I rarely bounced email due to RBLs from someone I actually correspond
with. However I did bounce a message with the sender receiving this
message:
Sorry, we were unable to deliver your message to the following
address.
From the maillog:
Jul 7 16:35:21 example postfix/smtpd[27776]: NOQUEUE: rej
On Fri, 9 Jul 2021 08:38:30 +0200
Matus UHLAR - fantomas wrote:
> On 08.07.21 18:48, li...@lazygranch.com wrote:
> >I rarely bounced email due to RBLs from someone I actually correspond
> >with. However I did bounce a message with the sender receiving this
> >message:
&
On Wed, 3 Nov 2021 17:40:30 +0100
Matus UHLAR - fantomas wrote:
> >>03.11.21, 10:53 +0100, @lbutlr:
> >>
> >>> postfix/smtps/smtpd[5554] warning: AUTH command rate limit
> >>> exceeded: 4
> >>>
> >>> Where is this limit set? I looked through postconf -d | grep auth
> >>> looking for something
Most of my spam contains a gmail address to reply to the spammer. I
would like to discard email whose body contains a gmail address. Since
discarding mail could get ugly, I would hope someone on the list can
eyeball my plan.
I added
body_checks = pcre:/etc/postfix/body_checks
to main.cf. I made
6uae.58.1636114152575;
Fri, 05 Nov 2021 05:09:12 -0700 (PDT)
MIME-Version: 1.0
Reply-To: jm84450...@gmail.com
From: Abdulla Shahid
Date: Fri, 5 Nov 2021 05:08:57 -0700
Message-ID:
On Sat, 06 Nov 2021 10:54:48 -0500
Rob McGee wrote:
> On 2021-11-06 06:15, li...@lazygranch.com wrote:
> >
On Fri, 15 Apr 2022 11:06:35 +0200
Tinne11 wrote:
>
> > Am 15.04.2022 um 08:49 schrieb Fourhundred Thecat
> > <400the...@gmx.ch>:
> >
> > Are there any legitimate cases where "to:" might be missing?
>
>
> RFC 5322 says: "The only required header fields are the origination
> date field and
On Fri, 15 Apr 2022 11:06:35 +0200
Tinne11 wrote:
>
> > Am 15.04.2022 um 08:49 schrieb Fourhundred Thecat
> > <400the...@gmx.ch>:
> >
> > Are there any legitimate cases where "to:" might be missing?
>
>
> RFC 5322 says: "The only required header fields are the origination
> date field and
I'm trying to allow-list (formerly whitelist) a TLD. I have these lines
in my postfix main.cf:
check_client_access hash:/etc/postfix/client_checks,
check_sender_access hash:/etc/postfix/sender_checks,
check_client_access hash:/etc/postfix/rbl_override,
For the rbl_override file is siriusxm.
On Sat, 30 Apr 2022 01:11:05 -0400
Viktor Dukhovni wrote:
> On Sat, Apr 30, 2022 at 10:28:06AM +1000, raf wrote:
>
> > > .domain.tld
> > >
> > > Matches subdomains of domain.tld, but only when the
> > > string smtpd_access_maps is not listed in the Postfix
> > > parent_domain_matches_subdomai
Though not currently bouncing my maillog had this message (sanitized
because of Google):
NOQUEUE: reject: RCPT from avasout-peh-001.plus.net[212.159.14.17]: 554 5.7.1
Service unavailable; Client host [212.159.14.17] blocked using
zen.spamhaus.org; Error: open resolver;
https://www.spamhaus.org
On Wed, 4 May 2022 20:47:16 +0200
Arrigo Triulzi wrote:
> On 4 May 2022, at 20:40, li...@lazygranch.com wrote:
> >
> > Though not currently bouncing my maillog had this message
> > (sanitized because of Google):
> >
> > NOQUEUE: reject: RCPT from avaso
I have a spammer who uses all sorts of "from" addresses but the same
"reply" address. Any way to block this spammer in Postfix.
