[pfx] Re: Which DKIM application for postfix 3.9.0

Am 07.03.24 um 23:06 schrieb postfix--- via Postfix-users: I have done some research and opendkim is the most recommended, however, other research states the opendkim has been abandoned by it's maintainers. well, long story. yes, it //seem// to be abandoned, but you may use it on

[pfx] Re: Postfix stopped logging lines with sender IP addresses after upgrade

Am 02.01.24 um 20:44 schrieb Vince Heuser via Postfix-users: smtp   inet  n   -   y   -   -   smtpd Hi, the smtp server run chroot. You need to configure syslog to listen on /path/to/postfix-chroot/dev/log (usually /var/spool/postfix/dev/log) Andreas

[pfx] Value of client certificates, was: Re: Re: [ext] list.sys4.de fails with starttls

Am 25.09.23 um 22:11 schrieb Viktor Dukhovni via Postfix-users: ... So, unfortunate as it may seem, they just increase opportunities for failure, without adding anything by way of security. ... Client certificates serve no purpose unless the server requests them and knows what to do with them.

[pfx] surprise with strict_mime_encoding_domain

Hello, an SMTP Server with strict_mime_encoding_domain=yes blocked some messages (which was ... unexpected) # postconf mail_version mail_version = 3.7.4 # postconf -n alias_maps = maillog_file = /dev/stdout smtpd_recipient_restrictions = defer strict_mime_encoding_domain = yes # postconf -M

[P-U] OpenDMARC crash, was: Re: Postfix lists are migrating to a new list server

Am 07.03.23 um 20:37 schrieb postfix--- via Postfix-users: OpenDMARC is segfaulting. That's what 'signal 11' means. Postfix fails to get an answer to its end-of-body milter call because of the segfault closing the other end of that socket. That failure results in Postfix sending a 4xx to

Re: dig reports NXDOMAIN but Postfix thinks otherwiese

Am 06.12.22 um 19:06 schrieb Fred Morris: This is a good use for DNS Response Policy Zones (RPZ) to prevent leakage, as well as an illustration of why doing some broad brush statistical monitoring of DNS traffic is a useful practice. it's easier to consequent avoid 'search' in

Re: DMARC in postfix ?

Am 13.04.22 um 05:31 schrieb John Levine: > For doing DMARC validation, I know about the opendmarc milter. Is that what > everyone uses? Is there anything else used in pratice? Hello John, rspamd handle DMARC as well. But it's also a milter. This is intentional: Wietse /

strict_7bit_headers, strict_8bitmime and strict_8bitmime_body

Hello, the documentation say for these settings: > This feature should not be enabled on a general purpose mail server, because > it is likely to reject legitimate email Is it possible to activate a kind of log only mode similar to "warn_if_reject"? That would allow administrators to know,

Re: logging from scripts executed by pipe

Wietse Venema: A. Schulze: Is there a recommended/any way to log messages from a script via postfix? Not at this time. Making the postlog command setgid requires a security analysis and that may require some code restructuring before this can be done without opening up a security hole

logging from scripts executed by pipe

Hello, I've to rebuild a service: messages to an address are delivered via postfix pipe to a script. This script use syslog to write it's messages. That worked well for years. Now, postfix run in a different way, supervised via "postfix start-fg" (docker) Essentially the is no syslogd. My idea

Re: Mail server without MX record.

Am 13.10.20 um 14:09 schrieb Jason Long: > I want to know can I use it without MX record? A records are used by default if no MX is available That's nothing postfix specific - it's an RFC requirement for any MTA Andreas

debugging strategy

Hello, I operate a postfix server + some milters. Some messages running over this MTA generate some trouble on the receiver side. I nailed down the problem to be the content, I receive from the client. It's an application I personally don't control. To Debug the problem, I must ask an other

Re: Cannot assign requested address -- with "inet_protocol = ipv4" in main.cf

Am 25.06.20 um 20:58 schrieb Greg Sims: > I set "inet_protocol = ipv4" in main.cf . postconf inet_protocol postconf: warning: inet_protocol: unknown parameter postconf inet_protocols ? Andreas

Re: Postfix restrictions

Am 07.06.20 um 14:38 schrieb yuv: > Is there a valid reason for a sender not to fix something so essential > as DNS configuration? no valid reason but reality. There are so many sendings hosts named "foobar.local". Via NAT they are visible with a public IP and a perfect DNS. But this hosts

Re: Postfix restrictions

Am 07.06.20 um 11:51 schrieb Nicolas Kovacs: using "reject_unknown_helo_hostname" may trigger some false positives. Not every sender have such perfect setups. You may use "warn_if_reject reject_unknown_helo_hostname" for some time and check if loosing such traffic is acceptable for you.

