Re: How to pass "no_milters" option to pickup daemon?
Dnia 26.09.2019 o godz. 14:48:56 Wietse Venema pisze: > > The simplest is to avoid "content filter -> /usr/sbin/sendmail" and > instead use SMTP-based or Milter-based content inspection. Yes, it looks that the easiest option was to move from running spamassassin as after-queue content filter to running it as a milter. Thus there is no need to invoke sendmail for the second time, and the issue disappears. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: dovecot lmtp and virtual_mailbox_maps
> On Sep 26, 2019, at 3:29 PM, David Wells - Alfavinil S.A. > wrote: > > The file vmailbox contains the following entries >> testus...@example.comOK >> testus...@example.comOK > > If I send an email to the address testus...@example.com it is > successfully delivered to the mailbox as expected but if I send an email > to the address testus...@example.com, which isn't listed in the map, it > also gets delivered to the dovecot-lmtp process Depends on *how* you send it. The unlisted address should be rejected via SMTP, but would be accepted via local submission. > and as dovecot has the > option "allow_all_users=yes" in it's userdb it delivers it to a user > that doesn't exist. What I make of the documentation found in > http://www.postfix.org/VIRTUAL_README.html#in_virtual_other is that if > the recipient of the mail isn't listed in the map it should not get > delivered to the lmtp process so, is my interpretation of the document > wrong or is there something else to it? Once the message enters the queue, recipient validation is no longer in scope, and it is delivered to the transport for the destination. -- Viktor.
Re: dovecot lmtp and virtual_mailbox_maps
I have to, i'm authenticating users against samba's ldap using gssapi. Isn't postfix supposed to stop the mail before handing it to lmtp if it's own map doesn't include the recipient? Thanks! Best regards, David Wells. El 26/09/2019 a las 17:08, @lbutlr escribió: > On Sep 26, 2019, at 1:29 PM, David Wells - Alfavinil S.A. > wrote: >> and as dovecot has the option "allow_all_users=yes” > Simple, don’t do that. > > Somewhere in your chain something has to validate the users, otherwise yes, > everything will be accepted because that is what you told the system to do. > >
Re: dovecot lmtp and virtual_mailbox_maps
On Sep 26, 2019, at 1:29 PM, David Wells - Alfavinil S.A. wrote: > and as dovecot has the option "allow_all_users=yes” Simple, don’t do that. Somewhere in your chain something has to validate the users, otherwise yes, everything will be accepted because that is what you told the system to do. -- "I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me." --Hunter Thompson
Re: How to block mail coming from a domain
On Thu, 26 Sep 2019 10:46:27 +0200 Enrico Morelli wrote: > On Thu, 26 Sep 2019 10:42:46 +0200 > Enrico Morelli wrote: > > > On Thu, 26 Sep 2019 16:37:14 +0800 > > Wesley Peng wrote: > > > > > on 2019/9/26 16:34, Enrico Morelli wrote: > > > > I tried to put .monster or *.monster in sender_access but > > > > doesn't work. Is there a way to block *.monster mails? > > > > > > Can you setup spamassassin for domain blacklist? > > > > > > regards. > > > > How can do that? > > > > In /etc/spamassassin/local.cf I putted: > > blacklist_from *.monster > > Is it correct? > I have been doing the following. In the main.cf, note the spamsources: smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre, reject_unknown_reverse_client_hostname, check_client_access hash:/etc/postfix/spamsources smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_address, check_sender_access hash:/etc/postfix/spamsources I have a file called spamsources. The basis pattern is a tld, 500, and a friendly message: -- stream 500 your message download 500 your message top 500 your message xyz 500 your message --- You need to postmap the file to make spamsources.db These goofy tlds are cheap to buy, hence a spam source. http://data.iana.org/TLD/tlds-alpha-by-domain.txt
dovecot lmtp and virtual_mailbox_maps
Good afternoon. Dovecot is relaying mails to users that do not exist in the virtual_mailbox_maps to the dovecot lmtp. I'm using dovecot's lmtp to deliver mails for a virtual domain. The relevant postfix conf is as follows > virtual_alias_maps = hash:/etc/postfix/virtual > virtual_mailbox_domains = example.com > virtual_mailbox_maps = hash:/etc/postfix/vmailbox > virtual_transport = lmtp:unix:private/dovecot-lmtp The file virtual contains the following entry > postmas...@example.com postmaster The file vmailbox contains the following entries > testus...@example.com OK > testus...@example.com OK If I send an email to the address testus...@example.com it is successfully delivered to the mailbox as expected but if I send an email to the address testus...@example.com, which isn't listed in the map, it also gets delivered to the dovecot-lmtp process and as dovecot has the option "allow_all_users=yes" in it's userdb it delivers it to a user that doesn't exist. What I make of the documentation found in http://www.postfix.org/VIRTUAL_README.html#in_virtual_other is that if the recipient of the mail isn't listed in the map it should not get delivered to the lmtp process so, is my interpretation of the document wrong or is there something else to it? Thank you very much in advance. Best regards, David Wells.