On Wed, 11 Dec 2019 21:56:48 -0500
Viktor Dukhovni wrote:
> > On Dec 11, 2019, at 9:38 PM, li...@lazygranch.com wrote:
> >
> > I have a spammer who uses all sorts of "from" addresses but the same
> > "reply" address. Any way to block this spamme
On Wed, 18 Dec 2019 13:10:50 -0500
Viktor Dukhovni wrote:
> [ I'm on the list, there's no need to Cc: me directly]
>
> On Wed, Dec 18, 2019 at 01:36:17AM -0800, li...@lazygranch.com wrote:
>
> > Viktor Dukhovni wrote:
> >
> > >
Some gmail gets through, some doesn't. Is there a time limit on the DNS
check? A google search finds several timers, but nothing specific to
DNS.
Log:
Feb 17 06:18:10 mydomain postfix/smtpd[2619]: connect from
unknown[209.85.219.177]
Feb 17 06:18:10 mydomain postfix/smtpd[2619]: Anonymous TLS co
Is there something I should be doing to mitigate this problem?
Oct 8 02:11:42 myserver postfix/smtpd[11630]: connect from
unknown[180.123.163.212]
Oct 8 02:11:43 myserver postfix/smtpd[11632]: connect from
unknown[180.123.163.212]
Oct 8 02:11:43 myserver postfix/smtpd[11632]: lost connection
My server bounced a message. Here is the server log (sanitized).
-
Nov 13 02:07:52 myserver postfix/smtpd[27706]: NOQUEUE: reject: RCPT
from sonic302-23.consmr.mail.gq1.yahoo.com[98.137.68.149]: 554 5.7.1
Service unavailable; Client host [98.137.68.149] blocked using
cbl
On Sat, 20 Mar 2021 21:28:31 -0400
Viktor Dukhovni wrote:
> On Sat, Mar 20, 2021 at 08:23:20PM -0400, Wietse Venema wrote:
> > David Mehler:
>
> > > I don't want to blanket disable reject_unknown_helo_hostname is
> > > there a way I can set a helo exception for this one host/sender?
> >
> >
I am getting a lot of these:
Apr 17 07:27:10 mydomain postfix/smtpd[21897]: connect from
mone183.secundiarourous.com[141.98.10.183]
Apr 17 07:27:11 mydomain postfix/smtpd[21897]: disconnect from
mone183.secundiarourous.com[141.98.10.183] ehlo=1 auth=0/1 quit=1 commands=2/3
Googling mone183.secu
On Sat, 17 Apr 2021 14:35:37 +0200
Benny Pedersen wrote:
> On 2021-04-17 09:58, li...@lazygranch.com wrote:
> > I am getting a lot of these:
> >
> > Apr 17 07:27:10 mydomain postfix/smtpd[21897]: connect from
> > mone183.secundiarourous.com[141.98.10.183]
> >
On Sat, 17 Apr 2021 17:03:51 -0400 (EDT)
Wietse Venema wrote:
> li...@lazygranch.com:
> > I do have "smtpd_sasl_auth_enable = yes" and I use port 587. Before
> > I comment out that line, here is the general area of my main.cf
> > dealing with sasl. I cut out my
On Sat, 17 Apr 2021 18:25:47 -0400 (EDT)
Wietse Venema wrote:
> li...@lazygranch.com:
> > > You should enable SASL auth in master.cf NOT main.cf, and ONLY for
> > > a service that needs SASL auth.
> > >
> > > Otherwise you're turning it on for the
On Sun, 18 Apr 2021 21:29:26 +1200
Nick Tait wrote:
> On 18/04/21 7:32 pm, li...@lazygranch.com wrote:
> > And so it goes. I suppose if this really bugs me I can block the
> > server in firewalld. I've yet to see it actually deliver mail. Or
> > complain to
On Wed, 13 Apr 2016 17:08:57 -0700
li...@lazygranch.com wrote:
> Yesterday's Google report had me passing. Could be related to adding
> the Google term to DNS.
