Re: ISP open relay

On 13 Jan 2020, at 07:58, Jaroslaw Rafa wrote: > You were forced to use ports 587 or 465 for outgoing mail. Yes, that is a sensible ISP. -- And she was lying in the grass And she could hear the highway breathing And she could see a nearby factory She's making sure she is not d

Re: Multiple tables for check_sender_access

On 11 Jan 2020, at 02:25, azu...@pobox.sk wrote: > smtpd_sender_restrictions = > reject_non_fqdn_sender > check_sasl_access hash:/etc/postfix/sasl_access > check_sasl_access hash:/etc/postfix/sasl_access_2 > reject_sender_login_mismatch That should work just fine. What errors did you get?

Re: Mail rejected with 5.7.1 HDR9020 Date header is in the distant future

On 06 Jan 2020, at 13:18, Wietse Venema wrote: >> As my mail provider has told me they updated it to 2030, This is ridiculous. It is trivial to automate this by generating a header check dynamically based on the current UTC date, so doing this “by hand” and setting something up that allows an

Re: Postfix Maildir problems

On 28 Dec 2019, at 14:54, Richard Rasker wrote: > Everything went very smooth, and everything works (sending mail, receiving > mail, authentication, certificates, IMAP folders showing in the mail client > (Thunderbird)) -- except for the very last thing: received mail ends up in > /var/spool/ma

Re: Mail shows being queued, but not in queue

On 26 Dec 2019, at 09:18, LuKreme wrote: > postconf-n Sorry, `postconf -n` I was typing on my iPad and didn’t notice the lack of a space. This is what is in my postconf -n that seems most relevant to your situation: dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot virtual_tran

Re: DMARC usage opinion

On 17 Dec 2019, at 06:14, Roberto Carna wrote: > I have a Postfix server and I have SPF and DKIM TXT records in my DNS. > Everything works OK. Good. You might look into DNSSEC as well if you haven’;t done that. The setup is a bit tricky butane it’s setup it just works. > But now I want to impl

Re: config check

On 09 Dec 2019, at 13:54, Viktor Dukhovni wrote: > On Dec 9, 2019, at 3:38 PM, LuKreme wrote: >> The configuration as posted, and specifically the line I quoted directly >> above my comment, allowed unauthenticated traffic from anything on the LAN. >> This means random printers, IOT devices, an

Re: Postfix header_checks not working: Invalid preceding regular expression

On 09 Dec 2019, at 07:12, Simone Marchioni wrote: > I have a problem with Postfix. Recently we are receiving mail messages with > malformed "From:" headers as these: > > From: "Name Surname " > From: "u...@good-domain.com" There is nothing malformed about these headers. -- A closed mouth

Re: config check

> On 09 Dec 2019, at 00:17, Felix Rubio wrote: > > Allow unencrypted/unauthenticated users to submit mail from local > (127.0.0.x) connections There is no need for this, and it is dangerous. Just because a connection is local doesn’t mean it is trustworthy. >mynetworks = 127.0.0.0/24,

Re: Specific domain rejects address extensions

On 04 Dec 2019, at 09:52, Viktor Dukhovni wrote: >$ config_directory=$(postconf config_directory) >$ maps="proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf > hash:$config_directory/virtual" >$ postmap -q ama...@myvirtualdomain.tld $maps Aha! I was only checking virtual inste

Re: Specific domain rejects address extensions

On 03 Dec 2019, at 15:27, @lbutlr wrote: > I have several domains, all of which have addresses with address delimiters > in use. One domain is rejecting all addresses with address extensions in the > lmtpd stage (after passing in smtpd). # postconf -n alias_database = hash:$config_

Specific domain rejects address extensions

I have several domains, all of which have addresses with address delimiters in use. One domain is rejecting all addresses with address extensions in the lmtpd stage (after passing in smtpd). All the domains are in a single sql database and I do not see any differences in the sql definition for

Re: Recipient address rejected for recipient address in virtual

On 02 Dec 2019, at 06:43, @lbutlr wrote: > status=bounced (host mail.covisp.net[private/dovecot-lmtp] said: 550 5.1.1 > User doesn't exist: ama...@covisp.net (in reply to RCPT > TO command)) I was able to mitigate this be creating another entry in virtual ama...@covisp.

Re: Recipient address rejected for recipient address in virtual

On 02 Dec 2019, at 06:43, @lbutlr wrote: > status=bounced (host mail.covisp.net[private/dovecot-lmtp] said: 550 5.1.1 > User doesn't exist: ama...@covisp.net (in reply to RCPT > TO command)) I was able to mitigate this be creating another entry in virtual ama...@covisp.

Re: Recipient address rejected for recipient address in virtual

On 02 Dec 2019, at 09:47, Bill Cole wrote: > Have you considered doing as recommended at > http://www.postfix.org/DEBUG_README.html#mail to make it easier for us to > understand your issue? Logs, postconf output, postmap -q output, what am I missing? -- This above all, to thine own self be

Re: Recipient address rejected for recipient address in virtual

On 02 Dec 2019, at 09:53, Bill Cole wrote: > On 2 Dec 2019, at 8:43, @lbutlr wrote: >> One difference is that the one that is failing changes the targeted local >> domain amazon@localdomain to kreme+ama...@kreme.com, if that matters. > > Virtual mailbox domains and virt

Re: Recipient address rejected for recipient address in virtual

On 02 Dec 2019, at 05:21, @lbutlr wrote: > But when an email comes in to that address, I get Recipient address rejected: > unverified address: Address lookup failed; > > # postmap -q ama...@kreme.com hash:/etc/postfix/virtual > kreme+ama...@kreme.com I have disabled reject_unver

Re: Recipient address rejected for recipient address in virtual

> On 02 Dec 2019, at 05:26, Matus UHLAR - fantomas wrote: > > On 02.12.19 05:21, @lbutlr wrote: >> I have an email address listed in virtual in the form >> >> ama...@kreme.com. kreme+ama...@kreme.com > > it that a trailing dot? Autocorrecting two spaces

Recipient address rejected for recipient address in virtual

I have an email address listed in virtual in the form ama...@kreme.com. kreme+ama...@kreme.com But when an email comes in to that address, I get Recipient address rejected: unverified address: Address lookup failed; # postmap -q ama...@kreme.com hash:/etc/postfix/virtual kreme+ama...@kreme.com

Re: question on a SPF setting

On 27 Nov 2019, at 16:31, @lbutlr wrote: > On 27 Nov 2019, at 00:15, Wesley Peng wrote: >> -exists:%{ir}.spf.rambler.ru > > That expands to if the IP address (reverse check) plus /spf/rambler.ru exists… > > So, of you see a connection from 1.2.3.444 and 1.2.3.444.spf.rambl

Re: question on a SPF setting

On 27 Nov 2019, at 00:15, Wesley Peng wrote: > -exists:%{ir}.spf.rambler.ru That expands to if the IP address (reverse check) plus /spf/rambler.ru exists… So, of you see a connection from 1.2.3.444 and 1.2.3.444.spf.rambler.ru exists, pass the spf check. -- Fairy Tales are more than true; n

Re: Reject Chinese mail

On 26 Nov 2019, at 19:00, 황병희 wrote: >> How about moving to Gmail(Google Apps)? Gmail's spam defense is not bad, i >> think. >> >> I disagree. It often labels mailing list email as spam, [...] > > Personally i read public mailing lists' messages by Gmane. Ugh. Just about the only reason I stil

Pflogsummand nbzcat

Is there a simpler way to do this (since bzcat can’t cat a text file) 👹 # bzcat mail.log.* > /tmp/mail.combined && cat mail.log >> /tmp/mail.combined 👹 # pflogsumm /tmp/mail.combined --detail 15 -- I've got a sonic screwdriver! Yeah? I've got a chair! ... Chairs *are* useful.

Re: Sieve vacation and smtp_sasl_password_maps

> On 24 Nov 2019, at 03:42, Gianni Angelozzi wrote: > > In my system I have 10 users. Each user has his own upstream account on the > ISP. If you mentioned that before, I missed it. > When I authenticate the SMTP connection, my ISP will only allow that user to > send the mail. Like, if I u

Re: Sieve vacation and smtp_sasl_password_maps

On 23 Nov 2019, at 10:13, Gianni Angelozzi wrote: > Yes, I need smtp_sender_dependent_authentication because the upstream ISP > will only accept incoming mails from the authenticated user. That doesn’t imply a need for smtp_sender_dependent_authentication. That is needed, AIUI, when you have mu

Re: Reject Chinese mail

On 20 Nov 2019, at 21:51, merr...@fn.de wrote: > We did get a lot of spam messages from Chinese providers. We speak not > Chinese, do you think if it is possible to reject all mails from China? > Thanks This is what I do: In crontab for root: @reboot bash -c 'pfctl -t badguys -T add $(cat /usr

Re: reject mail if dns and rdns differ

> On 21 Nov 2019, at 17:06, Jaroslaw Rafa wrote: > > Dnia 21.11.2019 o godz. 23:50:15 Gregory Heytings pisze: >> And there are various techniques (for example connection >> rate limits, response delays, greylisting) that prevent you from >> "accepting all mail" and that have zero false positiv

Re: reject mail if dns and rdns differ

On 13 Nov 2019, at 02:30, Matus UHLAR - fantomas wrote: > On 12.11.19 17:01, Viktor Dukhovni wrote: >> The correct way to verify that would be to resolve the EHLO name to >> an address, NOT to resolve the address to a name. This would then >> find no anomalies with: >> >> Received: from ehl

Re: different message_size_limit per smtpd

On 20 Nov 2019, at 08:16, Wietse Venema wrote: > A. Schulze: >> My goal is to allow different message size on MX and submission. >> As message_size_limit is a cleanup option, this is my (non working) setup >> based on http://www.postfix.org/BUILTIN_FILTER_README.html#mx_submission > The SMTP daem

Re: block 'new style' TLDs ?

On 18 Nov 2019, at 06:04, Andrew Sullivan wrote: > At the same time, there are a _lot_ of anti-abuse techniques for mail that > don't rely on the broad hueristic of, "This TLD seems to suck,” and that > don't rely on establishing that rule as a permanent part of your > configuration. Yeah, but

Re: IP addresses in helo

On 18 Nov 2019, at 05:22, Gregory Heytings wrote: >> Is it safe (or mostly safe) to simply block attempts to deliver mail with a >> helo that is only an IP address? (I am talking about only on postfix/stmpd >> and obviously not on postfix/submit or related). >> > > No it is not, it's a RFC vio

IP addresses in helo

Is it safe (or mostly safe) to simply block attempts to deliver mail with a helo that is only an IP address? (I am talking about only on postfix/stmpd and obviously not on postfix/submit or related). I have about 50,000 NOQUEUE reject from "helo=<[193.32.160.151]>" over the last week, for examp

Re: lots of connections that make no sense

On 15 Nov 2019, at 03:21, Allen Coates wrote: > Disabling auth does not stop them from trying; I scan my logs for the string > "auth=0/1", and add the offending IP address to a blacklist - a do-it-yourself > fail2ban. Seems like a good idea. Something like this? pfctl -t badguys -T add $(grep

Re: Dictionary attacks

On 03 Nov 2019, at 11:03, lists wrote: > https://www.sshguard.net/ > This is a simpler alternative to fail2ban. It has hooks for postfix and > dovecot. Yep, that’s what I use. It doesn’t have all the options of Fail2Ban, but that’s fine, it does what I need most. (I have used fail2ban also) >

Re: Dictionary attacks

On 03 Nov 2019, at 06:06, Wietse Venema wrote: > Wietse Venema: >> John Schmerold: >>> What is the best way to protect against dictionary attacks in Postfix? >> >> Reportedly, fail2ban (no first-hand experience, because I have no >> SASL clients). > > Also, Postfix can rate-limit auth commands,

Re: Cannot sign with DKIM on same-server web and mail

On 01 Nov 2019, at 10:03, linkcheck wrote: > Jaroslaw Rafa wrote >> Dnia 31.10.2019 o godz. 12:16:56 linkcheck pisze: >> The best answer is to use spamassassin as a milter, not as a post-queue >> content filter as you have (and as I had). >> After I changed configuration to run spamassassin as mil

Re: postfix filter to encrypt incoming emails with public gpg key

On 27 Oct 2019, at 10:52, Fourhundred Thecat <400the...@gmx.ch> wrote: > On 27/10/2019 17.10, Wietse Venema wrote: >> Use the local(8) delivery agent. In your $HOME/.forward file, pipe >> the mail into a program that encrypts it with your public key, then >> writes the result to maildir. > > I am

Re: block 'new style' TLDs ?

On 24 Oct 2019, at 04:10, Fourhundred Thecat <400the...@gmx.ch> wrote: > On 24/10/2019 07.32, @lbutlr wrote: >> On 23 Oct 2019, at 15:20, lists wrote: >>> >>> /\.asia$/ 510 Denied: Unacceptable TLD .asia >> >> [Long list… removed] >> >&g

Re: block 'new style' TLDs ?

On 23 Oct 2019, at 15:20, lists wrote: > > /\.asia$/ 510 Denied: Unacceptable TLD .asia [Long list… removed] smtpd_helo_restrictions = reject_invalid_helo_hostname check_helo_access pcre:/etc/postfix/helo_checks.pcre permit /etc/postfix/helo_checks.pcre: /.*\.(com|net|org|edu|gov|ca|mx|de|

Re: Problem with new installation

On 23 Oct 2019, at 12:33, Steve Matzura wrote: > I change the DNS record for mail from A to CNAME Don’t do that. https://tools.ietf.org/html/rfc2181 The domain name used as the value of a NS resource record, or part of the value of a MX resource record must not be an alias. Not only is th

Re: base64 encoded emails

On 17 Oct 2019, at 08:35, Bill Cole wrote: > On 17 Oct 2019, at 7:51, @lbutlr wrote: >> Also., of course, some plaintext messages still have to be en=E2=85=BDoded= >> . >> >> Like this one. > > But not always in Base64. :) True, the sender rarely has an

Re: base64 encoded emails

On 17 Oct 2019, at 02:48, Fourhundred Thecat <400the...@gmx.ch> wrote: > I believe email should be plaintext. I don't like HTML emails either. If > somebody feels that his message needs fancy formatting, he should send > it as pdf attachment. But emails should stay plaintext. Have fun with that wi

Re: Postfix is not open relay but send spam

On Oct 15, 2019, at 5:22 AM, @lbutlr wrote: > There is no instance of permit_mynetworks in my main.cf not in my master.cf > file. There is no instance of permit_mynetworks in my main.cf *nor* in my master.cf file. -- 'It is always useful to face an enemy who is prepared to

Re: Postfix is not open relay but send spam

On Oct 15, 2019, at 1:27 AM, Julien Michaux wrote: > smtpd_helo_restrictions = > permit_mynetworks, > smtpd_recipient_restrictions = >permit_mynetworks, > smtp_sender_restrictions = >permit_mynetworks, > smtp_helo_restrictions = > permit_mynetworks, > smtp_recipient_restriction

Re: Correct tls settings

On Oct 11, 2019, at 7:21 AM, Gerard E. Seibert wrote: > I am running Postfix mail_version = 3.5-20190922, with OpenSSL 1.1.1d > on a FreeBSD 11 machine. I am just wondering what the recommended > settings are for the following items: > > smtp_tls_mandatory_protocols= > smtpd_tls_mandatory_protoc

Re: how to get statistics about inbout/outbound messages

On Oct 11, 2019, at 1:53 AM, Wesley Peng wrote: > As the subject stated, how can I get the statistics on the numbers of > inbout/outbound messages every day from Postfix? Install pflogsumm -- "You're an elf and you're going to wear panties like an elf.”

Blocking an address from submission mail

How would I go about blocking mail to a valid address if it is sent from a user on my postfix mail server. For example, let’s say I have supp...@example.com and that address is only for people outside to send mail to, so when a local user or a user in virtual. (Those users have to use submissio

Re: warning: hostname does not resolve to address

ve to > address ip: Name or service not known > > My question is, why are these logged with syslog priority warning/4? Ewhn I asked almost this exact question in August, I got the following from Wietse: @lbutlr: > Are logs like the following really worthy of a warning log level?

Re: Prevent sender address spoofing

On Sep 30, 2019, at 8:21 AM, Matus UHLAR - fantomas wrote: >> On Sep 30, 2019, at 5:29 AM, Matus UHLAR - fantomas >> wrote: >>> rarely someone notices they are different. > > On 30.09.19 08:05, @lbutlr wrote: >> And often there are perfectly legitimate

Re: Specifying certificates in master.cf

On Sep 30, 2019, at 7:53 AM, linkcheck wrote: > I have the following for smtp and submission… Seems like a lot. This is all I have, in main.cf: smtpd_tls_cert_file = /usr/local/etc/dehydrated/certs/covisp.net/fullchain.pem smtpd_tls_key_file = /usr/local/etc/dehydrated/certs/covisp.net/privkey.

Re: Prevent sender address spoofing

On Sep 30, 2019, at 5:29 AM, Matus UHLAR - fantomas wrote: > rarely someone notices they are different. And often there are perfectly legitimate reasons for them to be different. -- showing snuffy is when Sesame Street jumped the shark

Re: Prevent sender address spoofing

On Sep 29, 2019, at 6:52 PM, lists wrote: > Port 465 was deprecated for email. Port 465 is defined in RFC 8314 > Port 587 is the way to go. Either one works, and they are a little different. 587 uses STARTTLS to begin the encrypting and therefore require

Re: Prevent sender address spoofing

On Sep 27, 2019, at 9:33 AM, Hugo Florentino wrote: > This is one thing I was hopping to avoid, because I intended to enable > authenticated access to port 25 through STARTTLS so that clients who > use portable devices can check mail wherever they are withough having > to change ports constantly.

Re: dovecot lmtp and virtual_mailbox_maps

On Sep 26, 2019, at 1:29 PM, David Wells - Alfavinil S.A. wrote: > and as dovecot has the option "allow_all_users=yes” Simple, don’t do that. Somewhere in your chain something has to validate the users, otherwise yes, everything will be accepted because that is what you told the system to do.

Re: How to block mail coming from a domain

On Sep 26, 2019, at 4:01 AM, Dominic Raferd wrote: > Of course this assumes pcre (or maybe regex) file. To ensure it picks > up only email addresses in From header (and not text), then, using > pcre file for header_checks: No, you do the checks for the helo, not the From: header. The idea is to

Re: Suggestions for less spam

On Sep 22, 2019, at 9:59 AM, Dominic Raferd wrote: > I think it is inadvisable to use reject_unknown_client_hostname Yes, you will lose legitimate mail with this, but in my limited experience it is all junk (marketing mail, remailer services, and the like; not technically spam), and a lot of sp

Re: Question getting Mail.app working with PostFix SMTP

On Sep 22, 2019, at 12:41 AM, Daniel Miller wrote: > Generally such an attitude, while understandable and often shared, is > generally going to be met with a response that administering a mail server is > not a part-time job and if you're not "qualified" then you should hire > someone who is. I

Re: Question getting Mail.app working with PostFix SMTP

On Sep 21, 2019, at 10:32 PM, Viktor Dukhovni wrote: > Most likely because it sees no SASL support announced. Perhaps it is > connecting > to port 25 and not 587. You should consider (if not the case already) adding: > > -o syslog_name=postfix/submission This is what I have own master.

Re: Error 46 with TLS

On Sep 21, 2019, at 12:17 PM, Dominic Raferd wrote: > smtpd_tls_cert_file = /etc/letsencrypt/live/streamingbats.co.uk/fullchain.pem > smtpd_tls_key_file = /etc/letsencrypt/live/streamingbats.co.uk/privkey.pem > > Should I be setting any other parameters? That works here. -- "You never really

Re: Refuse mail from hosts with closed port 25

On Sep 16, 2019, at 7:17 AM, Paul van der Vlis wrote: > I guess only the big providers will have different servers for inbound and > outbound email, and you can make a list of them. No, lots and lots of servers will have these services separated. -- Today the road all runners come/Shoulder

Re: Postfix: Variable meanings table

On 6 Sep 2019, at 09:30, Phil Stracchino wrote: > Can anyone by chance point me to any documentation that explains how to do > this? Not off hand, but what you are looking for on google is: fail2ban "action.d” (the quotes will force google to return results with action.d) In fact, if you look

Re: Make postfix reject 8bit (non ASCII) 'mail from' address

On 3 Sep 2019, at 07:33, Viktor Dukhovni wrote: > You can use "check_sender_access" in combination with a PCRE table: > > /[^[:ascii:]]/ REJECT 5.1.7 Malformed sender address That error message is wrong though. -- Always be sincere, even if you don't mean it.

Re: about MTA's 4xx response code

On 28 Aug 2019, at 21:06, Doug Hardie wrote: > Greylisting used to be a very effective approach to spam blocking. Only if you were very careful monitor your system for the many many corporate sanders where greylist was the effective equivalent of a blacklist (those that did not retry in violat

Adding DKIM and DMARC

When adding DMARC and DKIM do I only need to add it to the domain that is hosting the mail server (MX)? For example, if mail.example.com is defined as the MX for example.com and example.net, do I need to add the DMARC/DKIM records to example.net’s DNS as well? -- Death was familiar with the

Wirthy of a warning?

Are logs like the following really worthy of a warning log level? postfix/submit/smtpd[84385]: warning: hostname zg-0301e-69.stretchoid.com does not resolve to address 107.170.200.25: hostname nor servname provided, or not known postfix/smtps/smtpd[96068]: warning: hostname 189-91-4-216.dvl-wr.

Domain cannot be found?

Aug 14 09:25:41 mail postfix/smtpd[44179]: NOQUEUE: reject: RCPT from unknown[198.241.168.120]: 550 5.7.25 Client host rejected: cannot find your hostname, [198.241.168.120]; from=<*munged*@*mybak*> to= proto=ESMTP helo= 👹 root@mail # dig cportal3.visa.com +short

Re: check IP before permit_sasl_authenticated

On 13 Aug 19, at 09:19 , Scott Techlist wrote: > I'd like to block certain IP's from attempting to authenticate on my > submission port. You cannot prevent them from attempting to authenticate, at least not via postfix. You would need to firewall them or do something in hosts.allow for that.

Re: SPF failure

On 15 Jul 2019, at 13:44, Phil Stracchino wrote: > > On 7/15/19 3:29 PM, Bill Cole wrote: >> On 15 Jul 2019, at 14:02, Phil Stracchino wrote: >>> And here's the log of the last failure: >> >> [...] >>> Jul 15 13:49:11 minbar policyd-spf[25139]: Starting >>> Jul 15 13:49:11 minbar policyd-spf[251

Re: postfix error in spf

On 14 Jul 2019, at 20:49, Viktor Dukhovni wrote: > On Sun, Jul 14, 2019 at 07:51:11PM -0600, @lbutlr wrote: >>-o smtpd_milters= >>-o milter_connect_macros= >>-o milter_macro_daemon_name=ORIGINATING >> >> That is likely where you are going to run int

Re: postfix error in spf

> On 14 Jul 2019, at 17:25, David Mehler wrote: > > Hello Viktor, > > Thanks for your reply. Is my configuration overdoing it? > > Here's my submission snipet: > submission inet n - n - - smtpd > -o syslog_name=postfix/submission > -o smtpd_tls_security_level=en

Re: Spoofing Emails to My Own Domain

On 9 Jul 2019, at 10:25, bilal.ah...@kfueit.edu.pk wrote: > I am facing a problem that someone is spoofing my domain address and sending > emails to my own domain users. Why are you accepting remote mail claiming to come from your server? -- Everything you read on the Internet is false -- Gl

Re: Ownership question

On 4 Jul 2019, at 06:46, Rich Shepard wrote: > On Thu, 4 Jul 2019, @lbutlr wrote: > >> Slackware issue? > > Likely not. I've used the same build script for years. Well, something has changed and it is not the permissions that postfix expects on the folder. If it ca

Re: Ownership question

On 3 Jul 2019, at 17:23, Rich Shepard wrote: > Currently running 3.4.5 on Slackware-14.2. After each upgrade I run 'postfix > set-permissions upgrade-configuration' then adjust ownerships as needed. > > When I upgraded to 3.4.5 last weekend I found that when /var/spool/postfix > has owner.group o

Re: mbox format?

On Jun 28, 2019, at 6:39 AM, Andrey Repin wrote: > Greetings, @lbutlr! > >>> Guess why I'm using Maildir? > >> Because mbox was designed for a tens of Kilobytes of email? > > I have doubts it was at all designed. More like thrown together for the sake >

Re: Rejecting mail based on a Milter results

On Jun 28, 2019, at 6:42 AM, Matus UHLAR - fantomas wrote: > On 28.06.19 06:01, @lbutlr wrote: >> root 23945 0.0 0.3 31560 10908 - Ss Sun14 0:14.52 >> /usr/local/sbin/spamass-milter -f -p /var/run/spamass-milter.sock -u spamd >> -e -i 65.121.55.40/

Re: mbox format?

On Jun 28, 2019, at 5:28 AM, Andrey Repin wrote: > Guess why I'm using Maildir? Because mbox was designed for a tens of Kilobytes of email? -- What's another word for Thesaurus?

Re: Rejecting mail based on a Milter results

On Jun 28, 2019, at 2:22 AM, Matus UHLAR - fantomas wrote: > On 27.06.19 11:57, @lbutlr wrote: >> Possibly it is an 11.2 issue then. > > check sa-milter RC script. doesn't it redefine reject score on commandline > somewhere? It does, it just doesn’t actually reject

Re: Rejecting mail based on a Milter results

> On Jun 27, 2019, at 12:38 AM, post...@aptget.dk wrote: > > Wed, 26 Jun 2019 20:23:44 -0600 skrev "@lbutlr" : > >> The spamass-milter is not rejecting mail that scores above the number set in >> the -r flag for the milter (confirmed by other people

Rejecting mail based on a Milter results

The spamass-milter is not rejecting mail that scores above the number set in the -r flag for the milter (confirmed by other people this is a bug in spamass-milter). Is there something I can do in postfix to reject mails that the Milter logs like: spamd: result: Y 18 Where “18” is a something

Re: Receiving mail from a host without a valid rDNS

On 24 Jun 2019, at 18:51, @lbutlr wrote: > On 24 Jun 2019, at 08:56, Wietse Venema wrote: >> elete reject_unknown_client_hostname, or add >> >> check_client_access inline:{1.2.3.4:ok} > > Thank you. A note that I just noticed while making sure all was workin

Re: Receiving mail from a host without a valid rDNS

On 24 Jun 2019, at 08:56, Wietse Venema wrote: > elete reject_unknown_client_hostname, or add > >check_client_access inline:{1.2.3.4:ok} Thank you. -- Belief is one of the most powerful organic forces in the multiverse. It may not be able to move mountains, exactly. But it can create some

Receiving mail from a host without a valid rDNS

I have a mail host that I want to receive mail from that dies not have a valid rDNS (it recently moved and their ISP is comcast and it seems to be taking a stupidly long time). Anyway, I first tried this: check_sender_access pcre:$config_directory/sender_access.pcre /@name.of.host/ OK This

Re: Header change

On Jun 17, 2019, at 12:07 PM, Wietse Venema wrote: > @lbutlr: >> Received: from darth.lan (c-73-14.161.160.hsd1.co.comcast.net = >> [73.14.161.160]) >> by mail.covisp.net(Postfix 3.4.5/8.13.0) with SMTP id unknown; >> Sun, 16 Jun 2019 15:26:32 -0600 >>

Header change

Switching to dovecot LMTP appears to have changed the information in the received header: Here’s what the received header used to look like: Received: from [10.0.5.3] (c-71-229-144-93.hsd1.co.comcast.net [71.229.144.93]) by mail.covisp.net (Postfix) with ESMTPS id B67B8118AD59 fo

smtpd_reipient_restrictions

Since I have moved all local users to virtual users and switched dovecot to lmtp from lda, I was able to add reject_unverified_recipient to my restrictions, and it occurred to me maybe some of the other restrictions could be eliminated. Do reject_non_fqdn_recipient, reject_unauth_destinatio

Re: authenticate o365 users with postfix without smtp auth

On 16 Jun2019, at 12:05, Bill Cole wrote: > But they do. Wild. > As the OP says, they support an outbound "smarthost" connector, Not a term I’ve heard before. > This is not such an unusual requirement. I have worked with multiple > businesses whose regulatory compliance relies on having all

Re: authenticate o365 users with postfix without smtp auth

On 16 Jun2019, at 10:48, Stefan Bauer wrote: > our users send/receive via o365. That’s not what you said. You said "some of our users use o365 but would like to use our service for outgoing mails.” > the last mile o365->recipient should go through our service like > o365->postfix->recipient I

Re: authenticate o365 users with postfix without smtp auth

On 16 Jun2019, at 09:46, Stefan Bauer wrote: > some of our users use o365 but would like to use our service for outgoing > mails. we are offering smtp sending services. integrating our service in o365 > is tricky, as one can only specify a smarthost but microsoft does not offer > any kind of au

Re: 'SERVFAIL' error on DNS 'TXT' lookup

On 14 Jun2019, at 07:24, klirstr wrote: > host smtp.customerdomain.com[customer-mx-server-ip] said: 450 4.7.1 > : Recipient address rejected: > SPF-Result=smtp.mydomain.com: 'SERVFAIL' error on DNS 'TXT' lookup of > 'smtp.mydomain.com' (in reply to RCPT TO command)) >

Re: Virtual users and local users in the same domain?

On 12 Jun2019, at 11:17, @lbutlr wrote: > There thread is about moving ONE of the local accounts into MySQL virtual > maps. I decided to punt and just move all the accounts at once. My annoyance overrode my paranoia for once! -- I've never seen religious faith move mountains, bu

Re: Virtual users and local users in the same domain?

On 12 Jun2019, at 08:39, Benny Pedersen wrote: > @lbutlr skrev den 2019-06-12 15:20: > >> Now I am getting postfix/trivial-rewrite: warning: do not list domain >> example.com in BOTH mydestination and virtual_mailbox_domains > > +1 > >> Can I have mydestinat

Re: Virtual users and local users in the same domain?

On Jun 11, 2019, at 5:51 AM, @lbutlr wrote: > Is the answer different if the goal is to move ALL local users* to virtual > maps in the near future? My plan is to start with one, see that it all works, > then move the rest of the users (only a dozen or so, in total). At that >

Re: Postfix audit

On Jun 11, 2019, at 8:30 AM, @lbutlr wrote: > Maybe 'relay=.*\]:25’? Looking at my logs it looks like '\]:25:’ is enough. -- ...but the senator, while insisting he was not intoxicated, could not explain his nudity.

Re: Postfix audit

On Jun 11, 2019, at 7:55 AM, Rafael Azevedo wrote: > Is there anyway to log the MTA to MTA transactions one per file? You can use rsyslog to log based on the queueid? But queueid could not be a single line. With rsyslog the trick is to find something unique in the log lines you want. Maybe 're

Virtual users and local users in the same domain?

Given that I have two users, lo...@example.com and s...@example.com who are currently both local users and given that mydomain=example.com, is it possible to configure postfix such that one of them is in the mysql database and one is still local? It appears that once I add a domain to the mysql

Re: Mail Delivery Status report

On Jun 7, 2019, at 4:41 AM, @lbutlr wrote: > On Jun 7, 2019, at 1:22 AM, Matus UHLAR - fantomas wrote: >> so possibly the "-x" option for spamass-milter is not a good idea with >> postfix. > > Ok, now that is something too check. Took out the -x and restarted and

Re: Mail Delivery Status report

On Jun 7, 2019, at 1:22 AM, Matus UHLAR - fantomas wrote: > so possibly the "-x" option for spamass-milter is not a good idea with > postfix. Ok, now that is something too check. Took out the -x and restarted and we’ll see how that goes.

Re: Mail Delivery Status report

On Jun 6, 2019, at 12:40 PM, Viktor Dukhovni wrote: > This is unequivocal evidence of use of "sendmail -bv". You're reporting > non-use of "sendmail -v", but "-bv" != "-v". Perhaps you have a content > filter that is misconfigured to use "sendmail -bv". As I have said twice now, there is no ins

Re: Mail Delivery Status report

On May 31, 2019, at 1:52 AM, Bastian Blank wrote: > On Fri, May 31, 2019 at 01:29:11AM -0600, @lbutlr wrote: >> mail postfix/pipe[78386]: 45FZmb6nfgzdrvL: >> to=>, relay=dovecot, delay=0.03, >> delays=0.01/0.01/0/0.01, dsn=2.0.0, status=deliverable (delivers to command

SMTPS Submission

Just want a quick sanity check on enabling smts in master.cf: smtps inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes -o syslog_name=submit/smtps -o smtpd_sasl_type=dovecot -o smtpd_sasl_security_options=noanonymous -o s

<    1   2   3   4   5   6   7   >