Re: Are there plans for a buld-in support of REDIS-tables?

Am 09.01.20 um 17:12 schrieb kris_h: > We distribute the more dynamic tables - e.g. cidr-tables with self-harvested > current spammer's IPs - actually by simply distributing those files with > rsync. we use an rbldnsd to build and serve an internal zone with similar data. Usual DNS lookups are

MDB_MAP_FULL: Environment mapsize limit reached

Hello, running postfix-3.4.7 on Debian 10 I found the following warning in my logs: postfix/tlsmgr[705]: warning: lmdb:/var/lib/postfix/smtp_tls_session_cache is unavailable. open database /var/lib/postfix/smtp_tls_session_cache.lmdb: MDB_MAP_FULL: Environment mapsize limit reached on

Re: different message_size_limit per smtpd (solved)

Am 20.11.19 um 17:57 schrieb @lbutlr: >> The SMTP daemon also enforces the message size limit independently. >> You can therefore specify different limits on the submission and >> port25 services. >> >> However, those limits cannot be larger than the limit that is >> enforced by the cleanup

different message_size_limit per smtpd

Hello, My goal is to allow different message size on MX and submission. As message_size_limit is a cleanup option, this is my (non working) setup based on http://www.postfix.org/BUILTIN_FILTER_README.html#mx_submission main.cf message_size_limit = 512 master.cf # define a

Re: may we suggest ICANN not run that many new tlds?

Am 19.11.19 um 10:58 schrieb Merrick: > may we suggest ICANN not open a new TLD anymore? yes, you can: https://www.icann.org/public-comments

Re: postfix startup sequence

Am 12.11.19 um 03:52 schrieb Fourhundred Thecat: > /usr/sbin/postfix quiet-quick-start this is Debian specific https://sources.debian.org/src/postfix/3.4.5-1/debian/patches/09_quiet_startup.diff/ You've to ask on a Debian list because - Wietse already noted - it's unsupported Andreas

build in EDH parameters

Hello Developers, postfix comes - like many other software - with build in DH Parameter (file: src/tls/tls_dh.c) The documentation also suggest one may want to generate own DH parameters. (http://www.postfix.org/FORWARD_SECRECY_README.html#quick-start) Is that still the best solution? RFC 7919

Re: "SPF no-mail record" clashing with reject_unknown_recipient_domain

Ehlers, Y.W. (Ydo): There is no MX record, there is no A record, so mail can not be delivered. And Microsoft tops it off by explicitely claiming no e-mail will be send from this domain for the record: one like to use RFC 7505 to express "this domain don't send / receive email" adding an

Re: Respecting MTA-STS

Am 11.10.19 um 18:10 schrieb Viktor Dukhovni: > So likely at this point it is safe to conclude that sending SNI is > unlikely to cause problems. Your mileage may vary. Hi, that Gmail enabled SNI on their SMTP client is an indicator that using SNI may not cause relevant trouble. But it's

Re: Respecting MTA-STS

micah anderson: If we want to try and respect MTA-STS, when doing STARTTLS, the sender needs to send the right information in the TLS SNI (Server Name Inidication) extension. An MTA-STS-honoring SMTP client expects to validate the X.509 certificate of the receiving MTA, but that MTA might be

Re: PATCH: tlsproxy failed / flooded log (WORKS)

Am 06.09.19 um 20:50 schrieb A. Schulze: > Hopefully I could report "works well" some days later. Hello, The patched version run here on some production server for a week without issues. So here is the promised "works well" :-) Andreas

