From thom at vdb.nl Tue Jun 1 12:58:21 2021 From: thom at vdb.nl (Thom van der Boon) Date: Tue, 1 Jun 2021 12:58:21 +0000 (UTC) Subject: New distro In-Reply-To: References: <686408252.132203.1622470398632.JavaMail.zimbra@vdb.nl> Message-ID: <2056743221.136679.1622552301904.JavaMail.zimbra@vdb.nl> Hi, This how-to is not complete yet: https://vanderboon.net/2021/06/01/installing-mailscanner-5-4-with-postfix-on-ubuntu-20-04-lts/ Met vriendelijke groet, Mit freundlichen Gr??en, Best regards, Thom van der Boon E-Mail: thom at vdb.nl Catalogus 2020 (NL): [ https://vdb.eu/media/VDB_Catalogus_NL_2020_web.pdf | https://vdb.eu/media/VDB_Catalogus_NL_2020_web.pdf ] Katalog 2020 (Deutsch): [ https://vdb.eu/media/VDB_Katalog_DE_2020_web.pdf | https://vdb.eu/media/VDB_Katalog_DE_2020_web.pdf ] ===== Thom.H. van der Boon b.v. Transito 4 6909 DA Babberich Tel.: +31 (0)88 4272727 Fax: +31 (0)88 4272789 Home Page: http://www.vdb.nl/ Van: "Josep M Gorro" Aan: "MailScanner Discussion" Verzonden: Maandag 31 mei 2021 16:31:43 Onderwerp: Re: New distro Really great Thom . Waiting for this doc. Missatge de Thom van der Boon < [ mailto:thom at vdb.nl | thom at vdb.nl ] > del dia dl., 31 de maig 2021 a les 16:13: Hi Josep, I am currently writing a install how-to for MailScanner with Postfix on Ubuntu 20.04 LTS. Should be ready later today Met vriendelijke groet, Mit freundlichen Gr??en, Best regards, Thom van der Boon Van: "Josep M Gorro" < [ mailto:jmgorro at gmail.com | jmgorro at gmail.com ] > Aan: "MailScanner Discussion" < [ mailto:mailscanner at lists.mailscanner.info | mailscanner at lists.mailscanner.info ] > Verzonden: Maandag 31 mei 2021 15:24:52 Onderwerp: New distro Hello list. Worried about what to do once RedHat announced Centos8 becomes pre-release version, I'm planning to migrate to Ubuntu LTS version. But any documentation has been found using Google search engine. I have MailScanner with ClamAV and Postfix running fine but I would like to upgrade to MailScanner 5 over an stable Linux distro. Are there any documentation to use Ubuntu instead of Centos? Why the User's guide have not been updated since 2007? Thanks for your help. -- MailScanner mailing list [ mailto:mailscanner at lists.mailscanner.info | mailscanner at lists.mailscanner.info ] [ http://lists.mailscanner.info/mailman/listinfo/mailscanner | http://lists.mailscanner.info/mailman/listinfo/mailscanner ] -- MailScanner mailing list [ mailto:mailscanner at lists.mailscanner.info | mailscanner at lists.mailscanner.info ] [ http://lists.mailscanner.info/mailman/listinfo/mailscanner | http://lists.mailscanner.info/mailman/listinfo/mailscanner ] -- [ http://www.linkedin.com/in/jmgorro | http://www.linkedin.com/in/jmgorro ] -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at barendse.to Fri Jun 4 08:35:18 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Fri, 4 Jun 2021 10:35:18 +0200 (CEST) Subject: New distro In-Reply-To: <2056743221.136679.1622552301904.JavaMail.zimbra@vdb.nl> References: <686408252.132203.1622470398632.JavaMail.zimbra@vdb.nl> <2056743221.136679.1622552301904.JavaMail.zimbra@vdb.nl> Message-ID: <63acaee9-987f-4924-27d6-2abb441f186a@barendse.to> Great, will have a look as well. Thanks so much for the efforts Groetjes uit Amsterdam :) On Tue, 1 Jun 2021, Thom van der Boon wrote: > Hi, > > This how-to is not complete yet: > > https://vanderboon.net/2021/06/01/installing-mailscanner-5-4-with-postfix-on-ubuntu-20-04-lts/ > > Met vriendelijke groet, Mit freundlichen Gr??en, Best regards, > > > Thom van der Boon > E-Mail: thom at vdb.nl > > Catalogus 2020 (NL): https://vdb.eu/media/VDB_Catalogus_NL_2020_web.pdf > Katalog 2020 (Deutsch): https://vdb.eu/media/VDB_Katalog_DE_2020_web.pdf > > ===== > > > > Thom.H. van der Boon b.v. > Transito 4 > 6909 DA? Babberich > Tel.: +31 (0)88 4272727 > Fax: +31 (0)88 4272789 > Home Page: http://www.vdb.nl/ > > __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ > Van: "Josep M Gorro" > Aan: "MailScanner Discussion" > Verzonden: Maandag 31 mei 2021 16:31:43 > Onderwerp: Re: New distro > > Really great Thom. > Waiting for this doc. > > Missatge de Thom van der Boon del dia dl., 31 de maig 2021 a les 16:13: > Hi Josep, > > I am currently writing a install how-to for MailScanner with Postfix on Ubuntu 20.04 LTS. Should be ready later today > > Met vriendelijke groet, Mit freundlichen Gr??en, Best regards, > > > Thom van der Boon > > __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ > Van: "Josep M Gorro" > Aan: "MailScanner Discussion" > Verzonden: Maandag 31 mei 2021 15:24:52 > Onderwerp: New distro > > Hello list. > Worried about what to do once RedHat announced Centos8 becomes pre-release version, I'm planning to migrate to Ubuntu LTS version. But any documentation has been found using Google search engine. > I have MailScanner with ClamAV and Postfix running fine but I would like to upgrade to MailScanner 5 over an stable Linux distro. > Are there any documentation to use Ubuntu instead of Centos? > Why the User's guide have not been updated since 2007? > Thanks for your help. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > > http://www.linkedin.com/in/jmgorro > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From belle at bazuin.nl Fri Jun 4 08:43:28 2021 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Fri, 4 Jun 2021 10:43:28 +0200 Subject: New distro In-Reply-To: <63acaee9-987f-4924-27d6-2abb441f186a@barendse.to> References: <2056743221.136679.1622552301904.JavaMail.zimbra@vdb.nl> Message-ID: Hai, I had a small look also. It sure looks nice, but we can even reduce few steps and packages. I'll make a rewrite of it for Debian 10, maybe today, most problely next week. then its done i'll mail it to you Thom. Then you can add it to you site. Groetjes uit Rotterdam ;-) Louis > -----Oorspronkelijk bericht----- > Van: MailScanner > [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. > info] Namens Remco Barendse > Verzonden: vrijdag 4 juni 2021 10:35 > Aan: MailScanner Discussion > Onderwerp: Re: New distro > > Great, will have a look as well. > > Thanks so much for the efforts > > Groetjes uit Amsterdam :) > > On Tue, 1 Jun 2021, Thom van der Boon wrote: > > > Hi, > > > > This how-to is not complete yet: > > > > > https://vanderboon.net/2021/06/01/installing-mailscanner-5-4-w > ith-postfix-on-ubuntu-20-04-lts/ > > > > Met vriendelijke groet, Mit freundlichen Gr??en, Best regards, > > > > > > Thom van der Boon > > E-Mail: thom at vdb.nl > > > > Catalogus 2020 (NL): > https://vdb.eu/media/VDB_Catalogus_NL_2020_web.pdf > > Katalog 2020 (Deutsch): > https://vdb.eu/media/VDB_Katalog_DE_2020_web.pdf > > > > ===== > > > > > > > > Thom.H. van der Boon b.v. > > Transito 4 > > 6909 DA? Babberich > > Tel.: +31 (0)88 4272727 > > Fax: +31 (0)88 4272789 > > Home Page: http://www.vdb.nl/ > > > > > ______________________________________________________________ > ______________________________________________________________ > ______________________________________________________________ > ________________________________________________ > > Van: "Josep M Gorro" > > Aan: "MailScanner Discussion" > > Verzonden: Maandag 31 mei 2021 16:31:43 > > Onderwerp: Re: New distro > > > > Really great Thom. > > Waiting for this doc. > > > > Missatge de Thom van der Boon del dia dl., 31 > de maig 2021 a les 16:13: > > Hi Josep, > > > > I am currently writing a install how-to for MailScanner > with Postfix on Ubuntu 20.04 LTS. Should be ready later today > > > > Met vriendelijke groet, Mit freundlichen Gr??en, Best regards, > > > > > > Thom van der Boon > > > > > ______________________________________________________________ > ______________________________________________________________ > ______________________________________________________________ > ________________________________________________ > > Van: "Josep M Gorro" > > Aan: "MailScanner Discussion" > > Verzonden: Maandag 31 mei 2021 15:24:52 > > Onderwerp: New distro > > > > Hello list. > > Worried about what to do once RedHat announced Centos8 > becomes pre-release version, I'm planning to migrate to > Ubuntu LTS version. But any documentation has been found > using Google search engine. > > I have MailScanner with ClamAV and Postfix running fine but > I would like to upgrade to MailScanner 5 over an stable Linux distro. > > Are there any documentation to use Ubuntu instead of Centos? > > Why the User's guide have not been updated since 2007? > > Thanks for your help. > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > -- > > > > http://www.linkedin.com/in/jmgorro > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From mailscanner at barendse.to Tue Jun 8 14:30:52 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Tue, 8 Jun 2021 16:30:52 +0200 (CEST) Subject: New distro In-Reply-To: <2056743221.136679.1622552301904.JavaMail.zimbra@vdb.nl> References: <686408252.132203.1622470398632.JavaMail.zimbra@vdb.nl> <2056743221.136679.1622552301904.JavaMail.zimbra@vdb.nl> Message-ID: OK, based on the instructions by Thom and with some help of L.P.H. van Belle pointing me in the right direction I have scripted the install a little bit. I re-grouped the instructions by Thom and divided it in a postfix part, a SpamAssassin part and a MailScanner part. Script will not give a working mailscanner system but helps someone to be able to simply copy/paste a lot of the stuff. I yet need to figure out some things. Can I forward scanned mail to exchange by putting this in /etc/postfix/transport : mynicedomain.com smtp:[10.1.0.60] #!/bin/sh # Inspired on instructions from : # https://vanderboon.net/2021/06/01/installing-mailscanner-5-4-with-postfix-on-ubuntu-20-04-lts/ # https://sites.google.com/site/wikirolanddelepper/mailscanner/configure-postfix-for-mailscanner # https://serverfault.com/questions/280585/how-do-i-configure-postfix-to-deliver-mail-for-specified-domains-to-another-host echo 'Install postfix - When asked choose ?No configuration' ; sleep 5 sudo apt -y install postfix # Example postfix (main.cf) : /usr/share/postfix/main.cf.debian # To view Postfix configuration values, see postconf(1). sudo touch /etc/postfix/header_checks sudo echo "/^Received:/ HOLD" > /etc/postfix/header_checks sudo touch /etc/postfix/acces sudo touch /etc/postfix/relay_recipients sudo touch /etc/postfix/transport sudo touch /etc/postfix/virtual sudo mkdir -p /var/spool/MailScanner/incoming sudo mkdir /var/spool/postfix/hold sudo mkdir /var/spool/postfix/incoming sudo chown postfix. /var/spool/postfix/hold sudo chown postfix. /var/spool/postfix/incoming sudo chown postfix. /var/spool/MailScanner/incoming sudo chown postfix. /var/spool/MailScanner/quarantine sudo echo '#!/bin/sh' > /usr/local/etc/postfix-db sudo echo 'cd /etc/postfix' >> /usr/local/etc/postfix-db sudo echo 'newaliases' >> /usr/local/etc/postfix-db sudo echo '/usr/sbin/postmap /etc/postfix/virtual' >> /usr/local/etc/postfix-db sudo echo '/usr/sbin/postmap /etc/postfix/transport' >> /usr/local/etc/postfix-db sudo echo '/usr/sbin/postmap /etc/postfix/access' >> /usr/local/etc/postfix-db sudo echo '/usr/sbin/postmap /etc/postfix/relay_recipients' >> /usr/local/etc/postfix-db sudo chmod a+x /usr/local/etc/postfix-db # and we will start it later sudo cat main.cf > /etc/postfix/main.cf sudo sed -i 's/mail.yourdomain.com/gw1.mynicedomain.com/g' /etc/postfix/main.cf sudo sed -i 's/10.0.0.0\/24/10.0.0.0\/8/g' /etc/postfix/main.cf sudo sed -i 's/mydestination = $myhostname, localhost.$mydomain, localhost/mydestination = $gw1, localhost.$mynicedomain.com, localhost/g' /etc/postfix/main.cf sudo sed -i 's/relay_domains = yourdomain.com yourotherdomain.com yourveryfantasticdomain.com/relay_domains = mynicedomain.com/g' /etc/postfix/main.cf echo 'Install ClamAV' ; sleep 5 sudo apt install -y clamav clamav-daemon sudo systemctl enable clamav-daemon sudo systemctl enable clamav-freshclam sudo systemctl stop clamav-daemon sudo sed -i 's/LocalSocketGroup clamav/LocalSocketGroup mtagroup/g' /etc/clamav/clamd.conf sudo chown -R postfix.mtagroup /etc/clamav sudo usermod -a -G mtagroup postfix ; sudo usermod -a -G mtagroup clamav sudo systemctl restart clamav-daemon echo 'SpamAssassin install' ; sleep 5 sudo apt -y install spamassassin apt-get -y install libyaml-perl libtest-manifest-perl libbusiness-isbn-data-perl libbusiness-isbn-perl libtest-pod-perl libmodule-build-perl libinline-perl libencode-detect-perl libnet-ldap-perl libnet-cidr-lite-perl libio-string-perl libnet-dns-resolver-programmable-perl # Couldn't find : # Digest::SHA1 (think it's in libdigest-sha-perl ?) # IP::Country (is it in libgeo-ipfree-perl ?) # Mail::ClamAV # Mail::SPF::Query (i think it's in spf-tools-perl ?) # SAVI sudo wget -O /etc/mail/spamassassin/KAM.cf https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf sudo wget -O /etc/cron.hourly/KAM.cf.sh https://dutchspamassassinrules.nl/DSR/contrib/KAM.cf.sh sudo wget -O /etc/mail/spamassassin/DSR.cf https://dutchspamassassinrules.nl/DSR/DSR.cf sudo wget -O /etc/cron.hourly/DSR.cf.sh https://dutchspamassassinrules.nl/DSR/DSR.cf.sh echo 'MailScanner install' ; sleep 5 sudo echo "# For use with MailScanner" >> /etc/apparmor.d/usr.sbin.clamd sudo echo "/var/spool/MailScanner/** rw," >> /etc/apparmor.d/usr.sbin.clamd sudo echo "/var/spool/MailScanner/incoming/** rw," >> /etc/apparmor.d/usr.sbin.clamd sudo wget -O /tmp/MailScanner.noarch.deb https://github.com/MailScanner/v5/releases/download/5.3.4-3/MailScanner-5.3.4-3.noarch.deb sudo apt -y install /tmp/MailScanner.noarch.deb #Complete config of PostFix + MailScanner, then sudo mkdir /var/spool/MailScanner/spamassassin sudo chown postfix.postfix /var/spool/MailScanner/spamassassin sudo /usr/local/etc/postfix-db sudo systemctl enable postfix sudo systemctl restart postfix sudo sed -i 's/run_mailscanner=0/run_mailscanner=1/g' /etc/MailScanner/defaults sudo systemctl enable mailscanner sudo systemctl start mailscanner On Tue, 1 Jun 2021, Thom van der Boon wrote: > Hi, > > This how-to is not complete yet: > > https://vanderboon.net/2021/06/01/installing-mailscanner-5-4-with-postfix-on-ubuntu-20-04-lts/ > > Met vriendelijke groet, Mit freundlichen Gr??en, Best regards, > > > Thom van der Boon > E-Mail: thom at vdb.nl > > Catalogus 2020 (NL): https://vdb.eu/media/VDB_Catalogus_NL_2020_web.pdf > Katalog 2020 (Deutsch): https://vdb.eu/media/VDB_Katalog_DE_2020_web.pdf > > ===== > > > > Thom.H. van der Boon b.v. > Transito 4 > 6909 DA? Babberich > Tel.: +31 (0)88 4272727 > Fax: +31 (0)88 4272789 > Home Page: http://www.vdb.nl/ > > __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ > Van: "Josep M Gorro" > Aan: "MailScanner Discussion" > Verzonden: Maandag 31 mei 2021 16:31:43 > Onderwerp: Re: New distro > > Really great Thom. > Waiting for this doc. > > Missatge de Thom van der Boon del dia dl., 31 de maig 2021 a les 16:13: > Hi Josep, > > I am currently writing a install how-to for MailScanner with Postfix on Ubuntu 20.04 LTS. Should be ready later today > > Met vriendelijke groet, Mit freundlichen Gr??en, Best regards, > > > Thom van der Boon > > __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ > Van: "Josep M Gorro" > Aan: "MailScanner Discussion" > Verzonden: Maandag 31 mei 2021 15:24:52 > Onderwerp: New distro > > Hello list. > Worried about what to do once RedHat announced Centos8 becomes pre-release version, I'm planning to migrate to Ubuntu LTS version. But any documentation has been found using Google search engine. > I have MailScanner with ClamAV and Postfix running fine but I would like to upgrade to MailScanner 5 over an stable Linux distro. > Are there any documentation to use Ubuntu instead of Centos? > Why the User's guide have not been updated since 2007? > Thanks for your help. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > > http://www.linkedin.com/in/jmgorro > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From cobalt-users1 at fishnet.co.uk Wed Jun 9 08:37:52 2021 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Wed, 9 Jun 2021 09:37:52 +0100 Subject: New distro In-Reply-To: References: <686408252.132203.1622470398632.JavaMail.zimbra@vdb.nl> <2056743221.136679.1622552301904.JavaMail.zimbra@vdb.nl> Message-ID: <9d343ca0-f1d8-e61f-6b66-7d2527c837d6@fishnet.co.uk> On 08/06/2021 15:30, Remco Barendse wrote: > I yet need to figure out some things. Can I forward scanned mail to > exchange by putting this in /etc/postfix/transport : > mynicedomain.com???????? smtp:[10.1.0.60] Hi, Yes, that's exactly what I use. If forwarding to exchange you might be interested in 'address verification'*. This allows postfix to verify an email address with exchange before accepting it on the MailScanner. Which means that you don't have to maintain a local list of acceptable addresses. * http://www.postfix.org/ADDRESS_VERIFICATION_README.html Regards Ian -- From belle at bazuin.nl Wed Jun 9 10:14:01 2021 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Wed, 9 Jun 2021 12:14:01 +0200 Subject: New distro In-Reply-To: <9d343ca0-f1d8-e61f-6b66-7d2527c837d6@fishnet.co.uk> References: Message-ID: Thats also a way for spammer to verify if the email address exists.. I would recommend enabling postscreen in postfix also, that stops some scans on email adresses. See the addition below in the mail. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: MailScanner > [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. > info] Namens Ian > Verzonden: woensdag 9 juni 2021 10:38 > Aan: mailscanner at lists.mailscanner.info > Onderwerp: Re: New distro > > On 08/06/2021 15:30, Remco Barendse wrote: > > > I yet need to figure out some things. Can I forward scanned mail to > > exchange by putting this in /etc/postfix/transport : > > mynicedomain.com???????? smtp:[10.1.0.60] > > Hi, > > Yes, that's exactly what I use. > > If forwarding to exchange you might be interested in 'address > verification'*. This allows postfix to verify an email address with > exchange before accepting it on the MailScanner. Which means > that you > don't have to maintain a local list of acceptable addresses. > > * http://www.postfix.org/ADDRESS_VERIFICATION_README.html > > > Regards > > Ian > -- > Im using this for years now, on debian 8/9 and now 10, soon debian 11. :-) For postscreen you need (something) like this: /etc/postfix/postscreen_dnsbl_reply_map.pcre # Example content !/^fakename\.spamhaus\.org$/ multiple DNS-based blocklists used. # /etc/postfix/postscreen_access_list.cidr # Example content # https://mailchimp.com/about/ips/ 205.201.128.0/20 permit 198.2.128.0/18 permit 148.105.0.0/16 permit # /etc/postfix/postscreen_access_list-reject.fqrdns.pcre see : https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre Add this in main.cf and please do read what postscreen is and does before you add it. Now, below part. you see a big list of DNSBL servers. so what it does, it give values to the connections, checked per RBL server. if you hit treshold 7 then its seen as a RBL listed hosts. it adds and subtracts.. An example rejection. Jun 9 11:46:01 mail postfix/postscreen[126750]: DNSBL rank 10 for [94.152.193.19]:45170 Jun 9 11:46:01 mail postfix/postscreen[126750]: NOQUEUE: reject: RCPT from [94.152.193.19]:45170: 550 5.7.1 Service unavailable; client [94.152.193.19] blocked using multiple DNS-based blocklists, please check http://multirbl.valli.org/; from=, to=, proto=ESMTP, helo= So Rank 10, above treshold 7.. and we can use these treshold numbers with fail2ban. by doing that your server get less stress/hammered, because i block them in the firewalls after rejections. The fail2ban part i'll add on the bottom. ### Before-220 tests (postscreen / DNSBL) postscreen_tls_security_level=encrypt postscreen_greet_banner = $myhostname, checking blacklists, please wait. # Drop connections if other server is sending too quickly postscreen_greet_action = enforce postscreen_greet_wait = 5s postscreen_greet_ttl = 2d postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access_list.cidr, pcre:/etc/postfix/postscreen_access_list-reject.fqrdns.pcre postscreen_whitelist_interfaces = $mynetworks, static:all postscreen_blacklist_action = drop postscreen_dnsbl_reply_map = pcre:/etc/postfix/postscreen_dnsbl_reply_map.pcre postscreen_dnsbl_action = enforce postscreen_dnsbl_ttl = 2h postscreen_dnsbl_threshold = 7 postscreen_dnsbl_sites = zen.spamhaus.org*5 b.barracudacentral.org=127.0.0.2*2 dnsbl.cobion.com*2 bl.spameatingmonkey.net*2 fresh.spameatingmonkey.net*2 rhsbl.rbl.polspam.pl=127.0.0.1*2 rbl.rbldns.ru=127.0.0.1*1 dnsbl.kempt.net*1 dnsbl.inps.de*2 bl.spamcop.net*2 spam.dnsbl.sorbs.net=127.0.0.6*2 problems.sorbs.net=127.0.0.6*2 new.spam.sorbs.net=127.0.0.6*2 psbl.surriel.com*2 bl.mailspike.net*2 rep.mailspike.net=127.0.0.