Re: Logging Question: SASL Auth Failures?

On Wed, 20 Jan 2021 10:33:37 -0500 (EST) Wietse Venema wrote: [snip] > > With rsyslogd.conf you can route based on content. > > :msg, contains, "SASL LOGIN" /var/log/whatever > :msg, contains, "SASL LOGIN" ~ > > This is based on information from the web, which is often incorrect. Ok. Thank

Logging Question: SASL Auth Failures?

Hi All, Each of the various servers I admin occasionally get inundated with things like Jan 13 07:33:06 jimsun postfix/submission/smtpd[25328]: warning: unknown[59.95.95.239]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 I want these to go to the auth log, rather than, or in additi

Re: Postfix and (Open)DKIM: Received Email?

On Thu, 24 Sep 2015 08:48:24 -0400 (EDT) wie...@porcupine.org (Wietse Venema) wrote: > Jim Seymour: > > Hi All, > > > > I just installed, configured and have working OpenDKIM. I can see > > outgoing email is being properly signed, but not certain what it's > &

Postfix and (Open)DKIM: Received Email?

Hi All, I just installed, configured and have working OpenDKIM. I can see outgoing email is being properly signed, but not certain what it's doing for me on the receiving side of things? All the searching and reading I've done talks all about how to get it going, and how to test your outgoing em

Re: pflogsum don't count postscreen rejects

On Fri, 29 Aug 2014 14:50:26 +0200 Sven Hoexter wrote: > On Thu, Aug 28, 2014 at 07:57:40PM -0400, Jim Seymour wrote: > > Hey Jim, > > > I've got some other things people have sent me I need to look > > to. I suppose it's about time pflogsumm got some attenti

Re: pflogsum don't count postscreen rejects

On Mon, 25 Aug 2014 16:12:12 +0200 "li...@rhsoft.net" wrote: > Aug 25 14:55:15 mail-gw postfix/postscreen[29302]: NOQUEUE: reject: > RCPT from [119.75.11.68]:53210: 550 5.7.1 Service unavailable; > client [119.75.11.68] blocked using *; from=<>, > to=, proto=ESMTP, helo= > > pflogsumm do

Re: Postfix installation guid

On Sat, 23 Nov 2013 20:40:52 +0530 tejas sarade wrote: > Then there is no point in collecting usage details now. > Can you tell me if the the source of the mails. For God's sake: Please learn how to trim quoted text. Thank you! And please read this: http://blog.zixcorp.com/2012/09/boilerplate-

Pflogsumm Version 1.1.5 Released

Pflogsumm version 1.1.5 has been released. This is a Beta release. From the ChangeLog: rel-1.1.5 20120205 Fixed RFC 3339 support. Releases 1.1.3 and 1.1.4 were badly broken in this respect. Thanks and a tip o' the hat to Sven Hoexter (sven-at-timegate-dot-de) for the help. S

Re: Messages from=<> and pflogsumm

On Thu, 02 Feb 2012 23:49:19 +0200 Nikolaos Milas wrote: > Hello, > > In the logs, there are cases where some message seems to be coming > from=<>. That's because they are. > [snip] > > In such cases PFLOGSUMM, instead of a domain name or full sender > address, displays in the stats "from=<

Re: Pflogsumm: Specialization in SMTPD connections

On Thu, 02 Feb 2012 22:06:32 +0200 Nikolaos Milas wrote: > On 1/2/2012 6:00 μμ, James Seymour wrote: > > > rel-1.1.4 20120201 > > Thank you James for offering and supporting this great tool. You're welcome. > [snip] > > Is there a way to include stats on SMTPD connections from > particula

Re: SASL authentication and Windows Live Mail

On Tue, 31 Jan 2012 00:30:33 + James Day wrote: [snip] > ... trying the same account details from Windows Live > Mail throws up a: > > "554 Relay Access denied" error message. [snip] IIRC, "Relay access denied" is a symptom of a non-SSL attempted connection/login when "disable_plaintext_aut

Re: strange log issue

On Sun, 8 Jan 2012 19:41:07 +0100 Ralf Hildebrandt wrote: [snip] > > "delay=0," changed into "delay=0.04, delays=0.01/0.01/0/0.02," > > Did you update pflogsumm as well? Yup. You need Pflogsumm-1.1.1, at least, looks like. 1.1.3 has been released for nearly two years. I really should get 1.

Re: strange log issue

On Sun, 8 Jan 2012 13:04:18 +0100 (CET) "Barbara M." wrote: > > After upgrading my old box (Postfix 2.2 on CentOS 4.x), to > postfix-2.6.9-1.rhel4, I noticied this strange issue in my daily > pflogsum (and others), log analisys report: [snip] > > Mails are delivered to the mailboxes, but seems

Re: See which port a user connects to?

On Wed, 14 Dec 2011 10:56:40 -0600 "/dev/rob0" wrote: [snip] > > I'm not sure how that might affect pflogsumm.pl; perhaps if Jim is > still reading the list he can comment? [snip] I'm still reading, but I'm usually only seeing the stuff that mentions Pflogsumm or my name. Tho, right now, I'm

Re: Postfix "lost connection after DATA from unknown..." and ipfilter "-AF OUT" log message

On Sun, 11 Dec 2011 20:03:59 -0500 (EST) Wietse Venema wrote: > Wietse Venema: > > > bge1 @0:24 b ,25 -> 89.73.201.168,36545 PR > > > tcp len 20 40 -AR OUT > > > > Why are you blocking outbound TCP RST? > > According to ipmon(8), The web is rotting my brain. I never thought to actually ch

Re: Postfix "lost connection after DATA from unknown..." and ipfilter "-AF OUT" log message

On Sun, 11 Dec 2011 18:41:56 -0500 Sahil Tandon wrote: [snip] > > Postfix sends a 450 response because your DNS server cannot find the > client's reverse hostname; following that, the client foolishly > sends DATA, to which Postfix responds with a 554. Finally, instead > of gracefully QUITing,

Re: Postfix "lost connection after DATA from unknown..." and ipfilter "-AF OUT" log message

On Sun, 11 Dec 2011 19:15:35 -0500 Jim Seymour wrote: > Each of them occurs two-or-more > times, involving the same contacting IP. Clarification: That was to say that, when it occurs multiple times in a row, it's the same IP trying over-and-over again in each set of retries. A

Re: Postfix "lost connection after DATA from unknown..." and ipfilter "-AF OUT" log message

On Mon, 12 Dec 2011 01:11:00 +0100 Reindl Harald wrote: > > > Am 12.12.2011 01:04, schrieb Jim Seymour: > > On Mon, 12 Dec 2011 00:14:08 +0100 > > Reindl Harald wrote: > > [snip] > >> > >> why do you use "reject_unknown_reverse_client_h

Re: Postfix "lost connection after DATA from unknown..." and ipfilter "-AF OUT" log message

On Sun, 11 Dec 2011 18:35:23 -0500 (EST) Wietse Venema wrote: [snip] > > Why are you blocking outbound TCP RST? I am not, to the best of my knowledge. There is a TCP control traffic rate limit in the border router, there as a DoS prevention tactic, but that's it. This doesn't happen all the t

Re: Postfix "lost connection after DATA from unknown..." and ipfilter "-AF OUT" log message

On Mon, 12 Dec 2011 00:14:08 +0100 Reindl Harald wrote: [snip] > > why do you use "reject_unknown_reverse_client_hostname" if you do > not like the results of it? Why do you answer the question when you obviously have not read it? (Or at least apparently not understood it.) Regards, Jim -- Not

Postfix "lost connection after DATA from unknown..." and ipfilter "-AF OUT" log message

Hi All, This may be a weird one, and may be completely OT. If the latter: Feel free to tell me to bugger off :) System is FreeBSD 8.2, running ipfilter and postfix-current-2.9.2019,4. Occasionally I see something like this from ipfilter in /var/log/messages: bge1 @0:24 b ,25 -> 89.73.2

Re: Changing Users' Mail Spool Destination

On Sun, 11 Dec 2011 19:30:12 + Duane Hill wrote: [snip] > > You could also use Dovecot LDA or LMTP. Dovecot will create > the directory structure automatically upon the first login or > message delivery. Wouldn't I lose Postfix' header and body processing if I did that? There's

Re: Changing Users' Mail Spool Destination

On Sun, 11 Dec 2011 13:15:28 -0500 (EST) Wietse Venema wrote: [snip] > > To turn on maildir support, append a trailing '/' to the name. Yes, I caught that. (But thanks for the note, anyway). I plan to let inbox be mbox format, just like it is in a "normal" mail spool. Dovecot is perfectly hap

Changing Users' Mail Spool Destination

G'day Postfix'ers, I'm in the process of building-up a new company mail server. It'll be an IMAP4 beast, using Maildir, and so I allocated the vast majority of the freespace to /home, for IMAP folder storage. Then it occurred to me: I know my users have poor habits, and tend to leave much of the

Re: Rewriting FROM, TO and CC

On Sun, 4 Dec 2011 17:37:31 +0100 Ignacio wrote: > Hello Jim, > > Thank you very much, but there are more than 1000 possible options, > and they change almost every week. It depends on projects and > people involved in them. One of us is confused. How would creating an alias and running newali

Re: Low Budget Backups

On Sat, 3 Dec 2011 19:00:55 -0800 (PST) email builder wrote: > [snip] > > OK, rsync it is.  > > Can you restore a system crash with a simple > rsync backed set of duplicate files? [snip] Never tried it :p I suspect not. TBH: Other than a Unix SYS3 installation, running on a Motorola Delta

Re: Rewriting FROM, TO and CC

On Sun, 4 Dec 2011 08:04:44 +0100 Ignacio wrote: [snip] > > The application connects to a smtp server and sent an e-mail as: > SENDER: user1@domain > TO: user2@domain;user3@domain > > >From this smtp server we would like to relay e-mail to Corporate > >Exchange > server.This server needs authen

Re: Low Budget Backups

On Fri, 2 Dec 2011 21:52:54 -0800 (PST) email builder wrote: [snip] > As know one seems to have any other ideas, looks like it has to be > some rsynch variant using whatever cheap remote storage I can find. Seems kind of OT for this list, but since nobody else seems to object... Two questions:

Re: Problem with smtp client bind address

On Thu, 1 Dec 2011 16:46:00 -0500 (EST) Wietse Venema wrote: > James Seymour: > > On Thu, 1 Dec 2011 16:27:07 -0500 (EST) > > Wietse Venema wrote: > > [snip] > > > I suggest that you use different smtp_bind_address settings in > > > master.cf for the (default) smtp transport and for the (inbound

Re: Multiple Domains, Mail Gateway, Two Mail Servers

Wow, over 48 hours and no solution(s) suggested? Everybody on vacation? :) Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at

Re: Pflogsumm Version 1.1.3 Released

> Date: Fri, 26 Mar 2010 02:00:10 -0300 > From: Julio Cesar Covolato > To: Jim Seymour , owner-postfix-us...@postfix.org > Subject: Re: Pflogsumm Version 1.1.3 Released > > Hi Jim! > > Any improviment to suport the reinjection from amavisd? Nope. If I had, it would&

Pflogsumm Version 1.1.3 Released

Pflogsumm version 1.1.3 has *finally* been released. This is a Beta release. From the ChangeLog: rel-1.1.3 20100320 Added long-awaited switches to optionally reduce detail reporting: --bounce_detail=N, --deferral_detail=N, --reject_detail=N, --smtp_detail=N, smtpd_warning_detai

Pflogsumm Status

Hi All, As many of you may be aware, about a year ago I emailed the list asking if anybody would be interested in taking over maintenance of Pflogsumm. Several people volunteered. In the mean-time, after un-loading a bit (basically taking a hiatus from anything that resembled computer "work" in

New Pflogsumm Maintainer Needed

Hi All, I'm simplifiying my life. Amonst other things, that means I'm dropping my business class DSL circuit and all of my involvement in projects, documentation, anti-spam efforts, etc. If somebody *qualified* wants to officially take over maintenance of Pflogsumm, please speak up. "Qualified"

Re: Header/body checks question, problem.

wie...@porcupine.org (Wietse Venema) wrote: > > KLaM Postmaster: > > Among the stuff being rejected is the output of pflogsumm, I run a daily > > a report and email it to postmaster. I was not getting the reports so I > > See http://www.postfix.org/http://www.postfix.org/BUILTIN_FILTER_README.ht