Switch to DuckDuckGo Search
   September 20, 2019  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >

Toggle Join/Part | bottom
[00:00:37] <Heart_And_Chops> really sorry if this is completely the wrong channel to ask in, but if i want my server to push email to my clients (say mobile mail app on phones for example) what software do i need to configure on my server?
[00:01:17] <frib> Heart_And_Chops, try ##email
[00:01:39] <frib> but it sounds like you have to decide if you want to use a mailer service or if you want to run your own mail server
[00:01:49] <frib> in the latter case, postfix might be good for you
[00:01:56] <rob0> also, "push email to my clients" isn't clear to me
[00:02:02] <Heart_And_Chops> i am running my own email server
[00:02:50] <rob0> If you're running an imapd, each client connecting to an account will see the same mail,
[00:02:53] <rob0> !imap
[00:02:54] <knoba> rob0: IMAP is an application layer Internet protocol that allows a client (MUA) to access mailboxes on a remote server (see: http://en.wikipedia.org/wiki/IMAP). Postfix does not provide IMAP (or POP3) service; see !courier or !dovecot for common IMAP/POP3 choices.
[00:03:17] <Heart_And_Chops> does the client poll for new emails?
[00:03:30] <Heart_And_Chops> or does the cleint receive PUSHes from the server when new emails come in
[00:03:41] <Heart_And_Chops> i want the client to receive the email as soon as the server gets it
[00:03:48] <Heart_And_Chops> not 15 minutes later when the client polls the server for new email
[00:04:05] <rob0> I don't know low-level details, but it's usually quick
[00:04:28] <Heart_And_Chops> i see
[00:04:29] <Heart_And_Chops> https://en.wikipedia.org/wiki/Push-IMAP
[00:04:31] <rob0> sounds like you might have been using POP3
[00:04:35] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.static.allophone.net> has quit IRC (Quit: Ex-Chat)
[00:05:22] <Heart_And_Chops> we are using imap. but maybe we don't have push-imap configured
[00:05:27] <Heart_And_Chops> i'll have to dig into it more
[00:05:34] <Heart_And_Chops> thanks for the point in the right direction thats what i needed
[00:06:35] *** frib <frib!~frib@2601:585:8503:c13:21f2:8542:514e:f67c> has quit IRC (Quit: Leaving)
[00:15:24] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 246 seconds)
[00:17:08] *** jamiejackson <jamiejackson!c7df1efe@gateway/web/cgi-irc/kiwiirc.com/ip.199.223.30.254> has quit IRC (Remote host closed the connection)
[00:18:26] *** gu1lle_ <gu1lle_!~Thunderbi@201.216.253.75> has quit IRC (Remote host closed the connection)
[00:35:04] *** sloucher <sloucher!~Thunderbi@2604:5500:c128:d600::c83> has quit IRC (Quit: sloucher)
[01:22:49] *** led_dark_2 <led_dark_2!~Thunderbi@217.66.160.14> has joined #postfix
[01:23:39] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Ping timeout: 246 seconds)
[01:23:39] *** led_dark_2 is now known as led_dark_1
[02:15:22] *** bipolar <bipolar!~bipolar@offsite.guru> has quit IRC (Quit: Logout)
[02:38:23] *** epony <epony!epony@unaffiliated/epony> has quit IRC (Ping timeout: 245 seconds)
[02:48:59] <Heart_And_Chops> my config sucks and i am still a victim of spam that I can't seem to stop. recent example: https://pastebin.com/raw/WKzXFPbe
[02:49:24] *** lxsinfo <lxsinfo!~Alex@2a02:a210:2043:4f80:3505:da56:26d:57d7> has quit IRC (Ping timeout: 246 seconds)
[02:49:41] <Heart_And_Chops> any tips would be greatly appreciated.
[02:50:00] <Heart_And_Chops> !showconfig
[02:50:00] <knoba> Heart_And_Chops: when asked to provide your config, please provide a SINGLE pastebin (see !pastebin) with postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old
[02:50:34] <rob0> !cheatsheet
[02:50:34] <knoba> rob0: (#1) http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control., or (#2) http://rob0.nodns4.us/postscreen.html , a postscreen spam control HOWTO
[02:50:35] <Heart_And_Chops> postconf -nf: https://pastebin.com/hwUVSJZY
[02:51:18] <Heart_And_Chops> postconf -Mf: https://pastebin.com/FeHxTmt4
[02:51:31] <Heart_And_Chops> yeah, i thought that i followed the cheatsheet, but i think maybe i've made a mistake.
