On Wed, 4 May 2022 20:47:16 +0200
Arrigo Triulzi wrote:
> On 4 May 2022, at 20:40, li...@lazygranch.com wrote:
> >
> > Though not currently bouncing my maillog had this message
> > (sanitized because of Google):
> >
> > NOQUEUE: reject: RCPT from avaso
Though not currently bouncing my maillog had this message (sanitized
because of Google):
NOQUEUE: reject: RCPT from avasout-peh-001.plus.net[212.159.14.17]: 554 5.7.1
Service unavailable; Client host [212.159.14.17] blocked using
zen.spamhaus.org; Error: open resolver;
https://www.spamhaus.org
On Sat, 30 Apr 2022 01:11:05 -0400
Viktor Dukhovni wrote:
> On Sat, Apr 30, 2022 at 10:28:06AM +1000, raf wrote:
>
> > > .domain.tld
> > >
> > > Matches subdomains of domain.tld, but only when the
> > > string smtpd_access_maps is not listed in the Postfix
> > > parent_domain_matches_subdomai
I'm trying to allow-list (formerly whitelist) a TLD. I have these lines
in my postfix main.cf:
check_client_access hash:/etc/postfix/client_checks,
check_sender_access hash:/etc/postfix/sender_checks,
check_client_access hash:/etc/postfix/rbl_override,
For the rbl_override file is siriusxm.
On Fri, 15 Apr 2022 11:06:35 +0200
Tinne11 wrote:
>
> > Am 15.04.2022 um 08:49 schrieb Fourhundred Thecat
> > <400the...@gmx.ch>:
> >
> > Are there any legitimate cases where "to:" might be missing?
>
>
> RFC 5322 says: "The only required header fields are the origination
> date field and
On Fri, 15 Apr 2022 11:06:35 +0200
Tinne11 wrote:
>
> > Am 15.04.2022 um 08:49 schrieb Fourhundred Thecat
> > <400the...@gmx.ch>:
> >
> > Are there any legitimate cases where "to:" might be missing?
>
>
> RFC 5322 says: "The only required header fields are the origination
> date field and
6uae.58.1636114152575;
Fri, 05 Nov 2021 05:09:12 -0700 (PDT)
MIME-Version: 1.0
Reply-To: jm84450...@gmail.com
From: Abdulla Shahid
Date: Fri, 5 Nov 2021 05:08:57 -0700
Message-ID:
On Sat, 06 Nov 2021 10:54:48 -0500
Rob McGee wrote:
> On 2021-11-06 06:15, li...@lazygranch.com wrote:
> >
Most of my spam contains a gmail address to reply to the spammer. I
would like to discard email whose body contains a gmail address. Since
discarding mail could get ugly, I would hope someone on the list can
eyeball my plan.
I added
body_checks = pcre:/etc/postfix/body_checks
to main.cf. I made
On Wed, 3 Nov 2021 17:40:30 +0100
Matus UHLAR - fantomas wrote:
> >>03.11.21, 10:53 +0100, @lbutlr:
> >>
> >>> postfix/smtps/smtpd[5554] warning: AUTH command rate limit
> >>> exceeded: 4
> >>>
> >>> Where is this limit set? I looked through postconf -d | grep auth
> >>> looking for something
On Fri, 9 Jul 2021 08:38:30 +0200
Matus UHLAR - fantomas wrote:
> On 08.07.21 18:48, li...@lazygranch.com wrote:
> >I rarely bounced email due to RBLs from someone I actually correspond
> >with. However I did bounce a message with the sender receiving this
> >message:
&
I rarely bounced email due to RBLs from someone I actually correspond
with. However I did bounce a message with the sender receiving this
message:
Sorry, we were unable to deliver your message to the following
address.
From the maillog:
Jul 7 16:35:21 example postfix/smtpd[27776]: NOQUEUE: rej
On Sun, 18 Apr 2021 21:29:26 +1200
Nick Tait wrote:
> On 18/04/21 7:32 pm, li...@lazygranch.com wrote:
> > And so it goes. I suppose if this really bugs me I can block the
> > server in firewalld. I've yet to see it actually deliver mail. Or
> > complain to
On Sat, 17 Apr 2021 18:25:47 -0400 (EDT)
Wietse Venema wrote:
> li...@lazygranch.com:
> > > You should enable SASL auth in master.cf NOT main.cf, and ONLY for
> > > a service that needs SASL auth.
> > >
> > > Otherwise you're turning it on for the
On Sat, 17 Apr 2021 17:03:51 -0400 (EDT)
Wietse Venema wrote:
> li...@lazygranch.com:
> > I do have "smtpd_sasl_auth_enable = yes" and I use port 587. Before
> > I comment out that line, here is the general area of my main.cf
> > dealing with sasl. I cut out my
On Sat, 17 Apr 2021 14:35:37 +0200
Benny Pedersen wrote:
> On 2021-04-17 09:58, li...@lazygranch.com wrote:
> > I am getting a lot of these:
> >
> > Apr 17 07:27:10 mydomain postfix/smtpd[21897]: connect from
> > mone183.secundiarourous.com[141.98.10.183]
> >
I am getting a lot of these:
Apr 17 07:27:10 mydomain postfix/smtpd[21897]: connect from
mone183.secundiarourous.com[141.98.10.183]
Apr 17 07:27:11 mydomain postfix/smtpd[21897]: disconnect from
mone183.secundiarourous.com[141.98.10.183] ehlo=1 auth=0/1 quit=1 commands=2/3
Googling mone183.secu
On Sat, 20 Mar 2021 21:28:31 -0400
Viktor Dukhovni wrote:
> On Sat, Mar 20, 2021 at 08:23:20PM -0400, Wietse Venema wrote:
> > David Mehler:
>
> > > I don't want to blanket disable reject_unknown_helo_hostname is
> > > there a way I can set a helo exception for this one host/sender?
> >
> >
My server bounced a message. Here is the server log (sanitized).
-
Nov 13 02:07:52 myserver postfix/smtpd[27706]: NOQUEUE: reject: RCPT
from sonic302-23.consmr.mail.gq1.yahoo.com[98.137.68.149]: 554 5.7.1
Service unavailable; Client host [98.137.68.149] blocked using
cbl
Is there something I should be doing to mitigate this problem?
Oct 8 02:11:42 myserver postfix/smtpd[11630]: connect from
unknown[180.123.163.212]
Oct 8 02:11:43 myserver postfix/smtpd[11632]: connect from
unknown[180.123.163.212]
Oct 8 02:11:43 myserver postfix/smtpd[11632]: lost connection
Some gmail gets through, some doesn't. Is there a time limit on the DNS
check? A google search finds several timers, but nothing specific to
DNS.
Log:
Feb 17 06:18:10 mydomain postfix/smtpd[2619]: connect from
unknown[209.85.219.177]
Feb 17 06:18:10 mydomain postfix/smtpd[2619]: Anonymous TLS co
On Wed, 18 Dec 2019 13:10:50 -0500
Viktor Dukhovni wrote:
> [ I'm on the list, there's no need to Cc: me directly]
>
> On Wed, Dec 18, 2019 at 01:36:17AM -0800, li...@lazygranch.com wrote:
>
> > Viktor Dukhovni wrote:
> >
> > >
On Wed, 11 Dec 2019 21:56:48 -0500
Viktor Dukhovni wrote:
> > On Dec 11, 2019, at 9:38 PM, li...@lazygranch.com wrote:
> >
> > I have a spammer who uses all sorts of "from" addresses but the same
> > "reply" address. Any way to block this spamme
I have a spammer who uses all sorts of "from" addresses but the same
"reply" address. Any way to block this spammer in Postfix.
