DevHeads.net

Postings by Voytek Eymont

ot: 554 No SMTP service here

dumb question:

if I get 'connection closed' as below, does that confirm problem is at
remote end, not my Postfix ?

is there any other diags I can run from my end ?

Postfix works well, but, can not send to one particular server

from my Postfix server, I get telnet failure as so:

# telnet 115.70.161.114 25
Trying 115.70.161.114...
Connected to 115.70.161.114.
Escape character is '^]'.
554 No SMTP service here.
Connection closed by foreign host.

from a Win box on another network I get though

ot: 554 No SMTP service here

struck a problem sending to a particular server, get 554
everything else works fine, server unaltered since setup a while back

how can I troubleshoot this ?

Mar 3 06:36:56 emu postfix/smtp[25322]: 02D124C5D9:
to=< ... at rosscosmetics dot com.au>,
relay=rosstul1.rosscosmetics.com.au[115.70.161.114]:25, delay=17227,
delays=17227/0.01/0.06/0, dsn=4.0.0, status=deferred (host
rosstul1.rosscosmetics.com.au[115.70.161.114] refused to talk to me: 554
No SMTP service here.)

# telnet 115.70.161.114 25
Trying 115.70.161.114...
Connected to 115.70.161.114.
Escape character is '^]'.
554 No SMTP service here.

ot: troubleshhoting MX issue (?)

I'm unable to send an email to "a. ... at surfacetreatment dot be", getting
"domain not found".

it seems to me they're misconfigured and, don't have MX set correctly?

or am i misinterpreting this, mxtoolbox find MX ?

fwiw, web surfacetreatment.be redirects to surfacetreatment.nl

thanks for help, explanation and any pointers

Mar 1 08:58:53 emu postfix/smtpd[22849]: NOQUEUE: reject: RCPT from
localhost[127.0.0.1]: 450 4.1.2 <a. ... at surfacetreatment dot be>: Recipient
address rejected: Domain not found; from=< ... at sbt dot net.au>
to=<a. ... at surfacetreatment dot be> proto=ESMTP helo=<sbt.net.au>

# dig -t MX su

whitelisting to correct rbl false positives

just noticed some email sent from gmail/google bouncing from my server as
sorbs RBL had that server/host listed;

Nov 17 12:56:47 emu postfix/smtpd[16381]: NOQUEUE: reject: RCPT from
mail-ua0-f170.google.com[209.85.217.170]: 554 5.7.1 Service unavailable;
Client host [209.85.217.170] blocked using dnsbl.sorbs.net; Currently
Sending Spam See: <a href="http://www.sorbs.net/lookup.shtml?209.85.217.170;" title="http://www.sorbs.net/lookup.shtml?209.85.217.170;">http://www.sorbs.net/lookup.shtml?209.85.217.170;</a>
from=< ... at tld dot au> to=< ... at xyz dot au> proto=ESMTP
helo=<mail-ua0-f170.google.com>

what is correct way to whiltelist gmail/google

I have like this in main.cf[1]

so I should enter gmail into /etc/postfix/

incoming queue question: 'not found'

I monitor Postfix queue with Cacti, normally see warning on deffered
queue, charts in red, sends treshold warning, when there is some issues

today, first time ever saw that, I see incoming queue in Cacti growing, up
to 14/16, (charts blue) never observed that before...?

mailq gives nothing, pfqueue has like(1);

how to better asses what's going on?

Queue: 'incoming', 7 messages, 0 tagged, unsorted
ATCSB
ID From To
E29D64CBC2 *Not found* *Not found*
1B8654CBC1 *Not found* *Not fou

ot: exempting black listed domain for a user?

I have a user who can not receive emails as his correspondent's domain is currently on multiple rbls.

As an interim measure, should I look at temporarily allowing this domain?

Or, is that a bad idea, shouldn't consider such temp workarounds?

domain in question:

Checking ckchaiseree.com which resolves to119.59.120.56 against 107 known blacklists... 
Listed 7 times. 

Blacklist Reason 
LISTED CBL
119.59.120.56 was listed 
LISTED ivmSIP
119.59.120.56 was listed 
 LISTED ivmSIP24
119.59.120.56 was listed  
LISTED Protected Sky
119.59.120.56 was listed 
LIS

ot: poor repution work arounds? standby smtp?

I have a small Postfix/Dovecot virtual server, low usage
every so often a user account get compromised and spam sent (like couple
of days ago), now I'm seeing 5 or 6 emails 'stuck' in the queue with like:

(host mail2.abcdef.com[217.xx.xx.xx] refused to talk to me:
554-mail1.abcdef.com 554 Your access to this mail system has been rejected
due to the sending MTA's poor reputation.

ot: pre emptive throttling/limiting ?

I have a small server with several domains, always worry some dumb users'
account will get hacked and start spamming (including this dumb user,
like, my own forgotten test account got hacked....)

is it a good idea to put some limits or throttling 'just in case' ?

Postfix 2.11, average server usage is like:
Per-Day Traffic Summary

mime header and header pcre Q

I was updating file type definitions in my header checks when I noticed I
have header checks as well as mime header checks :

/etc/postfix/main.cf

header_checks = pcre:/etc/postfix/header_checks.pcre
mime_header_checks = pcre:$config_directory/mime_headers.pcre

header_checks has (now updated) "/^Content-(Disposition|Type)...." AND
lots of old rules from Jim Seymor's page and securitysage page and stuff
from the ml;

mime_header_checks has just "/^Content-(Disposition|Type)...." AND nothing
else

do I need both ?
do I need "/^Content-(Disposition|Type)...." in both checks ?

thanks for any po

header .com check false positive

I've struck a false positive problem rejecting email,
should reject on file extension '.com', but, rejected on a domain name as
below(1):

I think this is the rule ?:

# grep "may not end with" *head*

mime_headers.pcre:/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|ops|pcd|pif|prf|reg|scf|scr\??|sct|shb|shs|shm|swf|vb[esx]?|vxd|wsc|wsf|wsh))(\?=)?"?\s*(;|$)/x
REJECT Attachment name "$2" may not end with ".$3"

main.cf:mime_header_checks = pcre:$config_directory/mime_headers.pcre

rate limit compromised sasl senders ?

is there a way to block or rate limit compromised sasl senders ?

postconf -d | grep mail_version
mail_version = 2.11.0

grep limit main.cf

recipient_delimiter = +
message_size_limit = 20971520
dovecot_destination_recipient_limit = 1
smtpd_client_connection_rate_limit = 50

grep sasl_username= ... at example dot com.au /var/log/maillog | wc
6374 57366 902481

...
Oct 27 22:11:42 emu postfix/smtpd[20784]: 391BF24ECEA:
client=unknown[81.196.92.93], sasl_method=PLAIN,
sasl_username= ... at example dot com.au
Oct 27 22:11:45 emu postfix/smtpd[20732]: 10A0924EC8B:
client=unknown[81.196.92.93], s

aliased domain works for test user, doesn't for another

I have Postfix/MySQL/Postfixadmin/Dovecot, using postfixadmin I've aliased
one domain to another

using a mailbox for myself for testing, sent emails to aliased domain,
both from outside (gmail) and through this server, receiving OK to my own
mailbox.

BUT, when tried sending to a different user, got "User unknown in virtual
mailbox table"

what am I missing ?

fails to <a href="mailto: ... at aa dot com"> ... at aa dot com</a>

Oct 11 22:38:59 emu postfix/smtpd[1506]: NOQUEUE: reject: RCPT from
mail-io0-f182.google.com[209.85.223.182]: 550 5.1.1 < ... at aa dot com>: Recipient
address rejected: User unknown in virtual mailbox table;
from=<voytek.e@g

Re: blocking compromised sasl users ?

Nicolás, thanks

no
# grep 104.200 main.cf
#

yes

how to do that ?

blocking compromised sasl users ?

it looks like I have a couple of compromised user accounts on one of the
domains on this server, I've changed the user password then even deleted
the user (through postfixadmin) but that didn't help..?

bypass rbl listing for one domain/defined users only till removed from rbl?

I have several domains on virtual mailbox Postfix server,
also use several RBL lists as so; that all works well

but now, of the domains, mydomain.tld needs to recive emails from a server
currently blacklisted on spamhaus

till the blacklist issue is resolved, how can allow such blacklisted
domain just for a several users ?

mirroring one domain.tld to domain.tld.au

I have Postfix/Dovecot/postfixadmin/MySQL with several virtual mailbox
domains

one of the domains is like aname.com.au, the user also now has aname.com,
and, would like to 'mirror' most of the addresses to be <a href="mailto: ... at aname dot com"> ... at aname dot com</a>,
THOUGH, some are to remain as <a href="mailto: ... at aname dot com.au"> ... at aname dot com.au</a>

so, both <a href="mailto: ... at aname dot com"> ... at aname dot com</a> as well as <a href="mailto: ... at aname dot com.au"> ... at aname dot com.au</a> should be one user

what's the best/proper way to do so ?