[02:51:36] <Heart_And_Chops> im sorry, im a bit of a noob
[02:54:34] <rob0> From the server, "dig 2.0.0.127.spamhaus.org. any", pastebin that
[02:54:55] <rob0> !dnsbl_test
[02:54:55] <knoba> rob0: Many DNSBLs support a special test record of 127.0.0.2, so you can dig 2.0.0.127.zen.spamhaus.org. any to test Zen, for example. See also http://www.crynwr.com/spam/ to test your server's use of various DNSBLs.
[02:55:24] <rob0> ah, http://www.crynwr.com/spam/ , will send you mail from a spamhaus-listed address
[02:55:27] <Heart_And_Chops> https://pastebin.com/7b7MF3h2
[02:57:17] <rob0> oh, hmm, the evil 8482 rears its ugly head here, try that with s/any/txt/
[02:57:51] <Heart_And_Chops> https://pastebin.com/FBA1Bat9
[02:58:03] <rob0> bah, I forgot the zen part ^^
[02:58:22] <Heart_And_Chops> https://pastebin.com/GqqfUwq5
[02:58:29] *** heroux <heroux!sandroco@gateway/shell/insomnia247/x-kcmrbxzazslmdauo> has quit IRC (Ping timeout: 258 seconds)
[02:58:38] *** souther <souther!~souther@2605:6400:1:fed5:22:1ac:61c0:e24e> has quit IRC (Ping timeout: 245 seconds)
[02:58:57] <Heart_And_Chops> with zen and any https://pastebin.com/jYLyJnJg
[02:59:28] *** souther <souther!~souther@2605:6400:1:fed5:22:1ac:61c0:e24e> has joined #postfix
[02:59:35] *** heroux <heroux!sandroco@gateway/shell/insomnia247/x-bkwicewywfvogshg> has joined #postfix
[02:59:44] <rob0> okay, your queries are working
[03:00:20] <rob0> the nameserver you have at 127.0.0.1, it's not using forwarders, is it?
[03:00:48] <rob0> forwarders can make Spamhaus queries intermittent
[03:02:00] <Heart_And_Chops> well, i setup that nameserver last time we talked about this, but i would be lying if i said i know squat about nameservers. i just installed it and used some pretty default config.
[03:02:05] <Heart_And_Chops> how do i check if its using forwarders?
[03:02:23] <rob0> oh, we did talk about this before
[03:02:40] <rob0> is it BIND named(8)?
[03:02:54] <Heart_And_Chops> one thing i should add is that this spam example above that i showed is 1 spam that got through in 134 that got filtered (from a very similar spammer sending from similar domains at .icu TLD)
[03:03:19] <Heart_And_Chops> (this is in the period of time that is housed inside mail.log before it flushes into mail.log.1 or whatever)
[03:03:46] <Heart_And_Chops> yeah, im using bind
[03:04:16] <Heart_And_Chops> bind9
[03:05:39] <rob0> then I suppose you'd know if you were using forwarders, but show "named-checkconf -px" if you like, if the word "forwarders" does not appear you're not.
[03:06:00] <rob0> which one was the spample?
[03:06:40] <Heart_And_Chops> recent example: https://pastebin.com/raw/WKzXFPbe
[03:06:48] <Heart_And_Chops> of spam right?
[03:07:10] <Heart_And_Chops> my bind server has lots of messages in the log about "
[03:07:18] <Heart_And_Chops> no valid signature"
[03:07:20] <Heart_And_Chops> not sure if this is applicable.
[03:07:43] <Heart_And_Chops> i don't see any "forwarders" in `named-checkconf -px`
[03:09:01] <rob0> 24.153.252.89.zen.spamhaus.org. 60 IN TXT "https://www.spamhaus.org/sbl/query/SBLCSS"
[03:09:24] <rob0> so that should have been blocked
[03:09:45] <Heart_And_Chops> is it possible it wasn't blocked at the time the spam slipped through?
[03:10:10] <rob0> yes
[03:12:00] <Heart_And_Chops> is there a way to check the time that an ip got added to the SBL?
[03:16:32] <Heart_And_Chops> hmmm actually according to my logs my server rejected a spam from the same spammer from the same IP 10 minutes before it accepted one.
