On 4/27/2012 2:17 PM, kar...@mailcan.com wrote:
>
>
> On Fri, Apr 27, 2012, at 03:12 PM, Wietse Venema wrote:
>> For small sites, postscreen has an up-front blacklist that kicks
>> off clients before wasting resources on them.
>
> Although I was warned off postscreen in an earlier post being 'he
On 4/27/2012 2:12 PM, /dev/rob0 wrote:
> Postfix is going to do a reverse DNS lookup of any connecting client,
> followed by a forward lookup of the PTR name received.
These are done in the postfix/smtpd client.
> This is fine
> for most sites. Small sites can save some of this using postscre
On Fri, Apr 27, 2012, at 03:12 PM, Wietse Venema wrote:
> For small sites, postscreen has an up-front blacklist that kicks
> off clients before wasting resources on them.
Although I was warned off postscreen in an earlier post being 'heavier'
than the checks against locally cached DNS, your comm
On 4/27/2012 1:54 PM, Bron Gondwana wrote:
> Just as an interesting point from a fairly large site (fastmail.fm) we
> do something very like that. We run a standalone daemon, and we keep
> a "bad list" of IPs who get dumped immediately without even a DNS lookup.
>
> One of our patches to postfix
On Fri, Apr 27, 2012 at 12:02:05PM -0700, kar...@mailcan.com wrote:
> On Fri, Apr 27, 2012, at 08:54 PM, Bron Gondwana wrote:
> > Just as an interesting point from a fairly large site
> > (fastmail.fm) we do something very like that. We run a
> > standalone daemon, and we keep a "bad list" of IP
kar...@mailcan.com:
>
>
> On Fri, Apr 27, 2012, at 08:54 PM, Bron Gondwana wrote:
> > Just as an interesting point from a fairly large site (fastmail.fm) we
> > do something very like that. We run a standalone daemon, and we keep
> > a "bad list" of IPs who get dumped immediately without even a
On Fri, Apr 27, 2012, at 02:04 PM, /dev/rob0 wrote:
> But consider this: the TTL of a DNSBL listing is a feature. Sometimes
> legitimate sites will be listed, for example, in the CBL. Once they
> clean up the problem, do you still want to block them?
That's not within the scope of my use case.
On 2012-04-27 Dennis Guhl wrote:
> On Fri, Apr 27, 2012 at 08:16:47PM +0200, Ansgar Wiechers wrote:
[ reject_non_fqdn_recipient ]
>> For my personal mail server I use this rule, too. However, you need
>> to be aware that it might reject some legit mail (e.g. from mail
>> servers configured by stu
On Fri, Apr 27, 2012 at 09:37:46AM -0700, kar...@mailcan.com wrote:
> On Fri, Apr 27, 2012, at 05:32 PM, Jim Reid wrote:
> > This is beginning to smell very
> > much like something the DNS already provides for free.
>
> If that auto-expiry hash table functionality is not already build
> into Po
On 4/27/2012 1:57 PM, Benny Pedersen wrote:
> Den 2012-04-27 17:55, kar...@mailcan.com skrev:
>
>> reject_unauth_destination, reject_unlisted_recipient,
>
> reject_unlisted_recipient is not needed AFTER reject_unauth_destination
>
Yes it is, they do different things.
reject_unauth_destinatio
On Fri, Apr 27, 2012, at 08:54 PM, Bron Gondwana wrote:
> Just as an interesting point from a fairly large site (fastmail.fm) we
> do something very like that. We run a standalone daemon, and we keep
> a "bad list" of IPs who get dumped immediately without even a DNS lookup.
>
> One of our patc
Den 2012-04-27 17:55, kar...@mailcan.com skrev:
reject_unauth_destination, reject_unlisted_recipient,
reject_unlisted_recipient is not needed AFTER reject_unauth_destination
On Fri, Apr 27, 2012, at 05:32 PM, Jim Reid wrote:
> On 27 Apr 2012, at 17:20, kar...@mailcan.com wrote:
>
> > Is there any way to prevent Postfix from making those repeated DNS
> > checks, regardless of whether it's externally to Spamhaus' servers, or
> > to a locally cached DNS result?
>
> No.
On Apr 27, 2012, at 11.43, Viktor Dukhovni wrote:
> Your LDAP schema should specify certfingerprint as a case-insensitive
> attribute. This is a hexadecimal number (with some ":" characters
> thrown in for readability), and the case of A-F is insignificant.
copied/pasted from my previous message-
On Fri, Apr 27, 2012, at 02:20 PM, Wietse Venema wrote:
> kar...@mailcan.com:
> Each Postfix SMTP server process is reused.
