Adjust smtp to limitations of a host

Dear list, I'm facing a problem where I have to adapt and optimize my smtp servers to a host's constraints which are as follow : - maximum 3 connections to each MX of the host (he has 10 MX so potentially I should be able to make 30 connections) - maximum 1000 connections per MX per hour - maximu

Re: How to setup Postfix to Store/Forward Multi-domain + SSL to another Postfix instance?

dchil...@bestmail.us: > > Postfix queues mail by default when the destination is down. > > I didn't understand that from reading. So, what triggers the redeliver > attempt? I'm guessing some timer/cron function in master/main config? As required by RFC 5321 (the SMTP protocol). http://tools.ie

Re: migrating postfix setup to new server ?

On Thu, March 31, 2011 12:35 am, Wietse Venema wrote: >> what the proper (easiest?) way to migrate current setup to the new >> server ? > > 1) Study the RELEASE_NOTES file and look for any incompatible > changes that may affect your configuration. Wietse, thanks this seems a slightly different

Re: migrating postfix setup to new server ?

Voytek Eymont: > I'm not clear here, this machine was given to me with Postfix 2.7.0 > 'pre-installed'; Sorry, I don't keep an up-to-date list for how to upgrade packages for BSD version X or Y or Z, Linux distro X or Y or Z, Solaris, and so on. You would have saved me time if you had mentioned e

Re: migrating postfix setup to new server ?

Am 31.03.2011 14:15, schrieb Voytek Eymont: > I'm not clear here, this machine was given to me with Postfix 2.7.0 > 'pre-installed'; > > so, subject to RELEASE_NOTES, do I copy old#/etc/postfix/* to > new#/etc/postfix, then execute "postfix upgrade-configuration" ? > > or do I copy /etc/postfix/

Re: migrating postfix setup to new server ?

On Thu, Mar 31, 2011 at 10:24 AM, Reindl Harald wrote: > > you should make a distribution-like package instead breaking > the package-managment, this is no solution > This isn't the real problem. > on fedora it is 5 minutes work install a src.rpm, replace the tarball > and after edit the SPEC-Fi

Re: migrating postfix setup to new server ?

Am 31.03.2011 15:48, schrieb Reinaldo de Carvalho: > On Thu, Mar 31, 2011 at 10:24 AM, Reindl Harald > wrote: >> >> you should make a distribution-like package instead breaking >> the package-managment, this is no solution >> > > This isn't the real problem. it is because a package is more th

Methods to limit spam sent through compromised account?

Today a user's account was compromised (likely phished) and their credentials used to send email over our main outbound SMTP with TLS and SASL auth. When we learned of it, the PAM smtp configuration was set up to block the user account authenticating and the account was soon disabled. In the mean

open relay

Our webhosting company(which is offsite) has told me that the postfix-2.5 on our Freebsd 7.2 server is being used as an open relay for email so they have closed port 25. We want to be able to send email from the server, but not have it relay for others. I've read what documentation I can find an

Re: open relay

Jim McIver: > Our webhosting company(which is offsite) has told me that the > postfix-2.5 on our Freebsd 7.2 server is being used as an open relay for > email so they have closed port 25. > We want to be able to send email from the server, but not have it relay > for others. I've read what docum

users from ldap (active directory)

Hi! I created such ldap map file: /etc/postfix/ldap-users.cf server_host = 10.100.5.1 search_base = OU=Users,DC=,dc=local version = 3 bind = yes bind_dn = CN=mailgw,OU=SYS,DC=,DC=lan bind_pw = password scope = sub result_attribute = mail result_format = %s OK query_filter = (&(objectClass

Re: open relay

How should they? You do not specify any restrictions or valid addresses This looks like a basic setup which must never see the internet smtpd_recipient_restrictions = permit_mynetworks reject_non_fqdn_recipient reject_non_fqdn_sender reject_unlisted_sender permit_sasl_authenticated reject_un

example showing how to track bad/bounce emails

Hello; I've been searching around for a while, but I've not found any documentation or examples that show how you can configure Postfix to log bad/bounce/failed emails to MySQL or how to read a log file and parse the bad/bounce/failed emails out of it. The application I'm working on needs to

Re: open relay

On Thu, Mar 31, 2011 at 08:28:08AM -0700, Jim McIver wrote: > Our webhosting company(which is offsite) has told me that the postfix-2.5 > on our Freebsd 7.2 server is being used as an open relay for email so they > have closed port 25. Logs of a message that failed to be rejected? > #postconf

SMTP client host name spoofing

Received: from mail-iw0-f176.google.com (biz88.inmotionhosting.com [66.117.14.32]) by greer.hardwarefreak.com (Postfix) with ESMTP id F297D6C12E for ; Thu, 31 Mar 2011 06:29:19 -0500 biz88.inmotionhosting.com is the reverse name and mail-iw0-f176.google.com is the forward name, c

Re: users from ldap (active directory)

On Thu, Mar 31, 2011 at 06:36:30PM +0300, vadim korsak wrote: > I created such ldap map file: > > /etc/postfix/ldap-users.cf > server_host = 10.100.5.1 > search_base = OU=Users,DC=,dc=local > version = 3 > bind = yes > bind_dn = CN=mailgw,OU=SYS,DC=,DC=lan > bind_pw = password > scope = s

Re: SMTP client host name spoofing

On Thu, Mar 31, 2011 at 10:52:58AM -0500, Stan Hoeppner wrote: > Received: from mail-iw0-f176.google.com (biz88.inmotionhosting.com > [66.117.14.32]) > by greer.hardwarefreak.com (Postfix) with ESMTP id F297D6C12E > for ; Thu, 31 Mar 2011 06:29:19 -0500 > > > biz88.inmotionhosting.co

Re: How to setup Postfix to Store/Forward Multi-domain + SSL to another Postfix instance?

On Wed, Mar 30, 2011 at 10:12:40PM -0700, dchil...@bestmail.us wrote: > I was beginning to get that idea :-( I actually just read a coupld of > post that you'd commented on about SNI (?), and that unless the clients > are SNI-aware, not gonna help much. Also DNSSEC as an option > (someday?), but

Re: Adjust smtp to limitations of a host

On Thu, Mar 31, 2011 at 10:15:55AM +0200, Ultrabug wrote: > Dear list, > > I'm facing a problem where I have to adapt and optimize my smtp servers > to a host's constraints which are as follow : > > - maximum 3 connections to each MX of the host (he has 10 MX so > potentially I should be able to

Re: How to setup Postfix to Store/Forward Multi-domain + SSL to another Postfix instance?

Hi Wietse, Viktor, Thanks for the references/links. On Thu, 31 Mar 2011 12:19 -0400, "Victor Duchovni" wrote: > > So, in addition to the SSL certs for mynet{1,2,3}.net I have a wildcard > > for *.mydomain.net. > > Whatever single certificate works for you. Wildcard certs from real > CAs used t

Re: Methods to limit spam sent through compromised account?

D G Teed put forth on 3/31/2011 10:21 AM: > I'd like some idea of what real world values would be useful, or additional > suggestions > on how to make the performance less attractive to users of compromised > accounts. When you find a reasonable and effective solution to the phishing problem plea

Re: SMTP client host name spoofing

Stan Hoeppner: > Received: from mail-iw0-f176.google.com (biz88.inmotionhosting.com > [66.117.14.32]) > by greer.hardwarefreak.com (Postfix) with ESMTP id F297D6C12E > for ; Thu, 31 Mar 2011 06:29:19 -0500 > The format is: Received: from helo-hostname (verified-reverse-name [ip-a

Re: Methods to limit spam sent through compromised account?

On Thu, Mar 31, 2011 at 11:41:19AM -0500, Stan Hoeppner wrote: > D G Teed put forth on 3/31/2011 10:21 AM: > > > I'd like some idea of what real world values would be useful, or additional > > suggestions > > on how to make the performance less attractive to users of compromised > > accounts. >

Re: example showing how to track bad/bounce emails

marshall: > Hello; > > I've been searching around for a while, but I've not found any documentation > or > examples that show how you can configure Postfix to log bad/bounce/failed > emails > to MySQL or how to read a log file and parse the bad/bounce/failed emails out > of > it. > > The ap

Re: How to setup Postfix to Store/Forward Multi-domain + SSL to another Postfix instance?

Am 31.03.2011 18:39, schrieb dchil...@bestmail.us: > Just for reference for other users, I've 'real' wildcard SSL certs for > $99/yr from Comodo. throw them away, another two CA's from them are compromised and the naive CTO says "... but what we had not done was adequately consider the new (to

Re: SMTP client host name spoofing

Victor Duchovni put forth on 3/31/2011 10:57 AM: > On Thu, Mar 31, 2011 at 10:52:58AM -0500, Stan Hoeppner wrote: > >> Received: from mail-iw0-f176.google.com (biz88.inmotionhosting.com >> [66.117.14.32]) >> by greer.hardwarefreak.com (Postfix) with ESMTP id F297D6C12E >> for ; Thu, 31 M

Re: users from ldap (active directory)

result_format = %s OK is OK, this is checked in other places >You need to use a search base that will not trigger a referral, or >use the right LDAP server. Alternatively, the LDAP server may need >to be configured to grant additional access to your "mailgw" id. why you think this is access probl

Re: example showing how to track bad/bounce emails

Hmm; Thanks for your feedback, Wietse! I'm definitely new to mail serving and not an administrator. Would it be at all advisable to just scan the maillog file periodically for 'status=bounce' lines and parse out the 'to<...>' email address? It seems that'd give a pretty reasonable list of boun

Re: users from ldap (active directory)

On Thu, Mar 31, 2011 at 08:26:17PM +0300, vadim korsak wrote: > result_format = %s OK > is OK, this is checked in other places > > >You need to use a search base that will not trigger a referral, or > >use the right LDAP server. Alternatively, the LDAP server may need > >to be configured to grant

[4exposure...@gmail.com: Fwd: Delivery Status Notification (Failure)]

- Forwarded message from User - X-Original-To: postmas...@doctor.nl2k.ab.ca Delivered-To: postmas...@doctor.nl2k.ab.ca X-Virus-Scanned: amavisd-new at doctor.nl2k.ab.ca Authentication-Results: doctor.nl2k.ab.ca (amavisd-new); dkim=pass header.i=@gmail.com Authentication-Results: d

Re: SMTP client host name spoofing

Wietse Venema put forth on 3/31/2011 11:42 AM: > Stan Hoeppner: >> Received: from mail-iw0-f176.google.com (biz88.inmotionhosting.com >> [66.117.14.32]) >> by greer.hardwarefreak.com (Postfix) with ESMTP id F297D6C12E >> for ; Thu, 31 Mar 2011 06:29:19 -0500 >> > > The format is: > >

Re: SMTP client host name spoofing

On Thu, Mar 31, 2011 at 12:20:58PM -0500, Stan Hoeppner wrote: > > No, the "google" name is just the EHLO parameter sent by the client, > > it is not derived from DNS lookups and not verified. > > Thanks for the clarification Viktor. I can't seem to locate any > documentation on the official Pos

Re: How to setup Postfix to Store/Forward Multi-domain + SSL to another Postfix instance?

On Thu, Mar 31, 2011 at 07:15:58PM +0200, Reindl Harald wrote: > Am 31.03.2011 18:39, schrieb dchil...@bestmail.us: > > > Just for reference for other users, I've 'real' wildcard SSL certs for > > $99/yr from Comodo. > > throw them away, another two CA's from them are compromised and the > naiv

Re: Methods to limit spam sent through compromised account?

* D G Teed : > Today a user's account was compromised (likely phished) and their > credentials used to send email over our main outbound SMTP > with TLS and SASL auth. > > When we learned of it, the PAM smtp configuration was set up to > block the user account authenticating and the account was so

Re: Methods to limit spam sent through compromised account?

Am 31.03.2011 18:41, schrieb Stan Hoeppner: > D G Teed put forth on 3/31/2011 10:21 AM: > >> I'd like some idea of what real world values would be useful, or additional >> suggestions >> on how to make the performance less attractive to users of compromised >> accounts. > > When you find a reason

Re: SMTP client host name spoofing

Victor Duchovni put forth on 3/31/2011 12:44 PM: > On Thu, Mar 31, 2011 at 12:20:58PM -0500, Stan Hoeppner wrote: > >>> No, the "google" name is just the EHLO parameter sent by the client, >>> it is not derived from DNS lookups and not verified. >> >> Thanks for the clarification Viktor. I can't

Fwd: Google The recipient server did not accept our requests to connect.

Begin forwarded message: From: jason hirsh Date: March 3, 2011 4:50:09 PM GMT-04:00 To: John Hinton Cc: postfix-users@postfix.org Subject: Re: Google The recipient server did not accept our requests to connect. On Mar 3, 2011, at 4:40 PM, John Hinton wrote: On 3/3/2011 3:09 PM, jason

Re: SMTP client host name spoofing

On Thu, Mar 31, 2011 at 01:01:14PM -0500, Stan Hoeppner wrote: > >Extended-Domain = Domain / > > ( Domain FWS "(" TCP-info ")" ) / > > ( address-literal FWS "(" TCP-info ")" ) > > > >TCP-info = address-literal / ( Domain FWS address-l

Re: Methods to limit spam sent through compromised account?

"Stan Hoeppner" March 31, 2011 12:41 PM D G Teed put forth on 3/31/2011 10:21 AM: I'd like some idea of what real world values would be useful, or additional suggestions on how to make the performance less attractive to users of compromised accounts. When you find a reasonable and effectiv

Re: Methods to limit spam sent through compromised account?

On Thu, Mar 31, 2011 at 1:41 PM, Stan Hoeppner wrote: > D G Teed put forth on 3/31/2011 10:21 AM: > > > I'd like some idea of what real world values would be useful, or > additional > > suggestions > > on how to make the performance less attractive to users of compromised > > accounts. > > When yo

Re: Adjust smtp to limitations of a host

On Thu, 31 Mar 2011 12:39:20 -0400, Victor Duchovni wrote: > The receiving sites policies are stupid if they don't implement > them sensibly by just returning 4XX responses without penalizing > subsequent transactions. I am sorry to hijack this thread but we have what seems to be the same proble

Re: Adjust smtp to limitations of a host

On Thu, Mar 31, 2011 at 07:41:41PM +0100, Mark Alan wrote: > On Thu, 31 Mar 2011 12:39:20 -0400, Victor Duchovni > wrote: > > > The receiving sites policies are stupid if they don't implement > > them sensibly by just returning 4XX responses without penalizing > > subsequent transactions. > > I

Re: virtual_alias_maps and recipient_delimiter

On 03/31/2011 08:41 AM, Corey Quinn wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mar 30, 2011, at 2:08 PM, Noel Jones wrote: On 3/30/2011 3:53 PM, Ansgar Wiechers wrote: On 2011-03-30 Corey Quinn wrote: On Mar 30, 2011, at 12:46 PM, Noel Jones wrote:

Re: SMTP client host name spoofing

On 03/31/2011 07:41 PM, Stan Hoeppner wrote: Wietse Venema put forth on 3/31/2011 11:42 AM: Stan Hoeppner: Received: from mail-iw0-f176.google.com (biz88.inmotionhosting.com [66.117.14.32]) by greer.hardwarefreak.com (Postfix) with ESMTP id F297D6C12E for; Thu, 31 Mar

Postscreen + Logwatch = A bunch of unmatched entries

Ever since turning on Postscreen (which I love), my nightly LogWatch reports (running 7.3.6) have bunches of unmatched entries due to Postscreen. Anyone know if LogWatch 7.4.0 recognizes them, or how to configure it so that I get usable Postscreen stats? Thanks, SteveJ

Re: Methods to limit spam sent through compromised account?

On Thu, Mar 31, 2011 at 3:34 PM, pf at alt-ctrl-del.org wrote: > > "Stan Hoeppner" March 31, 2011 12:41 PM > > D G Teed put forth on 3/31/2011 10:21 AM: >> >> I'd like some idea of what real world values would be useful, or >>> additional >>> suggestions >>> on how to make the performance less

Re: Methods to limit spam sent through compromised account?

