Re: Emails classification in perl
Hi Ben, Certainly not reinventing the wheel. It's more about classifying the importance of legitimate emails, like the 'Priority' inbox from google, but open source. It's common to receive emails from mailing lists without the appropriate List-Id headers, therefore, recognising these kind of emails is tricky. On the other hand, I am using Dovecot virtual folders, and there is one called 'Important', that uses the resulting header. ATB, André On 2014-08-04 13:44, Ben wrote: Hmmm email classification in Perl to automatically classify bulks from private/business emails sounds awfully like Spamassassin to me ;) Reinventing the wheel perhaps ? On 03/08/2014 20:37, André Rodier wrote: Hi, I posted a message about that a few weeks ago, but I did not find anything, so I created it myself. I wanted a perl script to automatically classify bulks mailing lists from private / business emails. I am clearly not a Perl expert, but the code is simple, readable and optimised enough to have no impact on performances (so far). This is clearly an embryonic state, the first results are encouraging, at least for me. The script recognise Mailing list email, bulk emails and private emails. https://github.com/arodier/emclass Comments are welcome. André
RE: Can Postfix automatically add line Resent-From: email address in the header?
Wietse and Viktor, My boss thinks I posted too much detailed information in my original email during our discussion http://permalink.gmane.org/gmane.mail.postfix.user/245050. Can I edit my original message or withdraw my original message? Thanks, Carl -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Tuesday, July 29, 2014 2:46 PM To: Postfix users Subject: Re: Can Postfix automatically add line Resent-From: email address in the header? Xie, Wei: Can't Postfix header_checks perform too complicated rules? Amavisd-new maybe another big change to us, but this is option. Sorry, delivery decisions MUST NOT be made based on email headers. Email headers do not say where mail comes from, and they do not say where mail goes to. If this is a surprise to you, then you only have to look at this mailing list message. It has my porcupine.org address in the From: header, but it was distributed from cloud9.net. It was delivered to you, but it does not have your address in the header. I recommend that you read up on RFC 5321 and RFC 5322, the Internet email standards. Wietse
Re: Can Postfix automatically add line Resent-From: email address in the header?
On Mon, Aug 04, 2014 at 01:30:58PM +, Xie, Wei wrote: Wietse and Viktor, My boss thinks I posted too much detailed information in my original email during our discussion http://permalink.gmane.org/gmane.mail.postfix.user/245050. Can I edit my original message or withdraw my original message? The postfix-users list is archived in multiple places and in recipients' mailboxes, it is not possible to withdraw a post. Sorry about that. -- Viktor.
Postfix and Multiple IP's and Certificates
Can Postfix handle multiple IP addresses with individual certificates without having to start multiple instances of Postfix? Thanks all.
Re: Postfix and Multiple IP's and Certificates
On Mon, Aug 04, 2014 at 11:00:18AM -0400, Tech Support Department wrote:
Can Postfix handle multiple IP addresses with individual certificates
without having to start multiple instances of Postfix?
In master(5).cf each smtpd(8) service (bound to a particular IP
address) can be configured with various per-service parameter
overrides. For example:
master.cf:
192.0.2.1 inet n - n - - smtpd
-o smtpd_tls_cert_file=${cert_192_0_2_1}
192.0.2.2 inet n - n - - smtpd
-o smtpd_tls_cert_file=${cert_192_0_2_2}
main.cf:
cert_192_0_2_1 = ${config_directory}/192.0.2.1.pem
cert_192_0_2_2 = ${config_directory}/192.0.2.2.pem
--
Viktor.
Allow only my servers to send mail from my domain
Hi everybody. I´m receiving some e-mails coming from outside with the FROM pointing to my local domain. This causes confusion on my antispam tools. Ex: I received an e-mail from the internet with webmas...@iqm.unicamp.br (which is my domain) as FROM. How can I make postfix to accept incoming e-mails from mydomain (iqm.unicamp.br) only if they are sended from my smtp mail servers? I do not use virtual domains. Single domain only. CentOS 6.5 with postfix 2.6.6 Thanks Atenciosamente /André Luiz Paiz/ /Analista de Redes/ /Instituto de Química – Unicamp/ /andre.p...@iqm.unicamp.br/ /Telefone: (19)3521-0197/
Re: Allow only my servers to send mail from my domain
On 04 Aug 2014, at 19:25, Andre Luiz Paiz andre.p...@iqm.unicamp.br wrote: I´m receiving some e-mails coming from outside with the FROM pointing to my local domain. This causes confusion on my antispam tools. Ex: I received an e-mail from the internet with webmas...@iqm.unicamp.br (which is my domain) as FROM. How can I make postfix to accept incoming e-mails from mydomain (iqm.unicamp.br) only if they are sended from my smtp mail servers? I do not use virtual domains. Single domain only. CentOS 6.5 with postfix 2.6.6 You seem to have a rather extensive SPF record; == $ dig +short txt iqm.unicamp.br v=spf1 ip4:143.106.51.0/24 ip4:143.106.113.190 ip4:143.106.10.1 ip4:143.106.10.154 ip4:206.112.78.3 ip4:143.106.10.12 ip4:143.106.10.159 ip4:143.106.161.133 ip4:186.202.4.42 a:faunus.unicamp.br a:pq.cnpq.br a:uranus.scholarone.com -all == I'd suggest you use that? You've already declared which servers are allowed to send, so you could use that to weed out any forgeries coming in from the outside. Remember to do the SPF check after permitting SASL clients, if you have any; http://www.postfix.org/postconf.5.html#permit_sasl_authenticated Mvg, Joni
Re: Allow only my servers to send mail from my domain
Quoting DTNX Postmaster postmas...@dtnx.net: On 04 Aug 2014, at 19:25, Andre Luiz Paiz andre.p...@iqm.unicamp.br wrote: I´m receiving some e-mails coming from outside with the FROM pointing to my local domain. This causes confusion on my antispam tools. Ex: I received an e-mail from the internet with webmas...@iqm.unicamp.br (which is my domain) as FROM. How can I make postfix to accept incoming e-mails from mydomain (iqm.unicamp.br) only if they are sended from my smtp mail servers? I do not use virtual domains. Single domain only. CentOS 6.5 with postfix 2.6.6 You seem to have a rather extensive SPF record; == $ dig +short txt iqm.unicamp.br v=spf1 ip4:143.106.51.0/24 ip4:143.106.113.190 ip4:143.106.10.1 ip4:143.106.10.154 ip4:206.112.78.3 ip4:143.106.10.12 ip4:143.106.10.159 ip4:143.106.161.133 ip4:186.202.4.42 a:faunus.unicamp.br a:pq.cnpq.br a:uranus.scholarone.com -all == I'd suggest you use that? You've already declared which servers are allowed to send, so you could use that to weed out any forgeries coming in from the outside. Remember to do the SPF check after permitting SASL clients, if you have any; http://www.postfix.org/postconf.5.html#permit_sasl_authenticated Mvg, Joni Scanned and tagged with DSPAM 3.10.2 by Instituto de Quimica - Unicamp !DSPAM:1118,53dfc4d423587069865541! Dear Joni, Thanks for your answer. I use Spamassassin to check SPF records for all external domains, because it can apply scores to message instead of blocking them. When I was blocking SPF records with errors, I received a lot of complainings about false positives. I also fixed my SPF records. Thanks for that. What do you suggest that I should do? I permit SASL authenticated only on the submission port, but some servers in the internal network are allowed to deliver message in the smtp default port (specified in the permit my_networks variable). Is there an alternative? My submission restrictions in master.cf: submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$mydomain -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=$policyd,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_authenticated_sender_login_mismatch,permit_sasl_authenticated,reject -o smtpd_milters=inet:localhost:8891 -o non_smtpd_milters=inet:localhost:8891 -o disable_vrfy_command=no Default configuration in main.cf smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client b.barracudacentral.org Atenciosamente /André Luiz Paiz/ /Analista de Redes/ /Instituto de Química – Unicamp/ /andre.p...@iqm.unicamp.br/ /Telefone: (19)3521-0197/
service unix:/run/clamav-milter/clamav-milter.socket: Permission denied
why is access denied here reported? smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: connect from local.rhsoft.net[62.178.103.85] Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: warning: connect to Milter service unix:/run/clamav-milter/clamav-milter.socket: Permission denied Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: CONNECT from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: EHLO from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=srv-rhsoft.rhsoft.net Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: disconnect from local.rhsoft.net[62.178.103.85] [root@testserver:~]$ stat /run/clamav-milter/ File: '/run/clamav-milter/' Size: 60 Blocks: 0 IO Block: 4096 directory Device: 11h/17d Inode: 585885 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:13:24.469625838 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:12:32.632279822 +0200 Birth: - [root@testserver:~]$ stat /run/clamav-milter/clamav-milter.socket File: '/run/clamav-milter/clamav-milter.socket' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 11h/17d Inode: 593875 Links: 1 Access: (0644/srw-r--r--) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:07:45.177892263 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:07:45.177892263 +0200
Re: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied
On Mon, Aug 04, 2014 at 09:18:27PM +0200, li...@rhsoft.net wrote: why is access denied here reported? The /run directory is on many systems restricted to root. Your permissions checks start one level lower and are tested as root. [root@testserver:~]$ stat /run/clamav-milter/ File: '/run/clamav-milter/' Size: 60 Blocks: 0 IO Block: 4096 directory Device: 11h/17d Inode: 585885 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:13:24.469625838 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:12:32.632279822 +0200 Birth: - [root@testserver:~]$ stat /run/clamav-milter/clamav-milter.socket File: '/run/clamav-milter/clamav-milter.socket' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 11h/17d Inode: 593875 Links: 1 Access: (0644/srw-r--r--) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:07:45.177892263 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:07:45.177892263 +0200 -- Viktor.
