* Wietse Venema :
> Are there any major code changes involved with the change from 2.x
> to 3.x, or is it just that the minor/micro version counter needed
> resetting?
Just the counters, according to Linus
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsme
* Benny Pedersen :
> fail2ban could be ones friend if postfix have this
>
> fail2ban then just grep logs for outgoing mails that failed pr ip,
> and add this header ignore pr cidr maps
Yeah, that's a great idea!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Univers
On 6/14/2011 8:22 PM, Victor Duchovni wrote:
On Tue, Jun 14, 2011 at 08:05:24PM -0500, Noel Jones wrote:
I was thinking a setting integrated with smtp_pix_workarounds would be more
automatic, with little maintenance once configured.
Given that the banner detection is incomplete (some pixen ar
Hi,
milter manager 1.8.0 has been released. It's a stable
release.
http://milter-manager.sourceforge.net/
== About milter manager
milter manager is an anti-spam and/or anti-virus software
that works with Postfix. It uses existing milters as
backend.
== Supported platforms
milter manager work
On Tue, 14 Jun 2011 20:05:24 -0500, Noel Jones wrote:
That's an interesting idea in itself, but in the scope of pix
workarounds it's not a huge improvement since it still requires
manual
intervention per server/domain.
fail2ban could be ones friend if postfix have this
fail2ban then just gr
On Tue, Jun 14, 2011 at 08:05:24PM -0500, Noel Jones wrote:
> I was thinking a setting integrated with smtp_pix_workarounds would be more
> automatic, with little maintenance once configured.
Given that the banner detection is incomplete (some pixen are not
obviously such) one still needs manual
On 6/14/2011 7:42 PM, Benny Pedersen wrote:
On Tue, 14 Jun 2011 19:32:39 -0500, Noel Jones wrote:
C) use existing smtp_header_checks solution.
extend to smtp_header_checks_maps, and then use any maps
postfix support
That's an interesting idea in itself, but in the scope of pix
workarounds
On Tue, 14 Jun 2011 19:32:39 -0500, Noel Jones wrote:
C) use existing smtp_header_checks solution.
extend to smtp_header_checks_maps, and then use any maps postfix
support
is smtp_header_checks already pr recipients server ?
On 6/14/2011 5:49 PM, Benny Pedersen wrote:
On Tue, 14 Jun 2011 19:48:54 +0200, Ralf Hildebrandt wrote:
* Noel Jones :
I think I posted something almost exactly like this a while
ago
(year+?). Anyway, I can confirm that I've had this same
problem and
came up with the same workaround, still in
On 2011-06-15 mouss wrote:
> Le 14/06/2011 23:21, Ansgar Wiechers a écrit :
>> My rationale is that no matter how reliable a single source is, they
>> can still be wrong at times. Getting a second opinion helps
>> mitigating these cases.
[...]
> now consider:
> P1 = listed on zen
> P2 = listed on
renumbering..."
In that case, the following patch will be sufficient for all supported
Postfix releases.
Wietse
[20110614-linux3-patch]
diff -cr makedefs- makedefs
*** makedefs- Tue Mar 1 14:14:18 2011
--- makedefsTue Jun 14 19:31:23 2011
**
On Tue, Jun 14, 2011 at 06:50:33PM -0400, Wietse Venema wrote:
> > On Tue, 14 Jun 2011 22:10:39 +0200, ron wrote:
> >
> > > i tried to compile postfix 2.8.3 running a 3.0_rc2 kernel (on
> > > gentoo), and it failed with the error:
> > >
> > > ATTENTION: Unknown system type: Linux 3.0.0-rc2
>
> Ar
> On Tue, 14 Jun 2011 22:10:39 +0200, ron wrote:
>
> > i tried to compile postfix 2.8.3 running a 3.0_rc2 kernel (on
> > gentoo), and it failed with the error:
> >
> > ATTENTION: Unknown system type: Linux 3.0.0-rc2
Are there any major code changes involved with the change from 2.x
to 3.x, or is
On Tue, 14 Jun 2011 19:48:54 +0200, Ralf Hildebrandt wrote:
* Noel Jones :
I think I posted something almost exactly like this a while ago
(year+?). Anyway, I can confirm that I've had this same problem and
came up with the same workaround, still in place.
Yeah. Maybe it would make a cool ad
On Tue, 14 Jun 2011 22:10:39 +0200, ron wrote:
i tried to compile postfix 2.8.3 running a 3.0_rc2 kernel (on
gentoo), and it failed with the error:
ATTENTION: Unknown system type: Linux 3.0.0-rc2
however, when i edited the makedefs file, everything compiled just
fine.
not sure if this is goo
On Tue, 14 Jun 2011 23:49:34 +0200, Ansgar Wiechers wrote:
The sender isn't the postmaster address of his domain, so how is this
suggestion supposed to help?
another problem then ?, as i read it you accept sender forges on your
domain for non sasl users
From: "postmaster" is not a problem
Le 14/06/2011 23:21, Ansgar Wiechers a écrit :
> On 2011-06-14 mouss wrote:
>> Le 14/06/2011 20:35, Ansgar Wiechers a écrit :
>>> On 2011-06-14 Rich Wales wrote:
>> b) rdns for 95.53.111.119 gives
>>pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru
>
> This might be covered by S
On 2011-06-14 Benny Pedersen wrote:
> On Tue, 14 Jun 2011 12:34:10 +0300, Harry Lachanas ( via Freemail ) wrote:
>> Is there an rfc compliant way to reject this ???
>
> reject if sender is postmaster@ your domain
>
> and not sasl authed
>
> make this email a mailbox so sasl works
The sender isn
On Tue, 14 Jun 2011 12:34:10 +0300, Harry Lachanas ( via Freemail )
wrote:
Is there an rfc compliant way to reject this ???
reject if sender is postmaster@ your domain
and not sasl authed
make this email a mailbox so sasl works
reject all .hinet.net email senders based on evelope sender
p
On 2011-06-14 mouss wrote:
> Le 14/06/2011 20:35, Ansgar Wiechers a écrit :
>> On 2011-06-14 Rich Wales wrote:
> b) rdns for 95.53.111.119 gives
>pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru
This might be covered by Stan Hoeppner's PCRE for dynamic IP ranges:
http://
Le 14/06/2011 04:21, Janantha Marasinghe a écrit :
> Thanks Sahil
>
> Basically What i want to check is when a mail is recieved from postfix
> if it can reject the e-mail is the sending e-mail server is in the
> blacklist rbl
>
> smtpd_recipient_restrictions is about "Mail To:" right. So if I hav
Le 11/06/2011 16:42, m...@smtp.fakessh.eu a écrit :
> Le samedi 11 juin 2011 00:28, Noel Jones a écrit :
>> On 6/10/2011 4:04 PM, m...@smtp.fakessh.eu wrote:
>>> hi folks
>>>
>>> I asked a question.
>>> there are providers that remove information from headers like X-Mailer
>>> Received
>>>
>>>
>>>
Le 14/06/2011 11:34, Harry Lachanas ( via Freemail ) a écrit :
> Hi list,
> Just by looking at the headers "Return-Path", "From:" and "To:"
> one can sense that the following is spam ...
>
> ---
>
>
Le 14/06/2011 20:35, Ansgar Wiechers a écrit :
> On 2011-06-14 Rich Wales wrote:
b) rdns for 95.53.111.119 gives
pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru
>>>
>>> This might be covered by Stan Hoeppner's PCRE for dynamic IP ranges:
>>> http://www.hardwarefreak.com/fqrdns.pcre
>
In message <3qv24m4z8pzh...@spike.porcupine.org>,
Wietse Venema wrote:
>Ronald F. Guilmette:
>>
>> Nothing is said within SMTPD_POLICY_README about what happens to any
>> output produced by a policy daemon on its stderr channel.
>
>Nothing happens with output written to stdout or stderr. FYI,
hi,
i tried to compile postfix 2.8.3 running a 3.0_rc2 kernel (on gentoo),
and it failed with the error:
ATTENTION: Unknown system type: Linux 3.0.0-rc2
however, when i edited the makedefs file, everything compiled just fine.
not sure if this is good fix, but either way here's my quick-and-di
Ronald F. Guilmette:
>
> Nothing is said within SMTPD_POLICY_README about what happens to any
> output produced by a policy daemon on its stderr channel.
Nothing happens with output written to stdout or stderr. FYI, daemon
programs are not supposed to write to stdout or stderr. They run
in the ba
Nothing is said within SMTPD_POLICY_README about what happens to any
output produced by a policy daemon on its stderr channel.
Is such output captured? Is it sent to the the same place as other
smtpd log message are currently sent?
If so, that would be most helpful.
* Robert Schetterer :
> make it more public , firewall admins may awake, in germany heise
> postings help sometimes *g
For that one would need large scale statistics.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Wietse Venema:
> Hmm...
>
> % telnet mailamir.com 25
> Trying 114.31.73.44...
> Connected to mailamir.com.
> Escape character is '^]'.
> 220 **
> help
> 502 5.5.2 Error: command not recognized
FYI, this is how I quickly identify Postfix MTAs.
Wietse
Am 14.06.2011 20:48, schrieb Ralf Hildebrandt:
> * Mark Martinec :
>
>> I think the newer versions of ASA can be configured to let ESMTP pass
>> through without censoring the greeting, while still exhibiting one of
>> the header parsing bugs - which can lead to dropping the TCP session
>> without
Am 14.06.2011 15:34, schrieb Ralf Hildebrandt:
> Today I found that some sites behind a PIX/ASA firewall with "smtp
> protocol fixup" would not accept DKIM signed mails.
>
> Solution:
> =
>
> master.cf:
> nodkimunix - - - - - smtp -o
> smtp_header_check
>> Additionally, a reliable DNSBL (block list) could be used to detect and
>> block IP addresses which are known spam sources and/or are dynamically
>> assigned.
>
> Personally I prefer policyd-weight (to avoid rejecting valid mails because
> of false positives on a single RBL), but yes.
Another
* Mark Martinec :
> I think the newer versions of ASA can be configured to let ESMTP pass
> through without censoring the greeting, while still exhibiting one of
> the header parsing bugs - which can lead to dropping the TCP session
> without a RST (but with a message in the log ... which noone re
> > How does an SMTP client recognize an ASA box before it breaks email?
>
> Only from the /^[02 *]+$/ banner.
> # telnet mx.interfree.it 25
> 220 **
I think the newer versions of ASA can be configured to let ESMTP pass through
with
On 2011-06-14 Rich Wales wrote:
>>> b) rdns for 95.53.111.119 gives
>>>pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru
>>
>> This might be covered by Stan Hoeppner's PCRE for dynamic IP ranges:
>> http://www.hardwarefreak.com/fqrdns.pcre
>
> Additionally, a reliable DNSBL (block list) could
* Mark Martinec :
> Ralf wrote:
> > Today I found that some sites behind a PIX/ASA firewall with "smtp
> > protocol fixup" would not accept DKIM signed mails.
>
> But you already knew that! :)
Yes I know.
> ASA bug CSCsy28792 and a couple of related header-parsing bugs,
> triggered by encounter
* Victor Duchovni :
> A Postfix system with a PIX in front of it and STARTTLS censored as
> "XXXA" (same length).
Yes, thought so too.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-122
Ralf wrote:
> Today I found that some sites behind a PIX/ASA firewall with "smtp
> protocol fixup" would not accept DKIM signed mails.
But you already knew that! :)
ASA bug CSCsy28792 and a couple of related header-parsing bugs,
triggered by encountering a "content-type" or "content-transfer-enc
On Tue, Jun 14, 2011 at 02:18:43PM -0400, Wietse Venema wrote:
> > # telnet mailamir.com 25
> > Trying 114.31.73.44...
> > Connected to mailamir.com.
> > Escape character is '^]'.
> > 220 **
>
> Hmm...
>
> % telnet mailamir.com 25
> Trying 114.31.73.44...
> Connected to m
Ralf Hildebrandt:
> * Wietse Venema :
>
> > > Yeah. Maybe it would make a cool addition to smtp_pix_workarounds!
> >
> > How does an SMTP client recognize an ASA box before it breaks email?
>
> Only from the /^[02 *]+$/ banner.
>
> # telnet mx.interfree.it 25
> Trying 213.158.72.46...
> Connec
* Wietse Venema :
> > Yeah. Maybe it would make a cool addition to smtp_pix_workarounds!
>
> How does an SMTP client recognize an ASA box before it breaks email?
Only from the /^[02 *]+$/ banner.
# telnet mx.interfree.it 25
Trying 213.158.72.46...
Connected to mx.interfree.it.
Escape character
Ralf Hildebrandt:
> * Noel Jones :
>
> > I think I posted something almost exactly like this a while ago
> > (year+?). Anyway, I can confirm that I've had this same problem and
> > came up with the same workaround, still in place.
>
> Yeah. Maybe it would make a cool addition to smtp_pix_workaro
On Tue, Jun 14, 2011 at 07:48:54PM +0200, Ralf Hildebrandt wrote:
> * Noel Jones :
>
> > I think I posted something almost exactly like this a while ago
> > (year+?). Anyway, I can confirm that I've had this same problem and
> > came up with the same workaround, still in place.
>
> Yeah. Maybe
* Noel Jones :
> I think I posted something almost exactly like this a while ago
> (year+?). Anyway, I can confirm that I've had this same problem and
> came up with the same workaround, still in place.
Yeah. Maybe it would make a cool addition to smtp_pix_workarounds!
--
Ralf Hildebrandt
Ge
On Tue, Jun 14, 2011 at 11:37:55AM -0600, Ian Stradling wrote:
> Thank you for your assistance. It basically confirms what I thought,
> which is only one notification is possible, and any more otherwise would
> just create congestion.
Typically, the destination of delayed messages and the origin
Thank you for your assistance. It basically confirms what I thought, which is
only one notification is possible, and any more otherwise would just create
congestion.
Thanks again!
Ian
-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
O
On Tue, Jun 14, 2011 at 11:21:33AM -0600, Ian Stradling wrote:
> I am new to the world of Postfix and have been requested by my employer
> to set up a series of Email Delay Notifications for our server.
>
> Currently the main.cf file is set to:
> delay_warning_time = 4h
>
> I understand this to
Ian Stradling:
> Hi,
>
> I am new to the world of Postfix and have been requested by my employer to
> set up a series of Email Delay Notifications for our server.
>
> A bit of information:
>
> Postfix version 2.3.8-2+etch1
> Debian 4
>
> Currently the main.cf file is set to:
> delay_warning_
On 06/14/2011 02:11 PM, kibirango moses wrote:
Contents of my /var/log/maillog
postfix/smtpd[7586]:> localhost[127.0.0.1]: 250-AUTH PLAIN LOGIN
postfix/smtpd[7586]:> localhost[127.0.0.1]: 250-ENHANCEDSTATUSCODES
postfix/smtpd[7586]:> localhost[127.0.0.1]: 250-8BITMIME
postfix/smtpd[7586]:> lo
Hi,
I am new to the world of Postfix and have been requested by my employer to set
up a series of Email Delay Notifications for our server.
A bit of information:
Postfix version 2.3.8-2+etch1
Debian 4
Currently the main.cf file is set to:
delay_warning_time = 4h
I understand this to mean th
On Tue, Jun 14, 2011 at 10:21:56AM +0200, Csillag Tamas wrote:
> I need to duplicate mails if they are sent from users with sending
> profile set to a specific role (which they can set).
>
> For example user1@domain can select departmentA@domain as a sender
> address. In this case I want to send
On Monday, June 13, 2011, 22:21:17, Janantha Marasinghe wrote:
> ...
> smtpd_recipient_restrictions is about "Mail To:" right.
Its about "RCPT TO" not "Mail To:"
http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
"The access restrictions that the Postfix SMTP server applies
>> b) rdns for 95.53.111.119 gives
>>pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru
>
> This might be covered by Stan Hoeppner's PCRE for dynamic IP ranges:
> http://www.hardwarefreak.com/fqrdns.pcre
Additionally, a reliable DNSBL (block list) could be used to detect and
block IP addresses
On 6/14/2011 8:34 AM, Ralf Hildebrandt wrote:
Today I found that some sites behind a PIX/ASA firewall with "smtp
protocol fixup" would not accept DKIM signed mails.
Solution:
=
master.cf:
nodkimunix - - - - - smtp -o
smtp_header_checks=pcre:/etc/postf
Today I found that some sites behind a PIX/ASA firewall with "smtp
protocol fixup" would not accept DKIM signed mails.
Solution:
=
master.cf:
nodkimunix - - - - - smtp -o
smtp_header_checks=pcre:/etc/postfix/no_dkim.pcre
main.cf:
transport_maps = cdb:/
Contents of my /var/log/maillog
postfix/smtpd[7586]: > localhost[127.0.0.1]: 250-AUTH PLAIN LOGIN
postfix/smtpd[7586]: > localhost[127.0.0.1]: 250-ENHANCEDSTATUSCODES
postfix/smtpd[7586]: > localhost[127.0.0.1]: 250-8BITMIME
postfix/smtpd[7586]: > localhost[127.0.0.1]: 250 DSN
postfix/smtpd[7586]:
On 2011-06-14 Harry Lachanas ( via Freemail ) wrote:
> Just by looking at the headers "Return-Path", "From:" and "To:"
> one can sense that the following is spam ...
>
> ---
> Return-Path:
> X-Original
Hi list,
Just by looking at the headers "Return-Path", "From:" and "To:"
one can sense that the following is spam ...
---
Return-Path:
X-Original-To: postmas...@example.com
Delivered-To: postmas...
On 2011-06-12 Wiebe Cazemier wrote:
> From: "Reindl Harald"
>> Am 11.06.2011 16:55, schrieb Wiebe Cazemier:
>>> That's not what I meant. I meant that 99% of the time, the primary
>>> server will be up and recipient address verification will work to
>>> reject (spam) messages to unknown users. Thos
Hi,
I need to duplicate mails if they are sent from users with sending
profile set to a specific role (which they can set).
For example user1@domain can select departmentA@domain as a sender
address. In this case I want to send a copy to user2@domain user3@domain
as they are all related to this
61 matches
Mail list logo
