[GRLUG] Postfix Error info

megadave megadave at gmail.com
Tue Sep 10 13:04:11 EDT 2013


Unfortunately some mail servers logs are quite useless. It is possible that
Postfix simply does not provide useful information.

It has been a long time since I have done any advanced exim configuration
(I only run it on a personal server with a fairly basic setup now), but if
you take the time to learn it, it can do damn near anything you want. You
can write ACL's that can check pretty much anything at any step of the SMTP
process, and take a variety of actions. You can have variables to count
various "spammy" aspects of a message, and then reject based on the value
of the resultant count. It can invoke SpamAssasin to perform all of its
various checks. It can call ClamAV and incorporate its results into its
processing.
It can check any number of DNSBL's in whtever order you want, and take a
configurable action based on the results of each. You can have local lists
of blocked IP's. (or whitelists which override DNSBL results)

And then it can be configured to deliver or relay mail in pretty much any
manner you wish based on whatever routing information you want.

static list of valid addresses.. query an sql for valid accounts or
domains. check unix users, check existance of user directory..

Delivery to file? (Maildir, mbox, etc) sure. run a local MDA? sure. Deliver
to smarthost? sure.

Its config file is pretty much a programming language unto itself.



On Tue, Sep 10, 2013 at 12:55 PM, L. V. Lammert <lvl at omnitec.net> wrote:

> On Tue, 10 Sep 2013, megadave wrote:
>
> > Do you know the IP address of the sender host? Does it show in the logs?
> > Have you checked to see if it has a PTR record, with a matching A record?
> >
> Of course, .. but that isn't the point, is it?
>
> We run Postfix on a lot of systems, .. what I need is some pointers to
> definitive reasons for the errors that Postfix logs.
>
> > I use Exim. If it rejects a host, it clearly shows the IP address of the
> > rejected server, as well as the specific configured reason it was
> rejected,
> > wether thts based on IP address, remote hostname, sender address or
> domain,
> > etc). It shows the HELO name given by the server.
> >
> Interesting, .. it would seem that Exim errors are pretty detailed:
>
> 2013-09-10 11:48:20 [26739] SMTP connection from (asp3.picsightly.com)
> [173.232.185.87]:31375 I=[198.46.86.21]:25 closed by DROP in ACL
>
> 2013-09-10 11:48:18 [26772] no MAIL in SMTP connection from localhost
> [127.0.0.1]:57599 I=[127.0.0.1]:25 D=0s
>
> A=courier_plain:__cpanel__service__auth__exim__qoSALPdhlekDjXf6ox3DgSooewwCBSmtPgeLB0LZnXVrGdNonddvnLPIuSnrEQEE
> C=EHLO,AUTH,QUIT
>
> I have also seen some benefits in Exim (rate limiting, for example), but
> none of the major distros use it. Interesting, however, that the link to
> New User documentation is nonfunctionsl?
>
> > I can even "fake" a connection from a specified IP address, and see what
> > checks it is processing as it performs them, and see if/where it fails a
> > check, based on what information.
> >
> How complicated is the config for Exim WRT SPAM/Virus/Blasklist? Will it
> do a 'milter' style process (i.e. reject SPAM before accepting)?
>
>         Thanks!
>
>         Lee
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20130910/290e59f4/attachment-0001.html>


More information about the grlug mailing list