much more.
>
> Best regards,
>
> Morten


thanks Morten


and how to configure In My postfix. I think as a type sid-milter milter or 
other milter , 
enlighten me please. 
Give me a specific example of configuration with postfix


-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgpDbQCVnXxG0.pgp
Description: PGP signature

Re: how add X-AntiAbuse header

[fakessh]

Le lundi 18 avril 2011 14:16, Noel Jones a écrit :
> On 4/18/2011 6:46 AM, fakessh wrote:
> > Le lundi 18 avril 2011 13:10, Morten P.D. Stevens a écrit :
> >> 2011/4/18 fakessh:
> >>> I would like to add anti-abuse headers. I just spent a good little time
> >>> to watch list archives and found no answers
> >>>
> >>> example of a header that I want to appear in my mail
> >>>
> >>> X-AntiAbuse: This header was added to track abuse, please include it
> >>> with any abuse report
> >>> X-AntiAbuse: Primary Hostname - medford.localsev.com
> >>> X-AntiAbuse: Original Domain - hotmail.com
> >>> X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
> >>> X-AntiAbuse: Sender Address Domain - in-ex.s
> >>
> >> Hi,
> >>
> >> With MIMEDefang you can do that.
> >> http://www.mimedefang.org/
> >>
> >> For example:
> >>
> >> /etc/mail/mimedefang-filter
> >>
> >> action_add_header("X-AntiAbuse-Helo", "$Helo");
> >> action_add_header("X-AntiAbuse-Relayhostname", "$RelayHostname");
> >> action_add_header("X-AntiAbuse-Relayaddr", "$RelayAddr");
> >> action_add_header("X-AntiAbuse-Sender", "$Sender ");
> >> action_add_header("X-AntiAbuse-Score", "$hits ($score) $names");
> >>
> >> and much more.
> >>
> >> Best regards,
> >>
> >> Morten
> >
> > thanks Morten
> >
> >
> > and how to configure In My postfix. I think as a type sid-milter milter
> > or other milter ,
> > enlighten me please.
> > Give me a specific example of configuration with postfix
>
> Configuring postfix to use a milter is very easy.
>
> 1. configure your milter to listen on some local port.  eg
> 127.0.0.1:2550
>
> 2. tell postfix to use that same port
> # main.cf
> smtpd_milters = inet:127.0.0.1:2550
>
> That's all that is usually required.
>
> All other configuration is done in the milter.
>
> You can use a unix socket rather than a TCP port, but
> sometimes the permissions and paths get a little tricky,
> particularly if using chroot.
>
> http://www.postfix.org/MILTER_README.html
>
>
>
>-- Noel Jones

thanks Noel Jones for your return

it works correctly but I do not write to file mimedefang-filter instructions 
for writing the header X-anti-abuse

-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgpEFzWFDcZmF.pgp
Description: PGP signature

Re: how add X-AntiAbuse header

[fakessh]

Le mardi 19 avril 2011 01:22, fakessh a écrit :
> Le lundi 18 avril 2011 14:16, Noel Jones a écrit :
> > On 4/18/2011 6:46 AM, fakessh wrote:
> > > Le lundi 18 avril 2011 13:10, Morten P.D. Stevens a écrit :
> > >> 2011/4/18 fakessh:
> > >>> I would like to add anti-abuse headers. I just spent a good little
> > >>> time to watch list archives and found no answers
> > >>>
> > >>> example of a header that I want to appear in my mail
> > >>>
> > >>> X-AntiAbuse: This header was added to track abuse, please include it
> > >>> with any abuse report
> > >>> X-AntiAbuse: Primary Hostname - medford.localsev.com
> > >>> X-AntiAbuse: Original Domain - hotmail.com
> > >>> X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
> > >>> X-AntiAbuse: Sender Address Domain - in-ex.s
> > >>
> > >> Hi,
> > >>
> > >> With MIMEDefang you can do that.
> > >> http://www.mimedefang.org/
> > >>
> > >> For example:
> > >>
> > >> /etc/mail/mimedefang-filter
> > >>
> > >> action_add_header("X-AntiAbuse-Helo", "$Helo");
> > >> action_add_header("X-AntiAbuse-Relayhostname", "$RelayHostname");
> > >> action_add_header("X-AntiAbuse-Relayaddr", "$RelayAddr");
> > >> action_add_header("X-AntiAbuse-Sender", "$Sender ");
> > >> action_add_header("X-AntiAbuse-Score", "$hits ($score) $names");
> > >>
> > >> and much more.
> > >>
> > >> Best regards,
> > >>
> > >> Morten
> > >
> > > thanks Morten
> > >
> > >
> > > and how to configure In My postfix. I think as a type sid-milter milter
> > > or other milter ,
> > > enlighten me please.
> > > Give me a specific example of configuration with postfix
> >
> > Configuring postfix to use a milter is very easy.
> >
> > 1. configure your milter to listen on some local port.  eg
> > 127.0.0.1:2550
> >
> > 2. tell postfix to use that same port
> > # main.cf
> > smtpd_milters = inet:127.0.0.1:2550
> >
> > That's all that is usually required.
> >
> > All other configuration is done in the milter.
> >
> > You can use a unix socket rather than a TCP port, but
> > sometimes the permissions and paths get a little tricky,
> > particularly if using chroot.
> >
> > http://www.postfix.org/MILTER_README.html
> >
> >
> >
> >-- Noel Jones
>
> thanks Noel Jones for your return
>
> it works correctly but I do not write to file mimedefang-filter
> instructions for writing the header X-anti-abuse


