Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I'm having an issue with a newly configured mailserver where spam emails that are spoofed to come from the local domain are actually accepted by the mailserver, the mail isnt delivered as is though, the spamassassin tags it as spam and then send an email "Undelivered Mail Returned to Sender" to the spoofed local user.
I know there is a way of fixing this in the configuration but i have no idea where, i'm hoping someone can point me in the right direction.
To be clear, the mailserver is not relaying, this is only a local user issue.
I want postfix to reject any emails supposedly from local users that aren't sent internally. It would stop this problem.
Here is an email to show you whats happening. I've changed the domain to example.com.au.
###############################################
This is the mail system at host example.com.au.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
: host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, id=11887-07 - SPAM (in reply to end of DATA command) ?
Reporting-MTA:dns; example.com.au
X-Postfix-Queue-ID: 661DC5D1DE
X-Postfix-Sender: rfc822; dan#example.com.au
Arrival-Date: Tue, 5 May 2009 06:21:38 +1000 (EST)
Final-Recipient: rfc822;dan#example.com.au
Original-Recipient:rfc822;dan#example.com.au
Action: failed Status: 5.7.0
Remote-MTA: dns; 127.0.0.1
Diagnostic-Code: smtp; 554 5.7.0 Reject, id=11887-07 - SPAM ?
From: Berenice Penez
Date: Mon, 4
May 2009 22:21:41 +0200
To: Subject: Were it you, on forum?
Reliable quality and no delays with
delivery! Super online store for
disease treating
http://www.xopfekec.cn/
###############################################
Postfix main.cf (the important parts, not complete)
readme_directory = /usr/share/doc/postfix
mydomain_fallback = localhost
message_size_limit = 0
mailbox_size_limit = 0
myhostname = example.com.au
mailbox_transport = cyrus
mydomain = example.com.au
inet_interfaces = all
enable_server_options = yes
mydestination = $myhostname,localhost.$mydomain,localhost,example.com.au
smtpd_sasl_auth_enable = yes
smtpd_use_pw_server = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_unknown_recipient_domain,reject_unknown_sender_domain,reject_invalid_hostname
smtpd_pw_server_security_options = plain,login
content_filter = smtp-amavis:[127.0.0.1]:10024
mynetworks = 127.0.0.0/8, 10.0.1.0/24
smtpd_client_restrictions = permit_sasl_authenticated,reject_rbl_client dnsbl.sorbs.net
A few different points:
This should be on serverfault.com, but since I'm not on the beta there I'll answer it here.
The output of postconf -n is better than including what you think are the relevant lines in main.cf. Also include relevant lines from master.cf if you have parameter overrides or other customisations in there.
Don't accept then bounce mail like that. If you are using SpamAssassin as an after-queue filter in Postfix (the usual way of running it), you need to either tag-and-deliver (and filter with client-side rules) or quarantine the mail without notifying the sender. From the look of your question, you are probably a backscatter source. Stop it. See for example http://www.postfix.org/BACKSCATTER_README.html. Do consider amavisd-new for integrating SpamAssassin into Postfix with all kinds of useful features.
Consider collapsing all of your restrictions into smtpd_recipient_restrictions. It's generally easier to manage the linear flow of restrictions like that than to deal with the interactions between smtpd_{client,helo,sender,recipient}_restrictions.
To prevent Postfix from accepting mail from outside, add a sender_access map that rejects mail claiming to be from your domains:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_sender_access hash:$config_directory/reject_mydomains
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
reject_invalid_hostname
And in reject_mydomains
example.com.au REJECT you are not me
This will probably be prone to false positives with mail that comes from senders with a legitimate(?) reason to use your domain as the envelope sender (E-cards, invitations, maybe some outsourced service like surveys or whatnot). You can whitelist around your you-are-not-me rules with a client_access map before your sender_access map that returns OK or an appropriate restriction class (see http://www.postfix.org/RESTRICTION_CLASS_README.html).
