Re: Dot-prefixed subdomain behavior - possible bug

On Mon, Mar 28, 2016 at 04:52:04PM -0700, Michael Fischer wrote: > In Postfix 2.10, the default value of > $parent_domain_matches_subdomains changed from: > > parent_domain_matches_subdomains = >

Re: block all mail from mta's with a FQDN match?

On Mon, Mar 28, 2016 at 06:03:53PM -0700, jaso...@mail-central.com wrote: > Viktor > > On Mon, Mar 28, 2016, at 04:25 PM, Viktor Dukhovni wrote: > > main.cf: > > smtpd_client_restrictions = > > check_ns_access pcre:${config_directory}/ns-access.pcre > > I'm working on setting this up. >

Re: block all mail from mta's with a FQDN match?

Viktor On Mon, Mar 28, 2016, at 04:25 PM, Viktor Dukhovni wrote: > main.cf: > smtpd_client_restrictions = > check_ns_access pcre:${config_directory}/ns-access.pcre I'm working on setting this up. When I use your example, in my logs I see warning: unknown smtpd restriction:

Re: block all mail from mta's with a FQDN match?

On 28 Mar 2016, at 20:19, jaso...@mail-central.com wrote: Then block on the following 82.196.0.0/16 37.139.0.0/16 198.211.0.0/16 198.199.127.0/24 At this stage, that's harsh -- those are DigitalOcean blocks. No, they are not. The /16's are all PARTLY Digital Ocean, but each of them is

Re: block all mail from mta's with a FQDN match?

> Then block on the following > > 82.196.0.0/16 > 37.139.0.0/16 > 198.211.0.0/16 > 198.199.127.0/24 At this stage, that's harsh -- those are DigitalOcean blocks. Not that I'm a fan of the 'flow' of email I see from them, but right now -- servers with NS @ synapp.io seems a good enough

Re: block all mail from mta's with a FQDN match?

On Mon, Mar 28, 2016 at 07:25:43PM -0400, Viktor Dukhovni wrote: > > > On Mar 28, 2016, at 5:53 PM, jaso...@mail-central.com wrote: > > > > How would I match/block access to mail sent from MTAs that have FQDNs that > > start with > > > >mta-wk-* > > > > it's not a header, it's not

Dot-prefixed subdomain behavior - possible bug

In Postfix 2.10, the default value of $parent_domain_matches_subdomains changed from: parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps To: parent_domain_matches_subdomains =

Re: block all mail from mta's with a FQDN match?

On Mon, Mar 28, 2016, at 04:25 PM, Viktor Dukhovni wrote: > ratineer.com. 600 IN NS kilmer-dns2.synapp.io > > main.cf: > smtpd_client_restrictions = > check_ns_access pcre:${config_directory}/ns-access.pcre > > smtpd_restriction_classes = no_mta_wk > >

Re: block all mail from mta's with a FQDN match?

> On Mar 28, 2016, at 5:53 PM, jaso...@mail-central.com wrote: > > How would I match/block access to mail sent from MTAs that have FQDNs that > start with > >mta-wk-* > > it's not a header, it's not content, it's not an IP ... > > but, it's clearly logged in my postfix logs > >

Re: block all mail from mta's with a FQDN match?

On 28 Mar 2016, at 17:53, jaso...@mail-central.com wrote: Hi, How would I match/block access to mail sent from MTAs that have FQDNs that start with mta-wk-* it's not a header, it's not content, it's not an IP ... From the magical command "man 5 postconf" you can find this and many

Re: block all mail from mta's with a FQDN match?

On Mon, Mar 28, 2016 at 02:53:41PM -0700, jaso...@mail-central.com wrote: > How would I match/block access to mail sent from MTAs that have > FQDNs that start with > > mta-wk-* > > it's not a header, it's not content, it's not an IP ... It's a bird! It's a plane! It's ... a FCrDNS

block all mail from mta's with a FQDN match?

Hi, How would I match/block access to mail sent from MTAs that have FQDNs that start with mta-wk-* it's not a header, it's not content, it's not an IP ... but, it's clearly logged in my postfix logs postfix.log:Mar 24 13:00:42 mail2 postfix/int01/smtpd[20932]: connect from

Re: Hardware with non-FQDN EHLO

On Mon, Mar 28, 2016 at 05:32:24PM -0400, Curtis Villamizar wrote: > > No need for a CIDR table or any other workarounds. > > > > smtpd_helo_restrictions = > >permit_mynetworks > >permit_sasl_authenticated > >reject_non_fqdn_helo_hostname > >... any other stuff... > > > On

Re: Hardware with non-FQDN EHLO

In message <56f6c728.2090...@megan.vbhcs.org> Noel Jones writes: > > On 3/26/2016 7:18 AM, Nicols wrote: > > Thanks Wietse and Rob, > > > > The client indeed uses SASL, but it gets rejected at HELO/EHLO time. > > I will observe these days if I can fence in a reduced CIDR range and > > use

Re: Webmin with Postfix: recommended or not.

Am 26.03.2016 um 23:48 schrieb Tom Browder: > I am considering using Webmin on my servers and see that it has a > Postfix module. Does anyone have any experience with it or have an > opinion to offer ref its ability to manage Postfix? > > Thanks. > > Best regards, i used it on relays , and

Re: Cascade smtp delivery failure when one smtp fails

Pedro David Marco: > NOW, if one smtp process delivery takes long, long long... until > it dies for the watchdog timeout, That's 18000s, or 5 hours (setting: daemon_timeout in main.cf). If you still have not fixed the watchdog problem, you should not be asking performance-related questions. Find

Re: Cascade smtp delivery failure when one smtp fails

On 3/28/2016 9:15 AM, Pedro David Marco wrote: > Hello everybody! > > it seems to me that when qmgr wants to deliver an email via smtp, qmgr > "assigns" it to a smtp process. As long as there are no > concurrency needs, the same smtp process is used repeatedly even for > diferent domain

Re: Webmin with Postfix: recommended or not.

On 27/03/2016 2:08 PM, Steve Jenkins wrote: On Sat, Mar 26, 2016 at 3:48 PM, Tom Browder > wrote: I am considering using Webmin on my servers and see that it has a Postfix module. Does anyone have any experience with it or have an

Re: Cascade smtp delivery failure when one smtp fails

> On Mar 28, 2016, at 10:15 AM, Pedro David Marco > wrote: > > It seems to me that when qmgr wants to deliver an email via smtp, qmgr > "assigns" it to a smtp process. As long as there are no concurrency > needs, the same smtp process is used repeatedly even for

Cascade smtp delivery failure when one smtp fails

Hello everybody! it seems to me that when qmgr wants to deliver an email via smtp, qmgr "assigns" it to a smtp process. As long as there are no concurrency needs, the same smtp process is used repeatedly even for diferent domain destinations. Ok so far! NOW, if one smtp process delivery