I think there is an option in postfixadmin to "Mirror addresses of one of
your domains to another." , is that the way to do this?

thanks for any pointers, suggestions or advice

mail_version = 2.11.0
virtual_min

ot: maildir has overdrawn his diskspace quota

I have Postfix/Dovecot with virtual domains, same setup unaltered since
quite a while ago

last month, added a new virtual domain, 'just like before'.

but, today noticed this in the queue/log 'overdrawn his diskspace quota'[1]:

user's Maildir cur has like 48,762,696 bytes (lot less than other users)

tried some searches, found similar probs, but, no solution as yet

any ideas ?
mail_version = 2.11.0
# quota -g vmail
# quota -u vmail
#

[1]
# grep 719855FC42 /var/log/maillog

Mar 3 15:20:58 emu postfix/smtpd[18535]: 719855FC42:
client=mail-pa0-f51.google.com[209.85.220.51]

Mar 3 15:20:5

ot: hotmail bouncing since two days ago, is there some new requiremtns?

I have Postfix running mail server for several small domains, all working
well.

since about 48 hours, several of my domains started getting bounced from
hotmail as per below

checked with mxtoolbox, mail server is:

Checking emu.sbt.net.au which resolves to 103.15.178.123 against 100 known
blacklists...
Listed 0 times with 3 timeouts

has hotmail changed or enforced something new in the last few days ?

is there something I should do on my Postfix ?

blocking bounces from spam advice

I have a small Postfix installation with virtual domains that runs well,
however, a user is complaining of being hit with flood of rejects from
spam sent out from elsewhere as though from him, the rejects are coming
back to him

the user in question has been, by his former request, exempted from some
checks:

tld.com.au OK
I'll remove him from recipient_no_checks, but, is there some other stuff I
should be doing as well ?

Greetings to the

ot: monitoring for 'spam breaches' ? cleanup woes?

I have Postfix server that runs pretty well, today a user got reject, our
server got listed on lashback and one other list as 'spam sender';

looking through logs it seems a sasl user is/was hacked few days ago:

# grep username /var/log/maillog | wc
4382 59184 765780
# grep username /var/log/maillog.1 | wc
1148 14914 190332
# grep username /var/log/maillog.2 | wc
67 1385 18475
# grep username /var/log/maillog.3 | wc
76 910 13651
# grep username /var/log/maillog.4 | wc
22 364 4692

I've now edited that username sasl password

what sort of monit

'aliasing' one domain to another?

I have Postfix 2.11.0 with virtual domains in mysql/postfixadmin, all
working well, as per setup below

user of the mydom.tld.au has also registered mydom.tld (to prevent
cybersquating)

sometimes they make mistakes and attempt to send emails to
<a href="mailto: ... at mydom dot tld"> ... at mydom dot tld</a> RATHER THAN (correct email) <a href="mailto: ... at mydom dot tld.au"> ... at mydom dot tld.au</a>

what is correct way/correct terminology to 'alias' (?) mydom.tld to
mydom.tld.au ?

with the aim so that <a href="mailto: ... at mydom dot tld.au"> ... at mydom dot tld.au</a> but addressed
in error without '.au' will get delivered properly?

# postconf -n | grep virtual
proxy_read_maps = $canonical_maps $lmtp_generic

different repo upgrade question 2.1/2.6 ?

I have a new server since few month ago, it was delivered with Postfix
(and Dovecot) preinstalled from iRedMail repo, it all works well with
Postfix 2.6.6

# postconf -d | grep mail_version
mail_version = 2.6.6
milter_macro_v = $mail_name $mail_version

couple of days I noticed this on yum update[1];

I don't understand what yum is telling me:
'updated'
'an update'

is it going to update 2.6.6 to 2.6.6-2.3 ?
why is it offering 2.11 ?

I'll head over to iRedMail to ask, but, thought it prudent to ask here as
well, apologies for asking dumb questions, as always
(frightened to break a working set

are these 'good and reliable' adls/dynamic pcre rejects?

my pre configured Postfix inluded these helo_access.pcre rejects;

today, I noticed an expected email was bounced by one of the
pre-configured rules as so:

Jan 31 10:08:01 emu postfix/smtpd[11075]: NOQUEUE: reject: RCPT from
unknown[59.167.231.218]: 554 5.7.1 <eth6619.nsw.adsl.internode.on.net>:
Helo command rejected: Go away, bad guy (adsl).; from=<helen. ... at tld dot com.au>
to=< ... at tld dot net.au> proto=ESMTP
helo=<eth6619.nsw.adsl.internode.on.net>

host 59.167.231.218
218.231.167.59.in-addr.arpa domain name pointer ns3.cipaname.com.

before I contact the sender to tell them "you are misconfigured

Re: 450 4.7.1 Client host rejected from unknown query

is it my freemail host line ?

"from_freemail_host =
reject_unknown_client,
check_client_access hash:/etc/postfix/freemail_hosts,
check_client_access regexp:/etc/post

450 4.7.1 Client host rejected from unknown query

I have a new server, and, have been trying to 'migrate' main.cf over to
new server, few lines at a time;
suspect might have screwed something in the process ?

just noticed eleven similar rejects for what seems like valid email:

Dec 16 23:07:02 emu postfix/smtpd[27747]: NOQUEUE: reject: RCPT from
unknown[67.195.87.182]: 450 4.7.1 Client host rejected: cannot find your
hostname, [67.195.87.182]; from=< ... at yahoo dot com>
to=< ... at sbt dot net.au> proto=ESMTP helo=<nm47-vm4.bullet.mail.gq1.yahoo.com>
..//..
Dec 17 14:22:25 emu postfix/smtpd[29232]: NOQUEUE: reject: RCPT from
unknown[67.195.87.18

adding rbl to smtpd restrictions

I have a new Postfix 2.6 server that came pre-configured, I'm trying to
'migrate' various anti UCE settings from the old server:

order of some of the params is quite different on new server, hence I'm
confused (as always) (so I'm trying to only make 1 or 2 changes at a time)

is this correct place for rbls, after 'unauth_dest' and before 'greylist' ?

thanks for any suggestions

smtpd_recipient_restrictions =.
reject_unknown_sender_domain,.
reject_unknown_recipient_domain,.
reject_non_fqdn_sender,.
reject_non_fqdn_recipient,.
reject_unlisted_recipient,.
check_policy_service inet:127.0.0

Re: relaying individual virtual domain to new postfix server ?

On Tue, November 19, 2013 1:34 pm, Viktor Dukhovni wrote:

relaying individual virtual domain to new postfix server ?

I would like to transfer some virtual domains to a new postfix server,
what is the proper way to do so,

I've tried adding to /etc/main.cf like:

relay_domains = dom.org.au
transport_maps = hash:$config_directory/transport

and /etc/transport

dom.org.au smtp:[emu.sbt.net.au]

that returned a warning
Nov 19 12:06:49 postfix/trivial-rewrite[24520]: warning: do not list
domain dom.org.au in BOTH virtual_mailbox_domains and relay_domains

I've removed dom.org.au from the sql, that removed the error, but, mail
still gets delivered localy

Nov 19 12:21:37 geko postfix/qmgr[24491]: 8770E382B93:
fro

transferring a virtual domain to new server, get 550 5.1.1

I have Postfix/Dovecot/MySQL installation with several virtual domains,
all is well.

I need to transfer several virtual domains to a new server, I was given an
out of the box Postfix/Dovecot/MySQL, similar release levels

I've copied the sql database across, the new server seems OK (as far as I
can tell (which is far from authoritative...))

I need to transfer a virtual domain, (I though I knew how to do it, done
it before....)

what's the correct procedure to tell old server to relay to new server?

I set like in main.cf: (proper is as 111.111.111.111)

dom.tld = smtp:[111.111.111.111]

but,

550-IMAP/POP3: understanding returns/bounces error mssg

I have a low usage 'workgroup' 'mini mail list' with a virtual alias that
sends email to 8 or 10 addresses (on other servers), that works well. No
changes have been made to target emails for several month, all's good.

today I've received two "Undelivered Mail Returned to Sender"

it said:

< ... at target dot tld>: host target.tld[69.175.yyy.xxx]
said: 550-Please turn on SMTP Authentication in your mail client, or
login to the 550-IMAP/POP3 server before sending your message.