RE: Can Postscreen and Smapassassin be used together

Hai, I thinking why not put them together Ik run a setup like this https://wiki.dest-unreachable.net/pages/viewpage.action?pageId=15892484 which uses postscreen spamassassin clamav and this works very wel for me. And the load is not to much, but depends on the amount of emails your

Re: Can Postscreen and Smapassassin be used together

* Ansgar Wiechers : > On 2015-09-10 Robert Chalmers wrote: > > I’m currently running postscreen, and am wondering how I would add > > spamassassin to the main.cf configuration, or are they mutually > > exclusive? > > I'm not sure if they technically can't be used together,

Re: Can Postscreen and Smapassassin be used together

Robert Chalmers: > I?m currently running postscreen, and am wondering how I would add > spamassassin to the main.cf configuration, or are they mutually exclusive? They are meant to coexist. postscreen implements the first layer in a multi-layer defense, header/body_checks are somewhere in the

Re: Can Postscreen and Smapassassin be used together

On 2015-09-10 Robert Chalmers wrote: > I’m currently running postscreen, and am wondering how I would add > spamassassin to the main.cf configuration, or are they mutually > exclusive? I'm not sure if they technically can't be used together, but they shouldn't be. Spamassassin is rather

Postfix ML Configuration for Sender Header

Hello, a while ago I changed my mail configuration for mailinglists. I have individual mail addresses for every mailing list and the configuration now looks like this: From: Sebastian Wiesinger Sender: postfix-us...@ml.karotte.org This has the advantage that off-list

Re: AntiSpam & AntiVirus Integration with Postfix: lots of tools, but which one's AREN'T 'dead'?

* joh...@fastmail.com [2015-09-09 03:03]: > Ken > > On Tue, Sep 8, 2015, at 05:49 PM, Ken Peng wrote: > > How about Spamassassin? we have been using it for a long time. > > And how are you integrating it into Postfix. That was my question > not whether to use Spamassassin.

Re: Can Postscreen and Smapassassin be used together

On 09/10/2015 06:37 PM, Robert Chalmers wrote: > I’m currently running postscreen, and am wondering how I would add > spamassassin to the main.cf configuration, or are they mutually > exclusive? In spite of what others have said, you can certainly use them together and many many installations do

ASPL: discarding a single recipient or a set of them from a multi-recipient message

Hello there, First of all, congratulate all folks behind this remarkable, predictable and reliable software that is postfix, which...at the same time is well documented (bonus). It is is difficult to find software with some of these attributes, but postfix have them all. --== CONTEXT OF THE

Re: ASPL: discarding a single recipient or a set of them from a multi-recipient message

Francis Brosnan Bl?zquez: > At this point, we are trying to discard based on the destination > domain and/or the local-part@ (without considering the destination > domain) by reporting a DISCARD code using delegation protocol (with > valvula [1]). As documented, the DISCARD action discards the

Re: Postfix ML Configuration for Sender Header

Sebastian Wiesinger: > Hello, > > a while ago I changed my mail configuration for mailinglists. I have > individual mail addresses for every mailing list and the configuration > now looks like this: > > From: Sebastian Wiesinger > Sender: postfix-us...@ml.karotte.org > >

Re: Can Postscreen and Smapassassin be used together

Am 10.09.2015 um 10:47 schrieb Peter: > What you don't want to do is run postscreen and postgrey on the same > system. you can do it if you use i.e postgrey very selective but for sure portscreen leaves not very much for postgrey Best Regards MfG Robert Schetterer -- [*] sys4 AG

Re: ASPL: discarding a single recipient or a set of them from a multi-recipient message

Hi Wietse, Thanks for your response. Assuming this information, it should discard as indicated by transport_maps. However, we are not seeing this behaviour. This is the course of events: 1) Mail is accepted by postfix. After that, an indication is passed to valvula on smtpd_data_restrictions:

Re: Can Postscreen and Smapassassin be used together

Am 10.09.2015 um 08:37 schrieb Robert Chalmers: > I’m currently running postscreen, and am wondering how I would add > spamassassin to the main.cf configuration, or are they mutually exclusive? > > no problem works nice , perhaps use it as milter Best Regards MfG Robert Schetterer -- [*]

content_filter and transport_map on outgoing mail interaction

Hi there, We have a transport map setup so that mail destined for the local domain or from some subdomain email servers is not routed to our relay gateway. These entries have a null gateway set. Mail destined for all other domains is routed via our relay. e.g serve...@server01.abc.co.za :

