We've got a postfix mail server running postscreen that is configured to make
use of the postscreen_dnsbl_whitelist_threshold feature. The postfix version
is 3.0.3. Things have been working really well for the last 6 months, or so.
However, we have recently discovered an issue where it seems
Thanks for your reply. Attached is my postconf -n output. The only
smtpd_sender_restrictions we have in place are:
"reject_unknown_sender_domain"
thanks,
Bryan
--
Bryan K. Walton 319-337-3877
Linux Systems Administrator Leepfrog Technolo
The hosts in question are scoring in the
negative numbers and SHOULD be exempt from the after 220 greeting tests. As
mentioned in my first email, the host in question is scoring -8. I'm
whitelisting any host that scores below -2.
-Bryan
--
Bryan K. Walton
On Wed, Dec 02, 2015 at 01:55:01PM -0500, Bill Cole wrote:
> My mistake: I didn't look carefully enough at what
> postscreen_dnsbl_whitelist_threshold is supposed to do. Sorry for the
> rapid-fire noise.
>
> Theory: Your 8 DNSBL lookups are not all completing fast enough for
> postscreen to make a
uld fly
> right through Postscreen.
Thanks Steve. I'll take a look at that.
-Bryan
--
Bryan K. Walton 319-337-3877
Linux Systems Administrator Leepfrog Technologies, Inc
Hi,
Is there a way to extract the information stored in the postscreen_cache that
postscreen uses for its temporary whitelist? We'd like to be able to see what
domains/IPs are whitelisted at a given time.
Thanks,
Bryan
On Thu, May 28, 2015 at 04:43:50PM -0400, Wietse Venema wrote:
>
> The format is not documented because it is Postfix internal and
> subject to change without warning. The table is locked for exclusive
> access; if you try to read the table anywan, then you may read
> garbage. The only exception
Is it possible to combine header/body checks in such a way:
If /^(From|Return-Path):.*\b(user@testdomain\.org)\b/
! /^Message-ID:.*@(testdomain\.org)/
Reject ...
Essentially, I want to only reject a message if the From/Return-Path
matches a specific email address AND the Message-ID doesn
On Mon, Dec 24, 2018 at 09:02:53AM -0500, Wietse Venema wrote:
> > Is it possible to combine header/body checks in such a way:
> >
> > If /^(From|Return-Path):.*\b(user@testdomain\.org)\b/
> > ! /^Message-ID:.*@(testdomain\.org)/
> > Reject ...
>
> That is documented as NOT POSSIBLE.
>
>
On Thu, Dec 27, 2018 at 10:07:46AM -0500, Viktor Dukhovni wrote:
> The checks are applied to *ONE LOGICAL HEADER AT A TIME*.
> So while the patterns can nest, they are matching the
> content of a *single* logical header line, not the entire
> message header.
Thanks, Viktor and Wietse.
I understan
Apple, Google, Microsoft, and Mozilla have all announced that they will
be deprecating TLS 1.0 and 1.1 in March 2020, in their web browsers.
Similarly, SSL Labs has announced that they will be downgrading web
server scores to a maximum of B, starting in January 2020, if that
webserver supports TLS
On Wed, Nov 06, 2019 at 11:16:17AM -0600, Blake Hudson wrote:
>
> On port 25 server to server connections, I agree with the sentiments of
> others on this thread and think disabling TLS1.0/1.1 is a bit premature at
> this time for most organizations.
Thanks, Victor and Blake! Your replies answere
May I request a correction to the announcements page:
http://www.postfix.org/announcements.html
For the last three annoucements, the page has erroneously mentioned
the 3.3.x update as a 3.2.x update:
Example:
"June 4, 2020: Postfix stable release 3.5.3 and legacy releases
3.4.13, 3.2.11, 3.2.16
We have two Postfix servers. Currently, none of them allow relaying.
We accept incoming email only from authenticated users and from
mail servers sending mail to any domain where we are the final
destination.
We are considering setting up an SMTP smart host server for a few
entities that would be
I apologize. I messed up the subject line on my first email.
On Tue, May 11, 2021 at 10:52:07AM -0500, Bryan K. Walton wrote:
> We have two Postfix servers. Currently, none of them allow relaying.
> We accept incoming email only from authenticated users and from
> mail servers sendin
On Tue, May 11, 2021 at 07:38:18PM +0300, IL Ka wrote:
> If no, then you should use SASL to auth the client.
> Be sure to force TLS ( smtpd_tls_auth_only) in this case.
> You can also enable client certificate verification (see TLS_README) to
> make the system even more secure.
> Also, use "smtpd_s
16 matches
Mail list logo
