Noel Jones wrote:
There is no bypass method for header_checks.
Have you tried a filter action at the beginning of the file? Destination
can be another postfix instance, another smtpd, or a content_filter like
amavis or spamd:
/^Received: from .*\.mx\.aol.com (.*\.mx\.aol\.com/ FILTER
On Sunday, March 15, 2009 at 07:13 CET,
Roger Marquis marq...@roble.com wrote:
Noel Jones wrote:
There is no bypass method for header_checks.
Have you tried a filter action at the beginning of the file?
Destination can be another postfix instance, another smtpd,
or a content_filter
Henk van Oers a écrit :
[snip]
Doing a proper job requires an external content filter.
I want to reject as mutch as posible, so i have a header_checks file.
To bypass the header check for trusted senders i tryed:
if /^Return-Path:/
/trusted_sender/ OK
endif
As i now understand it, i
Bill Cole wrote:
Michael Tokarev wrote, On 3/14/09 4:13 PM:
Henk van Oers wrote:
[...]
I the case of multiple recipients there can be rejects for some,
no tests for some others (OK), a few test for DUNNO recipients
and all the checks for the rest. Right?
Yes. For each recipient
Henk van Oers:
On Sat, 14 Mar 2009, Wietse Venema wrote:
Henk van Oers:
Quote from header_checks (5):
DUNNO Pretend that the input line did not match any pat-
tern, and inspect the next input line. This action
can be used to shorten the
On Sun, 15 Mar 2009, Wietse Venema wrote:
Is it so hard to read what the text actually says,
instead of what you want it to say?
Yes. The semantics differ from what i'm used too in recipient_checks.
Thanks for that and the other responses.
We indeed tracked it to DNS problems - in this case the onsite admin
(who is a Windows only type) had set up a Smoothwall router and we
were
using it as our DNS server. It seems to have been responding with bad
data.
We changed the server to use
Hi,
We have a server which is going to be a Samba file server and a Postfix
server where the users will access their mail over IMAP.
We normally prefer to use Maildir storage as it seems to be recommended
over mailbox - for me, for example, I am subscribed to a dozen or so
lists and have
On Mar 15, 2009, at 11:27 AM, Damon Miller wrote:
We changed the server to use OpenDNS servers and all's well.
Thanks again for the help.
Be careful with OpenDNS: They return false positives, e.g.:
www.abcdefghijklmnop12345.com.
Server: resolver1.opendns.com
Address: 208.67.222.222
Sahil Tandon:
OpenDNS will not blindly redirect DNS queries that look like DNSBL
requests. Notice the difference:
% dig @resolver1.opendns.com www.abcdefghijklmnop12345.com +short
208.69.32.132
% dig @resolver1.opendns.com 40.30.20.10.www.abcdefghijklmnop12345.com
+short
On Sun, 15 Mar 2009, Wietse Venema wrote:
Sahil Tandon:
OpenDNS will not blindly redirect DNS queries that look like DNSBL
requests. Notice the difference:
% dig @resolver1.opendns.com www.abcdefghijklmnop12345.com +short
208.69.32.132
% dig @resolver1.opendns.com
On Sun, Mar 15, 2009 at 12:27:37PM -0400, Wietse Venema wrote:
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_sessions
postfix/smtpd[67779]: fatal: open database /var/db/postfix/
smtpd_sessions.db: No such file or directory
smtpd never uses the
Sahil Tandon wrote:
On Sun, 15 Mar 2009, Wietse Venema wrote:
Sahil Tandon:
OpenDNS will not blindly redirect DNS queries that look like DNSBL
requests. Notice the difference:
% dig @resolver1.opendns.com www.abcdefghijklmnop12345.com +short
208.69.32.132
% dig
LuKreme wrote:
Authentication is another matter, but as I recall, that is outside
postfix purview and I need to go dink with cyrus-sasl-saslauthd for that.
Mar 15 12:54:40 mail submit/smtpd[7403]: Anonymous TLS connection
established from c-67-164-162-51.hsd1.co.comcast.net[67.164.162.51]:
Magnus wrote:
/^Received: from .*\.mx\.aol.com (.*\.mx\.aol\.com/ FILTER
smtp:[127.0.0.1]:25
That still doesn't bypass the rest of the header checks.
Works for us, has for years. Even tested it using the exact same pattern
and HOLD immediately after the FILTER. The messages are delivered
On Sunday, March 15, 2009 at 21:59 CET,
Roger Marquis marq...@roble.com wrote:
Magnus wrote:
That still doesn't bypass the rest of the header checks.
Works for us, has for years. Even tested it using the exact same
pattern and HOLD immediately after the FILTER. The messages are
On 15-Mar-2009, at 14:25, Victor Duchovni wrote:
On Sun, Mar 15, 2009 at 12:27:37PM -0400, Wietse Venema wrote:
smtpd_tls_session_cache_database = btree:$data_directory/
smtpd_sessions
postfix/smtpd[67779]: fatal: open database /var/db/postfix/
smtpd_sessions.db: No such file or directory
Roger Marquis wrote:
Magnus wrote:
/^Received: from .*\.mx\.aol.com (.*\.mx\.aol\.com/ FILTER
smtp:[127.0.0.1]:25
That still doesn't bypass the rest of the header checks.
Works for us, has for years. Even tested it using the exact same pattern
and HOLD immediately after the FILTER. The
Hi There, We are running postfix on debian etch and are using mysql to
store the transport and alias info and having an issue that i need a
little assistance with please. Here is the config:
mydestination = mysql:/etc/postfix/mysql-transport.cf
transport_maps =
Sahil Tandon a écrit :
On Mar 15, 2009, at 10:16 AM, Henk van Oers wrote:
On Sun, 15 Mar 2009, Wietse Venema wrote:
Is it so hard to read what the text actually says,
instead of what you want it to say?
Yes. The semantics differ from what i'm used too in recipient_checks.
Shall we
Simon:
Hi There, We are running postfix on debian etch and are using mysql to
store the transport and alias info and having an issue that i need a
little assistance with please. Here is the config:
mydestination = mysql:/etc/postfix/mysql-transport.cf
transport_maps =
On Sun, 15 Mar 2009, mouss wrote:
Sahil Tandon a écrit :
On Mar 15, 2009, at 10:16 AM, Henk van Oers wrote:
On Sun, 15 Mar 2009, Wietse Venema wrote:
Is it so hard to read what the text actually says,
instead of what you want it to say?
Yes. The semantics differ from what i'm
Roger Marquis a écrit :
Magnus wrote:
/^Received: from .*\.mx\.aol.com (.*\.mx\.aol\.com/ FILTER
smtp:[127.0.0.1]:25
That still doesn't bypass the rest of the header checks.
Works for us, has for years.
does it have a green card? otherwise, it shouldn't work ;-p
Even tested it using
Kevin Bailey a écrit :
Hi,
We have a server which is going to be a Samba file server and a Postfix
server where the users will access their mail over IMAP.
We normally prefer to use Maildir storage as it seems to be recommended
over mailbox - for me, for example, I am subscribed to a
On Mon, 16 Mar 2009, Simon wrote:
Now - this works fine.. But as soon as i add a pipe to the
destination_address like this:
orgin_address = t...@testdomain.co.nz
destination_address = |/usr/local/autoresponder/autoresponder.php
For security reasons, virtual(8) does not support delivery to
LuKreme a écrit :
I can connect now to the submission port from my MUA (mail.app) as long
as I authenticate against the sasldb. I cannot connect from the
command-line with openssl s_client:
no you can't. which is why Noel added connectivity to his
recommendation. only use openssl to see what
On Sun, Mar 15, 2009 at 03:32:26PM -0600, LuKreme wrote:
$ openssl s_client -connect mail.covisp.net:587
CONNECTED(0003)
4001:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:601:
This is SMTP inside SSL, Postfix does STARTTLS inside SMTP, so this
is not
On 15-Mar-2009, at 17:08, mouss wrote:
LuKreme a écrit :
I can connect now to the submission port from my MUA (mail.app) as
long
as I authenticate against the sasldb. I cannot connect from the
command-line with openssl s_client:
no you can't. which is why Noel added connectivity to his
mouss a ecrit :
whatever you may think, it doesn't work the way you think
You're right, my mistake. Apologies. Chalk up another one for quick and
dirty QA. At least FILTER bypasses the content_filter so won't be
DISCARDed on that basis.
Roger Marquis
Wietse Venema wrote:
KLaM Postmaster:
where can I find the postfix readme files, I have looked all over the
postfix.com site, and while there is lots of documentation (man pages,
how to, faqs, etc) but I cannot find the readme files except as
embedded links.
The files are
Hello, and thank you in advance for your time!
I have been setting up a mail server since more than a week and after
reading several posts/articles and some pages of the Postfix manual,
I'm a little confused about how to setup the security.
The mail server is outside my LAN and it will be used to
On Monday, March 16, 2009 at 06:18 CET,
Alberto Lepe d...@alepe.com wrote:
[...]
I wanted to force the users to authenticate, in order to send mails, with:
#smtpd_client_restrictions = permit_sasl_authenticated,reject
But for some reason, when I use that line, and I send a mail from
32 matches
Mail list logo