Re: Improving / fixing my helo_access restriction matches?

2016-04-10 Thread Bill Cole
On 8 Apr 2016, at 11:22, /dev/rob0 wrote: EHLO outbound-42.compuserv.com Yes, compuserv is gone, but it's a nice illustration of how the string, "user", can appear in a legitimate EHLO. Tangent: CompuServe was indeed bought by AOL via WorldCom and eventually (just a few years ago... ) all th

Re: Improving / fixing my helo_access restriction matches?

2016-04-08 Thread jasonsu
On Fri, Apr 8, 2016, at 11:05 AM, /dev/rob0 wrote: > /^User[^\.]*/i REJECT your message here So it *is* true that that *starts* at the beginning of the line (and so the "^U"). That makes it easier to not fubar it. > A case-sensitive string that begins with "User" followed by zero or > more

Re: Improving / fixing my helo_access restriction matches?

2016-04-08 Thread /dev/rob0
On Fri, Apr 08, 2016 at 08:55:13AM -0700, jaso...@mail-central.com wrote: > My focus atm is strictly and only on what I asked about ... > crafting the right HELO match for those three examples. /^User[^\.]*/i REJECT your message here A case-sensitive string that begins with "User" followed

Re: Improving / fixing my helo_access restriction matches?

2016-04-08 Thread jasonsu
On Fri, Apr 8, 2016, at 08:22 AM, /dev/rob0 wrote: ... > Rejected by your smtpd's reject_non_fqdn_helo_hostname restriction. ... > Rejected by postscreen as a pre-banner talker. ... > And that's the postscreen_dnsbl_threshold having been met. Also, a > different non-FQDN EHLO string. Yes, as I

Re: Improving / fixing my helo_access restriction matches?

2016-04-08 Thread /dev/rob0
On Fri, Apr 08, 2016 at 08:04:12AM -0700, jaso...@mail-central.com wrote: > I want to add a helo_access block entry for literal matches of > "User". Because "user" is uesd all over the place, I want to make > sure I don't screw this up. > > Here ar

Improving / fixing my helo_access restriction matches?

2016-04-08 Thread jasonsu
I want to add a helo_access block entry for literal matches of "User". Because "user" is uesd all over the place, I want to make sure I don't screw this up. Here are three instances that I'd like to match, Jan 17 19:21:13 mail01 postfix/psint/smtpd[24295

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread L. D. James
aking the time to explain the various components. Blocking the "localhost.localdomain" using "helo_access" the best way that I could decipher has stopped the spam may i ask why you that hypersensible to "localhost.localdomain" while your own machine resolves that for 1

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread li...@rhsoft.net
t; Thanks, Viktor. There is a lot I don't understand. I appreciate your taking > the time to explain the various > components. > > Blocking the "localhost.localdomain" using "helo_access" the best way that I > could decipher has stopped the spam may i ask w

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread L. D. James
aldomain" using "helo_access" the best way that I could decipher has stopped the spam. I have thoroughly tested and it appears that I'm not blocking anything locally... any legitimate emails. So that was what I was looking for. I appreciate the participation and will explore all the o

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread L. D. James
am messages that are coming from somewhere else are originating from my machine and because of that, the messages were being delivered to my users. I have used helo_access to block the emails and now those messages are not coming to my users. My use of helo_access might be crude, but it works. I ask

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread Viktor Dukhovni
On Wed, Feb 12, 2014 at 10:06:48AM -0500, L. D. James wrote: > Thanks again for the input. When I post how I resolved the issue, The only issue is that you have not understood how to read your logs which log every message twice (because you're using a post-queue content filter). With content fi

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread L. D. James
r. Thanks again for the input. When I post how I resolved the issue, I'll also appreciate any assistance in fine tunning it. Again, the gist of the problem is the the remote system is lying to the host server and my question was how to handle that instant. Your current message (and

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread Noel Jones
cause it's letting that message get thought. No, that's not how the amavis openrelay warning works. > > The message had gotten though because the remote machine reported > they were me. That is a lie. Avis did it's job and checked for > spam, but is telling me that I

