Wow…. Let me just say that I have typically been inundated with junk mail on my primary address. It’s associated with this domain and has been hosted in an older sendmail setup for quite some time (not really by choice, but because that’s what was installed on the old vps.) I’m currently migrating to postfix which I’m a bit more familiar with and had used successfully to at least tag my junk mail as SPAM for sorting at home. Well, my older postfix system didn’t have too many options to add on and tweak and so this weekend I’ve invested some time in migrating the main mail server over to a newer postfix install with amavis and postgrey and a few other tools.
Tag: postfix
-
Zarafa Exchange Server replacement and Postfix Integration for multiple domains with unique users
So, I’ve spent some time recently working with Zarafa. It’s an exchange replacement that has a completely open source version as well as a version with licenses for outlook if you want that level of integration. It’s web interface looks good and is an improvement on Exchange server’s capabilities with a non-IE browser. Anyway it can install on a linux server and integrate with several different MTA’s. Our choice was postfix since that was already installed for the purposes of processing forms on a webserver on the same host. Outgoing mail “just worked”, but postfix needed a bit of configuration to make the incoming mail work.
-
Bellsouth/ AT&T mail problems
I would dare say there are more than a couple people “out there” right now that are puzzled as to WHY some of their mail is bouncing back to them as being rejected. Right now I’m talking about Bellsouth / AT&T mail users…. it appears that this week AT&T is in the process of transitioning it’s outbound mail relays to a new address block. 207.115.11.51 – 207.115.11.56 – the names of these machines are fmailhost01.isp.att.net – fmailhost06.isp.att.net …. Yesterday I noticed 4/5/6 had been moved – today 3 has been moved over and I noticed only because a test message that I RUN through a (formerly) bellsouth system bounced back and made it through…. The problem is the address space that AT&T is making use of used to be in the dial up block of their service and SEVERAL online blacklists have not been notified of the change. It is not possible for an end user to FIX this problem, AT&T technicians need to contact http://www.au.sorbs.net/ (SORBS) Among other locations to help their customers. The only thing techs in control of individual mailservers can do is whitelist the new AT&T addresses. (Well you could disable whitelisting altogether, but that would probably be a big HELLO SPAM).
It may be even murkier a situation – they may using BOTH sets of IP addresses (old and new) for the time being… here are two log entries that would seem to confirm that…
Jul 25 16:47:09 xxxxx postfix/smtpd[7812]: disconnect from fmailhost03.isp.att.net[207.115.11.53]
Jul 25 16:47:09 xxxxx postfix/smtpd[7812]: connect from fmailhost03.isp.att.net[204.127.217.103]Strange… They may have some scheme to help work around this – because the connect from the 204. address immediately followed a DNS block of the connect from the 207 range address.
-
Blacklists and rejecting mail with Sendmail
A long time ago I had found how easy it was to reject messages outright with Postfix that came from non-existent domains. You know… junk from asdflkjuasdlfkjh@imadethisupmyselfanditsnotregisteredanywhere.com
Well, since the mailserver at THIS site runs sendmail I wanted to fix sendmail the same as my home server. My home server is postfix based and uses fetchmail to pull from the website. Since I had the rules set to reject non-existent domains at home it would essentially strand messages in the account here at the website which would then need to be cleaned out manually.
-
More postfix spam blocking and Whitelisting….
I almost forgot to pass along a link to a more comprehensive detailing of postfix’s anti-uce controls…. here. Also, in the last article I briefly mentioned whitelisting. IF you intend to have several blacklists active it will pay to learn how to whitelist before you HAVE to. To do so, I simply created a text file at /etc/postfix/whitelist and int hat file you enter IP address or hostname followed by OK…. like this….
1.2.3.4 OK
goodmachine.com OKBut… of course, there’s a bit more.
-
More postfix spam blocking….
Postfix has a NUMBER of tools for rejecting unwanted messages before they get in the door and waste your CPU time on deciding “hey this mail is spam”. Up until recently I’ve mostly used the relays.ordb.org check (which in the last couple months has now gone defunct.) When we started noticing problems with ordb.org’s responsiveness I planned to investigate other blacklisting options and found several. Obviously there are advantages and disadvantages to blacklisting. The first disadvantage is you have turned over control of blocking mail senders to an outside authority and you should familiarize yourself with THEIR policies for listing (and delisting) a server.
-
Is something up with ordb.org?
I’ve noticed several times in the last week a server of mine that is using postfix has rejected messages due to a failure in the lookup at relays.ordb.org. At first, I thought this was just a false positive in the database at ordb… but this morning I finally “caught it” while it was happening and went to pull up the ordb.org web page. It took…. 30-45 seconds and then proceeding to do a search on the rejected IP took another stretch. In looking at the logs it appears that there may be blanket rejections if the ordb.org check times out.
Here’s the postfix config setting….
smtpd_client_restrictions = permit_mynetworks,reject_rbl_client relays.ordb.org -
Mail command missing in ubuntu by default
Not really, news, but I was reminded again this evening that mail is not available at the command line in recent default installs of Ubuntu (or kubuntu /xubuntu). If you’re like me and make use of this for scripting notifications…. you’ll need to sudo apt-get install mailx (and a MTA like postfix.) Mailx requires postfix/sendmail/qmail and that’s why it’s not installed by default so users don’t have an MTA sitting on their system for no good reason.
-
Peculiar SPAM
I’m getting a new flush of strange junk mails the last day. Most have a subject of either “EIN (Einer!!) Menschenhaendler und Brandstifter laueft frei herum” or a slight variation “EIN Menschenhaendler (und Brandstifter) laueft frei herum” They all claim to be from “WWW daemon apache
”