Re: How to pass "no_milters" option to pickup daemon?
Viktor Dukhovni: > > Wouldn't it be possible to run a second pickup(8) instance with a different > > configuration file, without milters and configured for a different queue > > directory? And then run the after-filter sendmail(1) also configured for > > that queue directory? > > This is likely "not possible". Even if some gross hack could make this go, > by the time you have multiple config files, just go with multiple instances, > which are supported. The simplest is to avoid "content filter -> /usr/sbin/sendmail" and instead use SMTP-based or Milter-based content inspection. Then, you don't have to squeeze unfiltered and filtered email through the same /usr/sbin/sendmail hole. Wietse
Re: How to pass "no_milters" option to pickup daemon?
> On Sep 26, 2019, at 1:43 PM, Jaroslaw Rafa wrote: > >> The most robust approach that comes to mind is a multi-instance >> configuration: >> >> http://www.postfix.org/MULTI_INSTANCE_README.html#quick > > I think that running such a big and complicated setup is definitely a kind > of overkill for so small server like mine :) I find multiple instances simple, ... divide and conquer. Each instance is a single-purpose construction, with no tension between potentially conflicting requirements. Perhaps unfamiliar at first, but not significantly complicated. Then again, I instigated multi-instance support and wrote a non-trivial chunk of the code, so not exactly a neutral reporter... >> Alternatively, use SMTP content filters, where multiple parallel channels >> are possible. There is only one pickup(8) and maildrop queue directory >> in each Postfix instance. > > Wouldn't it be possible to run a second pickup(8) instance with a different > configuration file, without milters and configured for a different queue > directory? And then run the after-filter sendmail(1) also configured for > that queue directory? This is likely "not possible". Even if some gross hack could make this go, by the time you have multiple config files, just go with multiple instances, which are supported. -- Viktor.
Re: How to pass "no_milters" option to pickup daemon?
Dnia 26.09.2019 o godz. 13:08:02 Viktor Dukhovni pisze: > The most robust approach that comes to mind is a multi-instance configuration: > >http://www.postfix.org/MULTI_INSTANCE_README.html#quick I think that running such a big and complicated setup is definitely a kind of overkill for so small server like mine :) > Alternatively, use SMTP content filters, where multiple parallel channels > are possible. There is only one pickup(8) and maildrop queue directory > in each Postfix instance. Wouldn't it be possible to run a second pickup(8) instance with a different configuration file, without milters and configured for a different queue directory? And then run the after-filter sendmail(1) also configured for that queue directory? -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: How to pass "no_milters" option to pickup daemon?
Wietse Venema: > Would not "sendmail -G" suppress local modification? > >-G Gateway (relay) submission, as opposed to initial user submis- > sion. Either do not rewrite addresses at all, or update incom- > plete addresses with the domain information specified with > remote_header_rewrite_domain. > > This is the recommended setting for post-filter re-injection. With > this, Postfix pretends that the mail is from a remote origin. This text pre-dates Milter support, and not every feature or documentation has been updated when Milter support was added. On second consideration, Postfix does run remote mail through Milters, so the -G flag probably does not affect Milters. So this would be a gap in coverage, in the sense that not all receive_override_options have a Postfix sendmail command-line equivalent. Wietse
Re: How to pass "no_milters" option to pickup daemon?
