[pfx] Re: reliable RBL
On 10/04/24 22:50, Matus UHLAR - fantomas via Postfix-users wrote: On 10.04.24 17:46, Mr. Peng via Postfix-users wrote: I have been using spamhaus, spamcop, sorbs as the RBL providers for antispam. But some of the customers speak to me about the FP issues caused by RBL. Do you think the three RBL above are reliable in a practical system? I use them on many servers. I just use postscreen which supports scoring and only block when more than one blocklist hits. For the benefit of those of us following-along with the conversation and hoping to learn 'nuggets' of good-practice, would you mind sharing the settings related to the combination of RBLs and postscreen, please? Yes slightly OT, but relates to getting the best from postfix! -- Regards, =dn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: IPv6 and Cloud server CPU
On 23/11/23 17:20, Peter via Postfix-users wrote: On 23/11/23 14:22, Gerald Galster via Postfix-users wrote: Q2: given the minuscule work-load, is there any preference/preclusion between employing the 'usual' x86 processor or 2 Arm Ampere processors? Both offer Linux. Cost is effectively same. You should check if the software you want to use is available for the desired platform. Distributions might provide dovecot packages for ARM while the official dovecot repository might not. Then you would have to compile the sources yourself. This ^. Specifically if you want to run an EL distro there are good choices that offer ARM support and come with stock postfix and dovecot packages, but if you want to run the GhettoForge packages (which have newer versions of Postfix and Dovecot than that offered by the stock distros) then I'm afraid you're stuck with x86_64 for now. Similarily you might have issues with other supporting software that is only available from 3rd-party repos or where 3rd-party repos have newer versions taht you want to use, but not for ARM. Yes, I was following-through with the earlier advice, and noted the same. No, I'm content with being part of the herd (as distinct from using Hurd), preferring stability and knowing that reliability can be hard-won! I'm torn between RHEL (as a developer-member they give me numbers of $0 licenses), and one of the lighter rpm/yum/dnf distros. The former has a stated commitment to Arm CPUs - which means I could (relatively) easily set-up a server and try a load-test... Further to earlier comments, re: distress at being forced to upgrade: in the interests of fairness it is a previous major-version of Postfix running on an older CentOS. (not mentioned because I'd deserve any pointed criticism!) 'The plan' presumed that the hardest part of the process would be going through the docs to see what needed to be removed/changed and to take advantage of improved services - TLS/encryption first out of the gate. Following personal recommendations (from elsewhere), I was looking at a couple of the 'super-packages' which bundle Postfix, Dovecot, and RDBMS, in with a bunch of 'other stuff'. The virtues of Containers to the fore. However, most would require perhaps twice the RAM that my existing combination doesn't even fully occupy (thus marginal-cost/benefit implication). New to me was Docker Mailserver. This appears to be more cut-down, but also gives (me) the impression that main.cf and master.cf are either hidden-away or totally-inaccessible. Nr1 difference is 'no RDBMS', which I guess I could live-with (am quite at-home with SQL and such) and don't need it for (eg) the web-site side of things, so... Do you have experience using this package? (is it sufficiently "Postfix" to be suitable conversation on this list?) -- Regards =dn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: IPv6 and Cloud server CPU
On 23/11/23 11:56, Wietse Venema via Postfix-users wrote: DL Neil via Postfix-users: Slightly off-topic. My bottom-of-the-line VPS is being deprecated. Making me grumpy because it has been working so well (+updates) for all these years! ... Q1: can an email server be run off IPv6 (exclusively) these days, or are IPv4 + v6 alternatives necessary? You need IPv4, if you have remote users. IPv6 would be fine for internal usage, though. Thank you (both). Q2: given the minuscule work-load, is there any preference/preclusion between employing the 'usual' x86 processor or 2 Arm Ampere processors? Both offer Linux. Cost is effectively same. You mentioned a VPS, which means shared hardware, i.e. unused CPU resources are not really unused, they can be used by someone else. So, there's no particular advantage to staying with the traditional x86-style model, nor to moving to the newer Arm-based offerings? Linux is offered on both, but am wondering if there is possibly some processor to work-load (mis-)matching beyond my understanding... (yes, appreciate the irony that the concern may be 'efficiency' - despite the fact that the Postfix server is by no means challenging current capabilities - and the Cloud-Host assures me that the (two) new choices offer superior performance to the existing set-up) Yes, understand that if one is sharing with some 'hog', our under-average demands will still be disadvantaged by the averaging-algorithm. However, it's cheap 'n cheerful... -- Regards =dn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] IPv6 and Cloud server CPU
Slightly off-topic. My bottom-of-the-line VPS is being deprecated. Making me grumpy because it has been working so well (+updates) for all these years! Very low volume Postfix/Dovecot for a half-dozen domains, plus a rarely-used Apache serving only static pages, and the occasional code-example download for our user group, ie spends most of the day at-idle and rarely exceeds 50% load. Have been offered choice of more-modern Cloud-VPS systems, and two addressing options: Q1: can an email server be run off IPv6 (exclusively) these days, or are IPv4 + v6 alternatives necessary? Q2: given the minuscule work-load, is there any preference/preclusion between employing the 'usual' x86 processor or 2 Arm Ampere processors? Both offer Linux. Cost is effectively same. Bonus Q: (sheer curiosity) Might the latter answer change in a 'real' enterprise environment? -- Regards, =dn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] UGFzc3dvcmQ6
Have been updating the .cf files (mostly ciphers, but also...) Our old friend "UGFzc3dvcmQ6" is back. (previously bounced-off without appearing in daily pflogsumm) Grrr! ... unknown[146.247.146.134]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 14-0-135-011.static.pccw-hkt.com[14.0.135.11]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ... What is the setting to get rid of these dozens of false-attempts from diverse IPaddresses, please? (had a search through most-recent archives, but no joy) - yes, could roll-back the versioning, but am unclear which clause is THE one! -- Regards, =dn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Disappointments at https://www.postfix.org/docs.html
The "Postfix Howtos and FAQs" is out-dated and requires correction/editing. To assist the web-master:- FAQs Ralf Hildebrandt's Postfix shrine [not found] Training Idea & Innovation Consulting [SedoParking] MS Exchange Integration Running a PERL-based LDAP client [page not found] TLS Postfix SASL Authentication and TLS howto [object not found] Supplement to Patrick Koetter's document [Out of date] Gmail on Home Linux Box [last updated 2008] Postfix SASL + TLS + OpenBSD howto [site not found] Postfix SASL + TLS + FreeBSD howto [doesn't show Postfix] SASL Postfix SASL Authentication and TLS howto [as above] Gmail on Home Linux Box [as above] Cyrus-SASL-2.1.19 + checkpw.c CRYPT PATCH + [timed out] Postfix SASL + TLS + OpenBSD howto [server not found] Postfix SASL + TLS + FreeBSD [as above] Postfix SASL for Slackware [not found]. Postfix SMTP Authentication howto [page can’t be found] Postfix+SASL+OpenSSL howto [last update possibly 2006] Adding disclaimers UCE/Virus Postfix Anti-UCE Cheat-Sheet [last updated 2015] My Understanding Of How UCE Actually Works [dated 2001] Anti-SPAM Gateway Using OpenBSD, [not found] Postfix UCE/anti-spam guide [as above] UCE and other howtos [as above] Header/body junk mail patterns [irrelevant page] POP/IMAP and the kitchen sink Installing a fully fledged [someone in Japan] RedHat 7.1 + Postfix + Courier Maildrop [some content now at https://www.firstpr.com.au/web-mail/] Postfix+Cyrus+Web-cyradm howto [404] Postfix+LDAP+Courier-IMAP howto [not found] Postfix+MySQL+Courier-IMAP howto [forum site, not this page] Postfix+MySQL+Courier-IMAP howto [not found] Postfix+MySQL+Courier-IMAP howto [not found] Postfix+MySQL+Courier-IMAP+Maildrop+SpamAssassin [not found] Postfix+MySQL+Dovecot-POP/IMAP+Amavis howto [page does not exist] Postfix+MySQL+Courier-IMAP+Amavis howto [rerouted to LinkedIn[ Postfix+MySQL+Courier+ [hasn't been updated since 2006] Miscellaneous Multiple Postfix instances howto [404] RedHat 7.3 laptop howto [404] Postfix Howtos [as above] Postfix Howtos [not found] General Email/System Administration Simplifying Mailer Daemons and Associated Tools [not found] -- Regards, =dn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Thunderbird not connecting in-time
Thanks - will re-focus investigation. (evidently web-searching led in wrong direction) -- Regards =dn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: MySQL error from not all the receiver
On 13/03/2023 12.05, Scott Kitterman via Postfix-users wrote: On Sunday, March 12, 2023 7:02:41 PM EDT Gerald Galster via Postfix-users wrote: ... My recommendation to the OP would be to reconsider what they are trying to accomplish and what's the simplest way to do so. Through this thread I haven't seen anything that would need MySQL or for which MySQL would make things particularly easier. Keep it simple to start and only and more moving parts if you really need them. +1 Irony: some of us found the MySQL option easier than trying to understand a different file-format, and the 'compile' (equivalent) function... -- Regards =dn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Thunderbird not connecting in-time
Which setting will extend the amount of time allowed for Thunderbird to connect to send and/or receive messages from Postfix? NB postfix uses Submission -> smtpd (I've found references to Relay cf Submission but don't appreciate difference) or should it be an lmtp setting vis-a-vis Dovecot? Brother-in-law is on a very slow connection to the family's server. Long-ish wi-fi link to the router, through Starlink satellite system, and (literally) from one side of the world to the other, to the VPS. Thunderbird regularly fails to sync before timing-out. Which setting should be extended? Should more than one time-out value be expanded? What are the risks associated with increasing such time-outs? Would such an adjustment better be made in his Thunderbird config rather than to Postfix? -- Regards, =dn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: MySQL error from not all the receiver
On 13/03/2023 02.10, Antonino Di Mauro via Postfix-users wrote: unfortunately I don't know this topic, but I'm really willing to study. Please do you have any documentation on this? https://dev.mysql.com/doc/refman/8.0/en/ I'm no expert on Postfix, but can talk about databases. To help with your understanding of the system, and our understanding of the problem you face (and perhaps any language-barrier), let's try the following:- As a first step, let's see if the database is set-up correctly (and if postfix has been given two essential elements to link with MySQL). If these are working, then we can move-on to looking at postfix problems... If you would like to check your settings against a working-example, here is what is working for these domains: main.cf (includes) virtual_mailbox_domains = mysql:/etc/postfix/auth/mysql_domains.cf virtual_mailbox_maps = mysql:/etc/postfix/auth/mysql_users.cf virtual_alias_maps = mysql:/etc/postfix/auth/mysql_aliases.cf Thus, there are three files which configure how MySQL is to respond to Postfix enquiries. Taking one of them as an example: mysql_domains.cf user = userNM password = secret hosts = host dbname = dbname query = SELECT 1 FROM dbname.domains WHERE domainNM='%s' NB your system will use different data-values. Substitute those values for what is written below. The three .cf files are very similar. Please check all of them, and discuss any differences in a reply 'here'... Also, if you have handled the db-credentials differently, make appropriate adjustments - this is the simple method illustrated in most web-page how-tos! First, check that MySQL is up-and-running: systemctl status mysql ... Active: active (running) (your system may require a different command, but ultimately the next step will reveal whether the RDBMS is running - or not. Am also assuming Dovecot (or whatever) is also up-and-running) To check that the database logic will work, from the command-line on the server log in to MySQL: mysql -u userNM -p -h host It will then ask: Enter password: secret and respond with: Welcome to the MySQL monitor. Commands end with ; or \g. ... mysql> Copy the query from the .cf file (everything from SELECT onwards, and substitute valid database/schema and domain-names (in this case): mysql> SELECT 1 FROM dbname.domains WHERE domainNM='rangi.cloud'; +---+ | 1 | +---+ | 1 | +---+ 1 row in set (0.00 sec) The response of "1" says that MySQL found exactly one domain called "rangi.cloud" (in my case) in the table. Not finding anything means that the definition is missing - finding two would be unnecessary/greedy!. A number greater than zero proves that the MySQL part works correctly. How does the MySQL server respond to the three .cf files' queries? There are other settings to examine if the above all works as-planned, but the system is still not working correctly... -- Regards =dn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[P-U] Re: Postfix lists are migrating to a new list server
On 08/03/2023 01.09, Patrick Ben Koetter wrote: * Phil Stracchino : On 3/6/23 11:08, Wietse Venema wrote: This week, the Postfix mailing lists will be migrated from Majordomo at Cloud9.net to Mailman at Sys4.de. Thanks to Cloud9.net for hosting the Postfix lists for 24 years, and thanks to Sys4 for being the new host. This is the pre-migration announcement. Out of sheer curiosity ... Mailman 2 or 3? Mailman 3 with ARC support enabled. Additionally all listmail will be DKIM signed. Just to make it easier* for everyone, eg web-searching; MSFT have started using the term "Arc" as an umbrella-term for various 'security' facilities. * sarcasm -- Regards =dn ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