RE: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied
Maybe Apparmor/SELinux/alike blocking access to /run directory? Enviado de Samsung Mobile Mensaje original De: li...@rhsoft.net Fecha:04/08/2014 21:18 (GMT+01:00) Para: Mailing-List postfix postfix-users@postfix.org Asunto: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied why is access denied here reported? smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: connect from local.rhsoft.net[62.178.103.85] Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: warning: connect to Milter service unix:/run/clamav-milter/clamav-milter.socket: Permission denied Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: CONNECT from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: EHLO from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=srv-rhsoft.rhsoft.net Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: disconnect from local.rhsoft.net[62.178.103.85] [root@testserver:~]$ stat /run/clamav-milter/ File: '/run/clamav-milter/' Size: 60 Blocks: 0 IO Block: 4096 directory Device: 11h/17d Inode: 585885 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:13:24.469625838 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:12:32.632279822 +0200 Birth: - [root@testserver:~]$ stat /run/clamav-milter/clamav-milter.socket File: '/run/clamav-milter/clamav-milter.socket' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 11h/17d Inode: 593875 Links: 1 Access: (0644/srw-r--r--) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:07:45.177892263 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:07:45.177892263 +0200
Re: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied
Am 04.08.2014 um 21:49 schrieb Viktor Dukhovni: On Mon, Aug 04, 2014 at 09:18:27PM +0200, li...@rhsoft.net wrote: why is access denied here reported? The /run directory is on many systems restricted to root. Your permissions checks start one level lower and are tested as root. on Fedora /var/run is a symlink to /run/ and is in fact a tmpfs while subfolders which are created via tmpfiles.d lrwxrwxrwx 1 root root 6 2012-06-12 17:22 /var/run - ../run given that mysqld is started as user mysql (without drop privileges, really started as that user) and creates it's pidfiles in /run/mysqld that's not the reason [root@testserver:~]$ cat /usr/lib/tmpfiles.d/mysql.conf d /run/mysqld 0755 mysql mysql - [root@testserver:~]$ stat /run/clamav-milter/ File: '/run/clamav-milter/' Size: 60 Blocks: 0 IO Block: 4096 directory Device: 11h/17d Inode: 585885 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:13:24.469625838 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:12:32.632279822 +0200 Birth: - [root@testserver:~]$ stat /run/clamav-milter/clamav-milter.socket File: '/run/clamav-milter/clamav-milter.socket' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 11h/17d Inode: 593875 Links: 1 Access: (0644/srw-r--r--) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:07:45.177892263 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:07:45.177892263 +0200
Re: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied
none of both is enabled system is booted with selinux=0as kernel-param Am 04.08.2014 um 22:08 schrieb Nicolás: Maybe Apparmor/SELinux/alike blocking access to /run directory? Mensaje original De: li...@rhsoft.net Fecha:04/08/2014 21:18 (GMT+01:00) Para: Mailing-List postfix Asunto: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied why is access denied here reported? smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: connect from local.rhsoft.net[62.178.103.85] Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: warning: connect to Milter service unix:/run/clamav-milter/clamav-milter.socket: Permission denied Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: CONNECT from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: EHLO from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=srv-rhsoft.rhsoft.net Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: disconnect from local.rhsoft.net[62.178.103.85] [root@testserver:~]$ stat /run/clamav-milter/ File: '/run/clamav-milter/' Size: 60 Blocks: 0 IO Block: 4096 directory Device: 11h/17d Inode: 585885 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:13:24.469625838 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:12:32.632279822 +0200 Birth: - [root@testserver:~]$ stat /run/clamav-milter/clamav-milter.socket File: '/run/clamav-milter/clamav-milter.socket' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 11h/17d Inode: 593875 Links: 1 Access: (0644/srw-r--r--) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:07:45.177892263 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:07:45.177892263 +0200
Re: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied
interesting - it needs chmod 0666 MilterSocketMode 0666 interesting because the socket on all of my servers for mysqld is /var/lib/mysql/mysqld_dbmail.sock and /var/lib/ in fact is mounted as readonly-namespace while postfix, dovecot and httpd are talking with mysqld over it all the time Am 04.08.2014 um 22:13 schrieb li...@rhsoft.net: none of both is enabled system is booted with selinux=0as kernel-param Am 04.08.2014 um 22:08 schrieb Nicolás: Maybe Apparmor/SELinux/alike blocking access to /run directory? Mensaje original De: li...@rhsoft.net Fecha:04/08/2014 21:18 (GMT+01:00) Para: Mailing-List postfix Asunto: service unix:/run/clamav-milter/clamav-milter.socket: Permission denied why is access denied here reported? smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: connect from local.rhsoft.net[62.178.103.85] Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: warning: connect to Milter service unix:/run/clamav-milter/clamav-milter.socket: Permission denied Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: CONNECT from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: NOQUEUE: milter-reject: EHLO from local.rhsoft.net[62.178.103.85]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=srv-rhsoft.rhsoft.net Aug 4 21:14:43 testserver postfix/submission/smtpd[12440]: disconnect from local.rhsoft.net[62.178.103.85] [root@testserver:~]$ stat /run/clamav-milter/ File: '/run/clamav-milter/' Size: 60 Blocks: 0 IO Block: 4096 directory Device: 11h/17d Inode: 585885 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:13:24.469625838 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:12:32.632279822 +0200 Birth: - [root@testserver:~]$ stat /run/clamav-milter/clamav-milter.socket File: '/run/clamav-milter/clamav-milter.socket' Size: 0 Blocks: 0 IO Block: 4096 socket Device: 11h/17d Inode: 593875 Links: 1 Access: (0644/srw-r--r--) Uid: ( 109/ clamilt) Gid: ( 106/ clamilt) Access: 2014-08-04 21:07:45.177892263 +0200 Modify: 2014-08-04 21:07:45.177892263 +0200 Change: 2014-08-04 21:07:45.177892263 +0200
Re: Allow only my servers to send mail from my domain
On 04 Aug 2014, at 20:45, Andre Luiz Paiz andre.p...@iqm.unicamp.br wrote: Quoting DTNX Postmaster postmas...@dtnx.net: On 04 Aug 2014, at 19:25, Andre Luiz Paiz andre.p...@iqm.unicamp.br wrote: I´m receiving some e-mails coming from outside with the FROM pointing to my local domain. This causes confusion on my antispam tools. Ex: I received an e-mail from the internet with webmas...@iqm.unicamp.br (which is my domain) as FROM. How can I make postfix to accept incoming e-mails from mydomain (iqm.unicamp.br) only if they are sended from my smtp mail servers? I do not use virtual domains. Single domain only. CentOS 6.5 with postfix 2.6.6 You seem to have a rather extensive SPF record; == $ dig +short txt iqm.unicamp.br v=spf1 ip4:143.106.51.0/24 ip4:143.106.113.190 ip4:143.106.10.1 ip4:143.106.10.154 ip4:206.112.78.3 ip4:143.106.10.12 ip4:143.106.10.159 ip4:143.106.161.133 ip4:186.202.4.42 a:faunus.unicamp.br a:pq.cnpq.br a:uranus.scholarone.com -all == I'd suggest you use that? You've already declared which servers are allowed to send, so you could use that to weed out any forgeries coming in from the outside. Remember to do the SPF check after permitting SASL clients, if you have any; http://www.postfix.org/postconf.5.html#permit_sasl_authenticated Mvg, Joni Scanned and tagged with DSPAM 3.10.2 by Instituto de Quimica - Unicamp !DSPAM:1118,53dfc4d423587069865541! Dear Joni, Thanks for your answer. I use Spamassassin to check SPF records for all external domains, because it can apply scores to message instead of blocking them. When I was blocking SPF records with errors, I received a lot of complainings about false positives. I also fixed my SPF records. Thanks for that. Block only on a 'Fail' result, not on 'Permerror', or 'Softfail'. Score everything else. If someone gets blocked because their SPF record specifies '-all' and they're sending from outside the permitted set of servers; their problem, not yours. What do you suggest that I should do? I permit SASL authenticated only on the submission port, but some servers in the internal network are allowed to deliver message in the smtp default port (specified in the permit my_networks variable). Is there an alternative? Yes; http://www.postfix.org/postconf.5.html#check_sender_access Create an access table that contains something akin to; iqm.unicamp.br REJECT sender address accepted from our own servers only Put the restriction in 'smtpd_recipient_restrictions', after everything else. To be on the safe side, test it before going live with it, using 'warn_if_reject'; http://www.postfix.org/postconf.5.html#warn_if_reject And then throw some tests at it from a server that should be rejected, using swaks, or telnet. When you're satisfied that nothing is getting blocked that shouldn't be (check the logs for 'reject_warning'), remove the 'warn_if_reject', and it should start blocking. Mvg, Joni
Re: Postfix and Multiple IP's and Certificates
I was told that The servers hostname and domain name will appear in all the incoming and outgoing email
headers. Why wouldn't this separation of IP addresses and certificates fix that, and is there any way to
solve that part of my privacy problem?