[13;14]*1 bl.suomispam.net*1 bl.blocklist.de*2 ix.dnsbl.manitu.net*2 dnsbl-1.uceprotect.net*1 dnsbl-2.uceprotect.net*1 dnsbl.justspam.org=127.0.0.2*2 multi.surbl.org*2 black.junkemailfilter.com=127.0.0.2*2 rbl.metunet.com=127.0.0.2*2 all.s5h.net=127.0.0.2*1 hostkarma.junkemailfilter.com=127.0.0.[2;4]*2 rbl.abuse.ro=127.0.0.[2;4]*2 gl.suomispam.net=127.0.0.2*1 truncate.gbudb.net=127.0.0.2*1 dnsbl.zapbl.net=127.0.0.2*1 spamsources.fabel.dk=127.0.0.2*1 dnsbl.spfbl.net=127.0.0.[2;4]*2 dnsbl-3.uceprotect.net=127.0.0.2*2 # No RDNS dnsbl.spfbl.net=127.0.0.3*1 hostkarma.junkemailfilter.com=127.0.0.3*1 # whitelists swl.spamhaus.org*-6 dnswl.spfbl.net=127.0.0.[2;3;4]*-3 list.dnswl.org=127.0.[0..254].[0..3]*-4 rep.mailspike.net=127.0.0.[17;18]*-1 rep.mailspike.net=127.0.0.[19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-4 nobl.junkemailfilter.com=127.0.0.5*-4 # ### End of before-220 tests ### After-220 tests ### WARNING -- See "Tests after the 220 SMTP server greeting" in the ### Postscreen Howto and *UNDERSTAND* it *BEFORE* you enable the ### following tests! This basically enables some kind of greylisting! #postscreen_bare_newline_action = enforce #postscreen_bare_newline_enable = yes #postscreen_non_smtp_command_enable = yes #postscreen_pipelining_enable = yes ### ADDENDUM: Any one of the foregoing three *_enable settings may cause ### significant and annoying mail delays. ### Fail2ban addition added in : jail.local [postfix-postscreen] port = smtp logpath = /var/log/mail.log maxretry = 1 bantime = 86400 findtime = 3600 banaction = ufw-all ### Fail2ban addition added in : /etc/fail2ban/jail.local # # Fail2Ban filter for Postfix's Postscreen blocks. # # you need to adjust the Rank number to what you please. # make sure you match the first number [7-9] so the 7 with postfix/postscreen_dnsbl_threshold value= # For now we have set rank 7 and up are getting blocked and put in the firewall [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = postfix(-\w+)?/postscreen failregex = DNSBL rank ([7-9]|[1-9][0-9]) for \[\] ignoreregex = # Author: Me.. ;-) ### Fail2ban addition added in : /etc/fail2ban/jail.d/personal-enabled.conf [postfix-postscreen] enabled = true ignoreip = 127.0.0.1/8 # add ips in ignore if needed, you most probley want to add some. and last.. i use ufw as firewall.. ### Fail2ban addition added in : /etc/fail2ban/action.d/ufw-all.conf # Fail2Ban configuration file # # We add the rules to ufw for better control and management # official ufw version uses ufw insert 1 .. that errors with IPv6. [Definition] actionstart = actionstop = actioncheck = actionban = ufw prepend deny from to any actionunban = ufw delete deny from to any From mailscanner at barendse.to Wed Jun 9 17:23:54 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Wed, 9 Jun 2021 19:23:54 +0200 (CEST) Subject: New distro In-Reply-To: References:

Message-ID: <3a4ffd36-c53c-118a-673f-d117db169f0@barendse.to> Wow, thanks!! That ill be first thing I'll be working on after successfully migrating CentOS+sendmail+MailScanner -> Ubuntu-postfix-MailScanner :) Thanks for list of blacklists :) On Wed, 9 Jun 2021, L.P.H. van Belle via MailScanner wrote: > Thats also a way for spammer to verify if the email address exists.. > > I would recommend enabling postscreen in postfix also, that stops > some scans on email adresses. See the addition below in the mail. > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: MailScanner >> [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. >> info] Namens Ian >> Verzonden: woensdag 9 juni 2021 10:38 >> Aan: mailscanner at lists.mailscanner.info >> Onderwerp: Re: New distro >> >> On 08/06/2021 15:30, Remco Barendse wrote: >> >>> I yet need to figure out some things. Can I forward scanned mail to >>> exchange by putting this in /etc/postfix/transport : >>> mynicedomain.com???????? smtp:[10.1.0.60] >> >> Hi, >> >> Yes, that's exactly what I use. >> >> If forwarding to exchange you might be interested in 'address >> verification'*. This allows postfix to verify an email address with >> exchange before accepting it on the MailScanner. Which means >> that you >> don't have to maintain a local list of acceptable addresses. >> >> * http://www.postfix.org/ADDRESS_VERIFICATION_README.html >> >> >> Regards >> >> Ian >> -- >> > > Im using this for years now, on debian 8/9 and now 10, soon debian 11. :-) > > For postscreen you need (something) like this: > /etc/postfix/postscreen_dnsbl_reply_map.pcre > # Example content > !/^fakename\.spamhaus\.org$/ multiple DNS-based blocklists used. > > # /etc/postfix/postscreen_access_list.cidr > # Example content > # https://mailchimp.com/about/ips/ > 205.201.128.0/20 permit > 198.2.128.0/18 permit > 148.105.0.0/16 permit > > # /etc/postfix/postscreen_access_list-reject.fqrdns.pcre > see : https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre > > > Add this in main.cf and please do read what postscreen is and does before you add it. > > Now, below part. you see a big list of DNSBL servers. > so what it does, it give values to the connections, checked per RBL server. > if you hit treshold 7 then its seen as a RBL listed hosts. > it adds and subtracts.. > > An example rejection. > Jun 9 11:46:01 mail postfix/postscreen[126750]: DNSBL rank 10 for [94.152.193.19]:45170 > Jun 9 11:46:01 mail postfix/postscreen[126750]: NOQUEUE: reject: RCPT from [94.152.193.19]:45170: 550 5.7.1 Service unavailable; client [94.152.193.19] blocked using multiple DNS-based blocklists, please check http://multirbl.valli.org/; from=, to=, proto=ESMTP, helo= > > So Rank 10, above treshold 7.. and we can use these treshold numbers with fail2ban. > by doing that your server get less stress/hammered, because i block them in the firewalls after rejections. > The fail2ban part i'll add on the bottom. > > > ### Before-220 tests (postscreen / DNSBL) > postscreen_tls_security_level=encrypt > postscreen_greet_banner = > $myhostname, checking blacklists, please wait. > # Drop connections if other server is sending too quickly > postscreen_greet_action = enforce > postscreen_greet_wait = 5s > postscreen_greet_ttl = 2d > postscreen_access_list = > permit_mynetworks, > cidr:/etc/postfix/postscreen_access_list.cidr, > pcre:/etc/postfix/postscreen_access_list-reject.fqrdns.pcre > postscreen_whitelist_interfaces = $mynetworks, static:all > postscreen_blacklist_action = drop > postscreen_dnsbl_reply_map = pcre:/etc/postfix/postscreen_dnsbl_reply_map.pcre > postscreen_dnsbl_action = enforce > postscreen_dnsbl_ttl = 2h > postscreen_dnsbl_threshold = 7 > postscreen_dnsbl_sites = > zen.spamhaus.org*5 > b.barracudacentral.org=127.0.0.2*2 > dnsbl.cobion.com*2 > bl.spameatingmonkey.net*2 > fresh.spameatingmonkey.net*2 > rhsbl.rbl.polspam.pl=127.0.0.1*2 > rbl.rbldns.ru=127.0.0.1*1 > dnsbl.kempt.net*1 > dnsbl.inps.de*2 > bl.spamcop.net*2 > spam.dnsbl.sorbs.net=127.0.0.6*2 > problems.sorbs.net=127.0.0.6*2 > new.spam.sorbs.net=127.0.0.6*2 > psbl.surriel.com*2 > bl.mailspike.net*2 > rep.mailspike.net=127.0.0.[13;14]*1 > bl.suomispam.net*1 > bl.blocklist.de*2 > ix.dnsbl.manitu.net*2 > dnsbl-1.uceprotect.net*1 > dnsbl-2.uceprotect.net*1 > dnsbl.justspam.org=127.0.0.2*2 > multi.surbl.org*2 > black.junkemailfilter.com=127.0.0.2*2 > rbl.metunet.com=127.0.0.2*2 > all.s5h.net=127.0.0.2*1 > hostkarma.junkemailfilter.com=127.0.0.[2;4]*2 > rbl.abuse.ro=127.0.0.[2;4]*2 > gl.suomispam.net=127.0.0.2*1 > truncate.gbudb.net=127.0.0.2*1 > dnsbl.zapbl.net=127.0.0.2*1 > spamsources.fabel.dk=127.0.0.2*1 > dnsbl.spfbl.net=127.0.0.[2;4]*2 > dnsbl-3.uceprotect.net=127.0.0.2*2 > # No RDNS > dnsbl.spfbl.net=127.0.0.3*1 > hostkarma.junkemailfilter.com=127.0.0.3*1 > # whitelists > swl.spamhaus.org*-6 > dnswl.spfbl.net=127.0.0.[2;3;4]*-3 > list.dnswl.org=127.0.[0..254].[0..3]*-4 > rep.mailspike.net=127.0.0.[17;18]*-1 > rep.mailspike.net=127.0.0.[19;20]*-2 > hostkarma.junkemailfilter.com=127.0.0.1*-4 > nobl.junkemailfilter.com=127.0.0.5*-4 > # > ### End of before-220 tests > ### After-220 tests > ### WARNING -- See "Tests after the 220 SMTP server greeting" in the > ### Postscreen Howto and *UNDERSTAND* it *BEFORE* you enable the > ### following tests! This basically enables some kind of greylisting! > #postscreen_bare_newline_action = enforce > #postscreen_bare_newline_enable = yes > #postscreen_non_smtp_command_enable = yes > #postscreen_pipelining_enable = yes > ### ADDENDUM: Any one of the foregoing three *_enable settings may cause > ### significant and annoying mail delays. > > > > ### Fail2ban addition added in : jail.local > [postfix-postscreen] > port = smtp > logpath = /var/log/mail.log > maxretry = 1 > bantime = 86400 > findtime = 3600 > banaction = ufw-all > > ### Fail2ban addition added in : /etc/fail2ban/jail.local > # > # Fail2Ban filter for Postfix's Postscreen blocks. > # > # you need to adjust the Rank number to what you please. > # make sure you match the first number [7-9] so the 7 with postfix/postscreen_dnsbl_threshold value= > # For now we have set rank 7 and up are getting blocked and put in the firewall > > [INCLUDES] > > # Read common prefixes. If any customizations available -- read them from > # common.local > before = common.conf > > [Definition] > > _daemon = postfix(-\w+)?/postscreen > > failregex = DNSBL rank ([7-9]|[1-9][0-9]) for \[\] > > ignoreregex = > > # Author: Me.. ;-) > > ### Fail2ban addition added in : /etc/fail2ban/jail.d/personal-enabled.conf > [postfix-postscreen] > enabled = true > ignoreip = 127.0.0.1/8 > # add ips in ignore if needed, you most probley want to add some. > > and last.. i use ufw as firewall.. > ### Fail2ban addition added in : /etc/fail2ban/action.d/ufw-all.conf > # Fail2Ban configuration file > # > # We add the rules to ufw for better control and management > # official ufw version uses ufw insert 1 .. that errors with IPv6. > > [Definition] > actionstart = > actionstop = > actioncheck = > actionban = ufw prepend deny from to any > actionunban = ufw delete deny from to any > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at barendse.to Fri Jun 11 09:20:06 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Fri, 11 Jun 2021 11:20:06 +0200 (CEST) Subject: New distro In-Reply-To: <9d343ca0-f1d8-e61f-6b66-7d2527c837d6@fishnet.co.uk> References: <686408252.132203.1622470398632.JavaMail.zimbra@vdb.nl> <2056743221.136679.1622552301904.JavaMail.zimbra@vdb.nl> <9d343ca0-f1d8-e61f-6b66-7d2527c837d6@fishnet.co.uk> Message-ID: Hi list! OK, with the input and help from the list I managed to complete the script for a super easy istall of MailScanner+postfix+SpamAssassin on a fresh install of ubuntu and got it working! See attached, still work in progress ;) All it takes is main.cf from Thom's website in the same directory as the script, and specify hostname, domain name and ip address of the exchange server where to deliver the mail i.e.: ./mailscanner-postfix.sh gw1 mynicedomain.com 10.1.0.60 Some questions : - Not sure if pyzor, razor and DCC still do any good, i added pyzor+razor packages to the spamassassin install, DCC requires manual install. (Do pyzor and razor need configuration?) razor-admin -register tells me : Unable to register without a valid razorhome or identity - spamassassin -D hangs when I run it yet test mail gets delivered - 5 missing perl modules, can I skip/ignore or someone found them : Digest::SHA1 (is it included in libdigest-sha-perl ? Will MailScanner install Digest::SHA1 from CPAN nonetheless if i install the package and will I end up with 2 conflicting packags ? IP::Country (is it included in libgeo-ipfree-perl ? same as Digest) Mail::ClamAV Mail::SPF::Query (is it included in spf-tools-perl ?) SAVI - Should I run ms-configure ? Thom created /usr/local/etc/postfix-db to create the databases, I am thinking to either move that to cron.hourly instead or create it as a "make" file in postfix directory just like it was with sendmail :) Still to do : fail2ban, postscreen, SPF, DKIM, DANE, DMARC, BIFI, CAA Thanks for any comments / help / tips to further improve :) On Wed, 9 Jun 2021, Ian wrote: > On 08/06/2021 15:30, Remco Barendse wrote: > >> I yet need to figure out some things. Can I forward scanned mail to >> exchange by putting this in /etc/postfix/transport : >> mynicedomain.com???????? smtp:[10.1.0.60] > > Hi, > > Yes, that's exactly what I use. > > If forwarding to exchange you might be interested in 'address verification'*. > This allows postfix to verify an email address with exchange before accepting > it on the MailScanner. Which means that you don't have to maintain a local > list of acceptable addresses. > > * http://www.postfix.org/ADDRESS_VERIFICATION_README.html > > > Regards > > Ian > -- > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- #!/bin/sh # Script to install and configure MailScanner + postfix on Ubuntu 20.04 # Remco Barendse 11-JUN-2021 - Inspired on instructions from : # https://vanderboon.net/2021/06/01/installing-mailscanner-5-4-with-postfix-on-ubuntu-20-04-lts/ # https://sites.google.com/site/wikirolanddelepper/mailscanner/configure-postfix-for-mailscanner # https://serverfault.com/questions/280585/how-do-i-configure-postfix-to-deliver-mail-for-specified-domains-to-another-host # http://www.postfix.org/ADDRESS_VERIFICATION_README.html # Test with : mailx -r 'klaus.mustermann at example.com' -s 'Subject Line' -S 'smtp=' 'validuser at myemailonexchange.com' < /dev/null # To do : Install : fail2ban, pyzor, razor, dcc, postscreen,SPF, DKIM, DANE, DMARC, BIFI, CAA # https://serverfault.com/questions/895242/dcc-plugin-to-spamassassin-does-not-get-loaded-on-debian-9 if [ $# -ne 3 ] ; then echo 'Usage: $0 ' echo 'Example : ./mailscanner-postfix.sh gw1 mynicedomain.com 10.1.0.60' exit 1 fi HOSTNAME=$1 MYDN=$2 EXCHANGEIP=$3 echo 'Install postfix - When asked choose ?No configuration' ; sleep 5 sudo apt -y install postfix # Example postfix (main.cf) : /usr/share/postfix/main.cf.debian # To view Postfix configuration values, see postconf(1). sudo touch /etc/postfix/header_checks sudo echo "/^Received:/ HOLD" > /etc/postfix/header_checks sudo touch /etc/postfix/access sudo touch /etc/postfix/relay_recipients sudo touch /etc/postfix/transport sudo touch /etc/postfix/virtual sudo mkdir -p /var/spool/MailScanner/incoming sudo mkdir /var/spool/postfix/hold sudo mkdir /var/spool/postfix/incoming sudo chown postfix. /var/spool/postfix/hold sudo chown postfix. /var/spool/postfix/incoming sudo chown postfix. /var/spool/MailScanner/incoming sudo chown postfix. /var/spool/MailScanner/quarantine sudo echo '#!/bin/sh' > /usr/local/etc/postfix-db sudo echo 'cd /etc/postfix' >> /usr/local/etc/postfix-db sudo echo 'newaliases' >> /usr/local/etc/postfix-db sudo echo '/usr/sbin/postmap /etc/postfix/virtual' >> /usr/local/etc/postfix-db sudo echo '/usr/sbin/postmap /etc/postfix/transport' >> /usr/local/etc/postfix-db sudo echo '/usr/sbin/postmap /etc/postfix/access' >> /usr/local/etc/postfix-db sudo echo '/usr/sbin/postmap /etc/postfix/relay_recipients' >> /usr/local/etc/postfix-db sudo chmod a+x /usr/local/etc/postfix-db # and we will start it later sudo cat main.cf > /etc/postfix/main.cf sudo sed -i "s/mail.yourdomain.com/$HOSTNAME.$MYDN/g" /etc/postfix/main.cf sudo sed -i "s/10.0.0.0\/24/10.0.0.0\/8/g" /etc/postfix/main.cf sudo sed -i "s/mydestination = $myhostname, localhost.$mydomain, localhost/mydestination = $$HOSTNAME, localhost.$$MYDN, localhost/g" /etc/postfix/main.cf sudo sed -i "s/relay_domains = yourdomain.com yourotherdomain.com yourveryfantasticdomain.com/relay_domains = $MYDN/g" /etc/postfix/main.cf echo "$MYDN smtp:[$EXCHANGEIP]" >> /etc/postfix/transport echo 'Install ClamAV' ; sleep 5 sudo apt install -y clamav clamav-daemon sudo systemctl enable clamav-daemon sudo systemctl enable clamav-freshclam sudo systemctl stop clamav-daemon sudo sed -i 's/LocalSocketGroup clamav/LocalSocketGroup mtagroup/g' /etc/clamav/clamd.conf sudo chown -R postfix.mtagroup /etc/clamav sudo usermod -a -G mtagroup postfix sudo usermod -a -G mtagroup clamav sudo systemctl restart clamav-daemon # Optional: Extra ClamAV signatures # It does not cost much and gives you a load of extra protection: the 4.000.000 virus/malware signatures of securiteinfo.com. # https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml echo 'SpamAssassin install' ; sleep 5 sudo apt -y install spamassassin pyzor razor apt-get -y install libyaml-perl libtest-manifest-perl libbusiness-isbn-data-perl libbusiness-isbn-perl libtest-pod-perl libmodule-build-perl libinline-perl libencode-detect-perl libnet-ldap-perl libnet-cidr-lite-perl libio-string-perl libnet-dns-resolver-programmable-perl libmail-spf-perl # Couldn't find : # Digest::SHA1 (is it included in libdigest-sha-perl ?) # IP::Country (is it included in libgeo-ipfree-perl ?) # Mail::ClamAV # Mail::SPF::Query (is it included in spf-tools-perl ?) # SAVI sudo wget -O /etc/mail/spamassassin/KAM.cf https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf sudo wget -O /etc/cron.hourly/KAM.cf.sh https://dutchspamassassinrules.nl/DSR/contrib/KAM.cf.sh sudo wget -O /etc/mail/spamassassin/DSR.cf https://dutchspamassassinrules.nl/DSR/DSR.cf sudo wget -O /etc/cron.hourly/DSR.cf.sh https://dutchspamassassinrules.nl/DSR/DSR.cf.sh # Install DCC sudo wget -O /tmp/dcc.tar.Z 'https://www.dcc-servers.net/src/dcc/dcc.tar.Z' cd /tmp tar xvzf dcc.tar.Z cd dcc-* sudo ./configure && sudo make && sudo make install sudo echo 'use_dcc 1' >> /etc/spamassassin/local.cf sudo echo 'dcc_timeout 8' >> /etc/spamassassin/local.cf sudo echo 'dcc_home /var/dcc/' >> /etc/spamassassin/local.cf sudo echo 'dcc_path /usr/local/bin/dccproc' >> /etc/spamassassin/local.cf sudo echo 'add_header all DCC _DCCB_: _DCCR_' >> /etc/spamassassin/local.cf sed -i '/DCC/s/^#//g' /etc/spamassassin/v310.pre sudo ufw allow 6277/udp echo 'MailScanner install' ; sleep 5 sudo echo '# For use with MailScanner' >> /etc/apparmor.d/usr.sbin.clamd sudo echo '/var/spool/MailScanner/** rw,' >> /etc/apparmor.d/usr.sbin.clamd sudo echo '/var/spool/MailScanner/incoming/** rw,' >> /etc/apparmor.d/usr.sbin.clamd sudo wget -O /tmp/MailScanner.noarch.deb https://github.com/MailScanner/v5/releases/download/5.3.4-3/MailScanner-5.3.4-3.noarch.deb sudo apt -y install /tmp/MailScanner.noarch.deb #ms-configure sudo sed -i "s/yoursite/$HOSTNAME/g" /etc/MailScanner/MailScanner.conf sudo echo 'Run As User = postfix' > /etc/MailScanner/conf.d/my_postfix.conf sudo echo 'Run As Group = postfix' >> /etc/MailScanner/conf.d/my_postfix.conf sudo echo 'Incoming Queue Dir = /var/spool/postfix/hold' >> /etc/MailScanner/conf.d/my_postfix.conf sudo echo 'Outgoing Queue Dir = /var/spool/postfix/incoming' >> /etc/MailScanner/conf.d/my_postfix.conf sudo echo 'MTA = postfix' >> /etc/MailScanner/conf.d/my_postfix.conf sudo echo 'Clamd Socket = /var/run/clamav/clamd.ctl' >> /etc/MailScanner/conf.d/my_postfix.conf