Re: cannot find your hostname
On Monday, September 1, 2008, 08:23:15, Ebbe Hjorth wrote: > ... > But as far as i can see, i have reverse dns and a record setup correct, But did you arrange to have your DNS server be authoritative for your IP range? See http://www.ripe.net/reverse/ for details. -- [EMAIL PROTECTED] "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: [ANN] iRedMail-0.3: Open Source Mail Server Solution
On Wednesday, September 24, 2008, 23:36:44, Zhang Huangbin wrote: > Joe Sloan wrote: >> ... >> It's kind of strange that you call it "mutl-platform" when it's redhat only. > ... > iRedMail was ported from OpenBSD, but it is incompatibility now. That's an odd porting philosophy. The conventional practice is to feed your diffs back to the original developers so ideally it will become multi-platform. -- [EMAIL PROTECTED] "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: smtpd_reject_unlisted_recipient
On Thursday, June 10, 2010, 17:51:13, Jerrale Gayle wrote: > smtpd_reject_unlisted_recipient = no > > Would this be better put by itself or under smtpd_recipient_restrictions > = reject_unlisted_recipient=no? > > I want to accept all mail to non-existent users, then bounce, so that > people can't probe for valid users to know wherer to start a brute force. So when a spammer uses my e-mail address you'll send the bounce to me? Gee, thanks. -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: additional parameters to the SMTP MAIL and RCPT commands
On Friday, July 9, 2010, 17:42:37, Sufian Hameed wrote: > does Postfix Supports additional parameters to the SMTP MAIL and RCPT > commands as mentioned in RFC 2821 and others? > > RCPT TO: [ SP ] > > i have tried to use something like as follows in the sender Postfix Server > RCPT TO: SP > but it is not accepted by the recipient postfix server and gives an error > 555 5.5.4 Unsupported option: SP (in reply to the RCPT TO command) > any idea whats wrong ? You are aware that SP is one of the core AFNF rules and represents a single space character. -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: additional parameters to the SMTP MAIL and RCPT commands
On Friday, July 9, 2010, 18:57:10, Rod Dorman wrote: > On Friday, July 9, 2010, 17:42:37, Sufian Hameed wrote: >> does Postfix Supports additional parameters to the SMTP MAIL and RCPT >> commands as mentioned in RFC 2821 and others? >> >> RCPT TO: [ SP ] >> >> i have tried to use something like as follows in the sender Postfix Server >> RCPT TO: SP >> but it is not accepted by the recipient postfix server and gives an error >> 555 5.5.4 Unsupported option: SP (in reply to the RCPT TO command) >> any idea whats wrong ? > > You are aware that SP is one of the core AFNF rules and represents a sigh... lets pretend I typed ABNF as in Augmented BNF -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: OT: ISP Blocking of port 25
On Wednesday, July 21, 2010, 16:36:08, Daniel V. Reinhardt wrote: > ... > ISP's should be made responsible and accountable for what their users > do. They hold the rights to the IP Space in use at the time, and such > any traffic that goes over it should be logged for later analysis by > authorities if a user is found to be doing something illegal. That's like saying your phone company should be responsible and accountable for any bomb threats and threatening calls their uses make and should record everything you say just in case you're doing something illegal. Have we gone far enough off the topic of Postfix yet for this thread to be declared dead? -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
sorbs.net issues
Apparently sorbs.net is having issues with accidentally adding loads of static IP addresses to their dynamic IP's list. If you use them you might want to stick a "warn_if_reject" in front of the reference until the matter is resolved. -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: temporary errors for DNS
On Monday, July 13, 2009, 17:49:10, Keld Jørn Simonsen wrote: > ... > Are there distros that are known to have a postfix package that is set > up correctly wrt chroot? OpenBSD -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: postscreen test
On Thursday, July 16, 2009, 16:01:57, Victor Duchovni wrote: > On Thu, Jul 16, 2009 at 12:23:39PM -0700, Mike Cappella wrote: > >> On 7/13/09 5:20 PM, Wietse Venema wrote: >> > >> > I'm still open for program name suggestions. If someone has a better >> > name than "swatter" or "halligan" let me know. Once the name changes, >> > all the configuration parameters will change, too. > > The service is an SMTP "bouncer", keeping unwanted clients from entering > the premises. We already have a "bounce unix" service, will having: > > smtp inet n - n - 1 bouncer > ... > bounceunix - - n - 0 bounce > > cause significant confusion? Naming it "bouncer" might reduce the confusion a smidgen and make it slightly easier to search for. -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: How to manage 2 banners/greetings through postscreen, content filter, and after-filter SMTP on 1 server?
