No it still doesnot blocks the subdomains.
And when I test using
'postmap -q string /etc/postfix/blockr'.
ex. string = t...@domain.com and t...@test.domain.com
it blocks only the domain and not the subdomain.
-Original Message-
From: owner-postfix-us...@postfix.org
On Tue, 9 Jun 2015 11:51:28 +0300
Hanna ha...@ecei.biz wrote:
in /etc/postfix/blockr
domain.com REJECT sorry, blocked.
.domain.com REJECT sorry, blocked.
you dont need to specify .domain.com, since the first also REJECT any
subdomain under domain.com.
http://www.postfix.org/access.5.html
I am trying to block our users from sending emails to specific subdomains.
So in /etc/main.cf
smtpd_recipient_restrictions =
check_recipient_access
hash:/etc/postfix/blockr
in /etc/postfix/blockr
domain.com REJECT sorry, blocked.
.domain.com REJECT
On 2015-06-09 06:38, DTNX Postmaster wrote:
from the perspective of the recipient, your mail is originating
from '81.88.62.172', which isn't included in your SPF record.
Your SPF record dictates that it should be rejected, so they do.
That's what the error message tells you.
ALL this had been
On Mon, 2015-06-08 at 14:59 -0400, Wietse Venema wrote:
Andrew Beverley:
On Mon, 2015-06-08 at 11:58 -0400, Wietse Venema wrote:
What other TLS settings do you consider required? Postfix does not
need a client certificate for sending email.
My mistake. I'd added in some of those
Hi Mike,
~all denotes soft fail. In other words that means that if you forget
to add an IP address of your new server to SPF it is not going to be a
total failure :) Soft fail allows to undertake other steps in case it
happens (say i.e. you could perform other checks to determine if the
email
On Tue, 9 Jun 2015 12:22:39 +0300
Hanna ha...@ecei.biz wrote:
No it still doesnot blocks the subdomains.
And when I test using
'postmap -q string /etc/postfix/blockr'.
ex. string = t...@domain.com and t...@test.domain.com
it blocks only the domain and not the subdomain.
try regex:
On 09 Jun 2015, at 07:39, Michael B Allen iop...@gmail.com wrote:
On Tue, Jun 9, 2015 at 12:42 AM, DTNX Postmaster postmas...@dtnx.net wrote:
On 09 Jun 2015, at 05:20, Michael B Allen iop...@gmail.com wrote:
I have never setup SPF records before. I have one server doing
everything although
Alex Regan:
I'm actually not seeing any of these messages in the logs. The only
entry I see when reloading is:
Jun 8 21:20:03 mail02 postfix[22018]: Postfix is running with
backwards-compatible default settings
Is there some log level or something else I'm missing to have postfix
On 09 Jun 2015, at 10:57, M. Fioretti mfiore...@nexaima.net wrote:
On 2015-06-09 06:38, DTNX Postmaster wrote:
from the perspective of the recipient, your mail is originating
from '81.88.62.172', which isn't included in your SPF record.
Your SPF record dictates that it should be rejected,
On 6/9/2015 7:59 AM, Michael Peter wrote:
Hello,
At our office, We are trying to BCC all emails comes from specific domain
or its subdomains by configuring postifx as follow
we add main.cf
sender_bcc_maps = hash:/etc/postfix/sender_bcc
then at /etc/postfix/sender_bcc we add
Am 09.06.2015 um 18:04 schrieb Michael Munger:
Hello everyone,
I need to setup an instance of postfix IN FRONT of an Exchange server,
the purpose of which is to capture and archive all incoming email (and
eventually outbound, but I'll tackle that later).
Can someone point me to the
I recently updated my system from Sendmail to Postfix 3.0.1. Since that
time, I've been targeted with several SASL dictionary attacks; activity
I've not seen in this number before.
Reading around elsewhere, I wonder if the script kiddies are looking for
Postfix in the banner (which I've
On Tue, Jun 09, 2015 at 12:31:34PM -0400, Michael Munger wrote:
Since this is the case, then I will probably have to migrate the spam filter
to happen at the Postfix proxy, which requires we write a connector to their
CRM system. Not a big deal, but not as easy as I was hoping.
Postfix is not
On 6/9/2015 11:31 AM, Michael Munger wrote:
I was referring to TCP header re-writes. But, now that I think about
it, the re-write would have to happen at the Exchange level after
receipt. (Can't do it pre-send unless the entire message fit in a
single packet. So... that's not going to work).
On Tue, Jun 09, 2015 at 12:54:51PM -0400, Forrest wrote:
I recently updated my system from Sendmail to Postfix 3.0.1. Since that
time, I've been targeted with several SASL dictionary attacks; activity I've
not seen in this number before.
Restricting SASL to TLS might help...
On Tue, Jun 09, 2015 at 11:55:40AM -0500, Noel Jones wrote:
Postfix isn't a proxy and can't be configured to behave as one.
Maybe you're just using that term to refer to an email
gateway/firewall, and not really expecting a proxy.
Admittedly it is possible to configure a degenerate
Hello everyone,
I need to setup an instance of postfix IN FRONT of an Exchange server,
the purpose of which is to capture and archive all incoming email (and
eventually outbound, but I'll tackle that later).
Can someone point me to the section in the docs I should read for this?
any example
On Tue, Jun 09, 2015 at 12:04:56PM -0400, Michael Munger wrote:
One item of particular concern is header re-writes. I would prefer to have
postfix retain the original sender IP address ...
What you call the sender IP address is not message (header)
content. Rather, it is the IP address part
I was referring to TCP header re-writes. But, now that I think about it,
the re-write would have to happen at the Exchange level after receipt.
(Can't do it pre-send unless the entire message fit in a single packet.
So... that's not going to work).
Since this is the case, then I will probably
On Tue, Jun 09, 2015 at 01:23:47PM -0400, Forrest wrote:
postfix/smtpd[12345]: warning: unknown[212.156.86.90]: SASL LOGIN
authentication failed: authentication failure
so I presume that's port 25, as I have submission running as another
configuration in master.cf.
By default the logs
On 6/9/15 1:02 PM, Viktor Dukhovni wrote:
On Tue, Jun 09, 2015 at 12:54:51PM -0400, Forrest wrote:
I recently updated my system from Sendmail to Postfix 3.0.1. Since that
time, I've been targeted with several SASL dictionary attacks; activity I've
not seen in this number before.
Restricting
On 6/9/15 1:38 PM, Viktor Dukhovni wrote:
On Tue, Jun 09, 2015 at 01:23:47PM -0400, Forrest wrote:
postfix/smtpd[12345]: warning: unknown[212.156.86.90]: SASL LOGIN
authentication failed: authentication failure
so I presume that's port 25, as I have submission running as another
configuration
On Tue, Jun 09, 2015 at 02:26:20PM -0400, Forrest wrote:
So that log entry might be for the submission port, unless you've
configured it along the lines above.
I believe this is already set in my master.cf, which is:
smtp inet n - n - - smtpd
On Tue, Jun 9, 2015 at 4:55 AM, Peter uncle_p...@fastmail.com wrote:
Hi Mike,
~all denotes soft fail. In other words that means that if you forget
to add an IP address of your new server to SPF it is not going to be a
total failure :) Soft fail allows to undertake other steps in case it
Re: Postfix must know users / use LDAP
Excellent point, and I didn't think about that. Will do.
Re: See google for details.
+1 internets for awesome response. :-)
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small
Excellent advice, and I will read these throughly.
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
mich...@highpoweredhelp.com
On 06/09/2015 01:13 PM, Viktor
I'm forwarding specific mail from a remote Postfix instance to a local one.
I'm switching from SASL auth to high-encryption tls cert auth'd connection.
It works to the extent that
(1) connections without the TLS cert in place are rejected
(2) a Trusted TLS connection is
On Tue, Jun 09, 2015 at 04:36:35PM -0700, PGNd wrote:
I'm forwarding specific mail from a remote Postfix instance to a local one.
I'm switching from SASL auth to high-encryption tls cert auth'd connection.
It works to the extent that
(1) connections without the TLS cert in place
On Tue, Jun 09, 2015 at 07:23:43PM +, Viktor Dukhovni wrote:
On Tue, Jun 09, 2015 at 02:26:20PM -0400, Forrest wrote:
So that log entry might be for the submission port, unless you've
configured it along the lines above.
I believe this is already set in my master.cf, which is:
On Tue, Jun 09, 2015 at 04:49:50PM -0400, Michael Munger wrote:
Admittedly it is possible to configure a degenerate installation
in which smtpd(8) proxies mail to another backend MTA without
queueing. I've used this for TLS termination in front of an MTA
with no TLS support.
You were clear. I understood that this was caveat emptor and that store
- forward was the better way to go.
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
Hi All,
I have setup postfix + mysql + dovecot.
I can get mails from gmail and other external and also send mails within
my domain, but i am not able to send any mail to outside address, like
gmail.com yahoo.com etc.
I get the error indicating as pasted below
Jun 9 14:04:40 ml
Hello,
At our office, We are trying to BCC all emails comes from specific domain
or its subdomains by configuring postifx as follow
we add main.cf
sender_bcc_maps = hash:/etc/postfix/sender_bcc
then at /etc/postfix/sender_bcc we add
@domain.com manager
But we notice that the emails comes from
On 2015-06-09 12:45, DTNX Postmaster wrote:
On 09 Jun 2015, at 10:57, M. Fioretti mfiore...@nexaima.net wrote:
On 2015-06-09 06:38, DTNX Postmaster wrote:
from the perspective of the recipient, your mail is originating
from '81.88.62.172', which isn't included in your SPF record.
Your SPF
On Tue, Jun 09, 2015 at 06:43:08PM -0700, Jithesh AP wrote:
relayhost = $mydomain
That's the cause of the loop. Eithet set this empty, or set it to
a suitable smarthost MTA, in the example below a hypothetical
smarthost.example.com:
relayhost = [smarthost.example.com]
--
Viktor.
On Thu, 14 May 2015 06:57:16 -0400, jason hirsh wrote:
I have bene using
https://regex101.com https://regex101.com/
for test and evaluationIt has also helped on my composition
Thanks very much for that one. It's just what I was looking for.
On Tue, Jun 9, 2015, at 05:08 PM, Viktor Dukhovni wrote:
Zeroing in on
This means that the server's certificate is not issued by a CA trusted by the
client
In configs
CLIENT/master.cf
...
relay-remoteunix--n--smtp
On Tue, Jun 09, 2015 at 05:49:53PM -0700, PGNd wrote:
This means that the server's certificate is not issued by a CA trusted
by the client
In configs
CLIENT/master.cf
...
relay-remoteunix--n--smtp
...
Sending to postfix-users group as well
Version of postfix
postconf -d | grep mail_version
mail_version = 2.6.6
milter_macro_v = $mail_name $mail_version
-
Majority of my configurations were based on this article -
But you're still not authenticating the server. For that you'll need:
smtp_tls_security_level=secure so that the client verifies the server
hostname also and
refuses to proceed when authentication fails.
A simpler alternative for my case may be
-o
Hi,
Jun 8 21:20:03 mail02 postfix[22018]: Postfix is running with
backwards-compatible default settings
Meaning the compatibility level is not set the requisuite minimum
value. This applies whether or not the relevant parameters have
been explicitly set.
Okay, I think I understand now. I
On 6/9/15 6:19 PM, Scott Lambert wrote:
On Tue, Jun 09, 2015 at 07:23:43PM +, Viktor Dukhovni wrote:
On Tue, Jun 09, 2015 at 02:26:20PM -0400, Forrest wrote:
So that log entry might be for the submission port, unless you've
configured it along the lines above.
I believe this is already
On Tue, Jun 09, 2015 at 07:37:54PM -0700, PGNd wrote:
A simpler alternative for my case may be
-o smtp_tls_CAfile=/etc/ssl/mail/_CA.crt
-o smtp_tls_cert_file=/etc/ssl/mail/relay-remote.crt
+ -o smtp_tls_fingerprint_cert_match=$var_FP01
Thank you, gives me better idea now.
Regards
Jithesh
On Tue, 09 Jun 2015 20:54:31 -0700, Viktor Dukhovni
postfix-us...@dukhovni.org wrote:
On Tue, Jun 09, 2015 at 08:44:20PM -0700, Jithesh AP wrote:
Currently sending mail is thru port 25, how to make it to use port 587
(i
understand
thank you, makes it clear.
Jithesh
On Tue, 09 Jun 2015 21:27:35 -0700, Viktor Dukhovni
postfix-us...@dukhovni.org wrote:
On Wed, Jun 10, 2015 at 03:54:31AM +, Viktor Dukhovni wrote:
Port 587 is not for inter-domain mail delivery. It is for submission
of mail by users (Outlook,
Now they're hitting me here:
Jun 9 23:49:13 mail postfix/smtpd[17263]: connect from unknown[71.19.249.5]
Jun 9 23:49:13 mail postfix/smtpd[17263]: lost connection after AUTH
from unknown[71.19.249.5]
Jun 9 23:49:13 mail postfix/smtpd[17263]: disconnect from
unknown[71.19.249.5] ehlo=1
On Tue, Jun 09, 2015 at 07:06:26PM -0700, PGNd wrote:
Reattempting
CLIENT/master.cf
...
relay-remoteunix--n--smtp
...
-o smtp_tls_CAfile=/etc/ssl/mail/_CA.crt
-o
On Tue, Jun 9, 2015, at 07:57 PM, Viktor Dukhovni wrote:
This requires some operational discipline, but avoids trusting third parties.
If I also control the CA, which in this case I do, I gather that point is moot.
Still, the FP method seems cleaner in this case.
Yes, the key question is what's in the server certificate. You'll
want match=whatever appears there. And if you're using the
policy table, you don't also need smtp_tls_security_level=secure,
the policy table preempts that.
Back to
CLIENT/master.cf
-o
Thank you, this worked very well. I made it empty as i was not sure what
smarthost MTA meant.
Another sideline question, is there a way to make it use port 587 instead
of 25?
Regards
Jithesh
On Tue, 09 Jun 2015 18:54:16 -0700, Viktor Dukhovni
postfix-us...@dukhovni.org wrote:
On Tue,
On Tue, Jun 09, 2015 at 08:28:44PM -0700, Jithesh AP wrote:
Thank you, this worked very well. I made it empty as i was not sure what
smarthost MTA meant.
Another sideline question, is there a way to make it use port 587 instead of
25?
To make what it use port 587?
--
Viktor.
Currently sending mail is thru port 25, how to make it to use port 587 (i
understand that is more secure).
Regards
Jithesh
On Tue, 09 Jun 2015 20:40:28 -0700, Viktor Dukhovni
postfix-us...@dukhovni.org wrote:
On Tue, Jun 09, 2015 at 08:28:44PM -0700, Jithesh AP wrote:
Thank you, this
On Tue, Jun 09, 2015 at 08:44:20PM -0700, Jithesh AP wrote:
Currently sending mail is thru port 25, how to make it to use port 587 (i
understand that is more secure).
Port 587 is not for inter-domain mail delivery. It is for submission
of mail by users (Outlook, Thunderbird, ...) to the
On Wed, Jun 10, 2015 at 03:54:31AM +, Viktor Dukhovni wrote:
Port 587 is not for inter-domain mail delivery. It is for submission
of mail by users (Outlook, Thunderbird, ...) to the outbound SMTP
server of their domain. If you're operating an MTA that sends mail
directly to remote
55 matches
Mail list logo
