Re: Sender Authentication

2010-06-11 Thread Walter Pinto
Recipient map is also SQL based, here's the config. [r...@mx sql]# cat relay_recipient_map.conf user = xxx password = xxx dbname = xxx query = SELECT y FROM relay_recipient_map WHERE x='%s' I'm pretty sure I already know the answer , just need confirmation. Is

Re: Sender Authentication

2010-06-11 Thread Jeroen Geilman
On 06/12/2010 02:08 AM, Walter Pinto wrote: I'm looking for information on restricting users who send mail through our MX servers to authenticated users only, we currently use SASL2/MySQL to store valid user info, I'll try to include as much info as possible. The reason I ask is because it se

Sender Authentication

2010-06-11 Thread Walter Pinto
I'm looking for information on restricting users who send mail through our MX servers to authenticated users only, we currently use SASL2/MySQL to store valid user info, I'll try to include as much info as possible. The reason I ask is because it seems that as long as the domain is found in the re

Re: upstart and postfix ?

2010-06-11 Thread Wietse Venema
Marc Weber: > # start the daemon: > exec libexec/master You must start and stop Postfix with the postfix command. Invoking the master directly is not supported. Wietse

upstart and postfix ?

2010-06-11 Thread Marc Weber
Which is the perfect way to write an upstart job for postfix? context: upstart tries tracing forks of a daemon 1 or two times depending on the daemonType setting. Then it traces when a daemon dies so that it can restart it. "postfix start" forkes two times. But it forkes some additional times to d

Re: Spoofed freemail domains protection not working for postmaster

2010-06-11 Thread Sahil Tandon
You mention that /etc/postfix/recipients_access is empty, but why then do you keep it in smtpd_recipient_restrictions? And although the flat file is empty, did you postmap it to rebuild the hash (.db file) as well? Actually, before going down that road: did the abovementioned file contain an OK f

Re: Spoofed freemail domains protection not working for postmaster

2010-06-11 Thread Покотиленко Костик
В Птн, 11/06/2010 в 13:54 -0500, Stan Hoeppner пишет: > Покотиленко Костик put forth on 6/11/2010 1:37 PM: > > В Чтв, 10/06/2010 в 16:48 +0300, Покотиленко Костик пишет: > >> В Чтв, 10/06/2010 в 08:32 -0500, Stan Hoeppner пишет: > >>> Покотиленко Костик put forth on 6/10/2010 8:04 AM: > >>> >

Re: Spoofed freemail domains protection not working for postmaster

2010-06-11 Thread Stan Hoeppner
Покотиленко Костик put forth on 6/11/2010 1:37 PM: > В Чтв, 10/06/2010 в 16:48 +0300, Покотиленко Костик пишет: >> В Чтв, 10/06/2010 в 08:32 -0500, Stan Hoeppner пишет: >>> Покотиленко Костик put forth on 6/10/2010 8:04 AM: >>> Thanks for suggestion, I'll apply it. >>> >>> You're welcome. >>>

Re: Spoofed freemail domains protection not working for postmaster

2010-06-11 Thread Покотиленко Костик
В Чтв, 10/06/2010 в 16:48 +0300, Покотиленко Костик пишет: > В Чтв, 10/06/2010 в 08:32 -0500, Stan Hoeppner пишет: > > Покотиленко Костик put forth on 6/10/2010 8:04 AM: > > > > > Thanks for suggestion, I'll apply it. > > > > You're welcome. > > > > > But if somebody can help discover (configura

Re: how to stop backscatter without check headers

2010-06-11 Thread Jeroen Geilman
On 06/11/2010 08:00 PM, motty.cruz wrote: *From:* owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] *On Behalf Of *Jeroen Geilman *Sent:* Friday, June 11, 2010 10:32 AM *To:* postfix-users@postfix.org *Subject:* Re: how to stop backscatter without check headers On 06/11

RE: how to stop backscatter without check headers

2010-06-11 Thread motty.cruz
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Jeroen Geilman Sent: Friday, June 11, 2010 10:32 AM To: postfix-users@postfix.org Subject: Re: how to stop backscatter without check headers On 06/11/2010 04:40 PM, motty.cruz wrote: From:

Re: forward single user to smtp-relay

2010-06-11 Thread Jeroen Geilman
On 06/11/2010 11:00 AM, Joern Merkel wrote: Hi, I need to forward a single user to another smtp-relay. The rest of the users of this domain is delivered local. So I put her into /etc/postfix/transport: u...@testdomain.de smtp:[212.6.xxx.xxx] Where are the logs of attempting this after maki

Re: reject_non_fqdn_helo_hostname

2010-06-11 Thread Jeroen Geilman
On 06/11/2010 05:48 PM, Stan Hoeppner wrote: Wietse Venema put forth on 6/11/2010 9:21 AM: Stan Hoeppner: Does Postfix consider "architettobellucci.com" an FQDN? I've always understood an FQDN as requiring all 3 of host.domain.tld. If my understanding of FQDN is correct, then a spam

Re: how to stop backscatter without check headers

2010-06-11 Thread Jeroen Geilman
On 06/11/2010 04:40 PM, motty.cruz wrote: *From:* owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] *On Behalf Of *Jeroen Geilman *Sent:* Thursday, June 10, 2010 4:02 PM *To:* postfix-users@postfix.org *Subject:* Re: how to stop backscatter without check headers On 06/1

Re: Too aggressive

2010-06-11 Thread Henrik K
On Fri, Jun 11, 2010 at 10:40:24AM -0400, Bill Cole wrote: > > Beyond the FP risk, there is a more subtle issue of whether the > benefit of rejecting spam cheaply is worth the potential cost of not > having a steady stream of representative spam feeding the adaptive > dynamic features of a scoring

Re: [OT] Detecting "telnet"?

2010-06-11 Thread Mark Plowman
On Thu, 10 Jun 2010 23:31:49 +0200, Ralf Hildebrandt wrote: [...] > I must admit, it sounds feasible (timing between keystrokes etc.), With respect to detection, is this relevant? http://en.wikipedia.org/wiki/Telnet#Telnet_data -- If you have an apple and I have an apple and we exchange t

Re: [OT] Detecting "telnet"?

2010-06-11 Thread Bryan Irvine
I vaguely remember managing an email server around 1997 and there was a checkbox to disable telnet access. IIRC it was Imail on windows NT 4, but that was a long time ago. I do remember thinking it was odd that they could discriminate, but it seemed to work - though I'm not sure how or why. -B

Re: [OT] Detecting "telnet"?

2010-06-11 Thread Ralf Hildebrandt
* N. Yaakov Ziskind : > Kinda reminds me of the Donald Westlake story, which described a > fine-arts painter who took to counterfeiting $20s; the Secret Service > let him go with a slap on the wrist, they said, when they figured out > it him hours to produce each note. :-) Exactly my point. --

Re: reject_non_fqdn_helo_hostname

2010-06-11 Thread Stan Hoeppner
Wietse Venema put forth on 6/11/2010 9:21 AM: > Stan Hoeppner: >> Does Postfix consider "architettobellucci.com" an FQDN? I've always >> understood an FQDN as requiring all 3 of host.domain.tld. If my >> understanding >> of FQDN is correct, then a spam slipped through that I believe should have

Re: Ratelimit on sender id

2010-06-11 Thread Wietse Venema
Ram: > Is there a way I can ratelimit messages on sender id. > > Off late I have seen that my spamtraps are being thrashed by random > yahoo or hotmail sender (forged ) mails .. all identical fake pharmacy > spams. > Infact I get upto 300 connections a minute for a singe mailbox and that > takes

Re: Too aggressive

2010-06-11 Thread Stan Hoeppner
Curtis Maurand put forth on 6/11/2010 7:30 AM: > currently I have in my smtpd_client_restrictions: ... > reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, > permit > > Is flat out rejecting clients on the RBL's considered too agressive? > should I just let spamassassin handl

Re: db50 (DB11gR2) - Unsupported Berkeley DB version

2010-06-11 Thread Brian Evans - Postfix List
On 6/11/2010 10:28 AM, Mark Martinec wrote: postfix-2.8-20100323, Seems to work fine. There wasn't any API change in db->open between 4.8 and 5.0 as far as I can tell. Mark You must have missed the ChangeLog on the website: 20100601 Cleanup: Postfix LDAP client support for RFC

Ratelimit on sender id

2010-06-11 Thread Ram
Is there a way I can ratelimit messages on sender id. Off late I have seen that my spamtraps are being thrashed by random yahoo or hotmail sender (forged ) mails .. all identical fake pharmacy spams. Infact I get upto 300 connections a minute for a singe mailbox and that takes up all the smtpd p

Re: db50 (DB11gR2) - Unsupported Berkeley DB version

2010-06-11 Thread Wietse Venema
Mark Martinec: > postfix-2.8-20100323, > FreeBSD ports: mail/postfix-current, databases/db50 > /etc/make.conf: WITH_BDB_VER=50 A similar change was included in the June 8th releases of Postfix 2.6.7 and 2.7.1. Wietse > > --- src/util/dict_db.c~ 2010-01-02 22:28:08.0 +0100 > +++

Re: [OT] Detecting "telnet"?

