whitelisting to correct rbl false positives

just noticed some email sent from gmail/google bouncing from my server as sorbs RBL had that server/host listed; Nov 17 12:56:47 emu postfix/smtpd[16381]: NOQUEUE: reject: RCPT from mail-ua0-f170.google.com[209.85.217.170]: 554 5.7.1 Service unavailable; Client host [209.85.217.170] blocked using

Re: Veracode reported vulnerabilities

Wietse: Thank you very much for the response. I will look at the remaining two items to see if they are also false positives based on the information you provided for the other items. If I can't, I will try to get the lines numbers at least for those two. Thanks Mc. On Wed, Nov 16, 2016 at 7:54

Re: "mail forwarding loop" when Resending Email to Oneself.

Ralph Corderoy: > Hi Bill, > > > > If not, what's the closest to a specification? > > > > The documentation in the software that adds it. In this case > > specifically the man page for postconf(5) > > I'd already read that, e.g. prepend_delivered_header, and it doesn't > describe Postfix's logic

Re: Veracode reported vulnerabilities

McSec: > A Veracode scan reported the following vulnerabilites in postfix 3.0.1: > > vulnerabilitymodulesource > Buffer Over Flowdnsblog home/.../src/dns/dns_rr.c > Buffer Over Flowsmtpd home/.../src/tls/tls_scache.c There is no line number information, t

Re: Was the Dovecot working well?

I hope fail2ban default ban rule will work, or should we add some more rules to it? On 星期二, 15 十一月 2016 19:11:41 -0800Ron Wheeler wrote On 15/11/2016 9:52 PM, Sean Greenslade wrote: > On Tue, Nov 15, 2016 at 04:21:17AM -0500, Ron Wheeler wrot

Re: EDNS / DANE trouble with Microsoft mail.protection.outlook.com.

On Wed, Nov 16, 2016 at 11:15:35PM +0100, Walter Doekes wrote: > this week we stumbled upon an issue where we could not send mail to certain > domains, for instance em...@umcg.nl. > > Nov 16 17:04:08 mail postfix/smtp[13330]: warning: > no MX host for umcg.nl has a valid address record > Nov

EDNS / DANE trouble with Microsoft mail.protection.outlook.com.

Hi there list, this week we stumbled upon an issue where we could not send mail to certain domains, for instance em...@umcg.nl. Nov 16 17:04:08 mail postfix/smtp[13330]: warning: no MX host for umcg.nl has a valid address record Nov 16 17:04:08 mail postfix/smtp[13330]: 1D1D21422C2: to=, re

Re: regexp for allowing helo host

L.P.H. van Belle [2016-11-16 13:59 +0100] : > I suggest you read : > http://faculty.cs.niu.edu/~rickert/cf/bad-ehlo.html > > personaly i use the following. > smtpd_helo_restrictions = > permit_mynetworks, > check_helo_access pcre:/etc/postfix/pcre/helo.pcre > check_helo_access hash

Re: hacker or server problem

‎That is a good tip. I see there are rate limiting parameters: http://www.postfix.org/TUNING_README.html   Original Message   From: Fazzina, Angelo Sent: Wednesday, November 16, 2016 6:38 AM To: postfix-users@postfix.org Subject: RE: hacker or server problem I'm a little late to the party, but w

Re: Veracode reported vulnerabilities

While scanners are a great tool, blindly taking their results as inquestionable true can lead to disasters. The Debian SSL keys generation disaster is a proof of that. Em 16/11/16 13:38, McSec escreveu: A Veracode scan reported the following vulnerabilites in postfix 3.0.1: vulnerabilit

Re: "mail forwarding loop" when Resending Email to Oneself.

Hi Bill, > > If not, what's the closest to a specification? > > The documentation in the software that adds it. In this case > specifically the man page for postconf(5) I'd already read that, e.g. prepend_delivered_header, and it doesn't describe Postfix's logic for producing "mail forwarding loo

Re: "mail forwarding loop" when Resending Email to Oneself.

