[pfx] Re: DQS key in error responses
On June 22, 2024 12:55:32 PM GMT+02:00, Cody Millard via Postfix-users wrote: >|Hello list.| > >| >| > >|I included Spamhaus XBL in client restrictions for my server. An error is >supplied to the individual/bot that is trying to connect that looks like the >follow: > >| > >|Transcript of session follows. Out: 554 5.7.1 Service unavailable; Client >host [57.152.56.248] blocked using .xbl.dq.spamhaus.net; Listed by >XBL, see https://check.spamhaus.org/query/ip/57.152.56.248 In: ??? Out: 500 >5.5.2 Error: bad UTF-8 syntax In: Out: 500 5.5.2 Error: bad UTF-8 syntax In: ? >Out: 221 2.7.0 Error: I can break rules, too. Goodbye. For other details, see >the local mail logfile *You can see my dqs key in the err*|*or send to the >client. Is this a problem? If so, how could I remove the DQS key from the >response? * Use rbl_reply_maps to customize the response and hide the key. See https://www.postfix.org/postconf.5.html#rbl_reply_maps -- Christian Kivalo ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: TLS config for gmail relay
On 2023-12-23 22:22, saunders.nicholas--- via Postfix-users wrote: I think that I have the SASL figured out, and probably it's a similar process to get the tls_policy compliant and functional. The log: Dec 23 13:11:32 mordor postfix/smtp[287549]: error: open database /etc/postfix/tls_policy.db: No such file or directory You need to run: postmap /etc/postfix/tls_policy -- Christian Kivalo ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: smtp auth on port 25
On August 15, 2023 2:15:21 AM GMT+02:00, Jon Smart via Postfix-users wrote: >Hello, > >I have disabled port 587/465 to be accessed publicly. > >but port 25 must be open to internet for MTA communications. > >My question is, can external users access port 25 for smtp auth and send >mail then? Not if you disable auth on port 25, which you should. For MTA to MTA communication you don't need smtp auth enabled to receive mails destined to your server. Your users should use ports 465/587 with auth to send their mail. Auth should only be enabled on the ports you intend to use for mail submission. -- Christian Kivalo ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Postfix Help with a rejection message
On August 15, 2023 7:05:32 AM GMT+02:00, Chad Lundquist via Postfix-users wrote: >I am getting legitimate emails REJECTED by postfix and I need to figure out a >way to forward them or whitelist them from getting blocked. > > > >I am using PFLogsumm and see this: > > > >message reject detail > >- > > RCPT > >450 4.7.1 : Helo > command rejected: Host not found; from=<03349...@alight.com> > to= proto=ESMTP > helo= (total: 21) > > 21 amazonaws.com (03349...@alight.com) > > > >What file do I edit in postfix to allow this message to flow and get delivered >or whitelisted? > Do you by any chance have reject_unknown_helo_hostname in your smtpd_*_restrictions in main.cf? This results in a reject, when the announced helo name has no A/MX dns entry. The host from your log message has no dns A entry. -- Christian Kivalo ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Anyone using SMTP relay through dnsexit.com?
My settings main.cf: relayhost = [relay.dnsexit.com]:587 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_auth_enable = yes smtp_sasl_security_options = And my sasl_passwd file (and yes, I did do a postmap after my changes) relay.dnsexit.com:587 myusername:mypassword Your lookup key is missing the [ ] you used for the relayhost setting. This results in no authentication to the dnsexit relay. This is described in the section "Enabling SASL authentication in the Postfix SMTP/LMTP client" of the SASL README file at https://www.postfix.org/SASL_README.html#client_sasl_enable -- Christian Kivalo ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Painful Postfix
On April 30, 2023 7:03:59 AM GMT+02:00, Kolusion K via Postfix-users wrote: >So, I tried using the 'debug_peer_list' parameter like this, but it didn't >work... > >debug_peer_list = 1.2.3.4, 5.6.7.8 Last time i had to debug an smtp session i implemented it as, in main.cf (i use cdb, but hash should also work) debug_peer_list = cdb:/etc/postfix/debug_peer The content of debug_peer beeing 1.2.3.4 check 2.3.4.5 check Don't forget to postmap that file: postmap /etc/postfix/debug_peer The smtp session is in your mail log. >I did restart the Postfix service after applying the change to 'main.cf'. > > >It looks like Postfix lacks the capability to show the SMTP session, right? > >Thanks > > >Kolusion > > > >Sent: Sunday, April 30, 2023 at 2:54 PM >From: "Kolusion K" >To: postfix-users@postfix.org >Subject: Painful Postfix >Hello again > > >I am again trying to use the 'debug_peer_list' parameter to see if it will >show me the SMTP session in the mail log. > >The e-mail address I am sending to has a server or servers with multiple IP >addresses. How can I go about using multiple IP addresses with the >'debug_peer_list' parameter? > >Like this? > >debug_peer_list = 1.2.3.4 5.6.7.8 > >or perhaps like this? > >debug_peer_list = 1.2.3.4, 5.6.7.8 > > >Thanks > >Kolusion >___ >Postfix-users mailing list -- postfix-users@postfix.org >To unsubscribe send an email to postfix-users-le...@postfix.org -- Christian Kivalo ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
