Re: Is it me, or is there a problem elsewhere?

Am 22.07.2016 um 02:54 schrieb Michael J Wise: > > This isn't an ops list, but ... > >> For over a week now, I have been seeing DNS look-up failures - always >> with mailspike, both whitelist and blacklist. It is affecting about >> ten percent of my non-whitelisted connections. >> >> Jul 21

Re: Is it me, or is there a problem elsewhere?

On 2016-07-22 01:28, Allen Coates wrote: lookup error for DNS query 163.123.219.112.bl.mailspike.net: Host or domain name not found. Name service error for name=163.123.219.112.bl.mailspike.net type=A: Host not found, try again. Are other people experiencing similar difficulties, or is it my

Re: Is it me, or is there a problem elsewhere?

This isn't an ops list, but ... > For over a week now, I have been seeing DNS look-up failures - always > with mailspike, both whitelist and blacklist. It is affecting about > ten percent of my non-whitelisted connections. > > Jul 21 15:10:28 geronimo postfix/dnsblog[27737]: warning:

Re: owner- aliases causing mail duplication?

Wietse Venema: mailinglist: wietse, test, root owner-mailinglist: root test: test, t...@example.com First, mail to 'mailinglist' is forwarded as a new message without any mailbox or off-site delivery: Jul 21 09:52:05 wzv postfix/pickup[3011]: 1A543A0033: uid=0 from= Jul 21 09:52:05

Re: Postscreen client based access through reverse DNS lookup

On Thu, Jul 21, 2016 at 5:14 PM, Benny Pedersen wrote: > On 2016-07-21 20:27, Steve Jenkins wrote: > > whitelists and blacklists for Postscreen based on hostnames: >> https://github.com/stevejenkins/postwhite >> > > can blacklist be saved to seperate cidr file ?, so order of >

Is it me, or is there a problem elsewhere?

For over a week now, I have been seeing DNS look-up failures - always with mailspike, both whitelist and blacklist. It is affecting about ten percent of my non-whitelisted connections. Jul 21 15:10:28 geronimo postfix/dnsblog[27737]: warning: dnsblog_query: lookup

Re: Postscreen client based access through reverse DNS lookup

Benny Pedersen: > On 2016-07-21 20:27, Steve Jenkins wrote: > > > whitelists and blacklists for Postscreen based on hostnames: > > https://github.com/stevejenkins/postwhite > > can blacklist be saved to seperate cidr file ?, so order of > blacklist/whitelist is user choices ? :=) > > postfix

Re: Postscreen client based access through reverse DNS lookup

On 2016-07-21 20:27, Steve Jenkins wrote: whitelists and blacklists for Postscreen based on hostnames: https://github.com/stevejenkins/postwhite can blacklist be saved to seperate cidr file ?, so order of blacklist/whitelist is user choices ? :=) postfix have always being first match wins

Re: Feature-request: rfc5322_from_login_maps

Am 20.07.2016 um 18:03 schrieb Wietse Venema: In Postfix: require that MAIL FROM matches SASL login In Milter: require that MAIL FROM matches From: header. I took that suggestion and had a deeper look in OpenDKIM today. Parsing RFC5322.From /is/ complicated. But for my feeling OpenDKIM does

Re: Feature-request: rfc5322_from_login_maps

On 21.07.2016 16:34, Wietse Venema wrote: Presumably this would be done in the cleanup daemon (compare rfc5321.from with rfc5322.from). I don't think that 'it can be done in Postfix' means that doing so is necessarily a good idea. Absolutely correct :) Wietse Dominik

Re: Feature-request: rfc5322_from_login_maps

You're thinking of smtpd_end_of_data_restrictions, but there still your idea has a problem: smtpd is not examining the DATA, but merely passing it along to cleanup(8). The cleanup service is where the only native Postfix content checking (header and body checks, see the header_checks(5) manual

Re: Postscreen client based access through reverse DNS lookup

On Thu, Jul 21, 2016 at 10:28 AM, Lefteris Tsintjelis wrote: > > I am already doing this but I would personally much rather have the > choice of a domain white/black listing as it is a much cleaner solution > even for smaller and unlisted domains with the extra delay cost of a >

Re: Postscreen client based access through reverse DNS lookup

Lefteris Tsintjelis: > Would it be too much to ask for a single reverse DNS lookup client based > black/white listing in postscreen? I have already explained at length why postscreen will not query DNS domains other than the few DNSB/WLs that are configured by the Postfix system administrator.

Re: owner- aliases causing mail duplication?

Daniel Gnoutcheff: Checking application/pgp-signature: FAILURE -- Start of PGP signed section. [ Charset windows-1252 converted... ] > Thanks for the reply, Wietse! > > On 07/21/2016 10:21 AM, Wietse Venema wrote: > > So, no duplication. If you have duplication, perhaps there is a virtual > >

Re: Postscreen client based access through reverse DNS lookup

> On 21 Jul 2016, at 18:42, /dev/rob0 wrote: > > Can't you do the same thing (to solve your unstated problem, which I > assume might be to avoid delays with after-220 tests) with DNSWL and > postscreen_dnsbl_whitelist_threshold? > > Most large-scale legitimate senders are

Re: Postscreen client based access through reverse DNS lookup

On Thu, Jul 21, 2016 at 10:09 AM, Lefteris Tsintjelis wrote: > This is a CIDR based access list and you have to know the IP > Also... you don't need to know the IP. Postwhite looks it (them) up for you based on domain name and stuffs them into a Postscreen-friendly whitelist.

Re: Postscreen client based access through reverse DNS lookup

On Thu, Jul 21, 2016 at 10:09 AM, Lefteris Tsintjelis wrote: > On 21 Jul 2016, at 18:58, Steve Jenkins wrote: > > > If you're looking into Postscreen whitelisting, you might consider > including Postwhite in your solution: > > >

Re: Postscreen client based access through reverse DNS lookup

On 21 Jul 2016, at 18:58, Steve Jenkins wrote: > > If you're looking into Postscreen whitelisting, you might consider including > Postwhite in your solution: > >

Re: Postscreen client based access through reverse DNS lookup

On Thu, Jul 21, 2016 at 9:21 AM, Lefteris Tsintjelis wrote: > Would it be too much to ask for a single reverse DNS lookup client based > black/white listing in postscreen? > > ... > .gmail.com reject > .live.com reject > .postfix.org accept > ... > If you're looking into

Re: Postscreen client based access through reverse DNS lookup

On Thu, Jul 21, 2016 at 06:21:38PM +0300, Lefteris Tsintjelis wrote: > Would it be too much to ask for a single reverse DNS lookup client > based black/white listing in postscreen? > > ... > .gmail.com reject > .live.com reject > .postfix.org accept > ... Can't you do the same thing (to solve

Postscreen client based access through reverse DNS lookup

Would it be too much to ask for a single reverse DNS lookup client based black/white listing in postscreen? ... .gmail.com reject .live.com reject .postfix.org accept ...

Re: owner- aliases causing mail duplication?

Thanks for the reply, Wietse! On 07/21/2016 10:21 AM, Wietse Venema wrote: > So, no duplication. If you have duplication, perhaps there is a virtual alias > that you forgot to tell us about. The server in question (from which I derived my example log) does not appear to have any virtual aliases

Re: Feature-request: rfc5322_from_login_maps

/dev/rob0: [ Charset ISO-8859-1 converted... ] > On Wed, Jul 20, 2016 at 10:05:38PM +0200, Dominik Chilla wrote: > > On 20.07.2016 18:03, Wietse Venema wrote: > > >Dominik Chilla: > > > >>my postfix setup (submission-relay only!) requires an > > >>authenticated (SMTP-AUTH plain/login) sender.

Re: owner- aliases causing mail duplication?

Daniel Gnoutcheff: Checking application/pgp-signature: FAILURE -- Start of PGP signed section. > Hello all, > > One of the mailservers I maintain has something like this in its > /etc/aliases: > > > user1: user1, us...@some.other.domain.org This means: deliver mail for 'user1' to 'user1' and

Re: Feature-request: rfc5322_from_login_maps

On Wed, Jul 20, 2016 at 10:05:38PM +0200, Dominik Chilla wrote: > On 20.07.2016 18:03, Wietse Venema wrote: > >Dominik Chilla: > >>my postfix setup (submission-relay only!) requires an > >>authenticated (SMTP-AUTH plain/login) sender. Further it checks > >>if the envelope-sender matches the