Re: postfix docs re "SPF Support"?

On Wednesday, April 06, 2016 09:31:24 AM jaso...@mail-central.com wrote: > Since pypolicyd-spf has been causing me lots of problems (upstream is > helping on it at launchpad), I decided to look for a more reliable > alternative just in case. > > The Postfix Add-Ons page (http://www.postfix.org/add

Re: False positives from header_checks

Since pcre evaluates in order you could add /^Content-(Disposition|Type).*;??x-apple-part-url="[^"]+"$/x DUNNO before the pcre that does the rejection. Since "." is commonly "%2E" you could also change the "\." in the RE to "(\.|%2E)". That doesn't solve base64 encoding. Disclaimer: I have

Re: False positives from header_checks

This is great information. It's very odd ... Apple has been responsible for the foundation of quite a few RFC's but in our experience has actually made it difficult for our software to both comply with the RFC as well as Apple's client software. Thank you Cedric. ~ Laz Peterson Paravis, LLC >

False positives from header_checks

The documentation for header_checks includes an example to "block attachments with bad file name extensions", and I expect many installations have a similar rule to cut down on malware. This reads: /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( ade|adp|asp|bas|bat|chm|cmd|com|cpl|cr

Plus addressing on Sentora using Postfix

I am running Ubuntu Ubuntu 14.04.4 LTS “Trusty” and "postconf -d | grep mail_version” gives me “mail_version = 2.11.0”. I have installed Sentora (http://sentora.org) which sets most of the configuration up for Postfix up, I have made some changes to allow me to use certificates for IMAP and SMT

Re: Need help with relay setup

On 4/6/2016 3:34 PM, John Stoffel wrote: >> "Noel" == Noel Jones writes: > masquerading. I've setup my /etc/postfix transport_maps like this: > > # > # Added to make lotus notes and exchange happy > # > hdqmta.foo.bar.com hdqmta > exmail1.foo.bar.com exmail1 > > > But

Re: Need help with relay setup

> "Noel" == Noel Jones writes: Noel> On 4/6/2016 10:11 AM, John Stoffel wrote: >>> "Noel" == Noel Jones writes: >> Noel> On 4/6/2016 8:06 AM, John Stoffel wrote: Can I force the fallback_transport to re-write, before using the fallback, john.t...@foo.bar.com into john.t...@hdq

Re: ETSI Registered Email implementations?

> Does anyone know of any open source implementations of ETSI's > "Registered Email" standard (ETSI TS 102 640)? I think this is > different than Italy's "Certified Email" (RFC 6109). Is this on anyone's radar? Is there a better place to discuss?

Re: How to log output from whatever pipe runs ?

[Same program, same UID, different results depending on whether the program runs under postfix pipe(8) or as "su user -c command"] Wietse: >Try disabling SeLinux/AppArmor/etc. security. chaouche yacine: > Thanks Wietse. They don't seem to be installed though. Next, have a look at the permission

what error is being reported back to sender, and how to avoid reporting back internal server ports?

I added SPF and header_checks to my Postfix setup. I'm following the message path, and have a couple questions about what error gets reported back to the sender. After postscreen PASS, I check for SPF, then hand off to Amavis preque for DKIM psint pass - - n - - smtpd -o recei

Re: bad.psky.me RBL?

--On Wednesday, April 06, 2016 1:23 PM -0500 Noel Jones wrote: On 4/6/2016 10:52 AM, Quanah Gibson-Mount wrote: --On Wednesday, April 06, 2016 6:36 PM +0200 lst_ho...@kwsoft.de wrote: Zitat von Quanah Gibson-Mount : Is anyone familiar with this RBL and its quality? Not a whole lot of in

Re: postfix docs re "SPF Support"?

On Wed, Apr 6, 2016, at 10:20 AM, Noel Jones wrote: > A third-party policy daemon or milter is required for SPF. Postfix > ships with support for these external third-party programs. > > Postfix does not include nor officially recommend any particular > add-on SPF policy or milter. If that's t

Re: bad.psky.me RBL?

On 4/6/2016 10:52 AM, Quanah Gibson-Mount wrote: > --On Wednesday, April 06, 2016 6:36 PM +0200 lst_ho...@kwsoft.de wrote: > >> >> Zitat von Quanah Gibson-Mount : >> >>> Is anyone familiar with this RBL and its quality? Not a whole lot >>> of info at . Terms seem proba

Re: postfix docs re "SPF Support"?

On 4/6/2016 11:31 AM, jaso...@mail-central.com wrote: > Since pypolicyd-spf has been causing me lots of problems (upstream is helping > on it at launchpad), I decided to look for a more reliable alternative just > in case. > > The Postfix Add-Ons page (http://www.postfix.org/addon.html) says >

Re: How to log output from whatever pipe runs ?

Ok so after reading the previous answer from courier-imap I ended up setting a setuid bit on the maildrop binary so that it is executed with root privileges. The authdaemon directory was stripped of its world readable and executable permissions. Thank you all ! On Wednesday, April 6, 201

postfix docs re "SPF Support"?

Since pypolicyd-spf has been causing me lots of problems (upstream is helping on it at launchpad), I decided to look for a more reliable alternative just in case. The Postfix Add-Ons page (http://www.postfix.org/addon.html) says Note: Postfix already ships with SPF support, in the form

Re: How to log output from whatever pipe runs ?

On Wednesday, April 6, 2016 4:42 PM, Viktor Dukhovni wrote: >On Wed, Apr 06, 2016 at 01:38:46PM +, chaouche yacine wrote: > >> maildrop  unix  -  n  n  -  -  pipe >> flags=DRhu user=vmail argv=/var/vmail/maildropwrapper -V9 -d ${recipient} > > >    http://www.post

Re: postscreen cache size & db type?

On Wed, Apr 6, 2016, at 09:12 AM, Noel Jones wrote: > > postfix/postscreen[18826]: cache > > btree:/var/lib/postfix/postscreen_cache full cleanup: retained=224 > > dropped=12 entries > > > > It looks like it's happening because they're 'full' at the time. > They are removed because they are

Re: postscreen cache size & db type?

On 4/6/2016 10:38 AM, jaso...@mail-central.com wrote: > In my logs I see postscreen cache cleanups > > postfix/postscreen[18826]: cache > btree:/var/lib/postfix/postscreen_cache full cleanup: retained=224 dropped=12 > entries > > It looks like it's happening because they're 'full' at the

Re: bad.psky.me RBL?

--On Wednesday, April 06, 2016 6:36 PM +0200 lst_ho...@kwsoft.de wrote: Zitat von Quanah Gibson-Mount : Is anyone familiar with this RBL and its quality? Not a whole lot of info at . Terms seem probably ok . If there isn't a lot of inf

Re: How to log output from whatever pipe runs ?

On Wed, Apr 06, 2016 at 01:38:46PM +, chaouche yacine wrote: > maildrop unix - n n - - pipe > flags=DRhu user=vmail argv=/var/vmail/maildropwrapper -V9 -d ${recipient} http://www.postfix.org/pipe.8.html user=username:groupname Execute

postscreen cache size & db type?

In my logs I see postscreen cache cleanups postfix/postscreen[18826]: cache btree:/var/lib/postfix/postscreen_cache full cleanup: retained=224 dropped=12 entries It looks like it's happening because they're 'full' at the time. Under "CACHE CONTROLS" & "RESOURCE CONTROLS" @ http://www.

Re: bad.psky.me RBL?

Zitat von Quanah Gibson-Mount : Is anyone familiar with this RBL and its quality? Not a whole lot of info at . Terms seem probably ok . If there isn't a lot of info, expect the worst. You should always be aware that you "outsource"

Re: Need help with relay setup

On 4/6/2016 10:11 AM, John Stoffel wrote: >> "Noel" == Noel Jones writes: > > Noel> On 4/6/2016 8:06 AM, John Stoffel wrote: >>> Can I force the fallback_transport to re-write, before using the >>> fallback, john.t...@foo.bar.com into john.t...@hdqmta.foo.bar.com? >>> Since I think that's the

Re: How to log output from whatever pipe runs ?

On Wednesday, April 6, 2016 3:24 PM, Wietse Venema wrote: >Try disabling SeLinux/AppArmor/etc. security. > > > Wietse Thanks Wietse. They don't seem to be installed though. sestatus is not available root@messagerie[10.10.10.20] /etc/apparmor.d # sestatus -bash: sestatus: command not found

Re: Need help with relay setup

> "Noel" == Noel Jones writes: Noel> On 4/6/2016 8:06 AM, John Stoffel wrote: >> Can I force the fallback_transport to re-write, before using the >> fallback, john.t...@foo.bar.com into john.t...@hdqmta.foo.bar.com? >> Since I think that's the problem? Noel> Perhaps this is what you're miss

bad.psky.me RBL?

Is anyone familiar with this RBL and its quality? Not a whole lot of info at . Terms seem probably ok . Thanks, Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. Zimbra :: the leader in open source messa

Re: cyrus saslauthd error handling

On 2016-04-06 16:19, Benning, Markus wrote: In sasl.h: #define SASL_FAIL -1 /* generic failure */ Could this one be added to the AUTH_TEMP case? Could it be that the libsasl uses SASL_FAIL also in case of a wrong password? In this case i think it would be an error in libsasl. It ins

cyrus saslauthd error handling

Hi, when i use a cyrus saslauthd: pwcheck_method: saslauthd mech_list: plain login saslauthd_path: /var/run/kokolores/mux And the saslauthd is not running. Then the socket /var/run/kokolores/mux does not exist and postfix returns 535 5.7.8 Error: authentication failed: generic failure Shoul

Re: How to log output from whatever pipe runs ?

chaouche yacine: > vmail@messagerie:/var/vmail$ cat /tmp/maildrop > Wed Apr 6 14:26:45 CET 2016 > running maildrop as vmail with arguments -V9 -d a.chaou...@algerian-radio.dz > je suis toujours l? > ERR: authdaemon: s_connect() failed: Permission denied > Invalid user specified. > suis-je toujours

Re: Need help with relay setup

On 4/6/2016 8:06 AM, John Stoffel wrote: > Can I force the fallback_transport to re-write, before using the > fallback, john.t...@foo.bar.com into john.t...@hdqmta.foo.bar.com? > Since I think that's the problem? Perhaps this is what you're missing: http://www.postfix.org/ADDRESS_REWRITING_README

Re: How to log output from whatever pipe runs ?

On Thursday, March 31, 2016 5:11 PM, Wietse Venema wrote: > Have to tried to run it by hand as user > VMAIL, just like you configured in master.cf? > >Wietse Yes, in fact, I have run it in 4 different ways. When I run maildropwrapper from the command line mail is delivered to the right Mai

Need help with relay setup

Hi Guys, I'm trying to replace an old Sun 5.8 box running Sendmail 8.12.x with a newer RHEL 6 box running Postfix 2.6.6, which I know is unsupported and I should upgrade. But it's what comes from RedHat and it's what I'm working with right now. Anyway, I'm going nuts trying to make my crazy env

ETSI Registered Email implementations?

Greetings, Does anyone know of any open source implementations of ETSI's "Registered Email" standard (ETSI TS 102 640)? I think this is different than Italy's "Certified Email" (RFC 6109). I had a quick search of the archives, but nothing came up at all, and Google searches don't turn up anything