From chip at pupman.com Mon Sep 1 12:59:22 2014 From: chip at pupman.com (Chip Atkinson) Date: Mon, 1 Sep 2014 12:59:22 -0600 (MDT) Subject: [lug] Am I spamming? postfix log question Message-ID: Hi folks, I'm going through my maillogs and I see entries like this: maillog-20140811:Aug 5 00:03:46 tedward postfix/cleanup[23181]: B64A11AE3AB2: message-id=<20140805060346.B64A11AE3AB2 at tedward.pupman.com> maillog-20140811:Aug 5 00:03:46 tedward postfix/qmgr[6868]: B64A11AE3AB2: from=<>, size=10913, nrcpt=1 (queue active) maillog-20140811:Aug 5 00:03:46 tedward postfix/bounce[23183]: 84C3A1AE3AA9: sender non-delivery notification: B64A11AE3AB2 maillog-20140811:Aug 5 00:03:46 tedward postfix/smtp[23187]: B64A11AE3AB2: to=, relay=hgsp68.natric.eu[162.253.152.22]:25, delay=0.24, delays=0/0.01/0.23/0, dsn=4.4.2, status=deferred (lost connection with hgsp68.natric.eu[162.253.152.22] while receiving the initial server greeting) maillog-20140811:Aug 5 00:12:38 tedward postfix/qmgr[6868]: B64A11AE3AB2: from=<>, size=10913, nrcpt=1 (queue active) maillog-20140811:Aug 5 00:12:38 tedward postfix/smtp[1505]: B64A11AE3AB2: to=, relay=hgsp68.natric.eu[162.253.152.22]:25, delay=532, delays=532/0.01/0.19/0, dsn=4.4.2, status=deferred (lost connection with hgsp68.natric.eu[162.253.152.22] while receiving the initial server greeting) (Gaps added for clarity due to wrapping) To me it looks like my server got some email from "<>" and then tried to deliver to BureauScores at natric.edu. Is my interpretation correct, and if so, any suggestions on how to combat the problem? Here's postconf -n's output if that helps. Thanks in advance. Chip alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debug_peer_list = 167.88.120.115 html_directory = no in_flow_delay = 1s inet_interfaces = all inet_protocols = ipv4 local_recipient_maps = mail_owner = postfix mail_spool_directory = /var/spool/mail mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man masquerade_domains = pupman.com message_size_limit = 20480000 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain, chip1.$mydomain, tedward.pupman.com, www.pupman.com mydomain = pupman.com myhostname = tedward.pupman.com mynetworks = 127.0.0.0/8, 167.88.120.115 [::1]/128 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix owner_request_special = no proxy_interfaces = 167.88.120.115 queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES recipient_delimiter = + relay_domains = $mydestination, pupman.com, sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_client_restrictions = permit_mynetworks smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_unauth_destination smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_non_fqdn_hostname, reject_invalid_hostname, reject_unauth_pipelining, reject_unauth_destination, check_client_access hash:/etc/postfix/rbl_override, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.njabl.net, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, permit smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain, reject_unknown_address unknown_local_recipient_reject_code = 550 From stimits at comcast.net Mon Sep 1 15:20:49 2014 From: stimits at comcast.net (stimits at comcast.net) Date: Mon, 1 Sep 2014 21:20:49 +0000 (UTC) Subject: [lug] rsync option --delete Message-ID: <59175590.12372458.1409606449806.JavaMail.root@comcast.net> Hi, I have an embedded system I'm backing up to a loopback mounted file system on a remote host (they're sitting next to each other with gigabit directly between them)...the loopback image was originally what was used to create the file system on the embedded system as an exact copy. Although the loopback used to be an exact byte-for-byte replica with the actual file system on the embedded system, the two have diverged due to package updates. The loopback mounted system is used for both backup and for cross-compiling. So...to keep the loopback on the host sync'd with the embedded system, rsync has been used. Mostly it is working right, but something is causing the loopback destination of rsync to not delete some of the files which no longer exist on the embedded source file system. So with the limited size of the loopback, I'm finding this failure to delete what shouldn't still remain to be something like a memory leak, consuming space which is valuable. I run as root on the embedded system, and connect as root on the host (permissions are not an issue), with this command: cd /boot rsync -avczr -e ssh --delete-before * root at my_host:/embedded/boot (boot is a small directory with easily confirmed file listings, so I chose this as a test) I've tried --delete, and --delete-before. I have older kernels removed on the embedded source's /boot, and newer kernels added. It fails to remove all files on destination which no longer exist. What am I missing, or what do I need to do so extraneous files are deleted and do not take up space? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From steve.sullivan at mathcom.com Mon Sep 1 16:01:01 2014 From: steve.sullivan at mathcom.com (Steve Sullivan) Date: Mon, 1 Sep 2014 16:01:01 -0600 Subject: [lug] rsync option --delete In-Reply-To: <59175590.12372458.1409606449806.JavaMail.root@comcast.net> References: <59175590.12372458.1409606449806.JavaMail.root@comcast.net> Message-ID: <20140901220101.GA26003@mathcom.com> Have you tried: cd / rsync -avczr -e ssh --delete boot root at my_host:/embedded I'm guessing in your tests the extra files in my_host:/embedded/boot aren't mentioned in the source, so rsync ignores them. Steve On Mon, Sep 01, 2014 at 09:20:49PM +0000, stimits at comcast.net wrote: > Hi, > > I have an embedded system I'm backing up to a loopback mounted file system on a remote host (they're sitting next to each other with gigabit directly between them)...the loopback image was originally what was used to create the file system on the embedded system as an exact copy. Although the loopback used to be an exact byte-for-byte replica with the actual file system on the embedded system, the two have diverged due to package updates. The loopback mounted system is used for both backup and for cross-compiling. > > So...to keep the loopback on the host sync'd with the embedded system, rsync has been used. Mostly it is working right, but something is causing the loopback destination of rsync to not delete some of the files which no longer exist on the embedded source file system. So with the limited size of the loopback, I'm finding this failure to delete what shouldn't still remain to be something like a memory leak, consuming space which is valuable. I run as root on the embedded system, and connect as root on the host (permissions are not an issue), with this command: > cd /boot > rsync -avczr -e ssh --delete-before * root at my_host:/embedded/boot > (boot is a small directory with easily confirmed file listings, so I chose this as a test) > > I've tried --delete, and --delete-before. I have older kernels removed on the embedded source's /boot, and newer kernels added. It fails to remove all files on destination which no longer exist. What am I missing, or what do I need to do so extraneous files are deleted and do not take up space? > > Thanks! > _______________________________________________ > Web Page: http://lug.boulder.co.us > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety -- ======================================== Steve Sullivan steve.sullivan at mathcom.com 720-587-7498 http://www.mathcom.com ======================================== From stimits at comcast.net Tue Sep 2 08:52:27 2014 From: stimits at comcast.net (stimits at comcast.net) Date: Tue, 2 Sep 2014 14:52:27 +0000 (UTC) Subject: [lug] rsync option --delete In-Reply-To: <20140901220101.GA26003@mathcom.com> References: <59175590.12372458.1409606449806.JavaMail.root@comcast.net> <20140901220101.GA26003@mathcom.com> Message-ID: <365797039.12771877.1409669547857.JavaMail.root@comcast.net> Interesting how subtle minor differences are...this worked. Never thought to name files that don't exist! Naming a directory though does exactly that. Thanks! ... Have you tried: cd /rsync -avczr -e ssh --delete boot root at my_host:/embedded I'm guessing in your tests the extra files inmy_host:/embedded/boot aren't mentioned in the source,so rsync ignores them. Steve ... -------------- next part -------------- An HTML attachment was scrubbed... URL: From qhartman at gmail.com Tue Sep 2 10:22:47 2014 From: qhartman at gmail.com (Quentin Hartman) Date: Tue, 2 Sep 2014 10:22:47 -0600 Subject: [lug] Am I spamming? postfix log question In-Reply-To: References: Message-ID: It looks like someone attempted to send through you and your server is trying to tell them it won't deliver it, but it can't because of their malformed sender info. So, no, based on this, I don't think you are spamming. However, your smtp server is perhaps being overly polite in trying to tell the spammer it won't deliver the message. I would suggest hardening off your config a little more so that it will only accept messages destined for you, and require some form of auth before accepting send requests from clients. That way you won't clog up your system with this sort of shenanigans. While you're in there it would be good to go over the config more generally and make sure you are as optimal as possible. There are lots of resources online that can be turned up with a search for "hardening postfix". QH On Mon, Sep 1, 2014 at 12:59 PM, Chip Atkinson wrote: > Hi folks, > > I'm going through my maillogs and I see entries like this: > > maillog-20140811:Aug 5 00:03:46 tedward postfix/cleanup[23181]: > B64A11AE3AB2: message-id=<20140805060346.B64A11AE3AB2 at tedward.pupman.com> > > maillog-20140811:Aug 5 00:03:46 tedward postfix/qmgr[6868]: B64A11AE3AB2: > from=<>, size=10913, nrcpt=1 (queue active) > > maillog-20140811:Aug 5 00:03:46 tedward postfix/bounce[23183]: > 84C3A1AE3AA9: sender non-delivery notification: B64A11AE3AB2 > > maillog-20140811:Aug 5 00:03:46 tedward postfix/smtp[23187]: > B64A11AE3AB2: to=, relay=hgsp68.natric.eu[162.253.152.22]:25, > delay=0.24, delays=0/0.01/0.23/0, dsn=4.4.2, status=deferred (lost > connection with hgsp68.natric.eu[162.253.152.22] while receiving the > initial server greeting) > > maillog-20140811:Aug 5 00:12:38 tedward postfix/qmgr[6868]: B64A11AE3AB2: > from=<>, size=10913, nrcpt=1 (queue active) > > maillog-20140811:Aug 5 00:12:38 tedward postfix/smtp[1505]: B64A11AE3AB2: > to=, relay=hgsp68.natric.eu[162.253.152.22]:25, > delay=532, delays=532/0.01/0.19/0, dsn=4.4.2, status=deferred (lost > connection with hgsp68.natric.eu[162.253.152.22] while receiving the > initial server greeting) > > (Gaps added for clarity due to wrapping) > > To me it looks like my server got some email from "<>" and then tried to > deliver to BureauScores at natric.edu. > > Is my interpretation correct, and if so, any suggestions on how to combat > the problem? > > Here's postconf -n's output if that helps. > > Thanks in advance. > > Chip > > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > debug_peer_list = 167.88.120.115 > html_directory = no > in_flow_delay = 1s > inet_interfaces = all > inet_protocols = ipv4 > local_recipient_maps = > mail_owner = postfix > mail_spool_directory = /var/spool/mail > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > masquerade_domains = pupman.com > message_size_limit = 20480000 > mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, > mail.$mydomain, www.$mydomain, chip1.