2010-06-11 Thread N. Yaakov Ziskind
Ralf Hildebrandt wrote (on Fri, Jun 11, 2010 at 09:57:42AM +0200): > > Administrators of sites that want to trouble-shoot connectivity issues > > with your server will use "telnet 25" from time to time. There is no > > need to block this, it is by far the least likely source of any > > significant

Re: Too aggressive

2010-06-11 Thread Bill Cole
Curtis Maurand wrote, On 6/11/10 8:30 AM: currently I have in my smtpd_client_restrictions: ... reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit Is flat out rejecting clients on the RBL's considered too agressive? No. Or, yes. Maybe. A lot depends on who your

RE: how to stop backscatter without check headers

2010-06-11 Thread motty.cruz
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Jeroen Geilman Sent: Thursday, June 10, 2010 4:02 PM To: postfix-users@postfix.org Subject: Re: how to stop backscatter without check headers On 06/11/2010 12:44 AM, motty.cruz wrote: Is there a

db50 (DB11gR2) - Unsupported Berkeley DB version

2010-06-11 Thread Mark Martinec
postfix-2.8-20100323, FreeBSD ports: mail/postfix-current, databases/db50 /etc/make.conf: WITH_BDB_VER=50 --- src/util/dict_db.c~ 2010-01-02 22:28:08.0 +0100 +++ src/util/dict_db.c 2010-06-11 15:50:48.0 +0200 @@ -676,5 +676,5 @@ if (type == DB_HASH && db->set_h_nelem(db, DIC

Re: reject_non_fqdn_helo_hostname

2010-06-11 Thread Wietse Venema
Stan Hoeppner: > Does Postfix consider "architettobellucci.com" an FQDN? I've always > understood an FQDN as requiring all 3 of host.domain.tld. If my understanding > of FQDN is correct, then a spam slipped through that I believe should have > been rejected by reject_non_fqdn_helo_hostname. What

reject_non_fqdn_helo_hostname

2010-06-11 Thread Stan Hoeppner
Does Postfix consider "architettobellucci.com" an FQDN? I've always understood an FQDN as requiring all 3 of host.domain.tld. If my understanding of FQDN is correct, then a spam slipped through that I believe should have been rejected by reject_non_fqdn_helo_hostname. What have I configured inco

Re: smtpd_reject_unlisted_recipient

2010-06-11 Thread Charles Marcus
On 2010-06-10 7:17 PM, Jerrale Gayle wrote: >>> I want to accept all mail to non-existent users, then bounce, so >>> that people can't probe for valid users to know wherer to start a >>> brute force. >> This is a horrible idea; please do not do this. Google 'backscatter'. > IF I have repeating u

Re: smtpd_reject_unlisted_recipient

2010-06-11 Thread Charles Marcus
On 2010-06-10 5:51 PM, Jerrale Gayle wrote: > smtpd_reject_unlisted_recipient = no > > Would this be better put by itself or under > smtpd_recipient_restrictions = reject_unlisted_recipient=no? > > I want to accept all mail to non-existent users, then bounce, so > that people can't probe for vali

Re: canonical rewriting From header?

2010-06-11 Thread Wietse Venema
Rudy Gevaert: > Quoting "Wietse Venema" : > > > Rudy Gevaert: > >> Dear list, > >> > >> It recently came to my attention that our canonical rewriting had > >> stopped working. > >> > >> Further inspection led me to the information on the site that default > >> behaviour was changed in Postfix 2.2.

Re: canonical rewriting From header?

2010-06-11 Thread Rudy Gevaert
Quoting "Wietse Venema" : Rudy Gevaert: Dear list, It recently came to my attention that our canonical rewriting had stopped working. Further inspection led me to the information on the site that default behaviour was changed in Postfix 2.2. Fine no problem, I should have seen it. As this i

Re: Too aggressive

2010-06-11 Thread Kenneth Marshall
On Fri, Jun 11, 2010 at 01:48:53PM +0100, Simon Waters wrote: > On Friday 11 June 2010 13:30:44 Curtis Maurand wrote: > > currently I have in my smtpd_client_restrictions: ... > > reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, > > permit > > > > Is flat out rejecting client

Re: Too aggressive

2010-06-11 Thread Simon Waters
On Friday 11 June 2010 13:30:44 Curtis Maurand wrote: > currently I have in my smtpd_client_restrictions: ... > reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, > permit > > Is flat out rejecting clients on the RBL's considered too agressive? > should I just let spamassassin

Too aggressive

2010-06-11 Thread Curtis Maurand
currently I have in my smtpd_client_restrictions: ... reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit Is flat out rejecting clients on the RBL's considered too agressive? should I just let spamassassin handle this and score accordingly? Thanks in advance, Curti

Re: canonical rewriting From header?