On 16 Nov 2016, at 7:43, Ralph Corderoy wrote: Does an RFC cover Delivered-To? No. If not, what's the closest to a specification? The documentation in the software that adds it. In this case specifically the man page for postconf(5)

Re: Veracode reported vulnerabilities

I checked the source code for the reported Numeric Errors in the latest release, the source code at the identified lines hasn't changed from 3.0.1. I also checked the release notes for 3.0.2 and later. The reported vulnerabilities are not addressed as per the notes. We will upgrade to the latest

Re: regexp for allowing helo host

Tanstaafl writes: > On 11/15/2016 6:11 PM, Bill Cole > wrote: >> Be aware that if you use reject_unknown_helo_hostname you will have a >> steady stream of cases for which you will have to make special >> exceptions. How steady that stream is depends more on your volume and >> diversity of le

Re: Veracode reported vulnerabilities

On 16 Nov 2016, at 10:38, McSec wrote: A Veracode scan reported the following vulnerabilites in postfix 3.0.1: Just curious: why bother with analyzing an obsolete version? Latest releases are 3.1.3 and 3.0.7. Also, have you read the release notes for 3.0.{2..7}?

Re: milter to decode quoted-printable, base64, ...

On 16 Nov 2016, at 0:42, Michael Fox wrote: [...] Yup. But if the original message content is all plain text, then the encoding adds no value and can be removed without changing the message. That is a critical factor. It is entirely feasible to slice everything other than text/plain parts

Re: regexp for allowing helo host

Am 16.11.2016 um 15:00 schrieb L.P.H. van Belle: Hello, > No, Thats is due my setup with the mailscanner antispam behind it. What is so different in your pf configuration, that you do not encounter these warnings? Nov 16 17:08:31 blueberry postfix/postscreen[27495]: warning: psc_dnsbl_request: c

Veracode reported vulnerabilities

A Veracode scan reported the following vulnerabilites in postfix 3.0.1: vulnerabilitymodulesource Buffer Over Flow dnsblog home/.../src/dns/dns_rr.c Buffer Over Flow smtpd home/.../src/tls/tls_scache.c Numeric Errorsdnsblog home/.../src/dns/dns

Queue stuck with "Host or domain name not found", needs restart

For the last few weeks, one of my machines (running Debian stable, with Postfix 2.11.3) gets constantly stuck with things like: % mailq -Queue ID- --Size-- Arrival Time -Sender/Recipient--- CDC7364F79 972 Wed Nov 16 08:12:48 monn...@iro.umontreal.ca (Host or domai

RE: hacker or server problem

I'm a little late to the party, but wouldn't configuring Anvil in Postfix stop this kind of stuff ? -ALF -Angelo Fazzina Operating Systems Programmer / Analyst University of Connecticut,  UITS, SSG, Server Systems 860-486-9075 -Original Message- From: owner-postfix-us...@postfix.org [ma

Re: Load balance outgoing message

Marcelo Machado: > Hi everybody. > > Is possible with postfix send messages to multiple smart hosts randomly > from a single domain? This requires Postfix 3.0 and later: /etc/postfix/main.cf: default_transport = randmap:{smtp:[relayhost1], smtp:[relayhost2]} The {} and [] are required. Thi

RE: regexp for allowing helo host

Hai Florian, No, Thats is due my setup with the mailscanner antispam behind it. Just give those sites a good read, and the adjust the config to your needs. Running a caching dns on that server helps dns queries. Extra to that, install fail2ban and add postfix-dnsbl.conf With filter : failreg

Re: regexp for allowing helo host

Am 16.11.2016 um 14:35 schrieb L.P.H. van Belle: I have those entries in the master.cf, except it's having the "n" for chrooted as well (should be transparent)... I assume it is due to the sheer NUMBER of dnsbl sites to query simultaneously? > Ah yes, > > In master.cf adust these. > > smtp

RE: regexp for allowing helo host

Some good info to read into. http://rob0.nodns4.us/postscreen.html http://blog.schaal-24.de/mail/postscreen-im-kampf-gegen-spam/?lang=en and ofcourse a must read: http://www.postfix.org/POSTSCREEN_README.html Greetz, Louis > -Oorspronkelijk bericht- > Van: flo...@floppy.org [mailt

RE: regexp for allowing helo host

Ah yes, In master.cf adust these. smtp inet n - - - 1 postscreen smtpd pass - - - - - smtpd dnsblog unix - - - - 0 dnsblog > -Oorspronkelijk bericht- > Van: flo...@floppy.org [mai

Re: regexp for allowing helo host

Am 16.11.2016 um 13:59 schrieb L.P.H. van Belle: After going from postscreen_dnsbl_sites = zen.spamhaus.org*2, bl.mailspike.net, bl.spamcop.net, b.barracudacentral.org, swl.spamhaus.org*-2 to > postscreen_dnsbl_sites = > b.barracudacentral.org*4 > bad.psky.me*4 >

RE: regexp for allowing helo host

I suggest you read : http://faculty.cs.niu.edu/~rickert/cf/bad-ehlo.html personaly i use the following. smtpd_helo_restrictions = permit_mynetworks, check_helo_access pcre:/etc/postfix/pcre/helo.pcre check_helo_access hash:/etc/postfix/overrule/allow_helo_access.map reject_inval

Re: Load balance outgoing message

Not sure about the postfix but for sure you can use "haproxy". It might be more easy to maintain it then. Thanks, Pawel 2016-11-16 11:27 GMT+00:00 Marcelo Machado : > Hi everybody. > > Is possible with postfix send messages to multiple smart hosts randomly > from a single domain? > > Marcelo Gom

"mail forwarding loop" when Resending Email to Oneself.

Hi, I send myself a little email. Return-Path: X-Original-To: ralph Delivered-To: ra...@inputplus.co.uk Received: by orac.inputplus.co.uk (Postfix, from userid 1000) id 9687C279FC; Wed, 16 Nov 2016 12:29:46 + (GMT) Date: Wed, 16 Nov 2016 12:29:46 + To:

Re: regexp for allowing helo host

On 11/15/2016 6:11 PM, Bill Cole wrote: > Be aware that if you use reject_unknown_helo_hostname you will have a > steady stream of cases for which you will have to make special > exceptions. How steady that stream is depends more on your volume and > diversity of legitimate mail than on how he

Load balance outgoing message

Hi everybody. Is possible with postfix send messages to multiple smart hosts randomly from a single domain? Marcelo Gomes

Re: hacker or server problem

The full cidr is blocked in the firewall.    Original Message   From: Patrick Chemla Sent: Wednesday, November 16, 2016 2:48 AM To: postfix-users@postfix.org Subject: Re: hacker or server problem Le 16/11/2016 à 12:38, li...@lazygranch.com a écrit : > On Wed, 16 Nov 2016 02:26:13 -0800 > "li...@

Re: hacker or server problem

Le 16/11/2016 à 12:38, li...@lazygranch.com a écrit : On Wed, 16 Nov 2016 02:26:13 -0800 "li...@lazygranch.com" wrote: On Wed, 16 Nov 2016 11:52:14 +0200 Patrick Chemla wrote: Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit : Is this a hack or a server problem. IP was listed in abusedb

Re: hacker or server problem

On Wed, 16 Nov 2016 02:26:13 -0800 "li...@lazygranch.com" wrote: > On Wed, 16 Nov 2016 11:52:14 +0200 > Patrick Chemla wrote: > > > Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit : > > > Is this a hack or a server problem. IP was listed in abusedb > > > about a year ago. > > > > > > > >

Re: hacker or server problem

On Wed, 16 Nov 2016 11:52:14 +0200 Patrick Chemla wrote: > Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit : > > Is this a hack or a server problem. IP was listed in abusedb about a > > year ago. > > > > > > Nov 16 09:14:36 theranch postfix/smtpd[6094]: connect from > > unknown[87.236.215.11

Re: hacker or server problem

Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit : Is this a hack or a server problem. IP was listed in abusedb about a year ago. Nov 16 09:14:36 theranch postfix/smtpd[6094]: connect from unknown[87.236.215.11] Nov 16 09:14:36 theranch postfix/smtpd[6094]: lost connection after AUTH from

hacker or server problem

Is this a hack or a server problem. IP was listed in abusedb about a year ago. Nov 16 09:14:36 theranch postfix/smtpd[6094]: connect from unknown[87.236.215.11] Nov 16 09:14:36 theranch postfix/smtpd[6094]: lost connection after AUTH from unknown[87.236.215.11] Nov 16 09:14:36 theranch postfix/