$mydomain, tedward.pupman.com, > www.pupman.com > mydomain = pupman.com > myhostname = tedward.pupman.com > mynetworks = 127.0.0.0/8, 167.88.120.115 [::1]/128 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > owner_request_special = no > proxy_interfaces = 167.88.120.115 > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES > recipient_delimiter = + > relay_domains = $mydestination, pupman.com, > sample_directory = /usr/share/doc/postfix-2.6.6/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtpd_client_restrictions = permit_mynetworks > smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, > reject_unauth_destination > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, > reject_invalid_hostname, permit > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_non_fqdn_sender, > reject_non_fqdn_recipient, reject_non_fqdn_hostname, > reject_invalid_hostname, reject_unauth_pipelining, > reject_unauth_destination, check_client_access hash:/etc/postfix/rbl_override, > reject_unknown_sender_domain, reject_unknown_recipient_domain, > reject_rbl_client zen.spamhaus.org, reject_rbl_client > dnsbl.njabl.net, reject_rbl_client bl.spamcop.net, > reject_rbl_client cbl.abuseat.org, reject_rhsbl_helo > dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, permit > smtpd_sender_restrictions = permit_mynetworks, > reject_unknown_sender_domain, reject_unknown_address > unknown_local_recipient_reject_code = 550 > > _______________________________________________ > Web Page: http://lug.boulder.co.us > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety > -------------- next part -------------- An HTML attachment was scrubbed... URL: From georges at mhsoftware.com Wed Sep 3 08:29:52 2014 From: georges at mhsoftware.com (George Sexton) Date: Wed, 03 Sep 2014 08:29:52 -0600 Subject: [lug] Am I spamming? postfix log question In-Reply-To: References: Message-ID: <540725E0.2090000@mhsoftware.com> A reasonable smtpd_sender_restrictions would be: smtpd_sender_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_rbl_client zen.spamhaus.org,permit On 9/1/2014 12:59 PM, Chip Atkinson wrote: > Hi folks, > > I'm going through my maillogs and I see entries like this: > > maillog-20140811:Aug 5 00:03:46 tedward postfix/cleanup[23181]: > B64A11AE3AB2: message-id=<20140805060346.B64A11AE3AB2 at tedward.pupman.com> > > maillog-20140811:Aug 5 00:03:46 tedward postfix/qmgr[6868]: > B64A11AE3AB2: from=<>, size=10913, nrcpt=1 (queue active) > > maillog-20140811:Aug 5 00:03:46 tedward postfix/bounce[23183]: > 84C3A1AE3AA9: sender non-delivery notification: B64A11AE3AB2 > > maillog-20140811:Aug 5 00:03:46 tedward postfix/smtp[23187]: > B64A11AE3AB2: to=, > relay=hgsp68.natric.eu[162.253.152.22]:25, delay=0.24, > delays=0/0.01/0.23/0, dsn=4.4.2, status=deferred (lost connection with > hgsp68.natric.eu[162.253.152.22] while receiving the initial server > greeting) > > maillog-20140811:Aug 5 00:12:38 tedward postfix/qmgr[6868]: > B64A11AE3AB2: from=<>, size=10913, nrcpt=1 (queue active) > > maillog-20140811:Aug 5 00:12:38 tedward postfix/smtp[1505]: > B64A11AE3AB2: to=, > relay=hgsp68.natric.eu[162.253.152.22]:25, delay=532, > delays=532/0.01/0.19/0, dsn=4.4.2, status=deferred (lost connection > with hgsp68.natric.eu[162.253.152.22] while receiving the initial > server greeting) > > (Gaps added for clarity due to wrapping) > > To me it looks like my server got some email from "<>" and then tried > to deliver to BureauScores at natric.edu. > > Is my interpretation correct, and if so, any suggestions on how to > combat the problem? > > Here's postconf -n's output if that helps. > > Thanks in advance. > > Chip > > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > debug_peer_list = 167.88.120.115 > html_directory = no > in_flow_delay = 1s > inet_interfaces = all > inet_protocols = ipv4 > local_recipient_maps = > mail_owner = postfix > mail_spool_directory = /var/spool/mail > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > masquerade_domains = pupman.com > message_size_limit = 20480000 > mydestination = $myhostname, localhost.