Question to Wietse

Hi, sorry to use the list to contact you, but I tried to send you a mail off the list and it is not deliverable (yet): mailq -Queue ID- --Size-- Arrival Time -Sender/Recipient--- 5191D520B4 6013 Sat Oct 9 09:54:10 c...@roessner-network-solutions.com (host spike.porcupine.org[16

OT: dns whitelisting with a postfix policy service

and yes, of course that is open source. Thanks for feedback and maybe helping hands?? Best wishes Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network

Re: OT: dns whitelisting with a postfix policy service

who have proven good reputation will have a chance of easy going mail traffic. That is the idea behind it. Maybe I am wrong. Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http:/

Re: OT: dns whitelisting with a postfix policy service

e fun Christian Am 14.10.2010 um 15:49 schrieb Christian Roessner: > Hi, > >> Actually using a WL to let email through does not appear to have any >> advanatage except for the WL vendor. >> >>> Ah and yes, of course that is open source. >> >> Thanks fo

recipient limit in policy service

Maybe it would be able to make that configurable? I think, if the problem (20 user, one reject) happens, a policy server would have to decide DUNNO in such a situation. Or is that something that needs to be implemented in a pre-queue milter? Any help is welcome And many thanks in advance Chri

Re: postfix in an IPv6 network

/8, 10.1.0.0/16, [::1]/128, [2a01:4f8:61:8222::]/64 These settings work for me. So maybe it gives you an idea. Regards Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com PGP.sig Description: Signierter Teil der Nachricht

Re: DNS Whitelisting

> > I'm working on Spamhaus' new whitelist where our goal is to list only > mail sources clean enough that you can skip the rest of the filtering. > (So far so good, but it's still pretty small.) > > You're welcome to use it. The IP address version is at swl.spamhaus.org. > > For people who lik

Spamhaus DWL in postfix

t one already. Many thanks in advance Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com PGP.sig Description: Signierter Teil der Nachricht

Re: Spamhaus DWL in postfix

deal with the DKIM verification, as of writing this, I use amavis for signing/verifying. So one question is, if DKIM verify for VBR must be done in the milter, too, or if we can find another mechanism. If people are interested in such a project, I would open extra mailing lists. Feedback is we

Re: Spamhaus DWL in postfix

>> I am interested in including the DWL feature from SpamHaus into >> postfix. > Wietse: >> DWL requires content external content inspection. For example, a >> Milter, or a before-or-after-queue SMTP-based filter. Either approach >> can be used to verify the DKIM signature and the VBR header. > >

Understanding TLS

Hi, first of all, I am not an SSL expert, so I hope you could help me understanding something. I have Postfix configured as MSA/MTA with latest postfix experimental. On port 25 of the mx0.roessner-net, which is the main mail exchanger for other MTAs, I do not offer AUTH, but want to offer START

Re: Understanding TLS

>> When I use telnet to connect to mx0.roessner-net.de 25, waiting for >> postscreen to allow me sending EHLO, I only get the following list of >> commands: >> >> Trying 78.46.253.227... >> Connected to mx0.roessner-net.de. >> Escape character is '^]'. >> 220-mx0.roessner-net.de ESMTP >> 220 mx0

Re: Understanding TLS

> Take a look at postscreen(8): > | BUGS > | The postscreen(8) built-in SMTP protocol engine does not announce > | support for STARTTLS, AUTH, XCLIENT or XFORWARD Thanks. That helps ;-) Christian PGP.sig Description: Signierter Teil der Nachricht

PREPEND problems

Hi, I am a little bit stuck with prepending one and exactly one additional header to outgoing mails that are sent from local users. In fact I want to add a VBR-Info:- header for outgoing mails. Local users use a seperate MSA port (own IP-socket in master.cf). The socket is configured with smtp

Re: PREPEND problems

Hi again, > # header_checks > > if !/^VBR-Info:.*roessner-net(work-solutions)?/ > /^From:@roessner-net\.com/ PREPEND VBR-Info: > md=roessner-net.com; mv=dwl.spamhaus.org; mc=all > /^From:@roessner-network-solutions\.com/ PREPEND VBR-Info: > md=roessner-network-solution

Re: PREPEND problems

> > Yes, that will work fine if you put your check_sender_access rule under > smtpd_data_restrictions. > I am unsure if that works. I thought that check_sender_access only uses the envelope-from tag. So where is the difference between putting it in smtpd_recipient_restrictions or waiting for

