gmane.mail.postfix.user

Re: how to act with abuse to "yahoo.com"

mouss — 2012-05-23T23:18:46

Le 23/05/2012 20:13, Reindl Harald a écrit :

spam-l is probably a better place for this.

b=Z087mA5aXBBFBY/iURKrLgf+dsWhytn5CVio/9UocybawMZhlkEwevvUueKiDry1mHdGV5J7cIpm/Vc0Xm7QjbTUEat0TpDWdG0pT8jBcXr5UYBW2G6uzOe/r5+zWPrXpsg/zE1pCKKDTZ2h4mlUPBgmc4K1G61gQxH3P/I8z1s=
b=fNxJtBEL3f3EF7CjJ5ZuhyyRn7MtWJEVh1tPA2sQfwWUgmu5FKm/tFqlHRLkg+GzfvOjkddge/Ak7daf7lFW0TiWgkZB9FCx0buCnUXyBnrZUU2FYdskE+852DjfCJRs0jdUsi0orst9eQCRgGWPsNbAgiZIkETROM8cSJ7VO2o=;
_______________________________________________

Re: how to act with abuse to "yahoo.com"

Reindl Harald — 2012-05-23T18:33:35


Am 23.05.2012 20:26, schrieb Wietse Venema:

i a, subscribed and noified if some of my users spams to yahoo

the problem is that some idiot with a yahoo account is spamming
multiple times to ffmpeg, x264 and other mailings-lists

their abuse-address has only a autoreply, their form after select
"The article describes the correct issue, but it doesn't solve the
problem." answers with "Oops! System Error: We're sorry! There
was a problem submitting your update to inciden"

so this blind idiots are violating RFC with no working way
to notify them about spam from their users

Re: how to act with abuse to "yahoo.com"

Wietse Venema — 2012-05-23T18:26:42

Reindl Harald:


You can sign up for feedback loop notifications.
http://feedbackloop.yahoo.net/

Wietse

how to act with abuse to "yahoo.com"

Reindl Harald — 2012-05-23T18:13:59

WTF? they are violating RFCs and their website is nonsense


aha - and what should i do as MY OWN provider?

-------- Original-Nachricht --------
Betreff: Re: ABUSE: Spam from "ptrtap< at >yahoo.com"
Datum: Wed, 23 May 2012 10:48:16 -0700 (PDT)
Von: no-reply< at >cc.yahoo-inc.com
An: h.reindl< at >thelounge.net

This is an automated response; please do not reply to this email as replies will not be answered.

To report spam, security, or abuse-related issues involving Yahoo!'s services, please go to http://abuse.yahoo.com.

Thank you,

Yahoo! Customer Care



-------- Original-Nachricht --------
Betreff: ABUSE: Spam from "ptrtap< at >yahoo.com"
Datum: Wed, 23 May 2012 19:47:34 +0200
Von: Reindl Harald <h.reindl< at >thelounge.net>
Organisation: the lounge interactive design
An: ptrtap< at >yahoo.com, abuse< at >yahoo.com
Kopie (CC): ffmpeg-user< at >ffmpeg.org

good day

would you PLEASE kill the address "ptrtap< at >yahoo.com"
this guy is sending SPAm multiple times to several
technical mailinglists the last days

i contacted this idiot yesterday off-

Re: postmaster required / close port 25

Reindl Harald — 2012-05-23T18:10:21


Am 23.05.2012 19:55, schrieb Georg Schönweger:

since sender is a full qualified address no it would
not only check the domain because "ererererere< at >thelounge.net"
is NOT a valid SENDER while "thelounge.net" is a valid DOMAIN


the question is wrong

you need to make sure that your MX accepts incoming mail
to whatever address you are using as sender - this is a
really simple thing with no if's

Re: postmaster required / close port 25

/dev/rob0 — 2012-05-23T18:00:07

All mail exchange happens on port 25. If an Internet domain doesn't 
have an MTA somewhere accepting mail for it on port 25, it will not 
receive mail.


You will find that mailer-daemon is a standard alias. It is probably 
in your /etc/aliases unless you removed it.


You did not show the complete logging for that mail. You say it was a 
bounce. If so, your hosting company may have a problem. Since, as one 
might presume, you are paying them for service, you should contact 
them now for support.