thanks all 

it's work fine greet RTFM with perl
header X-AntiAbuse inserted 

greet

nb : i make a post on my blog for explain 

-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgphtszsvLE0D.pgp
Description: PGP signature

only accept EHLO and I see that I refuse a lot of legitimate mail

[fakessh]

hello postfix guru
hello Wieste and other develloper


I already post a question asking for more. 

how to allow both HELO and EHLO. I currently only accept EHLO and I see that I 
refuse a lot of legitimate mail


my postconf -n

r13151 ~]# postconf -n
alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases
alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases
body_checks = regexp:/etc/postfix/body_checks.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = dkimproxy:[127.0.0.1]:10029
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] 
blocked using $rbl_domain${rbl_reason?; $rbl_reason}
double_bounce_sender = no
header_checks = regexp:/etc/postfix/header_checks.cf
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix-2.7.3-documentation/html
in_flow_delay = 10
inet_interfaces = all
inet_protocols = all
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/libexec/dovecot/dovecot-lda
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 2048
milter_command_timeout = 30s
milter_connect_macros = j {daemon_name} v
milter_connect_timeout = 30s
milter_content_timeout = 300s
milter_data_macros = i
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} 
{cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
milter_protocol = 2
milter_rcpt_macros = i {rcpt_addr}
milter_unknown_command_macros =
mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net
mydomain = r13151.ovh.net
mynetworks = 127.0.0.0/8 ,87.98.186.232 , [::1]/128 , [2001:41D0:2:3Dd6::]/64
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
parent_domain_matches_subdomains =
queue_directory = /var/spool/postfix
queue_run_delay = 200s
readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme
recipient_delimiter = +
relay_domains =
sample_directory = /usr/share/doc/postfix-2.5.4/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = 
btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions = permit_mynetworks 
reject_unknown_reverse_client_hostname reject_unauth_pipelining  
reject_non_fqdn_recipient check_client_access 
cidr:/etc/postfix/koreacidr.cidr check_client_access 
cidr:/etc/postfix/chinacidr.cidr check_helo_access 
hash:/etc/postfix/access_client check_helo_access 
hash:/etc/postfix/access_host  check_sender_access 
hash:/etc/postfix/access_client check_sender_access 
hash:/etc/postfix/access_host check_recipient_access 
hash:/etc/postfix/access_client check_recipient_access 
hash:/etc/postfix/access_host check_client_access 
cidr:/etc/postfix/perso_cidr.cidr check_recipient_access 
cidr:/etc/postfix/perso_cidr.cidr check_helo_access 
cidr:/etc/postfix/perso_cidr.cidr check_client_access 
pcre:/etc/postfix/ptr-tld.pcre check_client_access 
cidr:/etc/postfix/sinokorea.cidr check_client_access 
cidr:/etc/postfix/taiwancidr.cidr  check_client_access 
regexp:/etc/postfix/blacklist_clients  check_client_access 
cidr:/etc/postfix/asian-ip.cidr  reject_rbl_client relays.orbs.org 
check_client_access cidr:/etc/postfix/taiwanipblocksreject.cidr  
check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access 
cidr:/etc/postfix/BR_cidr.cidr check_client_access 
cidr:/etc/postfix/CN_cidr.cidr check_client_access 
cidr:/etc/postfix/UA_cidr.cidr check_client_access 
cidr:/etc/postfix/TR_cidr.cidr  check_client_access 
cidr:/etc/postfix/VE_cidr.cidr check_client_access 
cidr:/etc/postfix/VN_cidr.cidr   permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_restrictions = permit_mynetworks check_helo_access 
cidr:/etc/postfix/koreacidr.cidr check_helo_access 
cidr:/etc/postfix/chinacidr.cidr check_helo_access 
hash:/etc/postfix/access_client check_helo_access 
hash:/etc/postfix/access_host  check_helo_access 
hash:/etc/postfix/access_client check_helo_access 
hash:/etc/postfix/access_host check_helo_access 
hash:/etc/postfix/access_client check_helo_access 
hash:/etc/postfix/access_host check_helo_access 
cidr:/etc/postfix/perso_cidr.cidr check_helo_access 
pcre:/etc/postfix/ptr-tld.pcre check_helo_access 
cidr:/etc/postfix/sinokorea.cidr check_helo_access 
cidr:/etc/postfix/taiwancidr.cidr  check_he