On 03/31/2011 08:36 PM, D G Teed wrote: On Thu, Mar 31, 2011 at 1:41 PM, Stan Hoeppner > wrote: D G Teed put forth on 3/31/2011 10:21 AM: > I'd like some idea of what real world values would be useful, or additional > suggestions > on how to

Re: Postscreen + Logwatch = A bunch of unmatched entries

On Thu, Mar 31, 2011 at 12:29 PM, Steve Jenkins wrote: > Anyone know if LogWatch 7.4.0 recognizes them Well, I can answer my first question myself. I just installed it and can confirm that Logwatch 7.4.0 (released earlier this month) does NOT recognize Postscreen entries: **Unmatched Entries**

Re: example showing how to track bad/bounce emails

marshall: > If Postfix can insert the bounced emails into a db table (or a > log file that just contains the bad email addres, one per line), > that would make it pretty easy to run a cron job to remove these > bad emails from the application's user database. Wietse: > You could use the documented

Re: Methods to limit spam sent through compromised account?

Zitat von D G Teed : On Thu, Mar 31, 2011 at 1:41 PM, Stan Hoeppner wrote: D G Teed put forth on 3/31/2011 10:21 AM: > I'd like some idea of what real world values would be useful, or additional > suggestions > on how to make the performance less attractive to users of compromised > accounts.

Re: Adjust smtp to limitations of a host

On Thu, 31 Mar 2011 14:53:11 -0400, Victor Duchovni wrote: > Why would this be a response to "too many recipient commands", a > single message with many recipients is sent over a single connection, > unless you have set an ill-advised destination recipient limit. All _recipient_limit parameters a

Re: SMTP client host name spoofing

Jeroen Geilman put forth on 3/31/2011 2:16 PM: > Backscatter can be a HUGE problem, especially when spammers send you > bounces (with the empty mailer-daemon sender address <>), since you MUST > accept those. Spammers don't send backscatter bounces. The victim MX hosts do, by definition. In thi

Re: SMTP client host name spoofing

Le 31/03/2011 17:52, Stan Hoeppner a écrit : > > Received: from mail-iw0-f176.google.com (biz88.inmotionhosting.com > [66.117.14.32]) > by greer.hardwarefreak.com (Postfix) with ESMTP id F297D6C12E > for ; Thu, 31 Mar 2011 06:29:19 -0500 > > > biz88.inmotionhosting.com is the reverse

Re: Postscreen + Logwatch = A bunch of unmatched entries

On Thu, 2011-03-31 at 12:50:30 -0700, Steve Jenkins wrote: > On Thu, Mar 31, 2011 at 12:29 PM, Steve Jenkins > wrote: > > Anyone know if LogWatch 7.4.0 recognizes them > > Well, I can answer my first question myself. I just installed it and > can confirm that Logwatch 7.4.0 (released earlier th

Re: SMTP client host name spoofing

mouss put forth on 3/31/2011 4:38 PM: > Le 31/03/2011 17:52, Stan Hoeppner a écrit : >> >> Received: from mail-iw0-f176.google.com (biz88.inmotionhosting.com >> [66.117.14.32]) >> by greer.hardwarefreak.com (Postfix) with ESMTP id F297D6C12E >> for ; Thu, 31 Mar 2011 06:29:19 -0500 >> >>

Re: Postscreen + Logwatch = A bunch of unmatched entries

Sahil Tandon: > On Thu, 2011-03-31 at 12:50:30 -0700, Steve Jenkins wrote: > > > On Thu, Mar 31, 2011 at 12:29 PM, Steve Jenkins > > wrote: > > > Anyone know if LogWatch 7.4.0 recognizes them > > > > Well, I can answer my first question myself. I just installed it and > > can confirm that Logwa

Re: Adjust smtp to limitations of a host

On Thu, Mar 31, 2011 at 10:18:52PM +0100, Mark Alan wrote: > On Thu, 31 Mar 2011 14:53:11 -0400, Victor Duchovni > wrote: > > Why would this be a response to "too many recipient commands", a > > single message with many recipients is sent over a single connection, > > unless you have set an ill-a