[03:16:47] <Heart_And_Chops> https://pastebin.com/LxtJ9FEf
[03:22:24] <rob0> that's the "greylisting" like feature of postscreen, the after-220 tests.
[03:22:35] <rob0> hmm
[03:26:38] <Heart_And_Chops> oh wait i just noticed in this same log, below it says later that a request was rejected from that ip about 10 minutes after the one that made it through
[03:27:18] <Heart_And_Chops> so maybe at the time the one made it through that ip wasn't blocked yet?
[03:29:01] <Heart_And_Chops> so first block at 19:47 was maybe prior to SBL checks (greylist checks), and aceept at 19:48 went through cause ip wasn't banned yet, and reject at 19:57 because ip now banned?
[03:29:53] <Heart_And_Chops> I'm honestly tempted to just ban all of the TLD .icu it seems to be the main source of all this spam, and i've never seen a legit business use that TLD. is there a way to do that?
[03:31:13] <rob0> http://www.postfix.org/postconf.5.html#postscreen_dnsbl_ttl ... when a client passes DNSBL tests one time, it's not retested for one hour.
[03:34:13] *** bipolar <bipolar!~bipolar@offsite.guru> has joined #postfix
[03:36:41] <Heart_And_Chops> thats strange, because that's not what the log says.
[03:36:50] <Heart_And_Chops> Sep 17 19:48:31 mail amavis[31548]: (31548-05) Passed CLEAN
[03:37:01] <Heart_And_Chops> Sep 17 19:57:26 mail postfix/postscreen[821]: NOQUEUE: reject: RCPT
[03:37:07] <Heart_And_Chops> thats only 9 minutes
[03:42:39] *** epony <epony!epony@unaffiliated/epony> has joined #postfix
[03:48:57] <lunaphyte> amavis is not postfix
[03:49:16] <lunaphyte> where are the postfix logs indicating it passed postscreen?
[05:43:03] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)
[05:43:44] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix
[06:15:22] *** CarlenWhite <CarlenWhite!~CarlenWhi@41.sub-174-231-128.myvzw.com> has quit IRC (Ping timeout: 265 seconds)
[06:22:10] *** CarlenWhite <CarlenWhite!~CarlenWhi@41.sub-174-231-128.myvzw.com> has joined #postfix
[06:42:55] *** Blubberbop <Blubberbop!~quassel@mail.capmega.com> has quit IRC (Ping timeout: 265 seconds)
[07:12:32] *** CarlenWhite <CarlenWhite!~CarlenWhi@41.sub-174-231-128.myvzw.com> has quit IRC (Ping timeout: 245 seconds)
[07:15:20] *** joules <joules!~lucifurba@pdpc/supporter/active/joulez> has joined #postfix
[07:20:08] *** CarlenWhite <CarlenWhite!~CarlenWhi@41.sub-174-231-128.myvzw.com> has joined #postfix
[07:23:29] *** Darcidride <Darcidride!~Darcidrid@77.59.212.138> has joined #postfix
[07:49:50] *** lxsinfo <lxsinfo!~Alex@2a02:a210:2043:4f80:3505:da56:26d:57d7> has joined #postfix
[07:54:41] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix
[08:21:19] *** [NoClan]GoAway <[NoClan]GoAway!~NoClan@195.138.249.7> has quit IRC (Read error: Connection reset by peer)
[08:35:34] *** [NoClan]GoAway <[NoClan]GoAway!~NoClan@195.138.249.11> has joined #postfix
[08:36:48] *** Darcidride <Darcidride!~Darcidrid@77.59.212.138> has quit IRC (Ping timeout: 268 seconds)
[08:49:14] *** trident <trident!~trident@paranoia.trisec.se> has quit IRC (Ping timeout: 240 seconds)
[08:50:27] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has quit IRC (Ping timeout: 245 seconds)
[08:56:39] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has joined #postfix
[08:58:25] *** Darcidride <Darcidride!~Darcidrid@77.59.212.138> has joined #postfix
[08:58:58] *** Noti <Noti!~steffan@ip4da40774.direct-adsl.nl> has joined #postfix
[09:01:45] *** trident <trident!~trident@paranoia.trisec.se> has joined #postfix
[09:07:01] *** trident <trident!~trident@paranoia.trisec.se> has quit IRC (Ping timeout: 268 seconds)
[09:07:21] *** SteffanW <SteffanW!~steffan@194.44.236.118> has joined #postfix
[09:07:24] *** Noti <Noti!~steffan@ip4da40774.direct-adsl.nl> has quit IRC (Ping timeout: 246 seconds)
[09:15:51] *** Noti <Noti!~steffan@ip4da40774.direct-adsl.nl> has joined #postfix