You can use similar HELO checks to weed out clients HELO-ing with your own Hostname/IP or known bad HELO strings
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_helo_access hash:$config_directory/helo_checks
check_sender_access hash:$config_directory/reject_mydomains
reject_unknown_recipient_domain,
reject_unknown_sender_domain,
reject_invalid_hostname
and in helo_checks:
example.com.au REJECT BAD-HELO you are not example.com.au
mailserver.example.com.au REJECT BAD-HELO you are not me
localhost REJECT BAD-HELO you are not me
localhost.localdomain REJECT BAD-HELO you are not me
# where 1.2.3.4 is the IP of your server
1.2.3.4 REJECT BAD-HELO you are not me
127.0.0.1 REJECT BAD-HELO you are not me
Lastly, it's a very good idea to subscribe to a good reputation service such as an RBL. The best RBL for most purposes is zen.spamhaus.org. It's free to use for light to moderate loads, and if your usage is high enough to cross over their free/paid threshold, the cost is well worth it. To configure in Postfix, add
reject_rbl_client zen.spamhaus.org
to your smtpd_recipient_restrictions. Do that after your cheap local checks to save on DNS query load and latency, but before expensive local checks like reject_unverified_recipient (you aren't using that one and probably don't need it from your problem description).
Related
We from the the Swiss umbrella association for youth parliaments (DSJ) use TYPO3 as the backbone of our website. Next to TYPO3, we also use the CRM software hitobito, which allows us to create "Abos" with "mailing lists". However, this service is currently not working since Hitobito has recently changed its mail server. I have already changed the server addresses manually in our 365 Admin microsoft account and the changes have been verified by the Hitobito support.
This is where TYPO3 comes into play. The support staff from Hitobito suspects that the mail server configurations must also be changed in TYPO3. I, as a layman, have no clue where to make such changes, however. I was hoping you could help me out here. I believe the following information must be updated in the TYPO3 configuration:
*For the new mail server:
crm.dsj.ch IN MX 10 app.hitobito.ch.
For the outgoing mail server:
crm.dsj.ch 3600 IN TXT "v=spf1 a:mxout.appuio.ch -all*
The information you gave has nothing to do with TYPO3 but is part of the domain record. You should approach your domain registrar (seems to be https://www.visol.ch/ according to whois) with that.
The 1st one is to designate the mail server app.hitobito.ch for all incoming mail to recipients ...#crm.dsj.ch (so-called MX record).
And the 2nd one is to lower the spam level for outgoing mails from senders ...#crm.dsj.ch from the server mxout.appuio.ch (so-called SPF).
Is your webserver supposed to send mails, too? If so and you have problems with receiving these mails, I suggest to use the InstallTool's "test mail" function and send a mail to https://www.mail-tester.com/ - a great tool to identify spam-related problems.
We have set up Odoo 8 as a multi-user helpdesk tool, which creates a new project issue for each incoming mail. Incoming and outgoing servers are configured correctly and system parameters are set to
mail.catchall.domain: company.tld
mail.catchall.alias: helpdesk
mail.bounce.alias: bounce
The problem now is that every time a user comments the mail thread to answer the original issue creator, a new mail is generated with header
FROM: [user]#company.tld
TO: [followers]
REPLY-TO: helpdesk#company.tld
Which is totally fine but leads to a sending failure due to our SMTP configuration. To get around this we want to achieve that all outgoing E-Mails are sent from the same specified address, like helpdesk#company.tld, no matter which user response to the thread.
How do we achieve this?
I had specific issue when I was working on Odoo 8 and I found fix but its not recommended action from developer view, because changing odoo source code is not recommended and changes can be lost.
So what I did was to change email from address to real email from address. Yes it's weird but that's how Odoo works. Odoo is always sending from one specific email address and changes email from to user email address, but if you will look at email carefully you will notice that real sender is always same.
The fix is changing this line
smtp_from = message['Return-Path']
to this line
smtp_from = tools.config.get('email_from')
in openerp/addons/base/ir/ir_mail_server.py file.
PS I don't like this solution.
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 months ago.
Improve this question
I recently migrated from Courier to Dovecot. The main guide I followed for configuring Postfix + MySQL + Dovecot was this one: https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql
Everything works perfect, but when I change the mail address in the mail client, leaving the correct login and password for the servers, and send an email with that fake mail (and domain) address, Postfix just sends it, without verifying if that email address existed in the database and without verifying if that email address was even mine.
So, there must be something wrong with my SMTP configuration.
This is my actual configuration:
# Requirements for the sender details
smtpd_reject_unlisted_sender = yes
smtpd_reject_unlisted_recipient = yes
smtpd_sender_restrictions =
warn_if_reject,
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining,
reject_unlisted_sender,
reject_unverified_sender,
permit
# Requirements for the connecting server
smtpd_client_restrictions =
reject_rbl_client zen.spamhaus.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client bl.spamcop.net,
permit
# Requirement for the recipient address
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unlisted_recipient,
reject_unverified_recipient,
check_policy_service inet:127.0.0.1:10023,
permit
smtpd_data_restrictions =
reject_unauth_pipelining
# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
isable_vrfy_command = yes
Anyone?
The reject_unlisted_sender restriction listed in smtpd_sender_restrictions is listed after permit_mynetworks and permit_sasl_authenticated. Postfix traverses the restriction list in order and terminates when it hits the first permit/reject and hence never reaches reject_unlisted_sender. Since your message wasn't rejected by reject_unauth_destination it must've been accepted because of permit_mynetworks or permit_sasl_authenticated.
Additionally, unless the sender address you used had a domain part that was actually "owned" by Postfix (i.e. listed in mydestination, virtual_mailbox_domains, virtual_alias_domains, or relay_domains), it can't be validated and reject_unlisted_sender won't work. See details in the postconf(5) man page.
Other observations:
The warn_if_reject restriction is placed before permit_mynetworks. Because the latter never rejects anything the warn_if_reject restriction serves no purpose.
Since you explicitly use reject_unlisted_recipient and reject_unlisted_sender, setting smtpd_reject_unlisted_sender and smtpd_reject_unlisted_recipient isn't necessary.
The final permit at the end of (nearly) every list is implicit and can be dropped.
Unless it's a copy/paste mistake, you've misspelled disable_vrfy_command.
I'd suggest you merge the client and sender restriction lists into smtpd_recipient_restrictions. With smtpd_delay_reject enabled all restrictions will be evaluated at the recipient stage anyway, and a single list usually makes the configuration easier to understand.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I (like most tech admins I guess) have quite a lot of status infos from scheduled services in my inbox. However when one service email fails there's obviously no email sent. So I simply want a service looking at my inbox saying "Hey this service did not send an email report yesterday - somethings wrong!".
This one should be solved somewhere I guess. Perhaps Gmail (or some other email provider) has a service of this kind, that would be great.
Wouldn't it be a better option to have a centralized monitoring solution like Nagios that you configure in such way that it only send out notifications when a service misses its heartbeat, reaches highwatermarks, run out of fuel? And then off course of a second monitoring solution that monitors the main monitoring solution....
http://www.nagios.org/documentation
I'm not aware of any service you describe but a manual routine might go like this:
Have a folder/tag structure like this:
Services\Hourly-[NumberOfServices] (or add a folder per service)
Services\Daily-[NumberOfServicves]
Services\Weekly-[NumberOfServicves]
Services\Monthly-[NumberOfServicves]
Have rules for incoming mail to filter each specific service notification and move it to the right folder based on its expected timing.
Wakeup every hour and check if there are unread messages in your Hourly folder. The number of unread should be the same as the NumberOfServices mentioned in the folder. Read/Process them and make sure to all mark them as Read. Any service that didn't e-mailed get's spotted easily.
Wakeup at 0:00 and check if there are unread messages in your Daily folder. etc etc..
Wakeup at 0:00 and Saturday and check if there are unread messages in your Weekly folder. etc.....
Wakeup at 0:00 on the first of the month and check if there are unread messages in your Weekly folder. etc etc etc...
My advice would be to cut down the noise generated by the services.
If you still feel you need a service I can only provide a very very basic .Net implementation roughly based on the above process and works with gmail...
This is also portable to powershell...
static void Main(string[] args)
{
var resolver = new XmlUrlResolver
{
Credentials = new NetworkCredential("yourgoolgeaccount", "yourpassword")
};
var settings = new XmlReaderSettings();
settings.XmlResolver = resolver;
var xr = XmlReader
.Create("https://mail.google.com/mail/feed/atom/[name of your filter]"
, settings);
var navigator = new XPathDocument(xr).CreateNavigator();
var ns = new XmlNamespaceManager(new NameTable());
ns.AddNamespace("fd", "http://purl.org/atom/ns#");
var fullcountNode = navigator.SelectSingleNode(
"/fd:feed/fd:fullcount"
, ns);
Console.WriteLine(fullcountNode.Value);
int fullcount = Int32.Parse(fullcountNode.Value);
int expectCount = 10;
if (expectCount > fullcount)
{
Console.WriteLine("*** NOT EVERY ONE REPORTED BACK");
}
}
You mentioned Gmail, so you may be interested in googlecl, which gives you command-line controls for things like Google Calendar and Docs. Unfortunately they do not yet support Gmail, but if your long-term preference is to use a Gmail account as the hub of your status reports, then googlecl may be your best option.
In the short run, you can try out googlecl right now using the commands for Calendar, Blogger, or Docs, all of which are already supported. For example, these commands add events to Google Calendar:
google calendar add --cal server1 "I'm still alive at 13:45 today"
google calendar add "Server 1 is still alive at 2011-02-08 19:43"
...and these commands query the calendar:
google calendar list --fields title,when,where --cal "commitments"
google calendar list -q party --cal ".*"
Come to think of it, you may even find that Calendar, Blogger, or Docs are a more appropriate place than Gmail for tracking status updates. For example, a spreadsheet or calendar format should make it easier to generate a graphical representation of when a given service was up or down.
You still need to write a little program which uses googlecl to query the calendar (or blog, or docs, or whatever), but once you have simple command lines at your disposal, the rest should be pretty straightforward. Here's a link to further information about googlecl:
http://code.google.com/p/googlecl/
If you really want to use Gmail, and use it right now, they offer an IMAP interface. Using IMAP, you can perform numerous simple operations, such as determining if a message exists which contains a specified subject line. Here's one good place to learn about the details:
http://mail.google.com/support/bin/answer.py?hl=en&answer=75725
Here's a quick example that uses IMAP and Python to list the ten most-recent emails which have a given Gmail "Label":
import getpass, imaplib
# These gmail_* utilties are from https://github.com/drewbuschhorn/gmail_imap
import gmail_mailboxes, gmail_messages, gmail_message
# Update these next lines manually, or turn them into parms or somesuch.
gmail_account_name = "your_user_name#gmail.com" # Your full gmail address.
mailbox_name = "StatusReports" # Use Gmail "labels" to tag the relevant msgs.
