>> I guess there is a missing feature to configure milter in test mode.
>
> You could temporarily add '-o soft_bounce=yes' in master.cf.
Good point. It has not the same behavior than warn_if_reject but it is also
useful. thanks
Worldline is a registered trade mark and trading name owned by
Hello
I saw myrambler.ru has a special setting for SPF:
myrambler.ru. 3599IN TXT "v=spf1
ip4:81.19.78.96/27 ip4:81.19.78.0/27 ip4:81.19.88.0/24
-exists:%{ir}.spf.rambler.ru ~all"
what does it mean for this part:
-exists:%{ir}.spf.rambler.ru
Thank you.
Hello
on 2019/11/27 12:20, Richard Damon wrote:
DMARC/SPF, which only validates to the From: header will break.
If the sender domain set up SPF to:
v=spf1 ip4:0.0.0.0/0 ~all
Will this pass through any SPF check?
regards.
On 11/26/19 2:07 PM, Benny Pedersen wrote:
> Den 26-11-2019 kl. 17:59 skrev Marek Kozlowski:
>
>> OK. I do not insist on postsrsd. I'd really appreciate any
>> suggestion: what can I use instaed of it - what do you recommend?
>
> no one uses spf anymore since it breaks mailling lists very badly ?,
On 26 Nov 2019, at 19:00, 황병희 wrote:
>> How about moving to Gmail(Google Apps)? Gmail's spam defense is not bad, i
>> think.
>>
>> I disagree. It often labels mailing list email as spam, [...]
>
> Personally i read public mailing lists' messages by Gmane.
Ugh. Just about the only reason I
on 2019/11/27 10:00, 황병희 wrote:
Personally i read public mailing lists' messages by Gmane. There is
example screenshot [0]. So i have no problem about that.
For customized spam policy, I found Tuffmail has a flexible interface.
Regards.
Hello Jeffrey again^^^
> How about moving to Gmail(Google Apps)? Gmail's spam defense is not bad, i
> think.
>
> I disagree. It often labels mailing list email as spam, [...]
Personally i read public mailing lists' messages by Gmane. There is
example screenshot [0]. So i have no problem about
:-)
sender_canonical_maps = unionmap:{ldap:/etc/postfix/ldap-canonical.cf,
ldap:/etc/postfix/ldap-canonical2.cf, tcp:127.0.0.1:10001}
By design, unionmap can produce multiple results separated by comma.
That would be wrong. >
Why not:
sender_canonical_maps =
Marek Kozlowski:
> :-)
>
> >> Some users forward their incoming mail to some external mail servers.
> >> Unfortunately AFAIK with no action taken it may result in breaking the
> >> SPF. The solution for this problem I know is rewriting addresses with
> >> SRS (postsrsd). Unfortunately postsrsd
:-)
Some users forward their incoming mail to some external mail servers.
Unfortunately AFAIK with no action taken it may result in breaking the
SPF. The solution for this problem I know is rewriting addresses with
SRS (postsrsd). Unfortunately postsrsd uses the same settings as
canonicals do
Marek Kozlowski:
> :-)
>
> Some users forward their incoming mail to some external mail servers.
> Unfortunately AFAIK with no action taken it may result in breaking the
> SPF. The solution for this problem I know is rewriting addresses with
> SRS (postsrsd). Unfortunately postsrsd uses the
Den 26-11-2019 kl. 17:59 skrev Marek Kozlowski:
OK. I do not insist on postsrsd. I'd really appreciate any suggestion:
what can I use instaed of it - what do you recommend?
no one uses spf anymore since it breaks mailling lists very badly ?,
postfix maillist have not even spf helo pass :)
:-)
Some users forward their incoming mail to some external mail servers.
Unfortunately AFAIK with no action taken it may result in breaking the
SPF. The solution for this problem I know is rewriting addresses with
SRS (postsrsd). Unfortunately postsrsd uses the same settings as
canonicals
On 2019-11-26 7:56 a.m., Wesley Peng wrote:
> If using plain port 25, the messages are not secure enough for traffic.
> From what I know there is a technology calling Traffic hijacking.
What makes one port number more or less secure than another? Security
is based on what goes over the port, not
> Is there any guide for it?
For sending mail to public mailing lists, Gmane is good. Gmane keep your
privacy all the time.
Also MX is good to use Cloud VM such as AWS, Google Cloud Platform if
you install Postfix.
Sincerely,
--
^고맙습니다 _地平天成_ 감사합니다_^))//
On 26 Nov 2019, at 7:56, Wesley Peng wrote:
Hi
on 2019/11/26 20:53, Jaroslaw Rafa wrote:
Sending mail out of a MTA is always on port 25. STARTTLS is used if
possible.