>
Hold the presses here. It turns out my domain was spoofed in the
report that failed. The IP address used isn't m
These are the failing reports from DMARC set to quarantine. Most
failures are for SPF, which now I gather from the other post is due to
remailing. {Originally I thought the comment was about me using a
remailer.]
It looks like if you pass DKIM, most ESPs just pass on the message.
Since nobody I
I noticed I was running postfix 3.1.0. Freebsd has rev 3.1.1, so I
figured I would upgrade.
Fist up, I reviewed the page I used as a starting point for setting up
my mail server, namely
http://blog.iandreev.com/?p=1604
In the configuration for postfix, the SPF option is not selected.
Somewhere i
During the upgrade from postfix 3.1.0 to 3.1.1, the installation script
issued the following:
--
===> Creating users
Using existing user 'postfix'.
Note: the following files or directories still exist but are
no longer part of Postfix:
/us
The last time TLD blocking came up, the consensus of the hive was not
to block based on TLD. (You may recall .xyz being used by
Alphabet.) However lately I'm getting a ridiculous number of .stream
SPAM coming through. The RBLs are getting about half.
https://www.spamhaus.org/statistics/tlds/
I h
is off the
list.
On Tue, 20 Sep 2016 04:12:48 +0200
Benny Pedersen wrote:
> On 2016-09-20 04:08, li...@lazygranch.com wrote:
> > OK. Would I score it in SpamAssassin? If not, where? Point me in the
> > right direction and I assume Google will be my friend.
>
> make a tld list
On Fri, 30 Sep 2016 06:26:35 -0400
Postfix User wrote:
> Postfix-3.2-20160917 with FreeBSD-11.0 /64 bit
>
> Lately, I have been finding the following entries in the maillog:
>
> 13643:Sep 30 02:00:40 scorpio postfix/smtpd[83056]: warning: hostname
> ip-address-pool-xxx.fpt.vn does not resolve t
On Sat, 1 Oct 2016 10:59:02 +0100
Allen Coates wrote:
>
>
> On 01/10/16 10:37, Postfix User wrote:
> > On Fri, 30 Sep 2016 17:08:05 -0700, li...@lazygranch.com stated:
> >
> >> This will pull these hackers off your maillog.
> >> bzgrep -e auth=0/1 m
On Fri, 21 Oct 2016 22:56:45 +0200
Paul van der Vlis wrote:
> Hello Angelo and others,
>
> Op 21-10-16 om 22:24 schreef Fazzina, Angelo:
> > So what is SASL using in Postfix ?
> > Is Postfix calling SASL, which calls PAM, which calls LDAP, to
> > check the Password?
>
> Postfix is calling sasla
If you use the uceprotect RBL, note that they are involved in a
shakedown to solicit money to be removed from their list. Much like
spamrl, I'd suggest not using them since they have an obvious false
positive problem.
http://www.uceprotect.net/en/rblcheck.php?ipr=107.170.248.198
Their own system
Hopefully this isn't a duplicate message. I've been repairing the mail
system.
Just a FYI that if you update
boost-libs
with pkg under freeBSD, it loads postfix for some reason.
All my .db files were unreadable. I had to postmap and postalias them
to make them readable again.
I should have said
I no longer see TLS details in the header. I checked maillog and
TLS is being established.
---
From maillog:
Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS connection
established from nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2
with cipher ECDHE-RSA-AES128-GCM-SH
ond imap, there shouldn't be any lost mail issues.
On Wed, 9 Nov 2016 10:17:04 -0600
Noel Jones wrote:
> On 11/9/2016 9:32 AM, li...@lazygranch.com wrote:
> > I posted the entire header from claws. That is the receive header
> > since I sent the message from yahoo.
