September 2021
M	T	W	T	F	S	S
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Archive for the ‘SMTP’ Category

On my list of things to try: Amazon SES for outbound/inbound email handling

Posted by jpluimers on 2021/08/10

SES mail servers at the time of writing

*n*x:

# nslookup -type=TXT amazonses.com | grep "v=spf1"
amazonses.com   text = "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:76.223.180.0/23 ip4:76.223.188.0/24 ip4:76.223.189.0/24 ip4:76.223.190.0/24 -all"I

Windows

C:\>nslookup -type=TXT amazonses.com | find "v=spf1"
Non-authoritative answer:
        "v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:76.223.180.0/23 ip4:76.223.188.0/24 ip4:76.223.189.0/24 ip4:76.223.190.0/24 -all"

These addresses use a compact CIDR notation to denote ranges of networks containing ranges of network IPv4 addresses.

CIRD processing to sendmail access file

(this is linux sendmail only)

Converting the nslookup outout to a CIDR based sendmail /etc/mail/access excerpt goes via a pipe sequence of multiple sed commands:

# nslookup -type=TXT amazonses.com | grep "v=spf1" | sed 's/\(^.*"v=spf1 ip4:\| -all"$\)//g' | sed 's/\ ip4:/\n/g' | xargs -I {} sh -c "prips {} | sed 's/$/\tRELAY/g'"
199.255.192.0   RELAY
199.255.192.1   RELAY
...
76.223.190.254  RELAY
76.223.190.255  RELAY

What happens here is this:

Filter out only spf1 records using grep.
Remove the head (.*v=spf1 ip4:) and tail ( -all") of the output, see [WayBack] use of alternation “|” in sed’s regex – Super User.
Replaces all ip4: with newlines (so the output get split over multiple lines), see [WayBack] linux – splitting single line into multiple line in numbering format using awk – Stack Overflow.
Convert the CIDR notation to individual IP addresses (as sendmail cannot handle CIDR),
1. This uses a combination of xargs with the sh trick to split the CIDR list into separate arguments, and prips (which prints the IP addresses for a CIDR); see:
  - for xargs with sh: [WayBack] shell – Piping commands after a piped xargs – Unix & Linux Stack Exchange
  - for prips: [WayBack] prips / Prips · GitLab and [WayBack] Sendmail Open Source FAQs 0 (PDF).
2. Alternatively, use
  - cidrexpand (which requires Perl), see [WayBack] sendmail access file and cidrexpand and [WayBack] cidrexpand in sendmail | source code search engine
  - the bash script at [WayBack] ip address – Bash script to list all IPs in prefix – Stack Overflow
Replaces all end-of-line anchor ($) with a tab followed by RELAY, see
- [WayBack] Bash sed replace double dollar sign $$ extended regular expressions – Unix & Linux Stack Exchange
- [WayBack] Sendmail 8.12.3 cf/README – Anti-Spam Configuration Control

You can append the output of this command to /etc/mail/access, then re-generate /etc/mail/access.db and restart sendmail; see for instance [WayBack] sendmail access.db by example | LinuxWebLog.com.

Without the xargs, the output would look like this:

# nslookup -type=TXT amazonses.com | grep "v=spf1" | sed 's/\(^.*"v=spf1 ip4:\| -all"$\)//g' | sed 's/\ ip4:/\n/g'
199.255.192.0/22
199.127.232.0/22
54.240.0.0/18
69.169.224.0/20
76.223.180.0/23
76.223.188.0/24
76.223.189.0/24
76.223.190.0/24

Via

–jeroen

Posted in *nix, *nix-tools, Amazon SES, Amazon.com/.de/.fr/.uk/..., Cloud, Communications Development, Development, Infrastructure, Internet protocol suite, Power User, sendmail, SMTP, Software Development | Leave a Comment »

email file decoding: Encode/Decode Quoted Printable – Webatic

Posted by jpluimers on 2021/03/26

For my link archive: [WayBack] Encode/Decode Quoted Printable – Webatic.

It did a splendid job at decoding email files in MIME format Quoted-printable.

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, eMail, Encoding, Internet, Internet protocol suite, Power User, sendmail, SMTP, SocialMedia, Software Development | Leave a Comment »

Postfix TLS Support

Posted by jpluimers on 2021/02/25

For my link archive:

[WayBack] Postfix TLS Support
Topics covered in this section:
[WayBack] Adding TLS support to Postfix
[WayBack] How to secure Postfix using Let’s Encrypt – UpCloud
[WayBack] How to configure TLS encryption in Postfix – Zurgl (adding it to an existing Postfix configuration)
[WayBack] enforce TLS on incoming mail in postfix – Server Fault
[WayBack] Postfix and TLS encryption

In this post I will show how I setup a smtp server running Postfix with TLS encryption and with the correct cyphers. So that email between smtp servers where possible is using strong email encryption.

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, postfix, Power User, SMTP | Leave a Comment »

Indy10, TIdSMTP, how to get protocol log?

Posted by jpluimers on 2020/12/17

Indy is great, but not well documented so: [WayBack] Indy10, TIdSMTP, how to get protocol log? I try to get log from SMTP communication, like this (copy from wiki): {code} S: 220 smtp.example.com ESMTP P… – Jacek Laskowski – Google+

Q

Indy10, TIdSMTP, how to get protocol log?

I try to get log from SMTP communication, like this (copy from wiki):

{code}
S: 220 smtp.example.com ESMTP Postfix
C: HELO relay.example.com
S: 250 smtp.example.com, I am glad to meet you
C: MAIL FROM:<bob@example.com>
S: 250 Ok
C: RCPT TO:<alice@example.com>
S: 250 Ok
C: RCPT TO:<theboss@example.com>
S: 250 Ok
C: DATA
S: 354 End data with <CR><LF>.<CR><LF>
C: From: "Bob Example" <bob@example.com>
C: To: Alice Example <alice@example.com>
C: Cc: theboss@example.com
C: Date: Tue, 15 January 2008 16:02:43 -0500
C: Subject: Test message
{code}

but without success :-(

I try use many events from TIdSMTP, TIdLogEvent, TIdSSLIOHandlerSocketOpenSSL but result is low level like bytes, status etc. not true SMTP log.

How to do it?

A

Rik van Kekem+1

Did you try using TIdLogFile like it is shown here? (It is the first hit in Google) For me it created readable logfiles. rajapet.com – How to log the TIDSmtp component

[WayBack] How to log the TIDSmtp component | Chris Miller’s 3rd Blog:

      try
        try
          IdLogFile.Active := true;
          fsmtp.IOHandler := TIdIOHandler.MakeDefaultIOHandler(fsmtp);
          fsmtp.IOHandler.Intercept := IdLogFile;
          fsmtp.IOHandler.OnStatus := fsmtp.OnStatus;
          fSMTP.Connect;
          fSMTP.Send(fMessage);
        except
          on e: exception do begin
            MessageDlg(‘Error sending message: ‘ + e.Message, mtError, [mbOK], 0);
          end;
        end;
      finally
        if fSMTP.Connected then
          fSMTP.Disconnect(true);
        IdLogFile.Active := false;
      end;

[Archive.is] Internet Direct (Indy): TIdSMTP Class

[Archive.is] Internet Direct (Indy): TIdLogFile Class

[Archive.is] Internet Direct (Indy): TIdIOHandler Class

[Archive.is] Internet Direct (Indy): TIdIOHandler.Intercept Property

[WayBack] Ruminated Rumblings

[WayBack] SMTP Mail and Indy (again) | Ruminated Rumblings

Jacek Laskowski

+Rik van Kekem Thanks! I need to set LogEvent.Active: = True! ;-)

Sending stuff still might be tough, so you might want to consider alternatives too: [WayBack] I need to add to the REST server the ability to send emails with attachments of different types. Which library is best to use? Indy or maybe ICS? Of cou… – Jacek Laskowski – Google+

Q

I need to add to the REST server the ability to send emails with attachments of different types. Which library is best to use? Indy or maybe ICS? Of course with SSL/TLS support.

A

Dany Marmur+2

+Balázs Szakály, YES! Synapse. Let’s get people using it more. You can give it some criticism surely, but consider the pro’s:

It is straight-forwardly-written so when you hit a wall you can read the code easily (compared to other solutions),

You can inherit, extend and extrapolate, re-use and tweak,

Very Delphi-ish (TMimeMessages = TStringList or some such, not at at devmachine atm)

Compact and free!

Quite stable too.

–jeroen

Posted in Communications Development, Delphi, Development, Indy, Internet protocol suite, SMTP, Software Development | Leave a Comment »

Some postfix notes

Posted by jpluimers on 2020/10/15

Postfix has documentation on primary MX and secondary MX, but not on tertiary MX.

If the primary MX is down, you have a series of secondary MX and tertiary MX that configured the same way, MX DNS priority for primary, the series of secondary MX and tertiary MX have increasing numbers, and the primary MX goes down, then senders can get “too many hops” as secondary and tertiary MX are looping.

I had a hard time finding a good and easy solution as these queries do not return many meaningful results:

“too many hops” “postfix” MX – Google Search

Here are some links that helped getting this solved:

[WayBack] Postfix Frequently Asked Questions: What does “Error: too many hops” mean?

Short answer: this message means that mail is probably looping. If you see this after you turned on Postfix content filtering, then you have made a mistake that causes mail to be filtered repeatedly. This is cured by appropriate use of content_filter=, header_checks=, and body_checks=.

Long answer: the message has too many Received: message headers. A received header is added whenever Postfix (or any MTA) receives a message. A large number of Received: message headers is an indication that mail is looping around.

Side comment: email uses the opposite of the technique that is used to avoid IP forwarding loops. With IP, the sender sets a TTL (time to live) field in the IP header. The field is decremented by each router. When the TTL reaches zero the packet is discarded and an ICMP error message is returned to the sender.
[WayBack] Error: too many hops (in reply to end of DATA command) · Issue #713 · mail-in-a-box/mailinabox · GitHub

In case you or anyone else was/is wondering about the mydestination = localhost thing, the reason it has to be set to just localhost is because MIAB uses Postfix’s “virtual domain hosting” (http://www.postfix.org/VIRTUAL_README.html) support. Per the documentation for mydestination at http://www.postfix.org/postconf.5.html#mydestination:

Do not specify the names of virtual domains – those domains are specified elsewhere. See VIRTUAL_README for more information.

(in the context of MIAB every domain is a virtual domain).

In my case a series of these:

Received: from mwgp.xs4all.nl (mwgp.xs4all.nl [80.101.239.92])
    by fiber24315337242.heldenvannu.net (Postfix) with ESMTP id 26395200FE
    for <jeroen@pluimers.com>; Fri, 29 Jun 2018 11:01:02 +0200 (CEST)
Received: from fiber24315337242.heldenvannu.net (unknown [37.153.243.246])
    by mwgp.xs4all.nl (Postfix) with ESMTP id 077A5E937
    for <jeroen@pluimers.com>; Fri, 29 Jun 2018 11:01:02 +0200 (CEST)

Specifying the transport will likely help me solve this problem:

postfix tell which mx host to use – Google Search

This all came down to editing /etc/postfix/transport adding lines for each relayed domain like this one:

example.org    smtp:[mx-a-record.example.org]

Lines like it direct to use the smtp transport and use a specific host (normally, the relay transport is being used).

After this:

# postmap /etc/postfix/transport # rcpostfix reload

I choose not to configure [WayBack] Postfix Configuration Parameters: relay_recipient_maps, but might if I had an automated way of replicating lists of valid (and invalid) users.

Another option was confirmed at [WayBack] Software-update: Postfix 3.4.0 / 3.3.3 / 3.2.8 / 3.1.11 / 3.0.15 – Computer – Downloads – Tweakers by [WayBack] menocchio. Thanks!

Dat is volgens mij eenvoudig op te lossen met relay_transport of transport_maps. Zie ook: Postfix transport table format.

Daarmee dwing je de secondary servers de mail altijd af te willen leveren bij de primary server (en dus niet bij een andere secondary). En als de primary niet online is, dan wacht ie netjes tot dat wel het geval is :-)

Bijvoorbeeld:
relay_transport = smtp:[primarymx.domain.tld]

Likely relevant: [WayBack] The Book of Postfix

Maybe relevant in the future:

postfix limit relay to hosts – Google Search
[WayBack] debian – Remote Postfix server for email relaying multiple domains – Server Fault
[WayBack] mysql – Postfix — mail forwarding loop – Server Fault
[WayBack] How can I get postfix to send mail to different relay hosts? – Server Fault
Source: postfix secondary – Google Search
[WayBack] MX Backup – Postfix Email Server | samhobbs.co.uk
Source: “loops back to myself” postfix mx – Google Search
- On using mydestination
[WayBack] Postfix Basic Configuration: relay_domains and relayhost
- [WayBack] Postfix Configuration Parameters: relay_domains
- [WayBack] Postfix Configuration Parameters: relayhost which information is overruled with relay_transport, sender_dependent_default_transport_maps, default_transport, sender_dependent_relayhost_maps and with the transport(5)
  - [WayBack] Postfix manual – transport(5)
[WayBack] Postfix Small/Home Office Hints and Tips
[WayBack] Postfix Standard Configuration Examples
- especialy [WayBack] Postfix Standard Configuration Examples: Postfix email firewall/gateway
- but basically all of it:
  The first part of this document presents standard configurations that each solve one specific problem.
  The second part of this document presents additional configurations for hosts in specific environments.
“postfix” “tertiary mx” – Google Search and “postfix” “relayhost” “tertiary mx” – Google Search
- [WayBack] How to configure Postfix relayhost (smarthost) to send eMail using an external smptd – nixCraft
- [WayBack] Postfix: Backup MX | SecOPS / SysOp blog which makes me need to research if these are still relevant:
  - [WayBack] Postfix Configuration Parameters: permit_mx_backup_networks
  - [WayBack] Postfix Configuration Parameters: permit_mx_backup
- ___