Re: only accept EHLO and I see that I refuse a lot of legitimate mail

[fakessh]

I just changed this option

smtp_tls_note_starttls_offer = may

that it's OK or not OK

thanks



Le dimanche 24 avril 2011 22:10, fakessh a écrit :
> hello postfix guru
> hello Wieste and other develloper
>
>
> I already post a question asking for more.
>
> how to allow both HELO and EHLO. I currently only accept EHLO and I see
> that I refuse a lot of legitimate mail
>
>
> my postconf -n
>
> r13151 ~]# postconf -n
> alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases
> alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases
> body_checks = regexp:/etc/postfix/body_checks.cf
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = dkimproxy:[127.0.0.1]:10029
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> default_privs = nobody
> default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what]
> blocked using $rbl_domain${rbl_reason?; $rbl_reason}
> double_bounce_sender = no
> header_checks = regexp:/etc/postfix/header_checks.cf
> home_mailbox = Maildir/
> html_directory = /usr/share/doc/postfix-2.7.3-documentation/html
> in_flow_delay = 10
> inet_interfaces = all
> inet_protocols = all
> local_recipient_maps = unix:passwd.byname $alias_maps
> mail_owner = postfix
> mail_spool_directory = /var/spool/mail
> mailbox_command = /usr/libexec/dovecot/dovecot-lda
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> message_size_limit = 2048
> milter_command_timeout = 30s
> milter_connect_macros = j {daemon_name} v
> milter_connect_timeout = 30s
> milter_content_timeout = 300s
> milter_data_macros = i
> milter_end_of_data_macros = i
> milter_end_of_header_macros = i
> milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject}
> {cert_issuer}
> milter_macro_daemon_name = $myhostname
> milter_macro_v = $mail_name $mail_version
> milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
> milter_protocol = 2
> milter_rcpt_macros = i {rcpt_addr}
> milter_unknown_command_macros =
> mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
> mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net
> mydomain = r13151.ovh.net
> mynetworks = 127.0.0.0/8 ,87.98.186.232 , [::1]/128 ,
> [2001:41D0:2:3Dd6::]/64 myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> parent_domain_matches_subdomains =
> queue_directory = /var/spool/postfix
> queue_run_delay = 200s
> readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme
> recipient_delimiter = +
> relay_domains =
> sample_directory = /usr/share/doc/postfix-2.5.4/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_sasl_security_options = noanonymous
> smtp_sasl_tls_security_options = noanonymous
> smtp_sender_dependent_authentication = yes
> smtp_tls_loglevel = 3
> smtp_tls_note_starttls_offer = yes
> smtp_tls_session_cache_database =
> btree:/var/lib/postfix/smtp_tls_session_cache
> smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
> smtpd_client_restrictions = permit_mynetworks
> reject_unknown_reverse_client_hostname reject_unauth_pipelining
> reject_non_fqdn_recipient check_client_access
> cidr:/etc/postfix/koreacidr.cidr check_client_access
> cidr:/etc/postfix/chinacidr.cidr check_helo_access
> hash:/etc/postfix/access_client check_helo_access
> hash:/etc/postfix/access_host  check_sender_access
> hash:/etc/postfix/access_client check_sender_access
> hash:/etc/postfix/access_host check_recipient_access
> hash:/etc/postfix/access_client check_recipient_access
> hash:/etc/postfix/access_host check_client_access
> cidr:/etc/postfix/perso_cidr.cidr check_recipient_access
> cidr:/etc/postfix/perso_cidr.cidr check_helo_access
> cidr:/etc/postfix/perso_cidr.cidr check_client_access
> pcre:/etc/postfix/ptr-tld.pcre check_client_access
> cidr:/etc/postfix/sinokorea.cidr check_client_access
> cidr:/etc/postfix/taiwancidr.cidr  check_client_access
> regexp:/etc/postfix/blacklist_clients  check_client_access
> cidr:/etc/postfix/asian-ip.cidr  reject_rbl_client relays.orbs.org
> check_client_access cidr:/etc/postfix/taiwanipblocksreject.cidr
> check_client_access cidr:/etc/postfix/IN_cidr.cidr check_client_access
> cidr:/etc/postfix/BR_cidr.cidr check_client_access
> cidr:/etc/postfix/CN_cidr.cidr check_client_access
> cidr:/etc/postfix/UA_cidr.cidr check_client_access
> cidr:/etc/postfix/TR_cidr.cidr  check_client_access
> cidr:/etc/postfix/VE_cidr.cidr check_client_access
> cidr:/etc/postfix/VN_cidr.cidr   permit
> smtpd_data_restrictions = reject_unauth_pipelining
> smtpd_he

