Procmail Advice

So I have a problem in that using egrep and python my regexp works fine. However, when I implement this regexp in procmail it does not. I have handled the space-before-backslash issue already... but is there another nuance I am not understanding? Is there a way to have procmail process an

Re: Best place to filter spam (x-original-to, no_address_mappings)

On 2016-11-21 16:15, @lbutlr wrote: On Nov 21, 2016, at 3:30 PM, MRob wrote: Appreciate the reply, but I wasn't asking how to set it up. I thought my question made it clear I was asking about the pros/cons of the placement of SA in the mail flow. No, that wasn’t clear.

Re: Question about reject_unverified_recipient in smtpd_recipient_restrictions

Gerben Wierda: > I did another test. I changed the recipient restrictions to: > > smtpd_recipient_restrictions = > reject_unauth_pipelining, > reject_non_fqdn_recipient, > permit_sasl_authenticated, > permit_mynetworks, Due to permit_mynetworks, sending mail from a

Re: Veracode reported vulnerabilities

Mc Security: > Here are the line numbers for the remaining two items: > > 1. Buffer overflow Sourcefile: dns_rr.c, Line: 129, Module: dnsblog False positive. Veracode does not understand how the code works. > 2. Buffer oevrflow Sourcefile: tls_scache.c, Line: 208, Module: smtpd Same

Re: AW: Possible Bug ? postfix 3.1.0-3 fails on mysql table lookup

Hey Guys, this issue has decayed a bit but I now finally found the time (and the nerves) to integrate the fix in my system. I'm running Ubuntu 16.04 and trying not change to many things and be able to have clean comparison I applied the patch to the apt sources and only replaced the

Re: Best place to filter spam (x-original-to, no_address_mappings)

On Nov 21, 2016, at 3:30 PM, MRob wrote: > Appreciate the reply, but I wasn't asking how to set it up. I thought my > question made it clear I was asking about the pros/cons of the placement of > SA in the mail flow. No, that wasn’t clear. At least not to me. The main

Re: Veracode reported vulnerabilities

> On Nov 21, 2016, at 5:44 PM, Mc Security wrote: > > I see that there is careful memory allocation done for DNS_RR and > TLS_SCACHE_ENTRY in in dns_rr.c and tls_scache.c respectively so that buffer > overflow is not caused. However, a confirmation would be great. I think

Re: Veracode reported vulnerabilities

I see that there is careful memory allocation done for DNS_RR and TLS_SCACHE_ENTRY in in dns_rr.c and tls_scache.c respectively so that buffer overflow is not caused. However, a confirmation would be great. On Mon, Nov 21, 2016 at 1:51 PM, Mc Security wrote: > Here are the

Re: Best place to filter spam (x-original-to, no_address_mappings)

On 2016-11-21 13:06, @lbutlr wrote: On Nov 21, 2016, at 11:43 AM, MRob wrote: On 2016-11-18 21:03, MRob wrote: Hello, I am looking at a system where SpamAssassin is called out from the delivery agent. I know there will be a difference here in terms of the envelope

Re: Best place to filter spam (x-original-to, no_address_mappings)

On 2016-11-21 11:58, wie...@porcupine.org wrote: MRob: Can anyone help with this please? Looks like this is not a common use case. I'm looking for conceptual clarification, as in what, if any, difference the envelope fields have when a message is inspected at the content_filter scope,

Re: postscreen logging

On 11/21/2016 2:46 PM, @lbutlr wrote: > I am wondering what the various possible types of events postscreen logs. I > checked man postsreen(8) but it doesn’t seem to give them. > > I know there are PASS NEW, PASS OLD, CONNECT, DISCONNECT, HANGUP, NOQUEUE, > COMMAND, cache, and DNSBL. Any others

Re: Veracode reported vulnerabilities

Here are the line numbers for the remaining two items: 1. Buffer overflow Sourcefile: dns_rr.c, Line: 129, Module: dnsblog 2. Buffer oevrflow Sourcefile: tls_scache.c, Line: 208, Module: smtpd Thanks, Mc. On Wed, Nov 16, 2016 at 9:40 PM, Mc Secuirty wrote: >

Re: Question about reject_unverified_recipient in smtpd_recipient_restrictions

I did another test. I changed the recipient restrictions to: smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination,

Re: Best place to filter spam (x-original-to, no_address_mappings)

On Nov 21, 2016, at 11:43 AM, MRob wrote: > On 2016-11-18 21:03, MRob wrote: >> Hello, >> I am looking at a system where SpamAssassin is called out from the >> delivery agent. I know there will be a difference here in terms of the >> envelope information but I'm not familiar

Re: Question about reject_unverified_recipient in smtpd_recipient_restrictions

Wietse, sorry, please bear with me here, but this is not easy to understand (given the complexity of all the settings). And I’m afraid to damage my mail in the sense that I start refusing legitimate mail. > On 21 Nov 2016, at 21:17, Wietse Venema wrote: > > Gerben

postscreen logging

I am wondering what the various possible types of events postscreen logs. I checked man postsreen(8) but it doesn’t seem to give them. I know there are PASS NEW, PASS OLD, CONNECT, DISCONNECT, HANGUP, NOQUEUE, COMMAND, cache, and DNSBL. Any others I am missing? Are these documented in some

Re: Question about reject_unverified_recipient in smtpd_recipient_restrictions

Gerben Wierda: > > > On 21 Nov 2016, at 17:33, Wietse Venema wrote: > > > > Gerben Wierda: > >> smtpd_recipient_restrictions = > >>permit_sasl_authenticated > >>permit_mynetworks > >>reject_unauth_destination > >>reject_unknown_recipient_domain > >>

Re: Best place to filter spam (x-original-to, no_address_mappings)

MRob: > Can anyone help with this please? Looks like this is not a common use case. Wietse

Re: Question about reject_unverified_recipient in smtpd_recipient_restrictions

> On 21 Nov 2016, at 17:33, Wietse Venema wrote: > > Gerben Wierda: >> smtpd_recipient_restrictions = >> permit_sasl_authenticated >> permit_mynetworks >> reject_unauth_destination >> reject_unknown_recipient_domain >> reject_unverified_recipient >

Re: Best place to filter spam (x-original-to, no_address_mappings)

Can anyone help with this please? On 2016-11-18 21:03, MRob wrote: Hello, I am looking at a system where SpamAssassin is called out from the delivery agent. I know there will be a difference here in terms of the envelope information but I'm not familiar enough to know the pitfalls of this

Re: Question about reject_unverified_recipient in smtpd_recipient_restrictions

Gerben Wierda: > smtpd_recipient_restrictions = > permit_sasl_authenticated > permit_mynetworks > reject_unauth_destination > reject_unknown_recipient_domain > reject_unverified_recipient You may want to look at these settings (defaults shown):

Question about reject_unverified_recipient in smtpd_recipient_restrictions

Hello, In my setup, I’m using the greylisting policy. Now, a spammer tries to send mail to a nonexistent address. But he still gets the greylisting temp failure sent: Nov 21 16:35:42 vanroodewierda.rna.nl postfix/smtpd[21832]: connect from unknown[186.1.16.66] Nov 21 16:35:43 vanroodewierda

Re: How to tell the userID that is failing authentication?

On 11/20/2016 01:39 PM, L. D. James wrote: Thanks for the detailed explanation. The "-v" argument works fine. Also, I'll study the SASL protocol for more details of it's usage. I used to see the failed usernames in the past. Don't know when it stopped. But this information is invaluable

apply canonical_maps only to some IP

Hello all, I'm currently trying to do some address rewriting on my Postfix 2.11.3 (precisely, to use the SRS protocol). The thing is, in order to use postSRSd for mail forwarding, I have to apply these parameters : $sender_canonical_maps $sender_canonical_classes $recipient_canonical_maps