sudo echo 'SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin' >> /etc/MailScanner/conf.d/my_postfix.conf #Complete config of PostFix + MailScanner, then sudo mkdir /var/spool/MailScanner/spamassassin sudo chown postfix.postfix /var/spool/MailScanner/spamassassin sudo /usr/local/etc/postfix-db sudo systemctl enable postfix sudo systemctl restart postfix sudo sed -i 's/run_mailscanner=0/run_mailscanner=1/g' /etc/MailScanner/defaults sudo systemctl enable mailscanner sudo systemctl start mailscanner sudo ufw allow smtp sudo ufw allow submission sudo ufw allow submissions From belle at bazuin.nl Fri Jun 11 10:39:58 2021 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Fri, 11 Jun 2021 12:39:58 +0200 Subject: New distro In-Reply-To: References: <9d343ca0-f1d8-e61f-6b66-7d2527c837d6@fishnet.co.uk> Message-ID: > > Hi list! Hai Remco, > > OK, with the input and help from the list I managed to complete the > script for a super easy istall of > MailScanner+postfix+SpamAssassin on a > fresh install of ubuntu and got it working! > > See attached, still work in progress ;) > > All it takes is main.cf from Thom's website in the same > directory as the > script, and specify hostname, domain name and ip address of > the exchange > server where to deliver the mail i.e.: > ./mailscanner-postfix.sh gw1 mynicedomain.com 10.1.0.60 > > Some questions : > - Not sure if pyzor, razor and DCC still do any good, i added > pyzor+razor packages to the spamassassin install, DCC requires > manual install. (Do pyzor and razor need configuration?) > razor-admin -register tells me : > Unable to register without a valid razorhome or identity Yes, pyzor and razor need to be configured and yes you can still install dcc also. I have to look this up, i have it somehere documented, ill look them up when i start on my setup. Make sure you run as the user spamassassin and point pyzor and razor there homedir of the user running spammassassin. I havent tested this one. https://kura.gg/2011/09/22/spamassassin-razor-pyzor/ But that still looks correct. Key part is, setting the "correct homedir" and rights.. Not /etc/mail/spamassassin but run this : getent passwd |grep spamd|awk -F: '{ print $6 }' Output: /var/lib/spamassassin So thats where you create these homdirs. And.. Then. echo "chown -R $(getent passwd |grep spamd|awk -F: '{ print $3":"$4 }') /var/lib/spamassassin/.pyzor/" Or echo "chown -R $(getent passwd |grep spamd|awk -F: '{ print $1":"$1 }') /var/lib/spamassassin/.pyzor/" > - spamassassin -D hangs when I run it yet test mail gets delivered > - 5 missing perl modules, can I skip/ignore or someone found them : > Digest::SHA1 (is it included in libdigest-sha-perl ? Will > MailScanner > install Digest::SHA1 from CPAN nonetheless if i install > the package > and will I end up with 2 conflicting packags ? Or ms-configure, Or install with cpan Or use an other repo that offers it as packages. There should be one, but i have to look that up. (not to much time atm). > IP::Country (is it included in libgeo-ipfree-perl ? same as Digest) you can use that. : libgeo-ipfree-perl same for digest. > Mail::ClamAV Look like this needs a cpan install > Mail::SPF::Query (is it included in spf-tools-perl ?) I dont see it in debian official packages, same cpan install. > SAVI Dont know this one. > - Should I run ms-configure ? Yes, that would get the missing perl modules. > > Thom created /usr/local/etc/postfix-db to create the databases, I am > thinking to either move that to cron.hourly instead or create it as a > "make" file in postfix directory just like it was with sendmail :) > > Still to do : fail2ban, postscreen, SPF, DKIM, DANE, DMARC, BIMI, CAA Dkim : https://github.com/thctlo/debian-scripts/blob/master/setup-opendkim-postfix.sh Should still work, try reading the script a bit, it shows what it does. > > Thanks for any comments / help / tips to further improve :) https://www.sidn.nl/en/news-and-blogs/hands-on-implementing-dane-in-postfix Good read .. Simple test on how your server is setup. https://www.internet.nl/mail/ This used the dutch recommends setting by government. Coming from : https://www.forumstandaardisatie.nl/open-standaarden * which is basicly a reference to the existing RFC's. Last tip. DONT run sa-learn "just like that" because that makes the next update fail. Why is read : /etc/cron.daily/spamassassin (you set root/wrong user rights on the compiles files). The fix is shown in the cron job. ;-) Enjoy. Greetz, Louis From mailscanner at barendse.to Fri Jun 11 15:00:32 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Fri, 11 Jun 2021 17:00:32 +0200 (CEST) Subject: New distro In-Reply-To: References: <9d343ca0-f1d8-e61f-6b66-7d2527c837d6@fishnet.co.uk> Message-ID: Thanks for all the hints and pointers, saved me ages in trial+error! pyzor discover didnt work and found a post online that it was deprecated in 2010, it now works just out of the box. Razor installed, will test over the weekend and see if it produces any hits. ms-configure installed a gazillion of different packages still missing Testing further! On Fri, 11 Jun 2021, L.P.H. van Belle via MailScanner wrote: >> >> Hi list! > > Hai Remco, > >> >> OK, with the input and help from the list I managed to complete the >> script for a super easy istall of >> MailScanner+postfix+SpamAssassin on a >> fresh install of ubuntu and got it working! >> >> See attached, still work in progress ;) >> >> All it takes is main.cf from Thom's website in the same >> directory as the >> script, and specify hostname, domain name and ip address of >> the exchange >> server where to deliver the mail i.e.: >> ./mailscanner-postfix.sh gw1 mynicedomain.com 10.1.0.60 >> >> Some questions : >> - Not sure if pyzor, razor and DCC still do any good, i added >> pyzor+razor packages to the spamassassin install, DCC requires >> manual install. (Do pyzor and razor need configuration?) >> razor-admin -register tells me : >> Unable to register without a valid razorhome or identity > > Yes, pyzor and razor need to be configured and yes you can still install dcc also. > > I have to look this up, i have it somehere documented, ill look them up when i start on my setup. > > Make sure you run as the user spamassassin and point pyzor and razor there homedir of the user running spammassassin. > I havent tested this one. https://kura.gg/2011/09/22/spamassassin-razor-pyzor/ > But that still looks correct. Key part is, setting the "correct homedir" and rights.. > > Not /etc/mail/spamassassin but run this : > getent passwd |grep spamd|awk -F: '{ print $6 }' > Output: /var/lib/spamassassin > So thats where you create these homdirs. > And.. Then. > echo "chown -R $(getent passwd |grep spamd|awk -F: '{ print $3":"$4 }') /var/lib/spamassassin/.pyzor/" > Or > echo "chown -R $(getent passwd |grep spamd|awk -F: '{ print $1":"$1 }') /var/lib/spamassassin/.pyzor/" > > >> - spamassassin -D hangs when I run it yet test mail gets delivered >> - 5 missing perl modules, can I skip/ignore or someone found them : >> Digest::SHA1 (is it included in libdigest-sha-perl ? Will >> MailScanner >> install Digest::SHA1 from CPAN nonetheless if i install >> the package >> and will I end up with 2 conflicting packags ? > Or ms-configure, Or install with cpan Or use an other repo that offers it as packages. > There should be one, but i have to look that up. (not to much time atm). > >> IP::Country (is it included in libgeo-ipfree-perl ? same as Digest) > you can use that. : libgeo-ipfree-perl > same for digest. > > >> Mail::ClamAV > Look like this needs a cpan install > >> Mail::SPF::Query (is it included in spf-tools-perl ?) > I dont see it in debian official packages, same cpan install. > >> SAVI > Dont know this one. > >> - Should I run ms-configure ? > > Yes, that would get the missing perl modules. > >> >> Thom created /usr/local/etc/postfix-db to create the databases, I am >> thinking to either move that to cron.hourly instead or create it as a >> "make" file in postfix directory just like it was with sendmail :) >> >> Still to do : fail2ban, postscreen, SPF, DKIM, DANE, DMARC, BIMI, CAA > Dkim : https://github.com/thctlo/debian-scripts/blob/master/setup-opendkim-postfix.sh > Should still work, try reading the script a bit, it shows what it does. > >> >> Thanks for any comments / help / tips to further improve :) > > https://www.sidn.nl/en/news-and-blogs/hands-on-implementing-dane-in-postfix > Good read .. > > Simple test on how your server is setup. > https://www.internet.nl/mail/ > This used the dutch recommends setting by government. > > Coming from : > https://www.forumstandaardisatie.nl/open-standaarden > * which is basicly a reference to the existing RFC's. > > > Last tip. > DONT run sa-learn "just like that" because that makes the next update fail. > Why is read : /etc/cron.daily/spamassassin > (you set root/wrong user rights on the compiles files). > The fix is shown in the cron job. ;-) > > > Enjoy. > > Greetz, > > Louis > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at barendse.to Fri Jun 11 15:36:50 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Fri, 11 Jun 2021 17:36:50 +0200 (CEST) Subject: Mail::SPF::Query is missing. Installing via CPAN timed out Message-ID: When running the installer, it just hangs here : Mail::SPF::Query is missing. Installing via CPAN ... --> Working on Mail::SPF::Query Fetching http://www.cpan.org/authors/id/J/JM/JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz ... OK Configuring Mail-SPF-Query-1.999.1 ... OK Building and testing Mail-SPF-Query-1.999.1 ... ! Timed out (> 1800s). Use --verbose to retry. Terminated Any hints? Thx! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shawniverson at summitgrid.com Fri Jun 11 16:25:38 2021 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Fri, 11 Jun 2021 12:25:38 -0400 Subject: Mail::SPF::Query is missing. Installing via CPAN timed out In-Reply-To: References: Message-ID: <2fa0f524-36a2-b51b-cefb-2fbf60f12f38@summitgrid.com> This module is notorious for bombing out during the test phase, depending on your DNS implementation. I recommend compiling it by skipping the tests or locating a prepackaged version, if available. On 6/11/21 11:36 AM, Remco Barendse wrote: > > When running the installer, it just hangs here : > > > Mail::SPF::Query is missing. Installing via CPAN ... > > --> Working on Mail::SPF::Query > Fetching > http://www.cpan.org/authors/id/J/JM/JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > ... OK > Configuring Mail-SPF-Query-1.999.1 ... OK > Building and testing Mail-SPF-Query-1.999.1 ... ! Timed out (> 1800s). > Use --verbose to retry. > Terminated > > Any hints? > > Thx! > From mark at msapiro.net Fri Jun 11 17:00:49 2021 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 11 Jun 2021 10:00:49 -0700 Subject: Mail::SPF::Query is missing. Installing via CPAN timed out In-Reply-To: References: Message-ID: <4be68f3c-1911-48a0-e71a-4aad8e848db9@msapiro.net> On 6/11/21 8:36 AM, Remco Barendse wrote: > > When running the installer, it just hangs here : > > > Mail::SPF::Query is missing. Installing via CPAN ... > > --> Working on Mail::SPF::Query > Fetching > http://www.cpan.org/authors/id/J/JM/JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > ... OK > Configuring Mail-SPF-Query-1.999.1 ... OK > Building and testing Mail-SPF-Query-1.999.1 ... ! Timed out (> 1800s). > Use --verbose to retry. > Terminated > > Any hints? What happens if you manually run cpan install Mail::SPF::Query -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner at barendse.to Fri Jun 11 21:57:21 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Fri, 11 Jun 2021 23:57:21 +0200 (CEST) Subject: Mail::SPF::Query is missing. Installing via CPAN timed out In-Reply-To: <4be68f3c-1911-48a0-e71a-4aad8e848db9@msapiro.net> References: <4be68f3c-1911-48a0-e71a-4aad8e848db9@msapiro.net> Message-ID: Loads of stuff that doesn' make any sense to me : Configuring J/JM/JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz with Makefile.PL Checking if your kit is complete... Looks good Generating a Unix-style Makefile Writing Makefile for Mail::SPF::Query Writing MYMETA.yml and MYMETA.json JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz /usr/bin/perl Makefile.PL INSTALLDIRS=site -- OK Running make for J/JM/JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz CPAN: Module::CoreList loaded ok (v5.20190522) cp lib/Mail/SPF/Query.pm blib/lib/Mail/SPF/Query.pm cp bin/spfd blib/script/spfd "/usr/bin/perl" -MExtUtils::MY -e 'MY->fixin(shift)' -- blib/script/spfd cp bin/spfquery blib/script/spfquery "/usr/bin/perl" -MExtUtils::MY -e 'MY->fixin(shift)' -- blib/script/spfquery Manifying 2 pod documents Manifying 1 pod document JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz /usr/bin/make -- OK Running make test for JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/00_all.t .. 3/223 # Test 3 got: "unknown" (t/00_all.t at line 127 fail #2) # Expected: "neutral" # t/00_all.t line 127 is: my $ok = ok($result, $expected_result); # Detailed debug log for test(s) 3: # | 01.spf1-test.mailzone.com new: ipv4=192.0.2.1, sender=01.spf1-test.mailzone.com, helo=01.spf1-test.mailzone.com # | postmaster 01.spf1-test.mailzone.com localpart is postmaster # || postmaster 01.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 01.spf1-test.mailzone.com # || postmaster 01.spf1-test.mailzone.com myquery: doing TXT query on 01.spf1-test.mailzone.com # || postmaster 01.spf1-test.mailzone.com myquery: 01.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 01.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 01.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 01.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 01.spf1-test.mailzone.com no SPF record found for 01.spf1-test.mailzone.com # || postmaster 01.spf1-test.mailzone.com header_comment: spf_source = domain of 01.spf1-test.mailzone.com # || postmaster 01.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record t/00_all.t .. 4/223 # Test 4 got: "unknown" (t/00_all.t at line 127 fail #3) # Expected: "fail" # Detailed debug log for test(s) 4: # | 02.spf1-test.mailzone.com new: ipv4=192.0.2.1, sender=02.spf1-test.mailzone.com, helo=02.spf1-test.mailzone.com # | postmaster 02.spf1-test.mailzone.com localpart is postmaster # || postmaster 02.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 02.spf1-test.mailzone.com # || postmaster 02.spf1-test.mailzone.com myquery: doing TXT query on 02.spf1-test.mailzone.com # || postmaster 02.spf1-test.mailzone.com myquery: 02.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 02.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 02.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 02.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 02.spf1-test.mailzone.com no SPF record found for 02.spf1-test.mailzone.com # || postmaster 02.spf1-test.mailzone.com header_comment: spf_source = domain of 02.spf1-test.mailzone.com # || postmaster 02.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record t/00_all.t .. 5/223 # Test 5 got: "unknown" (t/00_all.t at line 127 fail #4) # Expected: "softfail" # Detailed debug log for test(s) 5: # | 03.spf1-test.mailzone.com new: ipv4=192.0.2.1, sender=03.spf1-test.mailzone.com, helo=03.spf1-test.mailzone.com # | postmaster 03.spf1-test.mailzone.com localpart is postmaster # || postmaster 03.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 03.spf1-test.mailzone.com # || postmaster 03.spf1-test.mailzone.com myquery: doing TXT query on 03.spf1-test.mailzone.com # || postmaster 03.spf1-test.mailzone.com myquery: 03.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 03.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 03.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 03.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 03.spf1-test.mailzone.com no SPF record found for 03.spf1-test.mailzone.com # || postmaster 03.spf1-test.mailzone.com header_comment: spf_source = domain of 03.spf1-test.mailzone.com # || postmaster 03.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record t/00_all.t .. 6/223 # Test 6 got: "unknown" (t/00_all.t at line 127 fail #5) # Expected: "fail" # Detailed debug log for test(s) 6: # | 05.spf1-test.mailzone.com new: ipv4=192.0.2.1, sender=05.spf1-test.mailzone.com, helo=05.spf1-test.mailzone.com # | postmaster 05.spf1-test.mailzone.com localpart is postmaster # || postmaster 05.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 05.spf1-test.mailzone.com # || postmaster 05.spf1-test.mailzone.com myquery: doing TXT query on 05.spf1-test.mailzone.com # || postmaster 05.spf1-test.mailzone.com myquery: 05.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 05.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 05.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 05.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 05.spf1-test.mailzone.com no SPF record found for 05.spf1-test.mailzone.com # || postmaster 05.spf1-test.mailzone.com header_comment: spf_source = domain of 05.spf1-test.mailzone.com t/00_all.t .. 7/223 # Test 7 got: "unknown" (t/00_all.t at line 127 fail #6)ype = original-spf-record # Expected: "neutral" # Test 9 got: "error in processing during lookup of 06.spf1-test.mailzone.com" (t/00_all.t at line 130) # Expected: "192.0.2.1 is neither permitted nor denied by domain of 06.spf1-test.mailzone.com" # t/00_all.t line 130 is: $ok = ok($header_comment, $expected_header_comment) && $ok; # Detailed debug log for test(s) 7,8,9: # | 06.spf1-test.mailzone.com new: ipv4=192.0.2.1, sender=06.spf1-test.mailzone.com, helo=06.spf1-test.mailzone.com # | postmaster 06.spf1-test.mailzone.com localpart is postmaster # || postmaster 06.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 06.spf1-test.mailzone.com # || postmaster 06.spf1-test.mailzone.com myquery: doing TXT query on 06.spf1-test.mailzone.com # || postmaster 06.spf1-test.mailzone.com myquery: 06.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 06.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 06.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 06.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 06.spf1-test.mailzone.com no SPF record found for 06.spf1-test.mailzone.com # || postmaster 06.spf1-test.mailzone.com header_comment: spf_source = domain of 06.spf1-test.mailzone.com # || postmaster 06.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record t/00_all.t .. 10/223 # Test 10 got: "unknown" (t/00_all.t at line 127 fail #7) # Expected: "none" # Detailed debug log for test(s) 10: # | 07.spf1-test.mailzone.com new: ipv4=192.0.2.1, sender=07.spf1-test.mailzone.com, helo=07.spf1-test.mailzone.com # | postmaster 07.spf1-test.mailzone.com localpart is postmaster # || postmaster 07.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 07.spf1-test.mailzone.com # || postmaster 07.spf1-test.mailzone.com myquery: doing TXT query on 07.spf1-test.mailzone.com # || postmaster 07.spf1-test.mailzone.com myquery: 07.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 07.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 07.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 07.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 07.spf1-test.mailzone.com no SPF record found for 07.spf1-test.mailzone.com # || postmaster 07.spf1-test.mailzone.com header_comment: spf_source = domain of 07.spf1-test.mailzone.com # || postmaster 07.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record t/00_all.t .. 12/223 # Test 12 got: "unknown" (t/00_all.t at line 127 fail #9) # Expected: "fail" # Detailed debug log for test(s) 12: # | 10.spf1-test.mailzone.com new: ipv4=192.0.2.1, sender=10.spf1-test.mailzone.com, helo=10.spf1-test.mailzone.com # | postmaster 10.spf1-test.mailzone.com localpart is postmaster # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: 10.