On 2011-12-26 5:46 AM, Nick Edwards <nick.z.edwa...@gmail.com> wrote:
> On Sun, Dec 25, 2011 at 1:46 PM, Sahil Tandon wrote:
>> Show the entire log snippet, of which you elided important parts.
> no, I did not, all I did not include was the from/to/helo, from/to
> are irrelevant and the helo, I already mentioned the 5xx resolved and
> the 4xx did not
What you *think* may be irrelevant is very often *very* relevant.
>> Show the output of 'postconf -n' instead of cut & pasting from your
>> main.cf <http://main.cf>.
> Why? The information above is all that is needed as relevant, nothing
> else in postconf output would, apart from sticky beaks wanting to
> know the ins and outs of everyones configs when it clearly is not
> needed, reveal any further information related to this,
One of the main things it will reveal is whether or not you are using
the config that you *think* you are using. It is a very common error for
someone to be editing the wrong main.cf (a secondary one that is
somewhere else that is not actually being read/used by the running
version of postfix), and using postconf -n output will *always* show
what is actually being used - and there is generally nothing there that
if posted to the list would result in any security risk to your system.
The last reason to post *full* logs of the problem transaction *and*
full postconf -n output (feel free to anonymize domain names/IP
addresses if you like *after* you have confirmed that they are actually
correct, but that is almost always not necessary either - security
through obscurity only leads to a *false* sense of security) is simple -
that is the bare minimum of info that is needed for anyone here to be
able to *help* you with any level of certainty, and that is why the
welcome message you got when you joined this list instructs you to
provide said info.
On 2011-12-26 5:54 AM, Nick Edwards <nick.z.edwa...@gmail.com> wrote:
On Sun, Dec 25, 2011 at 2:14 PM, Noel Jones <njo...@megan.vbhcs.org
Also note that this restriction is known to reject a considerable
amount of legit mail. Use with caution.
True, but having used it since I became a SP admin, mostly due to places
I worked at always already using it and their admins some of which have
been mail admins for over twenty years, sticking by it, say and I too
have found, the benefits have always outweighed the risks.
As is the words of my first mentor "why is it our problem, if the sender
is not RFC compliant"
As has been stated, you *will* lose/reject *legitimate* mail using this
setting. Yes, in a perfect world, all servers would be RFC compliant -
but a perfect world this isn't.
--
Best regards,
Charles