class gmail_imap:
def __init__ (self, username, password):
self.imap_server = imaplib.IMAP4_SSL("imap.gmail.com",993)
self.username = username
self.password = password
self.loggedIn = False
self.mailboxes = gmail_mailboxes.gmail_mailboxes(self)
self.messages = gmail_messages.gmail_messages(self)
def login (self):
self.imap_server.login(self.username,self.password)
self.loggedIn = True
def logout (self):
self.imap_server.close()
self.imap_server.logout()
self.loggedIn = False
# Right now this prints a summary of the most-recent ten (or so) messages
# which have been labelled in Gmail with the string found in mailbox_name.
# It won't work unless you've used Gmail settings to allow IMAP access.
if __name__ == '__main__':
gmail = gmail_imap(gmail_account_name,getpass.getpass())
gmail.messages.process(mailbox_name)
for next in gmail.messages:
message = gmail.messages.getMessage(next.uid)
# This is a good point in the code to insert some kind of search
# of gmail.messages. Instead of unconditionally printing every
# entry (which is what the code below does), issue some sort of
# warning if the expected email (message.From and message.Subject)
# did not arrive within the expected time frame (message.date).
print message.date, message.From, message.Subject
gmail.logout()
As noted in the code comments, you could adapt it to issue some sort of warning if the most-recent messages in that mailbox do not contain an expected message. Then just run the Python program once per day (or whatever time period you require) to see if the expected email message was never received.
What would be a good starting point for me to learn about creating an email server?
Basically, what I want to do is have a server (such as foo.com) recieving mail for me so if I send an email to (blah#foo.com) it will dump the contents of the email into /mail/blah/subject and then send it off to my REAL email account.
I'm looking to do this as a programming exercise, so links to RFCs, etc. would be nice. Reinventing the wheel is a good way to learn about wheels.
EDIT: Feel free to retag this appropriately.
Edit: I provided some headings and divided RFCs by topic. I hope it's more accessible now. It's quite a list, and I wish I could format it any better, but unfortunately, that's about it.
Since you mentioned you don't really know what you need, let me clarify:
If you only want to implement a simple "proxy" server that sits in between your MUA (email client) and "real" server, you can probably get away with only implementing basic SMTP functionality. This will allow you to send messages, i.e. to submit messages to an MTA.
POP3 is for email clients to pull messages off of your server, while IMAP is an alternative to POP3 with a somewhat different feature set, mainly providing an on- or offline mode which can be thought of like managing remote folders (i.e. mailboxes).
MIME specifies the format of the contents of e-mail messages in presence of multi-part messages, attachments etc.
Internet Message format (also defines e-mail address format)
http://www.faqs.org/rfcs/rfc822.html
http://www.faqs.org/rfcs/rfc2822.html
SMTP:
http://www.faqs.org/rfcs/rfc821.html
Update to SMTP/RF821:
http://www.faqs.org/rfcs/rfc5321.html
SMTP-AUTH:
http://www.faqs.org/rfcs/rfc2554.html
Message submission (i.e. for the application to be acting as a MUA):
http://www.faqs.org/rfcs/rfc2476.html
IMAPv4:
http://www.faqs.org/rfcs/rfc1730.html
IMAPv4rev1:
http://www.faqs.org/rfcs/rfc2060.html
POP3:
http://www.faqs.org/rfcs/rfc1081.html
http://www.faqs.org/rfcs/rfc1939.html
http://www.faqs.org/rfcs/rfc1957.html
POP3 extensions:
http://www.faqs.org/rfcs/rfc2449.html
Authorization for POP/IMAP:
http://www.faqs.org/rfcs/rfc2195.html
TLS for POP3 and IMAP:
http://www.faqs.org/rfcs/rfc2595.html
AUTH-RESP-CODE for POP3:
http://www.faqs.org/rfcs/rfc3206.html
POP3 simple authentification:
http://www.faqs.org/rfcs/rfc5034.html
MIME, which is composed of 5 RFCs:
http://www.faqs.org/rfcs/rfc2045.html
http://www.faqs.org/rfcs/rfc2046.html
http://www.faqs.org/rfcs/rfc2047.html
http://www.faqs.org/rfcs/rfc4288.html
http://www.faqs.org/rfcs/rfc4289.html
http://www.faqs.org/rfcs/rfc2049.html