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 10.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 10.spf1-test.mailzone.com no SPF record found for 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source = domain of 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record t/00_all.t .. 13/223 # Test 13 got: "unknown" (t/00_all.t at line 127 fail #10) # Expected: "pass" # Detailed debug log for test(s) 13: # | 10.spf1-test.mailzone.com new: ipv4=192.0.2.10, sender=10.spf1-test.mailzone.com, helo=10.spf1-test.mailzone.com # | postmaster 10.spf1-test.mailzone.com localpart is postmaster # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: 10.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 10.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 10.spf1-test.mailzone.com no SPF record found for 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source = domain of 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record t/00_all.t .. 14/223 # Test 14 got: "unknown" (t/00_all.t at line 127 fail #11) # Expected: "pass" # Detailed debug log for test(s) 14: # | 10.spf1-test.mailzone.com new: ipv4=192.0.2.11, sender=10.spf1-test.mailzone.com, helo=10.spf1-test.mailzone.com # | postmaster 10.spf1-test.mailzone.com localpart is postmaster # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: 10.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 10.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 10.spf1-test.mailzone.com no SPF record found for 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source = domain of 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record t/00_all.t .. 15/223 # Test 15 got: "unknown" (t/00_all.t at line 127 fail #12) # Expected: "pass" # Detailed debug log for test(s) 15: # | 10.spf1-test.mailzone.com new: ipv4=192.0.2.12, sender=10.spf1-test.mailzone.com, helo=10.spf1-test.mailzone.com # | postmaster 10.spf1-test.mailzone.com localpart is postmaster # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: 10.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 10.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 10.spf1-test.mailzone.com no SPF record found for 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source = domain of 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record t/00_all.t .. 16/223 # Test 16 got: "unknown" (t/00_all.t at line 127 fail #13) # Expected: "pass" # Detailed debug log for test(s) 16: # | 10.spf1-test.mailzone.com new: ipv4=192.0.2.13, sender=10.spf1-test.mailzone.com, helo=10.spf1-test.mailzone.com # | postmaster 10.spf1-test.mailzone.com localpart is postmaster # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: 10.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 10.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 10.spf1-test.mailzone.com no SPF record found for 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source = domain of 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record t/00_all.t .. 17/223 # Test 17 got: "unknown" (t/00_all.t at line 127 fail #14) # Expected: "pass" # Detailed debug log for test(s) 17: # | 10.spf1-test.mailzone.com new: ipv4=192.0.2.20, sender=10.spf1-test.mailzone.com, helo=10.spf1-test.mailzone.com # | postmaster 10.spf1-test.mailzone.com localpart is postmaster # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: 10.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 10.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 10.spf1-test.mailzone.com no SPF record found for 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source = domain of 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record t/00_all.t .. 18/223 # Test 18 got: "unknown" (t/00_all.t at line 127 fail #15) # Expected: "pass" # Detailed debug log for test(s) 18: # | 10.spf1-test.mailzone.com new: ipv4=192.0.2.21, sender=10.spf1-test.mailzone.com, helo=10.spf1-test.mailzone.com # | postmaster 10.spf1-test.mailzone.com localpart is postmaster # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: 10.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 10.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 10.spf1-test.mailzone.com no SPF record found for 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source = domain of 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record t/00_all.t .. 19/223 # Test 19 got: "unknown" (t/00_all.t at line 127 fail #16) # Expected: "pass" # Detailed debug log for test(s) 19: # | 10.spf1-test.mailzone.com new: ipv4=192.0.2.22, sender=10.spf1-test.mailzone.com, helo=10.spf1-test.mailzone.com # | postmaster 10.spf1-test.mailzone.com localpart is postmaster # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: doing TXT query on 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com myquery: 10.spf1-test.mailzone.com TXT failed: NXDOMAIN. # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): TXT query on 10.spf1-test.mailzone.com returned error=, last_dns_error=NXDOMAIN # || postmaster 10.spf1-test.mailzone.com DirectiveSet->new(): SPF policy: # || postmaster 10.spf1-test.mailzone.com no SPF record found for 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source = domain of 10.spf1-test.mailzone.com # || postmaster 10.spf1-test.mailzone.com header_comment: spf_source_type = original-spf-record ^Cmake: *** [Makefile:853: test_dynamic] Interrupt JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz /usr/bin/make test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz On Fri, 11 Jun 2021, Mark Sapiro wrote: > On 6/11/21 8:36 AM, Remco Barendse wrote: >> >> When running the installer, it just hangs here : >> >> >> Mail::SPF::Query is missing. Installing via CPAN ... >> >> --> Working on Mail::SPF::Query >> Fetching >> http://www.cpan.org/authors/id/J/JM/JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz >> ... OK >> Configuring Mail-SPF-Query-1.999.1 ... OK >> Building and testing Mail-SPF-Query-1.999.1 ... ! Timed out (> 1800s). Use >> --verbose to retry. >> Terminated >> >> Any hints? > > What happens if you manually run > > cpan install Mail::SPF::Query > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Fri Jun 11 22:35:07 2021 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 11 Jun 2021 15:35:07 -0700 Subject: Mail::SPF::Query is missing. Installing via CPAN timed out In-Reply-To: References: <4be68f3c-1911-48a0-e71a-4aad8e848db9@msapiro.net> Message-ID: On 6/11/21 2:57 PM, Remco Barendse wrote: > Loads of stuff that doesn' make any sense to me : > > > Configuring J/JM/JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > with Makefile.PL > Checking if your kit is complete... > Looks good > Generating a Unix-style Makefile > Writing Makefile for Mail::SPF::Query > Writing MYMETA.yml and MYMETA.json > ? JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > ? /usr/bin/perl Makefile.PL INSTALLDIRS=site -- OK > Running make for J/JM/JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > CPAN: Module::CoreList loaded ok (v5.20190522) > cp lib/Mail/SPF/Query.pm blib/lib/Mail/SPF/Query.pm > cp bin/spfd blib/script/spfd > "/usr/bin/perl" -MExtUtils::MY -e 'MY->fixin(shift)' -- blib/script/spfd > cp bin/spfquery blib/script/spfquery > "/usr/bin/perl" -MExtUtils::MY -e 'MY->fixin(shift)' -- > blib/script/spfquery > Manifying 2 pod documents > Manifying 1 pod document > ? JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > ? /usr/bin/make -- OK > Running make test for JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" > "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, > 'blib/lib', 'blib/arch')" t/*.t > t/00_all.t .. 3/223 # Test 3 got: "unknown" (t/00_all.t at line 127 fail > #2) > #?? Expected: "neutral"... > spf_source_type = original-spf-record > ^Cmake: *** [Makefile:853: test_dynamic] Interrupt > ? JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > ? /usr/bin/make test -- NOT OK > //hint// to see the cpan-testers results for installing this module, try: > ? reports JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz So the module was downloaded and `make` succeeded, but `make test` failed a few tests and then you interrupted it with '^C'. I'm not sure about the failures, but did you have a working internet connection. If not, that may be the reason. In any case look in your home directory for .cpan/build/Mail-SPF-Query-1.999.1-0/ directory. There may be more than one Mail-SPF-Query-1.999.1-* directory in which case you want the most recent one. There should be a Makefile there and you should be able to cd to the directory and run sudo make install to install the module. Alternatively, you can sudo cpan force install Mail::SPF::Query -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner at barendse.to Sat Jun 12 13:16:13 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Sat, 12 Jun 2021 15:16:13 +0200 (CEST) Subject: Mail::SPF::Query is missing. Installing via CPAN timed out In-Reply-To: References: <4be68f3c-1911-48a0-e71a-4aad8e848db9@msapiro.net>

Message-ID: <13acf137-676e-3b45-be13-ef7489e2ef91@barendse.to> Strange, I am pretty sure I did not press CTRL-C I ran the installer again and again and kept getting this : Test Summary Report ------------------- t/00_all.t (Wstat: 0 Tests: 223 Failed: 195) Failed tests: 3-7, 9-76, 78-81, 89-127, 129, 131-161 163-164, 166-182, 184-185, 187-188, 190-191 193-194, 196-197, 199-200, 202-203, 205-206 208-209, 211-212, 214-215, 217-218, 220-223 Files=1, Tests=223, 22 wallclock secs ( 0.11 usr 0.04 sys + 0.61 cusr 0.11 csys = 0.87 CPU) Result: FAIL Failed 1/1 test programs. 195/223 subtests failed. make: *** [Makefile:853: test_dynamic] Error 255 JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz /usr/bin/make test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz I deleted /root/.cpan and /root/.cpanm and re-ran ms-configure and it installed immediately Thanks for help On Fri, 11 Jun 2021, Mark Sapiro wrote: > On 6/11/21 2:57 PM, Remco Barendse wrote: >> Loads of stuff that doesn' make any sense to me : >> >> >> Configuring J/JM/JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz with >> Makefile.PL >> Checking if your kit is complete... >> Looks good >> Generating a Unix-style Makefile >> Writing Makefile for Mail::SPF::Query >> Writing MYMETA.yml and MYMETA.json >> ? JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz >> ? /usr/bin/perl Makefile.PL INSTALLDIRS=site -- OK >> Running make for J/JM/JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz >> CPAN: Module::CoreList loaded ok (v5.20190522) >> cp lib/Mail/SPF/Query.pm blib/lib/Mail/SPF/Query.pm >> cp bin/spfd blib/script/spfd >> "/usr/bin/perl" -MExtUtils::MY -e 'MY->fixin(shift)' -- blib/script/spfd >> cp bin/spfquery blib/script/spfquery >> "/usr/bin/perl" -MExtUtils::MY -e 'MY->fixin(shift)' -- >> blib/script/spfquery >> Manifying 2 pod documents >> Manifying 1 pod document >> ? JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz >> ? /usr/bin/make -- OK >> Running make test for JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz >> PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" >> "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, >> 'blib/lib', 'blib/arch')" t/*.t >> t/00_all.t .. 3/223 # Test 3 got: "unknown" (t/00_all.t at line 127 fail >> #2) >> #?? Expected: "neutral"... >> spf_source_type = original-spf-record >> ^Cmake: *** [Makefile:853: test_dynamic] Interrupt >> ? JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz >> ? /usr/bin/make test -- NOT OK >> //hint// to see the cpan-testers results for installing this module, try: >> ? reports JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > > > So the module was downloaded and `make` succeeded, but `make test` failed a > few tests and then you interrupted it with '^C'. I'm not sure about the > failures, but did you have a working internet connection. If not, that may be > the reason. > > In any case look in your home directory for > .cpan/build/Mail-SPF-Query-1.999.1-0/ directory. There may be more than one > Mail-SPF-Query-1.999.1-* directory in which case you want the most recent > one. There should be a Makefile there and you should be able to cd to the > directory and run > > sudo make install > > to install the module. Alternatively, you can > > sudo cpan force install Mail::SPF::Query > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at barendse.to Sun Jun 13 10:58:08 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Sun, 13 Jun 2021 12:58:08 +0200 (CEST) Subject: MailScanner archive breaks postfix smarthost Message-ID: <51612b8-cf3d-fd8d-50ec-1dacff06b5b@barendse.to> I use the archive function of MailScanner to send a copy of inbound/outbound email to an email address on an external server. Postfix is also serving as a backup for that same domain/server to store mail (should the server go down). When I do not use SmartHost, mail goes out as expected : Jun 13 12:49:10 gw2 postfix/smtp[5226]: BBFD882A34: to=, relay=mail.my2nddomain.com[--.---.--.--]:25, delay=0.76, delays=0.5/0.02/0.13/0.11, dsn=2.0.0, status=sent (250 2.0.0 15DAnAAT016589 Message accepted for delivery) Jun 13 12:49:10 gw2 MailScanner[5228]: Read 5624 hostnames from the phishing blacklists Jun 13 12:49:11 gw2 postfix/smtp[5227]: BBFD882A34: to=, relay=gmail-smtp-in.l.google.com[108.177.119.26]:25, delay=0.92, delays=0.5/0.03/0.15/0.23, dsn=2.0.0, status=sent (250 2.0.0 OK 1623581351 a13si5024937edy.153 - gsmtp) Jun 13 12:49:11 gw2 postfix/qmgr[5207]: BBFD882A34: removed When I enable SmartHost, it seems as if postfix doesn't use the smarthost byt bants to do authentication on the remote mail server to deliver the archive copy of the mail, which fails. Jun 13 12:11:20 gw2 postfix/qmgr[3600]: 88F9882A30: from=, size=339, nrcpt=2 (queue active) Jun 13 12:11:23 gw2 postfix/smtp[3966]: 88F9882A30: to=, relay=smtp.xs4all.nl[194.109.6.51]:587, delay=3.3, delays=1/0.09/2.2/0.06, dsn=2.0.0, status=sent (250 2.0.0 smtp-cloud8.xs4all.net accepted mail sN5MlU4tIhqltsN 5Pliy28 for delivery) Jun 13 12:11:23 gw2 postfix/smtp[3964]: 88F9882A30: to=, relay=mail.my2nddomain.com[--.---.--.--]:25, delay=3.1, delays=1/0.08/2/0, dsn=4.7.0, status=deferred (SASL authentication failed; server mail.my2nddomain.com[--.---.--.---] said: 535 5.7.0 authentication failed) Jun 13 12:19:30 gw2 postfix/qmgr[3600]: 88F9882A30: from=, size=339, nrcpt=2 (queue active) In my /etc/postfix/transport I have : archive.com smtp:[mail.archive.com] To enable smarthost I added this to main.cf : # Enable auth smtp_sasl_auth_enable = yes # Set username and password smtp_sasl_password_maps = static:YOUR-SMTP-USER-NAME-HERE:YOUR-SMTP-SERVER-PASSWORD-HERE smtp_sasl_security_options = noanonymous # Turn on tls encryption smtp_tls_security_level = encrypt header_size_limit = 4096000 # Set external SMTP relay host here IP or hostname accepted along with a port number. relayhost = [YOUR-SMTP-SERVER-IP-HERE]:587 Where am I going wrong? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Sun Jun 13 17:00:09 2021 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 13 Jun 2021 10:00:09 -0700 Subject: MailScanner archive breaks postfix smarthost In-Reply-To: <51612b8-cf3d-fd8d-50ec-1dacff06b5b@barendse.to> References: <51612b8-cf3d-fd8d-50ec-1dacff06b5b@barendse.to> Message-ID: <5374e2f0-26c7-6913-3adb-2d7ad48d3758@msapiro.net> On 6/13/21 3:58 AM, Remco Barendse wrote: > > To enable smarthost I added this to main.cf : ...> # Set external SMTP relay host here IP or hostname accepted along with a > port number. > relayhost = [YOUR-SMTP-SERVER-IP-HERE]:587 It appears you may have the IP or name of mail.my2nddomain.com here. It should be the IP or name of the smarthost. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner at barendse.to Sun Jun 13 21:28:30 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Sun, 13 Jun 2021 23:28:30 +0200 (CEST) Subject: MailScanner archive breaks postfix smarthost In-Reply-To: <5374e2f0-26c7-6913-3adb-2d7ad48d3758@msapiro.net> References: <51612b8-cf3d-fd8d-50ec-1dacff06b5b@barendse.to> <5374e2f0-26c7-6913-3adb-2d7ad48d3758@msapiro.net> Message-ID: <5de4beb6-9b63-2766-b488-686c58a66ae5@barendse.to> No, i have relayhost = [smtp.xs4all.nl]:587 which is an ISP The first mail goes out without errors through the ISP, for the second email (th archive rule), it tries to deliver directly to mail.my2nddomain.com but then sems to try secured connection. Thanks for your help! On Sun, 13 Jun 2021, Mark Sapiro wrote: > On 6/13/21 3:58 AM, Remco Barendse wrote: >> >> To enable smarthost I added this to main.cf : > ...> # Set external SMTP relay host here IP or hostname accepted along with a >> port number. >> relayhost = [YOUR-SMTP-SERVER-IP-HERE]:587 > > > It appears you may have the IP or name of mail.my2nddomain.com here. It > should be the IP or name of the smarthost. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > From mark at msapiro.net Sun Jun 13 21:53:33 2021 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 13 Jun 2021 14:53:33 -0700 Subject: MailScanner archive breaks postfix smarthost In-Reply-To: <5de4beb6-9b63-2766-b488-686c58a66ae5@barendse.to> References: <51612b8-cf3d-fd8d-50ec-1dacff06b5b@barendse.to> <5374e2f0-26c7-6913-3adb-2d7ad48d3758@msapiro.net> <5de4beb6-9b63-2766-b488-686c58a66ae5@barendse.to> Message-ID: On 6/13/21 2:28 PM, Remco Barendse wrote: > > No, i have relayhost = [smtp.xs4all.nl]:587 which is an ISP > > The first mail goes out without errors through the ISP, for the second > email (th archive rule), it tries to deliver directly to > mail.my2nddomain.com but then sems to try secured connection. I don't see where this is a MailScanner issue at all. The issue appears to be that when you add the configuration items for delivery via smtp.xs4all.nl, mail to outbound at archive.com is still relayed via mail.my2nddomain.com, but with SASL settings per smtp_sasl_auth_enable = yes smtp_sasl_password_maps = static:YOUR-SMTP-USER-NAME-HERE:YOUR-SMTP-SERVER-PASSWORD-HERE I think this would be regardless of the source of this mail and is probably due to the transport mapping archive.com smtp:[mail.archive.com] Why do you have that? What if you remove it? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From belle at bazuin.nl Mon Jun 14 07:42:30 2021 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Mon, 14 Jun 2021 09:42:30 +0200 Subject: MailScanner archive breaks postfix smarthost In-Reply-To: <51612b8-cf3d-fd8d-50ec-1dacff06b5b@barendse.to> References: <51612b8-cf3d-fd8d-50ec-1dacff06b5b@barendse.to> Message-ID: Remco, As far i can see, 2 options.. Forwarding where google blocks it or the smtp relay isnt correct. 