>
> http://www.postfix.org/postconf.5.html#max_use
> http://www.postfix.org/postconf.5.html#max_idle
That answers my question. Both of the defaults seem to fit nicely
eno
On Fri, Apr 27, 2012, at 08:16 PM, Ansgar Wiechers wrote:
> >>> reject_non_fqdn_recipient
> For my personal mail server I use this rule, too. However, you need to
> be aware that it might reject some legit mail (e.g. from mail servers
> configured by stupid, but valid, customers), hence the
On Fri, Apr 27, 2012 at 08:16:47PM +0200, Ansgar Wiechers wrote:
> On 2012-04-27 kar...@mailcan.com wrote:
> > On Fri, Apr 27, 2012, at 06:43 PM, Bastian Blank wrote:
> >> On Fri, Apr 27, 2012 at 08:55:15AM -0700, kar...@mailcan.com wrote:
> >>> reject_non_fqdn_recipient
> >>
> >> Why?
> >
>
kar...@mailcan.com:
> On Fri, Apr 27, 2012, at 01:47 PM, Wietse Venema wrote:
> > > I'd still think that a local check by Postfix to an 'auto-expiring hash
> > > table' (unclear so far it that can be done) to which the 'bad' address
> >
> > Each Postfix SMTP server caches its own DNSBL lookup resu
On 2012-04-27 kar...@mailcan.com wrote:
> On Fri, Apr 27, 2012, at 06:43 PM, Bastian Blank wrote:
>> On Fri, Apr 27, 2012 at 08:55:15AM -0700, kar...@mailcan.com wrote:
>>> reject_non_fqdn_recipient
>>
>> Why?
>
> Because countless documentation examples suggest it, including in "The
> Postfi
On Fri, Apr 27, 2012 at 10:58:32AM -0700, kar...@mailcan.com wrote:
> On Fri, Apr 27, 2012, at 01:47 PM, Wietse Venema wrote:
> > > I'd still think that a local check by Postfix to an 'auto-expiring hash
> > > table' (unclear so far it that can be done) to which the 'bad' address
> >
> > Each Post
On Fri, Apr 27, 2012, at 01:47 PM, Wietse Venema wrote:
> > I'd still think that a local check by Postfix to an 'auto-expiring hash
> > table' (unclear so far it that can be done) to which the 'bad' address
>
> Each Postfix SMTP server caches its own DNSBL lookup results. Those
> results are not
kar...@mailcan.com:
>
>
> On Fri, Apr 27, 2012, at 05:23 PM, Jim Reid wrote:
> > The info will already be cached at your local DNS server. So you've
> snip.
>
> Nicely explained.
>
> > My advice is to leave this alone. It's already working at maximum
> > efficiency pretty much straight out
On Fri, Apr 27, 2012, at 06:43 PM, Bastian Blank wrote:
> On Fri, Apr 27, 2012 at 08:55:15AM -0700, kar...@mailcan.com wrote:
> > smtpd_recipient_restrictions =
> > check_recipient_access hash:/usr/local/etc/postfix/conf/bozos
>
> Remove or at least move _after_ reject_unauth_destination.
Please respond to the list as well, thanks.
On Fri, Apr 27, 2012, at 05:38 PM, Jim Reid wrote:
> Er, think about this. How will postscreen do those RBL checks?
Clearly, as I said I'm still reading, I'm not sure.
> It will do DNS lookups!
Right. The 1st time. And if it *was* capable of storin
I'm really interested by this use case.
Written from my iPhone !
Le 27 avr. 2012 à 18:00, Charles Marcus a écrit :
> On 2012-04-27 11:38 AM, Vishal Agarwal wrote:
>> Is it possible to send SMS to mobiles via postfix. Any
>> help/support/clue will be appereciated.
>
> Most phone service provid
On Fri, Apr 27, 2012 at 08:55:15AM -0700, kar...@mailcan.com wrote:
> smtpd_recipient_restrictions =
> check_recipient_access hash:/usr/local/etc/postfix/conf/bozos
Remove or at least move _after_ reject_unauth_destination. This is prone
for open relay.
> reject_non_fqdn_recipient
Why?
On Fri, Apr 27, 2012, at 05:32 PM, Jim Reid wrote:
> This is beginning to smell very
> much like something the DNS already provides for free.
