RE: lavabit-like postfix ?

2014-07-01 Thread Marius Gologan
Look at https://protonmail.ch. They claim will use a site-to-site web encryption. The MTA is Postfix which will receive the content already encrypted by the browser, unlike lavabit. I have concerns since they posted on their forum that body text search will be possible with some intelligent solu

Re: What does this mean "timeout after RSET"?

2014-07-01 Thread Dominik George
Hi, >I'm not entirely sure what these RSETs are but they could be that the >customer was hammering our mail server and we ran out of smtpd >connections/processes to handle it. RSET is an SMTP command sent by the client. Form what I see, your Postfix duely tried to reply to it but the reply dropp

What does this mean "timeout after RSET"?

2014-07-01 Thread tswmmeejsdad .
Hi There... We are running Postfix 2.6.14. What we are seeing is that one of our client sent a bulk email yesterday using their LYRIS mailing program. *-bash-3.2# zgrep LYRIS maillog-20140701.gz | wc -l* *6826* So 6826 got through but there’s a few thousand missing they reported

Re: Logging DNSBL rejections

2014-07-01 Thread li...@rhsoft.net
Am 02.07.2014 01:41, schrieb Benny Pedersen: > On 1. jul. 2014 23.15.01 CEST, wie...@porcupine.org wrote: >> Benny Pedersen: >> [ Charset UTF-8 unsupported, converting... ] > >> Benny you have no idea what you are talking about. > > Oh > > Telnet to 127.0.0.1 25 was imho what you mean, not to 1

Re: Logging DNSBL rejections

2014-07-01 Thread Wietse Venema
Benny Pedersen: > On 1. jul. 2014 23.15.01 CEST, wie...@porcupine.org wrote: > >Benny Pedersen: > > >Benny you have no idea what you are talking about. > > Oh > > Telnet to 127.0.0.1 25 was imho what you mean, not to 127.0.0.2 ? See my follow-up post how to "telnet to 127.0.0.2 25", how Postfix

Re: Logging DNSBL rejections

2014-07-01 Thread Benny Pedersen
On 1. jul. 2014 23.15.01 CEST, wie...@porcupine.org wrote: >Benny Pedersen: >[ Charset UTF-8 unsupported, converting... ] >Benny you have no idea what you are talking about. Oh Telnet to 127.0.0.1 25 was imho what you mean, not to 127.0.0.2 ? Did i sleep there? >When a client connects from 127

Re: Logging DNSBL rejections

2014-07-01 Thread Wietse Venema
My reply had one typo. This is the fixed version. When a client connects from 127.0.0.2, the Postfix DNSBL client will make a query, for example, for 2.0.0.127.zen.spamhaus.org. 2.0.0.127.zen.spamhaus.org has address 127.0.0.4 2.0.0.127.zen.spamhaus.org has address 127.0.0.10 2.0.0.12

Re: Logging DNSBL rejections

2014-07-01 Thread Wietse Venema
Benny Pedersen: [ Charset UTF-8 unsupported, converting... ] > On 1. jul. 2014 22.00.22 CEST, wie...@porcupine.org wrote: > >Narcis Garcia: > >> At this moment I don't want to check manually if an IP is blacklisted > >or > >> not (I already had made that exercise). > >> > >> I want my Postfix inst

Re: Logging DNSBL rejections

2014-07-01 Thread Benny Pedersen
On 1. jul. 2014 22.00.22 CEST, wie...@porcupine.org wrote: >Narcis Garcia: >> At this moment I don't want to check manually if an IP is blacklisted >or >> not (I already had made that exercise). >> >> I want my Postfix installation presents a REJECTION to me. I'm >looking >> for a way to send a ma

Re: Logging DNSBL rejections

2014-07-01 Thread Wietse Venema
Narcis Garcia: > At this moment I don't want to check manually if an IP is blacklisted or > not (I already had made that exercise). > > I want my Postfix installation presents a REJECTION to me. I'm looking > for a way to send a mail because I want to reach my Postfix and it > REJECTS it due to DN

Re: Logging DNSBL rejections

2014-07-01 Thread Narcis Garcia
At this moment I don't want to check manually if an IP is blacklisted or not (I already had made that exercise). I want my Postfix installation presents a REJECTION to me. I'm looking for a way to send a mail because I want to reach my Postfix and it REJECTS it due to DNSBL rule. If it cannot be

Re: Logging DNSBL rejections

2014-07-01 Thread Wietse Venema
Narcis Garcia: > if I run mail command or swaks, they both make Postfix to send with SMTP > from 127.0.0.1 or public IP. Never 127.0.0.2 $ telnet 127.0.0.2 25 Then type the SMTP commands. Wietse

Re: Logging DNSBL rejections

2014-07-01 Thread Stan Hoeppner
On 7/1/2014 2:21 PM, Narcis Garcia wrote: > if I run mail command or swaks, they both make Postfix to send with SMTP > from 127.0.0.1 or public IP. Never 127.0.0.2 > > Can I tell Postfix to make 1 mail sending from 127.0.0.2 ? > If so, I suppose the SMTP service listening at TCP/25 will receive th

Re: Logging DNSBL rejections

2014-07-01 Thread Narcis Garcia
if I run mail command or swaks, they both make Postfix to send with SMTP from 127.0.0.1 or public IP. Never 127.0.0.2 Can I tell Postfix to make 1 mail sending from 127.0.0.2 ? If so, I suppose the SMTP service listening at TCP/25 will receive the local communication from 127.0.0.2 (?) Thanks for

DNSBL verification tool.

2014-07-01 Thread Eliezer Croitoru
I have modified a script that verifies one IP against a list of RBL that can be found here: http://www1.ngtech.co.il/rbl/rblcheck.rb The tool can download the rbl from the online RBL servers list at: http://www1.ngtech.co.il/rbl/rbl.csv If someone has some more RBL to add the list please send m

Re: Logging DNSBL rejections

2014-07-01 Thread Wietse Venema
Narcis Garcia: > Is there any website or service in internet to send a mail test from a > blacklisted IP? Yes. telnet to 127.0.0.2 port 25. Wietse > > El 01/07/14 19:12, Stan Hoeppner ha escrit: > > On 7/1/2014 11:18 AM, Wietse Venema wrote: > >> Narcis Garcia: > >>> How can I check in s

Re: Logging DNSBL rejections

2014-07-01 Thread Narcis Garcia
Is there any website or service in internet to send a mail test from a blacklisted IP? El 01/07/14 19:12, Stan Hoeppner ha escrit: > On 7/1/2014 11:18 AM, Wietse Venema wrote: >> Narcis Garcia: >>> How can I check in some manner that some of these parameters is working? >>> >>> reject_rbl_client

Re: Logging DNSBL rejections

2014-07-01 Thread Stan Hoeppner
On 7/1/2014 11:18 AM, Wietse Venema wrote: > Narcis Garcia: >> How can I check in some manner that some of these parameters is working? >> >> reject_rbl_client >> reject_rhsbl_reverse_client >> reject_rhsbl_helo >> reject_rhsbl_sender > > How can WE check that you have configured them properly? >

Re: Logging DNSBL rejections

2014-07-01 Thread Wietse Venema
Narcis Garcia: > How can I check in some manner that some of these parameters is working? > > reject_rbl_client > reject_rhsbl_reverse_client > reject_rhsbl_helo > reject_rhsbl_sender How can WE check that you have configured them properly? It is possible to configure these so that they will nev

Re: Logging DNSBL rejections

2014-07-01 Thread Narcis Garcia
How can I check in some manner that some of these parameters is working? reject_rbl_client reject_rhsbl_reverse_client reject_rhsbl_helo reject_rhsbl_sender El 01/07/14 17:46, Narcis Garcia ha escrit: > No log to mail.info file about rbl/dnsbl until now. > I've restored chroot option to default

Re: Logging DNSBL rejections

2014-07-01 Thread Narcis Garcia
No log to mail.info file about rbl/dnsbl until now. I've restored chroot option to default for smtp service. $ logger -p mail.info this is a test $ cat /var/log/mail.info | grep -e 'a test' 2014-07-01T17:43:17.257348+02:00 hostname username: this is a test El 01/07/14 17:30, Wietse Venema ha e

Re: Logging DNSBL rejections

2014-07-01 Thread Wietse Venema
Narcis Garcia: > Note that with default configuration Potstfix is already logging all > other events, except RBL ones, because in Debian chroot logging by > syslog is well configured in /etc/rsyslog.d/postfix.conf > > I've deactivated temporarily chroot, and I'm still waiting if there is > some ne

Re: Logging DNSBL rejections

2014-07-01 Thread Narcis Garcia
Note that with default configuration Potstfix is already logging all other events, except RBL ones, because in Debian chroot logging by syslog is well configured in /etc/rsyslog.d/postfix.conf I've deactivated temporarily chroot, and I'm still waiting if there is some news about reject_rbl_client

Re: Logging DNSBL rejections

2014-07-01 Thread Wietse Venema
Narcis Garcia: > Doing this (unpriv to n) and restarting service I get the following from > /var/log/mail.log : Should be: the chroot column that's fifth. My mistake. > error: incorrect SMTP server privileges: uid=0 euid=0 > fatal: the Postfix SMTP server must run with $mail_owner privileges > wa

Re: Logging DNSBL rejections

2014-07-01 Thread Narcis Garcia
Doing this (unpriv to n) and restarting service I get the following from /var/log/mail.log : error: incorrect SMTP server privileges: uid=0 euid=0 fatal: the Postfix SMTP server must run with $mail_owner privileges warning: process /usr/lib/postfix/smtpd pid 14987 exit status 1 warning: /usr/lib/p

Re: Logging DNSBL rejections

2014-07-01 Thread Wietse Venema
Narcis Garcia: > Hello; > > I'm working with Debian GNU/Linux 7 and Postfix 2.9.6 > I've configured a Postfix service with this (real rbl instead of example): > > $ postconf -e 'smtpd_recipient_restrictions = > permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_rbl_clien

Logging DNSBL rejections

2014-07-01 Thread Narcis Garcia
Hello; I'm working with Debian GNU/Linux 7 and Postfix 2.9.6 I've configured a Postfix service with this (real rbl instead of example): $ postconf -e 'smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client rbl.example.net' $ postcon

Re: Problem with "make makefiles shared=yes"

2014-07-01 Thread Ralf Hildebrandt
* Wietse Venema : > Try without "-Wl,--as-needed". That was the culprit! -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsit

Re: Problem with "make makefiles shared=yes"

2014-07-01 Thread Wietse Venema
Ralf Hildebrandt: > make tidy > CCARGS='-Wl,--as-needed -I/usr/include/sasl -DHAS_CDB -DUSE_TLS -DHAS_PCRE > -DUSE_SASL_AUTH -DUSE_CYRUS_SASL' \ > AUXLIBS="-Wl,--as-needed -lpcre -lssl -lcrypto -lcdb -lsasl2 -lnsl -lresolv" > make makefiles shared=yes && \ > time make -j > postfix stop; make -j u

Problem with "make makefiles shared=yes"

2014-07-01 Thread Ralf Hildebrandt
I used to build Postfix like this: make tidy CCARGS='-Wl,--as-needed -I/usr/include/sasl -DHAS_CDB -DUSE_TLS -DHAS_PCRE -DUSE_SASL_AUTH -DUSE_CYRUS_SASL' \ AUXLIBS="-Wl,--as-needed -lpcre -lssl -lcrypto -lcdb -lsasl2 -lnsl -lresolv" make makefiles && \ time make -j postfix stop; make -j upgrade

Re: Problem with mysql postfix backend with amavisd

2014-07-01 Thread rsmits-l
Hello, On 06/26/2014 06:09 PM, Viktor Dukhovni wrote: On Thu, Jun 26, 2014 at 05:08:28PM +0200, rsmits-l wrote: virtual_alias_maps = hash:/home/postfix/namen, mysql:/home/postfix/forwardsqlconnect.cf Can anyone help with this error? Mysql database performance issue is not the case. Af