Hi,
It turned out during an investigation that our postfix servers don't
provide a queue id for the external clients when accepting a new email.
However the very same servers do provide queue id for internal mail servers.
Is there a specific configuration option to provide the queue id und
On Mon, Feb 08, 2021 at 03:47:27PM -0500, Alex wrote:
> I still have to consider much of what you've written before I can
> respond, but I wanted to be sure my design was clear here - it's not
> so much that end-users are modifying the config in the same way as
> webmin does, like making changes d
On Mon, 8 Feb 2021, Alex wrote:
> I still have to consider much of what you've written before I can
> respond, but I wanted to be sure my design was clear here - it's not so
> much that end-users are modifying the config in the same way as webmin
> does, like making changes directly to main.cf,
Alex wrote:
> it's not so much that end-users are modifying the config in the same
> way as webmin does, like making changes directly to main.cf, but
> type in the name of a new domain to be added to relay_domains, for
> example. The script then then modifies main.cf to apply that change.
In that
> > Perhaps passwordless sudo with the explicit ability to act on these
> > files and reload/restart postfix? Is it okay to create a backup
> > directory in /etc/postfix that's owned by this script user?
>
> I wonder what changes you need to make so frequently. Whatever they are, stop
> and recons
Marek Kozlowski wrote:
> My system is not overloaded and - in many aspects quite typical one.
Great! I believe you. But then there was absolutely no reason to
double a limit that would never have been hit. If the system is not
overloaded the the initial fork() will always succeed and there will
Thanks, Noel! Your comments are helpful indeed.
пн, 8 февр. 2021 г. в 22:37, Noel Jones :
>
> On 2/8/2021 11:45 AM, Eugene Podshivalov wrote:
> > Thanks for the explanation, Wietse.
> >
> > Probably the issue is just with the logging levels.
> > My current configuration already has
> >
> > sm
On 2/8/2021 11:45 AM, Eugene Podshivalov wrote:
Thanks for the explanation, Wietse.
Probably the issue is just with the logging levels.
My current configuration already has
smtpd_client_restrictions=reject_unknown_client_hostname
and the log file is flooded with message like this
co
Eugene Podshivalov:
> Thanks for the explanation, Wietse.
>
> Probably the issue is just with the logging levels.
> My current configuration already has
>
> > smtpd_client_restrictions=reject_unknown_client_hostname
>
> and the log file is flooded with message like this
>
> > connect from unkno
On 9/02/21 2:48 am, maciejm wrote:
Hello
What I must set to enable "postscreen" ?
I ask because I must use "-o
receive_override_options=no_address_mappings" in master.cf
smtp inet n - y - 100 smtpd
-o receive_override_options=no_address_mappings
...
prox
On 08.02.21 14:48, maciejm wrote:
What I must set to enable "postscreen" ?
On 08.02.2021 14:50, Matus UHLAR - fantomas wrote:
it's described on:
http://www.postfix.org/POSTSCREEN_README.html
I ask because I must use "-o
receive_override_options=no_address_mappings" in master.cf
no, you
On 8/2/2021 1:38 μ.μ., Matus UHLAR - fantomas wrote:
that's not how milter works, unless you instructed amavisd-milter to
deliver mail by server via "-D server" option.
The default is "-D client", which means, amavisd instructs postfix what
to do with the mail - reject/quarantine/pass it, add/r
Thanks for the explanation, Wietse.
Probably the issue is just with the logging levels.
My current configuration already has
> smtpd_client_restrictions=reject_unknown_client_hostname
and the log file is flooded with message like this
> connect from unknown[ x.x.x.x]
> NOQUEUE: reject: CONNECT
On 08 Feb 2021, at 09:44, Michael Ströder wrote:
> On 2/8/21 2:28 PM, @lbutlr wrote:
>> Use a tool like Webmin¹.
>
> IIRC webmin has a long history of security issues.
They all do.
>> It is, in my opinion a very very bad idea,
>
> I don't understand why you recommend something you consider a b
On 2/8/21 2:28 PM, @lbutlr wrote:
> Use a tool like Webmin¹.
IIRC webmin has a long history of security issues.
> It is, in my opinion a very very bad idea,
I don't understand why you recommend something you consider a bad idea.
> For user management, including admin access to hosted
> domains,
Eugene Podshivalov:
> Have read through the postscreen documentation closely and got it setup and
> running already, but could not find the three major possibilities provided
> by the tcp wrappers:
> 1. block by hostname
> 2. block clients with unknown hostname
> 3. block clients with invalid addre
El lun., 8 de febrero de 2021 10:20, Matus UHLAR - fantomas <
uh...@fantomas.sk> escribió:
> On 31.01.21 09:56, Daniel Armando Rodriguez wrote:
> >Indeed, it was running chrooted but resolv.conf has the same content
>
> >=== # postconf -nf
> >smtp_tls_protocols = TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2,
Do you mean with the help of reject_unknown_client_hostname
and check_sender_access params?
пн, 8 февр. 2021 г. в 16:37, Matus UHLAR - fantomas :
> On 08.02.21 16:27, Eugene Podshivalov wrote:
> >Have read through the postscreen documentation closely and got it setup
> and
> >running already, but
On 8/2/2021 1:38 μ.μ., Matus UHLAR - fantomas wrote:
that's not how milter works, unless you instructed amavisd-milter to
deliver
mail by server via "-D server" option.
The default is "-D client", which means, amavisd instructs postfix
what to
do with the mail - reject/quarantine/pass it, add
On 08.02.2021 14:50, Matus UHLAR - fantomas wrote:
> On 08.02.21 14:48, maciejm wrote:
>> What I must set to enable "postscreen" ?
>
> it's described on:
> http://www.postfix.org/POSTSCREEN_README.html
>
>> I ask because I must use "-o
>> receive_override_options=no_address_mappings" in master.cf
>
On 08.02.21 14:48, maciejm wrote:
What I must set to enable "postscreen" ?
it's described on:
http://www.postfix.org/POSTSCREEN_README.html
I ask because I must use "-o
receive_override_options=no_address_mappings" in master.cf
no, you usually don't have to do this, it should usually be use
Hello
What I must set to enable "postscreen" ?
I ask because I must use "-o
receive_override_options=no_address_mappings" in master.cf
smtp inet n - y - 100 smtpd
-o receive_override_options=no_address_mappings
...
proxymap unix - - n -
On 08.02.21 16:27, Eugene Podshivalov wrote:
Have read through the postscreen documentation closely and got it setup and
running already, but could not find the three major possibilities provided
by the tcp wrappers:
1. block by hostname
2. block clients with unknown hostname
3. block clients wit
On 07 Feb 2021, at 08:54, Alex wrote:
> I'm working on a front-end to modify our main.cf and other config
> files, such as the transport and relay_recips file and want to be sure
> I'm doing it securely.
Use a tool like Webmin¹. It is, in my opinion a very very bad idea, but the way
to do this
Have read through the postscreen documentation closely and got it setup and
running already, but could not find the three major possibilities provided
by the tcp wrappers:
1. block by hostname
2. block clients with unknown hostname
3. block clients with invalid address<->name mapping
The last two
On 31.01.21 09:56, Daniel Armando Rodriguez wrote:
Indeed, it was running chrooted but resolv.conf has the same content
=== # postconf -nf
smtp_tls_protocols = TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3
this is superflous and not a good idea. Many servers support TLS1.0 max.
!SSLv2, !SSLv3 sh
On 08.02.21 12:47, Nikolaos Milas wrote:
We have a mail gateway server (for incoming email) with postfix 3.5.8,
amavisd, clamd on CentOS 8.3.2011.
Postfix sends incoming mail to amavisd via (in main.cf):
smtpd_milters =
unix:/run/amavisd/amavisd-milter.sock
After checking, amavis
Hello,
We have a mail gateway server (for incoming email) with postfix 3.5.8,
amavisd, clamd on CentOS 8.3.2011.
Postfix sends incoming mail to amavisd via (in main.cf):
smtpd_milters =
unix:/run/amavisd/amavisd-milter.sock
After checking, amavisd delivers mail directly using
:-)
On 2/7/21 11:29 PM, Bob Proulx wrote:
Marek Kozlowski wrote:
No, such configurable limits are great. My question was different. I suppose
that many many years ago, many versions ago I had some problem with this
server and I tried to solve it or apply a quick fix by incrementing the
limit. U
I'm new to postscreen and it's what I was looking for. Thanks a lot for the
answers!
пн, 8 февр. 2021 г. в 11:22, Dominic Raferd :
> On 08/02/2021 08:04, Eugene Podshivalov wrote:
> > There are a bunch of spiders and spammers nowadays which are knocking
> > the service every hour or so every day.
On 08/02/2021 08:04, Eugene Podshivalov wrote:
There are a bunch of spiders and spammers nowadays which are knocking
the service every hour or so every day. Postfix has a really powerful
access control system to protect itself but it becomes a bit hard to
read the log file flooded by the connec
There are a bunch of spiders and spammers nowadays which are knocking the
service every hour or so every day. Postfix has a really powerful access
control system to protect itself but it becomes a bit hard to read the log
file flooded by the connection attempts. I'm currently trying to filter
those
32 matches
Mail list logo