Re: ASPL: discarding a single recipient or a set of them from a multi-recipient message

Hi Wietse, Thanks for your response, > This is how Postfix content filters work: > > postfix1 -> filter -> postfix2 > > The filter takes precedence in postfix1; Just to clarify we are talking about the same thing, "filter" is not a "content filter" taking the mail from postfix and

Re: content_filter and transport_map on outgoing mail interaction

On Thu, Sep 10, 2015 at 06:12:44PM +0200, Mark Clarke wrote: > We need to apply a content_filter to all outgoing mail. To do this we have > set up two smtp processes in master.cf > > 192.168.10.73:smtp inet n - - - - smtpd > 192.168.10.72:smtp inet n -

Re: ASPL: discarding a single recipient or a set of them from a multi-recipient message

On Thu, Sep 10, 2015 at 07:01:59PM +0200, Francis Brosnan Blázquez wrote: > > This is how Postfix content filters work: > > > > postfix1 -> filter -> postfix2 > > > > The filter takes precedence in postfix1; > > Just to clarify we are talking about the same thing, "filter" is not a >

Re: ASPL: discarding a single recipient or a set of them from a multi-recipient message

Hi Wietse, > transport_maps takes effect ONLY AFTER the filter has processed the message. Ok, so because transport_maps takes effect after filter, do you mean transport_maps declarations will never take effect because at the time filter finished, the delivery attempt was already made? >

Re: ASPL: discarding a single recipient or a set of them from a multi-recipient message

Francis Brosnan Bl?zquez: > Hi Wietse, > > > transport_maps takes effect ONLY AFTER the filter has processed the message. > > Ok, so because transport_maps takes effect after filter, do you mean > transport_maps declarations will never take effect because at the time > filter finished, the

Re: ASPL: discarding a single recipient or a set of them from a multi-recipient message

Francis Brosnan Bl?zquez: > 2) Then, valvula based on its configuration, reports FILTER transp2: > > Sep 10 16:49:53 host valvulad[16853]: info: FILTER: > fran...@aspl.es -> w...@asplhost.com > (sasl_user=mailing-sasluser), port 3579, rcpt count=1, queue-id >

Re: ASPL: discarding a single recipient or a set of them from a multi-recipient message

On Thu, Sep 10, 2015 at 07:52:37PM +0200, Francis Brosnan Blázquez wrote: > Ok, so Victor, going back to the initial question, assuming that: > > 1) We need that "FILTER transp2:", through the delegation protocol, to > setup different outgoing IP (it seems there's no other way to do this), By

Re: Require DNSSEC signed MX RRs

On Thu, Sep 10, 2015 at 08:39:38PM +0200, Michael Ströder wrote: > Maybe there should be some additional text for 'dane-only' in [1]? > I'm not sure about the correct wording though. I think it is fine as-is. The "dane-only" security level requires that a peer be DANE authenticated, which means

Re: Require DNSSEC signed MX RRs

Viktor Dukhovni wrote: > On Thu, Sep 10, 2015 at 07:44:19PM +0200, Michael Ströder wrote: > >> Looking at [1] it's not clear to me whether it's possible to require MX RRs >> of >> a recipient domain to be DNSSEC signed. Any other configuration option for >> that? > > Postfix, at present, does

Re: ASPL: discarding a single recipient or a set of them from a multi-recipient message

Hi Victor, Thanks for your response, > If your policy service says "FILTER ..." it is setting a > content_filter that preempts transport table routing for *all* > recipients. Ok, thanks for clarifying this. It was one of questions we did but wasn't resolved (from my previous mail): It

Re: Require DNSSEC signed MX RRs

Viktor Dukhovni wrote: > On Thu, Sep 10, 2015 at 08:39:38PM +0200, Michael Ströder wrote: > >> Maybe there should be some additional text for 'dane-only' in [1]? >> I'm not sure about the correct wording though. > > I think it is fine as-is. The "dane-only" security level requires > that a peer

Require DNSSEC signed MX RRs

HI! Looking at [1] it's not clear to me whether it's possible to require MX RRs of a recipient domain to be DNSSEC signed. Any other configuration option for that? Ciao, Michael. [1] http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps smime.p7s Description: S/MIME Cryptographic

Re: Check NS (name or IP) against RBL

On Fri, Sep 11, 2015 at 12:25:56AM +0300, Marius Gologan wrote: > Is there any way to check the name server (name and/or IP) of the Sender > domain against RBL service? Only via a policy service that does the relevant DNS lookups. -- Viktor.

Re: Check NS (name or IP) against RBL

Viktor Dukhovni: > On Fri, Sep 11, 2015 at 12:25:56AM +0300, Marius Gologan wrote: > > > Is there any way to check the name server (name and/or IP) of the Sender > > domain against RBL service? > > Only via a policy service that does the relevant DNS lookups. I have used check_sender_ns_access

Dynamic 'myhostname'

Hi, I'm trialling DMARC to two of my domains. On checking the results when posting from the secondary domain I receive 'SPF Domain Alignment Result = FAIL'. I think this is because postfix always says HELO with the primary domain name, which is obviously different to the secondary. Is

Re: Require DNSSEC signed MX RRs

On Thu, Sep 10, 2015 at 08:57:50PM +0200, Michael Ströder wrote: > > One might also imagine an alternative interface: > > > > example.com secure match=nexthop:dot-nexthop:dnssec-hostname > > > > Where "dnssec-hostname" matches the hostname only if securely > > obtained. This would not

Re: content_filter and transport_map on outgoing mail interaction

Ok, figured it out. Read up more on the postfix architecture and confirmed that it should work as the content_filter will run on the mail once it has been received and before it is delivered via smtp to its destination. The issue was that I am submitting on the submission port 587 and needed to

Re: Dynamic 'myhostname'

Mick: > Hi, > > I'm trialling DMARC to two of my domains. On checking the results when > posting from the secondary domain I receive 'SPF Domain Alignment Result > = FAIL'. I think this is because postfix always says HELO with the > primary domain name, which is obviously different to the

Re: ASPL: discarding a single recipient or a set of them from a multi-recipient message

Hi Victor, Thanks for your response. At least, now we know the path we don't have to follow, > > 1) We need that "FILTER transp2:", through the delegation protocol, to > > setup different outgoing IP (it seems there's no other way to do this), > > By sender: > > >

Re: Can Postscreen and Smapassassin be used together

--On September 10, 2015 at 7:37:09 AM +0100 Robert Chalmers wrote: I’m currently running postscreen, and am wondering how I would add spamassassin to the main.cf configuration, or are they mutually exclusive? After reading all the answers (I confess I was amazed by

Re: ASPL: discarding a single recipient or a set of them from a multi-recipient message

On Thu, Sep 10, 2015 at 10:06:24PM +0200, Francis Brosnan Blázquez wrote: > > > 1) We need that "FILTER transp2:", through the delegation protocol, to > > > setup different outgoing IP (it seems there's no other way to do this), > > > > By sender: > > > > > >

Re: Dynamic 'myhostname'

On 10/09/2015 21:13, Wietse Venema wrote: Mick: Hi, I'm trialling DMARC to two of my domains. On checking the results when posting from the secondary domain I receive 'SPF Domain Alignment Result = FAIL'. I think this is because postfix always says HELO with the primary domain name, which is

Check NS (name or IP) against RBL

Hi, Is there any way to check the name server (name and/or IP) of the Sender domain against RBL service? Thank you. Marius. smime.p7s Description: S/MIME cryptographic signature

Can Postscreen and Smapassassin be used together

I’m currently running postscreen, and am wondering how I would add spamassassin to the main.cf configuration, or are they mutually exclusive?

Re: Require DNSSEC signed MX RRs

On Thu, Sep 10, 2015 at 07:44:19PM +0200, Michael Ströder wrote: > Looking at [1] it's not clear to me whether it's possible to require MX RRs of > a recipient domain to be DNSSEC signed. Any other configuration option for > that? Postfix, at present, does not support requiring a DNSSEC-signed