Re: only accept EHLO and I see that I refuse a lot of legitimate mail

[fakessh]

Le dimanche 24 avril 2011 22:37, fakessh a écrit :
> I just changed this option
>
> smtp_tls_note_starttls_offer = may
>
> that it's OK or not OK
>
> thanks



i just reread the doc and 
I think he must use
smtpd_tls_security_level = may

it's OK wieste ?

thanks ...

s ///

>
> Le dimanche 24 avril 2011 22:10, fakessh a écrit :
> > hello postfix guru
> > hello Wieste and other develloper
> >
> >
> > I already post a question asking for more.
> >
> > how to allow both HELO and EHLO. I currently only accept EHLO and I see
> > that I refuse a lot of legitimate mail
> >
> >
> > my postconf -n
> >
> > r13151 ~]# postconf -n
> > alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases
> > alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases
> > body_checks = regexp:/etc/postfix/body_checks.cf
> > broken_sasl_auth_clients = yes
> > command_directory = /usr/sbin
> > config_directory = /etc/postfix
> > content_filter = dkimproxy:[127.0.0.1]:10029
> > daemon_directory = /usr/libexec/postfix
> > data_directory = /var/lib/postfix
> > debug_peer_level = 2
> > default_privs = nobody
> > default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what]
> > blocked using $rbl_domain${rbl_reason?; $rbl_reason}
> > double_bounce_sender = no
> > header_checks = regexp:/etc/postfix/header_checks.cf
> > home_mailbox = Maildir/
> > html_directory = /usr/share/doc/postfix-2.7.3-documentation/html
> > in_flow_delay = 10
> > inet_interfaces = all
> > inet_protocols = all
> > local_recipient_maps = unix:passwd.byname $alias_maps
> > mail_owner = postfix
> > mail_spool_directory = /var/spool/mail
> > mailbox_command = /usr/libexec/dovecot/dovecot-lda
> > mailq_path = /usr/bin/mailq.postfix
> > manpage_directory = /usr/share/man
> > message_size_limit = 2048
> > milter_command_timeout = 30s
> > milter_connect_macros = j {daemon_name} v
> > milter_connect_timeout = 30s
> > milter_content_timeout = 300s
> > milter_data_macros = i
> > milter_end_of_data_macros = i
> > milter_end_of_header_macros = i
> > milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject}
> > {cert_issuer}
> > milter_macro_daemon_name = $myhostname
> > milter_macro_v = $mail_name $mail_version
> > milter_mail_macros = i {auth_type} {auth_authen} {auth_author}
> > {mail_addr} milter_protocol = 2
> > milter_rcpt_macros = i {rcpt_addr}
> > milter_unknown_command_macros =
> > mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
> > mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net
> > mydomain = r13151.ovh.net
> > mynetworks = 127.0.0.0/8 ,87.98.186.232 , [::1]/128 ,
> > [2001:41D0:2:3Dd6::]/64 myorigin = $mydomain
> > newaliases_path = /usr/bin/newaliases.postfix
> > parent_domain_matches_subdomains =
> > queue_directory = /var/spool/postfix
> > queue_run_delay = 200s
> > readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme
> > recipient_delimiter = +
> > relay_domains =
> > sample_directory = /usr/share/doc/postfix-2.5.4/samples
> > sendmail_path = /usr/sbin/sendmail.postfix
> > setgid_group = postdrop
> > smtp_sasl_security_options = noanonymous
> > smtp_sasl_tls_security_options = noanonymous
> > smtp_sender_dependent_authentication = yes
> > smtp_tls_loglevel = 3
> > smtp_tls_note_starttls_offer = yes
> > smtp_tls_session_cache_database =
> > btree:/var/lib/postfix/smtp_tls_session_cache
> > smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
> > smtpd_client_restrictions = permit_mynetworks
> > reject_unknown_reverse_client_hostname reject_unauth_pipelining
> > reject_non_fqdn_recipient check_client_access
> > cidr:/etc/postfix/koreacidr.cidr check_client_access
> > cidr:/etc/postfix/chinacidr.cidr check_helo_access
> > hash:/etc/postfix/access_client check_helo_access
> > hash:/etc/postfix/access_host  check_sender_access
> > hash:/etc/postfix/access_client check_sender_access
> > hash:/etc/postfix/access_host check_recipient_access
> > hash:/etc/postfix/access_client check_recipient_access
> > hash:/etc/postfix/access_host check_client_access
> > cidr:/etc/postfix/perso_cidr.cidr check_recipient_access
> > cidr:/etc/postfix/perso_cidr.cidr check_helo_access
> > cidr:/etc/postfix/perso_cidr.cidr check_client_access
> > pcre:/etc/postfix/ptr-tld.pcre check_client_access
> > cidr:/etc/postfix/sinokorea.cidr check_client_access
> > cidr:/etc/postfix/taiwancidr.cidr  check_cli