[09:16:08] *** SteffanW <SteffanW!~steffan@194.44.236.118> has quit IRC (Ping timeout: 265 seconds)
[09:17:34] *** trident <trident!~trident@paranoia.trisec.se> has joined #postfix
[09:20:17] *** SteffanW <SteffanW!~steffan@194.44.236.118> has joined #postfix
[09:20:26] *** Noti <Noti!~steffan@ip4da40774.direct-adsl.nl> has quit IRC (Ping timeout: 240 seconds)
[09:32:23] *** Zerberus <Zerberus!dog@centos/community/zerberus> has quit IRC (Quit: Coyote finally caught me)
[09:34:33] <skylite> apparently I am unable to setup an imap account with outlook2016 if the password contains a letter é (hungarian character) outlook says the password is wrong. Anyone encountered something like this before? ( I have a postfix+dovecot setup and here are my configs+logs: https://pastebin.com/yjjiyYJh )
[09:35:16] <skylite> needless to say if I try the same password from thinderbird or roundcube, it works...
[09:37:56] *** Zerberus <Zerberus!~dogtail@irc.sys5.org> has joined #postfix
[09:38:00] *** Zerberus <Zerberus!~dogtail@irc.sys5.org> has quit IRC (Changing host)
[09:38:00] *** Zerberus <Zerberus!~dogtail@centos/community/zerberus> has joined #postfix
[09:40:27] *** gorilla <gorilla!~George@ppp59-167-122-246.static.internode.on.net> has quit IRC (Ping timeout: 245 seconds)
[09:40:34] <Alver> skylite: #dovecot
[09:40:53] <skylite> okay
[10:06:08] *** xelxebar <xelxebar!~xelxebar@gateway/tor-sasl/xelxebar> has quit IRC (Remote host closed the connection)
[10:08:09] *** xelxebar <xelxebar!~xelxebar@gateway/tor-sasl/xelxebar> has joined #postfix
[10:12:25] *** xelxebar <xelxebar!~xelxebar@gateway/tor-sasl/xelxebar> has quit IRC (Remote host closed the connection)
[10:21:56] *** sysmox <sysmox!~mox@gateway/tor-sasl/sysmox> has quit IRC (Ping timeout: 260 seconds)
[10:22:42] *** Noti <Noti!~steffan@194.44.236.118> has joined #postfix
[10:22:46] *** SteffanW <SteffanW!~steffan@194.44.236.118> has quit IRC (Ping timeout: 258 seconds)
[10:35:32] *** xelxebar <xelxebar!~xelxebar@gateway/tor-sasl/xelxebar> has joined #postfix
[10:37:51] *** rsx <rsx!~rsx@ppp-188-174-133-211.dynamic.mnet-online.de> has joined #postfix
[10:39:27] *** kurkale6ka <kurkale6ka!~kurkale6k@62.216.239.140> has joined #postfix
[10:39:45] *** sysmox <sysmox!~mox@gateway/tor-sasl/sysmox> has joined #postfix
[10:43:57] *** kurkale6ka <kurkale6ka!~kurkale6k@62.216.239.140> has quit IRC (Client Quit)
[10:51:06] *** SteffanW <SteffanW!~steffan@194.44.236.118> has joined #postfix
[10:52:19] *** Noti <Noti!~steffan@194.44.236.118> has quit IRC (Ping timeout: 265 seconds)
[11:00:34] *** Noti <Noti!~steffan@ip4da40774.direct-adsl.nl> has joined #postfix
[11:01:05] *** SteffanW <SteffanW!~steffan@194.44.236.118> has quit IRC (Ping timeout: 276 seconds)
[11:07:18] *** ced117 <ced117!~ced117@opensuse/member/ced117> has quit IRC (Ping timeout: 265 seconds)
[11:07:51] *** xelxebar_ <xelxebar_!~xelxebar@gateway/tor-sasl/xelxebar> has joined #postfix
[11:08:29] *** ced117 <ced117!~ced117@opensuse/member/ced117> has joined #postfix
[11:10:51] *** Noti <Noti!~steffan@ip4da40774.direct-adsl.nl> has quit IRC (Ping timeout: 240 seconds)
[11:10:58] *** SteffanW <SteffanW!~steffan@194.44.236.118> has joined #postfix
[11:11:11] *** xelxebar <xelxebar!~xelxebar@gateway/tor-sasl/xelxebar> has quit IRC (Remote host closed the connection)
[11:22:56] <krion> !getting_help
[11:22:57] <knoba> krion: before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin
[11:22:59] <krion> ola
[11:24:06] <krion> too bad you don't answer query knoba
[11:28:24] *** Noti <Noti!~steffan@ip4da40774.direct-adsl.nl> has joined #postfix
[11:28:27] *** SteffanW <SteffanW!~steffan@194.44.236.118> has quit IRC (Ping timeout: 246 seconds)
[11:35:01] *** zamba <zamba!~marius@80-89-33-242.inet.signal.no> has quit IRC (Ping timeout: 268 seconds)
[11:35:59] *** Noti <Noti!~steffan@ip4da40774.direct-adsl.nl> has quit IRC (Quit: Konversation terminated!)
[11:41:12] *** zamba <zamba!~marius@80-89-33-242.inet.signal.no> has joined #postfix
[11:44:39] *** kurkale6ka <kurkale6ka!~kurkale6k@62.216.239.140> has joined #postfix
[11:45:17] *** kurkale6ka <kurkale6ka!~kurkale6k@62.216.239.140> has quit IRC (Client Quit)
[13:18:15] *** p7mo <p7mo!~p7mo@ricasa01.informatik.uni-bremen.de> has quit IRC ()
[14:01:24] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)
[14:01:58] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix
[14:03:57] *** fiQ2 <fiQ2!~fiQ@mirkk.ninja> has quit IRC (Ping timeout: 250 seconds)
[14:15:03] *** section1 <section1!~section1@178.33.109.106> has joined #postfix
[14:28:15] <lunaphyte> don't answer query?
[14:29:48] <Alver> The concept of bots not responding in privmsg is hard to grasp
[14:30:18] <lunaphyte> the bot responds in privmsg
[14:38:41] <krion> lunaphyte: hum, ask 'him' showconfig and relevant_logs, say 11:23 -knoba(~limnoria at jen dot workaround.org)- Error: "relevant_logs" is not a valid command.
[14:39:31] <Alver> !relevant_logs
[14:39:31] <knoba> Alver: mail.* syslog Postfix log messages (NOT verbose, see !no_verbose) which show ONLY the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log are not adequate. IMAP/POP3 daemons and external delivery agents often log to the same syslog facility and should not be shown. Also see http://rob0.nodns4.us/postfix-logging
[14:39:48] <krion> (the goal was in query in order to not pollute here)
[14:41:57] <Alver> Funky
[14:42:04] *** fiQ2 <fiQ2!~fiQ@mirkk.ninja> has joined #postfix
[14:42:14] <Alver> I guess it would make sense to make it respond identically in privmsg too
[14:46:35] <lunaphyte> krion: did you want help or instructions on how to query the bot privately for factoids?
[14:52:40] *** kurkale6ka <kurkale6ka!~kurkale6k@62.216.239.140> has joined #postfix
[14:56:09] <jink> krion: whatis #postfix relevant_logs
[14:59:07] *** robinho86 <robinho86!~robsonjf@191.36.239.241> has joined #postfix
[15:02:02] <krion> yes I need help.
[15:02:39] <krion> https://gpldr.in/v/wI7HgcIYuh/8SIeOz8S5iWe92p7
[15:02:48] <krion> here you got enough information
[15:03:15] <krion> I don't get why example.com got accepted since it's in sender_access as REJECT
[15:10:47] <Zerberus> because of permit_mynetworks
[15:11:52] <Zerberus> don't pollute $mynetworks, don't use it in restrictions but use submission(s) for clients
[15:14:05] <Zerberus> krion: is your postfix really that old "postfix-2.2.5"?
[15:14:40] <lunaphyte> permit_mynetworks should not be used
[15:15:27] <lunaphyte> and mynetworks should be empty
[15:30:38] *** kurkale6ka <kurkale6ka!~kurkale6k@62.216.239.140> has quit IRC (Quit: WeeChat 2.6)
[15:32:57] <krion> duly noted.
[15:33:27] <krion> Zerberus: not sure. last stretch version
[15:34:28] <Zerberus> postconf mail_version
[15:34:46] <Zerberus> you probably copy-pasted configuration parts from a different system
[15:36:40] <krion> so permit_mynetworks get preferences over check sender_access
[15:37:49] <krion> it may confirm what ''they'' want: not be able to send mail as example.com from outside the declared networks
[15:41:20] *** BXS <BXS!~BXS@77.49.192.141.dsl.dyn.forthnet.gr> has joined #postfix
[15:45:29] <rob0> no, restrictions are evaluated in the order you put them.
[15:47:06] <rob0> The first matching restriction, whatever it is, gets preference over any thereafter. And each smtpd_mumble_restrictions stage is evaluated independently.
[15:50:59] <rob0> krion, the bot is able to do multiple channels, so when you give a command here it knows how to answer. In /msg it does not know. 12:56 < jink> krion: whatis #postfix relevant_logs
[15:51:23] <rob0> also, again, your pastebin does not work with lynx
[15:55:52] <krion> oh. i try with links was okay
[16:40:57] <krion> rob0: ok that's what i was meaning, sorry.
[16:41:16] <krion> Zerberus: 3.1.8
[16:45:15] *** BXS <BXS!~BXS@77.49.192.141.dsl.dyn.forthnet.gr> has quit IRC (Quit: Leaving)
[16:45:18] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.static.allophone.net> has joined #postfix
[17:00:32] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has quit IRC (Quit: Leaving.)
[17:01:16] *** niee <niee!~user@MINE.THE.GAP.MEDOLINA.INFO> has joined #postfix
[17:14:51] *** trident <trident!~trident@paranoia.trisec.se> has quit IRC (Ping timeout: 258 seconds)
[17:16:38] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has joined #postfix
[17:24:38] *** trident <trident!~trident@paranoia.trisec.se> has joined #postfix
[17:29:37] *** trident <trident!~trident@paranoia.trisec.se> has quit IRC (Ping timeout: 265 seconds)
[17:40:24] *** trident <trident!~trident@paranoia.trisec.se> has joined #postfix
[17:47:10] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has quit IRC (Remote host closed the connection)
[18:10:04] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)
[18:11:10] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix
[18:21:39] *** pajamian <pajamian!~pj@centos/ops/pj> has joined #postfix
[18:23:23] *** pj <pj!~pj@centos/ops/pj> has quit IRC (Ping timeout: 258 seconds)
[18:33:29] *** tokudan <tokudan!~tokudan@freya.besaid.de> has quit IRC (Quit: Dunno.)
[18:34:31] *** joules <joules!~lucifurba@pdpc/supporter/active/joulez> has quit IRC (Quit: WeeChat 1.9.1)
[18:36:20] *** Blubberbop <Blubberbop!~quassel@mx1.capmegamail.com> has joined #postfix
[18:36:25] *** tokudan <tokudan!~tokudan@freya.besaid.de> has joined #postfix
[19:29:23] *** boson <boson!~boson@gateway/tor-sasl/boson> has joined #postfix
[19:33:36] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has joined #postfix
[19:35:36] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has quit IRC (Client Quit)
[19:58:21] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has joined #postfix
[19:58:32] *** zapata <zapata!~zapata@2a02:1748:f71:380:8a:a964:2d0c:99fa> has quit IRC (Read error: Connection reset by peer)
[19:59:08] *** zapata <zapata!~zapata@2a02:1748:f71:380:ad67:7035:9aa5:7c66> has joined #postfix
[20:08:58] *** gu1lle_ <gu1lle_!~Thunderbi@201.216.253.75> has joined #postfix
[20:16:43] *** kennethd <kennethd!~kenneth@172.97.103.107> has quit IRC (Ping timeout: 268 seconds)
[20:17:02] *** [NoClan]GoAway <[NoClan]GoAway!~NoClan@195.138.249.11> has quit IRC (Read error: Connection reset by peer)
[20:17:10] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has quit IRC (Quit: Leaving.)