Thanks.
On 08/04/2014 11:09 AM, Viktor Dukhovni wrote:
On Mon, Aug 04, 2014 at 11:00:18AM -0400, Tech Support Department wrote:
Can Postfix handle multiple IP addresses with individual certificates
without having to start multiple instances of Postfix?
In master(5).cf each smtpd(8) service (bound to a particular IP
address) can be configured with various per-service parameter
overrides. For example:
master.cf:
192.0.2.1 inet n - n - - smtpd
-o smtpd_tls_cert_file=${cert_192_0_2_1}
192.0.2.2 inet n - n - - smtpd
-o smtpd_tls_cert_file=${cert_192_0_2_2}
main.cf:
cert_192_0_2_1 = ${config_directory}/192.0.2.1.pem
cert_192_0_2_2 = ${config_directory}/192.0.2.2.pem
Re: Postfix and Multiple IP's and Certificates
On Mon, Aug 04, 2014 at 04:35:48PM -0400, Tech Support Department wrote:
I was told that The servers hostname and domain name will appear in all the
incoming and outgoing email headers. Why wouldn't this separation of IP
addresses and certificates fix that, and is there any way to solve that part
of my privacy problem?
If you also override myhostname in the per-service master(5).cf
entries, the inbound 220 banner and EHLO name will also reflect
the server personality. However, this is generally a waste of
time, nobody cares what the server's banner or EHLO name says.
And there is still only one queue-manager per Postfix instance and
one pool of delivery agents per transport. Thus outbound mail will
still leak the system's real identity.
master.cf:
192.0.2.1 inet n - n - - smtpd
-o smtpd_tls_cert_file=${cert_192_0_2_1}
192.0.2.2 inet n - n - - smtpd
-o smtpd_tls_cert_file=${cert_192_0_2_2}
main.cf:
cert_192_0_2_1 = ${config_directory}/192.0.2.1.pem
cert_192_0_2_2 = ${config_directory}/192.0.2.2.pem
--
Viktor.
Re: Postfix and Multiple IP's and Certificates
On 08/04/2014 01:58 PM, Viktor Dukhovni wrote: However, this is generally a waste of time, nobody cares what the server's banner or EHLO name says. I care that EHLO contains something reasonable, or I will reject the connection. But that's me. (signed) Bastard Mail Admin from Hell
Re: Postfix and Multiple IP's and Certificates
On Mon, Aug 04, 2014 at 02:30:50PM -0700, list wrote: On 08/04/2014 01:58 PM, Viktor Dukhovni wrote: However, this is generally a waste of time, nobody cares what the server's banner or EHLO name says. I care that EHLO contains something reasonable, or I will reject the connection. But that's me. Wrong direction, I'm talking about the SMTP server banner and EHLO *response*, you're talking about an SMTP client's EHLO command. -- Viktor.
Re: Postfix and Multiple IP's and Certificates
Am 04.08.2014 um 23:44 schrieb Viktor Dukhovni: On Mon, Aug 04, 2014 at 02:30:50PM -0700, list wrote: On 08/04/2014 01:58 PM, Viktor Dukhovni wrote: However, this is generally a waste of time, nobody cares what the server's banner or EHLO name says. I care that EHLO contains something reasonable, or I will reject the connection. But that's me. Wrong direction, I'm talking about the SMTP server banner and EHLO *response*, you're talking about an SMTP client's EHLO command yes, but he says nobody cares what the server's banner or EHLO name says is not true until he is not everybody and i agree with that