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread Noel Jones
st saying > they are me. It's a very common vulnerability of a standard postfix > configuration of which there are facilities (i.e. the helo_access) > routine to handle this vulnerability. > You seem to be under the mistaken impression that the above lines show the HELO comman

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread L. D. James
es, making the host appear to be an openrelay. I'm glad to help you and the others understand what is happening. But I'll mention that I have resolved this current issue and will be posting the resolution after I have organized it well enough so that anyone else with this problem

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread li...@rhsoft.net
Am 12.02.2014 15:26, schrieb L. D. James: > On 02/12/2014 09:01 AM, li...@rhsoft.net wrote: >> >> Am 12.02.2014 14:53, schrieb L. D. James: >>> On 02/12/2014 08:02 AM, Wietse Venema wrote: L. D. James: > I have this in the log: > - > Feb 11

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread L. D. James
rom itself. The the client (which really is: *216.244.76.231* is telling the the host hera5 that they are *127.0.0.1*). That is a lie. I can block connections from "216.244.76.231", but when studying the logs, the same spammers use different IP's. So there are lots of similar

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread Viktor Dukhovni
On Wed, Feb 12, 2014 at 02:21:04PM +, Viktor Dukhovni wrote: > > 127.0.0.1 is YOUR MACHINE NOT A REMOTE CLIENT. > > Perhaps the OP's amavis is misconfigured to accept remote SMTP clients > without access control: > > Feb 11 16:40:42 hera5 amavis[32622]: (32622-04) Passed CLEAN > {Relayed

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread Viktor Dukhovni
On Wed, Feb 12, 2014 at 09:12:14AM -0500, Wietse Venema wrote: > 127.0.0.1 is YOUR MACHINE NOT A REMOTE CLIENT. Perhaps the OP's amavis is misconfigured to accept remote SMTP clients without access control: Feb 11 16:40:42 hera5 amavis[32622]: (32622-04) Passed CLEAN {RelayedOpenRelay}, [72.

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread Wietse Venema
L. D. James: > Feb 11 21:42:41 hera5 postfix/smtpd[4802]: connect from > localhost.localdomain[127.0.0.1] Wietse: > You need to look at the logging for connections from remote systems. L. D. James: > Hi, Wietse. Actually that isn't a connection from my content filter. > That is a log of how th

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread li...@rhsoft.net
Am 12.02.2014 14:53, schrieb L. D. James: > On 02/12/2014 08:02 AM, Wietse Venema wrote: >> L. D. James: >>> I have this in the log: >>> - >>> Feb 11 21:42:41 hera5 postfix/smtpd[4802]: connect from >>> localhost.localdomain[127.0.0.1] >>> Feb 11 21:42:41 h

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread L. D. James
The information (as per the topic header) is a lie. It's bogus information. The remote system is lying to the request saying they are me. It's a very common vulnerability of a standard postfix configuration of which there are facilities (i.e. the helo_access) routine to handle this vulnera

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-12 Thread Wietse Venema
L. D. James: > I have this in the log: > - > Feb 11 21:42:41 hera5 postfix/smtpd[4802]: connect from > localhost.localdomain[127.0.0.1] > Feb 11 21:42:41 hera5 postfix/smtpd[4802]: 05AAE155460: > client=localhost.localdomain[127.0.0.1] This is a connection

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-11 Thread L. D. James
On 02/11/2014 05:39 PM, Wietse Venema wrote: permit_mynetworks, >check_helo_access hash:/etc/postfix/helo_access, >permit Thanks, Wietse. I had white spaces. I had tried to have it exactly like the example in the link I posted. I see I made a mistake in my post. But the main.cf h

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-11 Thread L. D. James
On 02/11/2014 06:05 PM, Noel Jones wrote: On 2/11/2014 4:20 PM, L. D. James wrote: Most of the spam getting in my system is stamped with localhost.localdomain. All the mail that passes through your amavisd-new mail filter passes through localhost.localdomain. If you block localhost you won't

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-11 Thread Noel Jones
On 2/11/2014 4:20 PM, L. D. James wrote: > Most of the spam getting in my system is stamped with > localhost.localdomain. > All the mail that passes through your amavisd-new mail filter passes through localhost.localdomain. If you block localhost you won't receive any mail. You need to trace a

Re: How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-11 Thread Wietse Venema
L. D. James: > main.cf: > ? > smtpd_delay_reject = yes > smtpd_helo_required = yes > smtpd_helo_restrictions = > permit_mynetworks, > check_helo_access hash:/etc/postfix/helo_access, > permit You need whitespace at the beginning of t

How to block bogus localhost.localdomain/127.0.0.1 (helo_access)

2014-02-11 Thread L. D. James
Most of the spam getting in my system is stamped with localhost.localdomain. I have tried to use the helo_access file from a few sources. The ones I tried either didn't work or made more of the spam messages get through. One of the fixes I tried I got from: http://www.postfi

Re: helo_access

2010-02-17 Thread Victor Duchovni
On Wed, Feb 17, 2010 at 02:47:26PM +0100, Manu wrote: > Another problem is that smtp.domaineok.com is a pool of computer (anti > virus + anti spam relay). > I've tried to change /etc/postfix/smtp.domaineok.com to > > .domaineok.com OK > > But it doesn't work. > > It's OK when i put > smtp1.do

Re: helo_access

2010-02-17 Thread Manu
m: "Ralf Hildebrandt" To: Sent: Wednesday, February 17, 2010 2:49 PM Subject: Re: helo_access * Manu : .domaineok.com OK man 5 access says: domain.tld Matches domain.tld as the domain part of an email address. The pattern domain.tld also matches subdomains, but only when t

Re: helo_access

2010-02-17 Thread Ralf Hildebrandt
* Manu : > .domaineok.com OK man 5 access says: domain.tld Matches domain.tld as the domain part of an email address. The pattern domain.tld also matches subdomains, but only when the string smtpd_access_maps is listed in the Postfix par‐ ent_domain_matches_subdomains configuration setting (

Re: helo_access

2010-02-17 Thread Manu
Hello Thanks for all your reply I've made this change : smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/smtp.domaineok.com reject /etc/postfix/smtp.domaineok.com contains: smtp.domaineok.com OK Another problem is that smtp.domaineok.com is a pool of computer (anti

Re: helo_access

2010-02-16 Thread Victor Duchovni
ck_client_access" check. > > He was using it twice, once for helo, once for the client: > > smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, "OK" results in "helo_checks" are rather dubious, as the HELO name is completely unverifi

Re: helo_access

2010-02-16 Thread Ralf Hildebrandt
_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 96

Re: helo_access

2010-02-16 Thread Victor Duchovni
On Tue, Feb 16, 2010 at 10:46:31PM +0100, Ralf Hildebrandt wrote: > > smtpd_recipient_restrictions = > > permit_mynetworks, > > check_client_access hash:/etc/postfix/helo_access, > > permit_sasl_authenticated, > > reject_unauth_destination, &

Re: helo_access

2010-02-16 Thread Ralf Hildebrandt
* Manu : > Hello > > I would like to accept mail from only one domain "smtp.domaineok.com" > > This is my main.cf > > smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, > reject_invalid_hostname, > reject_unknown

helo_access

2010-02-16 Thread Manu
Hello I would like to accept mail from only one domain "smtp.domaineok.com" This is my main.cf smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, reject_invalid_hostname, reject_unknown_hostname, reject_non_fqdn_hostname, smtpd_recipient_re

Re: Postfix white listing with helo_access

2008-10-07 Thread mouss
mouss wrote: [snip] unknown_hostname_reject_code = 550 smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_hostname reject_non_fqdn_hostname check_helo_access hash:/etc/postfix/helo_access reject_unknown_hostname In /etc/postfix/helo_access I

Re: Postfix white listing with helo_access

2008-10-07 Thread mouss
ostname_reject_code = 550 smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_hostname reject_non_fqdn_hostname check_helo_access hash:/etc/postfix/helo_access reject_unknown_hostname In /etc/postfix/helo_access I will have: mailhost.domain1.suffix OK m

Postfix white listing with helo_access

2008-10-07 Thread Pat Grogan
ands in main.cf. The configuration I am considering is (main.cf extract of only relevant section): unknown_hostname_reject_code = 550 smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_hostname reject_non_fqdn_hostname check_helo_access hash:/etc/post