On 8 Apr 2016, at 11:22, /dev/rob0 wrote:
EHLO outbound-42.compuserv.com
Yes, compuserv is gone, but it's a nice illustration of how the
string, "user", can appear in a legitimate EHLO.
Tangent: CompuServe was indeed bought by AOL via WorldCom and eventually
(just a few years ago... ) all th
On Fri, Apr 8, 2016, at 11:05 AM, /dev/rob0 wrote:
> /^User[^\.]*/i REJECT your message here
So it *is* true that that *starts* at the beginning of the line (and so the
"^U"). That makes it easier to not fubar it.
> A case-sensitive string that begins with "User" followed by zero or
> more
On Fri, Apr 08, 2016 at 08:55:13AM -0700,
jaso...@mail-central.com wrote:
> My focus atm is strictly and only on what I asked about ...
> crafting the right HELO match for those three examples.
/^User[^\.]*/i REJECT your message here
A case-sensitive string that begins with "User" followed
On Fri, Apr 8, 2016, at 08:22 AM, /dev/rob0 wrote:
...
> Rejected by your smtpd's reject_non_fqdn_helo_hostname restriction.
...
> Rejected by postscreen as a pre-banner talker.
...
> And that's the postscreen_dnsbl_threshold having been met. Also, a
> different non-FQDN EHLO string.
Yes, as I
On Fri, Apr 08, 2016 at 08:04:12AM -0700, jaso...@mail-central.com wrote:
> I want to add a helo_access block entry for literal matches of
> "User". Because "user" is uesd all over the place, I want to make
> sure I don't screw this up.
>
> Here ar
I want to add a helo_access block entry for literal matches of "User". Because
"user" is uesd all over the place, I want to make sure I don't screw this up.
Here are three instances that I'd like to match,
Jan 17 19:21:13 mail01 postfix/psint/smtpd[24295
aking
the time to explain the various
components.
Blocking the "localhost.localdomain" using "helo_access" the best way that I
could decipher has stopped the spam
may i ask why you that hypersensible to "localhost.localdomain"
while your own machine resolves that for 1
t; Thanks, Viktor. There is a lot I don't understand. I appreciate your taking
> the time to explain the various
> components.
>
> Blocking the "localhost.localdomain" using "helo_access" the best way that I
> could decipher has stopped the spam
may i ask w
aldomain" using "helo_access" the best way
that I could decipher has stopped the spam. I have thoroughly tested
and it appears that I'm not blocking anything locally... any legitimate
emails. So that was what I was looking for.
I appreciate the participation and will explore all the o
am messages that are coming from somewhere else are
originating from my machine and because of that, the messages were being
delivered to my users.
I have used helo_access to block the emails and now those messages are
not coming to my users. My use of helo_access might be crude, but it
works. I ask
On Wed, Feb 12, 2014 at 10:06:48AM -0500, L. D. James wrote:
> Thanks again for the input. When I post how I resolved the issue,
The only issue is that you have not understood how to read your
logs which log every message twice (because you're using a post-queue
content filter).
With content fi
r.
Thanks again for the input. When I post how I resolved the issue, I'll
also appreciate any assistance in fine tunning it. Again, the gist of
the problem is the the remote system is lying to the host server and my
question was how to handle that instant. Your current message (and
cause it's letting that message get thought.
No, that's not how the amavis openrelay warning works.
>
> The message had gotten though because the remote machine reported
> they were me. That is a lie. Avis did it's job and checked for
> spam, but is telling me that I
st saying
> they are me. It's a very common vulnerability of a standard postfix
> configuration of which there are facilities (i.e. the helo_access)
> routine to handle this vulnerability.
>
You seem to be under the mistaken impression that the above lines
show the HELO comman
es, making the
host appear to be an openrelay.
I'm glad to help you and the others understand what is happening. But
I'll mention that I have resolved this current issue and will be posting
the resolution after I have organized it well enough so that anyone else
with this problem
Am 12.02.2014 15:26, schrieb L. D. James:
> On 02/12/2014 09:01 AM, li...@rhsoft.net wrote:
>>
>> Am 12.02.2014 14:53, schrieb L. D. James:
>>> On 02/12/2014 08:02 AM, Wietse Venema wrote:
L. D. James:
> I have this in the log:
> -
> Feb 11
rom itself. The the client (which really is: *216.244.76.231* is
telling the the host hera5 that they are *127.0.0.1*). That is a lie.
I can block connections from "216.244.76.231", but when studying the
logs, the same spammers use different IP's. So there are lots of
similar
On Wed, Feb 12, 2014 at 02:21:04PM +, Viktor Dukhovni wrote:
> > 127.0.0.1 is YOUR MACHINE NOT A REMOTE CLIENT.
>
> Perhaps the OP's amavis is misconfigured to accept remote SMTP clients
> without access control:
>
> Feb 11 16:40:42 hera5 amavis[32622]: (32622-04) Passed CLEAN
> {Relayed
On Wed, Feb 12, 2014 at 09:12:14AM -0500, Wietse Venema wrote:
> 127.0.0.1 is YOUR MACHINE NOT A REMOTE CLIENT.
Perhaps the OP's amavis is misconfigured to accept remote SMTP clients
without access control:
Feb 11 16:40:42 hera5 amavis[32622]: (32622-04) Passed CLEAN
{RelayedOpenRelay}, [72.
L. D. James:
> Feb 11 21:42:41 hera5 postfix/smtpd[4802]: connect from
> localhost.localdomain[127.0.0.1]
Wietse:
> You need to look at the logging for connections from remote systems.
