Postfix - antispam and relay package

marcelloc · May 26, 2012, 2:19 AM

Nahid,

I think you just need to add

myhostname=mail2.sesric.org
smtp_helo_name=mail2.sesric.org

to genereal -> custom main.cf options

att,
Marcello Coutinho

nahid · May 26, 2012, 9:09 AM

Mercello,

In that case I got the following log that shows the messages were bounced and it doesn't deliver.

May 26 12:10:19 nahid05@gmail.com anhuda@sesric.org 0.63 bounced (mail for [10.10.1.5] loops back to myself)
May 26 12:09:23 nashanahid@yahoo.com anhuda@sesric.org 0.69 bounced (mail for [10.10.1.5] loops back to myself)

Best regards,
Nahid

RobinGill · May 27, 2012, 8:14 PM

@marcelloc:

RobinGill,

all working now? I was trying to reproduce your no valid recipients check you've posted today.
The reinstall did the trick?

att,
Marcello Coutinho

Hi Marcello,

Yes it's all working now that I've reinstalled. Strange thing is I tried a few times until I got it working. If I can figure out how to reproduce the problem I had I will let you know.

Also it's no major deal, but I'm wondering if on the next update it may be worth modifying the package to add quote marks to allow ldap authentication with a username with a space in it. I tried adding the quote marks in the gui but they are automatically removed.

marcelloc · May 27, 2012, 11:01 PM

@RobinGill:

but I'm wondering if on the next update it may be worth modifying the package to add quote marks to allow ldap authentication with a username with a space in it. I tried adding the quote marks in the gui but they are automatically removed.

I leave only letters and number to avoid code on the field.

nahid · May 28, 2012, 6:37 AM

"Mercello,

In that case I got the following log that shows the messages were bounced and it doesn't deliver.

May 26 12:10:19 nahid05@gmail.com anhuda@sesric.org 0.63 bounced (mail for [10.10.1.5] loops back to myself)
May 26 12:09:23 nashanahid@yahoo.com anhuda@sesric.org 0.69 bounced (mail for [10.10.1.5] loops back to myself)

Best regards,
Nahid"

Marcello,

Is there any way to solve this?

Nahid

zlyzwy · May 28, 2012, 7:48 AM

Hi Marcelloc,

I have one question, some mail server is continuing sending spam email to my server.
It brings me a lot of useless log in Search Mail(NOQUEUE).

May 28 15:41:58	xxx@xxx.com	aaa@aaa.cn	reject
May 28 15:42:58	xxx@xxx.com	aaa@aaa.cn	reject
May 28 15:43:58	xxx@xxx.com	aaa@aaa.cn	reject
May 28 15:44:58	xxx@xxx.com	aaa@aaa.cn	reject
May 28 15:45:58	xxx@xxx.com	aaa@aaa.cn	reject
May 28 15:46:58	xxx@xxx.com	aaa@aaa.cn	reject
May 28 15:47:58	xxx@xxx.com	aaa@aaa.cn	reject

I add the rule in Access List –> Sender

xxx@xxx.com RJECT
bbb.com REJECT

But I found I still can see these log in Search Mail.

Can I just block these mail address somewhere? Or maybe there will have a filter for log?

Thanks for your great work!
Zlyzwy

marcelloc · May 28, 2012, 3:16 PM

The noqueue log means that the message was rejected before mail data.

To do not receive this error, you will need to configure a firewall rule for these ips.

att,
Marcello Coutinho

zlyzwy · May 29, 2012, 12:32 AM

@marcelloc:

The noqueue log means that the message was rejected before mail data.

To do not receive this error, you will need to configure a firewall rule for these ips.

att,
Marcello Coutinho

In fact, I has tried this method already, however it seems it doesn't work.
I have pfBlocker installed, I put the spam ip into the Custom list, eg:

111.222.333.444/32  #xxx@xxx.com

Then I still see the NOQUEUE log…

marcelloc · May 29, 2012, 3:54 AM

@zlyzwy:

In fact, I has tried this method already, however it seems it doesn't work.
I have pfBlocker installed, I put the spam ip into the Custom list, eg:
111.222.333.444/32 #xxx@xxx.com

can you check on diagnostics table if this ip is listed on pfblocker alias?
what action did you selected on pfblocker?

pfBlocker is a nice package ;), but for this rule, you need just an alias and a rule on wan.

att,
Marcello Coutinho

zlyzwy · May 29, 2012, 5:17 AM

can you check on diagnostics table if this ip is listed on pfblocker alias?