Re: PREPEND problems

>> DATA >> . <-- Testing after this point, if in smtpd_data_restrictions. But >> does this behave differently then the above? > > > Of course it works. And BTW, smtpd_data_restrictions are run after the DATA > command, not after the dot -- that's smtpd_end_of_data_restrictions. > :-) > With

Re: PREPEND problems

>> With the default smtpd_delay_reject=yes, smtpd_{client, helo, sender, >> recipient}_restrictions are repeated for each recipient, but >> smtpd_data_restrictions are run only once. >> > That is really good to know and makes things much easier now. I give it a try. Thanks :-) Works. It is fru

Re: PREPEND problems

Hi all, really thanks for all info, but the problem already is fixed. It needed help here for the check_sender_access adding to smtpd_data_restrictions and the help of Mark Martinec for amavisd-new, to get header_checks working in a dual setup MSA/MTA. Many thanks for all your help. It works

Re: How not to reject invalid recipient domains (here: aol.com)

> apparently, aol.com is currently not resolved via DNS (at least in Germany). > > How can I have postfix queue mails to AOL and retry delivery in that case > instead of bouncing the mails? Did you play with this parameter? maximal_queue_lifetime (default: 5d) The maximal time a message

Re: How not to reject invalid recipient domains (here: aol.com)

>> How can I have postfix queue mails to AOL and retry delivery in that case >> instead of bouncing the mails? > > Did you play with this parameter? > > maximal_queue_lifetime (default: 5d) > The maximal time a message is queued before it is sent back as > undeliverable. Sorry, my fault.

Re: Available: preliminary postscreen STARTTLS support

xy line. I added it with a comment sign, read from the POSTSCREEN_README. The current master.cf is missing it. So far, hope you don't mind my little comments :-) I wish you all a good change from old->new year. Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahr

postscreen question

) Jan 1 15:17:14 mx postfix/postscreen[13261]: close database /var/lib/postfix/ps_cache.db: No such file or directory (possible Berkeley DB bug) Good new year Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176

Re: postqueue command error???

Hi, > > What's wrong with postqueue -f? > > > config_directory = /usr/local/etc/postfix > What, if you specify postqueue -c /usr/local/etc/postfix -f Christian

relay question

Hi, sorry, if this question might sound a bit stupid, but if I specify relay_recipient_maps with all valid recipients that postfix should relay for, why does it need relay_domains set? As an example: I have connected relay_domains to LDAP and have an object that returns all domains. I also hav

vim syntax for 2.8.0

Hi, I have added all dnsblog*, tlsproxy*, postscreen* and main keywords to pfmain.vim (this file is taken from Ubuntu Lucid). If you like to have syntax highlighting for vi, put it under .vim/syntax/ Regards Christian pfmain.vim.gz Description: GNU Zip compressed data --- Roessner-Network-S

Re: Success story: smtpd_reject_footer

really a cool idea *ironic* IMO: Adding the page is really nice and should give a remote postmaster enough information to either fix his/her setup or contact you (postmaster@). Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49

Re: delay some particular addresses ?

Hi, >>> Would it be possible to delay the arrival of some particular addresses ? >>> ( ala greylisting but only for a list of addresses ) >> This requires a Milter or policy plugin. you can use postgrey and a (pcre-) map, which triggers a restriction_class Not sure, if you want it for sender or

SASL auxprop ldapdb result attribute

tell auxprop ldapdb to ask for this attribute and not userPassword? I know this question is somewhat off topic. But which is the right place? Guess post_masters_ for sure can help me :-) Thanks Christian -- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F:

Re: SASL auxprop ldapdb result attribute

if not modifying ldapdb code, which I am not going to do). So dovecot seams to be really a great solution for authentication ;-) Never mind Christian -- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE2

smtpd running chrooted

be enough. I have no idea, what libs, etc. are also required to be copied to chroot. Thanks for helping me in advance Christian -- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http

Re: smtpd running chrooted

--> which needs to be copied from /etc/ldap/ldap.conf Create random and urandom devices in /var/spool/postfix/dev After that postfix/smtpd will run fine with sasl/external/ldapdb in a chroot environment. Christian -- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gie

Re: Ubuntu/Debian Postfix 2.8.x repository

Hi, > Do you know any reliable Debian/Ubuntu repositories for the > newest Postfix 2.8? http://mysourceco.de Is my repo. Clean patches to Postfix. It is in fact cloned from the Debian 2.7.0, but with review! It also has Dovecot 2.09+Pigeonhole in it. Regards Christian --- Roessner-N

Postfix smtpd/tls segfault problem

ed by signal 11 Turning the loglevel back, everything works as before. So I thought, you might be interested in that report. Tonight I am going to turn on GDB and try to get a backtrace. But maybe someone else might confirm this in the meantime. Best wishes Christian --- Roessner-Network-Sol

Re: PATCH: smtpd/tls segfault with smtpd_tls_loglevel >= 3

Hi, Am 07.02.2011 um 15:39 schrieb Wietse Venema: > Wietse Venema: >> Christian Roessner: >>> I double checked that cacert.org's cert is in that path as well >>> and that the c_hash exists, too. I did not find an answer and so >>> I only changed the log l

Re: PATCH: smtpd/tls segfault with smtpd_tls_loglevel >= 3

s TLS connection established from mx0.roessner-net.de[78.46.253.227]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) It is working now. @Mark: New packages are available, including this fix. Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 6

Re: Ubuntu/Debian Postfix 2.8.x repository -- general chroot question

ore features you enable that use external libraries, or resources or > talk to external services, the more supporting files are needed in the > chroot jail... But I also could say: The more features you enable, the more experienced you probably are. Christian --- Roessner-Network-Solutions Bache

Re: greylisting with postscreen?

uldn't this same client come back after 300 seconds, too? And so skipping the greylisting barrier? Or are there some bots outside that can do that? But even then, they might be lucky at a later time, when the host, where they live on, returns (even with dynamic IP; just a question of patie

Re: question about single user

he SQL query should not give a result for that user. I am not a SQL expert, but I do the same with LDAP. And if that works with saslauthd, no idea, too, because I use sasl-auxprop (ldapdb). Regards Christian -- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen

Re: Postfix stable release 2.8.1 available

Hi, > Postfix stable release 2.8.1 is available. This release fixes one > "signal 11" bug with SMTP server debug logging, and cleans up some > code and documentation. Ubuntu packages done. https://launchpad.net/~christian-roessner-net/+archive/ppa - I dropped HP-UX patches f

Re: Postfix stable release 2.8.1 available

ause existing configurations won't be touched by the distro and newly installed instances do not have disadvantages. I have not modified the init script, so people still can do chrooting and the init script will work as always. Regards Christian -- Roessner-Network-Solutions Bachelor of Sc

Re: Postfix stable release 2.8.1 available

27;t the place to discuss > it. > This is my last comment on this thread. your answer overlapped my last personal answer to you. Never mind Christian -- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE

automatically rewrite sender address depending on RCPT TO

dependent? Maybe I think too complicated. I would use this only on the submission port, which is defined in master.cf. Thanks in advance Christian -- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.:

Starting postfix

upstarts man page that they close stdin, stdout and stderr before starting a job. Would the upstart script lack of some functionality or do have other problems? My systems currently run with this upstart script and yet I don't see any differences. Thanks Christian --- Roessner-Network-Solu

Re: Starting postfix

Hi, > The only supported way to start Postfix is "postfix start", using > the commands provided with /etc/postfix/postfix-script. > > DO NOT TINKER WITH THIS. > > SUSE people discovered years ago that their home-grown approach to > stop Postfix would terminate a lot more processes than just Po

Re: Starting postfix

ng that breaks postfix. That is the reason why I ask here/you to learn and to understand and in this case: to find another solution. Thanks Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-I

Re: Starting postfix

## This can be called with exec in upstart and doing a stop is easy, too, because I simply call /usr/sbin/postfix stop in a post-stop script block. So if this is okay, I would use it. It is some kind of silly, but I tested it here on my workstation and it does the job. B

Re: Starting postfix

ike me (and my idea was based on Apple's practise, like they DO START postfix with launchctl on Mac OS X Server edition). Anyways. If someone likes to help me doing further coding on the python code, he/she is welcome. @Andreas: Du bist doch aus Deutschland? Kannst mich gerne mal anschreiben;

Re: Starting postfix

this thread, as I already have shown a script that does the job. Thanks Christian -- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com

Re: Starting postfix

y provide something? Do not get me wrong please. I really like to learn and even when you got me totally wrong at the beginning of this thread, I never had something bad in mind. Just coming here and trying to find a solution. Is that ok so far? Is there anything that I can do to help? Best wishes

Re: Starting postfix

exec/postfix/master in the plist. That should not be critics. My friend Lars runs three X-Serve servers. One Tiger, Leopard and before posting here, I asked him to please just look into the plist and tell me, what is called. I do not know for Snow Leopard I must admit. Was that said wrong

Re: Starting postfix

Am Samstag, den 26.02.2011, 08:51 +0100 schrieb Christian Roessner: > Hi, > > > This got my attention because I run the Apple provided Postfix (2.5.5) on > > Mac OS X client (10.6.6 specifically). What do you know - when I look at the > > launchctl plist Apple provides t

postscreen pregreeter DNS trick

this) and saw the usage of getaddrinfo() and pointered lists and stuff; not sure if I really understood, but would Postfix use a next client IP, if one temp fails? Has the second-MX solution any advantages? Should I stay on the current setup? Thanks for bringing light :) Christian -- Roessner

Re: postscreen pregreeter DNS trick

> > Has the second-MX solution any advantages? Should I stay on the current > > setup? > > Your current setup looks fine. thanks for explaining the different aspects :) Christian -- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F:

Re: Multiple Instances Question

l. [...] -o smtpd_tls_cert_file=/ca/mail./newcert.pem -o smtpd_tls_key_file=/ca/mail./newkey.pem -o smtpd_tls_security_level=encrypt [...] with each having its own certificates in master.cf. Maybe I did not get the point yet :-) Christian -- Roessner-Network-Solutions Bache

Re: Virtual domain aliases

${ldap}/relay_domains.cf relay_recipient_maps = pcre:${map}/roleaccount.pcre, ${ldap}/relay_recipient_maps.cf virtual_alias_maps = ${ldap}/relay_recipient_maps.cf And do not add "it" to mydestination please. Best wishes Christian -- Roessner-Network-Solutions Bachelor of

Re: smtpd_proxy_options=speed_adjust

Am 21.07.2011 17:43, schrieb Robert Schetterer: > Hi, > is smtpd_proxy_options=speed_adjust > known for any problems ? Do you have any problems? What is the reason for your question? Best wishes Grüße Christian -- Roessner-Network-Solutions Bachelor of Science Informatik 50°34.725

Milter makros

= j {daemon_name} v i {client_ptr} {client_connections} Do sure about the "i" as I stll do not understand the letters "j", "v" and "i". Thanks in advance Christian -- Roessner-Network-Solutions Bachelor of Science Informatik 50°34.725'N, 08°40.904

[SOLVED] Re: Milter makros

Hi, > postconf -d milter_connect_macros > milter_connect_macros = j {daemon_name} v okay, got it: milter_connect_macros = j {daemon_name} {client_ptr} {client_connections} v Not sure about the "v" at the _end_ of the line. But it works. Thanks Christian -- Roessner-Network-So

OT: vim syntax files for main.cf _and_ master.cf

, feel free to contact me. If I get some positive feedback, I try contacting the vim team and ask them, if they want to update their existing files with this version. http://www.roessner-network-solutions.com/vim/syntax/ Thanks Christian -- Roessner-Network-Solutions Bachelor of Science Informatik

Re: Intermittent User unknown

rd Server with no postfix config modifications. So you are using OpenDirectory for your user accounts? Maybe this service does have some problems? Christian -- Roessner-Network-Solutions Bachelor of Science Informatik 50°34.725'N, 08°40.904'O, Nahrungsberg 81, 35390 Giessen F: +49

Re: Intermittent User unknown

ile, mapfile.db mtime stuff). Sorry, no more ideas out of the box :-) Christian -- Roessner-Network-Solutions Bachelor of Science Informatik 50°34.725'N, 08°40.904'O, Nahrungsberg 81, 35390 Giessen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network

Re: LDAP schema for Postfix ?

Hi, > Does a Postfix specific (Open)LDAP schema exists ? > or a "mail server specific" ? I have a custom LDAP schema for my whole mail system, including Postfix, Dovecot and OpenDKIM. It is not perfect, but I can give it to you, if you want it. Best wishes Christain --- Roessner-Network-Solut