Re: only accept EHLO and I see that I refuse a lot of legitimate mail

[fakessh]

i reread the doc
i just changed this option

smtpd_tls_security_level = may



Le dimanche 24 avril 2011 22:53, Reindl Harald a écrit :
> what have "smtp_tls_note_starttls_offer" to do with EHLO/HELO
> and what have smtp_*-commands to do with receive?
>
> why you are using so complex EHLO-restrictions?
> the following should be enough!
>
> smtpd_helo_required  = yes
> smtpd_helo_restrictions = permit_mynetworks
>  reject_non_fqdn_helo_hostname
>  reject_invalid_helo_hostname
>  reject_unknown_helo_hostname
>
> Am 24.04.2011 22:37, schrieb fakessh:
> > I just changed this option
> >
> > smtp_tls_note_starttls_offer = may
> >
> > that it's OK or not OK
> >
> > thanks
> >
> > Le dimanche 24 avril 2011 22:10, fakessh a écrit :
> >> hello postfix guru
> >> hello Wieste and other develloper
> >>
> >>
> >> I already post a question asking for more.
> >>
> >> how to allow both HELO and EHLO. I currently only accept EHLO and I see
> >> that I refuse a lot of legitimate mail
> >>
> >>
> >> my postconf -n
> >>
> >> r13151 ~]# postconf -n
> >> alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases
> >> alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases
> >> body_checks = regexp:/etc/postfix/body_checks.cf
> >> broken_sasl_auth_clients = yes
> >> command_directory = /usr/sbin
> >> config_directory = /etc/postfix
> >> content_filter = dkimproxy:[127.0.0.1]:10029
> >> daemon_directory = /usr/libexec/postfix
> >> data_directory = /var/lib/postfix
> >> debug_peer_level = 2
> >> default_privs = nobody
> >> default_rbl_reply = $rbl_code Service unavailable; $rbl_class
> >> [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
> >> double_bounce_sender = no
> >> header_checks = regexp:/etc/postfix/header_checks.cf
> >> home_mailbox = Maildir/
> >> html_directory = /usr/share/doc/postfix-2.7.3-documentation/html
> >> in_flow_delay = 10
> >> inet_interfaces = all
> >> inet_protocols = all
> >> local_recipient_maps = unix:passwd.byname $alias_maps
> >> mail_owner = postfix
> >> mail_spool_directory = /var/spool/mail
> >> mailbox_command = /usr/libexec/dovecot/dovecot-lda
> >> mailq_path = /usr/bin/mailq.postfix
> >> manpage_directory = /usr/share/man
> >> message_size_limit = 2048
> >> milter_command_timeout = 30s
> >> milter_connect_macros = j {daemon_name} v
> >> milter_connect_timeout = 30s
> >> milter_content_timeout = 300s
> >> milter_data_macros = i
> >> milter_end_of_data_macros = i
> >> milter_end_of_header_macros = i
> >> milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject}
> >> {cert_issuer}
> >> milter_macro_daemon_name = $myhostname
> >> milter_macro_v = $mail_name $mail_version
> >> milter_mail_macros = i {auth_type} {auth_authen} {auth_author}
> >> {mail_addr} milter_protocol = 2
> >> milter_rcpt_macros = i {rcpt_addr}
> >> milter_unknown_command_macros =
> >> mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
> >> mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net
> >> mydomain = r13151.ovh.net
> >> mynetworks = 127.0.0.0/8 ,87.98.186.232 , [::1]/128 ,
> >> [2001:41D0:2:3Dd6::]/64 myorigin = $mydomain
> >> newaliases_path = /usr/bin/newaliases.postfix
> >> parent_domain_matches_subdomains =
> >> queue_directory = /var/spool/postfix
> >> queue_run_delay = 200s
> >> readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme
> >> recipient_delimiter = +
> >> relay_domains =
> >> sample_directory = /usr/share/doc/postfix-2.5.4/samples
> >> sendmail_path = /usr/sbin/sendmail.postfix
> >> setgid_group = postdrop
> >> smtp_sasl_security_options = noanonymous
> >> smtp_sasl_tls_security_options = noanonymous
> >> smtp_sender_dependent_authentication = yes
> >> smtp_tls_loglevel = 3
> >> smtp_tls_note_starttls_offer = yes
> >> smtp_tls_session_cache_database =
> >> btree:/var/lib/postfix/smtp_tls_session_cache
> >> smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
> >> smtpd_client_restrictions = permit_mynetworks
> >> reject_unknown_reverse_client_hostname reject_unauth_pipelining
> >> reject_non_fqdn_recipient check_client_access
> >> cidr:/etc/postfix/koreacidr.cidr check_client_access
>

Re: only accept EHLO and I see that I refuse a lot of legitimate mail

[fakessh]

Le dimanche 24 avril 2011 22:53, Reindl Harald a écrit :
> smtpd_helo_required  = yes

