Re: check_client_access
On Sat, Apr 30, 2022 at 10:28:06AM +1000, raf wrote: > > .domain.tld > > > > Matches subdomains of domain.tld, but only when the > > string smtpd_access_maps is not listed in the Postfix > > parent_domain_matches_subdomains configuration setting. > > The .domain.tld notation only covers a single level of > subdomain, This is false. With non-regexp access(5) tables, each level of the domain hierarchy is tried in turn, all the way up to the TLD. If "parent_domain_matches_subdomains" includes "smtpd_access_maps", then the parent domain keys are "dotless", otherwise all parent domain lookup keys start with a leading ".". -- Viktor.
Re: Inconsistency between postconf(5) and IPV6_README
On Sat, Apr 30, 2022 at 12:49:30AM +, Pau Amma wrote: > I finally got around to this, or rather to the half that didn't have a > mention of NO_IPV6. While there, I noticed a stray uppercase letter > elsewhere (2x) and fixed that as well. Patch (generated from > postfix-3.8-20220421) attached. The source file for IPV6_README is: proto/IPV6_README.html > +++ postfix-tmp/README_FILES/IPV6_README 2022-04-30 02:35:27.514645000 > +0200 This is a derived file, and the patch should be against the "proto" file. > +++ postfix-tmp/proto/INSTALL.html2022-04-30 02:40:25.455297000 +0200 THis is the only "INSTALL" file to edit. -- Viktor.
Re: Inconsistency between postconf(5) and IPV6_README
On 2021-01-21 05:03, Viktor Dukhovni wrote: On Thu, Jan 21, 2021 at 04:37:19AM +, Pau Amma wrote: http://www.postfix.org/postconf.5.html#inet_protocols says: inet_protocols = all (DEFAULT) http://www.postfix.org/IPV6_README.html says: inet_protocols = ipv4 (DEFAULT: enable IPv4 only) The inconsistency should be fixed. Sure, but it may be worth noting that the default is actually platform and compile-time configuration dependent. I finally got around to this, or rather to the half that didn't have a mention of NO_IPV6. While there, I noticed a stray uppercase letter elsewhere (2x) and fixed that as well. Patch (generated from postfix-3.8-20220421) attached. -- #BlackLivesMatter #TransWomenAreWomen #AccessibilityMatters #StandWithUkrainians English: he/him/his (singular they/them/their/theirs OK) French: il/le/lui (iel/iel and ielle/ielle OK) Tagalog: siya/niya/kaniya (please avoid sila/nila/kanila) diff -ru postfix-3.8-20220421/README_FILES/IPV6_README postfix-tmp/README_FILES/IPV6_README --- postfix-3.8-20220421/README_FILES/IPV6_README 2021-12-20 23:12:03.0 +0100 +++ postfix-tmp/README_FILES/IPV6_README 2022-04-30 02:35:27.514645000 +0200 @@ -83,6 +83,9 @@ Note 2: on older Linux and Solaris systems, the setting "inet_protocols = ipv6" will not prevent Postfix from accepting IPv4 connections. +Note 3: to pretend IPv6 isn't supported (for testing only), use the NO_IPV6 +compilation option. + * The other new parameter is smtp_bind_address6. This sets the local interface address for outgoing IPv6 SMTP connections, just like the smtp_bind_address parameter does for IPv4: diff -ru postfix-3.8-20220421/html/INSTALL.html postfix-tmp/html/INSTALL.html --- postfix-3.8-20220421/html/INSTALL.html 2021-12-20 23:11:55.0 +0100 +++ postfix-tmp/html/INSTALL.html 2022-04-30 02:40:06.987062000 +0200 @@ -837,7 +837,7 @@ -DNO_IPV6 Do not build with IPv6 support. By default, IPv6 support is compiled in on platforms that are known to have IPv6 support. Note: this directive is for debugging -And testing only. It is not guaranteed to work on all platforms. +and testing only. It is not guaranteed to work on all platforms. If you don't want IPv6 support, set "inet_protocols = ipv4" in main.cf. diff -ru postfix-3.8-20220421/proto/INSTALL.html postfix-tmp/proto/INSTALL.html --- postfix-3.8-20220421/proto/INSTALL.html 2021-12-20 23:11:11.0 +0100 +++ postfix-tmp/proto/INSTALL.html 2022-04-30 02:40:25.455297000 +0200 @@ -837,7 +837,7 @@ -DNO_IPV6 Do not build with IPv6 support. By default, IPv6 support is compiled in on platforms that are known to have IPv6 support. Note: this directive is for debugging -And testing only. It is not guaranteed to work on all platforms. +and testing only. It is not guaranteed to work on all platforms. If you don't want IPv6 support, set "inet_protocols = ipv4" in main.cf.
Re: check_client_access
On Fri, Apr 29, 2022 at 04:47:51PM -0700, "li...@lazygranch.com" wrote: > I'm trying to allow-list (formerly whitelist) a TLD. I have these lines > in my postfix main.cf: > > check_client_access hash:/etc/postfix/client_checks, > check_sender_access hash:/etc/postfix/sender_checks, > check_client_access hash:/etc/postfix/rbl_override, > > For the rbl_override file is siriusxm.com sufficient? Or do I need > e.siriusxm.com or even r193.e.siriusxm.com? > > Maillog message is: > Apr 29 17:20:46 lazygranch postfix/smtpd[10668]: NOQUEUE: reject: RCPT from > r193.e.siriusxm.com[192.243.230.193]: 554 5.7.1 Service unavailable; Client > host [192.243.230.193] blocked using zen.spamhaus.org; > from= to= proto=ESMTP > helo= man 5 postconf says: > check_client_access type:table > Search the specified access database for the client hostname, parent > domains, client IP address, or networks obtained by stripping least > significant octets. See the access(5) manual page for details. so parent domains are supported. man 5 access defines the format of the file and shows the following (in the HOST NAME/ADDRESS PATTERNS section) for the left hand side: > .domain.tld > > Matches subdomains of domain.tld, but only when the > string smtpd_access_maps is not listed in the Postfix > parent_domain_matches_subdomains configuration setting. The .domain.tld notation only covers a single level of subdomain, but if all the rejections are from something.e.siriusxm.com, you should only need: .e.siriusxm.com OK But you might need other entries if there are other sending hosts e.g. something.f.siriusxm.com or similar that are being blocked by the rbl. cheers, raf
check_client_access
I'm trying to allow-list (formerly whitelist) a TLD. I have these lines in my postfix main.cf: check_client_access hash:/etc/postfix/client_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/rbl_override, For the rbl_override file is siriusxm.com sufficient? Or do I need e.siriusxm.com or even r193.e.siriusxm.com? Maillog message is: Apr 29 17:20:46 lazygranch postfix/smtpd[10668]: NOQUEUE: reject: RCPT from r193.e.siriusxm.com[192.243.230.193]: 554 5.7.1 Service unavailable; Client host [192.243.230.193] blocked using zen.spamhaus.org; from= to= proto=ESMTP helo= For your entertainment, customer support at SiriusXM is having all sorts of problems with email bouncing. Like maybe someone there could, you know, check the log for bounces? They said to use a gmail account. I assume they don't bounce spam but put it in a spam folder.
Re: sending amount settings
al...@coakmail.com: > Hello, > > Where can I set the limit for sending amount for a given period? for > instance, a user can send max 200 messages per 24 hours. http://postfwd.org/ratelimits.html Wietse
Re: sending amount settings
Hi Postfix cant limited per user/domian - try workaround solutions about limit sender/incomming/others postfwd - https://postfwd.org/ratelimits.html policyd-lemat - https://pp.siedziba.pl/tmp/policyd/policyd.pl lpolicyd - https://wiki.policyd.org/ W dniu 29.04.2022 o 15:06, al...@coakmail.com pisze: Hello, Where can I set the limit for sending amount for a given period? for instance, a user can send max 200 messages per 24 hours. Thank you alice. --
Re: sending amount settings
On 2022-04-29 at 09:06:55 UTC-0400 (Fri, 29 Apr 2022 21:06:55 +0800) is rumored to have said: Hello, Where can I set the limit for sending amount for a given period? for instance, a user can send max 200 messages per 24 hours. There is no such facility in Postfix itself. One could (in principle) implement that sort of restriction via the policy service interface or in a milter. It appears that PolicyD has support for quotas of various sorts (https://wiki.policyd.org/quotas) but I can't attest to it's usability. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
sending amount settings
Hello, Where can I set the limit for sending amount for a given period? for instance, a user can send max 200 messages per 24 hours. Thank you alice.