$mydomain, localhost, > $mydomain, mail.$mydomain, www.$mydomain, chip1.$mydomain, > tedward.pupman.com, www.pupman.com > mydomain = pupman.com > myhostname = tedward.pupman.com > mynetworks = 127.0.0.0/8, 167.88.120.115 [::1]/128 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > owner_request_special = no > proxy_interfaces = 167.88.120.115 > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES > recipient_delimiter = + > relay_domains = $mydestination, pupman.com, > sample_directory = /usr/share/doc/postfix-2.6.6/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtpd_client_restrictions = permit_mynetworks > smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, > reject_unauth_destination > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, > reject_invalid_hostname, permit > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_non_fqdn_sender, > reject_non_fqdn_recipient, reject_non_fqdn_hostname, > reject_invalid_hostname, reject_unauth_pipelining, > reject_unauth_destination, check_client_access > hash:/etc/postfix/rbl_override, reject_unknown_sender_domain, > reject_unknown_recipient_domain, reject_rbl_client > zen.spamhaus.org, reject_rbl_client dnsbl.njabl.net, > reject_rbl_client bl.spamcop.net, reject_rbl_client > cbl.abuseat.org, reject_rhsbl_helo dbl.spamhaus.org, > reject_rhsbl_sender dbl.spamhaus.org, permit > smtpd_sender_restrictions = permit_mynetworks, > reject_unknown_sender_domain, reject_unknown_address > unknown_local_recipient_reject_code = 550 > > _______________________________________________ > Web Page: http://lug.boulder.co.us > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety > -- George Sexton *MH Software, Inc.* Voice: 303 438 9585 http://www.mhsoftware.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From chip at pupman.com Wed Sep 3 08:40:08 2014 From: chip at pupman.com (Chip Atkinson) Date: Wed, 3 Sep 2014 08:40:08 -0600 (MDT) Subject: [lug] Am I spamming? postfix log question In-Reply-To: <540725E0.2090000@mhsoftware.com> References: <540725E0.2090000@mhsoftware.com> Message-ID: Thanks for that information. It looks like a good set of restrictions to put in place. When scrutinizing my config files further I did discover that the server was misconfigured and the source of the problem was "backscatter", where a spammer will connect saying they are from hotmail or whatever, and my server would dutifully contact hotmail saying no such user. That problem is fixed. I'll put these in place to further tighten things up. Chip On Wed, 3 Sep 2014, George Sexton wrote: > A reasonable smtpd_sender_restrictions would be: > > smtpd_sender_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender > ,reject_unknown_sender_domain,reject_rbl_client zen.spamhaus.org,permit > > > > On 9/1/2014 12:59 PM, Chip Atkinson wrote: > Hi folks, > > I'm going through my maillogs and I see entries like this: > > maillog-20140811:Aug? 5 00:03:46 tedward postfix/cleanup[23181]: B64A11AE3AB2: > message-id=<20140805060346.B64A11AE3AB2 at tedward.pupman.com> > > maillog-20140811:Aug? 5 00:03:46 tedward postfix/qmgr[6868]: B64A11AE3AB2: > from=<>, size=10913, nrcpt=1 (queue active) > > maillog-20140811:Aug? 5 00:03:46 tedward postfix/bounce[23183]: 84C3A1AE3AA9: > sender non-delivery notification: B64A11AE3AB2 > > maillog-20140811:Aug? 5 00:03:46 tedward postfix/smtp[23187]: B64A11AE3AB2: > to=, relay=hgsp68.natric.eu[162.253.152.22]:25, > delay=0.24, delays=0/0.01/0.23/0, dsn=4.4.2, status=deferred (lost connection > with hgsp68.natric.eu[162.253.152.22] while receiving the initial server > greeting) > > maillog-20140811:Aug? 5 00:12:38 tedward postfix/qmgr[6868]: B64A11AE3AB2: > from=<>, size=10913, nrcpt=1 (queue active) > > maillog-20140811:Aug? 5 00:12:38 tedward postfix/smtp[1505]: B64A11AE3AB2: > to=, relay=hgsp68.natric.eu[162.253.152.22]:25, > delay=532, delays=532/0.01/0.19/0, dsn=4.4.2, status=deferred (lost connection > with hgsp68.natric.eu[162.253.152.22] while receiving the initial server > greeting) > > (Gaps added for clarity due to wrapping) > > To me it looks like my server got some email from "<>" and then tried to deliver > to BureauScores at natric.edu. > > Is my interpretation correct, and if so, any suggestions on how to combat the > problem? > > Here's postconf -n's output if that helps. > > Thanks in advance. > > Chip > > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > debug_peer_list = 167.88.120.115 > html_directory = no > in_flow_delay = 1s > inet_interfaces = all > inet_protocols = ipv4 > local_recipient_maps = > mail_owner = postfix > mail_spool_directory = /var/spool/mail > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > masquerade_domains = pupman.com > message_size_limit = 20480000 > mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, > mail.$mydomain, www.$mydomain, chip1.$mydomain,? tedward.pupman.com, > www.pupman.com > mydomain = pupman.com > myhostname = tedward.pupman.com > mynetworks = 127.0.0.0/8, 167.88.120.115 [::1]/128 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > owner_request_special = no > proxy_interfaces = 167.88.120.115 > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES > recipient_delimiter = + > relay_domains = $mydestination, pupman.com, > sample_directory = /usr/share/doc/postfix-2.6.6/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtpd_client_restrictions = permit_mynetworks > smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, > reject_unauth_destination > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks,??? reject_non_fqdn_hostname, > reject_invalid_hostname,??? permit > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated,?????????? reject_non_fqdn_sender, > reject_non_fqdn_recipient,?????????? reject_non_fqdn_hostname, > reject_invalid_hostname,?????????? reject_unauth_pipelining, > reject_unauth_destination,?????? check_client_access > hash:/etc/postfix/rbl_override,?????????? reject_unknown_sender_domain, > reject_unknown_recipient_domain,?????????? reject_rbl_client > zen.spamhaus.org,?????????? reject_rbl_client dnsbl.njabl.net, reject_rbl_client > bl.spamcop.net,?????????? reject_rbl_client cbl.abuseat.org,?????????? > reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender > dbl.spamhaus.org,?????????? permit > smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain, > reject_unknown_address > unknown_local_recipient_reject_code = 550 > > _______________________________________________ > Web Page:? http://lug.boulder.co.us > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety > > > -- > George Sexton > MH Software, Inc. > Voice: 303 438 9585 > http://www.mhsoftware.com > > From georges at mhsoftware.com Wed Sep 3 13:47:38 2014 From: georges at mhsoftware.com (George Sexton) Date: Wed, 03 Sep 2014 13:47:38 -0600 Subject: [lug] Am I spamming? postfix log question In-Reply-To: References: <540725E0.2090000@mhsoftware.com> Message-ID: <5407705A.30306@mhsoftware.com> You might want to this tool here: http://mxtoolbox.com/SuperTool.aspx to check your ip. Click on the button to change the check type to blacklist. On 9/3/2014 8:40 AM, Chip Atkinson wrote: > Thanks for that information. It looks like a good set of restrictions > to put in place. When scrutinizing my config files further I did > discover that the server was misconfigured and the source of the > problem was "backscatter", where a spammer will connect saying they > are from hotmail or whatever, and my server would dutifully contact > hotmail saying no such user. That problem is fixed. I'll put these > in place to further tighten things up. > > Chip > > > On Wed, 3 Sep 2014, George Sexton wrote: > >> A reasonable