Dnia 26.09.2019 o godz. 13:31:53 Wietse Venema pisze: > > Would not "sendmail -G" suppress local modification? > >-G Gateway (relay) submission, as opposed to initial user submis- > sion. Either do not rewrite addresses at all, or update incom- > plete addresses with the domain information specified with > remote_header_rewrite_domain. > > This is the recommended setting for post-filter re-injection. With > this, Postfix pretends that the mail is from a remote origin. Of course the filter script is running with "-G" parameter, however, I guess this doesn't disable the use of milters (because why should it?). And according to Postfix documentation, "When new mail arrives via the sendmail(1) command line, the Postfix cleanup(8) server pretends that the mail arrives with ESMTP from "localhost" with IP address "127.0.0.1"." So, OpenDKIM milter sees that the mail comes from "127.0.0.1" and the sender in "From:" line is from my domain, and signs it. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: How to pass "no_milters" option to pickup daemon?
Jaroslaw Rafa: > Hello All, > I am using spamassassin with my postfix setup in form of "simple > content filter", as described here: > http://www.postfix.org/FILTER_README.html#simple_filter . That means, smtp > server has the option "-o content_filter=spamassassin" defined in master.cf > file, and also a service named "spamassassin", which calls the filter > script, is defined in master.cf file. > > This works fine except for one thing. I also use OpenDKIM to DKIM sign > outgoing mail, and therefore have milters connecting to OpenDKIM server > defined in main.cf file: > > smtpd_milters = inet:localhost:10025 > non_smtpd_milters = inet:localhost:10025 > > I must define both smtpd_milters and non_smtpd_milters, as most mail is sent > from mutt running directly on server, so they are sent by directly calling > /usr/lib/sendmail. > > And here is where the trouble comes. When a mail arrives to my server with > my own address as the sender (for example, my emails coming back from a > mailing list), the content filter script also calls /usr/lib/sendmail to put > the message back in the queue, and hence the message is again signed by > DKIM. I want to avoid this. > > I tried to run /usr/lib/sendmail which gets called by filter script with > another main.cf file (specified by "-C" parameter), that doesn't include the > above milter lines, but, on the other hand, does include > "receive_override_options = no_milters". However, this doesn't help - the > second signature still appears. Looks like the "no_milters" parametr is not > passed to pickup daemon this way. Would not "sendmail -G" suppress local modification? -G Gateway (relay) submission, as opposed to initial user submis- sion. Either do not rewrite addresses at all, or update incom- plete addresses with the domain information specified with remote_header_rewrite_domain. This is the recommended setting for post-filter re-injection. With this, Postfix pretends that the mail is from a remote origin. Wietse > How to configure this so that after the content filter no milters are used > again? > -- > Regards, >Jaroslaw Rafa >r...@rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: once there > was a Hushpuppy, and she lived with her daddy in the Bathtub." >
Re: How to pass "no_milters" option to pickup daemon?
> On Sep 26, 2019, at 1:00 PM, Jaroslaw Rafa wrote: > > And here is where the trouble comes. When a mail arrives to my server with > my own address as the sender (for example, my emails coming back from a > mailing list), the content filter script also calls /usr/lib/sendmail to put > the message back in the queue, and hence the message is again signed by > DKIM. I want to avoid this. > > I tried to run /usr/lib/sendmail which gets called by filter script with > another main.cf file (specified by "-C" parameter), that doesn't include the > above milter lines, but, on the other hand, does include > "receive_override_options = no_milters". However, this doesn't help - the > second signature still appears. Looks like the "no_milters" parametr is not > passed to pickup daemon this way. The most robust approach that comes to mind is a multi-instance configuration: http://www.postfix.org/MULTI_INSTANCE_README.html#quick in which local submission is handled by a null-client Postfix that forwards to an outbound Postfix instance that signs with DKIM, while inbound SMTP is handled by a separate Postfix instance that verifies DKIM, and where the pickup service is statically defined to not use any milters, or use only the appropriate milters. Alternatively, use SMTP content filters, where multiple parallel channels are possible. There is only one pickup(8) and maildrop queue directory in each Postfix instance. -- Viktor.
How to pass "no_milters" option to pickup daemon?
Hello All, I am using spamassassin with my postfix setup in form of "simple content filter", as described here: http://www.postfix.org/FILTER_README.html#simple_filter . That means, smtp server has the option "-o content_filter=spamassassin" defined in master.cf file, and also a service named "spamassassin", which calls the filter script, is defined in master.cf file. This works fine except for one thing. I also use OpenDKIM to DKIM sign outgoing mail, and therefore have milters connecting to OpenDKIM server defined in main.cf file: smtpd_milters = inet:localhost:10025 non_smtpd_milters = inet:localhost:10025 I must define both smtpd_milters and non_smtpd_milters, as most mail is sent from mutt running directly on server, so they are sent by directly calling /usr/lib/sendmail. And here is where the trouble comes. When a mail arrives to my server with my own address as the sender (for example, my emails coming back from a mailing list), the content filter script also calls /usr/lib/sendmail to put the message back in the queue, and hence the message is again signed by DKIM. I want to avoid this. I tried to run /usr/lib/sendmail which gets called by filter script with another main.cf file (specified by "-C" parameter), that doesn't include the above milter lines, but, on the other hand, does include "receive_override_options = no_milters". However, this doesn't help - the second signature still appears. Looks like the "no_milters" parametr is not passed to pickup daemon this way. How to configure this so that after the content filter no milters are used again? -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: Postfix on docker
Davide Perini: > Don't want to argue, but this is the kind of answers that shows that you > never used docker, > if so, why answer to the question? I guess this demonstrates that some people have never used more than one OS. On a more sensible note, I'd be willing to collect build files that create containers, but I would not distribute the binaries themselves, Wietse
Re: Postfix on docker
Ok davide, does docker run on old cpu's, or how compatible is it with arm cpu's? ever run an alpha dec? postfix just provide the code, which compiles into binaries, postfix don't get involved with packaging, thats the job of vendors. thats why there are no official postfix docker images, cause this team (that I've never contributed to), only produce the source code. then people like me use the versions which run on debian, package it into docker images and provide it like I did beforehand. does that answer the question? chris On 26.09.19 18:34, Davide Perini wrote: Don't want to argue, but this is the kind of answers that shows that you never used docker, if so, why answer to the question? Il 2019-09-26 18:13 Wietse Venema ha scritto: Davide Perini: Thanks for the answer but what are the "official vendors" for this purpose? Docker hub does not work like this exactly. Most devs provides their own binaries in "official images". Why it's not the same for postfix? Because not all the world is LINUX? Postfix is a cross-platform product. It is not practical to distribute binaries for every environment. That's the job of the vendors. Wietse
Re: Postfix on docker
David- Just FYI- I created a Dockerfile by pulling in Ubuntu:latest and then ran apt install postfix and set it from there.. The docker is ran by multiple Mesos nodes without issue.. On Thu, Sep 26, 2019 at 12:34 PM Davide Perini wrote: > Don't want to argue, but this is the kind of answers that shows that you > never used docker, > if so, why answer to the question? > > Il 2019-09-26 18:13 Wietse Venema ha scritto: > > Davide Perini: > > Thanks for the answer but what are the "official vendors" for this > purpose? > Docker hub does not work like this exactly. Most devs provides their own > binaries in "official images". > > Why it's not the same for postfix? > > > Because not all the world is LINUX? Postfix is a cross-platform > product. It is not practical to distribute binaries for every > environment. That's the job of the vendors. > > Wietse > >
Re: Postfix on docker
Don't want to argue, but this is the kind of answers that shows that you never used docker, if so, why answer to the question? Il 2019-09-26 18:13 Wietse Venema ha scritto: Davide Perini: Thanks for the answer but what are the "official vendors" for this purpose? Docker hub does not work like this exactly. Most devs provides their own binaries in "official images". Why it's not the same for postfix? Because not all the world is LINUX? Postfix is a cross-platform product. It is not practical to distribute binaries for every environment. That's the job of the vendors. Wietse
Re: Postfix on docker
I have a dockerised set of images and kubernetes deployments for you to look at if you're interested. They work well and serve my domains without much problem https://github.com/orgs/kubernetes-mail-server/dashboard Take a look, maybe there is some contribution you want to make. Chris On 26.09.19 18:11, Davide Perini wrote: Thanks for the answer but what are the "official vendors" for this purpose? Docker hub does not work like this exactly. Most devs provides their own binaries in "official images". Why it's not the same for postfix? In any case is there some good image I can trust or that you can suggest? Thanks, Davide Il 2019-09-26 18:01 Wietse Venema ha scritto: Davide Perini: Hi all, is there an official image of postfix on docker hub? I can't find it, why? Postfix developers provide Postfix source. Vendors provide binaries (and redistribute source). Wietse
Re: Postfix on docker
Davide Perini: > Thanks for the answer but what are the "official vendors" for this > purpose? > Docker hub does not work like this exactly. Most devs provides their own > binaries in "official images". > > Why it's not the same for postfix? Because not all the world is LINUX? Postfix is a cross-platform product. It is not practical to distribute binaries for every environment. That's the job of the vendors. Wietse
Re: Postfix on docker
Thanks for the answer but what are the "official vendors" for this purpose? Docker hub does not work like this exactly. Most devs provides their own binaries in "official images". Why it's not the same for postfix? In any case is there some good image I can trust or that you can suggest? Thanks, Davide Il 2019-09-26 18:01 Wietse Venema ha scritto: Davide Perini: Hi all, is there an official image of postfix on docker hub? I can't find it, why? Postfix developers provide Postfix source. Vendors provide binaries (and redistribute source). Wietse
Re: Postfix on docker
Davide Perini: > Hi all, > is there an official image of postfix on docker hub? > > I can't find it, why? Postfix developers provide Postfix source. Vendors provide binaries (and redistribute source). Wietse
Postfix on docker
Hi all, is there an official image of postfix on docker hub? I can't find it, why? Thanks, Davide
Re: How to block mail coming from a domain
On Sep 26, 2019, at 4:01 AM, Dominic Raferd wrote: > Of course this assumes pcre (or maybe regex) file. To ensure it picks > up only email addresses in From header (and not text), then, using > pcre file for header_checks: No, you do the checks for the helo, not the From: header. The idea is to drop the connection as soon as possible, as cheaply as possible. check_helo_access pcre:/etc/postfix/helo_checks.pcre # Specifric domain exceptions /goodserver\.fm$/ DUNNO /\.goodserver\.fm$/ DUNNO /allowed\.social$/ DUNNO /\.allowed\.social$/ DUNNO /bad.com/ 550 Mail from bad.com not wanted /\.bad.com/ 550 Mail from bad.com not wanted #general /.*\.(com|net|org|edu|gov|ca|mx|de|dk|fr|fi|uk|us|tv|info|biz|eu|es|il|it|nl|name|jp|host|au|nz|ch|tv)$/ DUNNO /.*\.*$/ 550 Mail to or from this TLD is not allowed Of course, the list of domains to accept mail from is up to you, but these work for me. I am considering adding .fm to my allowed list as I haven’t seen much spam from it for quite awhile. -- Footnote on the High Energy Magic building: It was here that the thaum, hitherto believed to be the smallest possible particle of magic, was successfully demonstrated to be made up of resons (lit: 'Thing-ies) or reality fragments. Currently research indicates that each reson is itself made up of a combination of at least five 'flavours', known as 'up', 'down', 'sideways', 'sex appeal' and 'peppermint’.
Re: How to block mail coming from a domain
Date: Thu, 26 Sep 2019 12:22:33 From: Enrico Morelli To: postfix-users@postfix.org Subject: Re: How to block mail coming from a domain I've search in my Debian 10 packages but there isn't postscreen. Is it in bundle with new postfix version? In Debian 10 I've postfix 3.4.5 Hello, as written in the POSTSCREEN README, it's in postfix since 2.8
Re: How to block mail coming from a domain
On Thu, 26 Sep 2019 at 11:24, Enrico Morelli wrote: > I've search in my Debian 10 packages but there isn't postscreen. > Is it in bundle with new postfix version? In Debian 10 I've postfix > 3.4.5 On Thu, 26 Sep 2019 11:29:38 +0100 Dominic Raferd wrote: Yes it is a standard part of postfix - try 'man postscreen' On 26.09.19 12:48, Enrico Morelli wrote: Good. In the master.cf I've smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen to enable postscreen have I to uncomment the second line and comment the first one? you should follow the document http://www.postfix.org/POSTSCREEN_README.html -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. M$ Win's are shit, do not use it !
Re: How to block mail coming from a domain
On Thu, 26 Sep 2019 11:29:38 +0100 Dominic Raferd wrote: > On Thu, 26 Sep 2019 at 11:24, Enrico Morelli > wrote: > > I've search in my Debian 10 packages but there isn't postscreen. > > Is it in bundle with new postfix version? In Debian 10 I've postfix > > 3.4.5 > > Yes it is a standard part of postfix - try 'man postscreen' Good. In the master.cf I've smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen to enable postscreen have I to uncomment the second line and comment the first one? -- --- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
Re: How to block mail coming from a domain
On Thu, 26 Sep 2019 at 11:24, Enrico Morelli wrote: > I've search in my Debian 10 packages but there isn't postscreen. > Is it in bundle with new postfix version? In Debian 10 I've postfix > 3.4.5 Yes it is a standard part of postfix - try 'man postscreen'
Re: How to block mail coming from a domain
On Sep 26, 2019, at 03:51, Henrik K wrote: > Obviously these will only work for envelope sender. Most likely needing > header_checks /^From:.*\.monster/ here.. Yep. I use header checks to block most top level domains, letting only a dozen or so through and rejecting all the rest since it is impossible to keep up with all the new tlds and most of then are cesspits of spammer scum. Or wretched hives of villainy, if you prefer.
Re: How to block mail coming from a domain
On Thu, 26 Sep 2019 at 10:52, Henrik K wrote: > > On Thu, Sep 26, 2019 at 11:44:11AM +0200, Matus UHLAR - fantomas wrote: > > On 26.09.19 10:34, Enrico Morelli wrote: > > >in this days my mail server receiving a lot of mail coming from a > > >domain ending with .monster... > > Obviously these will only work for envelope sender. Most likely needing > header_checks /^From:.*\.monster/ here.. > Of course this assumes pcre (or maybe regex) file. To ensure it picks up only email addresses in From header (and not text), then, using pcre file for header_checks: if /^From:/ /\.monster>?\s*$/ REJECT # add other From header checks here... endif
Re: Hi.how to set up "bounce unix - - n - 0 bounce" by using Postconf
On Sep 26, 2019, at 00:18, feier8097 wrote: > > The postfix system will return back an email with subject "Undelivered Mail > Returned to Sender" No, ALL mail servers will do this if they cannot deliver mail they accepted. > But I don't want it send this message. Then do not accept mail you cannot deliver or don’t run a mail server. Swallowing undelivered mail without notifications is an evil best left to companies like Verizon (which has done this in the past).
Re: Hi.how to set up "bounce unix - - n - 0 bounce" by using Postconf
On 25.09.19 23:24, feier8097 wrote: thanks for your help. But I want to change "bounce" to "discard". Beacause When user sent mail to accunt without exist on the server. put: smtpd_reject_unlisted_recipient=yes smtpd_reject_unlisted_sender=yes into main.cf. This way your users will NOT send accounts that to not exist. you really should follow Victor's advice, so you next problem won't be "my mail is being lost" or similar. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh".
Re: How to block mail coming from a domain
On Thu, 26 Sep 2019 10:42:46 +0200 Enrico Morelli wrote: > On Thu, 26 Sep 2019 16:37:14 +0800 > Wesley Peng wrote: > > > on 2019/9/26 16:34, Enrico Morelli wrote: > > > I tried to put .monster or *.monster in sender_access but doesn't > > > work. Is there a way to block *.monster mails? > > > > Can you setup spamassassin for domain blacklist? > > > > regards. > > How can do that? > In /etc/spamassassin/local.cf I putted: blacklist_from *.monster Is it correct? -- --- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
Re: How to block mail coming from a domain
on 2019/9/26 16:42, Enrico Morelli wrote: Can you setup spamassassin for domain blacklist? regards. How can do that? The SpamAssassin whitelist and blacklist options can include globs, not regular expressions. The valid metacharacters are ? and * to match 0-1 or 0-many characters respectively. This is the same as a shell glob. To blacklist mail from foo.com and *.foo.com the following should work: blacklist_from *@foo.com blacklist_from *.foo.com Don't be tempted to blacklist *foo.com, lest you inadvertently block some...@totally-legit-foo.com. Regards.
Re: How to block mail coming from a domain
On Thu, 26 Sep 2019 16:37:14 +0800 Wesley Peng wrote: > on 2019/9/26 16:34, Enrico Morelli wrote: > > I tried to put .monster or *.monster in sender_access but doesn't > > work. Is there a way to block *.monster mails? > > Can you setup spamassassin for domain blacklist? > > regards. How can do that? -- --- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
Re: How to block mail coming from a domain
on 2019/9/26 16:34, Enrico Morelli wrote: I tried to put .monster or *.monster in sender_access but doesn't work. Is there a way to block *.monster mails? Can you setup spamassassin for domain blacklist? regards.
Re: Hi.how to set up "bounce unix - - n - 0 bounce" by using Postconf
I REPEAT. Setting the bounce(8) internal service to be handled by a fundamentally incompatible discard(8) delivery agent is wrong, and I hope and expect that nobody on this list will give you any help to misconfigure your system in this way. > On Sep 26, 2019, at 2:46 AM, feier8097 wrote: > > Thanks for your suggest again. "bounce unix - - n - 0 discard" is fit for my > own system. I have trouble with how to set it by "postconf.." not "vi > /etc/...". or disable the NDR responses from the system. If on other hand you want actual help to avoid unwanted bounces, you'd be wise to stop asking about how to damage your master.cf file and instead describe how the mail that ultimately bounces enters your system (from authenticated users outbound to remote addresses or external senders inbound to local, but non-existent addresses). You should also provide some configuration information, as described in http://www.postfix.org/DEBUG_README.html#mail -- Viktor.
Re: Hi.how to set up "bounce unix - - n - 0 bounce" by using Postconf
Thanks for your suggest again. "bounce unix - - n - 0 discard" is fit for my own system. I have trouble with how to set it by "postconf.." not "vi /etc/...". or disable the NDR responses from the system. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: Hi.how to set up "bounce unix - - n - 0 bounce" by using Postconf
> On Sep 26, 2019, at 2:24 AM, feier8097 wrote: > > thanks for your help. But I want to change "bounce" to "discard". You DO NOT want to change the master.cf entry. > Because > When user sent mail to accunt without exist on the server. The postfix > system will return back an email with subject "Undelivered Mail Returned to > Sender" Automatic. Don't accept messages to invalid recipients, implement recipient validation. Then you can run a properly working MTA, that does not (attempt to) throw away legitimate bounce messages. > But I don't want it send this message. That's solving the wrong problem, instead reject mail to non-existent recipients before it enters your queue. > So I searched > google and found just set "bounce unix - - n - 0 bounce" to "bounce unix - - > n - 0 discard" can solve this problem. The ignoramus who suggested that solution must be ignored. There's plenty of bad advice on the Internet. > I've check it being Correct. It is not. > And I have mounts of multi-instances, I want to change the parameter by like > "postconf ... ..." or something else,But not by "vi -c /etc/postfix...". Postfix supports programmatic changes to main.cf and master.cf, but first you have to know what you're doing. Cargo-culting a misguided how-to will not solve your problem... -- Viktor.
Re: Hi.how to set up "bounce unix - - n - 0 bounce" by using Postconf
thanks for your help. But I want to change "bounce" to "discard". Beacause When user sent mail to accunt without exist on the server. The postfix system will return back an email with subject "Undelivered Mail Returned to Sender" Automatic. But I don't want it send this message. So I searched google and found just set "bounce unix - - n - 0 bounce" to "bounce unix - - n - 0 discard" can solve this problem.I've check it being Correct. And I have mounts of multi-instances, I want to change the parameter by like "postconf ... ..." or something else,But not by "vi -c /etc/postfix...". -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html