I
noticed something.
On Tue, Sep 17, 2013 at 02:04:55PM -0600, Josh Cason wrote:
So this is a update. I had put a few days ago. I said 1 mail was
stopped by 1 user in the incoming directory. Then goes away without
a error. Well I now have 2 users. But I noticed something the other
day and on this user
From: "Wietse Venema"
To: "Postfix users"
Sent: Tuesday, September 17, 2013 2:24 PM
Subject: Re: update: 1 mail stoped by 1 user. Now it is 2 users and I
noticed something.
Josh Cason:
So this is a update. I had put a few days ago. I said 1 mail was
stopped by 1 user in the
So this is a update. I had put a few days ago. I said 1 mail was stopped by 1
user in the incoming directory. Then goes away without a error. Well I now have
2 users. But I noticed something the other day and on this user. It has a pair
of ?? marks on it. So I did a search but still did not prov
nal Message -
From: "Viktor Dukhovni"
To:
Sent: Wednesday, September 11, 2013 2:44 PM
Subject: Re: 1 mail being stuck in incoming mail queue.
On Wed, Sep 11, 2013 at 02:15:34PM -0600, Josh Cason wrote:
I have this 1 email from 1 company from 1 person who for some
reason gets stuck i
I have this 1 email from 1 company from 1 person who for some reason gets stuck
in the incoming folder. Mail After it goes through. Mail Before it goes
through. The maillog show the message showing up. Then that is it. The file
stays in chmod 600. I found a suggestion of putting -v behind picku
I had a request to take a internal mail account that receives email
and need to copy that information to another account. I can do a
aliase but that just fowards the mail not make a copy. I'm using
postfix, mysql, and postfix.admin. I will answer any other questions.
Thanks,
Josh
--
This
I treid grey listng and don't use it because too many servers were not
re-sending the e-mail back asap. Alot did and there was no problem.
But some took up to a day to retry the message.
I remeber reading about DPSAM. Also going to look at amavisd-new and assp.
I like the idea of calling it a
As most of you guys know. I use mailscanner. I would like
recomendations of what else to use. I prefer a all in one package like
what mailscanner does. It also utilizes clamav and spamassion. The
problem is most of the information I find on the net is outdated or
for projects that stops. Se
I do accept mail besides postini. But when I track this mail (spam)
back it is comming through postini. What I'm seeing is a spike in
spam. This will normally last for 1 week or so then stop. But during
that time. All heck breaks loose for me. I admin other domains besides
mychoice.cc. Some
No the message is different. Like this time around they look like this:
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
authentical...@raisley.com
Final-Recipient: rfc958;authentical...@raisley.com
Action: failed
Status: 1.2.0
I have now went through my config so I will post it if needed. What
I'm facing now is spam that looks normal. Looks like a reject but is
not in some cases. The problem is that since these e-mails are
delivered to the user account. I really don't have an example to post
from the q. I use pos
A while back I setup a helo.regexp file. I have changed it around a
bit. I'm trying to stop e-mail that is sent to/from the same e-mail
address but not my system. The idea was if they are sending mail to
themselves from my ip address. It would be blocked.
Example from my test server:
/^we
First of all thank you so much for helping me. I found it was a hacked
user account in the e-mail system. Not only did they use his e-mail
account they used his webmail too. Once I changed his password. As of
yet they have gave up trying. I'm amazed I did not catch this sooner.
I did catch
So did I setup mailscanner wrong or is this just one of those horrible
designs. I was thining at one time that mailscanner was messing with
e-mail and I temporary disabled it. But didn't change anything. Just
got more spam. Also I sent that guy a e-mail asking if he mutiple
listed. But I fi
Now this has always been puzzling. This looks like a spam from a
customers machine. They swear up an down there machine is clean. The
are also a good friend of the boss. Well he knowns them. What I did
was grep the 2E3F10D8005 and then did another grep when 7F92C10D8193
via mailscanner.
T
Current Config file. Running since friday.
Now I have had major problems posting maillog files that was either
not enough info, too large, or not in -V format. The first post was
not in -v format because if I leave my system in that. It messes up
logwatch. Plus I still tried to follow a mess
Current Config file. Running since friday.
Now I have had major problems posting maillog files that was either
not enough info, too large, or not in -V format. The first post was
not in -v format because if I leave my system in that. It messes up
logwatch. Plus I still tried to follow a mess
So I got rid of pop-before-smtp. I setup smtpd sasl. But like
clockwork I'm still getting spam. I don't get it. I even found a
program called test-relay-pro and it showed 16 problems until I added
the sasl stuff. What I don't understand is why the difference between
one of my costmers e-mai
Okay So I want to convert my access list into a cidr list. Since
postini has a simple cidr. The problem is I have some
nos...@nospam.com addresses in the access list as well as ip numbers.
Can I move the addresses to the check_sender_access list?
This is what is in my access list. But from
I'm just a tad confused.
I currently only have one check client access file. That is
/etc/postfix/access. Do I need another check client access file with
postini's ip range?
As below I do have a senders access list. But I don't have a recipient
access list because this is mysql under virt
So postini wants me to add there servers into the my_network list. To
only accept e-mail from there servers. To me this is wrong. For send
mail they wanted the below setup. Now from what I could find. Should I
not be able to add the ip numbers or ranges to my access file.
check_client_acces
I called and talk to globalpops. It is not a range. it is a ip number
like this
ex: 192.168.1.0 --- notice the zero. So I don't think that will work.
They actually recomend what I'm going and that is smtp-auth. But still
any response would be appricated.
thanks,
josh
--
This message h
I decided to impliment some new security and remove pop-before-smtp.
But I have some dialup users and some of them use email. The company
I'm going through is global pops. I would like to add there iprange to
postfix as allowed users. I looked at /etc/postfix/access list example
192.168.0.1
postfix, relayhost, and dynamic ip range though it is static
So after fighting with rdns and sorbs issues. Well mostly sorb issues.
I decided to route through our isp server. I think this fixed sorbs
for complaints about it thinking it is a dynamic ip. I'll find out
more. But from what I co
I don't know how to explain this. Have you guys every heard of a
problem were email is sent to another server and go stray for hours
before being delivered? The only network I had problems on was
verizion text message. You send a text msg from your e-mail and it
goes into the verizion serve
reject unverified sender is nice way to block spam. But it also blocks
my other servers that really are not e-mail servers. I have tried to
get around this with no luck. I have two backup servers that are not
really e-mail servers. There is no route to them but they do send out
information
A while back I changed my aliases to use the mysql database. Well I
thought everything was fine until I had a changed and relized the
postmaster address was not working. Okay no problem I'll just link a
postmaster address to the support account of my system. Well that is
great if I send a m
I'm confused about the following in the main.cf
smtpd_receipient_restrictions
smtpd_sender_restrictions
smtpd_client_restrictions
smtpd_data_restrictions this I pretty much get
smtpd_helo_restrictions this I pretty much get
Now with postfix all of these are blank except
smtpd_recei
Thank you for the help. Let me clear up a few things. First of all
they are talking to my e-mail server but the servers we are monitoring
is the customers servers These servers have one static ip from qwest.
We have no control over that and have not asked qwest to fix the wrong
dns issue. I
I have three servers that need to send me e-mail. Two of the servers
won't send say avast reports and what not. I get the following error
From one server:
warning: 71.39.113.15: address not listed for hostname sbs.rtgis.com
From the other server:
NOQUEUE: reject: RCPT from unknown[71.39.117
After working on some other issues. I came back to this spam problem.
I once again do not have the -v. The spam I was looking at came in
last wensday (I disabled the -v for a few weeks now until I can get
back to it) and one difference I noticed is it does not have a hold
header on it. It d
I have a dmz zone on my network. The postfix sits behind the dmz zone.
The public IP address is translated (nat) to the dmz zone. I asked
about the proxy interfaces command in the main.cf file. I was told I
needed to put in the public ip address for the server. What does this
do since it di
Major question:
First of all can you be a little more clear on the fw setting. I need
to get with my firewall guy and check with him. I'm pretty sure it is
wrong. It is doing src and nat translation. I cannot get more specific
since I didn't setup the fw.
Better explination:
I think we a
When I built the server after doing tons of research. (the old servers
ran sendmail and I didn't have a hand in setting them up.)
pop-before-smtp worked great for customers outside the network. If I
disabled pop-before-smtp they would not work. Just internal users. So
without any changes to
So then from I could tell. Pop-Before-Smtp should not list 127.0.0.1
and the server ip number then. I guess what I'm asking is. I have this
server doing multiple duties including sending logwatch and webmail
from the server via localhost. This works great. But I think it might
be a cause to
The pop-before-smtp has other ip numbers in the list. I'm able to
create a list using the pop-before-smtp --list command and > into a
file. Then read through the ip numbers. That is how I know what is
listed including 127.0.0.1 and the internal server ip number. Compared
to the test server
Back to the question. I was looking at a detailed log on postfix. When
it goes through
the list of tests. It rejects everything until it hits
pop-before-smtp. Then it says
okay. When I check the database of ip numbers. It lists my server and
my localhost
127.0.0.1 number. This isn't correct?
My mailserver is behing a firewall that also does nat tranlastion. So
the inside has a dmz zone. When you hit from the oustide you hit the
outside / public ip numbers. You are hitting the firewall box. Then
going in to the dmz zone. The firewall is setup to route the proper
ports back and f
I don't have time to post alot more info since I'm off of work on
friday. But going back and looking at my log. I thought of a question
a few months ago. But had not place to ask. We are behind a firewall
that is doing nat translation. I got the impression that when this
spam hits. It looks
I checked a few setting as explained. I have a stupid question and
also my results.
First of all it is not just comming from postini. It once in a while
wonders in from the outside. Not that I know how since all my mx
records points to postini. Just random junk I suspose.
The next thing i
Thanks for the help so far. I already posted my config file in the
very first post. However, I will repost it. Plus an additional log
file of the attack. Yes to me it seems like an open relay. As stated
before when I run tests they say closed relay. As for reading the
howto's. I have been t
It isn't just aol. It is any isp system that they seem to be spamming.
As I said a person connnects up. (not one of the email users). Just a
random ip number. Sometimes it is postini (we use postini), aol, etc,
etc. That sends one message in with mutiple reciepients. Then it sends
out like
First I hope I'm posting a reply back. I'll try to explain better.
Since I cannot find the log I need to post.
The spam comes from any place. Mostly just foreign IP numbers. Yea we
could block the ip numbers but they change. We also use postini and to
my surprise it even show up through the
I have two problems. I built a new postfix e-mail system that worked
great for about 1 year. Then I started getting spam that comes into
our system as one msg and is then routed out to mutiple e-mail
addresses like aol.com. I have since update my postfix config file to
block even more spam
44 matches
Mail list logo