smtpd_sender_restrictions would be: >> >> smtpd_sender_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender >> >> ,reject_unknown_sender_domain,reject_rbl_client zen.spamhaus.org,permit >> >> >> >> On 9/1/2014 12:59 PM, Chip Atkinson wrote: >> Hi folks, >> >> I'm going through my maillogs and I see entries like this: >> >> maillog-20140811:Aug 5 00:03:46 tedward >> postfix/cleanup[23181]: B64A11AE3AB2: >> message-id=<20140805060346.B64A11AE3AB2 at tedward.pupman.com> >> >> maillog-20140811:Aug 5 00:03:46 tedward postfix/qmgr[6868]: >> B64A11AE3AB2: >> from=<>, size=10913, nrcpt=1 (queue active) >> >> maillog-20140811:Aug 5 00:03:46 tedward postfix/bounce[23183]: >> 84C3A1AE3AA9: >> sender non-delivery notification: B64A11AE3AB2 >> >> maillog-20140811:Aug 5 00:03:46 tedward postfix/smtp[23187]: >> B64A11AE3AB2: >> to=, >> relay=hgsp68.natric.eu[162.253.152.22]:25, >> delay=0.24, delays=0/0.01/0.23/0, dsn=4.4.2, status=deferred >> (lost connection >> with hgsp68.natric.eu[162.253.152.22] while receiving the >> initial server >> greeting) >> >> maillog-20140811:Aug 5 00:12:38 tedward postfix/qmgr[6868]: >> B64A11AE3AB2: >> from=<>, size=10913, nrcpt=1 (queue active) >> >> maillog-20140811:Aug 5 00:12:38 tedward postfix/smtp[1505]: >> B64A11AE3AB2: >> to=, >> relay=hgsp68.natric.eu[162.253.152.22]:25, >> delay=532, delays=532/0.01/0.19/0, dsn=4.4.2, status=deferred >> (lost connection >> with hgsp68.natric.eu[162.253.152.22] while receiving the >> initial server >> greeting) >> >> (Gaps added for clarity due to wrapping) >> >> To me it looks like my server got some email from "<>" and then >> tried to deliver >> to BureauScores at natric.edu. >> >> Is my interpretation correct, and if so, any suggestions on how >> to combat the >> problem? >> >> Here's postconf -n's output if that helps. >> >> Thanks in advance. >> >> Chip >> >> >> alias_database = hash:/etc/aliases >> alias_maps = hash:/etc/aliases, >> hash:/usr/local/mailman/data/aliases >> command_directory = /usr/sbin >> config_directory = /etc/postfix >> daemon_directory = /usr/libexec/postfix >> data_directory = /var/lib/postfix >> debug_peer_level = 2 >> debug_peer_list = 167.88.120.115 >> html_directory = no >> in_flow_delay = 1s >> inet_interfaces = all >> inet_protocols = ipv4 >> local_recipient_maps = >> mail_owner = postfix >> mail_spool_directory = /var/spool/mail >> mailq_path = /usr/bin/mailq.postfix >> manpage_directory = /usr/share/man >> masquerade_domains = pupman.com >> message_size_limit = 20480000 >> mydestination = $myhostname, localhost.$mydomain, localhost, >> $mydomain, >> mail.$mydomain, www.$mydomain, chip1.$mydomain, >> tedward.pupman.com, >> www.pupman.com >> mydomain = pupman.com >> myhostname = tedward.pupman.com >> mynetworks = 127.0.0.0/8, 167.88.120.115 [::1]/128 >> myorigin = $mydomain >> newaliases_path = /usr/bin/newaliases.postfix >> owner_request_special = no >> proxy_interfaces = 167.88.120.115 >> queue_directory = /var/spool/postfix >> readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES >> recipient_delimiter = + >> relay_domains = $mydestination, pupman.com, >> sample_directory = /usr/share/doc/postfix-2.6.6/samples >> sendmail_path = /usr/sbin/sendmail.postfix >> setgid_group = postdrop >> smtpd_client_restrictions = permit_mynetworks >> smtpd_data_restrictions = permit_mynetworks, >> reject_unauth_pipelining, >> reject_unauth_destination >> smtpd_helo_required = yes >> smtpd_helo_restrictions = permit_mynetworks, >> reject_non_fqdn_hostname, >> reject_invalid_hostname, permit >> smtpd_recipient_restrictions = permit_mynetworks, >> permit_sasl_authenticated, reject_non_fqdn_sender, >> reject_non_fqdn_recipient, reject_non_fqdn_hostname, >> reject_invalid_hostname, reject_unauth_pipelining, >> reject_unauth_destination, check_client_access >> hash:/etc/postfix/rbl_override, reject_unknown_sender_domain, >> reject_unknown_recipient_domain, reject_rbl_client >> zen.spamhaus.org, reject_rbl_client dnsbl.njabl.net, >> reject_rbl_client >> bl.spamcop.net, reject_rbl_client cbl.abuseat.org, >> reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender >> dbl.spamhaus.org, permit >> smtpd_sender_restrictions = permit_mynetworks, >> reject_unknown_sender_domain, >> reject_unknown_address >> unknown_local_recipient_reject_code = 550 >> >> _______________________________________________ >> Web Page: http://lug.boulder.co.us >> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug >> Join us on IRC: irc.hackingsociety.org port=6667 >> channel=#hackingsociety >> >> >> -- >> George Sexton >> MH Software, Inc. >> Voice: 303 438 9585 >> http://www.mhsoftware.com >> >> > > > _______________________________________________ > Web Page: http://lug.boulder.co.us > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety -- George Sexton *MH Software, Inc.* Voice: 303 438 9585 http://www.mhsoftware.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From matuse at gmail.com Thu Sep 4 00:26:51 2014 From: matuse at gmail.com (Matt James) Date: Thu, 4 Sep 2014 00:26:51 -0600 Subject: [lug] Longmont Linux Users Group (LLUG) - Meeting announcement - Do you wanna build a server? - September 10th Message-ID: The next LLUG meeting will be Wednesday September 10th, 2014 at 7PM After the distro wars, we came to the decision to have a bit of a fly-off style comparison between CentOS and Debian in order to setup a server for our group. Basic tasks will be to setup a website, mailing list, and maybe a few other things that sound interesting given the allotted time. We'll have a couple of PowerEdge servers on-hand and we'll do a ground up build of each of the OS's and we'll have a couple of laptops available if someone wants to play around with installing on their own, work on another OS, etc. Moving the time up an hour per discussions at last meeting. Apologies for those looking for a meeting on the 3rd. Business travel prevented me from coordinating a meeting on the normally scheduled first Wed of the month. We'll be at the downtown Tinkermill location again this month. 519 4th Ave, Longmont, CO Meetup link: http://www.meetup.com/LongmontHackerSpace/events/205095962/ Hope to see you all there! Matt James 303-949-7659 PS - Once we get this server up, I can quit playing piggy back on the BLUG / CLUE / SFS mailing lists. Thanks for your patience! From anna.cereti at gmail.com Thu Sep 4 12:50:10 2014 From: anna.cereti at gmail.com (anna) Date: Thu, 4 Sep 2014 12:50:10 -0600 Subject: [lug] BLUG meeting announcement - September 11, 2014 Message-ID: The September Boulder Linux Users Group meeting is coming up. Speaker: Karl Williamson Title: An Introduction to Unicode Abstract: Unicode, a very large superset of ASCII and Latin1, is an ongoing project to encode all the world's languages' scripts. This talk will help you grok Unicode and how to program using it. All examples will be from the Perl 5 programming language. When : 7:15 p.m. on Thu, September 11, 2014 Where : Applied Trust, 1033 Walnut St, Bulder, CO 80302 Applied Trust is on Walnut Street in downtown Boulder. It is the door just west of Amante Coffee. Map : http://lug.boulder.co.us/meetings.html Parking : Parking on the street is free after 7pm and there are 2 public garages on Walnut at $1.25/hour and bike parking on the sidewalk in front of the office. Bus : Less than 2 blocks from Broadway which is served by the Skip busses. Less than 4 blocks from the Boulder Transit Center which serves almost all routes. Pre meeting food ---------------- Food will be available at the meeting location, so please show up around 6:45 pm and join us for a bite to eat. We'll start the meeting at 7:15. See you there, Anna -------------- next part -------------- An HTML attachment was scrubbed... URL: