Re: Various questions about Postfix
Sorry for the long delay, wanted to do more research before posting it.
I've replaced some real values, like myhostname, with generic ones.
postconf -nf
command_directory = /usr/sbin
compatibility_level = 3.6
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = 192.168.0.3, 127.0.0.1
inet_protocols = ipv4
mail_owner = postfix
mailbox_transport = lmtp:unix:private/dovecot-lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 52428800
meta_directory = /etc/postfix
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
mime_header_checks = regexp:/etc/postfix/header_checks
mydestination = localhost.$mydomain, localhost
myhostname = mail.foo.com
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
shlib_directory = no
smtp_tls_mandatory_protocols = >=TLSv1.2
smtp_tls_protocols = >=TLSv1.2
smtp_tls_security_level = may
smtpd_discard_ehlo_keywords = chunking
smtpd_helo_required = yes
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname, permit
smtpd_milters = local:opendkim/opendkim.sock,
local:opendmarc/opendmarc.sock,
inet:127.0.0.1:11332
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_pipelining,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,
check_recipient_access hash:/etc/postfix/specialaccounts,
reject_multi_recipient_bounce, reject_unknown_client_hostname,
check_policy_service inet:127.0.0.1:10023, reject_rhsbl_helo
dbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org
,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = foo.mylocal
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file =
/etc/letsencrypt/live/mail.foo.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.foo.com/privkey.pem
smtpd_tls_mandatory_protocols = >=TLSv1.2
smtpd_tls_protocols = >=TLSv1.2
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_gid_maps = static:5000
virtual_mailbox_base = /srv/mail
virtual_mailbox_domains = foo.com
virtual_mailbox_limit = 524288
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
postconf -Mf
smtp inet n - y - - smtpd
dovecotunix - n n - - pipe flags=DRhu
user=vmail:mail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d
${recipient}
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
pickup unix n - y 60 1 pickup
cleanupunix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewriteunix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discardunix - - y - - discard
local unix - n n - - local
virtualunix - n n - - virtual
lmtp
Re: method to discard email with body containing gmail address
li...@lazygranch.com: > Reply-To: jm84450...@gmail.com Use header_checks (not body_checks) if you want to block that. Still, I would be concerned about rejecting legitimate email. Wietse
Re: method to discard email with body containing gmail address
Your comments on the regex are useful since I didn't consider email addresses with delimiters though none of the spam does at the moment. Note a few of the spammers put their email address in the subject line. Maybe that should be my first attempt at discarding. I can't think of a non-spammer doing that. I read your tips and the postscreen page. Since postscreen doesn't read the content of the email, I'm not sure what good it will do. I have blocking lists set up in postfix itself. (Less is more. No additional program in the chain.) I suppose I could use postscreen just to inpect the email server (postscreen without blocking mail?) which I think you mean it will still block funky email servers, but the gmail spam comes from gmail. It is perfectly legit email other than sometimes the reply and from don't match. That itself is legit but just odd. Here is a sanitized and shortened header. I am baffled why these spammers include a gmail address in their email since the reply to field is gmail anyway, but most do. Why google tolerates this crap is another story. I gave up on emailing their abuse contact since nothing changed by doing so. Return-Path: X-Original-To: m...@mydomain.com Delivered-To: m...@mydomain.com Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.222.46; helo=mail-ua1-f46.google.com; envelope-from=infoa0...@gmail.com; receiver=m...@mydomain.com DMARC-Filter: OpenDMARC Filter v1.4.1 www.mydomain.com 8E2BF69A7B Authentication-Results: mydomain.com; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: mydomain.com; spf=pass smtp.mailfrom=gmail.com DKIM-Filter: OpenDKIM Filter v2.11.0 www.mydomain.com 8E2BF69A7B Authentication-Results: www.mydomain.