Another thing that occurs to me is that they don't want to relay 
backscatter. If that's what happened, it's quite understandable, but 
the error message is misleading / wrong. If you have a backscatter 
problem, you need to fix that.


It says, "in reply to MAIL FROM command". If as you say it was a 
bounce, then no, it probably has nothing to do with whether or not 
myserver.tld resolves. They have not yet seen the From: header at 
this point in SMTP.


This is all up to you, but yet, in general any domain which

Re: postmaster required / close port 25

Georg Schönweger — 2012-05-23T17:55:19

Am 23.05.2012 19:40, schrieb Reindl Harald:

so sender-verification will not only check if the domain is "valid"
(A-Record), but also if the server accepts mails for the specific sender
address (e.g. MAILER-DAEMON< at >myserver.tld)?
If i change now to our public domain name (hosted by a company) do i
have to create a MAILER-DAEMON account?

kind regards,
Georg

Re: postmaster required / close port 25

Wietse Venema — 2012-05-23T17:47:47

Georg Sch?nweger:

Specify a domain name with a working postmaster address! Rarely
does one send email as username< at >the-name-of-this-box.

Wietse

Re: postmaster required / close port 25

Reindl Harald — 2012-05-23T17:40:53


Am 23.05.2012 19:35, schrieb Georg Schönweger:

you have simply to use your PUBLIC, official domain name

if you send with "< at >myserver.tld" there has to be ANY mailserver
accepting a) this domain and b) this specific sender address

you must not send mails with a non-working sender domain
becasue a) you violate RFCs and b) servers with sender-verification
will never accept such messages

Re: postmaster required / close port 25

Georg Schönweger — 2012-05-23T17:35:15

Am 23.05.2012 19:08, schrieb Wietse Venema:

What does "correct domain name" mean? Currently im using "myserver.tld"
as domain name which has an A-Record pointing to my server (and a
reverse dns record as well). Do i have to allow incoming mail on this
domain too? (atleast for MAILER-DAEMON< at > and postmaster< at >)

kind regards,
Georg

Re: postmaster required / close port 25

Wietse Venema — 2012-05-23T17:08:45

Georg Sch?nweger:

Every domain should have a working postmaster address. That does
not mean that every MTA should have port 25 open to the Internet.

It is quote normal for larger sites to have different MTAs for
inbound and outbound mail streams.


It is your responsibility to ensure that Postfix sends such mail
with the correct domain name.  See
http://www.postfix.org/BASIC_CONFIGURATION_README.html#myorigin

Wietse

Re: postmaster required / close port 25

Reindl Harald — 2012-05-23T16:17:16


Am 23.05.2012 17:55, schrieb Georg Schönweger:

no - every MX has to accept it

internal mail relays usually does not allow any
connection from the WAN, but since they do not
accept any incoming mail directly this is OK

postmaster required / close port 25

Georg Schönweger — 2012-05-23T15:55:03

Hi,

i have a postfix server which is only used for sending emails to the
outside, no incoming emails are allowed (no MX record). I recently
opened port 587 in master.cf and now i'm asking myself if it is ok to
close port 25 completely?
AFAIK every mail server should accept incoming mails to
postmaster< at >myserver, but when i close port 25 this is not the case
anymore, isn't it?

and another question regarding port 25;
when my postfix server generates a bounce message (which happens when
sending a mail to non existend address) and sends it back to the
originally envelope sender, he uses "From: MAILER-DAEMON< at >myserver.tld"
as sender of the bounce message. Does MAILER-DAEMON< at >myserver.tld has to
be an existend mail account?
We recently had problems that on MX site of our email addresses (hosted
by a company) they rejected some of the bounce mails generated by my
server. Log shows following;
"status=bounced (host mx.myEmailHostedByCompany.tld[IP.IP.IP.IP]  said:
550 5.1.0 CfoC1j00P08HtnS01foCNg dominio non valido /

Re: postscreen blacklist painful refresh

DTNX Postmaster — 2012-05-23T15:04:03


I would suggest leaving the postscreen TTL at the default, unless you 
run into a scenario where the standard one (1) hour gives you trouble 
for some reason. Hasn't been an issue so far for us, and I reckon it 
won't be in most setups.

For those rare situations where something needs to happen right now, 
you can drop something at the firewall, or reload Postfix.

I rather like the fact that postscreen limits its scope, and doesn't 
try to be everything. Thank you for designing, building, testing and 
documenting reliable, predictable software :-)

Cya,
Jona

Re: postscreen blacklist painful refresh

Wietse Venema — 2012-05-23T13:35:41

Wietse Venema:

See also the detailed reply by DTNX Postmaster.

A word of caution: postscreen is designed to avoid doing tests for
every client connection; the postscreen_dnsbl_ttl value determines
how long DNSBL results are cached so that a test can be skipped,
and setting the value too low can result in an unacceptable number
of postscreen cache updates.

There currently is no way to say "don't update the postscreen cache
when a client passes test X" (X = DNSBL or PREGREET), or to have
different postscreen_dnsbl_ttl settings for different DNSBL providers.
Software doesn't grow on trees. It needs to be designed, built,
tested and documented.

Wietse

Re: postscreen blacklist painful refresh

DTNX Postmaster — 2012-05-23T12:32:23


We used to run a cron job for refreshing the blacklist, and only 
reloaded Postfix when there was an actual change. Have since moved to a 
local rbldnsd, which will automatically reload itself whenever the 
blacklist gets updated. Happens about 10 times a day, in our case.

Postfix uses the 'reject_rbl_client' to query the blacklist zone, 
automatically gets any updated results, but never needs to be reloaded.

Our RBL runs on localhost only, and gets its queries forwarded to a 
custom port by the stub resolver running on the same machine. In BIND, 
this works like this;

zone "rbl.domain.tld" IN {
type forward;
forward first;
forwarders {
127.0.0.1 port 5335;
};
};

Unbound and the PowerDNS recursor have similar options. This assumes 
that rbldnsd has been started with a '-b127.1/5335' option to bind on 
the custom port.

Performance should not be an issue, I reckon, as rbldnsd is deemed to 
be quite fast. Another plus is that the blacklist is only loaded into 
memory once, instead of for every acti

Re: conditional body_checks

Ansgar Wiechers — 2012-05-23T12:19:03

AFAICS these are headers and thus not processed by body_checks. Also, as
documented, checks are processed one line at a time, meaning that nested
matches can only operate on the same line.

Regards
Ansgar Wiechers

Re: postscreen blacklist painful refresh

Wietse Venema — 2012-05-23T12:17:23

Wietse Venema:

Or using RBLDNSD, and adjusting postscreen_dnsbl_ttl suitably.

Wietse

conditional body_checks

Loïc Latreille — 2012-05-23T11:59:52

Hello,

I would check if a string is present in the message body only if the
"To" field is equal to "jdoe< at >example.org".
I tried to use IF...ENDIF but it doesn't work because the pattern
between IF and ENDIF doesn't match the same input string that the IF
pattern.

A part of the body :
...
To: JDOE <jdoe< at >example.org>
From: "toto< at >otherexample.org" <toto< at >otherexample.org>
X-Email-Type-Id: TT123MM
...

My pcre table for the body_checks :
IF /To: JDOE <jdoe< at >example\.org>/
/X-Email-Type-Id: TT123MM/ REDIRECT momo< at >example.org
ENDIF

I need some help to run my filter, I can not seem to find a solution
to this problem :(

Thanks in advance.


Loïc

Re: Feature Request - address process testing

Wietse Venema — 2012-05-23T11:09:48

Daniel L. Miller:

Asking is easy. This requires adding an attribute type, adding a
command-line option to the Postfix sendmail command that won't
conflict with future Sendmail development, changing the queue manager
to read the new attribute, adding the attribute to the delivery-agent
protocol, adding the attribute to the bounce/defer/trace client
API, adding the attribute to the bounce protocol, changing the
bounce daemon.

Wietse

Re: Feature Request - address process testing

Wietse Venema — 2012-05-23T11:03:39

Wietse Venema:

Better: create a dummy account with a similar address, then
send mail as that dummy account after you have set up a virtual
alias to redirect their mail to yourself.

Wietse