Jose Hales-Garcia put forth on 4/11/2011 8:00 PM:
On Apr 11, 2011, at 3:44 PM, Stan Hoeppner wrote:
My first idea for handling these messages is writing a filter in
header_checks using regexp. Is this the best approach to take using
Postfix 2.4.3?
Probably not. Provide the full
pf at alt-ctrl-del.org put forth on 4/11/2011 7:32 PM:
Just because most of the emails are spam, doesn't mean that most of
their customers are spammers. After all, the spammers are sending a lot
more mail than legit sites do.
If the ISP has multiple /15's and /16's, I think that blocking
I'm wondering about the usefulness of smtp(d)_tls_CAfile(path) when using
opportunistic encryption in both incoming and outgoing connections. The
TLS_README suggests that certificate and key files be left empty for
opportunistic smtp processes, but it doesn't talk specifically
My first port of call here would be to enable features like
- DKIM
- SPF
- reverse DNS lookup for the connecting host, where several things can be done:
- match connecting IP to hostname in helo or mail from
- match connecting ip to claimed sending domain in helo or mail from (check MX
and A)
Hi there,
Is it possible to ask postfix to relay mail to an authenticated smtp
service ? This remote smtp service is using ssl or tls. I know it is
possible to relay mail to an authenticated smtp service but without ssl/tls.
Any peace of information or howto about this is welcome.
Best
http://www.dslreports.com/faq/6456
-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Fabien COMBERNOUS
Sent: Tuesday, April 12, 2011 12:12 PM
To: postfix-users@postfix.org
Subject: authenticated smtp relay and ssl/tls
Hi
Rich Wales:
I'm running Postfix 2.8.1 and Cyrus 2.3.16 on an Ubuntu 10.04 (Lucid)
server.
I'm having trouble with incoming mail from Google's Postini help forum.
The messages I'm getting contain null characters in the body, so Cyrus
is saying 554 5.6.0 Message contains NUL characters (in
On 4/12/2011 3:19 AM, Bernhard Rohrer wrote:
My first port of call here would be to enable features like
- DKIM
- SPF
- reverse DNS lookup for the connecting host, where several things can be done:
Nope. This class of spammers carefully follow the RFCs and
use SPF and DKIM.
- match
On 4/12/2011 4:12 AM, Fabien COMBERNOUS wrote:
Hi there,
Is it possible to ask postfix to relay mail to an
authenticated smtp service ? This remote smtp service is using
ssl or tls. I know it is possible to relay mail to an
authenticated smtp service but without ssl/tls.
Any peace of
Wietse Venema:
I added message_strip_characters = \0 to my Postfix's main.cf and did
a reload of Postfix, but this doesn't seem to have had any effect on the
problem. I did a Google search and found various complaints over the
years from people claiming message_strip_characters = \0
On 4/12/2011 2:17 AM, email builder wrote:
Am I correct to infer that both smtp(d)_tls_CAfile settings only serve
a purpose when you want to verify client/server certificates?
If that's the case, why does the example at the bottom of TLS_README
use both the CAfile settings with only
Stan Hoeppner wrote:
[snip]
Received: from [190.221.28.39] (unknown [190.221.28.39])
In this example, reject_unknown_reverse_client_hostname would have
generated a 450 rejection. You should always use
reject_unknown_reverse_client_hostname at minimum, or the more
restrictive
Hi,
I am trying to block all mail going to a certain domain. We use
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
and it counterpart:
smtpd_restriction_classes = list_blocks
list_blocks = check_sender_access hash:/etc/postfix/list_members,reject
The
Hello,
Is it possible to have pflogsumm detail the report by domain? eg.
291 messages received by example.com
354 messages received by example.net
xxx messages received by example.org
and so on...
Regards,
Thank you for URL pointers.
On 12/04/2011 13:53, Noel Jones wrote:
[...]
