I am currently messing about with a virtual private server at Rimu Hosting, with a view to have it take over my e-mail serving after Vodafone turns off its provision of that service. Eventually I will have an MX record for my domain pointing at that server, so it will receive all e-mail addressed to me. Next part is, I want to periodically suck all that mail back to my main office machine. Currently I have a cron task that periodically connects to Vodafone’s POP server, fetches all the mail, and delivers it locally. When I try to do the same thing with the VPS, my local Postfix bounces the attempt at local delivery, saying something like <user(a)domain> (expanded from <user>): mail forwarding loop for user(a)domain A bit of hunting around online found this <http://postfix.1071664.n5.nabble.com/What-is-causing-this-mail-forwarding-loop-bounce-td62199.html> likely discussion, where the problem seems to be that the incoming message already has a “Delivered-To:” header pointing at my e-mail address, so Postfix concludes that the message is stuck in a forwarding loop, and refuses to pass it on. The exchange ends with this response from Wietse Venema, “Mr Postfix” himself: You can use header_checks to remove the problem header, but I will not help with implementing such iodiocy. Hmm, looking at the local(8) man page, it says In order to stop mail forwarding loops early, the software adds an optional Delivered-To: header with the final envelope recipient address. If mail arrives for a recipient that is already listed in a Delivered-To: header, the message is bounced. The key being that word “optional”. So it looks like I simply have to disable the addition of “Delivered-To:” on the VPS. Stay tuned.
I wrote:
So it looks like I simply have to disable the addition of “Delivered-To:” on the VPS.
Yup. In my main.cf on the VPS, I added the line prepend_delivered_header = forward so “Delivered-To:” is only inserted when forwarding mail, not when delivering it. (Not that I’m forwarding mail, but the docs say turning it off for forwarding is not recommended.) That has done the trick.
On Thu, 5 Oct 2017 12:41:52 +1300, I wrote:
I am currently messing about with a virtual private server at Rimu Hosting, with a view to have it take over my e-mail serving after Vodafone turns off its provision of that service.
I have it working, to the point where I have set the highest-priority MX record pointing to my server (with Vodafone still there as a backup). On the down side, I am now seeing all the spam that Vodafone was previously filtering out for me. On the bright side, most of it has some fairly simple characteristics that I can use to configure Postfix to simply refuse to accept delivery: * particular forms of e-mail address that I have never used online, or last used decades ago * connection attempts from IP addresses that have no names in the reverse DNS * malformed HELO handshakes Here are some stats from my system log on rejections based on the above criteria, since about 4pm October 3rd: “Recipient address rejected” -- 211 “Helo command rejected” -- 187 Currently about a dozen pieces of spam per day are making it past these checks. So about 75% is not even being delivered to me. I think I can live with that--if it doesn’t get any worse. ;) Also there are some attempts to see if I’m running an open relay: “Relay access denied” -- 40
Woah, those are *really* small numbers! I've got one - with a brand-new, unpublished domain - which usually sees 1200-2400 Postscreen-initiated every 24 hours. Uhh actually I just checked, and last night the number was 13,811 dropped by Postscreen, 20 dropped with 4xx Rejects, and 1 dropped with a 5xx Reject... for a whopping total of 11 delivered messages. I also see plenty of HTTP requests for things like /shell?cat%20/etc/passwd :eyeroll: What sort of firewalling are you doing around your mail server? E -------------------------------------------- Q: Why is this email five sentences or less? A: http://five.sentenc.es On Wed, 11 Oct 2017, at 12:48, Lawrence D'Oliveiro wrote:
On Thu, 5 Oct 2017 12:41:52 +1300, I wrote:
I am currently messing about with a virtual private server at Rimu Hosting, with a view to have it take over my e-mail serving after Vodafone turns off its provision of that service.
I have it working, to the point where I have set the highest-priority MX record pointing to my server (with Vodafone still there as a backup).
On the down side, I am now seeing all the spam that Vodafone was previously filtering out for me. On the bright side, most of it has some fairly simple characteristics that I can use to configure Postfix to simply refuse to accept delivery:
* particular forms of e-mail address that I have never used online, or last used decades ago * connection attempts from IP addresses that have no names in the reverse DNS * malformed HELO handshakes
Here are some stats from my system log on rejections based on the above criteria, since about 4pm October 3rd:
“Recipient address rejected” -- 211 “Helo command rejected” -- 187
Currently about a dozen pieces of spam per day are making it past these checks. So about 75% is not even being delivered to me. I think I can live with that--if it doesn’t get any worse. ;)
Also there are some attempts to see if I’m running an open relay:
“Relay access denied” -- 40 _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/mailman/listinfo/wlug
participants (2)
-
Eric Light -
Lawrence D'Oliveiro