DevHeads.net

Postings by Phil Stracchino

Heads up for Gentoo users: mail-mta/postfix-3.3.1-r1 has permissions problems

For anyone using Postfix on Gentoo, be aware that
mail-mta/postfix-3.3.1-r1 installs with many incorrect file permissions
that result in impaired functionality (specifically, postdrop won't
work). You may want to consider rolling back to 3.2.4 until the ebuild
is fixed. If you want to just fix the permissions, you'll need to do it
manually, because 'postfix set-permissions' isn't working correctly in
3.3.1-r1 either.

(See Gentoo bug #665280)

SPF + outside backup MX relay = redelivery failures: Help requested

I am running Postfix with opendkim, rspamd, pypolicyd-spf, and DMARC.
This is working fine for mail delivered directly to my domain. However,
if my net connection goes down and mail gets queued by my backup MX at
another domain (which I do not control), then when my connection comes
back up and the MX relay attempts to redeliver all the queued mail,
delivery fails due to SPF failures like this one, because the sender's
domain has not authorized my mail relay to send mail on its behalf.

Fail2ban integration questions

This is semi-hypothetical ...

I often see spews of failed connect attempts logged by postscreen:

Sep 12 11:13:09 minbar postfix/postscreen[9238]: CONNECT from
[70.39.115.203]:54708 to [10.24.32.15]:25
Sep 12 11:13:09 minbar postfix/postscreen[9238]: PREGREET 14 after 0.12
from [70.39.115.203]:54708: EHLO ylmf-pc\r\n
Sep 12 11:13:10 minbar postfix/postscreen[9238]: HANGUP after 0.24 from
[70.39.115.203]:54708 in tests after SMTP handshake
Sep 12 11:13:10 minbar postfix/postscreen[9238]: DISCONNECT
[70.39.115.203]:54708
Sep 12 11:13:10 minbar postfix/postscreen[9238]: CONNECT from
[70.39.115.2

This ought to be simple to stop. Am I missing something?

I'm getting spam leaking through from sites with non-resolving IP or
invalid DNS, sending mail to myself as me.

DSpam and Postfix

I use DSpam with Postfix, and it works well ... except that some time
back, redelivery of false positives stopped working.

Multiple PREPENDs

Let's suppose I have the following directives in
/etc/postfix/header-checks. (Because I do.)

/^X-Clacks-Overhead:/ IGNORE
/^Content-Transfer-Encoding:/i PREPEND X-Clacks-Overhead: GNU Terry
Pratchett

(If this header doesn't mean anything to you, it's a Discworld thing.
"A man is not dead while his name is still spoken.")

Now suppose I wanted to do the same for a second writer. Adding:

/^Content-Transfer-Encoding:/i PREPEND X-Clacks-Overhead: GNU Iain M. Banks

does not work. Is it simply that I cannot prepend a second header by
the same name? Or is the second PREPEND not firing?