OT: can't connect to Bill Cole's MX
FYI- connect to sc1.scconsult.com[67.149.19.4]:25: Connection refused Its been two days. Maybe Bill has me blacklisted? Is it something I said? :-( On the off chance that this is an error, I'm sending a heads up. btw- #host -t mx billmail.scconsult.com billmail.scconsult.com mail is handled by 100 sc1.scconsult.com. billmail.scconsult.com mail is handled by 10 toaster.scconsult.com. # host toaster.scconsult.com. toaster.scconsult.com has address 67.149.19.4 # host sc1.scconsult.com. sc1.scconsult.com has address 67.149.19.4 Two MX with the same IP address? And no IPv6! Hello Bill. What's up? Curtis ps - sorry - I'd send direct to Bill ... but can't. Maybe the list is getting through.
smtpd_command_filter regex help
So, I'm having an issue with "Bad Sender Address Syntax" errors. The errors are from a variety of formatted email address including some strange ones like . At first, I would shrug my shoulders to them but my customers started whining and they sort of had a good point. You see, all of the emails in question have already been processed by their mail provider and their mail host accepted these emails. The emails were only getting rejected when they got pulled into our system so it became an issue of "Why can't you handle these emails if I've already received them?" Anyway, I looked at the old threads regarding this and I wanted to run this by you guys before trying it. Basically, I want to accept any "MAIL FROM" envelope address. The mail servers in question don't send bounces and are pure mail stores for our users so it actually doesn't matter if the envelope address is valid or not as it's never used. Would the below be correct? /etc/postfix/main.cf: smtpd_command_filter = pcre:/etc/postfix/sender_filter /etc/postfix/sender_filter: /^(MAIL\s+FROM:\s.*)/ OK What do you guys think? Michael
SV: Special method required for Gmail dkim/spf verification
I have noticed this aswell, when badly configured forwarding servers don't forward their mails correctly. For example, take a example that: someu...@somecorporation.com is forwarded to some.u...@somefreewebmail.com You send a mail to someu...@somecorporation.com Later on, you get a DSN (because SPF validated from somecorporation.com's point of view) that the "somefreewebmail.com" server rejected the mail due to a SPF failure. This is because some people don't know how to propely configure their forwarding mail servers. If you are going to forward a mail to a end-user specified server, you ought to either: Rewrite the original sender to match the mail its originally sent to, so the mail appear as sent by "someu...@somecorporation.com", eg A mail from "u...@example.org" to "someu...@somecorporation.com" is forwarded as from "someu...@somecorporation.com" to "some.u...@somefreewebmail.com" This is not RFC compatible, and to avoid being catched in spam filters, you also have to change the From: header in the same way. For the receiver to correctly identify the sender and be able to reply, you would have to include the sender email adress in the body or subject. The reply button in this scenario then gets broken, so a replyer has to reply manually. Another way, that is the preferred RFC way to do it, is to encapsulate the mail in a new message/rfc822 container, and adding Fwd: to the original subject of the outside container. (This is how most mail clients "forward" a message) To reply to a message, you would have to reply to the "inner" message. So a mail like: From: u...@example.org To: someu...@somecorporation.com Subject: test Content-Type: text/plain Is forwarded as: From: someu...@somecorporation.com To: some.u...@somefreewebmail.com Subject: Fwd: test Content-Type: message/rfc822 From: u...@example.org To: someu...@somecorporation.com Subject: test Content-Type: text/plain Same I have noticed with web forms that are badly configured to "spoof" the sender entered in web form, rather than sending from a "static" adress and then displaying the original sender in the subject or body of message. I don't know if theres a possibility to encapsulate a message in a new message/rfc822 container in postfix, but anyways it should be possible to do with a milter, if you want to set up a forwarding postfix server. -Ursprungligt meddelande- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För li...