535 5.7.0 authentication failed << this one.. The sending domain (yours), what is configured on it like, is any SPF/DKIM/DMARC done, because if not, gmail might be blocking you. https://support.google.com/mail/troubleshooter/2696779 * i run it with these. - What is the issue? Sent emails are ?Temp failed / Rejected? or classified as ?Spam/Phishing? -From where do you send messages that are blocked or filtered to Spam? I send from my own domain - Messages from your domain can be flagged as spam if your servers are used as an open relay or have been compromised by a virus or malware. You can run a scan of your system to check for these problems. Was your email server compromised? No - Was the email unauthenticated? No Please verify that you: Sign messages with DKIM. Gmail doesn't authenticate messages signed with keys that use fewer than 1024 bits. Publish a SPF Record. Publish a DMARC policy. After this point if you see no again. I had a simular one last week on one of my brothers domain. #### The other option is. Your smtp auth setup looks bit off. # SMTP Client relayhost = [smtp.xs4all.nl]:465 or [smtp.xs4all.nl]:587 try both. smtp_sasl_auth_enable = yes # smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous smtp_tls_security_level = encrypt smtpd_tls_auth_only = no header_size_limit = 4096000 broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes /etc/postfix/sasl_passwd # password file the the relay hosts and its authentication format [smtp.xs4all.nl] user at yourdomain.org:credentials_for_domain_from_xs4all [smtp.other.org] user2 at yourdomain.org:credentials_for_user_2 [smtp1.other.org] user2 at yourdomain.org:credentials_for_user_2 Run : postmap /etc/postfix/sasl_passwd # enable/using SASL /etc/postfix/sasl/smtpd.conf pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: PLAIN LOGIN Next, we need to create the credentials for a client that will be allowed to connect to the Postfix server: saslpasswd2 -c -u yourdomain.org user sasldblistusers2 user at yourdomain.org: userPassword # Postfix on Ubuntu runs in a chroot environment, we need to copy the password database so that Postfix can read it and adjust permissions cp /etc/sasldb2 /var/spool/postfix/etc/ chown postfix:sasl /var/spool/postfix/etc/sasldb2 chmod 660 /var/spool/postfix/etc/sasldb2 Settings for sasl : /etc/default/saslauthd START=yes PWDIR="/var/spool/postfix/var/run/saslauthd" PARAMS="-m ${PWDIR}" PIDFILE="${PWDIR}/saslauthd.pid" DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="sasldb" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" dpkg-statoverride --force --update --add postfix sasl 750 /var/spool/postfix/var/run/saslauthd Stop and start postfix now try again. Test with : saslfinger -s Greetz, Louis > -----Oorspronkelijk bericht----- > Van: MailScanner > [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. info] Namens Remco Barendse > Verzonden: zondag 13 juni 2021 12:58 > Aan: MailScanner mailing list > Onderwerp: MailScanner archive breaks postfix smarthost > > I use the archive function of MailScanner to send a copy > of inbound/outbound email to an email address on an external server. > Postfix is also serving as a backup for that same > domain/server to store > mail (should the server go down). > > When I do not use SmartHost, mail goes out as expected : > Jun 13 12:49:10 gw2 postfix/smtp[5226]: BBFD882A34: > to=, > relay=mail.my2nddomain.com[--.---.--.--]:25, > delay=0.76, delays=0.5/0.02/0.13/0.11, dsn=2.0.0, status=sent > (250 2.0.0 > 15DAnAAT016589 Message accepted for delivery) > Jun 13 12:49:10 gw2 MailScanner[5228]: Read 5624 hostnames from the > phishing blacklists > Jun 13 12:49:11 gw2 postfix/smtp[5227]: BBFD882A34: > to=, > relay=gmail-smtp-in.l.google.com[108.177.119.26]:25, delay=0.92, > delays=0.5/0.03/0.15/0.23, dsn=2.0.0, status=sent (250 2.0.0 OK > 1623581351 a13si5024937edy.153 - gsmtp) > Jun 13 12:49:11 gw2 postfix/qmgr[5207]: BBFD882A34: removed > > > When I enable SmartHost, it seems as if postfix doesn't use the > smarthost byt bants to do authentication on the remote mail server to > deliver the archive copy of the mail, which fails. > > Jun 13 12:11:20 gw2 postfix/qmgr[3600]: 88F9882A30: > from=, size=339, nrcpt=2 (queue active) > Jun 13 12:11:23 gw2 postfix/smtp[3966]: 88F9882A30: > to=, relay=smtp.xs4all.nl[194.109.6.51]:587, > delay=3.3, delays=1/0.09/2.2/0.06, dsn=2.0.0, status=sent (250 2.0.0 > smtp-cloud8.xs4all.net accepted mail sN5MlU4tIhqltsN > 5Pliy28 for delivery) > Jun 13 12:11:23 gw2 postfix/smtp[3964]: 88F9882A30: > to=, > relay=mail.my2nddomain.com[--.---.--.--]:25, > delay=3.1, delays=1/0.08/2/0, dsn=4.7.0, status=deferred (SASL > authentication failed; server > mail.my2nddomain.com[--.---.--.---] said: > 535 5.7.0 authentication failed) > Jun 13 12:19:30 gw2 postfix/qmgr[3600]: 88F9882A30: > from=, size=339, nrcpt=2 (queue active) > > > In my /etc/postfix/transport I have : > archive.com smtp:[mail.archive.com] > > To enable smarthost I added this to main.cf : > # Enable auth > smtp_sasl_auth_enable = yes > # Set username and password > smtp_sasl_password_maps = > static:YOUR-SMTP-USER-NAME-HERE:YOUR-SMTP-SERVER-PASSWORD-HERE > smtp_sasl_security_options = noanonymous > # Turn on tls encryption > smtp_tls_security_level = encrypt > header_size_limit = 4096000 > # Set external SMTP relay host here IP or hostname accepted > along with a port number. > relayhost = [YOUR-SMTP-SERVER-IP-HERE]:587 > > > Where am I going wrong? > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From mailscanner at barendse.to Mon Jun 14 10:20:18 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Mon, 14 Jun 2021 12:20:18 +0200 (CEST) Subject: MailScanner installer and apparmor small omission Message-ID: <747e4b8-2f1f-18fe-f3ff-8f3d63e2319@barendse.to> Found this in the Mailscanner installer script # add to include for clamd if [ -f '/etc/apparmor.d/local/usr.sbin.clamd' ]; then echo '/var/spool/MailScanner/incoming/** krw,' > /etc/apparmor.d/local/usr.sbin.clamd echo '/var/spool/MailScanner/incoming/** ix,' >> /etc/apparmor.d/local/usr.sbin.clamd fi Shouldnt it also uncomment the line to use it though? >From /etc/apparmor.d/usr.sbin.clamd # Site-specific additions and overrides. See local/README for details. #include From mailscanner at barendse.to Mon Jun 14 11:21:11 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Mon, 14 Jun 2021 13:21:11 +0200 (CEST) Subject: MailScanner archive breaks postfix smarthost In-Reply-To: References: <51612b8-cf3d-fd8d-50ec-1dacff06b5b@barendse.to> Message-ID: Mark Sapiro and you nailed it exactly. I think postfix doesn't like when authentication is enabled but there are transport mappings for servers that do not need authentication to receive the mail. Removing the transport mapping like Mark suggested would probably fix it but the server would then also stop working as a backup to queue mail in case the destination server goes down. Probably the easiest is as you suggested to enable authentication on the other server and deliver it to port 587. I'll go through your instructions below and see how things go. First have to fix MailScanner which is not processing mail, will open a new thread for that. Thanks!! On Mon, 14 Jun 2021, L.P.H. van Belle via MailScanner wrote: > Remco, > > As far i can see, 2 options.. Forwarding where google blocks it or the smtp relay isnt correct. > > 535 5.7.0 authentication failed << this one.. > > The sending domain (yours), what is configured on it like, is any SPF/DKIM/DMARC > done, because if not, gmail might be blocking you. > > https://support.google.com/mail/troubleshooter/2696779 > * i run it with these. > - What is the issue? > Sent emails are ?Temp failed / Rejected? or classified as ?Spam/Phishing? > > -From where do you send messages that are blocked or filtered to Spam? > I send from my own domain > > - Messages from your domain can be flagged as spam if your servers are used as an open relay > or have been compromised by a virus or malware. You can run a scan of your system to check for these problems. > Was your email server compromised? > No > > - Was the email unauthenticated? > No > > Please verify that you: > > Sign messages with DKIM. Gmail doesn't authenticate messages signed with keys that use fewer than 1024 bits. > Publish a SPF Record. > Publish a DMARC policy. > > After this point if you see no again. > > I had a simular one last week on one of my brothers domain. > > #### > The other option is. > Your smtp auth setup looks bit off. > > # SMTP Client > relayhost = [smtp.xs4all.nl]:465 or [smtp.xs4all.nl]:587 try both. > smtp_sasl_auth_enable = yes > # > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_sasl_security_options = noanonymous > smtp_sasl_tls_security_options = noanonymous > smtp_tls_security_level = encrypt > smtpd_tls_auth_only = no > header_size_limit = 4096000 > broken_sasl_auth_clients = yes > smtpd_sasl_auth_enable = yes > > /etc/postfix/sasl_passwd > # password file the the relay hosts and its authentication format > [smtp.xs4all.nl] user at yourdomain.org:credentials_for_domain_from_xs4all > [smtp.other.org] user2 at yourdomain.org:credentials_for_user_2 > [smtp1.other.org] user2 at yourdomain.org:credentials_for_user_2 > > Run : postmap /etc/postfix/sasl_passwd > > # enable/using SASL > /etc/postfix/sasl/smtpd.conf > pwcheck_method: auxprop > auxprop_plugin: sasldb > mech_list: PLAIN LOGIN > > > Next, we need to create the credentials for a client that will be allowed to connect to the Postfix server: > saslpasswd2 -c -u yourdomain.org user > sasldblistusers2 > user at yourdomain.org: userPassword > > # Postfix on Ubuntu runs in a chroot environment, > we need to copy the password database so that Postfix can read it and adjust permissions > cp /etc/sasldb2 /var/spool/postfix/etc/ > chown postfix:sasl /var/spool/postfix/etc/sasldb2 > chmod 660 /var/spool/postfix/etc/sasldb2 > > > Settings for sasl : /etc/default/saslauthd > START=yes > PWDIR="/var/spool/postfix/var/run/saslauthd" > PARAMS="-m ${PWDIR}" > PIDFILE="${PWDIR}/saslauthd.pid" > DESC="SASL Authentication Daemon" > NAME="saslauthd" > MECHANISMS="sasldb" > MECH_OPTIONS="" > THREADS=5 > OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" > > dpkg-statoverride --force --update --add postfix sasl 750 /var/spool/postfix/var/run/saslauthd > > Stop and start postfix now try again. > Test with : saslfinger -s > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: MailScanner >> [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. > info] Namens Remco Barendse >> Verzonden: zondag 13 juni 2021 12:58 >> Aan: MailScanner mailing list >> Onderwerp: MailScanner archive breaks postfix smarthost >> >> I use the archive function of MailScanner to send a copy >> of inbound/outbound email to an email address on an external server. >> Postfix is also serving as a backup for that same >> domain/server to store >> mail (should the server go down). >> >> When I do not use SmartHost, mail goes out as expected : >> Jun 13 12:49:10 gw2 postfix/smtp[5226]: BBFD882A34: >> to=, >> relay=mail.my2nddomain.com[--.---.--.--]:25, >> delay=0.76, delays=0.5/0.02/0.13/0.11, dsn=2.0.0, status=sent >> (250 2.0.0 >> 15DAnAAT016589 Message accepted for delivery) >> Jun 13 12:49:10 gw2 MailScanner[5228]: Read 5624 hostnames from the >> phishing blacklists >> Jun 13 12:49:11 gw2 postfix/smtp[5227]: BBFD882A34: >> to=, >> relay=gmail-smtp-in.l.google.com[108.177.119.26]:25, delay=0.92, >> delays=0.5/0.03/0.15/0.23, dsn=2.0.0, status=sent (250 2.0.0 OK >> 1623581351 a13si5024937edy.153 - gsmtp) >> Jun 13 12:49:11 gw2 postfix/qmgr[5207]: BBFD882A34: removed >> >> >> When I enable SmartHost, it seems as if postfix doesn't use the >> smarthost byt bants to do authentication on the remote mail server to >> deliver the archive copy of the mail, which fails. >> >> Jun 13 12:11:20 gw2 postfix/qmgr[3600]: 88F9882A30: >> from=, size=339, nrcpt=2 (queue active) >> Jun 13 12:11:23 gw2 postfix/smtp[3966]: 88F9882A30: >> to=, relay=smtp.xs4all.nl[194.109.6.51]:587, >> delay=3.3, delays=1/0.09/2.2/0.06, dsn=2.0.0, status=sent (250 2.0.0 >> smtp-cloud8.xs4all.net accepted mail sN5MlU4tIhqltsN >> 5Pliy28 for delivery) > >> Jun 13 12:11:23 gw2 postfix/smtp[3964]: 88F9882A30: >> to=, >> relay=mail.my2nddomain.com[--.---.--.--]:25, >> delay=3.1, delays=1/0.08/2/0, dsn=4.7.0, status=deferred (SASL >> authentication failed; server >> mail.my2nddomain.com[--.---.--.---] said: >> 535 5.7.0 authentication failed) >> Jun 13 12:19:30 gw2 postfix/qmgr[3600]: 88F9882A30: >> from=, size=339, nrcpt=2 (queue active) >> >> >> In my /etc/postfix/transport I have : >> archive.com smtp:[mail.archive.com] >> >> To enable smarthost I added this to main.cf : >> # Enable auth >> smtp_sasl_auth_enable = yes >> # Set username and password >> smtp_sasl_password_maps = >> static:YOUR-SMTP-USER-NAME-HERE:YOUR-SMTP-SERVER-PASSWORD-HERE >> smtp_sasl_security_options = noanonymous >> # Turn on tls encryption >> smtp_tls_security_level = encrypt >> header_size_limit = 4096000 >> # Set external SMTP relay host here IP or hostname accepted >> along with a port number. >> relayhost = [YOUR-SMTP-SERVER-IP-HERE]:587 >> >> >> Where am I going wrong? >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From mailscanner at barendse.to Mon Jun 14 11:41:19 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Mon, 14 Jun 2021 13:41:19 +0200 (CEST) Subject: Mail stuck in /var/spool/postfix/hold Message-ID: 2 days ago I had MailScanner working but mail seems to sit in /var/spool/postfix/hold until MailScanner tried 6 times and then moves it to quarantine. pyzor was causing a python trace back error but I removed pyzor and that solved the error :) I stopped apparmor just te be sure There are no errors in any logs, where can I look for clues? MailScanner --lint : Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (119) MailScanner setting UID to (116) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Auto: Found virus scanners: clamd Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 2 messages in the Processing Attempts Database Using locktype = posix No errors, anywhere jusst this in the log : Jun 14 13:37:27 gw2 MailScanner[3282]: Making attempt 2 at processing message 26A2782CA5.A6FBE Jun 14 13:11:43 gw2 MailScanner[3081]: Connected to Processing Attempts Database Jun 14 13:11:43 gw2 MailScanner[3081]: Found 6 messages in the Processing Attempts Database Jun 14 13:11:43 gw2 MailScanner[3081]: Using locktype = flock Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 at processing message D0D2882370.ACF37 Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 at processing message 4C5938221D.A960D Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Found 6 messages waiting Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Scanning 2 messages, 883327 bytes Jun 14 13:12:25 gw2 MailScanner[3006]: Warning: skipping message D0D2882370.ACF37 as it has been attempted too many times Jun 14 13:12:25 gw2 MailScanner[3006]: Quarantined message D0D2882370.ACF37 as it caused MailScanner to crash several times Jun 14 13:12:25 gw2 MailScanner[3006]: Saved entire message to /var/spool/MailScanner/quarantine/20210614/D0D2882370.ACF37 Jun 14 13:12:25 gw2 MailScanner[3081]: Warning: skipping message 4C5938221D.A960D as it has been attempted too many times Jun 14 13:12:25 gw2 MailScanner[3081]: Quarantined message 4C5938221D.A960D as it caused MailScanner to crash several times Jun 14 13:12:25 gw2 MailScanner[3081]: Saved entire message to /var/spool/MailScanner/quarantine/20210614/4C5938221D.A960D Jun 14 13:12:25 gw2 MailScanner[3081]: New Batch: Found 6 messages waiting From mark at msapiro.net Mon Jun 14 14:24:41 2021 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 14 Jun 2021 07:24:41 -0700 Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: References: Message-ID: On 6/14/21 4:41 AM, Remco Barendse wrote: > > No errors, anywhere jusst this in the log : > Jun 14 13:37:27 gw2 MailScanner[3282]: Making attempt 2 at processing > message 26A2782CA5.A6FBE > > Jun 14 13:11:43 gw2 MailScanner[3081]: Connected to Processing Attempts > Database > Jun 14 13:11:43 gw2 MailScanner[3081]: Found 6 messages in the > Processing Attempts Database > Jun 14 13:11:43 gw2 MailScanner[3081]: Using locktype = flock > Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 at processing > message D0D2882370.ACF37 > Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 at processing > message 4C5938221D.A960D > Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Found 6 messages waiting > Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Scanning 2 messages, > 883327 bytes > Jun 14 13:12:25 gw2 MailScanner[3006]: Warning: skipping message > D0D2882370.ACF37 as it has been attempted too many times > Jun 14 13:12:25 gw2 MailScanner[3006]: Quarantined message > D0D2882370.ACF37 as it caused MailScanner to crash several times > Jun 14 13:12:25 gw2 MailScanner[3006]: Saved entire message to > /var/spool/MailScanner/quarantine/20210614/D0D2882370.ACF37 > Jun 14 13:12:25 gw2 MailScanner[3081]: Warning: skipping message > 4C5938221D.A960D as it has been attempted too many times > Jun 14 13:12:25 gw2 MailScanner[3081]: Quarantined message > 4C5938221D.A960D as it caused MailScanner to crash several times > Jun 14 13:12:25 gw2 MailScanner[3081]: Saved entire message to > /var/spool/MailScanner/quarantine/20210614/4C5938221D.A960D > Jun 14 13:12:25 gw2 MailScanner[3081]: New Batch: Found 6 messages waiting There should be errors logged from the earlier attempts to process the messages, perhaps they are in an older, rotated log. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner at barendse.to Tue Jun 15 12:05:11 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Tue, 15 Jun 2021 14:05:11 +0200 (CEST) Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: References:

Message-ID: I checked the log all the way up, no error messages. Just warnings root at gw2:~# cat /var/log/mail.log | grep -i 6EC7682C7E.A8770 Jun 15 13:57:18 gw2 MailScanner[2886]: Making attempt 2 at processing message 6EC7682C7E.A8770 Jun 15 14:00:22 gw2 MailScanner[3167]: Making attempt 3 at processing message 6EC7682C7E.A8770 MailScanner --lint says all is OK and messages sit in /var/spool/postfix/hold until they are quarantined I did a complete re-install this morning of the server, started from fresh install of Ubuntu 20.04 and proceeded immediately to install MailScanner and ran ms-config, did not install any package. Same result.... Getting a little desperate root at gw2:~# MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Reading configuration file /etc/MailScanner/conf.d/postfix.conf Read 1500 hostnames from the phishing whitelist Read 5527 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (5.3.4) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (121) MailScanner setting UID to (118) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: registryboundaries: no tlds defined, need to run sa-update SpamAssassin reported no errors. Auto: Found virus scanners: clamd Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 14 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::INFECTED:: Win.Test.EICAR_HDB-1 :: ./1/eicar.com Virus Scanning: Clamd found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Win.Test.EICAR_HDB-1" If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. On Mon, 14 Jun 2021, Mark Sapiro wrote: > On 6/14/21 4:41 AM, Remco Barendse wrote: >> >> No errors, anywhere jusst this in the log : >> Jun 14 13:37:27 gw2 MailScanner[3282]: Making attempt 2 at processing >> message 26A2782CA5.A6FBE >> >> Jun 14 13:11:43 gw2 MailScanner[3081]: Connected to Processing Attempts >> Database >> Jun 14 13:11:43 gw2 MailScanner[3081]: Found 6 messages in the Processing >> Attempts Database >> Jun 14 13:11:43 gw2 MailScanner[3081]: Using locktype = flock >> Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 at processing >> message D0D2882370.ACF37 >> Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 at processing >> message 4C5938221D.A960D >> Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Found 6 messages waiting >> Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Scanning 2 messages, >> 883327 bytes >> Jun 14 13:12:25 gw2 MailScanner[3006]: Warning: skipping message >> D0D2882370.ACF37 as it has been attempted too many times >> Jun 14 13:12:25 gw2 MailScanner[3006]: Quarantined message >> D0D2882370.ACF37 as it caused MailScanner to crash several times >> Jun 14 13:12:25 gw2 MailScanner[3006]: Saved entire message to >> /var/spool/MailScanner/quarantine/20210614/D0D2882370.ACF37 >> Jun 14 13:12:25 gw2 MailScanner[3081]: Warning: skipping message >> 4C5938221D.A960D as it has been attempted too many times >> Jun 14 13:12:25 gw2 MailScanner[3081]: Quarantined message >> 4C5938221D.A960D as it caused MailScanner to crash