FWIW, this is what I have in my master.cf. I am on centos 7.
policyunix - n n - 0 spawn
user=nobody
argv=/usr/libexec/postfix/policyd-spf
/etc/python-policyd-spf/policyd-spf.conf
On Thu, 26 Sep 2019 10:46:27 +0200
Enrico Morelli wrote:
> On Thu, 26 Sep 2019 10:42:46 +0200
> Enrico Morelli wrote:
>
> > On Thu, 26 Sep 2019 16:37:14 +0800
> > Wesley Peng wrote:
> >
> > > on 2019/9/26 16:34, Enrico Morelli wrote:
> > > > I tried to put .monster or *.monster in sender
On Thu, 7 Feb 2019 05:24:08 +0100
Francesc Peñalvez wrote:
> I asked the same and Vietse Venema answer this:
>
> Postfix 3.0 and later:
>
> /etc/postfix/main.cf:
> smtpd_sender_restrictions =
> permit_mynetworks
> permit_sasl_authenticated
> check_sender_acc
I'm wondering if I have my rate limiting set up correctly. Note I have
that perl script that sniffs out dynamic IP addresses, so I am not sure
how this user is even getting concurrent connections.
From the main.cf:
smtpd_client_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
rej
On Mon, 26 Mar 2018 18:35:19 -0400
Scott Kitterman wrote:
> On Monday, March 26, 2018 10:27:57 PM André Rodier wrote:
> > Hello all,
> >
> > Does anyone suffered performance loss when using clamav as a milter
> > for postfix?
> >
> > I would like to scan archives and emails with attachments. Is
Just checking if I have things set up correctly. I'm returning a 554
code (rejected relay) yet the attempts keep coming.
Postfix avil is throttling the user, so I assume this isn't a problem.
As an FYI, checking MXTOOL blacklist on the offending IP, only
blocklist.de has them flagged at the mome
On Tue, 13 Mar 2018 23:35:01 -0400
"Bill Cole" wrote:
> On 13 Mar 2018, at 22:51 (-0400), li...@lazygranch.com wrote:
>
> > I'm getting hit every 10 minutes from this spammer. As you can see
> > I am
> > rejecting the message. I wonder if the offending em
I'm getting hit every 10 minutes from this spammer. As you can see I am
rejecting the message. I wonder if the offending email server doesn't
know the message is being rejected?
Mar 13 23:28:58 centos-1gb-sfo1-01 postfix/smtpd[22153]: NOQUEUE:
reject: RCPT from unknown[113.247.6.67]: 450 4.7.1 Cl
On Tue, 06 Mar 2018 06:26:49 +
MRob wrote:
> On 2018-03-05 18:05, Bill Cole wrote:
> >> Would you mind sharing which RBLs you recommend to use in
> >> postscreen?
> >
> > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2
> > zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2
On Wed, 31 Jan 2018 07:43:17 + (UTC)
Dominic Raferd wrote:
> On 31 January 2018 at 03:44, li...@lazygranch.com
> wrote:
> > On Tue, 30 Jan 2018 10:50:18 +
> > Dominic Raferd wrote:
> >
> >> On 30 January 2018 at 10:11, li...@lazygranch.com
> &g
On Tue, 30 Jan 2018 10:50:18 +
Dominic Raferd wrote:
> On 30 January 2018 at 10:11, li...@lazygranch.com
> wrote:
> > I've installed the opendmarc milter. I'm not rejecting mail from it
> > at the moment. I've noticed that if I send myself a message, the
I've installed the opendmarc milter. I'm not rejecting mail from it at
the moment. I've noticed that if I send myself a message, the
policyd-spf milter isn't run. That in turn causes mail I send myself to
fail in opendmarc. Any ideas?
The various email verifiers do show that my email passes spf.
postfix/smtpd[14755]: warning: TLS library problem: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
Should I be blocking some encryption method? I thought openssl dropped
support for the hackable protocols.
Replies in the middle of the email for clarity.
On Mon, 22 Jan 2018 17:18:42 -0500
"Bill Cole" wrote:
> On 21 Jan 2018, at 20:44 (-0500), li...@lazygranch.com wrote:
>
> > The reverse DNS can only point to one domain
> > name.
>
> Not so. Multiple PTR record
On Sun, 21 Jan 2018 14:35:42 -0600
Noel Jones wrote:
> On 1/20/2018 11:56 PM, J Doe wrote:
> > Hi,
> >
> > I have a basic SMTP server set up with what I believe to be good
> > smtpd_*_ restrictions, but I was wondering if anyone could provide
> > any insight on how to improve them or if I have b
On Wed, 10 Jan 2018 21:59:26 -0500
"Kevin A. McGrail" wrote:
> On 1/10/2018 9:53 PM, li...@lazygranch.com wrote:
> > RTFMing, I see that both opendkim and python-policyd-spf have
> > whitelisting capabilities (especially python-policyd-spf). But for
> > the mo
RTFMing, I see that both opendkim and python-policyd-spf have
whitelisting capabilities (especially python-policyd-spf). But for the
most part, my legitimate incoming email passes DKIM or SPF, but often
not both. What I would like to do is accept email that passes either
DKIM or SPF, but the milter
On Wed, 27 Dec 2017 09:37:24 +
Dominic Raferd wrote:
> On 27 December 2017 at 07:22, Poliman - Serwis
> wrote:
> > I configured yesterday spf, dkim, dmarc for example.com. Today I
> > got report in xml on my mailbox. Attached. One from addresses has
> > dkim failed - marked in orange...
>
e as daemons.
I'm new to Centos. I run opensuse on my desktop and had presently have
my VPS server on FreeBSD. Due to update issues, I decided to abandon
FreeBSD for Centos, since I'm more familiar with Linux than BSD these
days.
>
> On 2017-12-24 22:02, li...@lazygranch.com
There are many "problem solving pages" on the interwebs that have wrong
information on setting up policyd-spf. The key to make sure you use
consistent names in both main.cf and master.cf. Yeah, I know, I'm
preaching to the choir, but hopefully the next person with a set up
problem finds this messag
On Fri, 22 Dec 2017 09:52:13 +
Dominic Raferd wrote:
> On 22 December 2017 at 09:38, li...@lazygranch.com
> wrote:
>
> > ...
> > From main.cf (sanitized):
> >
> > # TLS
> > smtpd_use_tls = yes
&g
I'm not at the point where I want to verify certs and reject mail,
because the mail must go through! However I would like at least
for postfix to request the cert. (Forgive my terminology here if I am
not phrasing this properly.) Basically I would just eyeball the header
and look at the cert reques
On Thu, 7 Dec 2017 22:59:46 -0500
Viktor Dukhovni wrote:
> > On Dec 7, 2017, at 9:14 PM, li...@lazygranch.com wrote:
> >
> > http://researchscan288.eecs.umich.edu/
> > I never could find the research IP space and my email went
> > unanswered. I just blocked the who
http://researchscan288.eecs.umich.edu/
I never could find the research IP space and my email went unanswered.
I just blocked the whole university. Link has the IP space as listed
below:
141.212.121.0/24
141.212.122.0/24
Take a look at your header file when using the VPN to email yourself. I
think what you want happens automatically.
Received: from [10.8.0.6] (unknown [MYIPADDRESS])
10.8.0.6 is the local IP space created by my VPN. But my IP address
also shows up, so hopefully a guru will chime in as to how this
On Thu, 25 May 2017 03:02:39 -0400
Rick Leir wrote:
>
>
> On 2017-05-25 02:31 AM, Philip Paeps wrote:
> > On 2017-05-24 14:54:34 (+0200), Bastian Blank
> > wrote:
> >> On Wed, May 24, 2017 at 02:41:01AM -0700, li...@lazygranch.com
> >> wrote:
> &g
On Thu, 16 Mar 2017 11:29:56 -0500
Noel Jones wrote:
> On 3/16/2017 11:18 AM, Gilberto Nunes wrote:
> > Hello folks...
> >
> > I just need execute some command after receive a mail...
> >
> > I found this site:
> >
> > https://www.thecodingmachine.com/triggering-a-php-script-when-your-postfix
On Thu, 2 Mar 2017 08:34:59 +0100
Patrick Ben Koetter wrote:
> * Poliman - Serwis :
> > Hi everyone. In mail.log file I have many lines like below:
> > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept
> > error from house.census.shodan.io[89.248.172.16]: -1 Mar 2
> > 06:53:30 vps
On Mon, 28 Nov 2016 09:01:41 -0500
btb wrote:
> On 2016.11.27 20.43, li...@lazygranch.com wrote:
> > I should have mentioned the mail system is on a VPS and I'm the only
> > user. And yes, trouble makers are on the Internet.
>
> well, this simplifies thin
On Thu, 20 Oct 2016 17:13:26 -0400
"Bill Cole" wrote:
> On 20 Oct 2016, at 16:39, Keith Williams wrote:
>
> > No wait... What?
> >
> > This is no attack. Attack is when you try to break or enforce..
> > This is a probe, and from the probe we can deduce from the reported
> > disconnect that 1. h
On Wed, 16 Nov 2016 02:26:13 -0800
"li...@lazygranch.com" wrote:
> On Wed, 16 Nov 2016 11:52:14 +0200
> Patrick Chemla wrote:
>
> > Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit :
> > > Is this a hack or a server problem. IP was listed
On Wed, 16 Nov 2016 11:52:14 +0200
Patrick Chemla wrote:
> Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit :
> > Is this a hack or a server problem. IP was listed in abusedb about a
> > year ago.
> >
> >
> > Nov 16 09:14:36 theranch postfix/smtp
Is this a hack or a server problem. IP was listed in abusedb about a
year ago.
Nov 16 09:14:36 theranch postfix/smtpd[6094]: connect from
unknown[87.236.215.11]
Nov 16 09:14:36 theranch postfix/smtpd[6094]: lost connection after AUTH from
unknown[87.236.215.11]
Nov 16 09:14:36 theranch postfix/
On Sun, 13 Nov 2016 01:43:17 -0500
"Bill Cole" wrote:
> If the NSA/GCHQ capturing all of your SMTP traffic and saving it for
> hypothetical future decryption is a realistic and significant
> scenario in your threat model, you should reconsider your use of
> email.
>
I'm in the USA and getting
On Sat, 12 Nov 2016 15:29:54 -0500
"Bill Cole" wrote:
> On 11 Nov 2016, at 14:31, li...@lazygranch.com wrote:
>
> > On Fri, 11 Nov 2016 09:54:48 -0500
> > "Bill Cole" wrote:
>
> [big snip...]
>
> >> The bottom line (if you've mad
On Fri, 11 Nov 2016 09:54:48 -0500
"Bill Cole" wrote:
> On 11 Nov 2016, at 6:21, li...@lazygranch.com wrote:
>
> > So is this level of encryption something openssl sets up?
>
> Yes and no. The partners in an encrypted session negotiate the
> details of a
This comes under the notion that if you don't ask, you don't learn.
I did some dovecot2 updates, so naturally I decided to test the mail
system. When I mail a message to myself, this is the TLS notification:
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
However I do recei
bits)) (No client
certificate requested) by www.inplanesight.org (Postfix) with ESMTPS id
2E255EB20F for ; Tue, 8 Nov 2016 07:22:25 +
(UTC)
On Wed, 9 Nov 2016 09:03:12 -0800
"li...@lazygranch.com" wrote:
> "smtpd_tls_received_header = yes" is in the postconf. But I ap
ond imap, there shouldn't be any lost mail issues.
On Wed, 9 Nov 2016 10:17:04 -0600
Noel Jones wrote:
> On 11/9/2016 9:32 AM, li...@lazygranch.com wrote:
> > I posted the entire header from claws. That is the receive header
> > since I sent the message from yahoo.
> >
I no longer see TLS details in the header. I checked maillog and
TLS is being established.
---
From maillog:
Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection
established from nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2
with cipher ECDHE-RSA-AES128-GCM-SH
Hopefully this isn't a duplicate message. I've been repairing the mail
system.
Just a FYI that if you update
boost-libs
with pkg under freeBSD, it loads postfix for some reason.
All my .db files were unreadable. I had to postmap and postalias them
to make them readable again.
I should have said
If you use the uceprotect RBL, note that they are involved in a
shakedown to solicit money to be removed from their list. Much like
spamrl, I'd suggest not using them since they have an obvious false
positive problem.
http://www.uceprotect.net/en/rblcheck.php?ipr=107.170.248.198
Their own system
On Fri, 21 Oct 2016 22:56:45 +0200
Paul van der Vlis wrote:
> Hello Angelo and others,
>
> Op 21-10-16 om 22:24 schreef Fazzina, Angelo:
> > So what is SASL using in Postfix ?
> > Is Postfix calling SASL, which calls PAM, which calls LDAP, to
> > check the Password?
>
> Postfix is calling sasla
On Sat, 1 Oct 2016 10:59:02 +0100
Allen Coates wrote:
>
>
> On 01/10/16 10:37, Postfix User wrote:
> > On Fri, 30 Sep 2016 17:08:05 -0700, li...@lazygranch.com stated:
> >
> >> This will pull these hackers off your maillog.
> >> bzgrep -e auth=0/1 m
On Fri, 30 Sep 2016 06:26:35 -0400
Postfix User wrote:
> Postfix-3.2-20160917 with FreeBSD-11.0 /64 bit
>
> Lately, I have been finding the following entries in the maillog:
>
> 13643:Sep 30 02:00:40 scorpio postfix/smtpd[83056]: warning: hostname
> ip-address-pool-xxx.fpt.vn does not resolve t
is off the
list.
On Tue, 20 Sep 2016 04:12:48 +0200
Benny Pedersen wrote:
> On 2016-09-20 04:08, li...@lazygranch.com wrote:
> > OK. Would I score it in SpamAssassin? If not, where? Point me in the
> > right direction and I assume Google will be my friend.
>
> make a tld list
The last time TLD blocking came up, the consensus of the hive was not
to block based on TLD. (You may recall .xyz being used by
Alphabet.) However lately I'm getting a ridiculous number of .stream
SPAM coming through. The RBLs are getting about half.
https://www.spamhaus.org/statistics/tlds/
I h
During the upgrade from postfix 3.1.0 to 3.1.1, the installation script
issued the following:
--
===> Creating users
Using existing user 'postfix'.
Note: the following files or directories still exist but are
no longer part of Postfix:
/us
I noticed I was running postfix 3.1.0. Freebsd has rev 3.1.1, so I
figured I would upgrade.
Fist up, I reviewed the page I used as a starting point for setting up
my mail server, namely
http://blog.iandreev.com/?p=1604
In the configuration for postfix, the SPF option is not selected.
Somewhere i
These are the failing reports from DMARC set to quarantine. Most
failures are for SPF, which now I gather from the other post is due to
remailing. {Originally I thought the comment was about me using a
remailer.]
It looks like if you pass DKIM, most ESPs just pass on the message.
Since nobody I
On Wed, 13 Apr 2016 17:08:57 -0700
li...@lazygranch.com wrote:
> Yesterday's Google report had me passing. Could be related to adding
> the Google term to DNS.
>
Hold the presses here. It turns out my domain was spoofed in the
report that failed. The IP address used isn't m
74 matches
Mail list logo