On Monday, April 11, 2011, 14:02:37, jeremy.als...@imap-mail.com wrote: > ... > There's no wisdom here, just what I've been told -- use a minimum of 2. > All of the examples that I see have at least two MX records. > One of the fellas at the user group who told us about PostFix wast > talking about best -practices and put up a slide about this > Symantec Brightmail Gateway (SBG) - Best Practices: New Deployments. > http://www.symantec.com/business/support/index?page=content&id=TECH122730&key=53991&actp=LIST > that says " You must have at least two MX records and then proper A and > PTR record for each host that will handle email." The intent behind this suggestion is redundancy so when one is down because of hardware/network issues or you're performing maintenance there will be another box that can accept the mail. If you only have one physical box you've severely limited that concept. -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: Clarification between smtpd_sender_restrictions & smtpd_recipient_restrictions
On Monday, June 13, 2011, 22:21:17, Janantha Marasinghe wrote: > ... > smtpd_recipient_restrictions is about "Mail To:" right. Its about "RCPT TO" not "Mail To:" http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions "The access restrictions that the Postfix SMTP server applies in the context of the RCPT TO command." -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: What became of nullmx? (draft-delany-nullmx-00)
On Wednesday, June 20, 2012, 05:11:57, Ralf Hildebrandt wrote: > I recently saw Exim reject/not deliver mail based on this old, expired draft: > http://tools.ietf.org/html/draft-delany-nullmx-00 > > What ever became of that one? I think it died from lack of momentum and people were worried about MTA's asking root servers for MX records. -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: Accepting email regardless of address
On Tuesday, August 2, 2011, 10:31:44, Jason Gauthier wrote: > Due to a new business requirement, I need to make a change with > postfix that I am not certain how to handle. > First, I use postfix as a relay only system. It does not do local > delivery. Once it does it's tasks it passes the email to a backend email > system. > On the frontend, postfix handles several domains, and will bounce > unknown email by using relay_recipients: > relay_recipient_maps = hash:/etc/postfix/relay_recipients > > relay_recipients is populated from backend from legitimate email > addresses. These makes the postfix system a nice 'bouncer' for unknowns :) The term reject is better than bounce. You're saying you don't want to accept the mail so its up to the sending MTA to 'bounce' it if they are legitimate. > Now, my requirements have changes. I have acquired a domain, we'll > call it xyz.com. I don't host it, and never have. Therefore, I do > not know what email addresses are valid. I would like to capture > *any* email address sent to xyz.com and accept it, and deliver it somehow. One crucial question is what will xyz.com do if it doesn't like it? Bouncing it is not an option. -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: Accepting email regardless of address
On Tuesday, August 2, 2011, 15:44:30, Jason Gauthier wrote: >>> Now, my requirements have changes. I have acquired a domain, we'll >>> call it xyz.com. I don't host it, and never have. Therefore, I do >>> not know what email addresses are valid. I would like to capture >>> *any* email address sent to xyz.com and accept it, and deliver it >>> somehow. I'm not sure how to accomplish this task yet, and looking >>> for ideas. One inchoate idea I have, is translating all the email >>> address to 'xyz.com' to an existing, valid, email address. >>[We use the term "reject" rather than "bounce". Reject means your >>server never accepts the undeliverable mail, which is good. Bounce >>means you accept the mail >and then return it to the (frequently >>forged) sender address, which is bad. Bouncing undeliverable mail will >>clog up your mail server with undeliverable messages and will >>eventually get you blacklisted.] > > Good to know. Definitely meant REJECT, versus bounce.I used the > phrase bouncer as a metaphor to the large bodyguards that > stereotypically guard a club from unwanted guests. ;) Do you know what 'xyz.com' will be doing with mail you send to them where the address isn't valid on their system? -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: Character by character SMTP banner?
On Monday, October 10, 2011, 06:23:07, Dyonisius (Dick) Visser wrote: > I'm seeing a funny response from a remote Postifx server. > If I manually telnet to it, the SMTP banner comes in very slowly, one > letter at a time. > It looks like someone is manually responding :-) > Is it a postfix feature that causes this behaviour? It sounds like the behaviour of OpenBSD's spam deferral daemon http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8 -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: smtp-sink shows one more empty EHLO option
On Thursday, October 27, 2011, 13:07:37, Wietse Venema wrote: > Mark Martinec: >> Seems like the smtp-sink appends one empty EHLO option >> at the end of its reply to an ehlo command. >> Should this be fixed? - my content filter is currently logging >> a warning, I wonder if I should remove the warning :) >> >> Using postfix-current-2.9.20111012 from FreeBSD ports. >> >> $ smtp-sink 127.0.0.1:20025 30 >> >> $ telnet 127.0.0.1 20025 # connection to smtp-sink >> 220 smtp-sink ESMTP >> ehlo test >> 250-smtp-sink >> 250-PIPELINING >> 250-8BITMIME >> 250-AUTH PLAIN LOGIN >> 250-XCLIENT NAME HELO >> 250-XFORWARD NAME ADDR PROTO HELO >> 250-ENHANCEDSTATUSCODES >> 250 >> quit >> 221 Bye > > Postfix is written not by imitation, but by following the specification. > When smtp-sink was written, that specification was RFC 821. In this > document appears the following text: > > The last line will begin with the reply code, followed > immediately by , optionally some text, and . > > If later RFC versions invalidate this aspect of RFC 821, then that > is unfortunate. I really can't revalidate every line of Postfix > source code whenever a new RFC comes out. Nope, RFC 2821 and RFC 5321 still has the same text. It even goes on to say As noted above, servers SHOULD send the if subsequent text is not sent, but clients MUST be prepared for it to be omitted. -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: reject_unknown_reverse_client_hostname RFC basis?
On Thursday, December 1, 2011, 12:09:42, Blake Hudson wrote: > I was under the impression that hosts using SMTP were required to have a > valid reverse DNS entry. The reject_unknown_reverse_client_hostname > restriction would then enforce this requirement. However, I can't find a > basis for this in RFC 821, 2821, or 5321. The closest I can find is > helo/ehlo requirements. Is there, in fact, any requirement for sending > hosts to have a valid rDNS entry? RFC 1912 Common DNS Errors 2.1 Inconsistent, Missing, or Bad Data Make sure your PTR and A records match. For every IP address, there should be a matching PTR record in the in-addr.arpa domain. -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: Disable sending mails via telnet
On Tuesday, January 10, 2012, 16:45:25, Leslie León Sinclair wrote: > Can anyone point me in the right direction, I´m stucked here and Google > is not helping... TELNET the Protocol or a telnet client? -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: Disable sending mails via telnet
On Wednesday, January 11, 2012, 08:58:40, James Day wrote: > Just an idea, feel free to correct me. Is there some way within > Postfix to implement a timeout on the SMTP conversation? there are numerous mumble_timeout parameters. > Obviously a user typing HELO, MAIL FROM, RCPT TO etc will be a > lot slower than a conversation between two computers. > > Of course this could break something else, like I said, just an idea. The suggested (i.e. SHOULD) SMTP timeouts are given in minutes. No human typing the commands is going to have any difficulty. -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: 421 service not available (connection refused, too many connections): ALL servers
On Monday, March 5, 2012, 09:53:31, /dev/rob0 wrote: > ... > Another WAG: maybe your ISP's upstream provider got tired of > complaints and implemented this redirection upstream. This would > explain why the ISP would not know. I would be horrified is this turned out to be the cause. Without deep packet inspection there would be no way to distinguish between SMTP packets originating from the ISP's MTA vs. his MTA. -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
Re: 421 service not available (connection refused, too many connections): ALL servers
On Monday, March 5, 2012, 12:06:09, Wietse Venema wrote: > Rod Dorman: >> On Monday, March 5, 2012, 09:53:31, /dev/rob0 wrote: >> > ... >> > Another WAG: maybe your ISP's upstream provider got tired of >> > complaints and implemented this redirection upstream. This would >> > explain why the ISP would not know. >> >> I would be horrified is this turned out to be the cause. >> >> Without deep packet inspection there would be no way to distinguish >> between SMTP packets originating from the ISP's MTA vs. his MTA. > > Are you thinking of an ISP with the entire network behind a NAT router? No (that would be weird :-) rob0 got my point (which I guess I shudda been clearer in making) being anything upstream would have to somehow know the set of IP addresses to allow to pass. In retrospect it could be maintained manually by the downstream ISP telling the upstream ISP whenever it changes which servers to allow but it would be an awfully wimpy ISP to accept those conditions from their upstream provider. -- r...@polylogics.com "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh
