The Perfect SpamSnake - Ubuntu Jeos 10.10 - Managing transport relay_domains etc

[mintydave]

I now have my second new snake in production after getting the whitelisting working.

When I set up the original user accounts in barawa in order to manage the transports for each domain, I set about half of the admin account to receive the quarantine report and the other half to not receive them.

So this morning, I woke up to 400 quarantine reports for each of the domain admins' respective domains. So I went into baruwa->settings->accounts and edited each account and unchecked "send report"

Those admins set to not receive are still receiving the quarantine reports. Am I missing where to actually disable the quarantine report?


Thank you for your assistance,

Dave
Deconn Technical Services

[Rocky]

Ok, as a temp, open cron and comment out the send pdf reports job. That should prevent the system from sending anymore reports.

I'll have Andrew follow up with this.

[topdog]

Quote:

Originally Posted by mintydave

Those admins set to not receive are still receiving the quarantine reports. Am I missing where to actually disable the quarantine report?

If the send quarantine report option is off, a report will definitely not be sent out.

[topdog]

Quote:

Originally Posted by mintydave

I now have my second new snake in production after getting the whitelisting working.

When I set up the original user accounts in barawa in order to manage the transports for each domain, I set about half of the admin account to receive the quarantine report and the other half to not receive them.

So this morning, I woke up to 400 quarantine reports for each of the domain admins' respective domains. So I went into baruwa->settings->accounts and edited each account and unchecked "send report"

Those admins set to not receive are still receiving the quarantine reports. Am I missing where to actually disable the quarantine report?


Thank you for your assistance,

Dave
Deconn Technical Services

You may have this problem here http://www.howtoforge.com/forums/sho...474#post247474

[mintydave]

Quote:

Originally Posted by Rocky

If an entry is found in the whitelist, it bypasses grey, rbl, spf and mailscanner checks. This was something I thought long and hard about because I wanted to have a common whitelist.

Rocky,

I have a conern that on my spamsnake the whitelist managed in Barawa is not behaving as you state above.

I have the following IP in my whitelist:

Code:

46     Any address     216.241.219.0

Then I get this in my syslog:

Code:

Jan 14 14:36:09 curve postfix/smtpd[17734]: NOQUEUE: reject: RCPT from mailout-01.cobaltgroup.com[216.241.219.148]: 450 4.7.1 <fleetguy@carlburger.com>: Recipient address rejected: SPF-Result=mailout-01-n2.tuk.cobaltgroup.com: 'SERVFAIL' error on DNS 'SPF' lookup of 'mailout-01-n2.tuk.cobaltgroup.com'; from=<214425@crm.cobaltgroup.com> to=<nickd@carlburger.com> proto=ESMTP helo=<mailout-01-n2.tuk.cobaltgroup.com>

Just to cover myself, I researched how the SPF actually works and it appears that there should be an SPF record for "mailout-01-n2.tuk.cobaltgroup.com", but there is not, so that is why the server is failing on the DNS lookup.

However, I would prefer that the whitelist just bypasses all the checks and let's the messages through the snake.

Here is my main.cf:

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = ESMTP SpamSnake
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = curve.dsh.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = dsh.com
mydestination =
relayhost =
mynetworks = 127.0.0.0/8, 192.168.0.0/16, 10.10.0.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
message_size_limit = 20485760
local_transport = error:No local mail delivery
local_recipient_maps =
relay_domains = mysql:/etc/postfix/mysql-relay_domains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-relay_recipients.cf
transport_maps = mysql:/etc/postfix/mysql-transports.cf
virtual_alias_maps = hash:/etc/postfix/virtual
disable_vrfy_command = yes
strict_rfc821_envelopes = no
smtpd_delay_reject = yes
smtpd_recipient_limit = 100
smtpd_helo_required = yes
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, permit
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, permit
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, permit
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit
smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining
smtpd_restriction_classes = spf_policy, rbl_policy, grey_policy, whitelist_policy
spf_policy = check_policy_service unix:private/policy
rbl_policy = reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
grey_policy = check_policy_service unix:private/greyfix
whitelist_policy = check_sender_access mysql:/etc/postfix/mysql-global_whitelist.cf
header_checks = regexp:/etc/postfix/header_checks

As always, your input and assistance are greatly appreciated.


Dave.
Deconn Technical Services

[Rocky]

What happens if you whitelist this ip 216.241.219.148?

[mintydave]

Quote:

Originally Posted by Rocky

What happens if you whitelist this ip 216.241.219.148?

at 21:24 added:

Code:

52   any     216.241.219.148

I also deleted the 216.241.219.0 entry as noted in the previous post.

I get the same result.

Code:

Jan 15 21:25:24 curve postfix/smtpd[3078]: NOQUEUE: reject: RCPT from mailout-01.cobaltgroup.com[216.241.219.148]: 450 4.7.1 <fleetguy@carlburger.com>: Recipient address rejected: SPF-Result=mailout-01-n2.tuk.cobaltgroup.com: 'SERVFAIL' error on DNS 'SPF' lookup of 'mailout-01-n2.tuk.cobaltgroup.com'; from=<214425@crm.cobaltgroup.com> to=<fleetguy@carlburger.com> proto=ESMTP helo=<mailout-01-n2.tuk.cobaltgroup.com>

Just as a sanity check, I added a /32 whitelist entry for another host and sent mail into the snake and it got hit by the greylist instantly. I used Outlook Express from a Windows host and simply used the spamsnake as the SMTP server to a known good/deliverable address.

After the greylist activity completed, Baruwa shows the message whitelisted:

Code:

2011-01-15 21:22:03  ___@carlburger.com  _____@cwssandiego.com  test 301  1.8 KB 0.0  WL

Dave.
Deconn Technical Services

[Rocky]

Hmm, I'll have to look into that. Have you tried using the dns name?

[mintydave]

Quote:

Originally Posted by Rocky

Have you tried using the dns name?

I assume you mean the hostname of the sending email server. "mailout-01.cobaltgroup.com" in this case.

Done.

No change.

In the mean time, is there a way I can disable SPF just so I can get these emails flowing?


Dave.
Deconn Technical Services.

[Rocky]

The guide has been updated with the fix for this problem.