[20:22:05] <Heart_And_Chops> lunaphyte / rob0: ok. brand new spam just came in: https://pastebin.com/A7zuQeAy
[20:22:14] <Heart_And_Chops> but this ip is already in the blocklist https://www.spamhaus.org/query/ip/193.31.117.89
[20:22:30] <Heart_And_Chops> so somehow *some* mail is getting checked against the blocklist, but some isn't.
[20:23:34] <Heart_And_Chops> timestamp on that server is in UTC, so that email arrived about 8 minutes ago. unless that ip got added to the SHBL in the last 8 minutes i guess :shrug:
[20:26:56] <Heart_And_Chops> it seems that they made the same series of requests with that IP as last time as well. if i grep the log by IP address it looks identical. IP From Today: https://pastebin.com/KgxesrVQ Yesterday:
[20:27:18] <Heart_And_Chops> https://pastebin.com/msQz3i61
[20:27:36] *** get <get!get@unaffiliated/get> has quit IRC (Read error: Connection reset by peer)
[20:27:43] *** get <get!get@bsd.tilde.team> has joined #postfix
[20:27:43] *** get <get!get@bsd.tilde.team> has quit IRC (Changing host)
[20:27:43] *** get <get!get@unaffiliated/get> has joined #postfix
[20:27:57] *** gvvg_ <gvvg_!sid188075@gateway/web/irccloud.com/x-cqntygofgjbvcwhl> has quit IRC (Ping timeout: 245 seconds)
[20:28:44] *** max-m <max-m!~max-m@chrono.xqk7.com> has quit IRC (Quit: Ping timeout: 480 seconds)
[20:28:55] *** max-m <max-m!~max-m@chrono.xqk7.com> has joined #postfix
[20:29:24] *** gvvg_ <gvvg_!sid188075@gateway/web/irccloud.com/x-qdaiorcaszbpulyz> has joined #postfix
[20:30:40] *** [NoClan]GoAway <[NoClan]GoAway!~NoClan@195.138.249.6> has joined #postfix
[20:34:20] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has joined #postfix
[20:41:18] <Heart_And_Chops> i maxed out my pastebin limit. so i had to switch paste tools, here's a longer log with more details, not grepped, just the full time window of this IP's (193.31.117.89) activity https://paste.ubuntu.com/p/hqcVwQpQHd/
[20:41:58] <Heart_And_Chops> is it possible that this spammer is somehow tricking postscreen with the first request, just so they can make the second successful request?
[20:44:30] <Heart_And_Chops> what I don't understand is why postscreen doesn't check the blocklist on the first connect: Sep 20 18:13:41 mail postfix/postscreen[17260]: CONNECT from [193.31.117.89], but does check later: Sep 20 18:23:47 mail postfix/postscreen[17260]: CONNECT from [193.31.117.89]:32399. Does postscreen have `number of requests before checking block lists` setting?
[20:57:12] *** tuxick <tuxick!~bluesmurf@pie.xs4all.nl> has quit IRC (Remote host closed the connection)
[20:59:29] *** tuxick <tuxick!~bluesmurf@pie.xs4all.nl> has joined #postfix
[21:01:39] *** rsx <rsx!~rsx@ppp-188-174-133-211.dynamic.mnet-online.de> has quit IRC (Quit: rsx)
[21:21:12] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has quit IRC (Remote host closed the connection)
[21:21:37] *** tokudan <tokudan!~tokudan@freya.besaid.de> has quit IRC (Quit: Dunno.)
[21:24:23] *** tokudan <tokudan!~tokudan@freya.besaid.de> has joined #postfix
[21:39:06] *** jmcnaught <jmcnaught!~jeremy@unaffiliated/jmcnaught> has left #postfix
[21:47:24] *** pppingme <pppingme!~pppingme@unaffiliated/pppingme> has quit IRC (Ping timeout: 258 seconds)
[21:50:20] *** pppingme <pppingme!~pppingme@unaffiliated/pppingme> has joined #postfix
[21:58:03] *** section1 <section1!~section1@178.33.109.106> has quit IRC (Quit: Leaving)
[22:15:24] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 258 seconds)
[22:19:39] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)
[22:20:21] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix
[23:40:00] *** robinho86 <robinho86!~robsonjf@191.36.239.241> has quit IRC (Quit: Leaving.)
[23:51:56] *** jelly <jelly!jelly@pdpc/supporter/active/jelly> has quit IRC (Ping timeout: 268 seconds)
top

   September 20, 2019  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >