[feature request] Subzero postscreen/dnsblog score to bypass after-220 tests?

I finally got around to my upgrade to 2.11-20130405 and was watching logs. A gmail message fell afoul of the after-220 tests; each time it came from a different host. Each one got a "PASS NEW" and of course the "450 4.3.2 Service currently unavailable" rejection. These gmail outbounds are all l

Re: postfix and Berkeley DB

On Thu, 2013-04-11 at 16:35:28 -0600, LuKreme wrote: > # ldd /usr/local/libexec/postfix/smtpd > /usr/local/libexec/postfix/smtpd: > libmysqlclient.so.16 => /usr/local/lib/mysql/libmysqlclient.so.16 > (0x280cf000) > libz.so.3 => /lib/libz.so.3 (0x28139000) > libm.so.4 =>

Re: Setting up secure submission for remote users

On Apr 11, 2013, at 20.11, LuKreme wrote: > Reindl Harald opined on Thursday 11-Apr-2013@16:58:28 >> mynetworks should be genrally used with care and only for specific >> address instead whole networks with sooner or later potentially >> infected clients which can be banned if using auth even if

Re: Setting up secure submission for remote users

Reindl Harald opined on Thursday 11-Apr-2013@16:58:28 > mynetworks should be genrally used with care and only for specific > address instead whole networks with sooner or later potentially > infected clients which can be banned if using auth even if the > malware leaks auth data and abuse it from o

Re: postfix and Berkeley DB

Am 12.04.2013 02:00, schrieb LuKreme: > Reindl Harald opined on Thursday 11-Apr-2013@17:03:50 >> >> >> Am 12.04.2013 00:35, schrieb LuKreme: >>> # ldd /usr/local/libexec/postfix/smtpd >>> /usr/local/libexec/postfix/smtpd: >>>libmysqlclient.so.16 => /usr/local/lib/mysql/libmysqlclient.so

Re: postfix and Berkeley DB

Reindl Harald opined on Thursday 11-Apr-2013@17:03:50 > > > Am 12.04.2013 00:35, schrieb LuKreme: >> # ldd /usr/local/libexec/postfix/smtpd >> /usr/local/libexec/postfix/smtpd: >>libmysqlclient.so.16 => /usr/local/lib/mysql/libmysqlclient.so.16 >> (0x280cf000) >>libz.so.3 => /l

Re: postfix and Berkeley DB

Am 12.04.2013 00:35, schrieb LuKreme: > # ldd /usr/local/libexec/postfix/smtpd > /usr/local/libexec/postfix/smtpd: > libmysqlclient.so.16 => /usr/local/lib/mysql/libmysqlclient.so.16 > (0x280cf000) > libz.so.3 => /lib/libz.so.3 (0x28139000) > libm.so.4 => /lib/libm.so.4

Re: Setting up secure submission for remote users

Am 12.04.2013 00:04, schrieb LuKreme: > On Apr 8, 2013, at 13:26, Jeroen Geilman wrote: > >> The clue is that there should be no permit_ rules before /or/ after >> permit_sasl_authenticated, and the last rule should be an explicit "reject". > > Quick question on this, not ever a permit mynetw

Re: Setting up secure submission for remote users

On Apr 8, 2013, at 13:26, Jeroen Geilman wrote: > The clue is that there should be no permit_ rules before /or/ after > permit_sasl_authenticated, and the last rule should be an explicit "reject". Quick question on this, not ever a permit mynetworks? (I mean, I can't think of a reason mynetwor

postfix and Berkeley DB

# ldd /usr/local/libexec/postfix/smtpd /usr/local/libexec/postfix/smtpd: libmysqlclient.so.16 => /usr/local/lib/mysql/libmysqlclient.so.16 (0x280cf000) libz.so.3 => /lib/libz.so.3 (0x28139000) libm.so.4 => /lib/libm.so.4 (0x2814a000) libssl.so.7 => /usr/local/lib/

Re: Is postfix misconfiguration to send to wrong domain?

On Apr 11, 2013, at 15:56, "Jan P. Kessler" wrote: > do not reject mails by content filters (as said: use prequeue filters > or tag spam mails) to be clear, do not bounce emails based on content filters AFTER the SMTP transaction. You can certainly reject email based on any criteria you wish du

Re: Is postfix misconfiguration to send to wrong domain?

>> Is postscreen able to identify email as spam to prevent bouncing it? >> Is there a way to alter my postfix configuration to prevent bouncing it? > This is not a matter of 'spam detection'. You have to verify for valid > (means existing) recipients *before* you accept mail. > > Look for reject_u

Re: Is postfix misconfiguration to send to wrong domain?

Robert Lopez: > Is postscreen able to identify email as spam to prevent bouncing it? Is > there a way to alter my postfix configuration to prevent bouncing it? Both postscreen and a before-queue content filter block mail before it is allowed into the Postfix queue. Postfix will therefore not retu

Re: Is postfix misconfiguration to send to wrong domain?

> Is postscreen able to identify email as spam to prevent bouncing it? > Is there a way to alter my postfix configuration to prevent bouncing it? This is not a matter of 'spam detection'. You have to verify for valid (means existing) recipients *before* you accept mail. Look for reject_unlisted_

Re: Forwarding from a particular email address

Mark Alan: > On Thu, 11 Apr 2013 06:56:13 -0400 (EDT), Wietse Venema > wrote: > > > That should be: > > > > us...@example1.com us...@example1.com us...@example2.com > > us...@example3.com us...@example3.com us...@example4.com > > Makes sense and perhaps it seems obvious for the postfix develope

Re: Logging SMTPD ports

On 11/04/13 18:23, Wietse Venema wrote: Viktor Dukhovni: On Thu, Apr 11, 2013 at 06:12:02PM +0100, Robert Sharp wrote: I have postfix set up with smtpd processes on three ports: 25 for the wild world out there, 587 for submission from local users and other MTAs on the LAN, and 10025 for re-inj

Re: Forwarding from a particular email address

On Thu, 11 Apr 2013 06:56:13 -0400 (EDT), Wietse Venema wrote: > That should be: > > us...@example1.com us...@example1.com us...@example2.com > us...@example3.com us...@example3.com us...@example4.com Makes sense and perhaps it seems obvious for the postfix developers, but I do not remember see

Re: Serving Dovecot mailbox quota status to Postfix

* Ralf Hildebrandt : > I wrote a little something about how to prevent delivery to mailboxes > over quota while still being in the SMTP dialogue: > http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ > (Postfix/Dovecot) To be precise: Postfix/Dovecot-2.2 -- [*] sys4 AG http://sys4.

Re: Is postfix misconfiguration to send to wrong domain?

On Thu, Apr 11, 2013 at 2:23 PM, Noel Jones wrote: > On 4/11/2013 2:42 PM, Robert Lopez wrote: > > That was a fast response Jan. Thanks. Is the overall situation > > suggestive of any misconfiguration here? > > [please don't top-post] > > It appears you're generating a bounce for spam. Don't do

Serving Dovecot mailbox quota status to Postfix

I wrote a little something about how to prevent delivery to mailboxes over quota while still being in the SMTP dialogue: http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ (Postfix/Dovecot) -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Si

Re: Is postfix misconfiguration to send to wrong domain?

On 4/11/2013 2:42 PM, Robert Lopez wrote: > That was a fast response Jan. Thanks. Is the overall situation > suggestive of any misconfiguration here? [please don't top-post] It appears you're generating a bounce for spam. Don't do that; the spam sender address is often forged causing your notice

Re: Stripping Received: headers

On 4/11/2013 11:55 AM, Benny Pedersen wrote: > Noel Jones skrev den 2013-04-11 18:29: >> smtp_header_checks are performed on outgoing mail during smtp(5) >> delivery. > > is submission not using smtp_header_checks ? No. submission uses the smtpd(5) service to receive mail, which uses header_che

Re: Is postfix misconfiguration to send to wrong domain?

That was a fast response Jan. Thanks. Is the overall situation suggestive of any misconfiguration here? On Thu, Apr 11, 2013 at 1:22 PM, Jan P. Kessler wrote: > Hi, > > > And these are the logfile lines for our sending of the non-delivery > notice we sent. One item in these log lines I do not

Re: Multiple recipient_delimiter address extensions?

Jeroen Geilman: > On 04/05/2013 08:17 PM, Wietse Venema wrote: > > /dev/rob0: > >> > >> Thanks. A very minor complaint is that you have always been very > >> consistent IIRC regarding plural and singular in parameter names, but > >> now "recipient_delimiter" can be multiple characters. :) (I do > >

Re: Is postfix misconfiguration to send to wrong domain?

Hi, > And these are the logfile lines for our sending of the non-delivery > notice we sent. One item in these log lines I do not understand at all > is "relay=server50.appriver.com > [204.232.236.138]:25". I do not > understand where were that information is sourced.

Is postfix misconfiguration to send to wrong domain?

I am concerned a configuration that has been unchanged for a few years may have an error that is now showing up as a problem. I received this email that is a non-delivery notice sent to us ( postmas...@cnm.edu) that a non-delivery notice our gateway sent could not be delivered: From: postmas...@o

Re: Multiple recipient_delimiter address extensions?

On 04/05/2013 08:17 PM, Wietse Venema wrote: /dev/rob0: Thanks. A very minor complaint is that you have always been very consistent IIRC regarding plural and singular in parameter names, but now "recipient_delimiter" can be multiple characters. :) (I do Yes and no. Postfix still supports only

Re: Stripping Received: headers

Am 11.04.2013 19:20, schrieb Reindl Harald: > > > Am 11.04.2013 18:55, schrieb Benny Pedersen: >>> smtp_header_checks are performed on outgoing mail during smtp(5) >>> delivery. >> >> is submission not using smtp_header_checks? > > has your submission service smtp or smtpd in master.cf? > mine

Re: Logging SMTPD ports

Viktor Dukhovni: > On Thu, Apr 11, 2013 at 06:12:02PM +0100, Robert Sharp wrote: > > > I have postfix set up with smtpd processes on three ports: 25 for > > the wild world out there, 587 for submission from local users and > > other MTAs on the LAN, and 10025 for re-injection from amavis. I am > >

Re: Stripping Received: headers

Am 11.04.2013 18:55, schrieb Benny Pedersen: >> smtp_header_checks are performed on outgoing mail during smtp(5) >> delivery. > > is submission not using smtp_header_checks? has your submission service smtp or smtpd in master.cf? mine has smtpd as all other working ones out there signature.a

Re: Logging SMTPD ports

On Thu, Apr 11, 2013 at 06:12:02PM +0100, Robert Sharp wrote: > I have postfix set up with smtpd processes on three ports: 25 for > the wild world out there, 587 for submission from local users and > other MTAs on the LAN, and 10025 for re-injection from amavis. I am > doing some log analysis and

Logging SMTPD ports

Hi I have postfix set up with smtpd processes on three ports: 25 for the wild world out there, 587 for submission from local users and other MTAs on the LAN, and 10025 for re-injection from amavis. I am doing some log analysis and I think it would be really, really helpful if smtpd could log

Re: Stripping Received: headers

On Apr 11, 2013, at 18:29, Noel Jones wrote: >> so you must change to to smtp_header_checks > > smtp_header_checks are performed on outgoing mail during smtp(5) > delivery. > > But you're sort of on the right track. You can use > smtp_header_checks to remove the Received: headers from > authen

Re: Stripping Received: headers

Noel Jones skrev den 2013-04-11 18:29: No, header_checks are performed on all incoming mail. +1 As already explained, the problem above is that "-o header_checks=..." has no effect on smtpd(5). yes it included as it used all incomming, but not directly with smtpd so you must change to to

Re: Stripping Received: headers

On 4/11/2013 10:05 AM, Benny Pedersen wrote: > Geoff Shang skrev den 2013-04-11 16:33: >> Hi, >> >> I'm trying to strip Received: headers from mail at various parts of >> our processing, for security reasons. >> >> I'm starting with mail that comes in from authenticated clients. I >> tried doing t

Re: check_recipient_access not working

Ah. I see. Thank you very much for that. On 11 April 2013 17:05, Brian Evans - Postfix List [via Postfix] < ml-node+s1071664n56963...@n5.nabble.com> wrote: > On 4/11/2013 11:52 AM, Stephen West wrote: > > Thank you for your reply. > > The messages are sent from /usr/sbin/sendmail > > > Any mail

Re: check_recipient_access not working

On 4/11/2013 11:52 AM, Stephen West wrote: Thank you for your reply. The messages are sent from /usr/sbin/sendmail Any mail sent through the sendmail(1) command is not subject to smtpd_* rules. The only option on restriction is which users can send mail through the authorized_submit_users

Re: check_recipient_access not working

Thank you for your reply. The messages are sent from /usr/sbin/sendmail The log contains: Apr 11 16:50:26 hilljaa5 postfix/qmgr[2563]: 0B60181F0: from=< h...@removed.com>, size=310, nrcpt=1 (queue active) Apr 11 16:50:26 hilljaa5 postfix/smtp[2569]: 0B60181F0: to=, relay=test.test2.com[31.222.14

Defer SMTP and Pipe Later

Hello all, Forgive me as this might seem like an absurd question: Is it possible to defer SMTP transport and then send the message to a pipe later so I can keep a "copy" of the message in case needing to resend as the remote pipe output might be unreliable? The message should remain in the def

Re: Stripping Received: headers

Geoff Shang skrev den 2013-04-11 16:33: Hi, I'm trying to strip Received: headers from mail at various parts of our processing, for security reasons. I'm starting with mail that comes in from authenticated clients. I tried doing the following: master.cf: submission inet n - -

Re: Stripping Received: headers

Geoff Shang: > submission inet n - - - - smtpd >-o smtpd_enforce_tls=yes >-o smtpd_sasl_auth_enable=yes >-o smtpd_client_restrictions=permit_sasl_authenticated,reject >-o milter_macro_daemon_name=ORIGINATING >-o header_checks=pcre:/etc/postfix/heade

Re: check_recipient_access not working

On 4/11/2013 10:49 AM, pifoot wrote: Many thanks for your reply. Apologies. The command DOES return OK for the whitelisted e-mail address. It returns nothing at all for an e-mail address not in the whitelist. However, e-mail addresses not in the hash file are still sent and not rejected. You h

Re: check_recipient_access not working

pifoot: > Thank you for your reply. No, the * aren't included. It was because I put the > commands and files in bold on the original posting. > > Running that command doesn't produce any output. Have you any idea why that > should be? Update the Berkeley DB file with: $ postmap hash:/path/to/fil

Re: check_recipient_access not working

Many thanks for your reply. Apologies. The command DOES return OK for the whitelisted e-mail address. It returns nothing at all for an e-mail address not in the whitelist. However, e-mail addresses not in the hash file are still sent and not rejected. Thanks, Stephen -- View this message in c

Re: check_recipient_access not working

Thank you for your reply. No, the * aren't included. It was because I put the commands and files in bold on the original posting. Running that command doesn't produce any output. Have you any idea why that should be? Many thanks, Stephen -- View this message in context: http://postfix.107166

Stripping Received: headers

Hi, I'm trying to strip Received: headers from mail at various parts of our processing, for security reasons. I'm starting with mail that comes in from authenticated clients. I tried doing the following: master.cf: submission inet n - - - - smtpd -o smtpd_e

Re: check_recipient_access not working

pifoot: > *smtpd_recipient_restrictions = check_recipient_access > hash:/etc/postfix/recipient_access, reject* > > /etc/postfix/recipient_access contains: > > *t...@test.com OK* Hopefully the "*" are not included. You can test the access table with: $ postmap -q t...@test.com hash:/etc/po

Re: Setting up secure submission for remote users

On Apr 8, 2013, at 13:26, Jeroen Geilman wrote: > I would personally recommend using dovecot for SASL, especially if you don't > need client SASL (from postfix to remote servers); dovecot is way, way easier > to set up, and evolves quite nicely My hesitation is that I already have an auth syst

check_recipient_access not working

Dear all, I'm trying to allow our Postfix server to only send e-mails to a few specified e-mail addresses, i.e., a whitelist. I've added the following to main.cf *smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access, reject* /etc/postfix/recipient_access c

New Postfix log analyzer tool, statistics, grapher, ... PostgreSQL DB 9.2.x based

Dear Postfix Community, I'm writing for the first time there but working in the area of SMTP messaging since a long time. With Postfix, that I really love. The goal of my e-mail today is just to let you know that I'm working since some time on my open source GPLv3 project dedicated to _*real

[Bug fix in previous email] New Postfix log analyzer tool, statistics, grapher, ... PostgreSQL DB 9.2.x based

Dear Postfix Community, Instead of reading in my previous email: "The archive I just uploaded this morning deal with Postfix version >=2.8.x logs." Please read: "The archive I just uploaded this morning deal with Postfix version _*<=2.8.x*_ logs." This is a misstyping from me ;) <>

Re: Forwarding from a particular email address

Quoting "Wietse Venema" : > Mark Alan: >> On Thu, 11 Apr 2013 03:01:58 +0300, "Indiana Jones" >> wrote: >>> # for single address >>> printf "us...@example1.com us...@example2.com\n" /etc/postfix/virtual >>> # for multiple addresses >>> printf "us...@example1.com us...@example2.com\nus...@exam

Aw: Address Rewriting

Sorry, my last mail was Html only. I hope it's better now :-) Hi,   I have a setup with several virtual mailboxes, e.g. local1@, local2@.   Now I would like the local mail addresses to have some kind of mapping to external addresses: local1@postfixserver <-> external1@externaldomain1 local2@postf

Re: Forwarding from a particular email address

Mark Alan: > On Thu, 11 Apr 2013 03:01:58 +0300, "Indiana Jones" > wrote: > > # for single address > > printf "us...@example1.com us...@example2.com\n" > > > /etc/postfix/virtual > > # for multiple addresses > > printf "us...@example1.com us...@example2.com\nus...@example3.com > > us...@examp

Address Rewriting

Hi,   I have a setup with several virtual mailboxes, e.g. local1@, local2@.   Now I would like the local mail addresses to have some kind of mapping to external addresses: local1@postfixserver <-> external1@externaldomain1 local2@postfixserver <-> external2@externaldomain2   If a mail arri

Re: Forwarding from a particular email address

On Thu, 11 Apr 2013 03:01:58 +0300, "Indiana Jones" wrote: > # for single address > printf "us...@example1.com us...@example2.com\n" > > /etc/postfix/virtual > # for multiple addresses > printf "us...@example1.com us...@example2.com\nus...@example3.com > us...@example4.com\n" > /etc/postfix/v