Loading ...
Sorry, an error occurred while loading the content.

postscreen unable to log spamhaus URL

Expand Messages
  • Jeetu
    Hi, I have a local spamhaus rbldnsd running configured on spamhaus.myoffice.com configured as reject_rbl_client spamhaus.myoffice.com My smtpd process
    Message 1 of 7 , Aug 2, 2011
    • 0 Attachment
      Hi,

      I have a local spamhaus rbldnsd running configured on
      spamhaus.myoffice.com configured as
      reject_rbl_client spamhaus.myoffice.com

      My smtpd process used to log following:

      Aug 1 04:03:11 inbound-in-1 postfix/smtpd[2488]: NOQUEUE: reject: RCPT
      from unknown[x.x.x.x]: 554 5.7.1 Service unavailable; Client host
      [x.x.x.x] blocked using spamhaus.myoffice.com;
      http://www.spamhaus.org/SBL/sbl.lasso?query=SBL102475;
      from=<info@...> to=<contact@...> proto=ESMTP
      helo=<mail.central.xx>
      Aug 1 04:03:14 inbound-in-1 postfix/smtpd[4219]: NOQUEUE: reject: RCPT
      from unknown[y.y.y.y]: 554 5.7.1 Service unavailable; Client host
      [y.y.y.y] blocked using spamhaus.myoffice.com;
      http://www.spamhaus.org/query/bl?ip=y.y.y.y; from=<corrugates08@...>
      to=<compliance@...> proto=ESMTP helo=<yyyy.hr>
      Aug 1 04:03:25 inbound-in-1 postfix/smtpd[2488]: NOQUEUE: reject: RCPT
      from unknown[z.z.z.z]: 554 5.7.1 Service unavailable; Client host
      [z.z.z.z] blocked using spamhaus.myoffice.com;
      http://www.spamhaus.org/query/bl?ip=z.z.z.z; from=<Alexander@...>
      to=<test@...> proto=ESMTP helo=<homecomp>

      After using postscreen as
      postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply

      $cat /etc/postfix/dnsbl_reply
      # Secret DNSBL name Name in postscreen(8) replies
      spamhaus.myoffice.com zen.spamhaus.org

      i get this in log
      Aug 2 17:27:52 inbound-in-1 postfix/postscreen[24480]: NOQUEUE: reject:
      RCPT from [x.x.x.x]:17847: 550 5.7.1 Service unavailable; client
      [x.x.x.x] blocked using zen.spamhaus.org; from=<snlo@...>,
      to=<kathy@...>, proto=ESMTP, helo=<d124252.upc-d.chello.nl>
      Aug 2 17:28:30 inbound-in-1 postfix/postscreen[24480]: NOQUEUE: reject:
      RCPT from [y.y.y.y]:33109: 550 5.7.1 Service unavailable; client
      [y.y.y.y] blocked using zen.spamhaus.org; from=<fon@...>,
      to=<sipprell@...>, proto=SMTP, helo=<www5.nederlandweb.nl>

      i want the spamhaus.org URL in the logs, how do i achieve it ?

      --
      -Jeetu
    • Wietse Venema
      ... If in doubt, read the fine documentation. As documented, postsceen currently does not have any controls to format the DNSBL reply (other than aliasing the
      Message 2 of 7 , Aug 2, 2011
      • 0 Attachment
        Jeetu:
        > i get this in log
        > Aug 2 17:27:52 inbound-in-1 postfix/postscreen[24480]: NOQUEUE: reject:
        > RCPT from [x.x.x.x]:17847: 550 5.7.1 Service unavailable; client
        > [x.x.x.x] blocked using zen.spamhaus.org; from=<snlo@...>,
        > to=<kathy@...>, proto=ESMTP, helo=<d124252.upc-d.chello.nl>
        > Aug 2 17:28:30 inbound-in-1 postfix/postscreen[24480]: NOQUEUE: reject:
        > RCPT from [y.y.y.y]:33109: 550 5.7.1 Service unavailable; client
        > [y.y.y.y] blocked using zen.spamhaus.org; from=<fon@...>,
        > to=<sipprell@...>, proto=SMTP, helo=<www5.nederlandweb.nl>
        >
        > i want the spamhaus.org URL in the logs, how do i achieve it ?

        If in doubt, read the fine documentation. As documented, postsceen
        currently does not have any controls to format the DNSBL reply
        (other than aliasing the DNSBL domain name).

        Wietse
      • Stan Hoeppner
        ... I think some folks have allowed themselves to believe that postscreen is a total anti spam solution due to feature creep late in development. They forget
        Message 3 of 7 , Aug 2, 2011
        • 0 Attachment
          On 8/2/2011 9:32 AM, Wietse Venema wrote:
          > Jeetu:
          >> i get this in log
          >> Aug 2 17:27:52 inbound-in-1 postfix/postscreen[24480]: NOQUEUE: reject:
          >> RCPT from [x.x.x.x]:17847: 550 5.7.1 Service unavailable; client
          >> [x.x.x.x] blocked using zen.spamhaus.org; from=<snlo@...>,
          >> to=<kathy@...>, proto=ESMTP, helo=<d124252.upc-d.chello.nl>
          >> Aug 2 17:28:30 inbound-in-1 postfix/postscreen[24480]: NOQUEUE: reject:
          >> RCPT from [y.y.y.y]:33109: 550 5.7.1 Service unavailable; client
          >> [y.y.y.y] blocked using zen.spamhaus.org; from=<fon@...>,
          >> to=<sipprell@...>, proto=SMTP, helo=<www5.nederlandweb.nl>
          >>
          >> i want the spamhaus.org URL in the logs, how do i achieve it ?
          >
          > If in doubt, read the fine documentation. As documented, postsceen
          > currently does not have any controls to format the DNSBL reply
          > (other than aliasing the DNSBL domain name).

          I think some folks have allowed themselves to believe that postscreen is
          a total anti spam solution due to feature creep late in development.
          They forget its design goal was simply to keep bots from tying up smtpd
          processes.

          Jeetu, if you need this particular rejection text, the solution is
          simple: use zen in smtpd_foo_restrictions as you did historically, and
          remove it from your postscreen config. One half of the Zen list is
          comprised of the PBL and CBL, which target bot spam. Postscreen does
          pretty well here by itself. I'm sure you can sacrifice a few smtpd
          processes to combat the snowshoe, and hard core spammers on 'bullet
          proof' hosting. Your system handled this before Postscreen.

          --
          Stan
        • Jeetu
          ... Fine Wietse, i found a workaround for this i added the foll. $cat /etc/postfix/dnsbl_reply # Secret DNSBL name Name in postscreen(8) replies
          Message 4 of 7 , Aug 2, 2011
          • 0 Attachment
            On 02/08/11 8:02 PM, Wietse Venema wrote:
            > If in doubt, read the fine documentation. As documented, postsceen
            > currently does not have any controls to format the DNSBL reply
            > (other than aliasing the DNSBL domain name).

            Fine Wietse, i found a workaround for this
            i added the foll.
            $cat /etc/postfix/dnsbl_reply
            # Secret DNSBL name Name in postscreen(8) replies
            spamhaus.myoffice.com zen.spamhaus.org;
            http://www.spamhaus.org/query/bl?ip=${client_addr}

            But in logs I'm getting
            Aug 3 11:13:16 inbound-in-1 postfix/postscreen[30561]: NOQUEUE: reject:
            RCPT from [x.x.x.x]:3279: 550 5.7.1 Service unavailable; client
            [x.x.x.x] blocked using zen.spamhaus.org;
            http://www.spamhaus.org/query/bl?ip=${client_addr};
            from=<junkyj6241@...>, to=<ttnguyen@...>, proto=ESMTP,
            helo=<xxx.com>

            now the ${client_addr} is not getting substituted for original client
            address.
            is there any other way to display client address by postscreen?

            Also i wanted to know if add postscreen_dnsbl_sites then do i need to
            reject_rbl_client in smtpd_recipient_restrictions ?

            --
            -Jeetu
          • Nic Wolff
            Hi, I m trying to relay all mail for one domain ourdomain.tld from Postfix running on port 2525 of one interface to another SMTP server running on port 25 of
            Message 5 of 7 , Aug 2, 2011
            • 0 Attachment
              Hi, I'm trying to relay all mail for one domain "ourdomain.tld" from Postfix running on port 2525 of one interface to another SMTP server running on port 25 of another interface on the same machine. Sadly, when a message is received for that domain, we're getting a "mail for <host:port> loops back to myself" error – even though that host:port is not where Postfix is running!

              Below are netstat and postconf, the contents of our /etc/postfix/transport file, and the error that Postfix is logging. Am I missing something obvious? Thanks -

              # netstat -ln -A inet
              Proto Recv-Q Send-Q Local Address Foreign Address State
              ...
              tcp 0 0 198.104.138.209:25 0.0.0.0:* LISTEN
              tcp 0 0 198.104.138.210:2525 0.0.0.0:* LISTEN

              # postconf -d | grep mail_version
              mail_version = 2.8.4

              # postconf -n
              alias_maps = hash:/etc/aliases
              allow_mail_to_commands = alias,forward
              bounce_queue_lifetime = 0
              command_directory = /usr/sbin
              config_directory = /etc/postfix
              daemon_directory = /usr/libexec/postfix
              data_directory = /var/lib/postfix
              debug_peer_level = 2
              default_privs = nobody
              default_process_limit = 200
              html_directory = no
              inet_interfaces = 198.104.138.210
              local_recipient_maps =
              local_transport = error:local mail delivery is disabled
              mail_owner = postfix
              mailbox_size_limit = 0
              mailq_path = /usr/bin/mailq
              manpage_directory = /usr/local/man
              message_size_limit = 10240000
              mydestination =
              mydomain = ourdomain.tld
              myhostname = ourdomain.tld
              mynetworks = 216.167.119.0/24, 198.104.138.0/24, 198.104.136.128/25
              myorigin = ourdomain.tld
              newaliases_path = /usr/bin/newaliases
              queue_directory = /var/spool/postfix
              readme_directory = /etc/postfix
              recipient_delimiter = +
              relay_domains = ourdomain.tld
              relay_recipient_maps =
              sample_directory = /etc/postfix
              sendmail_path = /usr/sbin/sendmail
              setgid_group = postdrop
              smtpd_authorized_verp_clients = $mynetworks
              smtpd_recipient_limit = 10000
              transport_maps = hash:/etc/postfix/transport
              unknown_local_recipient_reject_code = 450

              /etc/postfix/transport:
              ourdomain.tld relay:[198.104.138.209]:25

              maillog:
              Aug 2 23:58:36 va4 postfix/smtp[9846]: 9858A758404: to=<nicwolff@... >, relay=198.104.138.209[198.104.138.209]:25, delay=1.1, delays=0.08/0.01/1/0, dsn=5.4.6, status=bounced (mail for [198.104.138.209]:25 loops back to myself)
            • Noel Jones
              ... Correct. http://www.postfix.org/postconf.5.html#postscreen_dnsbl_reply_map does not support macro expansion. ... You can use
              Message 6 of 7 , Aug 3, 2011
              • 0 Attachment
                On 8/3/2011 12:49 AM, Jeetu wrote:
                > On 02/08/11 8:02 PM, Wietse Venema wrote:
                >> If in doubt, read the fine documentation. As documented, postsceen
                >> currently does not have any controls to format the DNSBL reply
                >> (other than aliasing the DNSBL domain name).
                >
                > Fine Wietse, i found a workaround for this
                > i added the foll.
                > $cat /etc/postfix/dnsbl_reply
                > # Secret DNSBL name Name in postscreen(8) replies
                > spamhaus.myoffice.com zen.spamhaus.org;
                > http://www.spamhaus.org/query/bl?ip=${client_addr}
                >
                > But in logs I'm getting
                > Aug 3 11:13:16 inbound-in-1 postfix/postscreen[30561]: NOQUEUE:
                > reject: RCPT from [x.x.x.x]:3279: 550 5.7.1 Service unavailable;
                > client [x.x.x.x] blocked using zen.spamhaus.org;
                > http://www.spamhaus.org/query/bl?ip=${client_addr};
                > from=<junkyj6241@...>, to=<ttnguyen@...>, proto=ESMTP,
                > helo=<xxx.com>
                >
                > now the ${client_addr} is not getting substituted for original
                > client address.

                Correct.
                http://www.postfix.org/postconf.5.html#postscreen_dnsbl_reply_map
                does not support macro expansion.

                > is there any other way to display client address by postscreen?

                You can use
                http://www.postfix.org/postconf.5.html#postscreen_reject_footer
                to send additional data to the client. However, the footer isn't
                logged.

                I use this:
                postscreen_reject_footer = $smtpd_reject_footer
                smtpd_reject_footer = Contact postmaster@... for assistance.
                Include this data: servertime=($localtime)
                client=([$client_address]:$client_port) server=($server_name)


                >
                > Also i wanted to know if add postscreen_dnsbl_sites then do i need
                > to reject_rbl_client in smtpd_recipient_restrictions ?
                >

                Your choice. The caching behavior of dnsbl is a little different in
                smtpd vs. postscreen -- in particular, postscreen will
                auto-whitelist sites that pass dnsbl tests for $postscreen_dnsbl_ttl.
                http://www.postfix.org/postconf.5.html#postscreen_dnsbl_ttl



                -- Noel Jones
              • Wietse Venema
                Jeetu: [ Charset ISO-8859-1 unsupported, converting... ] ... R T F M. Postfix behaves as documented. Wietse
                Message 7 of 7 , Aug 3, 2011
                • 0 Attachment
                  Jeetu:
                  [ Charset ISO-8859-1 unsupported, converting... ]
                  > On 02/08/11 8:02 PM, Wietse Venema wrote:
                  > > If in doubt, read the fine documentation. As documented, postsceen
                  > > currently does not have any controls to format the DNSBL reply
                  > > (other than aliasing the DNSBL domain name).
                  >
                  > Fine Wietse, i found a workaround for this
                  > i added the foll.
                  > $cat /etc/postfix/dnsbl_reply
                  > # Secret DNSBL name Name in postscreen(8) replies
                  > spamhaus.myoffice.com zen.spamhaus.org;
                  > http://www.spamhaus.org/query/bl?ip=${client_addr}
                  >
                  > But in logs I'm getting
                  > Aug 3 11:13:16 inbound-in-1 postfix/postscreen[30561]: NOQUEUE: reject:
                  > RCPT from [x.x.x.x]:3279: 550 5.7.1 Service unavailable; client
                  > [x.x.x.x] blocked using zen.spamhaus.org;
                  > http://www.spamhaus.org/query/bl?ip=${client_addr};
                  > from=<junkyj6241@...>, to=<ttnguyen@...>, proto=ESMTP,
                  > helo=<xxx.com>
                  >
                  > now the ${client_addr} is not getting substituted for original client
                  > address.

                  R T F M. Postfix behaves as documented.

                  Wietse

                  > is there any other way to display client address by postscreen?
                  >
                  > Also i wanted to know if add postscreen_dnsbl_sites then do i need to
                  > reject_rbl_client in smtpd_recipient_restrictions ?
                  >
                  > --
                  > -Jeetu
                  >
                  >
                Your message has been successfully submitted and would be delivered to recipients shortly.