We are trying to forward all emails to a specific email address. I think everything is set up okay, such as 'main.cf' and 'virtual-regexp' files. If we put the following in the 'virtual' file, the forwarding works correctly:
#ourmail.com mainid#ourmail.com
However, if we try to use the following in 'virtual' to send ALL email to the ID, it ignores it and sends it to the original user:
(.*) mainid#ourmail.com
We got the idea for the above from the following question and answer:
postfix 2.9.6.1 forward all mail to an external mail address
Any ideas why the pattern '(.*)' doesn't work? We've tried so many different patterns that our heads are starting to spin.
we solved the issue.
You need to complete the steps listed in the link above. But, in addition, you need to comment out the following lines in main.cf (if they are there) before restarting the postfix process:
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual
Related
I know I got quite rusty when it comes to bash coding, especially the more elaborate needed trickery handling awk or sed parts.
I do have a script that logs the IP address currently in use for the interwebs.
It gets that by either using wget -q0 URL or lynx -dump URL.
The most easy one was a site that only returned the IP address in plain text and nothing else. Unfortunately that site no longer exists.
The code was simple as can be:
IP=$(wget -qO - http://cfaj.freeshell.org/ipaddr.cgi)
But alas! using the code returns nothing cause the site is gone, as lynx can tell us:
$ lynx -dump http://cfaj.freeshell.org/ipaddr.cgi
Looking up cfaj.freeshell.org
Unable to locate remote host cfaj.freeshell.org.
Alert!: Unable to connect to remote host.
lynx: Can't access startfile http://cfaj.freeshell.org/ipaddr.cgi
Some other sites I used to retrieve for the same purpose no longer work either.
And the one I want to use is a German speaking one, not that I care one way or the other, it could be in Greek or Mandarin for all I care. I want only to have the IP address itself extracted, but like I said, my coding skills got rusty.
Here is the relevant area of what lynx -dump returns
[33]powered by
Ihre IP-Adresse lautet:
178.24.x.x
Ihre IPv6-Adresse lautet:
Ihre System-Informationen:
when running it as follows:
lynx -dump https://www.wieistmeineip.de/
Now, I need either awk or sed to find the 178.24.x.x part. (I know it can be done with python or Perl as well, but both are not part of a standard setting of my Linux, while awk and sed are.)
Since the script is there to extract the IP address, one needs to do the following either via sed or awk:
Search for "Ihre IP-Adresse lautet:"
Skip the next line.
Skip the whitespace at the beginning
Only return what is left of that line (without the lf at the end).
In the above example (that shows only the relevant part of the lynx dump, the whole dump is much larger but all above and below is irrelevant.) it would be "178.24.x.x" that should be returned.
Any help greatly appreciated to get my log-ip script back into working order.
Currently I have collected some other working URLs that report back the own internet IP. Any of these can also be used, but the area around the reported IP will differ from the above example. These are:
https://meineipinfo.de/
http://www.wie-ist-meine-ip.net/
https://www.dein-ip-check.de/
https://whatismyipaddress.com/
https://www.whatismyip.org/
https://www.whatismyip.net/
https://mxtoolbox.com/whatismyip/
https://www.whatismyip.org/my-ip-address
https://meineipadresse.de/
Even duckduckgo returns the IP address when e.g. asked this: https://duckduckgo.com/?q=ip+address&ia=answer
At least I know of no way of getting the own IP address when using the internet without retrieving an outside URL that reports that very IP address back to me.
You can do:
wget -O - v4.ident.me 2>/dev/null && echo
So, if you have a VM in some cloud provider you can solve this easily. I wrote some small Go app than echoes back an HTTP request. For instance :
$ curl 167.99.63.182:8888
Method ->
GET
Protocol ->
HTTP/1.1
Headers ->
User-Agent: [curl/7.54.0]
Accept: [*/*]
Content length (in Bytes) ->
0
Remote address ->
179.XXXXX
Payload
####################
####################
Where remote address is the address which the app received, hence, your IP.
And in case you are wondering, yes, 167.99.63.182 is the IP of the server and you can curl it right now and check it. I am disclosing the IP as anyway I get bombarded by brute force attacks for as long as I can remember and the machine does not have anything worth the break through.
Not exactly without relying on external services, but you could use dig to reach out to the resolver at opendns.com:
dig +short myip.opendns.com #resolver1.opendns.com
I think this is easier to integrate to a script.
Happy New Year all!
So, I've been having some trouble matching the host IP of an attacker when using Fail2Ban to read my FreeSwitch log file. Please pardon me if this is the wrong forum for this, but I couldn't think of anywhere else to post this.
Here's the log line:
2017-01-01 10:44:08.717205 [DEBUG] sofia.c:9746 sofia/external/1001#105.121.25.131 receiving invite from 217.79.182.240:5080 version: 1.6.13 -21-e755b43 64bit
This was my first attempt:
\[DEBUG\] sofia.c:\d+ ...................#\d+.\d+.\d+.\d+ receiving invite from <HOST>$:\d+
This was my second attempt (simplifying the first):
\[.*#\d+.\d+.\d+.\d+ receiving invite from <HOST>$
My problem is, I'm having a hard time stripping out the IP address from the Port# in this string: 217.79.182.240:5080 so that it is passed to the <HOST> variable. My understanding of REGEX composition has hit a roadblock and could use the combined expertise of others on this forum, thanks.
This is what worked for me (in case someone else runs into this problem):
.*#\d+.\d+.\d+.\d+ receiving invite from <HOST>.*$
Thanks to DigiDaz from the FusionPBX IRC Channel for assisting me with this.
I have installed postfix on my Mac with and changed the following parameters :
mydestination =
relayhost = 127.0.0.1:1025
I've modified mydestination to be blank so that whoever the mail is sent to like bellow in the Terminal it necessarily goes through the relayhost (even if it's sent to #localhost) and I can see it appear in my web-browser in Mailcatcher's tab :
echo "Body test" | mail -s "Subject test" test#dev.local
But here's the thing, when I receive the mail I do receive it instantly with the built-in websockets but if I do reload the page localhost:1080, emails are still there, meaning they must be stored somewhere.
After searching I found that the following URL redirects to a .json that contains received mails that are print out in Mailcatcher's tab :
localhost:1080/messages
But if I do a ls -l in my webroot directory, there's no messages.json that appears. And when you do click on the "Quit" button in Mailcatcher's, then relaunch it by doing mailcatcher and opening again localhost:1080 mails have disappeared...
I don't understand, is there a file that is deleted when you do click "Quit" and that I might haven't seen ?
Thanks for your help !
If you check the source on GitHub you will find something like this SQLite3::Database.new(":memory:", :type_translation => true).tap do |db| in mail.rb.
You may not have noticed, but MailCatcher uses SQLite, and the above tells you that it is configured to run in memory. So, when turning off MailCatcher all the rows that are contained in this database are lost.
Over at dmarc.org, it's suggested that IN TXT records of DNS could be written in a special form within the zone file to make them not overflow the lines in your text editor.
The DMARC policy record might look like this when retrieved using a
common command-line tool:
% dig +short TXT _dmarc.example.com.
"v=DMARC1\; p=none\; rua=mailto:dmarc-feedback#example.com"
To publish such a record, the DNS administrator for the Domain Owner
creates an entry like the following in the appropriate zone file
(following the conventional zone file format):
; DMARC record for the domain example.com
_dmarc IN TXT ( "v=DMARC1; p=none; "
"rua=mailto:dmarc-feedback#example.com" )
I've tried following the example in my actual zone file with NSD; however, when I then query the domain, I actually get the results wrapped up on multiple lines, too.
% dig +short TXT _dmarc.example.su
"v=DMARC1\; " "p=reject\; " "rua=mailto:rua-dmarc#example.su"
Is this expected? Is this likely to break some software that's supposed to parse these TXT records to get the DMARC / SPF / DKIM / etc?
The individual components of a TXT record may only contain up to 255 characters each, since they're transmitted on the wire in <length><data ...> format.
Any code that's potentially expecting to take more than 255 characters SHOULD be able to coalesce multiple components into a single character array.
In master file format the braces surrounding the strings indicate that multiple components are to be included in a single TXT record - without them this would have created two separate TXT records, and the relative order of the two records would be undefined and subject to change.
It's hard to tell since it will depend on the final implementation of the DMARC checker. However, even detailed in the DMARC document, a DMARC record is no such big that you could overflow your editor.
In my case, using the last opendmarc package on Ubuntu Trusty (14.04) along with Postfix, made the daemon crash when processing some weird/malformed DMARC DNS records (but not exactly the case you mention).
I would simply add the one-line approach and play it safe, not just because of a possible break of the checker software, but even worse would be getting your mail rejected because policy doesn't seem to be alligned when it actually is!
So I'd just add something like this:
_dmarc.example.su IN TXT "v=DMARC1; p=reject; rua=mailto:rua-dmarc#example.su"
I've been looking everywhere for a solution but didn't find.
What I need is to whitelist some recipient addresses so they won't ever go to the spamassassin filtering.
In my master.cf in postfix I have this:
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
Thanks in advance.
From https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html
whitelist_to user#example.com
If the given address appears as a recipient in the message headers (Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will be whitelisted. Useful if you're deploying SpamAssassin system-wide, and don't want some users to have their mail filtered. Same format as whitelist_from.
There are three levels of To-whitelisting, whitelist_to, more_spam_to and all_spam_to. Users in the first level may still get some spammish mails blocked, but users in all_spam_to should never get mail blocked.
The headers checked for whitelist addresses are as follows: if Resent-To or Resent-Cc are set, use those; otherwise check all addresses taken from the following set of headers:
To
Cc
Apparently-To
Delivered-To
Envelope-Recipients
Apparently-Resent-To
X-Envelope-To
Envelope-To
X-Delivered-To
X-Original-To
X-Rcpt-To
X-Real-To
Open this file:
/etc/spamassassin/local.cf and add this line:
whitelist_from abc#def.com
That will whitelist the address. To blacklist an address just use
blacklist_from abc#def.com
Also, I'm running Ubuntu, and they also include a file in the same location,
65_debian.cf. You can add that there as well.
Make sure this plugin is uncommented:
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
whitelist_from abc#def.com
...
endif
All your whitelist/blacklist rules along with custom scores and rules should fall within these lines.