several times >> Jun 14 13:12:25 gw2 MailScanner[3081]: Saved entire message to >> /var/spool/MailScanner/quarantine/20210614/4C5938221D.A960D >> Jun 14 13:12:25 gw2 MailScanner[3081]: New Batch: Found 6 messages waiting > > > There should be errors logged from the earlier attempts to process the > messages, perhaps they are in an older, rotated log. > > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From belle at bazuin.nl Tue Jun 15 13:26:24 2021 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Tue, 15 Jun 2021 15:26:24 +0200 Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: References: Message-ID: Any error when you run this? egrep -i "invalid|error|reject|deny" /var/log/mail.log Review this again, you never know, maybe you did miss a small thing. https://www.mailscanner.info/postfix/ And did you make sure these linese are last in checks_header.pcre ## We need to put incoming to the HOLD QUEUE for MailScanner /^Received:/ HOLD I havent had the time yet to start on the new mailscanner setup. I have a kopano install first to finish. :-( But tip. Any file you put in here.. /etc/MailScanner/conf.d/ Like : Reading configuration file /etc/MailScanner/conf.d/postfix.conf Number them. The loading order might conflict. /etc/MailScanner/conf.d/01-company-base.conf /etc/MailScanner/conf.d/02-postfix.conf /etc/MailScanner/conf.d/03-something-else.conf All rights on folders are checked? Greetz, Louis > -----Oorspronkelijk bericht----- > Van: MailScanner > [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. > info] Namens Remco Barendse > Verzonden: dinsdag 15 juni 2021 14:05 > Aan: MailScanner Discussion > Onderwerp: Re: Mail stuck in /var/spool/postfix/hold > > I checked the log all the way up, no error messages. Just warnings > > root at gw2:~# cat /var/log/mail.log | grep -i 6EC7682C7E.A8770 > Jun 15 13:57:18 gw2 MailScanner[2886]: Making attempt 2 at processing > message 6EC7682C7E.A8770 > Jun 15 14:00:22 gw2 MailScanner[3167]: Making attempt 3 at processing > message 6EC7682C7E.A8770 > > MailScanner --lint says all is OK and messages sit in > /var/spool/postfix/hold until they are quarantined > > I did a complete re-install this morning of the server, > started from fresh > install of Ubuntu 20.04 and proceeded immediately to install > MailScanner > and ran ms-config, did not install any package. > > Same result.... Getting a little desperate > > root at gw2:~# MailScanner --lint > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Reading configuration file /etc/MailScanner/conf.d/postfix.conf > Read 1500 hostnames from the phishing whitelist > Read 5527 hostnames from the phishing blacklists > > Checking version numbers... > Version number in MailScanner.conf (5.3.4) is correct. > > Your envelope_sender_header in spamassassin.conf is correct. > MailScanner setting GID to (121) > MailScanner setting UID to (118) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > config: registryboundaries: no tlds defined, need to run sa-update > SpamAssassin reported no errors. > Auto: Found virus scanners: clamd > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 14 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamd > ============================================================== > ============= > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Clamd::INFECTED:: Win.Test.EICAR_HDB-1 :: ./1/eicar.com > Virus Scanning: Clamd found 2 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 2 viruses > ============================================================== > ============= > Virus Scanner test reports: > Clamd said "eicar.com was infected: Win.Test.EICAR_HDB-1" > > If any of your virus scanners (clamd) > are not listed there, you should check that they are > installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > > > > > > On Mon, 14 Jun 2021, Mark Sapiro wrote: > > > On 6/14/21 4:41 AM, Remco Barendse wrote: > >> > >> No errors, anywhere jusst this in the log : > >> Jun 14 13:37:27 gw2 MailScanner[3282]: Making attempt 2 > at processing > >> message 26A2782CA5.A6FBE > >> > >> Jun 14 13:11:43 gw2 MailScanner[3081]: Connected to > Processing Attempts > >> Database > >> Jun 14 13:11:43 gw2 MailScanner[3081]: Found 6 messages > in the Processing > >> Attempts Database > >> Jun 14 13:11:43 gw2 MailScanner[3081]: Using locktype = flock > >> Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 > at processing > >> message D0D2882370.ACF37 > >> Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 > at processing > >> message 4C5938221D.A960D > >> Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Found 6 > messages waiting > >> Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: > Scanning 2 messages, > >> 883327 bytes > >> Jun 14 13:12:25 gw2 MailScanner[3006]: Warning: skipping message > >> D0D2882370.ACF37 as it has been attempted too many times > >> Jun 14 13:12:25 gw2 MailScanner[3006]: Quarantined message > >> D0D2882370.ACF37 as it caused MailScanner to crash several times > >> Jun 14 13:12:25 gw2 MailScanner[3006]: Saved entire message to > >> /var/spool/MailScanner/quarantine/20210614/D0D2882370.ACF37 > >> Jun 14 13:12:25 gw2 MailScanner[3081]: Warning: skipping message > >> 4C5938221D.A960D as it has been attempted too many times > >> Jun 14 13:12:25 gw2 MailScanner[3081]: Quarantined message > >> 4C5938221D.A960D as it caused MailScanner to crash several times > >> Jun 14 13:12:25 gw2 MailScanner[3081]: Saved entire message to > >> /var/spool/MailScanner/quarantine/20210614/4C5938221D.A960D > >> Jun 14 13:12:25 gw2 MailScanner[3081]: New Batch: Found 6 > messages waiting > > > > > > There should be errors logged from the earlier attempts to > process the > > messages, perhaps they are in an older, rotated log. > > > > > > -- > > Mark Sapiro The highway is for gamblers, > > San Francisco Bay Area, California better use your sense > - B. Dylan > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From thom at vdb.nl Tue Jun 15 13:47:04 2021 From: thom at vdb.nl (Thom van der Boon) Date: Tue, 15 Jun 2021 13:47:04 +0000 (UTC) Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: References:

Message-ID: <753785009.81200.1623764824728.JavaMail.zimbra@vdb.nl> Remco, Take a look at the syslog (cat /var/log/syslog) AppArmour logs errors there and not in the maillog Met vriendelijke groet, Mit freundlichen Gr??en, Best regards, Thom van der Boon E-Mail: thom at vdb.nl Van: "Remco Barendse" Aan: "MailScanner Discussion" Verzonden: Dinsdag 15 juni 2021 14:05:11 Onderwerp: Re: Mail stuck in /var/spool/postfix/hold I checked the log all the way up, no error messages. Just warnings root at gw2:~# cat /var/log/mail.log | grep -i 6EC7682C7E.A8770 Jun 15 13:57:18 gw2 MailScanner[2886]: Making attempt 2 at processing message 6EC7682C7E.A8770 Jun 15 14:00:22 gw2 MailScanner[3167]: Making attempt 3 at processing message 6EC7682C7E.A8770 MailScanner --lint says all is OK and messages sit in /var/spool/postfix/hold until they are quarantined I did a complete re-install this morning of the server, started from fresh install of Ubuntu 20.04 and proceeded immediately to install MailScanner and ran ms-config, did not install any package. Same result.... Getting a little desperate root at gw2:~# MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Reading configuration file /etc/MailScanner/conf.d/postfix.conf Read 1500 hostnames from the phishing whitelist Read 5527 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (5.3.4) is correct. Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (121) MailScanner setting UID to (118) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: registryboundaries: no tlds defined, need to run sa-update SpamAssassin reported no errors. Auto: Found virus scanners: clamd Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 14 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::INFECTED:: Win.Test.EICAR_HDB-1 :: ./1/eicar.com Virus Scanning: Clamd found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Win.Test.EICAR_HDB-1" If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. On Mon, 14 Jun 2021, Mark Sapiro wrote: > On 6/14/21 4:41 AM, Remco Barendse wrote: >> >> No errors, anywhere jusst this in the log : >> Jun 14 13:37:27 gw2 MailScanner[3282]: Making attempt 2 at processing >> message 26A2782CA5.A6FBE >> >> Jun 14 13:11:43 gw2 MailScanner[3081]: Connected to Processing Attempts >> Database >> Jun 14 13:11:43 gw2 MailScanner[3081]: Found 6 messages in the Processing >> Attempts Database >> Jun 14 13:11:43 gw2 MailScanner[3081]: Using locktype = flock >> Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 at processing >> message D0D2882370.ACF37 >> Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 at processing >> message 4C5938221D.A960D >> Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Found 6 messages waiting >> Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Scanning 2 messages, >> 883327 bytes >> Jun 14 13:12:25 gw2 MailScanner[3006]: Warning: skipping message >> D0D2882370.ACF37 as it has been attempted too many times >> Jun 14 13:12:25 gw2 MailScanner[3006]: Quarantined message >> D0D2882370.ACF37 as it caused MailScanner to crash several times >> Jun 14 13:12:25 gw2 MailScanner[3006]: Saved entire message to >> /var/spool/MailScanner/quarantine/20210614/D0D2882370.ACF37 >> Jun 14 13:12:25 gw2 MailScanner[3081]: Warning: skipping message >> 4C5938221D.A960D as it has been attempted too many times >> Jun 14 13:12:25 gw2 MailScanner[3081]: Quarantined message >> 4C5938221D.A960D as it caused MailScanner to crash several times >> Jun 14 13:12:25 gw2 MailScanner[3081]: Saved entire message to >> /var/spool/MailScanner/quarantine/20210614/4C5938221D.A960D >> Jun 14 13:12:25 gw2 MailScanner[3081]: New Batch: Found 6 messages waiting > > > There should be errors logged from the earlier attempts to process the > messages, perhaps they are in an older, rotated log. > > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at barendse.to Tue Jun 15 18:06:59 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Tue, 15 Jun 2021 20:06:59 +0200 (CEST) Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: <753785009.81200.1623764824728.JavaMail.zimbra@vdb.nl> References:

<753785009.81200.1623764824728.JavaMail.zimbra@vdb.nl> Message-ID: Thanks! I checked but didn't see any apparmor errors or anything that relates to mail, only that MailScanner gets killed : Jun 15 19:54:37 gw2 MailScanner: Process did not exit cleanly, returned 13 with signal 0 Some other snippets, not sure if relevant : Jun 15 19:52:54 gw2 MailScanner[2110]: Requeue: B66CD615E7.A430A to D129F61636 Jun 15 19:52:54 gw2 MailScanner[2110]: Uninfected: Delivered 8 messages Jun 15 19:52:54 gw2 postfix/qmgr[1430]: AD5CC6163C: from=, size=376, nrcpt=1 (queue active) Jun 15 19:52:54 gw2 MailScanner[2110]: Deleted 8 messages from processing-database On your website is stated : # For use with MailScanner in /etc/apparmor.d/usr.sbin.clamd /var/spool/MailScanner/** rw, /var/spool/MailScanner/incoming/** rw, Whereas the MailScanner installer adds /etc/apparmor.d/local/usr.sbin.clamd /var/spool/MailScanner/incoming/** krw, /var/spool/MailScanner/incoming/** ix, But....... the include is not commented out in /etc/apparmor.d/usr.sbin.clamd # Site-specific additions and overrides. See local/README for details. #include I tried both and uncommented that line, no dice Mail does end up in the "hold" directory but just sits there until quarantined If i add mail from quarantine back into /var/spool/postfix/hold, /var/log/mail.log just says this : Jun 15 19:54:37 gw2 MailScanner[2194]: New Batch: Scanning 1 messages, 61782 bytes Jun 15 19:54:38 gw2 MailScanner[2527]: MailScanner Email Processor version 5.3.4 starting... Jun 15 19:54:38 gw2 MailScanner[2527]: Reading configuration file /etc/MailScanner/MailScanner.conf Jun 15 19:54:38 gw2 MailScanner[2527]: Reading configuration file /etc/MailScanner/conf.d/README Jun 15 19:54:38 gw2 MailScanner[2527]: Reading configuration file /etc/MailScanner/conf.d/postfix.conf Jun 15 19:54:38 gw2 MailScanner[2527]: Read 1500 hostnames from the phishing whitelist Jun 15 19:54:38 gw2 MailScanner[2527]: Read 5527 hostnames from the phishing blacklists Jun 15 19:54:38 gw2 MailScanner[2527]: Using SpamAssassin results cache Jun 15 19:54:38 gw2 MailScanner[2527]: Connected to SpamAssassin cache database Jun 15 19:54:38 gw2 MailScanner[2527]: Enabling SpamAssassin auto-whitelist functionality... Jun 15 19:54:38 gw2 MailScanner[2527]: Auto: Found virus scanners: clamd Jun 15 19:54:38 gw2 MailScanner[2527]: Connected to Processing Attempts Database Jun 15 19:54:38 gw2 MailScanner[2527]: Found 14 messages in the Processing Attempts Database Jun 15 19:54:38 gw2 MailScanner[2527]: Using locktype = flock On Tue, 15 Jun 2021, Thom van der Boon wrote: > Remco, > > Take a look at the syslog (cat /var/log/syslog) AppArmour logs errors there and not in the maillog > > > Met vriendelijke groet, Mit freundlichen Gr??en, Best regards, > > > Thom van der Boon > E-Mail: thom at vdb.nl > > __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ > Van: "Remco Barendse" > Aan: "MailScanner Discussion" > Verzonden: Dinsdag 15 juni 2021 14:05:11 > Onderwerp: Re: Mail stuck in /var/spool/postfix/hold > > I checked the log all the way up, no error messages. Just warnings > > root at gw2:~# cat /var/log/mail.log | grep -i 6EC7682C7E.A8770 > Jun 15 13:57:18 gw2 MailScanner[2886]: Making attempt 2 at processing > message 6EC7682C7E.A8770 > Jun 15 14:00:22 gw2 MailScanner[3167]: Making attempt 3 at processing > message 6EC7682C7E.A8770 > > MailScanner --lint says all is OK and messages sit in > /var/spool/postfix/hold until they are quarantined > > I did a complete re-install this morning of the server, started from fresh > install of Ubuntu 20.04 and proceeded immediately to install MailScanner > and ran ms-config, did not install any package. > > Same result.... ?Getting a little desperate > > root at gw2:~# MailScanner --lint > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Reading configuration file /etc/MailScanner/conf.d/postfix.conf > Read 1500 hostnames from the phishing whitelist > Read 5527 hostnames from the phishing blacklists > > Checking version numbers... > Version number in MailScanner.conf (5.3.4) is correct. > > Your envelope_sender_header in spamassassin.conf is correct. > MailScanner setting GID to ?(121) > MailScanner setting UID to ?(118) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > config: registryboundaries: no tlds defined, need to run sa-update > SpamAssassin reported no errors. > Auto: Found virus scanners: clamd > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 14 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamd > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Clamd::INFECTED:: Win.Test.EICAR_HDB-1 :: ./1/eicar.com > Virus Scanning: Clamd found 2 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 2 viruses > =========================================================================== > Virus Scanner test reports: > Clamd said "eicar.com was infected: Win.Test.EICAR_HDB-1" > > If any of your virus scanners (clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > > > > > > On Mon, 14 Jun 2021, Mark Sapiro wrote: > > > On 6/14/21 4:41 AM, Remco Barendse wrote: > >> > >> ?No errors, anywhere jusst this in the log : > >> ?Jun 14 13:37:27 gw2 MailScanner[3282]: Making attempt 2 at processing > >> ?message 26A2782CA5.A6FBE > >> > >> ?Jun 14 13:11:43 gw2 MailScanner[3081]: Connected to Processing Attempts > >> ?Database > >> ?Jun 14 13:11:43 gw2 MailScanner[3081]: Found 6 messages in the Processing > >> ?Attempts Database > >> ?Jun 14 13:11:43 gw2 MailScanner[3081]: Using locktype = flock > >> ?Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 at processing > >> ?message D0D2882370.ACF37 > >> ?Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 at processing > >> ?message 4C5938221D.A960D > >> ?Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Found 6 messages waiting > >> ?Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Scanning 2 messages, > >> ?883327 bytes > >> ?Jun 14 13:12:25 gw2 MailScanner[3006]: Warning: skipping message > >> ?D0D2882370.ACF37 as it has been attempted too many times > >> ?Jun 14 13:12:25 gw2 MailScanner[3006]: Quarantined message > >> ?D0D2882370.ACF37 as it caused MailScanner to crash several times > >> ?Jun 14 13:12:25 gw2 MailScanner[3006]: Saved entire message to > >> ?/var/spool/MailScanner/quarantine/20210614/D0D2882370.ACF37 > >> ?Jun 14 13:12:25 gw2 MailScanner[3081]: Warning: skipping message > >> ?4C5938221D.A960D as it has been attempted too many times > >> ?Jun 14 13:12:25 gw2 MailScanner[3081]: Quarantined message > >> ?4C5938221D.A960D as it caused MailScanner to crash several times > >> ?Jun 14 13:12:25 gw2 MailScanner[3081]: Saved entire message to > >> ?/var/spool/MailScanner/quarantine/20210614/4C5938221D.A960D > >> ?Jun 14 13:12:25 gw2 MailScanner[3081]: New Batch: Found 6 messages waiting > > > > > > There should be errors logged from the earlier attempts to process the > > messages, perhaps they are in an older, rotated log. > > > > > > -- > > Mark Sapiro ? ? ? ?The highway is for gamblers, > > San Francisco Bay Area, California ? ?better use your sense - B. Dylan > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From mailscanner at barendse.to Tue Jun 15 18:21:37 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Tue, 15 Jun 2021 20:21:37 +0200 (CEST) Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: References:

Message-ID: <6fa3c4c7-7ea8-2632-77c1-e9cf9fa0f295@barendse.to> On Tue, 15 Jun 2021, L.P.H. van Belle via MailScanner wrote: > Any error when you run this? > > egrep -i "invalid|error|reject|deny" /var/log/mail.log Nothing! > > Review this again, you never know, maybe you did miss a small thing. > > https://www.mailscanner.info/postfix/ Check! All there > And did you make sure these linese are last in checks_header.pcre > ## We need to put incoming to the HOLD QUEUE for MailScanner > /^Received:/ HOLD Yes, that and the line in main.cf to activate it : header_checks = regexp:/etc/postfix/header_checks > > I havent had the time yet to start on the new mailscanner setup. > I have a kopano install first to finish. :-( > > But tip. Any file you put in here.. /etc/MailScanner/conf.d/ > Like : > Reading configuration file /etc/MailScanner/conf.d/postfix.conf > > Number them. The loading order might conflict. > /etc/MailScanner/conf.d/01-company-base.conf > /etc/MailScanner/conf.d/02-postfix.conf > /etc/MailScanner/conf.d/03-something-else.conf Yes, i already did have! > All rights on folders are checked? I just let the MailScanner installer take care of it : root at gw2:~# ls -lasp /var/spool/MailScanner 32 drwxr-xr-x. 872 mail mtagroup 32768 Jun 13 06:12 archive/ 0 drwxrwx--- 14 root mtagroup 320 Jun 15 20:04 incoming/ 4 drwxrwxr-x 2 postfix mtagroup 4096 Jun 15 11:35 milterin/ 4 drwxrwxr-x 2 postfix mtagroup 4096 Jun 15 11:35 milterout/ 4 drwxrwxr-x 3 postfix postfix 4096 Jun 15 20:04 quarantine/ But everything inside incoming is : 0 drwxrwx--- 2 postfix mtagroup 60 Jun 15 19:54 2174/ I changed it into postfix.postfix as suggested here https://www.mailscanner.info/postfix/ but....... no dice Mail makes into the /var/spool/MailScanner/incoming/2236 but never leaves Thanks!! > > Greetz, > > Louis > >> -----Oorspronkelijk bericht----- >> Van: MailScanner >> [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. >> info] Namens Remco Barendse >> Verzonden: dinsdag 15 juni 2021 14:05 >> Aan: MailScanner Discussion >> Onderwerp: Re: Mail stuck in /var/spool/postfix/hold >> >> I checked the log all the way up, no error messages. Just warnings >> >> root at gw2:~# cat /var/log/mail.log | grep -i 6EC7682C7E.A8770 >> Jun 15 13:57:18 gw2 MailScanner[2886]: Making attempt 2 at processing >> message 6EC7682C7E.A8770 >> Jun 15 14:00:22 gw2 MailScanner[3167]: Making attempt 3 at processing >> message 6EC7682C7E.A8770 >> >> MailScanner --lint says all is OK and messages sit in >> /var/spool/postfix/hold until they are quarantined >> >> I did a complete re-install this morning of the server, >> started from fresh >> install of Ubuntu 20.04 and proceeded immediately to install >> MailScanner >> and ran ms-config, did not install any package. >> >> Same result.... Getting a little desperate >> >> root at gw2:~# MailScanner --lint >> Trying to setlogsock(unix) >> >> Reading configuration file /etc/MailScanner/MailScanner.conf >> Reading configuration file /etc/MailScanner/conf.d/README >> Reading configuration file /etc/MailScanner/conf.d/postfix.conf >> Read 1500 hostnames from the phishing whitelist >> Read 5527 hostnames from the phishing blacklists >> >> Checking version numbers... >> Version number in MailScanner.conf (5.3.4) is correct. >> >> Your envelope_sender_header in spamassassin.conf is correct. >> MailScanner setting GID to (121) >> MailScanner setting UID to (118) >> >> Checking for SpamAssassin errors (if you use it)... >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database >> config: registryboundaries: no tlds defined, need to run sa-update >> SpamAssassin reported no errors. >> Auto: Found virus scanners: clamd >> Connected to Processing Attempts Database >> Created Processing Attempts Database successfully >> There are 14 messages in the Processing Attempts Database >> Using locktype = posix >> MailScanner.conf says "Virus Scanners = auto" >> Found these virus scanners installed: clamd >> ============================================================== >> ============= >> Filename Checks: Windows/DOS Executable (1 eicar.com) >> Other Checks: Found 1 problems >> Virus and Content Scanning: Starting >> Clamd::INFECTED:: Win.Test.EICAR_HDB-1 :: ./1/eicar.com >> Virus Scanning: Clamd found 2 infections >> Infected message 1 came from 10.1.1.1 >> Virus Scanning: Found 2 viruses >> ============================================================== >> ============= >> Virus Scanner test reports: >> Clamd said "eicar.com was infected: Win.Test.EICAR_HDB-1" >> >> If any of your virus scanners (clamd) >> are not listed there, you should check that they are >> installed correctly >> and that MailScanner is finding them correctly via its >> virus.scanners.conf. >> >> >> >> >> >> >> On Mon, 14 Jun 2021, Mark Sapiro wrote: >> >>> On 6/14/21 4:41 AM, Remco Barendse wrote: >>>> >>>> No errors, anywhere jusst this in the log : >>>> Jun 14 13:37:27 gw2 MailScanner[3282]: Making attempt 2 >> at processing >>>> message 26A2782CA5.A6FBE >>>> >>>> Jun 14 13:11:43 gw2 MailScanner[3081]: Connected to >> Processing Attempts >>>> Database >>>> Jun 14 13:11:43 gw2 MailScanner[3081]: Found 6 messages >> in the Processing >>>> Attempts Database >>>> Jun 14 13:11:43 gw2 MailScanner[3081]: Using locktype = flock >>>> Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 >> at processing >>>> message D0D2882370.ACF37 >>>> Jun 14 13:12:25 gw2 MailScanner[2890]: Making attempt 6 >> at processing >>>> message 4C5938221D.A960D >>>> Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: Found 6 >> messages waiting >>>> Jun 14 13:12:25 gw2 MailScanner[2890]: New Batch: >> Scanning 2 messages, >>>> 883327 bytes >>>> Jun 14 13:12:25 gw2 MailScanner[3006]: Warning: skipping message >>>> D0D2882370.ACF37 as it has been attempted too many times >>>> Jun 14 13:12:25 gw2 MailScanner[3006]: Quarantined message >>>> D0D2882370.ACF37 as it caused MailScanner to crash several times >>>> Jun 14 13:12:25 gw2 MailScanner[3006]: Saved entire message to >>>> /var/spool/MailScanner/quarantine/20210614/D0D2882370.ACF37 >>>> Jun 14 13:12:25 gw2 MailScanner[3081]: Warning: skipping message >>>> 4C5938221D.A960D as it has been attempted too many times >>>> Jun 14 13:12:25 gw2 MailScanner[3081]: Quarantined message >>>> 4C5938221D.A960D as it caused MailScanner to crash several times >>>> Jun 14 13:12:25 gw2 MailScanner[3081]: Saved entire message to >>>> /var/spool/MailScanner/quarantine/20210614/4C5938221D.A960D >>>> Jun 14 13:12:25 gw2 MailScanner[3081]: New Batch: Found 6 >> messages waiting >>> >>> >>> There should be errors logged from the earlier attempts to >> process the >>> messages, perhaps they are in an older, rotated log. >>> >>> >>> -- >>> Mark Sapiro The highway is for gamblers, >>> San Francisco Bay Area, California better use your sense >> - B. Dylan >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > From mark at msapiro.net Tue Jun 15 18:44:39 2021 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 15 Jun 2021 11:44:39 -0700 Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: References:

<753785009.81200.1623764824728.JavaMail.zimbra@vdb.nl> Message-ID: <63a56d48-f3e0-ce72-1aa9-ad33618b8c06@msapiro.net> On 6/15/21 11:06 AM, Remco Barendse wrote: > Thanks!? I checked but didn't see any apparmor errors or anything that > relates to mail, only that MailScanner gets killed : > > Jun 15 19:54:37 gw2 MailScanner: Process did not exit cleanly, returned > 13 with signal 0 This is the relevant message. This (status 13) is a permissions error. What are the MailScanner settings for Run As User and Run As Group? What does groups xxx where xxx is the Run As User show? what does ls -l /var/spool/MailScanner show? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner at barendse.to Tue Jun 15 22:00:37 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Wed, 16 Jun 2021 00:00:37 +0200 (CEST) Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: <63a56d48-f3e0-ce72-1aa9-ad33618b8c06@msapiro.net> References:

<753785009.81200.1623764824728.JavaMail.zimbra@vdb.nl> <63a56d48-f3e0-ce72-1aa9-ad33618b8c06@msapiro.net> Message-ID: On Tue, 15 Jun 2021, Mark Sapiro wrote: > On 6/15/21 11:06 AM, Remco Barendse wrote: >> Thanks!? I checked but didn't see any apparmor errors or anything that >> relates to mail, only that MailScanner gets killed : >> >> Jun 15 19:54:37 gw2 MailScanner: Process did not exit cleanly, returned 13 >> with signal 0 > > > This is the relevant message. This (status 13) is a permissions error. OK :) Getting somewhere > What are the MailScanner settings for Run As User and Run As Group? My /et/etc/MailScanner/conf.d/10_postfix.conf (MailScanner.conf is untouched except for "%org-name% =" : Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Clamd Socket = /var/run/clamav/clamd.ctl SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin Block Encrypted Messages = yes Convert Dangerous HTML To Text = yes Convert HTML To Text = %rules-dir%/html2text.rules Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes Always Include SpamAssassin Report = yes Sign Clean Messages = no #sign-incoming-messages.rules Remove These Headers = Disposition-Notification-To: Return-Receipt-To: X-Confirm-Reading-To: Disposition-Notification-To: Receipt-Requested-To: Confirm-Reading-To: MDRcpt-To: MDSend-Notifications-To: Smtp-Rcpt-To: Return-Receipt-To: Read-Receipt-To: X-Confirm-Reading-To: X-Acknowledge-To: Delivery-Receipt-To: X-PMrqc: Errors-To: X-IMAPBase: X-IMAP X-UID: Status X-Status: X-UIDL: X-Keywords: X-Mozilla-Status: X-Mozilla-Status2: Notify Senders = no Notify Senders Of Blocked Filenames Or Filetypes = no Disarmed Modify Subject = no Phishing Subject Text = {Phishing?} #Archive Mail = /var/spool/MailScanner/archive/_DATE_ Archive Mail = %rules-dir%/archive.rules Send Notices = no Spam Checks = %rules-dir%/spam.check.rules Spam List = BARRACUDA SORBS SPAMHAUS SPAMCOP Spam Lists To Reach High Score = 1 Max Spam Check Size = 2048k High SpamAssassin Score = 10 Spam Actions = striphtml deliver header "X-Spam-Status: Yes" #High Scoring Spam Actions = striphtml deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = store-spam MCP Checks = yes First Check = mcp High Scoring MCP Actions = store Is Definitely Not MCP = %rules-dir%/mcp.check.rules Include Scores In MCP Report = yes # End Of File > What does groups xxx where xxx is the Run As User show? root at gw2:/etc/MailScanner# groups postfix postfix : postfix mtagroup > what does ls -l /var/spool/MailScanner show? ls -l /var/spool/MailScanner total 48 drwxr-xr-x. 872 mail mtagroup 32768 Jun 13 06:12 archive drwxrwx--- 14 postfix mtagroup 320 Jun 15 20:42 incoming drwxrwxr-x 2 postfix mtagroup 4096 Jun 15 11:35 milterin drwxrwxr-x 2 postfix mtagroup 4096 Jun 15 11:35 milterout drwxrwxr-x 3 postfix postfix 4096 Jun 15 20:04 quarantine drwxrwx--- 9 root mtagroup 4096 Jun 15 19:52 ramdisk_store > > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From belle at bazuin.nl Wed Jun 16 07:03:52 2021 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Wed, 16 Jun 2021 09:03:52 +0200 Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: References: <63a56d48-f3e0-ce72-1aa9-ad33618b8c06@msapiro.net> Message-ID: Hmm.. This is my MTA group on debian. mtagroup:x:1001:clamav,Debian-exim,postfix,mail,www-data And this one : /var/run/clamav/clamd.ctl ( i dont have that one, all ip sockes here. ) clamav:x:119:postfix > SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin That folder does not show up in you directory listing. ( check here and hee.. Also not on my server ) drwxrwx--- 53 postfix mtagroup 4096 Jun 16 06:29 ramdisk_store Only change in this one for you is the owner.. (root).. I cant fully compair, i also have a lot in SQL. I hope it helps you. At least you know its a permission somewhere. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: MailScanner > [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. > info] Namens Remco Barendse > Verzonden: woensdag 16 juni 2021 0:01 > Aan: MailScanner Discussion > Onderwerp: Re: Mail stuck in /var/spool/postfix/hold > > > > On Tue, 15 Jun 2021, Mark Sapiro wrote: > > > On 6/15/21 11:06 AM, Remco Barendse wrote: > >> Thanks!? I checked but didn't see any apparmor errors or > anything that > >> relates to mail, only that MailScanner gets killed : > >> > >> Jun 15 19:54:37 gw2 MailScanner: Process did not exit > cleanly, returned 13 > >> with signal 0 > > > > > > This is the relevant message. This (status 13) is a > permissions error. > > OK :) Getting somewhere > > > > What are the MailScanner settings for Run As User and Run As Group? > > My /et/etc/MailScanner/conf.d/10_postfix.conf (MailScanner.conf is > untouched except for "%org-name% =" : > > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > Clamd Socket = /var/run/clamav/clamd.ctl > SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin > Block Encrypted Messages = yes > Convert Dangerous HTML To Text = yes > Convert HTML To Text = %rules-dir%/html2text.rules > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = yes > Always Include SpamAssassin Report = yes > Sign Clean Messages = no > #sign-incoming-messages.rules > Remove These Headers = Disposition-Notification-To: > Return-Receipt-To: > X-Confirm-Reading-To: Disposition-Notification-To: > Receipt-Requested-To: > Confirm-Reading-To: MDRcpt-To: MDSend-Notifications-To: Smtp-Rcpt-To: > Return-Receipt-To: Read-Receipt-To: X-Confirm-Reading-To: > X-Acknowledge-To: Delivery-Receipt-To: X-PMrqc: Errors-To: > X-IMAPBase: > X-IMAP X-UID: Status X-Status: X-UIDL: X-Keywords: X-Mozilla-Status: > X-Mozilla-Status2: > Notify Senders = no > Notify Senders Of Blocked Filenames Or Filetypes = no > Disarmed Modify Subject = no > Phishing Subject Text = {Phishing?} > #Archive Mail = /var/spool/MailScanner/archive/_DATE_ > Archive Mail = %rules-dir%/archive.rules > Send Notices = no > Spam Checks = %rules-dir%/spam.check.rules > Spam List = BARRACUDA SORBS SPAMHAUS SPAMCOP > Spam Lists To Reach High Score = 1 > Max Spam Check Size = 2048k > High SpamAssassin Score = 10 > Spam Actions = striphtml deliver header "X-Spam-Status: Yes" > #High Scoring Spam Actions = striphtml deliver header > "X-Spam-Status: Yes" > High Scoring Spam Actions = store-spam > MCP Checks = yes > First Check = mcp > High Scoring MCP Actions = store > Is Definitely Not MCP = %rules-dir%/mcp.check.rules > Include Scores In MCP Report = yes > # End Of File > > > > What does groups xxx where xxx is the Run As User show? > > root at gw2:/etc/MailScanner# groups postfix > postfix : postfix mtagroup > > > > what does ls -l /var/spool/MailScanner show? > > ls -l /var/spool/MailScanner > total 48 > drwxr-xr-x. 872 mail mtagroup 32768 Jun 13 06:12 archive > drwxrwx--- 14 postfix mtagroup 320 Jun 15 20:42 incoming > drwxrwxr-x 2 postfix mtagroup 4096 Jun 15 11:35 milterin > drwxrwxr-x 2 postfix mtagroup 4096 Jun 15 11:35 milterout > drwxrwxr-x 3 postfix postfix 4096 Jun 15 20:04 quarantine > drwxrwx--- 9 root mtagroup 4096 Jun 15 19:52 ramdisk_store > > > > > > > > -- > > Mark Sapiro The highway is for gamblers, > > San Francisco Bay Area, California better use your sense > - B. Dylan > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From mailscanner at barendse.to Wed Jun 16 07:48:02 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Wed, 16 Jun 2021 09:48:02 +0200 (CEST) Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: References: <63a56d48-f3e0-ce72-1aa9-ad33618b8c06@msapiro.net> Message-ID: <29128f44-1c35-3b2e-b122-209cadd64eb6@barendse.to> Thanks! I added postfix to group clamav, I do not use exim nor www-data therefore I don't think that adding these to mtagroup will fix it. Is there any way of forcing MailScanner to show which file it is failing permissions on? I noticed that ms-config did install pyzor, doing MailScanner -debug --lint reveals this : internal error, python traceback seen in response: Traceback (most recent call last):\n File "/bin/pyzor", line 408, in \n main()\n File "/bin/pyzor", line 131, in main\n config, options, args = load_configuration()\n File "/bin/pyzor", line 107, in load_configuration\n os.mkdir(options.homedir)\nPermissionError: [Errno 13] Permission denied: '/var/spool/postfix/.pyzor' at /usr/local/share/perl/5.30.0/Mail/SpamAssassin/Plugin/Pyzor.pm line 308. SpamAssassin reported no errors. There is no such directory /var/spool/postfix/.pyzor the installer didn't create it. Surprisingly, when installing SpamAssassin from apt on my first attempt, it created a user spamd but ms-configure installed spamass from cpan and it seems no user spamd was created ? mkdir /var/spool/postfix/.pyzor chown postfix. /var/spool/postfix/.pyzor silenced the error, i removed pyzor just in case though razor was also installed by the MailScanner installer but no directory created, guess ms-configure should have created that ? Thanks for help :) On Wed, 16 Jun 2021, L.P.H. van Belle via MailScanner wrote: > Hmm.. This is my MTA group on debian. > > mtagroup:x:1001:clamav,Debian-exim,postfix,mail,www-data > > And this one : /var/run/clamav/clamd.ctl > ( i dont have that one, all ip sockes here. ) > clamav:x:119:postfix > >> SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin > That folder does not show up in you directory listing. > ( check here and hee.. Also not on my server ) > > drwxrwx--- 53 postfix mtagroup 4096 Jun 16 06:29 ramdisk_store > Only change in this one for you is the owner.. (root).. > > I cant fully compair, i also have a lot in SQL. > > I hope it helps you. At least you know its a permission somewhere. > > Greetz, > > Louis > >> -----Oorspronkelijk bericht----- >> Van: MailScanner >> [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. >> info] Namens Remco Barendse >> Verzonden: woensdag 16 juni 2021 0:01 >> Aan: MailScanner Discussion >> Onderwerp: Re: Mail stuck in /var/spool/postfix/hold >> >> >> >> On Tue, 15 Jun 2021, Mark Sapiro wrote: >> >>> On 6/15/21 11:06 AM, Remco Barendse wrote: >>>> Thanks!? I checked but didn't see any apparmor errors or >> anything that >>>> relates to mail, only that MailScanner gets killed : >>>> >>>> Jun 15 19:54:37 gw2 MailScanner: Process did not exit >> cleanly, returned 13 >>>> with signal 0 >>> >>> >>> This is the relevant message. This (status 13) is a >> permissions error. >> >> OK :) Getting somewhere >> >> >>> What are the MailScanner settings for Run As User and Run As Group? >> >> My /et/etc/MailScanner/conf.d/10_postfix.conf (MailScanner.conf is >> untouched except for "%org-name% =" : >> >> Run As User = postfix >> Run As Group = postfix >> Incoming Queue Dir = /var/spool/postfix/hold >> Outgoing Queue Dir = /var/spool/postfix/incoming >> MTA = postfix >> Clamd Socket = /var/run/clamav/clamd.ctl >> SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin >> Block Encrypted Messages = yes >> Convert Dangerous HTML To Text = yes >> Convert HTML To Text = %rules-dir%/html2text.rules >> Quarantine Whole Message = yes >> Quarantine Whole Messages As Queue Files = yes >> Always Include SpamAssassin Report = yes >> Sign Clean Messages = no >> #sign-incoming-messages.rules >> Remove These Headers = Disposition-Notification-To: >> Return-Receipt-To: >> X-Confirm-Reading-To: Disposition-Notification-To: >> Receipt-Requested-To: >> Confirm-Reading-To: MDRcpt-To: MDSend-Notifications-To: Smtp-Rcpt-To: >> Return-Receipt-To: Read-Receipt-To: X-Confirm-Reading-To: >> X-Acknowledge-To: Delivery-Receipt-To: X-PMrqc: Errors-To: >> X-IMAPBase: >> X-IMAP X-UID: Status X-Status: X-UIDL: X-Keywords: X-Mozilla-Status: >> X-Mozilla-Status2: >> Notify Senders = no >> Notify Senders Of Blocked Filenames Or Filetypes = no >> Disarmed Modify Subject = no >> Phishing Subject Text = {Phishing?