Am 22.07.2016 um 02:54 schrieb Michael J Wise:
>
> This isn't an ops list, but ...
>
>> For over a week now, I have been seeing DNS look-up failures - always
>> with mailspike, both whitelist and blacklist. It is affecting about
>> ten percent of my non-whitelisted connections.
>>
>> Jul 21
On 2016-07-22 01:28, Allen Coates wrote:
lookup error for DNS query 163.123.219.112.bl.mailspike.net: Host or
domain name not found. Name service error for
name=163.123.219.112.bl.mailspike.net type=A: Host not found, try
again.
Are other people experiencing similar difficulties, or is it my
This isn't an ops list, but ...
> For over a week now, I have been seeing DNS look-up failures - always
> with mailspike, both whitelist and blacklist. It is affecting about
> ten percent of my non-whitelisted connections.
>
> Jul 21 15:10:28 geronimo postfix/dnsblog[27737]: warning:
Wietse Venema:
mailinglist: wietse, test, root
owner-mailinglist: root
test: test, t...@example.com
First, mail to 'mailinglist' is forwarded as a new message without
any mailbox or off-site delivery:
Jul 21 09:52:05 wzv postfix/pickup[3011]: 1A543A0033: uid=0 from=
Jul 21 09:52:05
On Thu, Jul 21, 2016 at 5:14 PM, Benny Pedersen wrote:
> On 2016-07-21 20:27, Steve Jenkins wrote:
>
> whitelists and blacklists for Postscreen based on hostnames:
>> https://github.com/stevejenkins/postwhite
>>
>
> can blacklist be saved to seperate cidr file ?, so order of
>
For over a week now, I have been seeing DNS look-up failures - always
with mailspike, both whitelist and blacklist. It is affecting about
ten percent of my non-whitelisted connections.
Jul 21 15:10:28 geronimo postfix/dnsblog[27737]: warning: dnsblog_query:
lookup
Benny Pedersen:
> On 2016-07-21 20:27, Steve Jenkins wrote:
>
> > whitelists and blacklists for Postscreen based on hostnames:
> > https://github.com/stevejenkins/postwhite
>
> can blacklist be saved to seperate cidr file ?, so order of
> blacklist/whitelist is user choices ? :=)
>
> postfix
On 2016-07-21 20:27, Steve Jenkins wrote:
whitelists and blacklists for Postscreen based on hostnames:
https://github.com/stevejenkins/postwhite
can blacklist be saved to seperate cidr file ?, so order of
blacklist/whitelist is user choices ? :=)
postfix have always being first match wins
Am 20.07.2016 um 18:03 schrieb Wietse Venema:
In Postfix: require that MAIL FROM matches SASL login
In Milter: require that MAIL FROM matches From: header.
I took that suggestion and had a deeper look in OpenDKIM today.
Parsing RFC5322.From /is/ complicated. But for my feeling OpenDKIM does
On 21.07.2016 16:34, Wietse Venema wrote:
Presumably this would be done in the cleanup daemon (compare
rfc5321.from with rfc5322.from). I don't think that 'it can be done
in Postfix' means that doing so is necessarily a good idea.
Absolutely correct :)
Wietse
Dominik
You're thinking of smtpd_end_of_data_restrictions, but there still
your idea has a problem: smtpd is not examining the DATA, but merely
passing it along to cleanup(8). The cleanup service is where the
only native Postfix content checking (header and body checks, see the
header_checks(5) manual
On Thu, Jul 21, 2016 at 10:28 AM, Lefteris Tsintjelis wrote:
>
> I am already doing this but I would personally much rather have the
> choice of a domain white/black listing as it is a much cleaner solution
> even for smaller and unlisted domains with the extra delay cost of a
>
Lefteris Tsintjelis:
> Would it be too much to ask for a single reverse DNS lookup client based
> black/white listing in postscreen?
I have already explained at length why postscreen will not query
DNS domains other than the few DNSB/WLs that are configured by the
Postfix system administrator.
Daniel Gnoutcheff:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
[ Charset windows-1252 converted... ]
> Thanks for the reply, Wietse!
>
> On 07/21/2016 10:21 AM, Wietse Venema wrote:
> > So, no duplication. If you have duplication, perhaps there is a virtual
> >
> On 21 Jul 2016, at 18:42, /dev/rob0 wrote:
>
> Can't you do the same thing (to solve your unstated problem, which I
> assume might be to avoid delays with after-220 tests) with DNSWL and
> postscreen_dnsbl_whitelist_threshold?
>
> Most large-scale legitimate senders are
On Thu, Jul 21, 2016 at 10:09 AM, Lefteris Tsintjelis wrote:
> This is a CIDR based access list and you have to know the IP
>
Also... you don't need to know the IP. Postwhite looks it (them) up for you
based on domain name and stuffs them into a Postscreen-friendly whitelist.
On Thu, Jul 21, 2016 at 10:09 AM, Lefteris Tsintjelis wrote:
> On 21 Jul 2016, at 18:58, Steve Jenkins wrote:
>
>
> If you're looking into Postscreen whitelisting, you might consider
> including Postwhite in your solution:
>
>
>
On 21 Jul 2016, at 18:58, Steve Jenkins wrote:
>
> If you're looking into Postscreen whitelisting, you might consider including
> Postwhite in your solution:
>
>
On Thu, Jul 21, 2016 at 9:21 AM, Lefteris Tsintjelis wrote:
> Would it be too much to ask for a single reverse DNS lookup client based
> black/white listing in postscreen?
>
> ...
> .gmail.com reject
> .live.com reject
> .postfix.org accept
> ...
>
If you're looking into
On Thu, Jul 21, 2016 at 06:21:38PM +0300, Lefteris Tsintjelis wrote:
> Would it be too much to ask for a single reverse DNS lookup client
> based black/white listing in postscreen?
>
> ...
> .gmail.com reject
> .live.com reject
> .postfix.org accept
> ...
Can't you do the same thing (to solve
Would it be too much to ask for a single reverse DNS lookup client based
black/white listing in postscreen?
...
.gmail.com reject
.live.com reject
.postfix.org accept
...
Thanks for the reply, Wietse!
On 07/21/2016 10:21 AM, Wietse Venema wrote:
> So, no duplication. If you have duplication, perhaps there is a virtual alias
> that you forgot to tell us about.
The server in question (from which I derived my example log) does not
appear to have any virtual aliases
/dev/rob0:
[ Charset ISO-8859-1 converted... ]
> On Wed, Jul 20, 2016 at 10:05:38PM +0200, Dominik Chilla wrote:
> > On 20.07.2016 18:03, Wietse Venema wrote:
> > >Dominik Chilla:
>
> > >>my postfix setup (submission-relay only!) requires an
> > >>authenticated (SMTP-AUTH plain/login) sender.
Daniel Gnoutcheff:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> Hello all,
>
> One of the mailservers I maintain has something like this in its
> /etc/aliases:
>
> > user1: user1, us...@some.other.domain.org
This means: deliver mail for 'user1' to 'user1' and
On Wed, Jul 20, 2016 at 10:05:38PM +0200, Dominik Chilla wrote:
> On 20.07.2016 18:03, Wietse Venema wrote:
> >Dominik Chilla:
> >>my postfix setup (submission-relay only!) requires an
> >>authenticated (SMTP-AUTH plain/login) sender. Further it checks
> >>if the envelope-sender matches the
25 matches
Mail list logo