Re: Continuous quick connects / disconnects from some servers

On 04.03.22 09:18, Nikolaos Milas wrote: I sometimes find abnormal continuous connects/disconnects which delay normal mail deliveries. Here is an example: Mar  3 10:06:42 vmail2 postfix/smtpd[22733]: connect from unknown[45.148.10.243] Mar  3 10:06:43 vmail2 postfix/smtpd[22733]: lost connecti

Re: Continuous quick connects / disconnects from some servers

On 4/3/2022 10:22 π.μ., Matus UHLAR - fantomas wrote: ... Other solution would of course be disabling SMTP connections from the world. ... Thank you Matus for all your advice. Regarding blocking port 25 from the world, couldn't it cause issues when communicating to other SMTP servers since

postfix 3.7.0 port 25 listening stops at some point (after max a few days), no error messages

I have upgraded my postfix 3.6 to postfix 3.7.0 as well as having upgraded my macOS on which postfix runs from 10.4 (Mojave) to 12 (Monterey) I have the following problem. postfix is running as expected, but at some point it becomes inoperable on port 25 listening for incoming connections. Using

Re: postfix 3.7.0 port 25 listening stops at some point (after max a few days), no error messages

Gerben Wierda: > I have the following problem. postfix is running as expected, but > at some point it becomes inoperable on port 25 listening for > incoming connections. Using a telnet connection to port 25 just > gives no reply and times out. Possibilities: - Something is blocking the TCP/IP han

Trying to understand this DNSBL blocking issue

From main.cf: postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11] postscreen_dnsbl_action = drop I am trying to understand the behaviour from the log. The first is this one: Feb 27 06:02:19 mail postfix/postscreen[46928]: CONNECT from [113.197.35.193]:49976 to [192.168.2.66]:25 Feb 27 06:

Re: Trying to understand this DNSBL blocking issue

On Fri, Mar 04, 2022 at 06:58:33PM +0100, Gerben Wierda wrote: > Feb 27 06:02:19 mail postfix/dnsblog[46930]: addr 113.197.35.193 listed by > domain zen.spamhaus.org as 127.255.255.254 > The 254 response means: the query comes form an open resolver so we’re not > going to reply properly. The mail

Re: Continuous quick connects / disconnects from some servers

On 2022-03-04 at 03:55:54 UTC-0500 (Fri, 4 Mar 2022 10:55:54 +0200) Nikolaos Milas is rumored to have said: > On 4/3/2022 10:22 π.μ., Matus UHLAR - fantomas wrote: >> ... >> Other solution would of course be disabling SMTP connections from the world. >> ... > > Thank you Matus for all your advice

Re: Trying to understand this DNSBL blocking issue

On 3/4/2022 11:58 AM, Gerben Wierda wrote: Feb 27 06:02:19 mail postfix/dnsblog[46930]: addr 113.197.35.193 listed by domain zen.spamhaus.org as *127.255.255.254* This query was made on 27 Feb via a public DNS nameserver that is blocked by spamhaus. Mar 04 18:4

Re: postfix 3.7.0 port 25 listening stops at some point (after max a few days), no error messages

On 2022-03-04 at 06:20:27 UTC-0500 (Fri, 4 Mar 2022 12:20:27 +0100) Gerben Wierda is rumored to have said: > I have upgraded my postfix 3.6 to postfix 3.7.0 as well as having upgraded my > macOS on which postfix runs from 10.4 (Mojave) to 12 (Monterey) Mojave is/was 10.14, not 10.4 (Tiger.) Th

Re: Setting Up Header Checks

For some reason I can’t make Milter-regex install on ubuntu? The “make” command gives me an error when I try to run it. Does it have to run on a BSD based server? > On Feb 26, 2022, at 3:37 PM, Wietse Venema wrote: > > nt to make tests indpendent of

Re: Continuous quick connects / disconnects from some servers

On 4/3/2022 8:55 μ.μ., Bill Cole wrote: ... Right now, vmail2.noa.gr has no MX record and the IPv4 address for it (which is what would be used without any MX) is not accepting connections on port 25, so I'm not 100% sure how that relates to this, i.e. it looks like you're already dropping port

Re: Continuous quick connects / disconnects from some servers

On 2022-03-04 at 15:02:28 UTC-0500 (Fri, 4 Mar 2022 22:02:28 +0200) Nikolaos Milas is rumored to have said: > With regard to disabling AUTH on port 25 only - we need to let AUTH available > on submission port (587) - what exactly should I do? Would it be enough to > remove "permit_sasl_authenti

Re: Continuous quick connects / disconnects from some servers

> With regard to disabling AUTH on port 25 only - we need to let AUTH available > on submission port (587) > what exactly should I do? Would it be enough to remove > "permit_sasl_authenticated" from "smtpd_client_restrictions" in main.cf? main.cf: smtpd_sasl_auth_enable = no master.cf: s