} >> #Archive Mail = /var/spool/MailScanner/archive/_DATE_ >> Archive Mail = %rules-dir%/archive.rules >> Send Notices = no >> Spam Checks = %rules-dir%/spam.check.rules >> Spam List = BARRACUDA SORBS SPAMHAUS SPAMCOP >> Spam Lists To Reach High Score = 1 >> Max Spam Check Size = 2048k >> High SpamAssassin Score = 10 >> Spam Actions = striphtml deliver header "X-Spam-Status: Yes" >> #High Scoring Spam Actions = striphtml deliver header >> "X-Spam-Status: Yes" >> High Scoring Spam Actions = store-spam >> MCP Checks = yes >> First Check = mcp >> High Scoring MCP Actions = store >> Is Definitely Not MCP = %rules-dir%/mcp.check.rules >> Include Scores In MCP Report = yes >> # End Of File >> >> >>> What does groups xxx where xxx is the Run As User show? >> >> root at gw2:/etc/MailScanner# groups postfix >> postfix : postfix mtagroup >> >> >>> what does ls -l /var/spool/MailScanner show? >> >> ls -l /var/spool/MailScanner >> total 48 >> drwxr-xr-x. 872 mail mtagroup 32768 Jun 13 06:12 archive >> drwxrwx--- 14 postfix mtagroup 320 Jun 15 20:42 incoming >> drwxrwxr-x 2 postfix mtagroup 4096 Jun 15 11:35 milterin >> drwxrwxr-x 2 postfix mtagroup 4096 Jun 15 11:35 milterout >> drwxrwxr-x 3 postfix postfix 4096 Jun 15 20:04 quarantine >> drwxrwx--- 9 root mtagroup 4096 Jun 15 19:52 ramdisk_store >> >> >>> >>> >>> -- >>> Mark Sapiro The highway is for gamblers, >>> San Francisco Bay Area, California better use your sense >> - B. Dylan >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From belle at bazuin.nl Wed Jun 16 08:07:24 2021 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Wed, 16 Jun 2021 10:07:24 +0200 Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: <29128f44-1c35-3b2e-b122-209cadd64eb6@barendse.to> References: Message-ID: Ah, on www-data, i use mailwatch with mailscanner. SpamAssassian in debian/ubuntu. debian-spamd:x:113:120::/var/lib/spamassassin:/bin/sh /usr/share/perl5/Mail/SpamAssassin/Plugin/Pyzor.pm > -----Oorspronkelijk bericht----- > Van: MailScanner > [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. > info] Namens Remco Barendse > Verzonden: woensdag 16 juni 2021 9:48 > Aan: L.P.H. van Belle via MailScanner > Onderwerp: RE: Mail stuck in /var/spool/postfix/hold > > Thanks! I added postfix to group clamav, I do not use exim > nor www-data > therefore I don't think that adding these to mtagroup will fix it. > > Is there any way of forcing MailScanner to show which file it > is failing > permissions on? > Now this part.. There are cleary 2 things mixed up here. Spamassassin + pyzor from cpan. /usr/local/share/perl/5.30.0/Mail/SpamAssassin/Plugin/Pyzor.pm My version. /usr/share/perl5/Mail/SpamAssassin/Plugin/Pyzor.pm So, check and cleanup, use or local repo version or manual cpan version. Looks like there is bit of both now. I just noticed also these parts in my config. >From /etc/MailScanner/spamassassin.conf # make sure pyzor is installed before enabling ifplugin Mail::SpamAssassin::Plugin::Pyzor pyzor_path /usr/bin/pyzor pyzor_options --homedir /var/lib/MailScanner/ Endif # you need to install DCCPROC and enable the plugin in v310.pre # https://svn.apache.org/repos/asf/spamassassin/branches/3.0/INSTALL # under "Optional Programs" ifplugin Mail::SpamAssassin::Plugin::DCC dcc_path /usr/local/bin/dccproc dcc_home /var/lib/MailScanner/ Endif And you can add debug manual here. spamassassin --lint --debug Greetz, Louis > > I noticed that ms-config did install pyzor, doing > MailScanner -debug --lint > reveals this : > internal error, python traceback seen in response: Traceback > (most recent > call last):\n File "/bin/pyzor", line 408, in \n main()\n > File "/bin/pyzor", line 131, in main\n config, options, args = > load_configuration()\n File "/bin/pyzor", line 107, in > load_configuration\n > os.mkdir(options.homedir)\nPermissionError: [Errno > 13] Permission denied: '/var/spool/postfix/.pyzor' at > /usr/local/share/perl/5.30.0/Mail/SpamAssassin/Plugin/Pyzor.pm > line 308. > SpamAssassin reported no errors. > > There is no such directory /var/spool/postfix/.pyzor the > installer didn't > create it. Surprisingly, when installing SpamAssassin from apt on my > first attempt, it created a user spamd but ms-configure installed > spamass from cpan and it seems no user spamd was created ? > > mkdir /var/spool/postfix/.pyzor > chown postfix. /var/spool/postfix/.pyzor I would do chown postfix:mtagroup /var/spool/postfix/.pyzor && chmod 770 /var/spool/postfix/.pyzor > > silenced the error, i removed pyzor just in case though > > razor was also installed by the MailScanner installer but no > directory created, guess ms-configure should have created that ? I see if i can make the time and run a quick setup on this. > > > Thanks for help :) > > On Wed, 16 Jun 2021, L.P.H. van Belle via MailScanner wrote: > > > Hmm.. This is my MTA group on debian. > > > > mtagroup:x:1001:clamav,Debian-exim,postfix,mail,www-data > > > > And this one : /var/run/clamav/clamd.ctl > > ( i dont have that one, all ip sockes here. ) > > clamav:x:119:postfix > > > >> SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin > > That folder does not show up in you directory listing. > > ( check here and hee.. Also not on my server ) > > > > drwxrwx--- 53 postfix mtagroup 4096 Jun 16 06:29 ramdisk_store > > Only change in this one for you is the owner.. (root).. > > > > I cant fully compair, i also have a lot in SQL. > > > > I hope it helps you. At least you know its a permission somewhere. > > > > Greetz, > > > > Louis > > > >> -----Oorspronkelijk bericht----- > >> Van: MailScanner > >> [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner. > >> info] Namens Remco Barendse > >> Verzonden: woensdag 16 juni 2021 0:01 > >> Aan: MailScanner Discussion > >> Onderwerp: Re: Mail stuck in /var/spool/postfix/hold > >> > >> > >> > >> On Tue, 15 Jun 2021, Mark Sapiro wrote: > >> > >>> On 6/15/21 11:06 AM, Remco Barendse wrote: > >>>> Thanks!? I checked but didn't see any apparmor errors or > >> anything that > >>>> relates to mail, only that MailScanner gets killed : > >>>> > >>>> Jun 15 19:54:37 gw2 MailScanner: Process did not exit > >> cleanly, returned 13 > >>>> with signal 0 > >>> > >>> > >>> This is the relevant message. This (status 13) is a > >> permissions error. > >> > >> OK :) Getting somewhere > >> > >> > >>> What are the MailScanner settings for Run As User and Run > As Group? > >> > >> My /et/etc/MailScanner/conf.d/10_postfix.conf (MailScanner.conf is > >> untouched except for "%org-name% =" : > >> > >> Run As User = postfix > >> Run As Group = postfix > >> Incoming Queue Dir = /var/spool/postfix/hold > >> Outgoing Queue Dir = /var/spool/postfix/incoming > >> MTA = postfix > >> Clamd Socket = /var/run/clamav/clamd.ctl > >> SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin > >> Block Encrypted Messages = yes > >> Convert Dangerous HTML To Text = yes > >> Convert HTML To Text = %rules-dir%/html2text.rules > >> Quarantine Whole Message = yes > >> Quarantine Whole Messages As Queue Files = yes > >> Always Include SpamAssassin Report = yes > >> Sign Clean Messages = no > >> #sign-incoming-messages.rules > >> Remove These Headers = Disposition-Notification-To: > >> Return-Receipt-To: > >> X-Confirm-Reading-To: Disposition-Notification-To: > >> Receipt-Requested-To: > >> Confirm-Reading-To: MDRcpt-To: MDSend-Notifications-To: > Smtp-Rcpt-To: > >> Return-Receipt-To: Read-Receipt-To: X-Confirm-Reading-To: > >> X-Acknowledge-To: Delivery-Receipt-To: X-PMrqc: Errors-To: > >> X-IMAPBase: > >> X-IMAP X-UID: Status X-Status: X-UIDL: X-Keywords: > X-Mozilla-Status: > >> X-Mozilla-Status2: > >> Notify Senders = no > >> Notify Senders Of Blocked Filenames Or Filetypes = no > >> Disarmed Modify Subject = no > >> Phishing Subject Text = {Phishing?} > >> #Archive Mail = /var/spool/MailScanner/archive/_DATE_ > >> Archive Mail = %rules-dir%/archive.rules > >> Send Notices = no > >> Spam Checks = %rules-dir%/spam.check.rules > >> Spam List = BARRACUDA SORBS SPAMHAUS SPAMCOP > >> Spam Lists To Reach High Score = 1 > >> Max Spam Check Size = 2048k > >> High SpamAssassin Score = 10 > >> Spam Actions = striphtml deliver header "X-Spam-Status: Yes" > >> #High Scoring Spam Actions = striphtml deliver header > >> "X-Spam-Status: Yes" > >> High Scoring Spam Actions = store-spam > >> MCP Checks = yes > >> First Check = mcp > >> High Scoring MCP Actions = store > >> Is Definitely Not MCP = %rules-dir%/mcp.check.rules > >> Include Scores In MCP Report = yes > >> # End Of File > >> > >> > >>> What does groups xxx where xxx is the Run As User show? > >> > >> root at gw2:/etc/MailScanner# groups postfix > >> postfix : postfix mtagroup > >> > >> > >>> what does ls -l /var/spool/MailScanner show? > >> > >> ls -l /var/spool/MailScanner > >> total 48 > >> drwxr-xr-x. 872 mail mtagroup 32768 Jun 13 06:12 archive > >> drwxrwx--- 14 postfix mtagroup 320 Jun 15 20:42 incoming > >> drwxrwxr-x 2 postfix mtagroup 4096 Jun 15 11:35 milterin > >> drwxrwxr-x 2 postfix mtagroup 4096 Jun 15 11:35 milterout > >> drwxrwxr-x 3 postfix postfix 4096 Jun 15 20:04 quarantine > >> drwxrwx--- 9 root mtagroup 4096 Jun 15 19:52 ramdisk_store > >> > >> > >>> > >>> > >>> -- > >>> Mark Sapiro The highway is for gamblers, > >>> San Francisco Bay Area, California better use your sense > >> - B. Dylan > >>> > >>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner at lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> > >> > >> -- > >> MailScanner mailing list > >> mailscanner at lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > From mark at msapiro.net Wed Jun 16 14:18:12 2021 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 16 Jun 2021 07:18:12 -0700 Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: <29128f44-1c35-3b2e-b122-209cadd64eb6@barendse.to> References: <63a56d48-f3e0-ce72-1aa9-ad33618b8c06@msapiro.net> <29128f44-1c35-3b2e-b122-209cadd64eb6@barendse.to> Message-ID: <0ed9b926-1c5a-2678-0671-9fd4f4c87c1a@msapiro.net> On 6/16/21 12:48 AM, Remco Barendse wrote: > I noticed that ms-config did install pyzor, doing > ?MailScanner -debug --lint > reveals this : > internal error, python traceback seen in response: Traceback (most > recent call last):\n? File "/bin/pyzor", line 408, in \n > main()\n File "/bin/pyzor", line 131, in main\n??? config, options, args > = load_configuration()\n? File "/bin/pyzor", line 107, in > load_configuration\n??? os.mkdir(options.homedir)\nPermissionError: > [Errno 13] Permission denied: '/var/spool/postfix/.pyzor' at > /usr/local/share/perl/5.30.0/Mail/SpamAssassin/Plugin/Pyzor.pm line 308. > SpamAssassin reported no errors. > > There is no such directory /var/spool/postfix/.pyzor the installer > didn't create it. The traceback above is from bin/pyzor trying to create it and the error is because the user doesn't have permission. This is strange since Run As User is postfix and postfix should have permission. What does ls -l /var/spool/postfix show? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner at barendse.to Thu Jun 17 06:36:00 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Thu, 17 Jun 2021 08:36:00 +0200 (CEST) Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: <0ed9b926-1c5a-2678-0671-9fd4f4c87c1a@msapiro.net> References: <63a56d48-f3e0-ce72-1aa9-ad33618b8c06@msapiro.net> <29128f44-1c35-3b2e-b122-209cadd64eb6@barendse.to> <0ed9b926-1c5a-2678-0671-9fd4f4c87c1a@msapiro.net> Message-ID: <6c2959c8-3b70-95a5-beff-e9065b1e231@barendse.to> On Wed, 16 Jun 2021, Mark Sapiro wrote: > On 6/16/21 12:48 AM, Remco Barendse wrote: >> I noticed that ms-config did install pyzor, doing >> ?MailScanner -debug --lint >> reveals this : >> internal error, python traceback seen in response: Traceback (most recent >> call last):\n? File "/bin/pyzor", line 408, in \n main()\n File >> "/bin/pyzor", line 131, in main\n??? config, options, args = >> load_configuration()\n? File "/bin/pyzor", line 107, in >> load_configuration\n??? os.mkdir(options.homedir)\nPermissionError: [Errno >> 13] Permission denied: '/var/spool/postfix/.pyzor' at >> /usr/local/share/perl/5.30.0/Mail/SpamAssassin/Plugin/Pyzor.pm line 308. >> SpamAssassin reported no errors. >> >> There is no such directory /var/spool/postfix/.pyzor the installer didn't >> create it. > > The traceback above is from bin/pyzor trying to create it and the error is > because the user doesn't have permission. This is strange since Run As User > is postfix and postfix should have permission. What does > > ls -l /var/spool/postfix > > show? I *think* the issue was that that directory was not created, when I created it with the correct permissions, it stopped complaining I will do another "from scratch" install, see if I can reproduce it. I got DCC working, I see that scoring points but razor and pyzor do not seem to trigger anything. Is there any way I can verify their working? I did notice that permissions in /var/lib/spamassassin are all debian-spamd. Thinking that MailScanner invokes SpamAss and not spamd, I changed .razor to postfix.mtagroup (thanks Louis!) but I see no change no mention of razor or pyzor in any headers total 32 4 drwxr-xr-x 8 debian-spamd debian-spamd 4096 Jun 11 14:42 ./ 4 drwxr-xr-x 45 root root 4096 Jun 13 14:18 ../ 4 drwxr-xr-x 3 root root 4096 Jun 14 06:25 3.004004/ 4 drwxr-xr-x 3 debian-spamd debian-spamd 4096 Jun 5 11:35 compiled/ 4 drwxr-xr-x 2 debian-spamd debian-spamd 4096 Jun 11 14:42 .pyzor/ 4 drwxr-xr-x 2 postfix mtagroup 4096 Jun 11 14:41 .razor/ 4 drwx------ 3 debian-spamd debian-spamd 4096 Jun 9 22:00 sa-update-keys/ 4 drwx------ 3 debian-spamd debian-spamd 4096 Jun 5 11:34 .spamassassin/ > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > From mark at msapiro.net Fri Jun 18 01:19:35 2021 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 17 Jun 2021 18:19:35 -0700 Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: <6c2959c8-3b70-95a5-beff-e9065b1e231@barendse.to> References: <63a56d48-f3e0-ce72-1aa9-ad33618b8c06@msapiro.net> <29128f44-1c35-3b2e-b122-209cadd64eb6@barendse.to> <0ed9b926-1c5a-2678-0671-9fd4f4c87c1a@msapiro.net> <6c2959c8-3b70-95a5-beff-e9065b1e231@barendse.to> Message-ID: On 6/16/21 11:36 PM, Remco Barendse wrote: > > total 32 > 4 drwxr-xr-x? 8 debian-spamd debian-spamd 4096 Jun 11 14:42 ./ > 4 drwxr-xr-x 45 root???????? root???????? 4096 Jun 13 14:18 ../ > 4 drwxr-xr-x? 3 root???????? root???????? 4096 Jun 14 06:25 3.004004/ > 4 drwxr-xr-x? 3 debian-spamd debian-spamd 4096 Jun? 5 11:35 compiled/ > 4 drwxr-xr-x? 2 debian-spamd debian-spamd 4096 Jun 11 14:42 .pyzor/ > 4 drwxr-xr-x? 2 postfix????? mtagroup???? 4096 Jun 11 14:41 .razor/ > 4 drwx------? 3 debian-spamd debian-spamd 4096 Jun? 9 22:00 sa-update-keys/ > 4 drwx------? 3 debian-spamd debian-spamd 4096 Jun? 5 11:34 .spamassassin/ The original issue is only the debian-spamd user has permission to create the .pyzor directory. Now that it's created, there are still issues because only the debian-spamd user can write to it. This is not an issue with .razor because postfix is the owner. I suggest sudo chmod 775 /var/spool/postfix/.pyzor /var/spool/postfix/.razor sudo chown postfix:mtagroup /var/spool/postfix/.pyzor -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From adrian at pa0rda.nl Fri Jun 18 14:48:55 2021 From: adrian at pa0rda.nl (Adrian van Bloois) Date: Fri, 18 Jun 2021 16:48:55 +0200 Subject: Timestamp changelog Message-ID: <20210618144855.GA27440@pa0rda.nl> Hi, The timestamp in changelog of 5.4.1-1 says: 01/25/2020, this looks incorrect to me because the previous version was later that year. Also it is in beta state since January. What is going on here??? Adrian -- Adri P. van Bloois "The greatest threat to our planet is the belief that someone else will save it." Robert Swan. From mailscanner at barendse.to Mon Jun 21 14:19:58 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Mon, 21 Jun 2021 16:19:58 +0200 (CEST) Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: <0ed9b926-1c5a-2678-0671-9fd4f4c87c1a@msapiro.net> References: <63a56d48-f3e0-ce72-1aa9-ad33618b8c06@msapiro.net> <29128f44-1c35-3b2e-b122-209cadd64eb6@barendse.to> <0ed9b926-1c5a-2678-0671-9fd4f4c87c1a@msapiro.net> Message-ID: <3867fa9c-5b2-c9b2-6830-4c08ff9a4e7@barendse.to> I did complete 'from scratch' install, again permissions problem /var/spool/MailScanner/archive was created with 4 drwxrwxr-x 2 mail mtagroup 4096 Jun 21 13:52 archive/ And MailScanner would not write an archive copy of the email there but..... also does not complain that writing of the archive copy failed. After changing perms to postfix:postfix it works as excpected. Guess this is somethig to be be fixed as other people using the archive function will run into it as well :) On Wed, 16 Jun 2021, Mark Sapiro wrote: > On 6/16/21 12:48 AM, Remco Barendse wrote: >> I noticed that ms-config did install pyzor, doing >> ?MailScanner -debug --lint >> reveals this : >> internal error, python traceback seen in response: Traceback (most recent >> call last):\n? File "/bin/pyzor", line 408, in \n main()\n File >> "/bin/pyzor", line 131, in main\n??? config, options, args = >> load_configuration()\n? File "/bin/pyzor", line 107, in >> load_configuration\n??? os.mkdir(options.homedir)\nPermissionError: [Errno >> 13] Permission denied: '/var/spool/postfix/.pyzor' at >> /usr/local/share/perl/5.30.0/Mail/SpamAssassin/Plugin/Pyzor.pm line 308. >> SpamAssassin reported no errors. >> >> There is no such directory /var/spool/postfix/.pyzor the installer didn't >> create it. > > The traceback above is from bin/pyzor trying to create it and the error is > because the user doesn't have permission. This is strange since Run As User > is postfix and postfix should have permission. What does > > ls -l /var/spool/postfix > > show? > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > From belle at bazuin.nl Mon Jun 21 14:41:23 2021 From: belle at bazuin.nl (=?windows-1252?Q?L.P.H._van_Belle?=) Date: Mon, 21 Jun 2021 16:41:23 +0200 Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: <3867fa9c-5b2-c9b2-6830-4c08ff9a4e7@barendse.to> References: <0ed9b926-1c5a-2678-0671-9fd4f4c87c1a@msapiro.net> Message-ID: > > After changing perms to postfix:postfix it works as excpected. Why didnt you add user postfix in group mtagroup ? Also, you changed the persmissions here, and your made sure these match with the mailscanner configs? Or you might hit it gain after and upgrade for example. > > Guess this is somethig to be be fixed as other people using the > archive function will run into it as well :) > > But thank you for the update. Always apreciated :-) Greetz, Louis From mailscanner at barendse.to Mon Jun 21 15:16:50 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Mon, 21 Jun 2021 17:16:50 +0200 (CEST) Subject: Mail stuck in /var/spool/postfix/hold In-Reply-To: References: <0ed9b926-1c5a-2678-0671-9fd4f4c87c1a@msapiro.net> Message-ID: <24fc3e9-1636-7068-5ab9-65cc97c8485@barendse.to> On Mon, 21 Jun 2021, L.P.H. van Belle via MailScanner wrote: >> >> After changing perms to postfix:postfix it works as excpected. > > Why didnt you add user postfix in group mtagroup ? It already was! From /etc/group mtagroup:x:1001:postfix,clamav,mail > > Also, you changed the persmissions here, and your made sure these > match with the mailscanner configs? Or you might hit it gain after > and upgrade for example. > >> >> Guess this is somethig to be be fixed as other people using the >> archive function will run into it as well :) >> >> > > But thank you for the update. > Always apreciated :-) Welcome :) > > Greetz, > > Louis > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > From bfebrian at gmail.com Wed Jun 23 13:38:30 2021 From: bfebrian at gmail.com (Budi F) Date: Wed, 23 Jun 2021 20:38:30 +0700 Subject: Only allow email from domain "x.y.z" from specifc IP's Message-ID: Hi, We uses MailScanner version 5.3.3, CentOS release 7.8.2003 and Postfix-2.10.1-9. We have another domain, called "x.y.z" which is our sister company. Right now we put domain "x.y.z" into our whitelist, but it become a problem when we received many spoof emails claim from domain "x.y.z" Is it possible that we only allow email from domain "x.y.z" only from a specific IP address, and reject the rest? We can use SPF but that means we need to exclude domain "x.y.z" from our whitelist. Or if there any other way that we can receive only the valid email from domain "x.y.z" ? TIA Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From dave at jonesol.com Sun Jun 27 02:28:24 2021 From: dave at jonesol.com (Dave Jones) Date: Sat, 26 Jun 2021 21:28:24 -0500 Subject: Only allow email from domain "x.y.z" from specifc IP's In-Reply-To: References: Message-ID: whitelist_auth *@x.y.z Dave On Wed, Jun 23, 2021, 8:38 AM Budi F wrote: > Hi, > We uses MailScanner version 5.3.3, CentOS release 7.8.2003 and > Postfix-2.10.1-9. > > We have another domain, called "x.y.z" which is our sister company. > Right now we put domain "x.y.z" into our whitelist, but it become a > problem when we received many spoof emails claim from domain "x.y.z" > > Is it possible that we only allow email from domain "x.y.z" only from a > specific IP address, and reject the rest? > > We can use SPF but that means we need to exclude domain "x.y.z" from our > whitelist. > > Or if there any other way that we can receive only the valid email from > domain "x.y.z" ? > > TIA > > Regards > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at barendse.to Wed Jun 30 19:30:44 2021 From: mailscanner at barendse.to (Remco Barendse) Date: Wed, 30 Jun 2021 21:30:44 +0200 (CEST) Subject: Ban .html as attachment but not html mails? Message-ID: <15a5f628-7a47-573a-fc8a-fa4933248aa@barendse.to> MOre and more malicious emails are coming in with .html as an attachment. I do not need my users to receive .html files, ever Blocking them in /etc/MailScanner/filename.rules.conf #deny \.htm$ Dangerous attachment type #deny \.html$ Dangerous attachment type Blocks every email in html, not exactly what I wanted. What is the proper way to do it? Thanks!!