> >
bits)) (No client
certificate requested) by www.inplanesight.org (Postfix) with ESMTPS id
2E255EB20F for ; Tue, 8 Nov 2016 07:22:25 +
(UTC)
On Wed, 9 Nov 2016 09:03:12 -0800
"li...@lazygranch.com" wrote:
> "smtpd_tls_received_header = yes" is in the postconf. But I ap
This comes under the notion that if you don't ask, you don't learn.
I did some dovecot2 updates, so naturally I decided to test the mail
system. When I mail a message to myself, this is the TLS notification:
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
However I do recei
On Fri, 11 Nov 2016 09:54:48 -0500
"Bill Cole" wrote:
> On 11 Nov 2016, at 6:21, li...@lazygranch.com wrote:
>
> > So is this level of encryption something openssl sets up?
>
> Yes and no. The partners in an encrypted session negotiate the
> details of a
On Sat, 12 Nov 2016 15:29:54 -0500
"Bill Cole" wrote:
> On 11 Nov 2016, at 14:31, li...@lazygranch.com wrote:
>
> > On Fri, 11 Nov 2016 09:54:48 -0500
> > "Bill Cole" wrote:
>
> [big snip...]
>
> >> The bottom line (if you've mad
On Sun, 13 Nov 2016 01:43:17 -0500
"Bill Cole" wrote:
> If the NSA/GCHQ capturing all of your SMTP traffic and saving it for
> hypothetical future decryption is a realistic and significant
> scenario in your threat model, you should reconsider your use of
> email.
>
I'm in the USA and getting
Is this a hack or a server problem. IP was listed in abusedb about a
year ago.
Nov 16 09:14:36 theranch postfix/smtpd[6094]: connect from
unknown[87.236.215.11]
Nov 16 09:14:36 theranch postfix/smtpd[6094]: lost connection after AUTH from
unknown[87.236.215.11]
Nov 16 09:14:36 theranch postfix/
On Wed, 16 Nov 2016 11:52:14 +0200
Patrick Chemla wrote:
> Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit :
> > Is this a hack or a server problem. IP was listed in abusedb about a
> > year ago.
> >
> >
> > Nov 16 09:14:36 theranch postfix/smtp
On Wed, 16 Nov 2016 02:26:13 -0800
"li...@lazygranch.com" wrote:
> On Wed, 16 Nov 2016 11:52:14 +0200
> Patrick Chemla wrote:
>
> > Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit :
> > > Is this a hack or a server problem. IP was listed
On Thu, 20 Oct 2016 17:13:26 -0400
"Bill Cole" wrote:
> On 20 Oct 2016, at 16:39, Keith Williams wrote:
>
> > No wait... What?
> >
> > This is no attack. Attack is when you try to break or enforce..
> > This is a probe, and from the probe we can deduce from the reported
> > disconnect that 1. h
On Mon, 28 Nov 2016 09:01:41 -0500
btb wrote:
> On 2016.11.27 20.43, li...@lazygranch.com wrote:
> > I should have mentioned the mail system is on a VPS and I'm the only
> > user. And yes, trouble makers are on the Internet.
>
> well, this simplifies thin
On Thu, 2 Mar 2017 08:34:59 +0100
Patrick Ben Koetter wrote:
> * Poliman - Serwis :
> > Hi everyone. In mail.log file I have many lines like below:
> > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept
> > error from house.census.shodan.io[89.248.172.16]: -1 Mar 2
> > 06:53:30 vps
On Thu, 16 Mar 2017 11:29:56 -0500
Noel Jones wrote:
> On 3/16/2017 11:18 AM, Gilberto Nunes wrote:
> > Hello folks...
> >
> > I just need execute some command after receive a mail...
