[pfx] Re: sendmail -v add@ress hangs / postdrop calls read(0, … and waits forever

2024-06-23 Thread Viktor Dukhovni via Postfix-users
On Sun, Jun 23, 2024 at 06:06:40PM +, Дилян Палаузов wrote:

> «sendmail -v myself@domain» however hangs.

Of course it does, it is waiting to read the message headers and body
from standard input as expected.

> until I press Ctrl+C.  This is Postfix 3.4.13.  On Postfix 2.11 the
> same command works. As far I see, there is no close(0), so read(0, …
> expect data from standard input.
> 
> Can you tell me why does «sendmail -v address» hang?

Because you haven't provided a message to send, and standard input is
attached to a terminal.  If you do not want to send a message:

$ sender=la...@example.com
$ recipients=(cu...@example.com m...@example.com)
$ sendmail -f "$sender" -bv "${recipients[@]}"

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] inquiry for milter server

2024-06-23 Thread Jeff Peng via Postfix-users
what's the mainstream milter server for customized content analysis such 
as headers and languages? I may want to block some special messages 
which have a special header or  special language (like middle-east).


Thanks in advance.
regards.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: how to implement this route

2024-06-23 Thread Jeff Peng via Postfix-users

On 2024-06-23 20:24, Wietse Venema via Postfix-users wrote:

Jeff Peng via Postfix-users:

Hello

I saw gmx.de/web.de have a policy that, if the submission IP is not 
from
DE/EU, messages will be routed to a different gateway which is listed 
in

spamhaus already. Otherwise if submission client's IP is in DE/EU,
messages will be routed out via the normal gateway whose IP is clean.
How to customized my own transport for that?


You can configure customized SMTP clients in master.cf, each with
an appropriate smtp_bind_address setting, and use transport_maps
to choose between those clients.


Thanks Wietse. other than binding multi-IP on a same host, is it better 
to have multi-geobased-MTAs for incoming messages?




References:
https://www.postfix.org/postconf.5.html#smtp_bind_address
https://www.postfix.org/transport.5.html


appreciate for the references.



AI is an experimental feature of this mailing list.



what AI is used for this mailing list?

Thanks.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: No email forwarding?

2024-06-23 Thread Bill Cole via Postfix-users

On 2024-06-23 at 17:15:33 UTC-0400 (Sun, 23 Jun 2024 23:15:33 +0200)
Jaroslaw Rafa via Postfix-users 
is rumored to have said:

The forwarding issue is easily solvable. It's only the unwillingness 
of

mainstream email providers to solve it.


That implies a definition of "easily" that somehow includes "essentially 
impossible."


It is logically simple. It is practically imaginary.

A very different option *which is also never going to happen* but which 
is conceivably in the hands of sending domain owners would be to 
implement per-user SPF and provide users with the tools to define their 
own records. This will not happen in part for the same reasons the 
behemoths won't solve it: non-trivial implementation and ongoing support 
costs without tangible return on investment.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com 
addresses)

Not Currently Available For Hire
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: No email forwarding?

2024-06-23 Thread Benny Pedersen via Postfix-users

Jaroslaw Rafa via Postfix-users skrev den 2024-06-23 23:15:


But nobody wants to implement this, they rather want to advise against
forwarding.


forwarding is not brokken, what is brokken is that srs is needed to 
solve another domains spf records ?


no just stop

fokus on dkim, and dmarc aligment is just happing on direct to mx, not 
when mails is sent to maillists that break dkim, before content is arc 
signed and arc sealed


order of things is most important, as long this is not done we could 
have endless debate on what is brokken




___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: No email forwarding?

2024-06-23 Thread Jaroslaw Rafa via Postfix-users
Dnia 23.06.2024 o godz. 12:20:37 Bill Cole via Postfix-users pisze:
> Transparent forwarding is infeasible of the modern net. Forwarding
> using SRS or encapsulation is still usable if you are willing to
> accept that those methods are imperfect and add complexity to a mail
> system.
> 
> Forwarding outside of a common administrative realm carries
> substantial risk of mail being blocked, even with the use of SRS or
> encapsulation. It can seriously impair the reputation of the
> forwarding site, particularly with mass-market mailbox providers. It
> can often be a path for spam to get into mailboxes that it could not
> get to directly. On the other hand, it is the same functionality at
> the core of mailing lists like this one, which people find useful.

The forwarding issue is easily solvable. It's only the unwillingness of
mainstream email providers to solve it.

All it takes is to give the users of said provider access to an interface
where they could define IP addresses or domains from which mail will be
forwarded to their account. Then failed SPF should be ignored on these
messages (so even classic forwarding can be used, which can be done by any
MTA without need to install additional software), and if spam will be
identified in such message, it should not count towards forwarding server's
reputation.