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Mb0Z+9VO" Received: from mail-ua1-f46.google.com (mail-ua1-f46.google.com [209.85.222.46]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by www.mydomain.com (Postfix) with ESMTPS id 8E2BF69A7B for ; Fri, 5 Nov 2021 12:09:13 + (UTC) Received: by mail-ua1-f46.google.com with SMTP id az37so16607241uab.13 for ; Fri, 05 Nov 2021 05:09:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; X-Gm-Message-State: AOAM532TS3ZNsUStUWlcBN56fBCGvVQTPu8NGAoz576BhScZapblMLfa MoJux1YhYW0kmDUg2jh6myKzaL7nRhQuLVO0sHg= X-Google-Smtp-Source: ABdhPJwaGhpcfV5E2//9RLpCPT4+PXBI7XdCN/nLCgf6EYfgW+pcKLMeYoW+3Jk64pzSQ47l56P14h+8d7dMPlXuLE0= X-Received: by 2002:ab0:5a93:: with SMTP id w19mr63371846uae.58.1636114152575; Fri, 05 Nov 2021 05:09:12 -0700 (PDT) MIME-Version: 1.0 Reply-To: jm84450...@gmail.com From: Abdulla Shahid Date: Fri, 5 Nov 2021 05:08:57 -0700 Message-ID: On Sat, 06 Nov 2021 10:54:48 -0500 Rob McGee wrote: > On 2021-11-06 06:15, li...@lazygranch.com wrote: > > Most of my spam contains a gmail address to reply to the spammer. I > > would like to discard email whose body contains a gmail address. > > Since discarding mail could get ugly, I would hope someone on the > > list can eyeball my plan. > > Indeed it is ugly. You just as well could have asked for a method > to throw out the baby with the bathwater! > > > I added > > body_checks = pcre:/etc/postfix/body_checks > > to main.cf. I made a null body_checks file and ran postmap on it, > > then > > postmap "compiles" hash: and other indexed map types. It's not > needed for a pcre_table(5) map. > > > did a reload & restart. Postfix wouldn't send email if the file was > > missing. > > > > postconf -d mail_version > > mail_version = 3.6.2 > > > > Trawling the internet I found this regix to match gmail addresses: > > ^[\w.+\-]+@gmail\.com$ > > > > So if body_checks contained > > /^[\w.+\-]+@gmail\.com$/ DISCARD > > work. > > Change DISCARD to WARN first, to see what it matches. > > Also, you anchored the expression on both ends, ^ and $, so you're > only going to match mail with ONLY the gmail address on one line. > This line with zeixsgw9gufv2isophpdyisr0bgz0...@gmail.com will not > match. Neither will this, with the <> enclosing brackets: > > > I think once you get the bugs worked out you will give up on this. > > See my postscreen howto for a much more effective means of dealing > with spam.
Re: recipient_delimiter and bounced mail
> My expectation is that dovecot is not involved in this issue, but I'm > not sure, so I mention anyway that that I have set > > virtual_transport = dovecot Dovecot has the same setting: recipient_delimiter = + In the logs, is the mail being rejected by postfix or by dovecot after postfix tries to deliver?
Re: recipient_delimiter and bounced mail
> On 6 Nov 2021, at 3:43 pm, Jeff Abrahamson wrote: > > In main.cf I have set > > recipient_delimiter = + > > Reading the docs, I don't see anything else I ought to set for this to > work: postfix should first try delivery to jeff+post...@p27.eu, then > j...@p27.eu, and this second is known to succeed. You're mistaken, Postfix never tried a bare delivery address when a delivery to address+extension fails. All that ever happened is that *TABLE LOOKUPS* would try the bare address. > My expectation is that dovecot is not involved in this issue, but I'm > not sure, so I mention anyway that that I have set Dovecot likely (at least by default) knows nothing about address extensions. If you want to use the extension to select the delivery mailbox, or even to be ignored for delivery to the Inbox by default, you have to configure dovecot to support that. > virtual_transport = dovecot Perhaps you were using the Postfix virtual(8) transport by default, and taking advantage of virtual_mailbox_maps (TABLE LOOKUP) using the bare address when address+extension fails to match. If you want dovecot to see the bare address, you'll need a virtual alias table entry: j...@p27.eu j...@p27.eu and make sure to remove (not include) "virtual" in: propagate_unmatched_extensions = canonical the default setting includes "virtual". -- -- Viktor.
Re: Rewrite subject for unauth messages only
> On 6 Nov 2021, at 5:33 pm, Gionatan Danti wrote: > >> I think that the default setting: >>nested_header_checks = $header_checks >> is unfortunate, perhaps we should change it to empty at compatibility >> level >= 3.7. > > On current test setup, I do not define nested_headers_check at all. Is this > an issue? Well, nested_header_checks apply not only to the top-level message headers, but also to the headers of attached email messages. In many cases it is not desirable to apply the same modifications to attached messages that are made at the top level. Your choice... -- Viktor.
Re: Rewrite subject for unauth messages only
Il 2021-11-06 19:04 Viktor Dukhovni ha scritto: Though I don't recommend complex all-in-one configurations, you use the "-o cleanup_service_name" option to configure separate cleanup(8) services for separate smtpd(8) instances: Yes, in my initial testing, I was missing -o cleanup_service_name master.cf: smtp inet ... smtpd -o cleanup_service_name=cleanup-mta ... cleanup-mta unix ... cleanup -o syslog_name=postfix/cleanup-mta -o header_checks=$mta_header_checks -o mime_header_checks=$mta_mime_header_checks -o nested_header_checks=$mta_nested_header_checks ... main.cf: # Local (sendmail/postdrop) and SMTP submission: header_checks = ... mime_header_checks = ... nested_header_checks = ... best explicitly empty ... # mta_header_checks = ... date, subject etc. rules ... mta_mime_header_checks = ... attachment MIME header rules ... mta_nested_header_checks = ... best explicitly empty ... I think that the default setting: nested_header_checks = $header_checks is unfortunate, perhaps we should change it to empty at compatibility level >= 3.7. On current test setup, I do not define nested_headers_check at all. Is this an issue? For reference, here you can find my current test config: # main.cf # auth client are immediately permitted, all other messages are FILTERed smtpd_client_restrictions = permit_sasl_authenticated, check_client_access regexp:/etc/postfix/custom # master.cf # secondary smtpd and cleanup process # disable milters to avoid double spam check 127.0.0.1:10025inet n - n - - smtpd -o smtpd_client_restrictions= -o smtpd_milters= -o cleanup_service_name=mycleanup mycleanup unix n - n - 0 cleanup -o header_checks=regexp:/etc/postfix/rewrite # custom # all unauth messages are FILTERed /.*/FILTER smtp:127.0.0.1:10025 # rewrite # only add tag if it is not already present if !/^Subject: .*[EXTERNAL].*/i /^Subject: (.+)$/i REPLACE Subject: [EXTERNAL] $1 endif I am missing something important? Thanks. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.da...@assyoma.it - i...@assyoma.it GPG public key ID: FF5F32A8
recipient_delimiter and bounced mail
I used to be able to receive mail at, for example, jeff+post...@p27.eu. Such mail is now refused. I suspect this behaviour changed when I upgraded postfix version some months back. In main.cf I have set recipient_delimiter = + Reading the docs, I don't see anything else I ought to set for this to work: postfix should first try delivery to jeff+post...@p27.eu, then j...@p27.eu, and this second is known to succeed. My expectation is that dovecot is not involved in this issue, but I'm not sure, so I mention anyway that that I have set virtual_transport = dovecot I am running postfix 3.4.13 and dovecot 2.3.7.2 (3c910f64b). Many thanks for any pointers. -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ http://mobilitains.fr/
Re: Rewrite subject for unauth messages only
On Sat, Nov 06, 2021 at 06:51:03PM +0100, Gionatan Danti wrote: > But I was also interested in a single server solution, not least to > better understand postfix itself. Though I don't recommend complex all-in-one configurations, you use the "-o cleanup_service_name" option to configure separate cleanup(8) services for separate smtpd(8) instances: master.cf: smtp inet ... smtpd -o cleanup_service_name=cleanup-mta ... cleanup-mta unix ... cleanup -o syslog_name=postfix/cleanup-mta -o header_checks=$mta_header_checks -o mime_header_checks=$mta_mime_header_checks -o nested_header_checks=$mta_nested_header_checks ... main.cf: # Local (sendmail/postdrop) and SMTP submission: header_checks = ... mime_header_checks = ... nested_header_checks = ... best explicitly empty ... # mta_header_checks = ... date, subject etc. rules ... mta_mime_header_checks = ... attachment MIME header rules ... mta_nested_header_checks = ... best explicitly empty ... I think that the default setting: nested_header_checks = $header_checks is unfortunate, perhaps we should change it to empty at compatibility level >= 3.7. -- Viktor.
Re: Rewrite subject for unauth messages only
Il 2021-11-06 16:47 Viktor Dukhovni ha scritto: On Thu, Nov 04, 2021 at 10:51:06PM +0100, Gionatan Danti wrote: I was tasked to mark all messages coming from unauthenticated clients (ie: incoming emails) with a specific subject line. Best practice when requirements get complicated is to divide and conquer. Use a separate dedicated machine (or dedicated public IP address) for inbound mail with a separate Postfix instance handling only inbound mail. Outbound email is then handled by a separate machine or Postfix instance. Yeah, this is the solution we proposed to our customer: point the MX record to a new machine for subject rewrite, keeping the actual mailserver for authenticated send/receive only. But I was also interested in a single server solution, not least to better understand postfix itself. Thanks and regards. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.da...@assyoma.it - i...@assyoma.it GPG public key ID: FF5F32A8
Re: method to discard email with body containing gmail address
On 2021-11-06 06:15, li...@lazygranch.com wrote: Most of my spam contains a gmail address to reply to the spammer. I would like to discard email whose body contains a gmail address. Since discarding mail could get ugly, I would hope someone on the list can eyeball my plan. Indeed it is ugly. You just as well could have asked for a method to throw out the baby with the bathwater! I added body_checks = pcre:/etc/postfix/body_checks to main.cf. I made a null body_checks file and ran postmap on it, then postmap "compiles" hash: and other indexed map types. It's not needed for a pcre_table(5) map. did a reload & restart. Postfix wouldn't send email if the file was missing. postconf -d mail_version mail_version = 3.6.2 Trawling the internet I found this regix to match gmail addresses: ^[\w.+\-]+@gmail\.com$ So if body_checks contained /^[\w.+\-]+@gmail\.com$/ DISCARD work. Change DISCARD to WARN first, to see what it matches. Also, you anchored the expression on both ends, ^ and $, so you're only going to match mail with ONLY the gmail address on one line. This line with zeixsgw9gufv2isophpdyisr0bgz0...@gmail.com will not match. Neither will this, with the <> enclosing brackets: I think once you get the bugs worked out you will give up on this. See my postscreen howto for a much more effective means of dealing with spam. -- http://rob0.nodns4.us/
Re: Rewrite subject for unauth messages only
On Thu, Nov 04, 2021 at 10:51:06PM +0100, Gionatan Danti wrote: > I was tasked to mark all messages coming from unauthenticated clients > (ie: incoming emails) with a specific subject line. Best practice when requirements get complicated is to divide and conquer. Use a separate dedicated machine (or dedicated public IP address) for inbound mail with a separate Postfix instance handling only inbound mail. Outbound email is then handled by a separate machine or Postfix instance. -- Viktor.
Re: question for the mail architecture
> On 27 Oct 2021, at 4:10 am, Walt CH wrote: > > For our company's global design, we have the MX servers (postfix) on both the > US and the EU. > When the two MX servers receive the messages, how to store the messages into > a separated area such as the AU? My standard recommendation is to perform address-rewriting at the external inbound gateway that directs mail for each user to the appropriate internal mail store by mapping: some.u...@company.com -> some...@somewhere.company.com Then a short static transport table can direct "somewhere.company.com" to the right set of servers, or just use internal MX resolution. The mapping can use LDAP, or perhaps PostgreSQL, ... The various internal mailstores should recognise some.u...@company.com as the user's primary public email address, and some...@somewhere.company.com as a valid mailbox address. With LDAP this looks like: mail: some.u...@company.com maildrop: some...@somewhere.company.com mailAlternateAddress: some.u...@company.com mailAlternateAddress: some...@somewhere.company.com mailAlternateAddress: alt...@somewhere.company.com ... The gateway maps mailAlternateAddress -> maildrop. The mailstore accepts mail for any mailAlternateAddress and delivers it to the underlying mailbox. The outbound smarthost or internal mailhub rewrites mailAlternateAddress -> mail User agents searching the directory use "mail". For some notes on groups (lists), ... see the ldap_table(5) and LDAP_README docs. -- Viktor.
Re: Postfix-fg and maillog_file to stdout
> On 5 Nov 2021, at 5:14 pm, Rafael Azevedo wrote: > > POSTFIX logs using DOCKER non-chrooted and message_file=/dev/sdtout Do you think you'll be able to report results for all the combinations? * AppArmor on/off * Chroot on/off for qmgr * Chroot on/off for delivery agents -- Viktor.
RE: question for the mail architecture
Walt, Some questions before answering yours. 1. Is the MX record for "one mail domain" pointed to two different server that’s located at US and EU ? 2. What you're wanting to do is, storing the same data on two different areas?(Like US and AU?) I once did store same data on two different areas using Lefthand by HP, and another using DRBD. I don’t know if Lefthand is still available or not. -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Walt CH Sent: Wednesday, October 27, 2021 5:10 PM To: postfix-users@postfix.org Subject: question for the mail architecture Hello For our company's global design, we have the MX servers (postfix) on both the US and the EU. When the two MX servers receive the messages, how to store the messages into a separated area such as the AU? Thank you.
Re: Postfix-fg and maillog_file to stdout
Perfect. That was the other solution I had been looking at. ==C On Sat, 2021-11-06 at 10:25 -0300, Rafael Azevedo wrote: > Since it was a container, I was not running any syslog, just using > the log modules from docker.This is a sample output from postfix > stdout. > I fixed it using syslog-ng within the container. > Em sáb., 6 de nov. de 2021 às 09:56, Curtis Maurand < > cur...@maurand.com> escreveu: > > On Fri, 2021-11-05 at 13:34 -0300, Rafael Azevedo wrote: > > > One last thing, is it possible to change the date format of the > > > output? > > > Current format: > > > Nov 05 13:20:06 smtp21 postfix/smtp[136]: 9D86C60BBE > > > > > > I'd like to use ISO format: > > > 2021-10-29T19:37:52.017684-03:00 smtp21 postfix/smtp > > > > > > Could that be possible? > > > > > > > > > > My systems use rsyslog. The timestamp format is configurable. > > > > > Thanks > > > Em sex., 5 de nov. de 2021 às 13:10, Rafael Azevedo < > > > raf...@gmail.com> escreveu: > > > > Thanks Wietse, > > > > After disabling chroot, everything worked just as expected. > > > > > > > > Thanks a lot guys. > > > > > > > > BR, > > > > R > > > > Em sex., 5 de nov. de 2021 às 13:01, Wietse Venema < > > > > wie...@porcupine.org> escreveu: > > > > > Rafael Azevedo: > > > > > > > > > > > After disabling chroot, it worked! > > > > > > > > > > > > > > > > > > > > LINUX bites, if chroot breaks relative pathnames for UNIX- > > > > > domain > > > > > > > > > > DGRAM sockets. > > > > > > > > > > > > > > > > > > > > (If chroot broke relative pathnames for UNIX-domain STREAM > > > > > sockets, > > > > > > > > > > there should have been lots of bug reports already). > > > > > > > > > > > > > > > > > > > > > Any clue about how can I have milliseconds in this output? > > > > > > > > > > > > > > > > > > > > That is currently not implemented. > > > > > > > > > > > > > > > > > > > > Postfix alreadey provides sub-second logging for different > > > > > stages > > > > > > > > > > of delivery (time since arrival, time in active queue, time > > > > > to > > > > > > > > > > connect, time to transmit message). > > > > > > > > > > > > > > > > > > > > http://www.postfix.org/postconf.5.html#delay_logging_resolution_limit > > > > > > > > > > > > > > > > > > > > Example: > > > > > > > > > > > > > > > > > > > > Nov 5 11:48:59 spike postfix/local[445]: 4Hm4gH1RlnzJrP5: > > > > > to=, relay=local, delay=0.21, > > > > > delays=0.2/0.0003/0/0.0036, dsn=2.0.0, status=sent (delivered > > > > > to command: umask 077; exec /usr/local/bin/filter) > > > > > > > > > > > > > > > > > > > > Wietse > > > > > > > > > > >
Re: Postfix-fg and maillog_file to stdout
Since it was a container, I was not running any syslog, just using the log modules from docker. This is a sample output from postfix stdout. I fixed it using syslog-ng within the container. Em sáb., 6 de nov. de 2021 às 09:56, Curtis Maurand escreveu: > On Fri, 2021-11-05 at 13:34 -0300, Rafael Azevedo wrote: > > One last thing, is it possible to change the date format of the output? > > Current format: > Nov 05 13:20:06 smtp21 postfix/smtp[136]: 9D86C60BBE > > I'd like to use ISO format: > 2021-10-29T19:37:52.017684-03:00 smtp21 postfix/smtp > > Could that be possible? > > > > My systems use rsyslog. The timestamp format is configurable. > > > Thanks > > Em sex., 5 de nov. de 2021 às 13:10, Rafael Azevedo > escreveu: > > Thanks Wietse, > > After disabling chroot, everything worked just as expected. > > Thanks a lot guys. > > BR, > R > > Em sex., 5 de nov. de 2021 às 13:01, Wietse Venema > escreveu: > > Rafael Azevedo: > > After disabling chroot, it worked! > > LINUX bites, if chroot breaks relative pathnames for UNIX-domain > DGRAM sockets. > > (If chroot broke relative pathnames for UNIX-domain STREAM sockets, > there should have been lots of bug reports already). > > > Any clue about how can I have milliseconds in this output? > > That is currently not implemented. > > Postfix alreadey provides sub-second logging for different stages > of delivery (time since arrival, time in active queue, time to > connect, time to transmit message). > > http://www.postfix.org/postconf.5.html#delay_logging_resolution_limit > > Example: > > Nov 5 11:48:59 spike postfix/local[445]: 4Hm4gH1RlnzJrP5: to=< > spam...@porcupine.org>, relay=local, delay=0.21, > delays=0.2/0.0003/0/0.0036, dsn=2.0.0, status=sent (delivered to command: > umask 077; exec /usr/local/bin/filter) > > Wietse > >
Re: mx.kolabsys.com
> Their TLSA records have been broken since ~May 12th 2021: > > https://stats.dnssec-tools.org/explore/?kolabsys.com > > but they ignored the notification sent on the 13th. If you know a > responsive contact there, let them know to not neglect their systems: The roundcube / kolabsys team tends to check their github issues page daily. Might not be the appropriate place to address their mailing list, but you will get the issue in front of their eyes. https://github.com/roundcube/roundcubemail/issues
Re: Postfix-fg and maillog_file to stdout
On Fri, 2021-11-05 at 13:34 -0300, Rafael Azevedo wrote: > One last thing, is it possible to change the date format of the > output? > Current format: > Nov 05 13:20:06 smtp21 postfix/smtp[136]: 9D86C60BBE > > I'd like to use ISO format: > 2021-10-29T19:37:52.017684-03:00 smtp21 postfix/smtp > > Could that be possible? > > My systems use rsyslog. The timestamp format is configurable. > Thanks > Em sex., 5 de nov. de 2021 às 13:10, Rafael Azevedo > escreveu: > > Thanks Wietse, > > After disabling chroot, everything worked just as expected. > > > > Thanks a lot guys. > > > > BR, > > R > > Em sex., 5 de nov. de 2021 às 13:01, Wietse Venema < > > wie...@porcupine.org> escreveu: > > > Rafael Azevedo: > > > > > > > After disabling chroot, it worked! > > > > > > > > > > > > LINUX bites, if chroot breaks relative pathnames for UNIX-domain > > > > > > DGRAM sockets. > > > > > > > > > > > > (If chroot broke relative pathnames for UNIX-domain STREAM > > > sockets, > > > > > > there should have been lots of bug reports already). > > > > > > > > > > > > > Any clue about how can I have milliseconds in this output? > > > > > > > > > > > > That is currently not implemented. > > > > > > > > > > > > Postfix alreadey provides sub-second logging for different stages > > > > > > of delivery (time since arrival, time in active queue, time to > > > > > > connect, time to transmit message). > > > > > > > > > > > > http://www.postfix.org/postconf.5.html#delay_logging_resolution_limit > > > > > > > > > > > > Example: > > > > > > > > > > > > Nov 5 11:48:59 spike postfix/local[445]: 4Hm4gH1RlnzJrP5: to=< > > > spam...@porcupine.org>, relay=local, delay=0.21, > > > delays=0.2/0.0003/0/0.0036, dsn=2.0.0, status=sent (delivered to > > > command: umask 077; exec /usr/local/bin/filter) > > > > > > > > > > > > Wietse > > >
method to discard email with body containing gmail address
Most of my spam contains a gmail address to reply to the spammer. I would like to discard email whose body contains a gmail address. Since discarding mail could get ugly, I would hope someone on the list can eyeball my plan. I added body_checks = pcre:/etc/postfix/body_checks to main.cf. I made a null body_checks file and ran postmap on it, then did a reload & restart. Postfix wouldn't send email if the file was missing. postconf -d mail_version mail_version = 3.6.2 Trawling the internet I found this regix to match gmail addresses: ^[\w.+\-]+@gmail\.com$ So if body_checks contained /^[\w.+\-]+@gmail\.com$/ DISCARD work.