If that auto-expiry hash table functionality is not already build into
Postfix (which would be kind of nice to have for other things to; may
look into i
On 27 Apr 2012, at 17:20, kar...@mailcan.com wrote:
Is there any way to prevent Postfix from making those repeated DNS
checks, regardless of whether it's externally to Spamhaus' servers, or
to a locally cached DNS result?
No. Well you could but it would be futile make-work that adds needless
On Fri, Apr 27, 2012, at 05:23 PM, Jim Reid wrote:
> The info will already be cached at your local DNS server. So you've
snip.
Nicely explained.
> My advice is to leave this alone. It's already working at maximum
> efficiency pretty much straight out of the box and there are no
> meaningf
On Fri, Apr 27, 2012 at 09:20:21AM -0700, kar...@mailcan.com wrote:
> On Fri, Apr 27, 2012, at 06:09 PM, Dennis Guhl wrote:
> > The caching is done in your local resolver, not in postfix.
[..]
> Is there any way to prevent Postfix from making those repeated DNS
> checks, regardless of whether it'
On 27 Apr 2012, at 16:55, kar...@mailcan.com wrote:
In the end it's getting blocked, and that's what I want. But, if I
understand how this works, every one of those rejects is a DNS check
to
spamhaus, and some postfix load on my server.
Can I somehow configure to be more efficient about thi
On Fri, Apr 27, 2012, at 06:09 PM, Dennis Guhl wrote:
> The caching is done in your local resolver, not in postfix.
Ok, I can check that and make sure that those results are being returned
from my LAN DNS server's cache.
Is there any way to prevent Postfix from making those repeated DNS
checks, r
On Fri, Apr 27, 2012 at 08:55:15AM -0700, kar...@mailcan.com wrote:
> I just installed a Postfix server and enabled DNSBL-based rejection with
[..]
> In every case though there are multiple connections made with multiple
> rejects. For example
[..]
> In the end it's getting blocked, and that's
On 2012-04-27 11:38 AM, Vishal Agarwal wrote:
Is it possible to send SMS to mobiles via postfix. Any
help/support/clue will be appereciated.
Most phone service providers have a format for sending texts to
recipients via smtp...
For example, for TMobile users, it is phonenum...@tmomail.net
Am 27.04.2012 17:53, schrieb Amira Othman:
> To control the path of non-delivery notifications, the proper
> procedure is to set an appropriate envelope sender (SMTP MAIL FROM)
> address.
>
> You will referred to the correct procedure no matter how many times
> you ask for an incorrect one.
>
>
I just installed a Postfix server and enabled DNSBL-based rejection with
smtpd_recipient_restrictions = check_recipient_access
hash:/usr/local/etc/postfix/conf/bozos, reject_non_fqdn_recipient,
permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, reject_unlisted_recipie
On Fri, Apr 27, 2012 at 10:58:24AM -0400, Larry G. Wapnitsky wrote:
> I have a postfix server set up to receive specific messages bounced from
> an external mail gateway for milter processing. I'm noticing in the
> logs that, in some cases (albeit rare ones), parts of the message are
> being pass
> I need to prevent all notification messages of a domain from being sent to
> outside users that sends mail through postfix. Because the application
that
> push mails already handles bounces so no need of notification to be sent
> again to the actual sender
What you describe handles only mail de
On Thu, Apr 26, 2012 at 08:43:56PM -0400, b...@bitrate.net wrote:
> OK, thanks for the clarification. The impetus for this question
> - I was setting up check_ccert_access to use an ldap lookup, and
> was using an ldap attribute whose matching rules happened to be
> case sensitive. I'd copied/pa
Hi,
Is it possible to send SMS to mobiles via postfix. Any
help/support/clue will be appereciated.
Thanks/regards,
Vishal Agarwal
Forgot the postconf - n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
mailbox_size_limit = 0
message_size_limit = 0
milter_default_action = accept
milter_protocol = 6
mydestination = mailproc.wrtde
As a follow-up to [this question][1], I have more issues appearing that
are related but a bit more complex than initially perceived.
[1]: http://serverfault.com/questions/379964/postfix-unknown-command
I have a postfix server set up to receive specific messages bounced from
an external
Amira Othman:
> I need to prevent all notification messages of a domain from being sent to
> outside users that sends mail through postfix. Because the application that
> push mails already handles bounces so no need of notification to be sent
> again to the actual sender
What you describe handle
On 4/26/2012 10:46 AM, Amira Othman wrote:
> Hi all
> I am working on project that requires notification messages of delivery
not
> to be sent to users. I asked before and you told me that it's not good
idea
> to disable notifications so what I need now is to redirect all
notifications
> for each
44 matches
Mail list logo