L. D. James:
> Hi, Wietse. Actually that isn't a connection from my content filter.
> That is a log of how th
Am 12.02.2014 14:53, schrieb L. D. James:
> On 02/12/2014 08:02 AM, Wietse Venema wrote:
>> L. D. James:
>>> I have this in the log:
>>> -
>>> Feb 11 21:42:41 hera5 postfix/smtpd[4802]: connect from
>>> localhost.localdomain[127.0.0.1]
>>> Feb 11 21:42:41 h
The
information (as per the topic header) is a lie. It's bogus
information. The remote system is lying to the request saying they are
me. It's a very common vulnerability of a standard postfix
configuration of which there are facilities (i.e. the helo_access)
routine to handle this vulnera
L. D. James:
> I have this in the log:
> -
> Feb 11 21:42:41 hera5 postfix/smtpd[4802]: connect from
> localhost.localdomain[127.0.0.1]
> Feb 11 21:42:41 hera5 postfix/smtpd[4802]: 05AAE155460:
> client=localhost.localdomain[127.0.0.1]
This is a connection
On 02/11/2014 05:39 PM, Wietse Venema wrote:
permit_mynetworks,
>check_helo_access hash:/etc/postfix/helo_access,
>permit
Thanks, Wietse.
I had white spaces. I had tried to have it exactly like the example in
the link I posted. I see I made a mistake in my post. But the main.cf
h
On 02/11/2014 06:05 PM, Noel Jones wrote:
On 2/11/2014 4:20 PM, L. D. James wrote:
Most of the spam getting in my system is stamped with
localhost.localdomain.
All the mail that passes through your amavisd-new mail filter passes
through localhost.localdomain. If you block localhost you won't
On 2/11/2014 4:20 PM, L. D. James wrote:
> Most of the spam getting in my system is stamped with
> localhost.localdomain.
>
All the mail that passes through your amavisd-new mail filter passes
through localhost.localdomain. If you block localhost you won't
receive any mail.
You need to trace a
L. D. James:
> main.cf:
> ?
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
> permit_mynetworks,
> check_helo_access hash:/etc/postfix/helo_access,
> permit
You need whitespace at the beginning of t
Most of the spam getting in my system is stamped with localhost.localdomain.
I have tried to use the helo_access file from a few sources. The ones I
tried either didn't work or made more of the spam messages get through.
One of the fixes I tried I got from:
http://www.postfi
On Wed, Feb 17, 2010 at 02:47:26PM +0100, Manu wrote:
> Another problem is that smtp.domaineok.com is a pool of computer (anti
> virus + anti spam relay).
> I've tried to change /etc/postfix/smtp.domaineok.com to
>
> .domaineok.com OK
>
> But it doesn't work.
>
> It's OK when i put
> smtp1.do
m: "Ralf Hildebrandt"
To:
Sent: Wednesday, February 17, 2010 2:49 PM
Subject: Re: helo_access
* Manu :
.domaineok.com OK
man 5 access says:
domain.tld
Matches domain.tld as the domain part of an email address.
The pattern domain.tld also matches subdomains, but only when t
* Manu :
> .domaineok.com OK
man 5 access says:
domain.tld
Matches domain.tld as the domain part of an email address.
The pattern domain.tld also matches subdomains, but only when the string
smtpd_access_maps is listed in the Postfix par‐
ent_domain_matches_subdomains configuration setting (
Hello
Thanks for all your reply
I've made this change :
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/smtp.domaineok.com
reject
/etc/postfix/smtp.domaineok.com contains:
smtp.domaineok.com OK
Another problem is that smtp.domaineok.com is a pool of computer (anti
ck_client_access" check.
>
> He was using it twice, once for helo, once for the client:
>
> smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access,
"OK" results in "helo_checks" are rather dubious, as the HELO name is
completely unverifi
_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access,
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 96
On Tue, Feb 16, 2010 at 10:46:31PM +0100, Ralf Hildebrandt wrote:
> > smtpd_recipient_restrictions =
> > permit_mynetworks,
> > check_client_access hash:/etc/postfix/helo_access,
> > permit_sasl_authenticated,
> > reject_unauth_destination,
&
* Manu :
> Hello
>
> I would like to accept mail from only one domain "smtp.domaineok.com"
>
> This is my main.cf
>
> smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access,
> reject_invalid_hostname,
> reject_unknown
Hello
I would like to accept mail from only one domain "smtp.domaineok.com"
This is my main.cf
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access,
reject_invalid_hostname,
reject_unknown_hostname,
reject_non_fqdn_hostname,
smtpd_recipient_re
mouss wrote:
[snip]
unknown_hostname_reject_code = 550
smtpd_helo_required = yes
smtpd_helo_restrictions =
reject_invalid_hostname
reject_non_fqdn_hostname
check_helo_access hash:/etc/postfix/helo_access
reject_unknown_hostname
In /etc/postfix/helo_access I
ostname_reject_code = 550
smtpd_helo_required = yes
smtpd_helo_restrictions =
reject_invalid_hostname
reject_non_fqdn_hostname
check_helo_access hash:/etc/postfix/helo_access
reject_unknown_hostname
In /etc/postfix/helo_access I will have:
mailhost.domain1.suffix OK
m
ands in main.cf.
The configuration I am considering is (main.cf extract of only relevant
section):
unknown_hostname_reject_code = 550
smtpd_helo_required = yes
smtpd_helo_restrictions =
reject_invalid_hostname
reject_non_fqdn_hostname
check_helo_access hash:/etc/post
40 matches
Mail list logo