> >
> > I found this site:
> >
> > https://www.thecodingmachine.com/triggering-a-php-script-when-your-postfix
On Thu, 25 May 2017 03:02:39 -0400
Rick Leir wrote:
>
>
> On 2017-05-25 02:31 AM, Philip Paeps wrote:
> > On 2017-05-24 14:54:34 (+0200), Bastian Blank
> > wrote:
> >> On Wed, May 24, 2017 at 02:41:01AM -0700, li...@lazygranch.com
> >> wrote:
> &g
Take a look at your header file when using the VPN to email yourself. I
think what you want happens automatically.
Received: from [10.8.0.6] (unknown [MYIPADDRESS])
10.8.0.6 is the local IP space created by my VPN. But my IP address
also shows up, so hopefully a guru will chime in as to how this
http://researchscan288.eecs.umich.edu/
I never could find the research IP space and my email went unanswered.
I just blocked the whole university. Link has the IP space as listed
below:
141.212.121.0/24
141.212.122.0/24
On Thu, 7 Dec 2017 22:59:46 -0500
Viktor Dukhovni wrote:
> > On Dec 7, 2017, at 9:14 PM, li...@lazygranch.com wrote:
> >
> > http://researchscan288.eecs.umich.edu/
> > I never could find the research IP space and my email went
> > unanswered. I just blocked the who
I'm not at the point where I want to verify certs and reject mail,
because the mail must go through! However I would like at least
for postfix to request the cert. (Forgive my terminology here if I am
not phrasing this properly.) Basically I would just eyeball the header
and look at the cert reques
On Fri, 22 Dec 2017 09:52:13 +
Dominic Raferd wrote:
> On 22 December 2017 at 09:38, li...@lazygranch.com
> wrote:
>
> > ...
> > From main.cf (sanitized):
> >
> > # TLS
> > smtpd_use_tls = yes
&g
There are many "problem solving pages" on the interwebs that have wrong
information on setting up policyd-spf. The key to make sure you use
consistent names in both main.cf and master.cf. Yeah, I know, I'm
preaching to the choir, but hopefully the next person with a set up
problem finds this messag
e as daemons.
I'm new to Centos. I run opensuse on my desktop and had presently have
my VPS server on FreeBSD. Due to update issues, I decided to abandon
FreeBSD for Centos, since I'm more familiar with Linux than BSD these
days.
>
> On 2017-12-24 22:02, li...@lazygranch.com
On Wed, 27 Dec 2017 09:37:24 +
Dominic Raferd wrote:
> On 27 December 2017 at 07:22, Poliman - Serwis
> wrote:
> > I configured yesterday spf, dkim, dmarc for example.com. Today I
> > got report in xml on my mailbox. Attached. One from addresses has
> > dkim failed - marked in orange...
>
RTFMing, I see that both opendkim and python-policyd-spf have
whitelisting capabilities (especially python-policyd-spf). But for the
most part, my legitimate incoming email passes DKIM or SPF, but often
not both. What I would like to do is accept email that passes either
DKIM or SPF, but the milter
On Wed, 10 Jan 2018 21:59:26 -0500
"Kevin A. McGrail" wrote:
> On 1/10/2018 9:53 PM, li...@lazygranch.com wrote:
> > RTFMing, I see that both opendkim and python-policyd-spf have
> > whitelisting capabilities (especially python-policyd-spf). But for
> > the mo
On Sun, 21 Jan 2018 14:35:42 -0600
Noel Jones wrote:
> On 1/20/2018 11:56 PM, J Doe wrote:
> > Hi,
> >
> > I have a basic SMTP server set up with what I believe to be good
> > smtpd_*_ restrictions, but I was wondering if anyone could provide
> > any insight on how to improve them or if I have b
Replies in the middle of the email for clarity.
On Mon, 22 Jan 2018 17:18:42 -0500
"Bill Cole" wrote:
> On 21 Jan 2018, at 20:44 (-0500), li...@lazygranch.com wrote:
>
> > The reverse DNS can only point to one domain
> > name.
>
> Not so. Multiple PTR record
postfix/smtpd[14755]: warning: TLS library problem: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
Should I be blocking some encryption method? I thought openssl dropped
support for the hackable protocols.
I've installed the opendmarc milter. I'm not rejecting mail from it at
the moment. I've noticed that if I send myself a message, the
policyd-spf milter isn't run. That in turn causes mail I send myself to
fail in opendmarc. Any ideas?
The various email verifiers do show that my email passes spf.
On Tue, 30 Jan 2018 10:50:18 +
Dominic Raferd wrote:
> On 30 January 2018 at 10:11, li...@lazygranch.com
> wrote:
> > I've installed the opendmarc milter. I'm not rejecting mail from it
> > at the moment. I've noticed that if I send myself a message, the
On Wed, 31 Jan 2018 07:43:17 + (UTC)
Dominic Raferd wrote:
> On 31 January 2018 at 03:44, li...@lazygranch.com
> wrote:
> > On Tue, 30 Jan 2018 10:50:18 +
> > Dominic Raferd wrote:
> >
> >> On 30 January 2018 at 10:11, li...@lazygranch.com
> &g
On Tue, 06 Mar 2018 06:26:49 +
MRob wrote:
> On 2018-03-05 18:05, Bill Cole wrote:
> >> Would you mind sharing which RBLs you recommend to use in
> >> postscreen?
> >
> > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2
> > zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2
I'm getting hit every 10 minutes from this spammer. As you can see I am
rejecting the message. I wonder if the offending email server doesn't
know the message is being rejected?
Mar 13 23:28:58 centos-1gb-sfo1-01 postfix/smtpd[22153]: NOQUEUE:
reject: RCPT from unknown[113.247.6.67]: 450 4.7.1 Cl
On Tue, 13 Mar 2018 23:35:01 -0400
"Bill Cole" wrote:
> On 13 Mar 2018, at 22:51 (-0400), li...@lazygranch.com wrote:
>
> > I'm getting hit every 10 minutes from this spammer. As you can see
> > I am
> > rejecting the message. I wonder if the offending em
Just checking if I have things set up correctly. I'm returning a 554
code (rejected relay) yet the attempts keep coming.
Postfix avil is throttling the user, so I assume this isn't a problem.
As an FYI, checking MXTOOL blacklist on the offending IP, only
blocklist.de has them flagged at the mome
On Mon, 26 Mar 2018 18:35:19 -0400
Scott Kitterman wrote:
> On Monday, March 26, 2018 10:27:57 PM André Rodier wrote:
> > Hello all,
> >
> > Does anyone suffered performance loss when using clamav as a milter
> > for postfix?
> >
> > I would like to scan archives and emails with attachments. Is
I'm wondering if I have my rate limiting set up correctly. Note I have
that perl script that sniffs out dynamic IP addresses, so I am not sure
how this user is even getting concurrent connections.
From the main.cf:
smtpd_client_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
rej
On Thu, 7 Feb 2019 05:24:08 +0100
Francesc Peñalvez wrote:
> I asked the same and Vietse Venema answer this:
>
> Postfix 3.0 and later:
>
> /etc/postfix/main.cf:
> smtpd_sender_restrictions =
> permit_mynetworks
> permit_sasl_authenticated
> check_sender_acc
On Thu, 26 Sep 2019 10:46:27 +0200
Enrico Morelli wrote:
> On Thu, 26 Sep 2019 10:42:46 +0200
> Enrico Morelli wrote:
>
> > On Thu, 26 Sep 2019 16:37:14 +0800
> > Wesley Peng wrote:
> >
> > > on 2019/9/26 16:34, Enrico Morelli wrote:
> > > > I tried to put .monster or *.monster in sender
FWIW, this is what I have in my master.cf. I am on centos 7.
policyunix - n n - 0 spawn
user=nobody
argv=/usr/libexec/postfix/policyd-spf
/etc/python-policyd-spf/policyd-spf.conf
74 matches
Mail list logo