But nobody wants to implement this, they rather want to advise against
forwarding.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: DQS key in error responses

2024-06-23 Thread Wietse Venema via Postfix-users
Bill Cole via Postfix-users:
> On 2024-06-23 at 08:30:53 UTC-0400 (Sun, 23 Jun 2024 08:30:53 -0400 (EDT))
> Wietse Venema via Postfix-users 
> is rumored to have said:
> 
> > Wietse Venema via Postfix-users:
> >> If you specify
> >>
> >> reject_rbl_client string-with-complex-syntax
> >>
> >> Then the rbl_reply_maps seach key will be that
> >> string-with-complex-syntax.
> > ...
> >> Unlike rbl_reply_maps, postscreen strips the filter (and weight)
> >> before searching the reply table. There are merits to both approaches.
> >> Zen is a combination of XBL, PBL, and other lists. In some cases
> >> one might want to handle XBL, PBL, etc. differently.
> >
> > It may be helpful to update rbl_reply_maps, so that it will query
> > with the domain, after a query with domain=filter returns 'not
> > found'.
> >
> > That's a backwards compatible change that can simplify configuration.
> 
> Yes, that would help a bit.

I have some code for Postfix 3.10. rbl_reply_maps will first search
the table with the reject_rbl_* or reject_rhsbl_* argument.

If the argument result is not found, and the argument has the form
domain=address, then rbl_reply_maps will also search with the
domain.

That still allows different responses for different addreess filters,
but most sites won't need that flexibility.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: Precision of time in Postfix log files

2024-06-23 Thread Wietse Venema via Postfix-users
Peter Uetrecht via Postfix-users:
> Hello list,
> 
> is the precision of time in Postfix log files (version 3.8.4) configurable
> (microseconds or milliseconds)?

Postfix does not generate the timestamp for logfiles written by
syslogd or equivalent. That is done by the syslog(3) system library
function.

To group related records together, see the collate script in the
Postfix source tarball in the auxiliary/collate directory.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: DQS key in error responses

2024-06-23 Thread Bill Cole via Postfix-users
On 2024-06-23 at 08:30:53 UTC-0400 (Sun, 23 Jun 2024 08:30:53 -0400 (EDT))
Wietse Venema via Postfix-users 
is rumored to have said:

> Wietse Venema via Postfix-users:
>> If you specify
>>
>> reject_rbl_client string-with-complex-syntax
>>
>> Then the rbl_reply_maps seach key will be that
>> string-with-complex-syntax.
> ...
>> Unlike rbl_reply_maps, postscreen strips the filter (and weight)
>> before searching the reply table. There are merits to both approaches.
>> Zen is a combination of XBL, PBL, and other lists. In some cases
>> one might want to handle XBL, PBL, etc. differently.
>
> It may be helpful to update rbl_reply_maps, so that it will query
> with the domain, after a query with domain=filter returns 'not
> found'.
>
> That's a backwards compatible change that can simplify configuration.

Yes, that would help a bit.



-- 
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: No email forwarding?

2024-06-23 Thread Bill Cole via Postfix-users

On 2024-06-22 at 18:54:32 UTC-0400 (Sat, 22 Jun 2024 22:54:32 +)
Jeff Pang via Postfix-users 
is rumored to have said:

 But google "why email forwarding is a bad idea" will get a lot of 
results.


That is an extraordinarily poor measure of anything other than Google's 
indexing capability and their radical agnosticism on all disputable 
questions.


Some of us remember the era when the classical sort of transparent 
forwarding done via /etc/alias and ~/.forward was a common simple 
working solution. It has not been that way for >20 years, but it takes a 
long time for some people to accept that the world changes and one must 
either change along with it or be left behind. Transparent forwarding is 
infeasible of the modern net. Forwarding using SRS or encapsulation is 
still usable if you are willing to accept that those methods are 
imperfect and add complexity to a mail system.


Forwarding outside of a common administrative realm carries substantial 
risk of mail being blocked, even with the use of SRS or encapsulation. 
It can seriously impair the reputation of the forwarding site, 
particularly with mass-market mailbox providers. It can often be a path 
for spam to get into mailboxes that it could not get to directly. On the 
other hand, it is the same functionality at the core of mailing lists 
like this one, which people find useful.


Whether and how one supports automated forwarding on a mail system is a 
very site-specific question, dependent largely on what your users 
want/need and what sort of service you want to be providing. For 
example, I run mail systems for small and medium sized businesses, most 
(but not all) of whom have strict rules against users forwarding mail 
anywhere. It's a business policy decision.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com 
addresses)

Not Currently Available For Hire
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Precision of time in Postfix log files

2024-06-23 Thread Peter Uetrecht via Postfix-users
Hello list,

is the precision of time in Postfix log files (version 3.8.4) configurable
(microseconds or milliseconds)?

Thanks in advance
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: how to implement this route

2024-06-23 Thread Wietse Venema via Postfix-users
Wietse Venema via Postfix-users:
> Jeff Peng via Postfix-users:
> > Hello
> > 
> > I saw gmx.de/web.de have a policy that, if the submission IP is not from 
> > DE/EU, messages will be routed to a different gateway which is listed in 
> > spamhaus already. Otherwise if submission client's IP is in DE/EU, 
> > messages will be routed out via the normal gateway whose IP is clean. 
> > How to customized my own transport for that?
> 
> You can configure customized SMTP clients in master.cf, each with
> an appropriate smtp_bind_address setting, and use transport_maps
> to choose between those clients.
> 
> References:
> https://www.postfix.org/postconf.5.html#smtp_bind_address
> https://www.postfix.org/transport.5.html
> 
> AI is an experimental feature of this mailing list.

