Re: Possible to enforce 4XX error upon dns lookups which result in NXDomain?

2019-10-15 Thread Wietse Venema
Wietse Venema: > Wietse Venema: > > Tobi: > > > I wonder if the following idea is somehow "do-able" in postfix. We have > > > a fallback postfix instance which gets all mails that our scanners could > > > not send to our customers target server. Now the fallback tries to > > > submit those msg to o

Re: Possible to enforce 4XX error upon dns lookups which result in NXDomain?

2019-10-15 Thread Wietse Venema
Wietse Venema: > Tobi: > > I wonder if the following idea is somehow "do-able" in postfix. We have > > a fallback postfix instance which gets all mails that our scanners could > > not send to our customers target server. Now the fallback tries to > > submit those msg to our customers. Sometimes our

Re: Postfix is not open relay but send spam

2019-10-15 Thread Bill Cole
On 15 Oct 2019, at 13:24, Thilo Molitor wrote: Or use openssl s_client -starttls smtp -connect :25 for tls on port 25 (in case port 465 is not configured on your server or the configuration differs from port 25) See the original poster's earlier message: his issue is specifically with a spa

Re: Postfix is not open relay but send spam

2019-10-15 Thread Viktor Dukhovni
On Tue, Oct 15, 2019 at 05:15:38PM +0200, Julien Michaux wrote: > Do you have a way to test authentification with smtps ? Why bother? Your "cyrus" account has a password that is weak, leaked or perhaps even empty. Disable logins by "cyrus", you surely don't need them. -- Viktor.

Re: Postfix is not open relay but send spam

2019-10-15 Thread Thilo Molitor
Or use openssl s_client -starttls smtp -connect :25 for tls on port 25 (in case port 465 is not configured on your server or the configuration differs from port 25) Am Dienstag, 15. Oktober 2019, 11:30:42 CEST schrieb Bill Cole: > On 15 Oct 2019, at 11:15, Julien Michaux wrote: > > Do you have a

Re: Postfix is not open relay but send spam

2019-10-15 Thread Bill Cole
On 15 Oct 2019, at 11:15, Julien Michaux wrote: Do you have a way to test authentification with smtps ? openssl s_client -connect :465 That will negotiate an SSL/TLS connection with the given host on port 465 (smtps) and leave you inside the encrypted session as if you'd used 'telnet :25'

Re: Postfix is not open relay but send spam

2019-10-15 Thread Julien Michaux
Do you have a way to test authentification with smtps ? AUTH LOGIN over smtp is disabled so postfix reply : 503 5.5.1 Error: authentication not enabled Michaux Julien Courriel : jul...@michaux.name Le mar. 15 oct. 2019 à 16:57, Jaroslaw Rafa a écrit : > Dnia 15.10.2019 o godz. 16:47:59 Julien

Re: Postfix is not open relay but send spam

2019-10-15 Thread Jaroslaw Rafa
Dnia 15.10.2019 o godz. 16:47:59 Julien Michaux pisze: > Oct 13 19:41:29 mail postfix/smtps/smtpd[25100]: 5A064379357: > client=unknown[185.153.197.48], sasl_method=LOGIN, sasl_username= > cy...@mydomain.com This line says that the client at IP address 185.153.197.48 managed to authenticate to you

Re: Postfix is not open relay but send spam

2019-10-15 Thread Julien Michaux
Hi, Here is a log : Oct 13 19:41:28 mail postfix/qmgr[15506]: 8F189379357: removed Oct 13 19:41:28 mail postfix/smtps/smtpd[25100]: warning: hostname server-185-153-197-48.cloudedic.net does not resolve to address 185.153.197.48 Oct 13 19:41:28 mail postfix/smtps/smtpd[25100]: connect from unknow

Re: Centos 7 turn on pypolicyd-spf

2019-10-15 Thread Emanuel
Hi.!! Following this user's recommendation, he will solve the problem thanks Thanks!!! REgards-! El 14/10/19 a las 20:45, li...@lazygranch.com escribió: FWIW, this is what I have in my master.cf. I am on centos 7. policyunix - n n - 0 spawn user=nobod

Re: Postfix is not open relay but send spam

2019-10-15 Thread Allen Coates
On 15/10/2019 08:27, Julien Michaux wrote: > Time to time, my server is attack and he sends spam. All spam are from a > specific address "cy...@mydomain.com" I tried many things but nothing works> > I have to stop postfix for some hours and attack ends until next time. > Have you tried puttin

Re: Postfix is not open relay but send spam

2019-10-15 Thread Tobi
Hi shot me if I'm wrong ;-) but I think your smtp service is an open relay?! I don't see reject_unauth_destination after your permit_mynetwork and permit_sasl_authenticated. Thats means (at least afaik) that any mail will be accepted as long as it does not hit one of your reject_* statements. So f

Re: Postfix is not open relay but send spam

2019-10-15 Thread Shawn Heisey
On 10/15/2019 1:27 AM, Julien Michaux wrote: Time to time, my server is attack and he sends spam. All spam are from a specific address "cy...@mydomain.com" . I tried many things but nothing works. I have to stop postfix for some hours and attack ends until next time.

Re: Possible to enforce 4XX error upon dns lookups which result in NXDomain?

2019-10-15 Thread Wietse Venema
Tobi: > I wonder if the following idea is somehow "do-able" in postfix. We have > a fallback postfix instance which gets all mails that our scanners could > not send to our customers target server. Now the fallback tries to > submit those msg to our customers. Sometimes our customers do not know >

Re: Postfix is not open relay but send spam

2019-10-15 Thread @lbutlr
On Oct 15, 2019, at 5:22 AM, @lbutlr wrote: > There is no instance of permit_mynetworks in my main.cf not in my master.cf > file. There is no instance of permit_mynetworks in my main.cf *nor* in my master.cf file. -- 'It is always useful to face an enemy who is prepared to die for his count

Re: Postfix is not open relay but send spam

2019-10-15 Thread @lbutlr
On Oct 15, 2019, at 1:27 AM, Julien Michaux wrote: > smtpd_helo_restrictions = > permit_mynetworks, > smtpd_recipient_restrictions = >permit_mynetworks, > smtp_sender_restrictions = >permit_mynetworks, > smtp_helo_restrictions = > permit_mynetworks, > smtp_recipient_restriction

Re: Postfix is not open relay but send spam

2019-10-15 Thread Bjoern Franke
Am 15.10.19 um 09:27 schrieb Julien Michaux: > Hi everyone, > > I have a problem with postfix. > > I use OBM as a mail server (postfix + cyrus + ldap, etc...). My postfix > is not openrelay : > Do you see something in the logs how the spam enters your system? Possibly a authenticated user or so

Re: Postfix is not open relay but send spam

2019-10-15 Thread Jaroslaw Rafa
Dnia 15.10.2019 o godz. 09:27:42 Julien Michaux pisze: > > Time to time, my server is attack and he sends spam. All spam are from a > specific address "cy...@mydomain.com" . > I tried many things but nothing works. I have to stop postfix for some > hours and attack ends until next time. Do you ha

Possible to enforce 4XX error upon dns lookups which result in NXDomain?

2019-10-15 Thread Tobi
Hi list I wonder if the following idea is somehow "do-able" in postfix. We have a fallback postfix instance which gets all mails that our scanners could not send to our customers target server. Now the fallback tries to submit those msg to our customers. Sometimes our customers do not know how to

Postfix is not open relay but send spam

2019-10-15 Thread Julien Michaux
Hi everyone, I have a problem with postfix. I use OBM as a mail server (postfix + cyrus + ldap, etc...). My postfix is not openrelay : 220 xx ESMTP Postfix (Debian/GNU) [706 ms] EHLO keeper-us-east-1c.mxtoolbox.com 250-xx 250-PIPELINING 250-SIZE 52428800 250-VRFY 250-ETRN 250-STARTTLS 25