Re: Setting Up Header Checks

Austin Witmer: > For some reason I can't make Milter-regex install on ubuntu? The > "make" command gives me an error when I try to run it. Does it > have to run on a BSD based server? Did you try apt-get? Wietse

Re: Setting Up Header Checks

Dnia 4.03.2022 o godz. 16:46:53 Wietse Venema pisze: > Austin Witmer: > > For some reason I can't make Milter-regex install on ubuntu? The > > "make" command gives me an error when I try to run it. Does it > > have to run on a BSD based server? > > Did you try apt-get? milter-regex is not in th

Re: Setting Up Header Checks

On 3/4/22 4:46 PM, Wietse Venema wrote: Austin Witmer: For some reason I can't make Milter-regex install on ubuntu? The "make" command gives me an error when I try to run it. Does it have to run on a BSD based server? Did you try apt-get? Wietse sigh. https://packages.ubuntu.com/

Re: header_checks and regexes

Hi, > > I believe there's a dot missing in the first one, as in '.(386' but > > it's more than that, because I experimented with that too. > > No, it would have to be: \.(386|...) > otherwise '.' just matches any character. Your RE pattern is sloppy > in places, ... correct REs take some care.

Re: Setting Up Header Checks

See my question below. > On Mar 4, 2022, at 3:08 PM, PGNet Dev wrote: > > On 3/4/22 4:46 PM, Wietse Venema wrote: >> Austin Witmer: >>> For some reason I can't make Milter-regex install on ubuntu? The >>> "make" command gives me an error when I try to run it. Does it >>> have to run on a BSD bas

Re: Setting Up Header Checks

What do I need to modify in the Makefile.linux file for my Ubuntu system? short answer: to whatever YOUR system, and your interests, need i don't use ubuntu, so can't help you specifically i strongly suggest you look at the defaults, and modify path accordingly for your ubu sys; if you're buil

Re: Trying to understand this DNSBL blocking issue

On 4 Mar 2022, at 19:13, Bastian Blank wrote: > > On Fri, Mar 04, 2022 at 06:58:33PM +0100, Gerben Wierda wrote: >> Feb 27 06:02:19 mail postfix/dnsblog[46930]: addr 113.197.35.193 listed by >> domain zen.spamhaus.org as 127.255.255.254 >> The 254 response means: the query comes form an open re

Re: Trying to understand this DNSBL blocking issue

I am already running my own unbound resolver. Van I configure my unbound in such a way that it forwards everything to 9.9.9.9 (which is my setting so I can use its blocking) except DNS queries for spamhaus.org ? If not, I need some way to tell postfix to use another resolv

Re: Setting Up Header Checks

To be honest, this is the first install from source that I’ve attempted. I’m a total noob at this, so if someone wishes to help me out further with getting milter-regex installed on Ubuntu, I wouldn’t mind. Maybe I will end up trying one of the other options that were suggested . . . Thanks for

Re: postfix 3.7.0 port 25 listening stops at some point (after max a few days), no error messages\

Gerben Wierda: > > > On 4 Mar 2022, at 20:04, Bill Cole > > wrote: > > > > On 2022-03-04 at 06:20:27 UTC-0500 (Fri, 4 Mar 2022 12:20:27 +0100) > > Gerben Wierda > > is rumored to have said: > > > >> I have upgraded my postfix 3.6 to postfix 3.7.0 as well as > >> having upgraded my macOS on wh

Re: postfix 3.7.0 port 25 listening stops at some point (after max a few days), no error messages\

MacOS 12 (Monterey) is the latest version. The security is pretty tight. Mac is not a good machine for Postfix any more. On 3/4/22 22:00, Wietse Venema wrote: Gerben Wierda: On 4 Mar 2022, at 20:04, Bill Cole wrote: On 2022-03-04 at 06:20:27 UTC-0500 (Fri, 4 Mar 2022 12:20:27 +0100) Gerben

Re: Trying to understand this DNSBL blocking issue

I think you configure unbound with another forward-zone: name: “zen.spamhaus.org” and then don’t list any forwarding addresses. That should turn off forwarding for that zone. A forum for your OS or for unbound will probably give an authoritative answer — Noel Jones > On Mar 4, 2022, at 7:3

Re: Trying to understand this DNSBL blocking issue

> On 4 Mar 2022, at 11:01 pm, Noel Jones wrote: > > think you configure unbound with another forward-zone: name: > “zen.spamhaus.org” and then don’t list any forwarding addresses. That should > turn off forwarding for that zone. > > A forum for your OS or for unbound will probably give an aut