A small improvement: instead of transport_maps, one could use a
FILTER action in check_policy_service, SMTP server acccess table,
or in header/body_checks.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: DQS key in error responses

2024-06-23 Thread Wietse Venema via Postfix-users
Wietse Venema via Postfix-users:
> If you specify
>
> reject_rbl_client string-with-complex-syntax
>
> Then the rbl_reply_maps seach key will be that 
> string-with-complex-syntax.
...
> Unlike rbl_reply_maps, postscreen strips the filter (and weight)
> before searching the reply table. There are merits to both approaches.
> Zen is a combination of XBL, PBL, and other lists. In some cases
> one might want to handle XBL, PBL, etc. differently.

It may be helpful to update rbl_reply_maps, so that it will query
with the domain, after a query with domain=filter returns 'not
found'.

That's a backwards compatible change that can simplify configuration.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: how to implement this route

2024-06-23 Thread Wietse Venema via Postfix-users
Jeff Peng via Postfix-users:
> Hello
> 
> I saw gmx.de/web.de have a policy that, if the submission IP is not from 
> DE/EU, messages will be routed to a different gateway which is listed in 
> spamhaus already. Otherwise if submission client's IP is in DE/EU, 
> messages will be routed out via the normal gateway whose IP is clean. 
> How to customized my own transport for that?

You can configure customized SMTP clients in master.cf, each with
an appropriate smtp_bind_address setting, and use transport_maps
to choose between those clients.

References:
https://www.postfix.org/postconf.5.html#smtp_bind_address
https://www.postfix.org/transport.5.html

AI is an experimental feature of this mailing list.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: DQS key in error responses

2024-06-23 Thread Wietse Venema via Postfix-users
Cody Millard via Postfix-users:
> Check out this link showing a example postfix configuration.
> 
> https://portal.spamhaus.com/dqs/#3.1.2
> 
> I found it to be very helpful in displaying the ranged syntax that 
> spamhaus supports.

For a web page that does not require logging in, see:

https://docs.spamhaus.com/datasets/docs/source/40-real-world-usage/MTAs/020-Postfix.html

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] how to implement this route

2024-06-23 Thread Jeff Peng via Postfix-users

Hello

I saw gmx.de/web.de have a policy that, if the submission IP is not from 
DE/EU, messages will be routed to a different gateway which is listed in 
spamhaus already. Otherwise if submission client's IP is in DE/EU, 
messages will be routed out via the normal gateway whose IP is clean. 
How to customized my own transport for that?


Thanks.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: DQS key in error responses

2024-06-23 Thread Cody Millard via Postfix-users

Check out this link showing a example postfix configuration.

https://portal.spamhaus.com/dqs/#3.1.2

I found it to be very helpful in displaying the ranged syntax that 
spamhaus supports.


On 6/22/2024 4:25 PM, Bill Cole via Postfix-users wrote:
On 2024-06-22 at 16:58:26 UTC-0400 (Sat, 22 Jun 2024 16:58:26 -0400 
(EDT))

Wietse Venema via Postfix-users 
is rumored to have said:


Bill Cole via Postfix-users:

On 2024-06-22 at 15:19:42 UTC-0400 (Sat, 22 Jun 2024 15:19:42 -0400
(EDT))
Wietse Venema via Postfix-users 
is rumored to have said:

[...]

The rbl_reply_maps are searched with the domain specified with
reject_rbl_client.

That includes the optional "=address" portion, added in Postfix
2.8, but that was not added to the much older rbl_reply_maps
documentation.

There is an rbl_reply_maps example (a hash map) at
https://docs.spamhaus.com/datasets/docs/source/40-real-world-usage/MTAs/020-Postfix.html 



    your_DQS_key.zen.dq.spamhaus.net=127.0.0.[2..11]
    554 $rbl_class $rbl_what blocked using ZEN - see ... for 
details


Are you certain that the range syntax works?


Absolutely. If you specify

    reject_rbl_client string-with-complex-syntax

Then the rbl_reply_maps seach key will be that 
string-with-complex-syntax.


OK. Right now I have multiple items like this in 
smtpd_recipient_retrictions


    reject_rbl_client KEY.zen.dq.spamhaus.net=127.0.0.2
    reject_rbl_client KEY.zen.dq.spamhaus.net=127.0.0.3
    [... etc.]

So the string being searched is 'KEY.zen.dq.spamhaus.net=127.0.0.2', 
but if I consolidated those into a single restriction:


reject_rbl_client KEY.zen.dq.spamhaus.net=127.0.0.[2..11]

that would then search for 'KEY.zen.dq.spamhaus.net=127.0.0.[2..11]', 
matching the existing map entry.



Is that correct?



___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org