Re: Postfix smtp relay in DMZ

2013-12-09 Thread Robert Sander
On 09.12.2013 17:34, Viktor Dukhovni wrote: > It is not clear to me why one would allow the inbound delivery of > an e-mail message (with potentially malicious links or attachments), > but would not allow a connections to an LDAP or SQL server. The > latter seems far less risky to me. But verify

Re: problems with postfix

2013-12-09 Thread Robert Schetterer
Am 10.12.2013 00:20, schrieb Krzysztof Szarlej: > Hey Guys, I have installed postfix with dovecot on my vps server. > > I enabled sasl and TLS, but unfortunately i cant connect to my accounts > and send mails from them. > > main.cf : > > alias_database = hash:/etc/aliases > alias

problems with postfix

2013-12-09 Thread Krzysztof Szarlej
Hey Guys, I have installed postfix with dovecot on my vps server. I enabled sasl and TLS, but unfortunately i cant connect to my accounts and send mails from them. main.cf: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/s

Re: Misdeliveries of messages

2013-12-09 Thread Marcin Szymonik
Thank you so much! You really helped me a lot. All the best :-) -- Marcin Szymonik szymoni...@gmail.com

Re: Misdeliveries of messages

2013-12-09 Thread li...@rhsoft.net
Am 09.12.2013 20:03, schrieb LuKreme: > In our previous episode (Monday, 09-Dec-2013), Wietse Venema said: >> Instead, you need to eliminate all characters except those that are >> known to be safe: a-zA-Z0-9_@:=+, the '-', and maybe a few more. > > what about é and ø? Or aren't we utf-8 clean o

Re: Misdeliveries of messages

2013-12-09 Thread LuKreme
In our previous episode (Monday, 09-Dec-2013), Wietse Venema said: > Instead, you need to eliminate all characters except those that are > known to be safe: a-zA-Z0-9_@:=+, the '-', and maybe a few more. what about é and ø? Or aren't we utf-8 clean on email addresses yet? -- "What if your DOPE w

Re: Misdeliveries of messages

2013-12-09 Thread Viktor Dukhovni
On Mon, Dec 09, 2013 at 12:56:04PM -0500, Wietse Venema wrote: > The real fix is not to process the above commands with the shell. I would say "the one and only fix" which is not optional. You can build argument arrays for execve(2) with externally supplied data elements, but you must never buil

Re: Misdeliveries of messages

2013-12-09 Thread Wietse Venema
Marcin Szymonik: > if($user) > { > exec("$sendmail -f $sender -- $recipient < $file",$out,$status); > } > else > { > (check if spam) > > if($spam) exec("/usr/bin/formail -I 'X-Spam-Flag: YES' < > $file|$sendmail -f $sender -- $recipient",$out,$status); > else exec("$sendmail -f $s

Re: Misdeliveries of messages

2013-12-09 Thread Wietse Venema
I see several problems with the content filter. First the content filter appears to be using the same temporary file when different messages arrive at almost the same time. Before your content filter, these messages have different message IDs: message-id=<0.0.a.f4.1cef44d1247f0b...@mta147.es

Re: Postfix smtp relay in DMZ

2013-12-09 Thread Viktor Dukhovni
On Mon, Dec 09, 2013 at 12:17:14PM +0200, Andreas Kasenides wrote: > Thank you for the lead. I did not know that verify can be used in > this way. I will try it. It is not clear to me why one would allow the inbound delivery of an e-mail message (with potentially malicious links or attachments),

Logstash / Kibana

2013-12-09 Thread Paul Reilly
Hello postfix people, I have been experimenting with putting out mail logs in to Logstash / Kibana as it provides real-time analysis of what's happening. I can see top sender, top clients etc in the past 10 minutes, and it really helps show what's happening in our mail system. I'm wondering has

Re: Misdeliveries of messages

2013-12-09 Thread Marcin Szymonik
Thanks for your reply. Some lines are missing here. They would show how the message is delivered to a content filter. I'm sending more logs below. You appear to have a broken content filter script. Why do you think so? I'm sending content filter configuration and script below - please take

Re: Misdeliveries of messages

2013-12-09 Thread Wietse Venema
Marcin Szymonik: [ Charset ISO-8859-2 unsupported, converting... ] > Hello Everyone, > > I experience a strange problem with our mail system. > Sometimes an user gets a message which should be delivered to another user. > As most messages are delivered properly I can't reproduce that but I have >

Misdeliveries of messages

2013-12-09 Thread Marcin Szymonik
Hello Everyone, I experience a strange problem with our mail system. Sometimes an user gets a message which should be delivered to another user. As most messages are delivered properly I can't reproduce that but I have some logs connected with this problem. Dec 8 20:36:26 serwery postfix/smtp

Re: Postfix smtp relay in DMZ

2013-12-09 Thread Andreas Kasenides
On 06-12-2013 12:01, Robert Sander wrote: On 06.12.2013 10:13, Andreas Kasenides wrote: The scenario is a classic one: 1. one or more relay SMTP servers in DMZ 2. one or more backend SMTP servers on the inside network 3. There may or may not be separate incoming or outgoing designated SMTP se