Found on my hunt for the above:

[WayBack] postfix secondary mx relay only to primary mx – Google Search
- [WayBack] smtp – What’s wrong here? Postfix secondary MX relay with redirection of specific email addresses – Server Fault
[WayBack] postfix relay bounce – Google Search
- [WayBack] [SOLVED] postfix ‘status=bounced’ unable to send email to a domain
  - [WayBack] Postfix Transport Maps – Diverting Mail Traffic | nooblet.org
    
    Create a file named transport in /etc/postfix and add the following text,
    
    gmail.com smtp:smtp.yourisp.com:25
    googlemail.com smtp:smtp.yourisp.com:25
    
    Remember to swap “smtp.yourisp.com” for the address of your ISP’s smtp relay server.
    
    Now we need to compile this file using the postmap command,
    
    postmap /etc/postfix/transport
    
    Edit /etc/postfix/main.cf and add this line at the bottom,
    
    transport_maps = hash:/etc/postfix/transport
    
    Restart postfix and you should find all mail addressed to @gmail.com or @googlemail.com will be redirected to your smtp relay.
- [WayBack] Postfix Performance Tuning: Tuning the number of simultaneous deliveries
- [WayBack] Postfix Configuration Parameters: fallback_relay fallback_relay (default: empty)
  
  Optional list of relay hosts for SMTP destinations that can’t be found or that are unreachable. With Postfix 2.3 this parameter is renamed to smtp_fallback_relay.
- [WayBack] Postfix Configuration Parameters: smtp_fallback_relay smtp_fallback_relay (default: $fallback_relay)
  
  Optional list of relay hosts for SMTP destinations that can’t be found or that are unreachable. With Postfix 2.2 and earlier this parameter is called fallback_relay.

Try not to make typo’s: [WayBack] postfix appears not finding MX records or host names from DNS

Interesting thought, but not sure how smart SPAM bots are now: [Archive.is] Spam relaying through secondary MX… – Google Groups

To archive this:

Rename from
- https://groups.google.com/forum/#!topic/list.postfix.users/swiNHnRnmUI
To
- https://groups.google.com/d/topic/list.postfix.users/swiNHnRnmUI
Then save in Archive.is

–jeroen

Posted in Communications Development, Development, DevOps, DNS, Infrastructure, Internet, Internet protocol suite, Power User, SMTP | Leave a Comment »

« Previous Entries

	jpluimers on linux – How can I find a…
	jpluimers on The Windows key has no Unicode…
	sglienke on DUnit with FastMM: Detecting m…
	dummzeuch on Parser generator toolset for D…
	Jürgen Krämer on Space matching with sed is dif…

The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

Twitter Updates

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘SMTP’ Category

On my list of things to try: Amazon SES for outbound/inbound email handling

SES mail servers at the time of writing

CIRD processing to sendmail access file

Via

email file decoding: Encode/Decode Quoted Printable – Webatic

Postfix TLS Support

Indy10, TIdSMTP, how to get protocol log?

Q

A

Q

A

Some postfix notes

The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

Twitter Updates

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘SMTP’ Category

On my list of things to try: Amazon SES for outbound/inbound email handling

SES mail servers at the time of writing

CIRD processing to sendmail access file

Via

Rate this:

Share this:

Like this:

email file decoding: Encode/Decode Quoted Printable – Webatic

Rate this:

Share this:

Like this:

Postfix TLS Support

Rate this:

Share this:

Like this:

Indy10, TIdSMTP, how to get protocol log?

Q

A

Q

A

Rate this:

Share this:

Like this:

Some postfix notes

Rate this:

Share this:

Like this: