Viktor Dukhovni:
> They are best left alone, but can be deleted with care, something
> along the lines of:
>
> # postfix stop
> # postsuper -s
> # cd /var/spool/postfix
> # (find defer -type f -print;
> find deferred -type f -print) |
> perl -lne '
>
Wietse Venema:
> > To avoid [incompatibility] with Sendmail, Postfix would have to
> > implement the same behavior as Sendmail: ignore the MTA's own
> > received header when reporting headers to Milters, but don't ignore
> > the MTA's own received header when receiving Milter requests [...].
>
> I
Am Do, 25.09.2014, 23:16 schrieb Wietse Venema:
>> In the RELEASE_NOTES:
>>
>> - Milter clients and policy clients with non-default settings:
>> smtpd_milters = {inet:host:port, timeout=xxx, default_action=yyy}, ...
>
> This is now implemented for Milters.
Also from me: Thank you.
this is the de
André Rodier:
> I cannot see in the SpamAssassin rules documentation a way to add
> headers.
point for you. Adding any header with SA isn't possible at a first view.
You may ask again on spamassasin-users
Andreas
André Rodier:
> I am looking for a milter script (mail filter) that would classify
> emails automatically. Something in Perl, for instance.
you could use spamassassin for that purpose, too.
write your own SA rules and your done.
Andreas
Wietse Venema:
> Since the stats would be logged at the end of a session, they can
> be logged in the "disconnect" record.
Hello Wietse,
the proposal sounds good. Such intormation could be helpful.
Do you think it should be logged always or only while debugging?
I use to "postconf -e "debug_peer
Viktor Dukhovni:
> > I like to do some statistical analyses how often my MTAs will destroy DKIM
> > signatures for example.
>
> Sing after 7-bit downgrade, and DKIM signatures will never be broken.
impossible because I'm not the originator but provide only a relay service.
> > Are there other sit
Mauricio Tavares:
> Content-Transfer-Encoding: 8bit
>
> Italienisches Olivenöl
depending on your shell it's possible the 'ö' is encoded as 2 byte in UTF-8.
so you may need a charset declaration, too.
does your test pass if you simply replace ö by oe ?
that way you may check if you test the right
Wietse Venema:
> With the following patch, the pipe(8) daemon logs some command
> output after successful delivery as:
...
> --- ./src/global/pipe_command.c Thu Jun 5 14:27:06 2014
> --- ./src/pipe/pipe.c Thu Jun 5 15:01:48 2014
> --- ./src/tls/tls_server.cTue Jun 3 08:43:10 2014
Hel
Hello Wietse,
as promised, I like to reply to this question ...
Viktor Dukhovni:
For an SMTP client per-record log entry I'd suggest a very condensed
format:
smtp[pid]:
QUEUE-ID:
to=,
[orig_to=,]
[security=none|passive|active,]
in which "passive" prot
Viktor Dukhovni:
> It may be simpler to upgrade your system.
yes, upgrade would be best but sometimes,
older crypto is not as painfull as it should be
Andreas
Robert Schetterer:
> > openssl 0.9.8j and Postfix 2.11.1.
> maybe a suboptimal mixture
any hint's to build postfix + openssl-1.x on a system based on openssl-0.9.x ???
I also avoided building openssl from source for good reasons over the last
years.
But I'm open to try.
Andreas
Alexandre Ellert:
I'm going to test by adding a first useless header in the policy
server and see if things works in the milter.
also consider using a milter based SPF checker. Lock at the
opendmarc-users archive for suggestions.
Andreas
Robert Schetterer:
warning: TLS library problem: error:1409442E:SSL
routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1099:SSL
alert number 70:
your smtpd do not support TLS1.1/1.2 so you cannot disable it's usage.
But you cannot avoid other smtp clients trying to speek to you t
Oriental Sensation:
smtps inet n - n - - smtpd
-o smtpd_milters=inet:smtp:10025
I used to define macros for each milter in main.cf:
dkim_milter = inet:[127.0.0.1]:10025
dmarc_milter = inet:[127.0.0.1]:10026
and use them in master.cf:
smtp inet
lists:
To get a "+", the descriptions says:
"Your system requires authentication (AUTH) on port 587 before the
MAIL FROM command is issued"
that is pure nonsense
+1
you cannot enforce any client to not send any command.
but you can enforce proper answers.
Andreas
LuKreme:
> OK, what is pfqgrep? I don't see it in my ports tree?
see http://www.arschkrebs.de/postfix/scripts/
wietse:
But wait, there is more
does not sound like an easy job.
just an idea: if the timestamp of a queuefile is relevant, could a
changed time
of a queuefile be interpreted as "bounce immediately" ?
for example timestamp to a fixed date near 1.1.1970
Andreas
wietse:
I don't know what people are asking for:
1 - Bounce all recipients of one specific queue file
2 - Bouncing only specific recipients
option 1 (for me)
in case of trouble I do
- mailq for visual overview
- pfqgrep -r/-s address -i | postsuper -d -
In this context it would someti
Wietse Venema:
> There is a problem with your patch: it turns off forced DSN for all
> SMTP clients that are serviced by the same SMTP daemon process.
Oh, yes, now I see it too. var_force_dsn_on_success is global per process?
My usecases never trigger that situation.
One point more to use your su
Wietse Venema:
> Assuming that you haven't configured a global policy of "all mail
> deliveries shall use TLS",
that's exactly the limitation Peer has in mind.
Andreas
Birta Levente:
Yes, but you sould give some reason why is bounced ... which IMHO is
something permanent ...
good point!
# postbounce
so you just set up one time some map and no more care about that problem.
just this is unwanted and the reason for the request.
Andreas
Birta Levente:
Why not just delete from the queue?
from senders perspective that message is lost.
sometimes it's useful to clear bounce back to sender.
Andreas
Hello,
DSN for successfully deliveries are not enabled by default. They have
to be requested
by an smtp client using extra parameter on RFC5321.MAILFROM an RFC5321.RCPTTO
But not every MUA has the ability to do this. Some years ago I had a
requirement to
force DSN on successfully deliverie
Peer Heinlein:
I'm thinking about a way how to bounce mails manually *without* setting
up a transport-map. Just bei CLI by the admin for a given Queue-ID.
I'd love having a postsuper-commando to move a mail into "the bounce
queue". Is something like that possible?
thanks for the question.
I
Noel Jones:
To detect missing headers you'll need a content filter such as
SpamAssassin.
opendmarc-milter implement a test to verify RFC5322-required headers
(RFC5322 3.6)
The feature is new, available in the 1.2.0 Beta only.
(https://sourceforge.net/projects/opendmarc/files/Pre-Releases/)
Solk Maaker:
If user sends mail from domain1 (virtual domain) to domain2 (virtual
domain) in same machine, mail is signed but signature is not
verified - not OK.
From DKIM's perspective it really makes no sense to validate a
signature generated by yourself.
( How often do you check you
Noel Jones:
Probably the minimum is myhostname and the key/cert files. Something
like:
# master.cf
10.0.0.101:25 inet n -n - - smtpd
-o myhostname=old.example.com
-o smtpd_tls_key_file=/path/to/old.key
-o smtpd_tls_cert_file=/path/to/old.cert
10.0.0.102:25 inet n -
Hello,
I have to add a "Reply-To" Header in (smtp-) submitted messages.
Adding it unconditionally using PREPEND result in messages with more
then one instance
of this header which violates RFC5322.
Is there a way to add a header _only_ if not present?
Thanks
Zitat von wie...@porcupine.org:
Postfix 2.11.0 stable release candidate 1 is uploaded to ftp.porcupine.org
and will appear on mirror sites in the next 24 hours.
2.11x is running here on different hosts without problems.
Andreas
Hello,
the documentation to these parameters refers the NSA website. However
the links are broken.
Also I don't feel very comfortable these days if postfix uses crypto
approved by NSA :-/
Andreas
Am 23.12.2013 13:13 schrieb Wietse Venema:
> Please check out the updated text at
> http://www.porcupine.org/postfix-mirror/FORWARD_SECRECY_README.html#quick-start
>
> This clarifies what is/isn't optional and why one might want to
> make some change. Only those who want the gory details should
>
Am 15.12.2013 22:08 schrieb Patrick Ben Koetter:
> % unbound-control flush
I prefer "unbound-control flush_zone " because "flush" don't flush TXT
Andreas
Zitat von Luigi Rosa :
The main goal is to deliver to ISP SMTP the mail rejected by destination MTA
because it thinks that my MTA is not reliable and the causes of this
rejection cannot be solved.
try smtp_fallback_relay and maybe soft_bounce
Andreas
Zitat von Viktor Dukhovni :
For bonus points, you could look at "smtpd_tls_askccert" and
"smtpd_tls_req_ccert". If either is set to "yes", append ':!aNULL'
to the raw openssl cipher list.
could you please tell more about that?
Andreas
Zitat von Viktor Dukhovni :
With smtpd(8) there are no implicit exclusions so you can build the
full list yourself if you want. For example with opportunistic TLS
(may):
$ server_ciphers() {
local use skip ciphers exclude e
case $1 in
may)
use="tls_exp
Zitat von Viktor Dukhovni :
Any evidence of other legitimate MTAs that now routinely fail TLS handshakes?
no, I don't saw more TLS errors.
There is a usual noise of TLS failures that didn't changed.
Andreas
Zitat von Viktor Dukhovni :
On the other hand, some Exim MTA SMTP clients (patched by a
well-meaning, but under-informed Debian maintainer) don't support
DH primes shorter than 2048 bits.
I had trouble to receive messages from those sites too.
I changed smtpd_tls_dh1024_param_file to use a 2
Am 12.11.2013 13:50 schrieb Simon Loewenthal:
> smtpd_milters = unix:/spamass/spamass.sock
try a relative pathname:
smtpd_milters = unix:spamass/spamass.sock
chroot or not chroot, it's always relative to the current directory
( postconf ${queue_directory} in most cases )
Andreas
Am 12.11.2013 13:50 schrieb Simon Loewenthal:
> Values running smpd in default chroot environment, and smtp chroots to
> /var/spool/postfix.
use inet sockets. that avoid any socketpath/chroot problems.
works perfect in most cases until the inet overhead hurts. And it hurts
only at *very high* me
Hello,
looking in the archive there are multiple question like "howto access
the queueid from pipe service"
(http://marc.info/?l=postfix-users&s=pipe+queueid)
I had the same problem some times ago and wrote a patch.
Now I have the possibility to use the pipe command in master.cf like
descr
41 matches
Mail list logo