@lazygranch.com Skickat: den 14 april 2016 03:11 Till: postfix-users@postfix.org Ämne: Re: Special method required for Gmail dkim/spf verification On Wed, 13 Apr 2016 17:08:57 -0700 li...@lazygranch.com wrote: > Yesterday's Google report had me passing. Could be related to adding > the Google term to DNS. > Hold the presses here. It turns out my domain was spoofed in the report that failed. The IP address used isn't mine. In the passing report, it was my IP address, which makes sense since my SPF and DKIM are fine. The offending IP address comes back to UC Berkeley. If I ever get an official answer regarding the event, I will do a follow up. Needless to say, I think the DMARC quarantine is a good idea. smime.p7s Description: S/MIME Cryptographic Signature
Re: Special method required for Gmail dkim/spf verification
On Wed, 13 Apr 2016 17:08:57 -0700 li...@lazygranch.com wrote: > Yesterday's Google report had me passing. Could be related to adding > the Google term to DNS. > Hold the presses here. It turns out my domain was spoofed in the report that failed. The IP address used isn't mine. In the passing report, it was my IP address, which makes sense since my SPF and DKIM are fine. The offending IP address comes back to UC Berkeley. If I ever get an official answer regarding the event, I will do a follow up. Needless to say, I think the DMARC quarantine is a good idea.
Re: Special method required for Gmail dkim/spf verification
Yesterday's Google report had me passing. Could be related to adding the Google term to DNS. Original Message From: Tom Hendrikx Sent: Wednesday, April 13, 2016 12:38 AM To: postfix-users@postfix.org Subject: Re: Special method required for Gmail dkim/spf verification On 13-04-16 01:54, li...@lazygranch.com wrote: > Google sent me a "fail" on my DMARC. Everyone else seems happy. It > turns out much like Google not accepting robots.txt for some search > engines controls, they expect special fields in their DNS. > > https://support.google.com/mail/answer/6227174 This page describes use of google's feedback loop. This has nothing to do with spf, dkim and dmarc. It just gives you more insight into your delivery results. Most large mailers have such a service, and they all are specific to that party. The additional dns records are used to verify that they give access to the feedback loop to someone that actually owns the domain (or at least, can add dns entries). > > Why? Because we're Google and we can. > You misunderstood. Regards, Tom
Condition negation
Is there a way of negating a smtpd condition. For example if I were to apply c "check_sender_access sql_lookup" under submission in master.cf would it be possible to say something like !check_check_acess ... under smtpd restrctions The idea being that if example.com is allowed access via submission they are denied access via smtpd. Sorry for the poor presentation, working from my cell phone.
Re: header .com check false positive
Voytek: > Apr 12 09:29:28 emu postfix/cleanup[27379]: C7C7D5E198: reject: header > Content-Type: > image/jpeg;??name=1.jpg;??x-apple-part-url="40018520-0eb6-425e-c64d-8c25cf1f6...@yahoo.com" > from mail107.syd.optusnet.com.au[211.29.132.53]; from= > to= proto=ESMTP helo=: 5.7.1 > Attachment name > "1.jpg;??x-apple-part-url="40018520-0eb6-425e-c64d-8c25cf1f6...@yahoo.com" > may not end with ".com" Try the updated rule in http://www.postfix.org/header_checks.5.html. This fixes the problem. Wietse
Re: Special method required for Gmail dkim/spf verification
On 13-04-16 01:54, li...@lazygranch.com wrote: > Google sent me a "fail" on my DMARC. Everyone else seems happy. It > turns out much like Google not accepting robots.txt for some search > engines controls, they expect special fields in their DNS. > > https://support.google.com/mail/answer/6227174 This page describes use of google's feedback loop. This has nothing to do with spf, dkim and dmarc. It just gives you more insight into your delivery results. Most large mailers have such a service, and they all are specific to that party. The additional dns records are used to verify that they give access to the feedback loop to someone that actually owns the domain (or at least, can add dns entries). > > Why? Because we're Google and we can. > You misunderstood. Regards, Tom