Yes, it's.

what action did you selected on pfblocker?

Deny Inbound

I can see the packets which has been blocked by PFblocker from Dashboard..

marcelloc · May 30, 2012, 2:11 AM

Check the log, it may be coming from more than one ip.

zlyzwy · May 30, 2012, 12:36 AM

@marcelloc:

Check the log, it maybe comming from more then one ip.

You are right… there are three ips from one address.

I blocked them all and it's now OK~

Thanks for your help~

ics · May 31, 2012, 2:26 PM

Hi,

In Postfix, is it possible to forward emails to specific servers depending on the recipient email address (not only on the domain) ?

Thank you

marcelloc · May 31, 2012, 4:00 PM

not yet. :(

zlyzwy · Jun 19, 2012, 11:26 AM

Hi Marcelloc,

Can I add the NOQUEUE email address to Whitelist?
Some of mail server can't pass 'Helo Hostname' check….

As my understanding, the "access lists" will only work with QUEUE email address.

Thanks in advance~

Zlyzwy

marcelloc · Jun 19, 2012, 8:31 PM

The noqueue info in log file are for messages that failed during header check.

to workaround it,you can:

unselect the helo check on config gui
add the host hello info to /etc/hosts (check if pfsense boot process does not clean this file)
if you really trust the remote domain, add it to mynetworks.

But the best way is to ask remote site admin to fix his smtp configuration.

ics · Jun 29, 2012, 7:47 AM

Hi,

In Search Mail some emails have status "sent" even if it's detected as spam (maillog).
And for some other emails status "spam" is obviously correct. :)

Any explanation ?

Another question :
the subject displayed is the original subject of the email. Is it possible to view the modified subject also ?

Thanks

marcelloc · Jun 29, 2012, 1:08 PM

@ics:

Any explanation ?

Are you using mailscanner too? if so, there are som actions that sends the spam message just changing the subject, so the last action of this message_id is sent as postfix sent it to user.

@ics:

the subject displayed is the original subject of the email. Is it possible to view the modified subject also ?

Not yet, the databased is filled by maillog file, the subject is logged only when messages arrives.

biggsy · Jul 3, 2012, 9:00 AM

Hi Marcello,

I have an IronPort box that's been trying to bounce the same mail to my mail server, on the hour for nearly three days.

The sender address is being rejected for obvious reasons:

NOQUEUE: reject: RCPT from ironport2-out.teksavvy.com[206.248.154.182]: 450 4.1.8 mailman-bounces@localhost.localdomain: Sender address rejected: Domain not found; from= mailman-bounces@localhost.localdomain…

I tried to whitelist the server, blacklist it and a bunch of other things but the reject_unknown_sender_domain still kicks in and, becasue it's only a 450 response, they try again an hour later.

I thought I'd try "soft_bounce=no" but the GUI won't allow me to set that.

I can get soft_bounce=yes by setting soft bounce to "enabled" in the GUI but selecting either "Only in PostScreen" or "Disabled" just clears soft_bounce from main.cf.

I thought Disabled should set soft_bounce=no but wanted to ask what you think?/mailman-bounces@localhost.localdomain /mailman-bounces@localhost.localdomain

marcelloc · Jul 3, 2012, 1:39 PM

The best way to receive this bounce is to send an email to remote site sysadmin explaining his server misconfiguration.
To workaround for this misconfigured server, enable dns forwarder service and add missing domain/host as a Host Override.

I thought Disabled should set soft_bounce=no but wanted to ask what you think?

postfix documentation says that soft_bounce default value is no, so if it's not declared, then soft_bounce=no.

soft_bounce (default: no)
Safety net to keep mail queued that would otherwise be returned to the sender. This parameter disables locally-generated bounces, and prevents the Postfix SMTP server from rejecting mail permanently, by changing 5xx reply codes into 4xx. However, soft_bounce is no cure for address rewriting mistakes or mail routing mistakes.

Example:

soft_bounce = yes

att,
Marcello Coutinho