Join Log in
Score:0
HippoMan avatar Server

Getting postfix to forward a certain warning to the milter

by flag
HippoMan

I'm running postfix 2.11.3 under Debian.

I have installed a homegrown milter which runs in conjunction with CONNECTION, HELO, MAIL FROM, RCPT TO, HEADERS, and EOM, and it's been working well for years. It uses the standard milter API.

When the sender specifies a syntactically incorrect address, I see errors like the following coming from postfix (where xxx.xxx.xxx.xxx represents the IP address of the sender):

postfix/smtpd[29109]: warning: Illegal address syntax from example.com[xxx.xxx.xxx.xxx] in MAIL command: <[email protected]>
postfix/smtpd[29109]: disconnect from example.com[xxx.xxx.xxx.xxx]

At this point, postfix terminates the connection, but I'm wondering whether there might be a way for the milter to know about this warning and respond to it.

Can the connection be maintained after such an error, perhaps? If so, I could then have the milter trigger the disconnection after processing the error.

Thank you in advance for any ideas and suggestions.

49
1 + 7
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
Postfix alone is able to detect and get rid of the problem, fast and reliable, why you want to involve anything else? Why do you want to maintain a connection with the peer which is clearly breaking the rules? What good you are expecting from such a peer?
0
Reply
HippoMan avatar
by flag
HippoMan
I want to log the sender's email address and IP address in a database I am keeping of various incorrect email connection attempts.
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
You have an IP address. As for email address, again, you will gain nothing knowing it. When spammers send mail the freely fake sender addresses, so most often those addresses are innocent victims. Also notice, it says *wrong address syntax*, what means some garbage went in the place of address that moment. Garbage is even less valuable. // All in all that's strange, I've working with Postfix for 15+ years and maintained a handful of instances overall, but I struggle to remember the "invalid address syntax" message.
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
Also I don't get why "milter" if you need to log.
0
Reply
HippoMan avatar
by flag
HippoMan
I already use my milter for logging other similar events that it is able to respond to. I prefer to re-use my already written software for this than to write something new ... if would be possible to send the info about these particular warnings to my milter. But since that doesn't seem possible, I might just have to write the other software, after all. And in visually examining my logs, I see that the IP address is indeed being re-used in some instances. In any case, thank you for your replies.
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
This is wrong preposition. The primary in Internet is: reject as early as possible, use least amount or system resources that is possible. For example consider operation under DDoS: if you send all to heavy milter, you'll much more likely be overloaded. And in this case Postfix provides you with the capability to reject without even touching a database etc., just by analyzing the validity of the address. Wonderful, and thank Wietse for this!
1
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
by the way, postfix 2.11.3 is what Debian? Consider upgrading; current has 3.5.17
1
Reply
Score:0
anx avatar Server
fr flag
anx

You can do it the other way around: unconditionally place all connections and all successful deliveries into a suitable (e.g. SQL) log. You can then (not necessarily synchronous with ongoing SMTP sessions) filter your log for connections that failed to deliver to at least one recipient. Because there is not much difference between clients that disconnect cleanly, clients that fail to continue after initial greeting, clients that send garbage and submissions eventually rejected by local policy. You can treat them all the same.

That being said.. Before you roll out any complex (and thus introducing new edge cases and undesirable error states) mechanism, consider merely capping the number of active connections per IP prefix with a simple firewall rule. Reduce the effect of misbehaving clients to tolerable levels and then just stop caring about what little cycles they waste, so long as they do not waste admin time.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.