I follow the advice given to me I just added this option

 smtpd_helo_required  = yes
-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgpOhsGX6B3QV.pgp
Description: PGP signature

Re: Postfix 2.7.0 and yaa 0.3

[fakessh]

Le mardi 26 avril 2011 11:28, Peter L. Hansen a écrit :
> Hi List,
>
> Iam having trouble trying to adding autoreply/autoresponder/outofoffice
> functionality to our setup.
>

me i use sieve

> Can i configure postfix to send the proper headers?
>
>
> Thanks,
> Peter Hansen

-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgp94Ff9DYJyg.pgp
Description: PGP signature

mimedefang and sid-filter

[fakessh]

hi wieste
hi mouss
hi all the guru of postfix


since I said I have mimedefang headers X-SenderID are no longer present

you have an explanation
-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgp07QNePMLiK.pgp
Description: PGP signature

Re: mimedefang and sid-filter

[fakessh]

Le samedi 30 avril 2011 15:41, Patrick Ben Koetter a écrit :
> * fakessh :
> > hi wieste
>
> If you use vim, please put this line in your ~/.vimrc:
>
> ab wieste Wietse
>
> p@rick

hello I had my way the programmer exception

hello Wieste 


-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgpu6k0pflkWg.pgp
Description: PGP signature

Re: mimedefang and sid-filter

[fakessh]

Le samedi 30 avril 2011 16:02, Reindl Harald a écrit :
> Am 30.04.2011 15:57, schrieb fakessh:
> > Le samedi 30 avril 2011 15:41, Patrick Ben Koetter a écrit :
> >> * fakessh :

> jesus christ "Wietse"
> not wieste nor Wieste :-)


hello  
Wietse Venema 

and my problem ?
-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgpY47dazSwyO.pgp
Description: PGP signature

milter postfix for the geolocation addresses and headers X-Anti-Abuse

[fakessh]

hello list
hello gurus
hello   Wietse Venema 


I would like to write a milter to postfix to achieve a geolocation addresses 
and headers X-Anti-Abuse

you tell me with mimedefang  is very simple
I have tried with success

but when I've put my achievements in production
the headers X-SenderID disappears

so I wonder why after having added mimedefang header and X-SenderID disappears

Do you know a milter to the geolocation

this may be easy to realize native with postfix

thanks s ///;)
-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgpNCANViy8Hm.pgp
Description: PGP signature

Re: milter postfix for the geolocation addresses and headers X-Anti-Abuse

[fakessh]

Le lundi 2 mai 2011 17:22, Wietse Venema a écrit :
> fakessh:
> > hello list
> > hello gurus
> > hello ? Wietse Venema

> a) Free crystal balls.

yes I possess crystal balls some nice numbers thank you

>
> b) Free telepathic services.


yes I possess powers parapsychic I discuss with a large Indian matemathiciens 
I show you his page and I think we have succeeded in inventing a prototype 
language based on orthogonal curvilinear representations of image that allows 
us to accurately answer questions
>
> c) Concrete information about this problem.

no problem
the problem is solved by a plugin amavis
i cote
package Amavis::Custom;
use strict;
use re 'taint';
use warnings;
use warnings FATAL => qw(utf8 void);
no warnings qw(uninitialized redefine);

BEGIN {
  import Amavis::Conf qw(:platform :confvars c cr ca);
  import Amavis::Util qw(do_log untaint min max);
}

sub new {
  my($class,$conn,$msginfo) = @_;
  my($self) = bless {}, $class;
  checks_geo($self,$conn,$msginfo);
  $self;
}

use Geo::IP;
sub checks_geo {
  my($self,$conn,$msginfo) = @_;
  if (!exists $self->{geoip}) {  # first time only in a child process
    my $geo_file = "/usr/local/share/GeoIP/GeoLiteCity.dat";
    $self->{geoip} = Geo::IP->open($geo_file, GEOIP_STANDARD);
    if (!$self->{geoip}) {
      do_log(0, "GeoIP: failed to open %s", $geo_file);
    } else {
      $self->{geoip}->set_charset(GEOIP_CHARSET_UTF8);
    }
  }
  if ($self->{geoip}) {
    my $last_received_ip =
      Amavis::UnmangleSender::parse_ip_address_from_received($msginfo);
    if (defined $last_received_ip && $last_received_ip ne '') {
      my($country_name,$region_name,$city);
      my $record = $self->{geoip}->record_by_addr($last_received_ip);
      if (!$record) {
        do_log(2, "GeoIP: no record for %s", $last_received_ip);
      } else {
        $country_name = $record->country_name;
        $region_name = $record->region_name;
        $city = $record->city;
      }
      do_log(2, "GeoIP: %-15s %s %s, %s, %s", $last_received_ip,
                $msginfo->is_in_contents_category(CC_SPAM) ? 'SPAM' : '    ',
                map(defined $_ && $_ ne '' ? $_ : "-",
                    $country_name, $region_name, $city));
      my $hdr_edits = $msginfo->header_edits;
      $hdr_edits->add_header('X-Amavis-GeoIP', "$country_name $city");
    }
  }
}

1;


thanks


>
>   Wietse

-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgpLgn32PMFk0.pgp
Description: PGP signature

Re: Sender-ID validation via Blackberry failing

[fakessh]

Le mardi 10 mai 2011 15:25, Sharma, Ashish a écrit :
> -Original Message-
> From: owner-postfix-us...@postfix.org
> [mailto:owner-postfix-us...@postfix.org] On Behalf Of fake...@fakessh.eu
> Sent: Saturday, January 29, 2011 9:11 PM
> To: postfix-users@postfix.org
> Subject: Re: Sender-ID validation via Blackberry failing
>
> On Tuesday 25 January 2011 14:23, Sharma, Ashish wrote:
> > Hi,
> >
> > I have a Postfix mail receiving server, on this I am using sid-milter
> > (found at http://sourceforge.net/projects/sid-milter/ got from
> > http://www.postfix.org/addon.html) tool to validate senderID and SPF.
> >
> > Here the problem is for mail servers that implement Sender-ID, mail
> > servers that are implementing sender-ID and having their mails sent
> > via Blackberry are having their sender-ID (sender-id=neutral) not
> > getting verified on my postfix end.
> >
> > Following are the mail headers that I am receiving:
>
> SEnderID add special header in the mail
> exemple of SEnder ID header
>
> X-SenderID: Sendmail Sender-ID Filter v1.0.0 r13151.ovh.net 9306957E93
>
> > Can anybody tell me what needs to be done at my end to get sender-ID
> > for mails sent via Blackberry to be verified and passed correctly.
> >
> > Thanks
> > Ashish Sharma
>
> I am unable to follow the idea suggested as there is no such 'Sender ID'
> header, please elaborate.
>
> Thanks
> Ashish

hi Asnish

Sender ID is complicated request the presence of a field ptr for all uses. 
page manual that describes a tempfail spf dns bind only the response of the 
validation so it must declare a single field A

to describe a simple usage to with that exemple field TXT sender id compliant
v=spf1 a ptr ip4:94.23.*.* ?all

microsoft allow ?all and -all and recommend the use to fiel MX

sincerely

-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7


pgphiZ4RYt5Lj.pgp
Description: PGP signature

Re: Sender-ID validation via Blackberry failing

[fakessh]

On Tue, 10 May 2011 17:38:29 +0200, fakessh wrote:

Le mardi 10 mai 2011 15:25, Sharma, Ashish a écrit :

-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of 
fake...@fakessh.eu

Sent: Saturday, January 29, 2011 9:11 PM
To: postfix-users@postfix.org
Subject: Re: Sender-ID validation via Blackberry failing

On Tuesday 25 January 2011 14:23, Sharma, Ashish wrote:
> Hi,
>
> I have a Postfix mail receiving server, on this I am using 
sid-milter

> (found at http://sourceforge.net/projects/sid-milter/ got from
> http://www.postfix.org/addon.html) tool to validate senderID and 
SPF.

>
> Here the problem is for mail servers that implement Sender-ID, 
mail
> servers that are implementing sender-ID and having their mails 
sent

> via Blackberry are having their sender-ID (sender-id=neutral) not
> getting verified on my postfix end.
>
> Following are the mail headers that I am receiving:

SEnderID add special header in the mail
exemple of SEnder ID header

X-SenderID: Sendmail Sender-ID Filter v1.0.0 r13151.ovh.net 
9306957E93


> Can anybody tell me what needs to be done at my end to get 
sender-ID

> for mails sent via Blackberry to be verified and passed correctly.
>
> Thanks
> Ashish Sharma

I am unable to follow the idea suggested as there is no such 'Sender 
ID'

header, please elaborate.

Thanks
Ashish


hi Asnish

Sender ID is complicated request the presence of a field ptr for all 
uses.
page manual that describes a tempfail spf dns bind only the response 
of the

validation so it must declare a single field A

to describe a simple usage to with that exemple field TXT sender id 
compliant

v=spf1 a ptr ip4:94.23.*.* ?all

microsoft allow ?all and -all and recommend the use to fiel MX

sincerely



and it is mandatory to rewrite areas bind

sincerely your

Re: My unqualified host name (servername) unknown; sleeping for retry

[fakessh @]

Le jeudi 10 novembre 2011 09:30, Ian a écrit :
> > i do you stop the daemon sendmail with the standard script systeme and
> > start postfix daemon
> > or use the toolkit to your system configuration
>
> if you use centos or redhat:
>
> stop sendmail:
> service sendmail stop
>
> remove sendmail from system
> rpm -e sendmail
>
> start postfix
> service postfix start
>
> in future please send postfix related messages to the list if you're a list
> member :)

if you use related software for configuration system
centos redhat
install the package system-config\*
and run 
system-switch-mail-nox
-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7

 http://urlshort.eu fakessh @


pgpf1R4y9nfK0.pgp
Description: PGP signature

problem with dspam

[fakessh @]

hello list
hello geek
hello guru
hello Fu

I have done tests on my smtp server used to  dspam.
after problems of housing road I realized that dspam removes Return-Path 
header

my emails are then intercepted as spam. 
I have not found a solution to my problem

please help me

i use a latest stable postfix release
with other tools

sincerely your


-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7

 http://urlshort.eu fakessh @
 http://gplus.to/sshfake
 http://gplus.to/sshswilting
 http://gplus.to/john.swilting


pgpCgw5pKqlj6.pgp
Description: PGP signature

Re: problem with dspam

[fakessh @]

Le jeudi 22 décembre 2011 22:19, Andreas Berton a écrit :
> On Tue, 20 Dec 2011, fakessh @ wrote:
> > hello list
> > hello geek
> > hello guru
> > hello Fu
> >
> > I have done tests on my smtp server used to  dspam.
> > after problems of housing road I realized that dspam removes Return-Path
> > header
> >
> > my emails are then intercepted as spam.
> > I have not found a solution to my problem
> >
> > please help me
> >
> > i use a latest stable postfix release
> > with other tools
> >
> > sincerely your
> >
> >
> > --
> >  http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
> >  gpg --keyserver pgp.mit.edu --recv-key 092164A7
> >
> >  http://urlshort.eu fakessh @
> > http://gplus.to/sshfake
> > http://gplus.to/sshswilting
> > http://gplus.to/john.swilting
>
> Hi
> Problem usually occur when you run dspam from pipe, and my guess is that
> you do so. Consider switch to daemon mode/lmtp whish in many cases solv
> the problem, However if need to run from command line you might try this.
>
> dspam unix  -   n   n   -   10  pipe
> flags=Ru user=dspam argv=/usr/bin/dspam --client
> --deliver=spam,innocent
> --user $user --mail-from=$sender --rcpt-to $recipient
> -o destination_recipient_limit=1
>
>
> good luck
> Andreas


I was not able to configure DSPAM with content_filter using lmtp: 
the only connection that I've managed to do that is a pipe as described in the 
man page of dspam

how to do manage the connection of dspam 
with multiple content_filter and lmtp

my many test did not allow me to find a solution

all etstimonials are welcome 
-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7

 http://urlshort.eu fakessh @
 http://gplus.to/sshfake
 http://gplus.to/sshswilting
 http://gplus.to/john.swilting


pgpXOWHPkh9yu.pgp
Description: PGP signature

Re: problem with dspam

[fakessh @]

Le dimanche 25 décembre 2011 06:06, fakessh @ a écrit :
> Le jeudi 22 décembre 2011 22:19, Andreas Berton a écrit :
> > On Tue, 20 Dec 2011, fakessh @ wrote:
> > > hello list
> > > hello geek
> > > hello guru
> > > hello Fu

> > Hi
> > Problem usually occur when you run dspam from pipe, and my guess is that
> > you do so. Consider switch to daemon mode/lmtp whish in many cases solv
> > the problem, However if need to run from command line you might try this.
> >
> > dspam unix  -   n   n   -   10  pipe
> > flags=Ru user=dspam argv=/usr/bin/dspam --client
> > --deliver=spam,innocent
> > --user $user --mail-from=$sender --rcpt-to $recipient
> > -o destination_recipient_limit=1
> >
> >
> > good luck
> > Andreas
>
> I was not able to configure DSPAM with content_filter using lmtp:
> the only connection that I've managed to do that is a pipe as described in
> the man page of dspam
>
> how to do manage the connection of dspam
> with multiple content_filter and lmtp
>
> my many test did not allow me to find a solution
>
> all etstimonials are welcome

i reread the doc and i succes manage connection to dspam with lmtp
i configured multiple content filter
i quote my example

# service for accepting messages FROM the DKIM signing proxy
127.0.0.1:10030 inet  n  -  n   -   10  smtpd
-o content_filter=lmtp:unix:/var/run/dspam/dspam.sock
-o 
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8


dspam  unix  n   -   n   -   -   lmtp
#-o lmtp_data_done_timeout=1200
#-o lmtp_send_xforward_command=yes
#-o disable_dns_lookups=yes
#-o max_use=20


127.0.0.1:10037 inet  n -   n   -   -smtpd
  -o content_filter=
  -o 
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8


that sample it is correct ?

all testimonials are welcome
-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7

 http://urlshort.eu fakessh @
 http://gplus.to/sshfake
 http://gplus.to/sshswilting
 http://gplus.to/john.swilting


pgpVbefzhMbsB.pgp
Description: PGP signature
!DSPAM:4ef6b65d153121403852998!