2010-06-11 Thread Wietse Venema
Rudy Gevaert: > Dear list, > > It recently came to my attention that our canonical rewriting had > stopped working. > > Further inspection led me to the information on the site that default > behaviour was changed in Postfix 2.2. Fine no problem, I should have > seen it. As this is already c

Re: dealing with Yahoo slowness

2010-06-11 Thread Wietse Venema
Mike Hutchinson: > I had thought, whilst I was writing the E-Mail, that this could deserve a > howto or manual section, perhaps briefly describing a general situation that > would reflect the real world problem of delivery of E-Mail to servers like > Yahoo/Google, and how postfix can be configured

canonical rewriting From header?

2010-06-11 Thread Rudy Gevaert
Dear list, It recently came to my attention that our canonical rewriting had stopped working. Further inspection led me to the information on the site that default behaviour was changed in Postfix 2.2. Fine no problem, I should have seen it. As this is already couple of years ago and nobod

forward single user to smtp-relay

2010-06-11 Thread Joern Merkel
Hi, I need to forward a single user to another smtp-relay. The rest of the users of this domain is delivered local. So I put her into /etc/postfix/transport: u...@testdomain.de smtp:[212.6.xxx.xxx] did a "postmap transport", reloaded postfix. But nothing happens. I thought, maybe there' a pro

Re: trouble with smtp session during before-queue content filtering

2010-06-11 Thread Proniewski Patrick
On 9 juin 2010, at 23:42, Noel Jones wrote: > For problems with amavisd-new, better to ask on the amavis-users list. I know that, but I've already googled for a fix on Amavisd's side, with no luck. The only bug report I've found is on Debian's site, claiming that Postfix should not accept the m

Re: trouble with smtp session during before-queue content filtering

2010-06-11 Thread Proniewski Patrick
On 9 juin 2010, at 17:31, Wietse Venema wrote: >> It's ok for my all my clients but one. It's an appliance, so I >> cannot change anything about its way to handle SMTP protocol. > > Besides making this configurable for Amavisd-new, the other > option is to use the Postfix 2.7 smtpd_command_filter

Re: dealing with Yahoo slowness

2010-06-11 Thread M. Fioretti
On Fri, Jun 11, 2010 13:48:24 PM +1200, Mike Hutchinson (packetl...@ping.net.nz) wrote: > I had thought, whilst I was writing the E-Mail, that this could > deserve a howto or manual section... I would be quite interested to read such a howto. I also happen to publish FOSS related tips and tricks,

Re: dealing with Yahoo slowness

2010-06-11 Thread Simon Waters
On Thursday 10 June 2010 19:51:51 Florin Andrei wrote: > > One of the tricks some people seem to use is creating a dedicated > transport for the slow destination. I'm reading the tuning and qshape > README documents, and there are a lot of good suggestions there, but I > was wondering what are the

Re: [OT] Detecting "telnet"?

2010-06-11 Thread Ralf Hildebrandt
* Victor Duchovni : > > Anyway. Is there such a thing? Does anybody use such a thing? > > Why do you want to discriminate against "telnet 25"? What do i know? I don't do this nonsense :) 'm just asking > Administrators of sites that want to trouble-shoot connectivity issues > with your server w

RE: recipient_bcc_maps override

2010-06-11 Thread Emmanuel Bailleul
> -Message d'origine- > De : owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] De la part de Jeroen Geilman > Envoyé : vendredi 11 juin 2010 01:06 > À : postfix-users@postfix.org > Objet : Re: recipient_bcc_maps override > > On 06/11/2010 12:59 AM, Emmanuel Baille

Re: smtpd_reject_unlisted_recipient

2010-06-11 Thread Ansgar Wiechers
On 2010-06-10 Jerrale Gayle wrote: > On 6/10/2010 6:31 PM, Sahil Tandon wrote: >> On Thu, 10 Jun 2010, Jerrale Gayle wrote: >>> I want to accept all mail to non-existent users, then bounce, so >>> that people can't probe for valid users to know wherer to start a >>> brute force. >> >> This is

Re: Yahoo disconnecting at end of data on large messages.

2010-06-11 Thread Olivier MJ Crepin-Leblond
Le 09/06/2010 23:19, Wietse Venema a écrit : > Philippe Chaintreuil: > >> One of our users sent a large (about 10MB) e-mail to Yahoo. Yahoo has >> not been accepting it, they don't give a reason, they just disconnect >> after getting the whole message: >> >> --