Re: PATCH: tlsproxy failed / flooded log

Am 06.09.19 um 18:30 schrieb Wietse Venema: > To enable SMTP/TLS connection reuse on a running system: > > postconf smtp_tls_connection_reuse=yes > postfix reload > > To disable SMTP/TLS connection reuse on a running system: > > postconf smtp_tls_connection_reuse=no > postfix

Re: tlsproxy failed / flooded log

Am 06.09.19 um 14:24 schrieb Wietse Venema: Hello Wietse! > Any particular Postfix and OpenSSL version? postfix-3.4.6 openssl-1.1.1c > Does setting tls_fast_shutdown_enable (or tls_fast_shutdown) > make a difference? I could set tls_fast_shutdown = no and try again. Unfortunately that mean I

tlsproxy failed / flooded log

Hello, today I enabled smtp_tls_connection_reuse on some production server. after approx. an hour and ~70 reused SMTP connections, tlsproxy on two machines logged this: ... Sep 6 09:03:52 idvmailout03 postfix/tlsproxy[18637]: DISCONNECT [213.23.92.204]:25 Sep 6 09:03:59 idvmailout03

Re: CAfile problem with OpenSSL-1.1.1c

Christian Rößner: Hello Christian, By changing *_CAfile parameters to *_CApath, everything started working again. nothing specific to your OpenSSL version but: do you run postfix chroot? from http://www.postfix.org/postconf.5.html#smtpd_tls_CApath: "To use smtpd_tls_CApath in chroot

Re: Is it possible to run postfix in a container (e.g. docker, red-hot)?

Am 07.08.19 um 09:32 schrieb Gerben Wierda: > Is it possible to run postfix in a container (e.g. docker, red-hot)? Yes, since postfix-3.4 you could start postfix with "postfix start-fg" If you also set "maillog_file = /dev/stdout" in main.cf, any log will go to stdout which is the preferred

Re: Greylisting -- current recommendations?

Am 23.06.19 um 16:57 schrieb Matus UHLAR - fantomas: > On 22.06.19 14:43, A. Schulze wrote: >> I'm still using greylisting with moderate effects. It catches some percent >> other AntiSpam technics doesn't > > even compared to postscreen? yes while running postscreen and

Re: Greylisting -- current recommendations?

Am 22.06.19 um 02:49 schrieb Rich Wales: > Any other suggestions? I'm still using greylisting with moderate effects. It catches some percent other AntiSpam technics doesn't Andreas

Re: Mails to gmail bouncing

Am 19.06.19 um 12:53 schrieb Viktor Dukhovni: >> On Jun 19, 2019, at 6:37 AM, Ralf Hildebrandt wrote: >> >> The error message says: >> >> Protocol error: host gmail-smtp-in.l.google.COM[173.194.76.26] said: 250 >> 2.1.5 OK w9si551343wmd.47 - gsmtp (in reply to DATA command) > > Ralf, your

Re: postfix and MTA-STS

Hello Viktor, Am 27.04.19 um 23:26 schrieb Viktor Dukhovni: > The socketmap service could check for DANE TLSA records first, and> return > "dane", it would have to check that the domain is DNSSEC> signed, and then > check whether all of (the first 10 by preference> to reduce delay) the MX >

postfix and MTA-STS

Hello, one way to implement MTA-STS in postfix is a server that generate responses that smtp_tls_policy_maps can consume. I evaluate https://github.com/Snawoot/postfix-mta-sts-resolver... smtp_tls_policy_maps = socketmap:inet:mta-sts-resolver.example:8461:postfix this works, but ... the

unknown tls_ssl_options value "tlsext_padding"

Hello, postfix-3.4.4 linked with openssl-1.1.1b $ postconf tls_ssl_options tls_ssl_options = no_compression, tlsext_padding produce such log: Mar 30 21:04:12 danube postfix/smtpd[9075]: warning: unknown tls_ssl_options value "tlsext_padding" in "no_compression, tlsext_padding" while it does

documentation of mnaillog_file

Hello, http://www.postfix.org/postconf.5.html#maillog_file say "A non-empty value selects logging to syslogd" I think it should say "A empty value selects logging to syslogd" Andreas

Re: Understanding the importance of submission

Am 20.03.19 um 16:18 schrieb Patrick Ben Koetter: > Use submission on TCP/587 for MUA to MTA traffic. Btw: RFC 8314 describe Implicit TLS for POP3, IMAP and Submission on ports 995, 993 and 465. Works fine the usual modern MUAs and eliminate the opportunity for downgrades while talking

Re: Uhm... next bug or my faulty configuration?

Viktor Dukhovni: Your no-BDAT work-around is sufficient until the code is updated along lines below Hello Viktor, Thanks for that patch. I confirm it works like expected Andreas

Uhm... next bug or my faulty configuration?

Hello, updated from 3.4.1 to 3.4.3 and at the same time dovecot-2.2 to dovecot-2.3 ( + pigeonhole) I assume the changes behavior is dovecot/pigeonhole now using the advertised "CHUNKING" extension. Now an echo service (dovecot-2.3-pigeonhole) don't send messages anymore. Reason: "Data command

Re: PATCH: tls reuse and wrappermode (port 465)

Am 19.02.19 um 19:48 schrieb Wietse Venema: > A. Schulze: >>> Feb 19 14:24:09 spider postfix/submissions/smtp[3895]: panic: >>> VSTREAM_CTL_SWAP_FD can't swap descriptors between single-buffered and >>> double-buffered streams > > That was the result of

Re: Patch: 3.4.0-RC2 and 3.5 snapshots (was: DANE issue with postfix 3.4.0-RC2)

Am 19.02.19 um 14:28 schrieb A. Schulze: > > A. Schulze: > >> Viktor Dukhovni: >> >>> diff --git a/src/tls/tls_misc.c b/src/tls/tls_misc.c >>> diff --git a/src/tlsproxy/tlsproxy.c b/src/tlsproxy/tlsproxy.c > > there is an other side effect: >

Re: Patch: 3.4.0-RC2 and 3.5 snapshots (was: DANE issue with postfix 3.4.0-RC2)

Am 19.02.19 um 15:37 schrieb Viktor Dukhovni: >> On Feb 19, 2019, at 7:35 AM, A. Schulze wrote: >> >> Feb 19 13:25:53 spider postfix/master[2282]: warning: process >> /usr/lib/postfix/tlsproxy pid 996 killed by signal 11 >> Feb 19 13:25:53 spider postfix/maste

Re: Patch: 3.4.0-RC2 and 3.5 snapshots (was: DANE issue with postfix 3.4.0-RC2)

A. Schulze: Viktor Dukhovni: diff --git a/src/tls/tls_misc.c b/src/tls/tls_misc.c diff --git a/src/tlsproxy/tlsproxy.c b/src/tlsproxy/tlsproxy.c there is an other side effect: I configured smtpd_tls_cert_file = /etc/ssl/${myhostname}/cert+intermediate.pem smtpd_tls_key_file = /etc/ssl

Re: Patch: 3.4.0-RC2 and 3.5 snapshots (was: DANE issue with postfix 3.4.0-RC2)

Viktor Dukhovni: diff --git a/src/tls/tls_misc.c b/src/tls/tls_misc.c diff --git a/src/tlsproxy/tlsproxy.c b/src/tlsproxy/tlsproxy.c Another issue remains, in that tlsproxy(8) wants unconditional server-side support before it is willing to be a client proxy, and therefore also wants

Re: Patch: 3.4.0-RC2 and 3.5 snapshots (was: DANE issue with postfix 3.4.0-RC2)

Am 18.02.19 um 12:04 schrieb Viktor Dukhovni: > diff --git a/src/tls/tls_misc.c b/src/tls/tls_misc.c > diff --git a/src/tlsproxy/tlsproxy.c b/src/tlsproxy/tlsproxy.c Hello Viktor, I confirm these modifications fix the delivery failure. ... $ sendmail -f sen...@example.org -bv

Re: DANE issue with postfix 3.4.0-RC2

Am 17.02.19 um 22:40 schrieb Wietse Venema: > A. Schulze: >> https://andreasschulze.de/tmp/reuse_on.txt >> https://andreasschulze.de/tmp/reuse_off.txt > > These deliver to different server IP addresses, therefore the > results may differ. the destination MX has IPv4 a

Re: DANE issue with postfix 3.4.0-RC2

Am 17.02.19 um 21:24 schrieb Viktor Dukhovni: Hello Viktor, > If you performed a "reload" to get that to take effect, that would > also have flushed the TLS session cache. And perhaps disabling > connection re-use is a distraction. It may well have been sufficient > to just "postfix

Re: DELIVERY issue with postfix 3.4.0-RC2

Am 17.02.19 um 18:23 schrieb Wietse Venema: > Conclusion: Postfix works as expected? hard to say... delivery deferred if smtp_tls_connection_reuse = yes delivery works if smtp_tls_connection_reuse = no http://www.postfix.org/TLS_README.html#client_tls_reuse say "As of Postfix 3.4, TLS

Re: DELIVERY issue with postfix 3.4.0-RC2

Am 17.02.19 um 16:10 schrieb Wietse Venema: > How do those 'other' connections differ from what is shown above? I don't see differences. This tlsproxy process handled a connection to gmail, outlook.com and some other destinations. All unverified because I did not configure the matching root

Re: PATCH: non-Postfix processes in init mode

Am 17.02.19 um 16:01 schrieb Tamás Gérczei: > Anyway I'm invoking postfix-script in order to start master: I wonder why you don't use "postfix start-fg" available since postfix-3.3.1 (http://www.postfix.org/announcements/postfix-3.3.1.html) Andreas

Re: DELIVERY issue with postfix 3.4.0-RC2

Am 17.02.19 um 15:24 schrieb Wietse Venema: > A. Schulze: >> Hello, >> >> I updated to postfix 3.4.0-RC2 and enabled "smtp_tls_connection_reuse" >> Now I notice delivery problems to "gervers.com". DANE setup looks OK. >> https://dane.sys4.

Re: DELIVERY issue with postfix 3.4.0-RC2

Am 17.02.19 um 14:41 schrieb A. Schulze: > I updated to postfix 3.4.0-RC2 and enabled "smtp_tls_connection_reuse" corrected the subject, as DANE is not necessary related here.

DANE issue with postfix 3.4.0-RC2

Hello, I updated to postfix 3.4.0-RC2 and enabled "smtp_tls_connection_reuse" Now I notice delivery problems to "gervers.com". DANE setup looks OK. https://dane.sys4.de/smtp/gervers.com "posttls-finger gervers.com" also show posttls-finger: Verified TLS connection established to

Re: smtp_fallback_relay TLS with authentication - possible?

Viktor Dukhovni: So yes, you can't have wrapper mode for just the fallback relay. Hello, I had a similar problem some time ago and also found what you sumarize now. I'm still using 587+STARTTLS but that "break" our `more general rule` to prefer implicit TLS over STARTTLS So, at

Re: Regenerating DHparams

Viktor Dukhovni: It is easy to set up a cron job that runs every 30 days, Hello, that's the first time I personally note a specific time windows. Thanks for sharing your position. I also regenerate dhparameter on monthly base, not every month but approximately every half year... if [

postfix & TLS1.3 problems

Hello, today I noticed a significant amount of TLS failures in my postfix log. Oct 11 17:43:35 mta postfix/smtpd[23847]: SSL_accept error from client.example[192.0.2.25]:34152: -1 I traced some sessions and found the problematic client is announcing the special cipher

Re: smtp_tls_policy_maps on a per tls user basis

Stefan Bauer: Am Sonntag, 9. September 2018 schrieb Wietse Venema : Instead, you can use transport_maps to choose between different Postfix SMTP clients (with different configurations) based on the recipient address or domain. You can use the access map or header/body_checks FILTER action

Re: New to Postfix. 3 questions about security functions.

Viktor Dukhovni: Therefore, if a system is upgraded to OpenSSL 1.1.1, Postfix will use 1.1.1 without a rebuild. but the mail log get flooded with ugly warnings: https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_misc.c#L971 I do run postfix-3.3.1 + openssl-1.1.1-pre*

Re: TLS1.3 only

Am 13.07.2018 um 02:43 schrieb Viktor Dukhovni: > That is, you'd need to use "smtpd_tls_mandatory_protocols", assuming > that for the subission service you also have: > > -o smtpd_tls_security_level=encrypt Hello, like assumed it was my mistake. yes, on the submission port I do have "-o

Re: TLS1.3 only

Am 12.07.2018 um 22:39 schrieb Wietse Venema: > A. Schulze: >> Hello, >> >> postfix-3.3.1 + openssl-1.1.1pre8 >> >> For fun I tried to disable all TLS protocol versions other then TLS1.3 >> >> master.cf: >> submission.local inet n - - -

TLS1.3 only

Hello, postfix-3.3.1 + openssl-1.1.1pre8 For fun I tried to disable all TLS protocol versions other then TLS1.3 master.cf: submission.local inet n - - - - smtpd -o smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1,!TLSv1.2 but I'm still able to connect using TLS1.2 $ openssl

Re: openDKIM and postfix

On May 20, 2018, at 7:24 PM, John Levine wrote: > > Has anyone actually seen it happen in the > wild in the past decade? yes, web.de, gmx.net and other domains operated by 1&1 for example. or freemail.de or all the domains hosted by Eleven (today Cyren) For that it /is/ a

Re: Question regarding OpenDKIM milter with Postfix 3.1.0

Am 15.05.2018 um 02:40 schrieb J Doe: > I apologize for asking a question that is only tangentially related to > Postfix, however the OpenDKIM mailing lists do not appear to be accessible. yes, the OpenDKIM lists are unfortunately broken since a long time. I hope I could push the list admin

Re: Question about list.dnswl.org

Am 15.04.2018 um 00:22 schrieb Christos Chatzaras: > I create a new account at www.dnswl.org  and add my > primary domain in their portal. > > I also request them to add my outgoing SMTP IPs (I think they manually check > it before add). > > To query their database, do

Re: Keep Postfix running in the foreground

Eray Aslan: On Wed, Apr 04, 2018 at 07:19:56PM -0400, Wietse Venema wrote: I also need you guys to verify that with the Postfix master running as PID=1, "docker stop" will no longer leave the master daemon running until Docker times out and forcibly terminates everything. By default, "docker

Re: Keep Postfix running in the foreground

Am 04.04.2018 um 19:08 schrieb Wietse Venema: > Eray Aslan: >> On Tue, Apr 03, 2018 at 07:46:42PM -0400, Wietse Venema wrote: >>> I updated both the postfix-script file and the master daemon. >>> >>> I'd appreciate it if someone could verify that this will run the >>> master daemon with PID 1,

Re: Keep Postfix running in the foreground

Wietse Venema: I'd appreciate it if someone could verify that this will run the master daemon with PID 1, and that 'postfix stop' in the container will stop the master daemon. I'll verify that in the next days ... Andreas

Re: Keep Postfix running in the foreground

Am 02.04.2018 um 19:30 schrieb Wietse Venema: > - "") exec $daemon_directory/master > + "") exec $daemon_directory/master -d > + $FATAL "could not start-fg $daemon_directory/master" version 3.3.0 don't contain the "exec $daemon_directory/master" but only

Re: Keep Postfix running in the foreground

Am 02.04.2018 um 16:10 schrieb Michael Segel: > Has anyone successfully implemented a Kubernetes / Docker container setup for > Postfix/Dovecot? it works in my lab environment. $ docker-compuse up -d postfix Creating dockerpostfix_postfix_1 ... done $ docker-compose exec postfix /bin/bash

SMTP session caching

Hello, I like to ask about a documented limitation (http://www.postfix.org/CONNECTION_CACHE_README.html#limitations) "For this reason, the Postfix smtp(8) client always closes the connection after completing an attempt to deliver mail over TLS." I'm concerned becaus I see increasing traffic

Re: Berkeley DB and new install

@lbutlr: I know that the Berkeley DB still works in postfix if compiled with that option, but is it the best choice for a new install of postfix? no I have only a couple of tables that use it, but since I am moving entirely to a new machine and new compiles, I don't want to drag along

Re: smtpd_milters

Am 30.12.2017 um 22:55 schrieb Michael Grimm: > Hi > > After reading http://www.postfix.org/MILTER_README.html there are some > questions unanswered to me. also read the milter documentation part of the opensource sendmail for example at

Re: smtp-sink on ipv4 and ipv6?

Am 05.11.2017 um 19:40 schrieb Wietse Venema: > A. Schulze: >> Hello, >> >> postfix usually listen on both protocols if main.cf contain "inet_protocols >> = all" and myhostname is setup properly. >> May I expect that also for smtp-sink? > > The

smtp-sink on ipv4 and ipv6?

Hello, postfix usually listen on both protocols if main.cf contain "inet_protocols = all" and myhostname is setup properly. May I expect that also for smtp-sink? $ host mail.example.com mail.example.com has address 192.0.2.25 mail.example.com has IPv6 address 2001:db8::25 $ smtp-sink

Re: sendmail cannot read CDB tables

Am 23.10.2017 um 17:16 schrieb Ulrich Zehl: > On Mon, Oct 23, 2017 at 01:37:19PM +, Scott Kitterman wrote: >> >> On October 23, 2017 9:15:17 AM EDT, Ulrich Zehl >> wrote: >>> When I try to use a CDB table for authorized_submit_users with Postfix >>> 3.1.6, the

Re: is this the correct DKIM mailing list ?

Am 19.10.2017 um 20:34 schrieb Fazzina, Angelo: > http://mipassoc.org/mailman/listinfo/ietf-dkim > I joined but after a few days nothing but crickets after my post to the list. I cannot see your post to that list: http://mipassoc.org/pipermail/ietf-dkim/ You should check your subscription. >

Re: bcc emails to two addresses

A. Schulze: (braindump, I'll post an update tomorrow if I'm wrong...) pcrefile: /^(.+)\@(.+)$/ someuser+$1_at_$2@archive transport_maps: archive smtp_to_archive: main.cf: recipient_bcc_maps = pcre:/path/to/pcrefile transport_maps = hash:/path/to/transport_maps

Re: bcc emails to two addresses

Am 18.10.2017 um 14:54 schrieb Tavolodo Bela: > Hello, > > I have a mail server running postfix, and another server running an email > archive software > which can talk smtp. > > Postfix is configured to pass a copy of each emails to the archive, using > always_bcc = someuser@archive > >

Re: OpenDKIM SOCK path on Debian Jessie

Am 16.10.2017 um 18:51 schrieb Davide Marchi: > SOCKET="local:/var/spool/postfix/var/run/opendkim/opendkim.sock" vs. > smtpd_milters = unix:/var/run/opendkim/opendkim.sock > non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock postfix and sendmail/milter use different notation to describe

Re: Strange issue with reject_unverified_recipient (LMTP/Dovecot)

Am 15.10.2017 um 15:29 schrieb Jozef Matický: > Hello Andreas, > > Had some users complaining about mailboxes (and catch-alls) they created were > not accepting e-mails - Postfix, due to caching, was rejecting the e-mail as > if the mailbox wouldn't exist (apparently due to a fact someone was

Re: Strange issue with reject_unverified_recipient (LMTP/Dovecot)

Am 14.10.2017 um 23:23 schrieb Jozef Matický: > Hello, > > I've been struggling with this for about a week now. > In smtpd_recipient_restrictions I have reject_unverified_recipient. > For recipient address verification I'm using Dovecot's LMTP. > Everything is working as expected when

Re: address verification and tarpitting

wietse: A. Schulze: Hello, we're facing the following problem: postfix is configured to verify recipient addresses. The backend servers are mostly Exchange in various versions. Many of them use tarpitting. We guess that are default values. The address probe sent by postfix receive

address verification and tarpitting

Hello, we're facing the following problem: postfix is configured to verify recipient addresses. The backend servers are mostly Exchange in various versions. Many of them use tarpitting. We guess that are default values. The address probe sent by postfix receive a result after 5 seconds delay.

Re: postfix/postqueue[5742]: panic: vbuf_print: output for \%s\ exceeds space 0

A. Schulze: off-list... ok not "off list", my fault :-)

Re: postfix/postqueue[5742]: panic: vbuf_print: output for \%s\ exceeds space 0

wietse: OK, now please (install and) use ltrace. This provides more details what happens in postqueue itself (strace gives insight into system calls, i.e. the postqueue-kernel interface). off-list... I installed ltrace. I modified pfqgrep: $mailq = "/usr/bin/ltrace /usr/sbin/postqueue -p

Re: postfix/postqueue[5742]: panic: vbuf_print: output for \%s\ exceeds space 0

wietse: A. Schulze: postqueue: panic: vbuf_print: output for '%s' exceeds space 0 this is pfqgrep: $mailq = "/usr/sbin/postqueue -p |"; # added 'strace -f' here open(MAILQ, $mailq) or die; while () { # read from STDIN } execve("/usr/sbin/postqueue", [

postfix/postqueue[5742]: panic: vbuf_print: output for \%s\ exceeds space 0

Hello, I found the message in my logs. It turns they where triggered by a housekeeping script. I did "qshape deferred" and used the first row (domainname) as argument to pfqgrep -r For long domainnames qshape shorten the output and prefix the domain with a '+' character. (described in

Re: NOTIFY=SUCCESS in Milter

Am 03.08.2017 um 07:32 schrieb Tomas Macek: > I'm trying to get to know, if there is a chance to see in Milter that the > "NOTIFY=xxx,yyy,zzz" was specified by a client at rcpt to command Hello Tomas, from the milter API Doku: xxfi_envrcpt: ctx Opaque context structure. argv

Re: verification levels and Milter (solved)

Am 31.07.2017 um 20:43 schrieb A. Schulze: > seeing cert_subject + cert_issuer inside a milter may be an indicator of > "trusted connection" > and report my findings ... as Viktor said: a milter get issuer and subject only for connections SMTPD also log as "trusted&quo

Re: verification levels and Milter

Am 31.07.2017 um 20:16 schrieb Wietse Venema: > I looked at the code for the cleanup daemon which is TLS unaware. > So the corrected reply would be that we may have partial support. Hello, thanks to all. I'll give Viktor's point a try: seeing cert_subject + cert_issuer inside a milter may be

verification levels and Milter

Hello, postfix smtp server may classify incoming TLS sessions as anonymous, untrusted and trusted. (http://www.postfix.org/FORWARD_SECRECY_README.html#status) Is it possible to access this information from within a milter? I did not found such funktionallity on

Re: Forward to gmail and DMARC

Am 17.07.2017 um 09:48 schrieb Alex JOST: > AFAIK Authenticated Received Chain (ARC) was designed for exactly this use > case. Wondering if anyone has some experience with it or knows if Gmail is > already honouring ARC-headers. yes, there are multiple ARC implementations between alpha and

Re: Forward to gmail and DMARC

Am 16.07.2017 um 02:55 schrieb Peter: > When Google sees SPAM coming form your server it will > affect your server's IP reputation with Google "your server's IP" has to be clarified: as far as I know it's /32 for IPv4 and /64 for IPv6 ... Andreas

Re: Forward to gmail and DMARC

Am 15.07.2017 um 00:15 schrieb @lbutlr: > On 14 Jul 2017, at 09:41, Dominic Raferd wrote: >> Me: >>> Automated? Or is that something you do manually? >> >> Yes I have it automated > > Oh, we'll that would be nifty to see what you've done if it's not too much >

Re: Any better ideas for grabbing Yahoo's known SMTP servers?

Am 01.05.2017 um 06:19 schrieb Steve Jenkins: > Yahoo! has always been problematic (no surprise) because unlike all the other > big mailers that Postwhite queries, they don't expose the IP addresses of > their outbound mailers via their SPF records. Hello Steve, SPF is intended for an other

Re: connection caching - limitations

Viktor Dukhovni: You've provided no information on where the performance bottleneck lies. What are the averages of the delays=a/b/c/d log values? Thanks to Viktor for the reminder to "proof the performance bottleneck" Today I send 5k messages and /measure/ the times. time for i in `seq 1

Re: connection caching - limitations

Am 21.04.2017 um 16:08 schrieb Viktor Dukhovni: > Message injection via sendmail(1) is much less efficient than injection > via SMTP. The message is synced to disk twice, and the pickup(8) service > can only process one message at a time, while SMTP inject can handle > multiple messages in

connection caching - limitations

Hallo, that's my (legacy) setup: a script generate 10k message files, same sender, different receiver. they are injected using "sendmail -t -f sender < messagefile" in the local MTA The MTA is configured to forward all messages to a central MSA. This MSA require authentication and STARTTLS

  1   2   3   >