On Sat, Oct 22, 2016 at 03:18:36PM +0900, Tomoyuki Murakami wrote:
> On Fri, 21 Oct 2016 22:15:32 +0200, Paul van der Vlis wrote:
> > Hello,
>
> > Some settings and logs:
> >
> > smtpd_relay_restrictions =
> > permit_mynetworks,
> > permit_sasl_authenticated,
> > check_sender_access hash:/et
Am 22. Oktober 2016 08:18:36 MESZ, schrieb Tomoyuki Murakami
:
>
>On Fri, 21 Oct 2016 22:15:32 +0200, Paul van der Vlis
> wrote:
>> Hello,
>
>> Some settings and logs:
>>
>> smtpd_relay_restrictions =
>> permit_mynetworks,
>> permit_sasl_authenticated,
>> check_sender_access hash:/etc/post
Op 22-10-16 om 01:31 schreef li...@lazygranch.com:
> Perhaps I'm being a bit anal here, and given my skill level (or lack
> thereof) I should stay of of this, but is this actually an open relay in
> the strict sense? Maybe that is a red herring. If they are using 587,
> that would be the master.cf
Op 22-10-16 om 01:46 schreef Wietse Venema:
> Paul van der Vlis:
>> Received: from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi [87.92.55.206])
>> (Authenticated sender: p...@puk.nl)
>> by mail.vandervlis.nl (Postfix) with ESMTPSA id 774B23E0285;
>> Fri, 21 Oct 2016 18:57:14
Op 22-10-16 om 08:18 schreef Tomoyuki Murakami:
>
> On Fri, 21 Oct 2016 22:15:32 +0200, Paul van der Vlis
> wrote:
>> Hello,
>
>> Some settings and logs:
>>
>> smtpd_relay_restrictions =
>> permit_mynetworks,
>> permit_sasl_authenticated,
>> check_sender_access hash:/etc/postfix/whitelist
Op 22-10-16 om 04:32 schreef Bill Cole:
> On 21 Oct 2016, at 16:15, Paul van der Vlis wrote:
>>
>> Received: from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi
>> [87.92.55.206])
>> (Authenticated sender: p...@puk.nl)
>> by mail.vandervlis.nl (Postfix) with ESMTPSA id 774B23E028
Bill Cole:
> > Received: from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi
> > [87.92.55.206])
> > (Authenticated sender: p...@puk.nl)
> > by mail.vandervlis.nl (Postfix) with ESMTPSA id 774B23E0285;
> > Fri, 21 Oct 2016 18:57:14 +0200 (CEST)
> >
> > As would my server
Looks like either 1) an exclusion mechanism or 2) a selection
mechanism would do the job.
1) Nullifies the smtpd_milters setting depending on the client.
2) Chooses the smtpd_milters setting depending on the client.
I'll think about it.
Wietse
On Sat, Oct 22, 2016 at 09:33:35AM +0200, Geert Stappers wrote:
> On Sat, Oct 22, 2016 at 03:18:36PM +0900, Tomoyuki Murakami wrote:
> > On Fri, 21 Oct 2016 22:15:32 +0200, Paul van der Vlis wrote:
> > > smtpd_relay_restrictions =
This is a strange choice for spam controls. It's intended (as a ne
Op 22-10-16 om 13:41 schreef Wietse Venema:
> Bill Cole:
>>> Received: from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi
>>> [87.92.55.206])
>>> (Authenticated sender: p...@puk.nl)
>>> by mail.vandervlis.nl (Postfix) with ESMTPSA id 774B23E0285;
>>> Fri, 21 Oct 2016 18:57:14
On Sat, Oct 22, 2016 at 04:15:41PM +0200, Paul van der Vlis wrote:
> Op 22-10-16 om 13:41 schreef Wietse Venema:
> > Bill Cole:
> >>> Received: from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi
> >>> [87.92.55.206])
> >>> (Authenticated sender: p...@puk.nl)
> >>> by mail.vandervlis.n
--On October 22, 2016 at 12:16:33 PM +0200 Paul van der Vlis
wrote:
Op 22-10-16 om 04:32 schreef Bill Cole:
On 21 Oct 2016, at 16:15, Paul van der Vlis wrote:
Received: from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi
[87.92.55.206])
(Authenticated sender: p...@puk.nl)
On Sat, Oct 22, 2016 at 04:15:41PM +0200, Paul van der Vlis wrote:
> Op 22-10-16 om 13:41 schreef Wietse Venema:
> > Bill Cole:
> >>> Received: from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi
> >>> [87.92.55.206])
> >>> (Authenticated sender: p...@puk.nl)
> >>> by mail.vandervlis.
Or even better: Accept the mail, but toss it away. Eg use, DISCARD instead.
-Ursprungligt meddelande-
Från: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] För Paul Schmehl
Skickat: den 22 oktober 2016 18:20
Till: Paul van der Vlis ; postfix-users@postfix.org
Ämne:
On Sat, Oct 22, 2016 at 11:19:36AM -0500, Paul Schmehl wrote:
> --On October 22, 2016 at 12:16:33 PM +0200 Paul van der Vlis
> wrote:
> >Op 22-10-16 om 04:32 schreef Bill Cole:
> >>/127\.0\.0\.1/REJECT you are not me
> >
> >Thanks, a great idea to have standard in most cases.
>
> I would
On Sat, Oct 22, 2016 at 06:23:30PM +0200, Sebastian Nielsen wrote:
> Or even better: Accept the mail, but toss it away. Eg use, DISCARD
> instead.
Oh, ugh, definitely not. This is terrible advice.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Yeah, in this situation it might be a bad idea as the problem is not really
HELO 127.0.0.1, but rather that a account is compromised.
I would rather limit the relay so authorized accounts can only be used from
authorized IP adresses, like the local branch.
-Ursprungligt meddelande-
Från: o
--On October 22, 2016 at 11:27:56 AM -0500 "/dev/rob0"
wrote:
On Sat, Oct 22, 2016 at 11:19:36AM -0500, Paul Schmehl wrote:
--On October 22, 2016 at 12:16:33 PM +0200 Paul van der Vlis
wrote:
> Op 22-10-16 om 04:32 schreef Bill Cole:
>>/127\.0\.0\.1/REJECT you are not me
>
> Thanks,
Op 22-10-16 om 18:23 schreef /dev/rob0:
> On Sat, Oct 22, 2016 at 04:15:41PM +0200, Paul van der Vlis wrote:
>> Is the conclusion now, that Postfix is relaying here?
>
> The only actual conclusion is that you have failed to put forth the
> necessary information, as Bill [I think] pointed you to
On 22 Oct 2016, at 8:54, /dev/rob0 wrote:
Should "closing 'permit' lines" be removed from live
configurations?
Of course not. That is how it works. If not specified as the OP did
it, the ending value of any restriction stage is "permit". If not,
mail would not be accepted at all.
Not exac
paul, check if there are messages still in queue.
i had a comprimized account also and same as you it didnt stop. it did after
clearing up the queue list.
the user in question has used its email and pass om a website which was
omprimized, at least thats what i think.
i my case i allow my
On 22 Oct 2016, at 12:19, Paul Schmehl wrote:
I would make one suggestion. I would reject the attempt silently. No
sense in tipping off the spammer to what he needs to do to work around
it. Just use REJECT with no explanation.
That's a nice hypothesis but it doesn't seem to play out in real
--On October 22, 2016 at 1:51:12 PM -0400 Bill Cole
wrote:
On 22 Oct 2016, at 12:19, Paul Schmehl wrote:
I would make one suggestion. I would reject the attempt silently. No
sense in tipping off the spammer to what he needs to do to work around
it. Just use REJECT with no explanation.
Th
On 22/10/16 17:27, /dev/rob0 wrote:
> On Sat, Oct 22, 2016 at 11:19:36AM -0500, Paul Schmehl wrote:
>> --On October 22, 2016 at 12:16:33 PM +0200 Paul van der Vlis
>> wrote:
>>> Op 22-10-16 om 04:32 schreef Bill Cole:
/127\.0\.0\.1/REJECT you are not me
>>> Thanks, a great idea to hav
On 10/22/2016 1:30 PM, Paul Schmehl wrote:
> He's clearly doing something very clever that is not the usual brute
> force cram-it-down-your-throat spam run.
No evidence has been presented that this is anything other than the
usual leaked-credentials account hijacking. Any confusion is due to
a l
On 22 Oct 2016, at 12:39, Paul Schmehl wrote:
I wonder how you explain, over the past two decades, how spammers keep
adjusting their tactics to get around the defenses that are put up to
foil them.
This isn't demonstrably true, although it can look that way. The tactics
that actually work to
On 22 Oct 2016, at 14:30, Paul Schmehl wrote:
--On October 22, 2016 at 1:51:12 PM -0400 Bill Cole
wrote:
On 22 Oct 2016, at 12:19, Paul Schmehl wrote:
I would make one suggestion. I would reject the attempt silently.
No
sense in tipping off the spammer to what he needs to do to work
aro
Op 22-10-16 om 18:23 schreef /dev/rob0:
> On Sat, Oct 22, 2016 at 04:15:41PM +0200, Paul van der Vlis wrote:
> The only actual conclusion is that you have failed to put forth the
> necessary information, as Bill [I think] pointed you to the
> http://www.postfix.org/DEBUG_README.html#mail link.
Op 22-10-16 om 21:12 schreef Noel Jones:
> On 10/22/2016 1:30 PM, Paul Schmehl wrote:
>
>> He's clearly doing something very clever that is not the usual brute
>> force cram-it-down-your-throat spam run.
>
> No evidence has been presented that this is anything other than the
> usual leaked-creden
On 10/22/2016 5:36 PM, Paul van der Vlis wrote:
> The "Authenticated sender" does not excist as a user account. It is an
> correct e-mail address, but not an user account with what you can
> authenticate.
And yet that's the username postfix provides to the backend. The
only mystery here is why th
Op 22-10-16 om 19:49 schreef L.P.H. van Belle:
> paul, check if there are messages still in queue.
I've cleaned the queue every minute using crontab, removing the mail
from that specific recipient.
> i had a comprimized account also and same as you it didnt stop. it did
> after clearing up the q
Wietse Venema:
> Looks like either 1) an exclusion mechanism or 2) a selection
> mechanism would do the job.
>
> 1) Nullifies the smtpd_milters setting depending on the client.
>
> 2) Chooses the smtpd_milters setting depending on the client.
>
> I'll think about it.
I've implemented the second
On 22 Oct 2016, at 18:50, Noel Jones wrote:
On 10/22/2016 5:36 PM, Paul van der Vlis wrote:
The "Authenticated sender" does not excist as a user account. It is
an
correct e-mail address, but not an user account with what you can
authenticate.
And yet that's the username postfix provides to t
Bill Cole:
> What does Postfix show in the Received header if authentication is
> attempted and fails but the sender keeps going and is is not rejected by
> a later restriction?
There is no username unless the user was logged in.
/* RFC 4954 Section 6. */
smtpd_chat_reply(state, "235 2.
Why? If it smells bad, toss it in the garbage. We work on this basis.
We are thinking about the idea of approved senders, anybody the we send to
is automatically add to an approved sender database. If you want to send to
us send an email to the PM, if you are approved you get added to the list.
35 matches
Mail list logo