Yes, TLS and authentication are set up separately in postfix and can
be (and frequently are) used together.
http://www.postfix.org/SASL_README.html#client_sasl_enable
Authentication with a remote smtp without SSL/TLS
On 4/12/2011 8:28 AM, Randy Ramsdell wrote:
Hi,
I am trying to block all mail going to a certain domain. We use
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
and it counterpart:
smtpd_restriction_classes = list_blocks
list_blocks = check_sender_access
Stan Hoeppner wrote:
Jerry put forth on 4/11/2011 4:39 PM:
Stan Hoeppners...@hardwarefreak.com articulated:
Why bother with this complex greylisting setup? Simply hammer the big
blocks with a CIDR entry and whitelist individual IPs in the range
from which you need legit mail. If such IPs
On Tue, 12 Apr 2011 17:06:22 +0300
Tolga to...@ozses.net wrote:
Hello,
Is it possible to have pflogsumm detail the report by domain? eg.
291 messages received by example.com
354 messages received by example.net
xxx messages received by example.org
[snip]
No.
Regards,
Jim
--
Note: My
On Apr 12, 2011, at 10:56 AM, James Seymour wrote:
On Tue, 12 Apr 2011 17:06:22 +0300
Tolga to...@ozses.net wrote:
Hello,
Is it possible to have pflogsumm detail the report by domain? eg.
291 messages received by example.com
354 messages received by example.net
xxx messages received
On 4/12/2011 9:24 AM, Fabien COMBERNOUS wrote:
Thank you for URL pointers.
On 12/04/2011 13:53, Noel Jones wrote:
[...]
Yes, TLS and authentication are set up separately in postfix
and can be (and frequently are) used together.
http://www.postfix.org/SASL_README.html#client_sasl_enable
Noel Jones wrote:
On 4/12/2011 8:28 AM, Randy Ramsdell wrote:
Hi,
I am trying to block all mail going to a certain domain. We use
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
and it counterpart:
smtpd_restriction_classes = list_blocks
list_blocks =
On 4/12/2011 10:12 AM, Randy Ramsdell wrote:
Noel Jones wrote:
On 4/12/2011 8:28 AM, Randy Ramsdell wrote:
Hi,
I am trying to block all mail going to a certain domain. We
use
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
and it counterpart:
Thank you for your answer.
On 12/04/2011 17:06, Noel Jones wrote:
[...]
Port 465 is the deprecated SSL wrapper mode smtps. The postfix smtp
client doesn't support wrapper mode.
Use the submission port 587 instead, or if you must use 465 see
http://www.postfix.org/TLS_README.html#client_smtps
Hi There,
How do you gather statistics for messages delivered and processed via
Postfix (both inbound and outbound)? For instance, to show on a daily
basis, how many messages we have received from each domain, how many
messages we have delivered to each domain, etc.
I have seen some options
Noel Jones wrote:
On 4/12/2011 10:12 AM, Randy Ramsdell wrote:
Noel Jones wrote:
On 4/12/2011 8:28 AM, Randy Ramsdell wrote:
Hi,
I am trying to block all mail going to a certain domain. We
use
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
and it
Hello Wietse, thanks for the reply. The mail.log is all I have:
Apr 12 15:38:05 myotherhost postfix/smtpd[24105]: NOQUEUE: reject: RCPT from
unknown[www.xxx.yyy.zzz]: 550 5.1.1 u...@remotehost.tld: Recipient address
rejected: User unknown in local recipient table; from=m...@myhost.tld
On 4/12/2011 10:31 AM, Fabien COMBERNOUS wrote:
Thank you for your answer.
On 12/04/2011 17:06, Noel Jones wrote:
[...]
Port 465 is the deprecated SSL wrapper mode smtps. The
postfix smtp client doesn't support wrapper mode.
Use the submission port 587 instead, or if you must use 465
see
Zhou, Yan wrote:
Hi There,
How do you gather statistics for messages delivered and processed via
Postfix (both inbound and outbound)? For instance, to show on a daily
basis, how many messages we have received from each domain, how many
messages we have delivered to each domain, etc.
I have
On 4/12/2011 10:41 AM, Randy Ramsdell wrote:
Noel Jones wrote:
Sorry, this is simply related to file format it appears.
Ah! A question!
main.cf
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
protected_lists
@someinvaliddomainname.com reject
This
Noel Jones wrote:
On 4/12/2011 10:41 AM, Randy Ramsdell wrote:
Noel Jones wrote:
Sorry, this is simply related to file format it appears.
Ah! A question!
Well, not really.
main.cf
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
protected_lists
On 12/04/2011 17:50, Noel Jones wrote:
On 4/12/2011 10:31 AM, Fabien COMBERNOUS wrote:
Thank you for your answer.
On 12/04/2011 17:06, Noel Jones wrote:
[...]
Port 465 is the deprecated SSL wrapper mode smtps. The
postfix smtp client doesn't support wrapper mode.
Use the submission port 587
Rich sent me a couple files as requested. Of these, File mailnull.txt
(UNIX mailbox format) has a null byte at the end of the last line.
I send this into Postfix
$ tail +2 nullmail.txt | sendmail wietse@localhost
When I view my mailbox with less, the last line looks like:
Hi,
Okay, I've even put the sender_access map first and it is still
rejected. Below is the output from postconf:
NEVER put sender whitelists first in smtpd_recipient_restrictions,
do put them after reject_unauth_destination, but before any
sender-specific restrictions that require a
On Tue, Apr 12, 2011 at 04:24:47PM +0200, Fabien COMBERNOUS wrote:
I started by getting certificates of the remote smtp service with the
command :
[...]
Then i put the certificate in the file /etc/postfix/certs/googlesmtp.pem
beginning by -BEGIN CERTIFICATE-, ending by -END
Hi, on occassion, I'm noting rejected emails without any specific reason
logged. Without a reason, it's hard to pinpoint a fix to allow legit
emails through. Here's an example from my mail log:
Apr 12 13:15:10 postal2 postfix/smtpd[22543]: connect from
On Tue, 12 Apr 2011 10:54:13 -0400
Kris Deugau kdeu...@vianet.ca articulated:
Stan Hoeppner wrote:
Jerry put forth on 4/11/2011 4:39 PM:
Stan Hoeppners...@hardwarefreak.com articulated:
Why bother with this complex greylisting setup? Simply hammer
the big blocks with a CIDR entry and
Eric Cunningham:
Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from
hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1
myl...@mail.mylife.com: Sender address rejected: Access denied;
from=myl...@mail.mylife.com to=e...@whoi.edu proto=ESMTP
On 4/12/2011 11:30 AM, Fabien COMBERNOUS wrote:
http://www.postfix.org/TLS_README.html#client_tls_levels
# main.cf
smtp_tls_security_level = may
It is what i did :
smtp_tls_security_level = may
smtp_tls_session_cache_database =
btree:/var/spool/postfix/tls/smtp_session_cache
Now i get this
Wietse Venema wrote:
Eric Cunningham:
Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from
hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1
myl...@mail.mylife.com: Sender address rejected: Access denied;
from=myl...@mail.mylife.com to=e...@whoi.edu proto=ESMTP
On 4/12/2011 2:17 AM, email builder wrote:
Am I correct to infer that both smtp(d)_tls_CAfile settings only serve
a purpose when you want to verify client/server certificates?
If that's the case, why does the example at the bottom of TLS_README
use both the CAfile settings with
On Tue, Apr 12, 2011 at 3:21 PM, Eric Cunningham e...@whoi.edu wrote:
Yes, that's correct, but not intentionally nor explicitly. I've tried
explicitly accepting the sender address in my smtpd_recipient_restrictions'
final_sender_access file but that has no effect.
-Eric
And what's the
On Tue, Apr 12, 2011 at 02:09:11PM -0400, Eric Cunningham wrote:
Hi, on occassion, I'm noting rejected emails without any specific
reason logged. Without a reason, it's hard to pinpoint a fix to
allow legit emails through. Here's an example from my mail log:
Apr 12 13:15:10 postal2
Darek M wrote:
On Tue, Apr 12, 2011 at 3:21 PM, Eric Cunningham e...@whoi.edu wrote:
Yes, that's correct, but not intentionally nor explicitly. I've tried
explicitly accepting the sender address in my smtpd_recipient_restrictions'
final_sender_access file but that has no effect.
-Eric
And
On Tue, Apr 12, 2011 at 03:21:06PM -0400, Eric Cunningham wrote:
Wietse Venema wrote:
Eric Cunningham:
Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject:
RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1
myl...@mail.mylife.com: Sender address rejected: Access denied;
On Tue, Apr 12, 2011 at 03:21:06PM -0400, Eric Cunningham wrote:
Wietse Venema wrote:
Eric Cunningham:
Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject:
RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1
myl...@mail.mylife.com: Sender address rejected: Access denied;
* Eric Cunningham e...@whoi.edu:
Darek M wrote:
On Tue, Apr 12, 2011 at 3:21 PM, Eric Cunningham e...@whoi.edu wrote:
Yes, that's correct, but not intentionally nor explicitly. I've tried
explicitly accepting the sender address in my smtpd_recipient_restrictions'
final_sender_access file but
On 2011-04-12 mejaz wrote:
Sorry may some lines were not copied properly in my previous Email. Here is
the ouput of postconf -n and you will find mynetworks in second last line.
[...]
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
In the second last
From: Simon Brereton
Probably not the best place for this, but hopefully someone will tell
me what I'm doing wrong anyway..
I've gotten the TLS up and working. And SASL auth seemed to be
working. I installed saslfinger and everything was fine there. But
when trying to locally inject
Mikael Bak put forth on 4/12/2011 7:31 AM:
Stan Hoeppner wrote:
[snip]
Received: from [190.221.28.39] (unknown [190.221.28.39])
In this example, reject_unknown_reverse_client_hostname would have
generated a 450 rejection. You should always use
reject_unknown_reverse_client_hostname at
On 4/12/2011 4:19 PM, Stan Hoeppner wrote:
Mikael Bak put forth on 4/12/2011 7:31 AM:
Stan Hoeppner wrote:
[snip]
Received: from [190.221.28.39] (unknown [190.221.28.39])
In this example, reject_unknown_reverse_client_hostname would have
generated a 450 rejection. You should always use
On 04/12/2011 08:59 PM, Rich Wales wrote:
Wietse wrote:
However, message_strip_characters has no effect when mail is received with
receive_override_options = no_header_body_checks ...
This is set either in master.cf or main.cf.
And indeed, I have no_header_body_checks
Noel Jones put forth on 4/12/2011 6:56 PM:
On 4/12/2011 4:19 PM, Stan Hoeppner wrote:
Mikael Bak put forth on 4/12/2011 7:31 AM:
Stan Hoeppner wrote:
[snip]
Received: from [190.221.28.39] (unknown [190.221.28.39])
In this example, reject_unknown_reverse_client_hostname would have
On Tue, 2011-04-12 at 16:19:03 -0500, Stan Hoeppner wrote:
Mikael Bak put forth on 4/12/2011 7:31 AM:
Stan Hoeppner wrote:
[snip]
Received: from [190.221.28.39] (unknown [190.221.28.39])
In this example, reject_unknown_reverse_client_hostname would have
generated a 450 rejection.
* Simon Brereton simon.brere...@dada.net:
Probably not the best place for this, but hopefully someone will tell me
what I'm doing wrong anyway..
I've gotten the TLS up and working. And SASL auth seemed to be working. I
installed saslfinger and everything was fine there. But when trying to
Sahil Tandon put forth on 4/12/2011 10:58 PM:
On Tue, 2011-04-12 at 16:19:03 -0500, Stan Hoeppner wrote:
Mikael Bak put forth on 4/12/2011 7:31 AM:
Stan Hoeppner wrote:
[snip]
Received: from [190.221.28.39] (unknown [190.221.28.39])
In this example, reject_unknown_reverse_client_hostname
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
us...@postfix.org] On Behalf Of Patrick Ben Koetter
* Simon Brereton simon.brere...@dada.net:
Probably not the best place for this, but hopefully someone will
tell
me what I'm doing wrong anyway..
I've gotten the TLS up and
Thanks, Jeroen, for your critique of my master.cf file.
Per your suggestions, I'm removing the no_header_body_checks from my
smtp configuration. I'm also moving the smtpd_recipient_restrictions
into my main.cf, and making sure it's overridden as needed for all
other parts of my master.cf file.
57 matches
Mail list logo