If using plain port 25, the messages are not secure enough for
traffic.
A rationally configured mail server in 2019
on 2019/11/26 19:27, Matus UHLAR - fantomas wrote:
...and there's no "starttls" on 465, that's what I meant "implicit".
while port 465 was assigned for SMTPS in January 2018, it's been used this
way on many sites/services for years (even decades)
On 26.11.19 20:50, Wesley Peng wrote:
How the
Hi
on 2019/11/26 20:53, Jaroslaw Rafa wrote:
Sending mail out of a MTA is always on port 25. STARTTLS is used if
possible.
If using plain port 25, the messages are not secure enough for traffic.
From what I know there is a technology calling Traffic hijacking.
Regards.
Dnia 26.11.2019 o godz. 20:50:51 Wesley Peng pisze:
>
> How the traffic between big one's MTAs get through?
> For example, gmail send messages to web.de via port 465 by SSL, or
> just plain port 25?
Sending mail out of a MTA is always on port 25. STARTTLS is used if
possible.
Ports 468/587 are
Hi
on 2019/11/26 19:27, Matus UHLAR - fantomas wrote:
...and there's no "starttls" on 465, that's what I meant "implicit".
while port 465 was assigned for SMTPS in January 2018, it's been used this
way on many sites/services for years (even decades)
How the traffic between big one's MTAs get
K F:
> Hi All
> I'm trying to figure out how I can set up force tls for specific
> sending domains. I have several domains going through the postfix,
> and one of them has a requirement that TLS should be forced, the
> others are ok with May.And if it can't connect with tls, it should
> bounce the
Hi All
I'm trying to figure out how I can set up force tls for specific sending
domains. I have several domains going through the postfix, and one of them has
a requirement that TLS should be forced, the others are ok with May.And if it
can't connect with tls, it should bounce the mail.
But I
MICHEL, SEBASTIEN:
> >> > It seems the tempfail is from the milter, not from Postfix. Postfix
> >> > is not in a position to know that the milter is not working as it
> >> > should, the milter is responding "normally".
> >>
> >> That's too bad. I'm surely oversimplifying things but I figured the
on 2019/11/26 17:02, Matus UHLAR - fantomas wrote:
I would set up port 465 also. Note that TLS on 465 is implicit,
while on 587 is
explicit, so it's easier to allow unencrypted connections by a mistake on
587.
On Tue, 26 Nov 2019, Wesley Peng wrote:
587 is also used for StartTLS, am I
On Tue, 26 Nov 2019, Wesley Peng wrote:
on 2019/11/26 17:02, Matus UHLAR - fantomas wrote:
I would set up port 465 also. Note that TLS on 465 is implicit, while on
587 is
explicit, so it's easier to allow unencrypted connections by a mistake on
587.
587 is also used for StartTLS, am I
Dnia 26.11.2019 o godz. 10:23:09 Conz pisze:
>
> This makes it look like all mail is sent from the email server
> itself and hides your client. I can't remember where I got the above
> from but I found it somewhere, possibly even from this list.
Isn't it simpler to just use a server-based email
My 1 cent for privacy wise (assuming you're hosting on a VPS and not at
home)
Remove headers and your home IP with postfix:
master.cf:
under submission:
-o cleanup_service_name=auth-cleanup
auth-cleanup unix n - n - 0 cleanup
-o
on 2019/11/26 17:02, Matus UHLAR - fantomas wrote:
I would set up port 465 also. Note that TLS on 465 is implicit, while on
587 is
explicit, so it's easier to allow unencrypted connections by a mistake on
587.
587 is also used for StartTLS, am I right?
regards.
To make a long story short, in the past I used a hosting service. The email
server was totally pwned by a Round Cube exploit from a hacker in a country I
never occupied. Hence my advice to keep the server secure and reduce the attack
surface.
Do hackers actually use their home ISPs? Yes if the
On 25.11.19 18:22, lists wrote:
At a minimum, I would set it up to use port 587.
I would set up port 465 also. Note that TLS on 465 is implicit, while on 587 is
explicit, so it's easier to allow unencrypted connections by a mistake on
587.
Then block via firewall all the email ports other
>> > It seems the tempfail is from the milter, not from Postfix. Postfix
>> > is not in a position to know that the milter is not working as it
>> > should, the milter is responding "normally".
>>
>> That's too bad. I'm surely oversimplifying things but I figured the milter
>> would do something
31 matches
Mail list logo
