[pfx] Re: messages passing DMARC are being rejected as failing

as failing CAUTION: This email was sent from an external sender. Do not click links or open attachments unless you recognize the sender and know the content is safe. On 24.07.23 16:03, Gomes, Rich via Postfix-users wrote: >Clarification below: I see no clarification, just added disclai

[pfx] Re: messages passing DMARC are being rejected as failing

Clarification below: From: Gomes, Rich via Postfix-users Sent: Monday, July 24, 2023 11:27 AM To: postfix-users@postfix.org Subject: [pfx] messages passing DMARC are being rejected as failing CAUTION: This email was sent from an external sender. Do not click links or open attachments unless

[pfx] messages passing DMARC are being rejected as failing

Asking the hive mind to see if anyone has seen this behavior. Application server sends reservation emails to postfix server running OpenDKIM, postfix sends directly to O365. Our DMARC policy is in REJECT mode. Messages are signed and the NAT is in our SPF record. Message headers state that the

Which dkim solution?

We have a requirement to sign outbound messages with DKIM keys. I have seen discussions on this list for people using dkim-milter as well as opendkim. dkim-milter hasn't been updated since 2009 while opendkim hasn't been updated since 2015. dkimpy is more actively maintained but hasn't been

INVALID MessageID reporting?

Does anyone have a good way of reporting on this? I see a great deal in the maillog with either an incorrect format (no @ symbol) or just completely blank ( message-id=<>). We would like to be able to do the following: Have a WARN message written to the log so we can report and investigate. I

RE: new install ignores transport file?

file? CAUTION: This email was sent from an external sender. Do not click links or open attachments unless you recognize the sender and know the content is safe. On 8/5/2021 12:07 PM, Gomes, Rich wrote: > Good day > > I have a newly built postfix server which is ignoring it's t

new install ignores transport file?

Good day I have a newly built postfix server which is ignoring it's transport file and is querying DNS for MX records instead. I have googled the issue but only come up with "how to use transport file" articles. The /etc/postfix directory was copied from our Production relay and is working as

RE: ldap lookups timing out?

the sender and know the content is safe. On Thu, Aug 22, 2019 at 05:19:37PM +, Gomes, Rich wrote: > I am seeing a lot of Temporary lookup failure errors in the maillog. > At first I thought it was an issue related to reverse DNS lookups as > each of the sending servers had no rever

ldap lookups timing out?

I am seeing a lot of Temporary lookup failure errors in the maillog. At first I thought it was an issue related to reverse DNS lookups as each of the sending servers had no reverse record in DNS (this is an internal only relay). But when I added verbose logging, it appears to be related to LDAP

RE: dict_ldap_lookup questions

, 2017 2:43 PM To: Postfix users <postfix-users@postfix.org> Subject: Re: dict_ldap_lookup questions > On Feb 10, 2017, at 2:27 PM, Gomes, Rich <gomes-r...@aramark.com> wrote: > > The reason the query is setup like that is we have several internal > domains and a user m

RE: dict_ldap_lookup questions

done | time postmap -q - ldap:/table/file.cf -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Gomes, Rich Sent: Friday, February 10, 2017 2:49 PM To: Postfix users <postfix-users@postfix.org> Subject: RE: dict_ldap_loo

RE: dict_ldap_lookup questions

fix-users@postfix.org> Subject: Re: dict_ldap_lookup questions > On Feb 10, 2017, at 2:27 PM, Gomes, Rich <gomes-r...@aramark.com> wrote: > > The reason the query is setup like that is we have several internal > domains and a user may have an alias for one

RE: dict_ldap_lookup questions

t 1:15 PM, Gomes, Rich <gomes-r...@aramark.com> wrote: > > domain = first.com, second.com, third.com, fourth.com, fifth.com, > sixth.com server_host = pool.internal.domain.com search_base = > dc=internal, dc=domain, dc=com version = 3 > > # Filter > query_filter = (&

RE: dict_ldap_lookup questions

i Sent: Friday, February 10, 2017 12:49 PM To: postfix-users@postfix.org Subject: Re: dict_ldap_lookup questions On Fri, Feb 10, 2017 at 05:37:36PM +0000, Gomes, Rich wrote: > It's going against MS AD, I am sure indexing is configured correctly there. That rather depends on what query you're se

RE: dict_ldap_lookup questions

10, 2017 12:33 PM To: postfix-users@postfix.org Subject: Re: dict_ldap_lookup questions On Fri, Feb 10, 2017 at 05:21:18PM +, Gomes, Rich wrote: > Can you point me in the right direction for indexing? > All I can find is adding this line to the config: > result_attribute = m

RE: dict_ldap_lookup questions

...@postfix.org] On Behalf Of Viktor Dukhovni Sent: Friday, February 10, 2017 12:09 PM To: Postfix users <postfix-users@postfix.org> Subject: Re: dict_ldap_lookup questions > On Feb 10, 2017, at 12:01 PM, Gomes, Rich <gomes-r...@aramark.com> wrote: > > warning: dict_ldap_lookup: Searc

dict_ldap_lookup questions

I've started to see a lot of these errors, albeit intermittently: warning: dict_ldap_lookup: Search error -5: Timed out Followed by these: NOQUEUE: reject: RCPT from unknown[x.x.x.x]: 451 4.3.0 : Temporary lookup failure This server is functioning as an

RE: Using consecutive IPs in a client access file

ve IPs in a client access file On 15 Nov 2016, at 13:07, Gomes, Rich wrote: > Just a quick question since I have not found a way in my Googling. > > We are replacing some of our internal Exchange relays with postfix. > Currently we have other internal postfix relays which utilize

Using consecutive IPs in a client access file

Just a quick question since I have not found a way in my Googling. We are replacing some of our internal Exchange relays with postfix. Currently we have other internal postfix relays which utilize a client access file to allow relaying. The file contains all single IPs, no ranges. The

RE: postfix ignoring access file?

That worked! Thank you! -Original Message- From: Wietse Venema [mailto:wie...@porcupine.org] Sent: Tuesday, May 24, 2016 8:42 AM To: Gomes, Rich <gomes-r...@aramark.com> Cc: Postfix users <postfix-users@postfix.org> Subject: Re: postfix ignoring access file? Gomes, Rich:

RE: postfix ignoring access file?

...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Tuesday, May 24, 2016 6:23 AM To: Postfix users <postfix-users@postfix.org> Subject: Re: postfix ignoring access file? Gomes, Rich: > Please Help > > I have implemented this method but it has ha

RE: postfix ignoring access file?

smtpd restrictions) the issue remains -Original Message- From: Gomes, Rich Sent: Thursday, May 19, 2016 4:10 PM To: Postfix users <postfix-users@postfix.org> Subject: RE: postfix ignoring access file? I like this method. And it's working as expected. Thanks to all -Original Messa

RE: postfix ignoring access file?

ct: Re: postfix ignoring access file? On 19 May 2016, at 13:53, Gomes, Rich wrote: > Ok, this looks close. > > So the reject at the end is the only way to replicate the "if not in > the "allow list", you are not authorized to "relay"? One other way woul

RE: postfix ignoring access file?

, 2016 2:12 PM To: Gomes, Rich <gomes-r...@aramark.com> Subject: RE: postfix ignoring access file? Yup. The 0.0.0.0/0 and ::/0 lines are wildcard addresses (as noted in the example). They match *any* IP address. Thus, as Wietse mentions, you list your valid hosts or subnets first with an OK,

RE: postfix ignoring access file?

tse Venema Sent: Thursday, May 19, 2016 1:51 PM To: Postfix users <postfix-users@postfix.org> Subject: Re: postfix ignoring access file? Gomes, Rich: > Ok, my apologies. It seems some of the answers focused on "it doesn't > work like that" > > What I need is t

RE: postfix ignoring access file?

] On Behalf Of Noel Jones Sent: Thursday, May 19, 2016 1:46 PM To: postfix-users@postfix.org Subject: Re: postfix ignoring access file? On 5/19/2016 11:46 AM, Gomes, Rich wrote: > > What I need is to have any IPs listed in the /etc/postfix/access file > with a directive of "OK" be a

RE: postfix ignoring access file?

@postfix.org Subject: Re: postfix ignoring access file? On 5/19/2016 10:35 AM, Gomes, Rich wrote: > Postfix is the corporate standard so this has been a bit of a learning curve > for me. > I'd like to keep it pretty simple, so there must be a way to have the access > file behave in

RE: postfix ignoring access file?

: Tuesday, May 17, 2016 3:09 PM To: Postfix users <postfix-users@postfix.org> Subject: Re: postfix ignoring access file? On 16 May 2016, at 18:44, Gomes, Rich wrote: > True, but I have always set up Sendmail that way, using the access > file like an allow list. > > > I would lik

RE: postfix ignoring access file?

, 2016 5:40 PM To: postfix-users@postfix.org Subject: RE: postfix ignoring access file? > Date: Monday, May 16, 2016 19:38:56 + > From: "Gomes, Rich" <gomes-r...@aramark.com> > > Thank you. > > My goal is for any IPs in the access file to be allow

RE: postfix ignoring access file?

Yes : ) -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Phil Stracchino Sent: Monday, May 16, 2016 4:44 PM To: postfix-users@postfix.org Subject: Re: postfix ignoring access file? On 05/16/16 14:31, Gomes, Rich wrote: >

RE: Exclude a sub domain from LDAP?

fix-users@postfix.org> Subject: Re: Exclude a sub domain from LDAP? Gomes, Rich: > Thanks > > I am using 2.6.6 so I will use the second method > > What should 'whatever' be in this example > >/etc/postfix/wildcard_relay_recipients: > @idaho.sal

RE: postfix ignoring access file?

] On Behalf Of /dev/rob0 Sent: Monday, May 16, 2016 3:30 PM To: postfix-users@postfix.org Subject: Re: postfix ignoring access file? On Mon, May 16, 2016 at 07:09:46PM +, Gomes, Rich wrote: > So is there a way to have anything NOT in the access file rejected or > will I need some kind o

RE: Exclude a sub domain from LDAP?

by the use of LDAP. -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Monday, May 16, 2016 3:01 PM To: Postfix users <postfix-users@postfix.org> Subject: Re: Exclude a sub domain from LDAP? Gomes, Rich:

RE: postfix ignoring access file?

: Monday, May 16, 2016 3:05 PM To: Gomes, Rich <gomes-r...@aramark.com> Cc: postfix-users@postfix.org Subject: Re: postfix ignoring access file? Gomes, Rich: > I added this to my main.cf file: > > smtpd_client_restrictions = hash:/etc/postfix/access > > > And it "works

RE: postfix ignoring access file?

o: postfix-users@postfix.org Subject: Re: postfix ignoring access file? On Mon, May 16, 2016 at 05:39:12PM +0000, Gomes, Rich wrote: > My postfix servers are configured to read the access file when > connections are made but I have found that machines not in the access > file or even thos

RE: Exclude a sub domain from LDAP?

in LDAP. (but they are on the application server it is being routed to) -Original Message- From: Wietse Venema [mailto:wie...@porcupine.org] Sent: Monday, May 16, 2016 1:57 PM To: Gomes, Rich <gomes-r...@aramark.com> Cc: Postfix users <postfix-users@postfix.org> Subject: Re: E

RE: Exclude a sub domain from LDAP?

To: Postfix users <postfix-users@postfix.org> Subject: Re: Exclude a sub domain from LDAP? Gomes, Rich: > I have postfix performing LDAP verification and it is working out great. > Except... I am running into an issue with a subdomain that should be > excluded from the LDAP veri

postfix ignoring access file?

I have encountered another issue with my postfix config. I was hoping this would be a common issue but I haven't been able to find anything on it. My postfix servers are configured to read the access file when connections are made but I have found that machines not in the access file or even

Exclude a sub domain from LDAP?

I have postfix performing LDAP verification and it is working out great. Except... I am running into an issue with a subdomain that should be excluded from the LDAP verification. It is a sub-domain of one of the domains I am doing lookups on. Is there a way to exclude this specific domain from

Turf all email for domains not listed in transport file

Good day, What is the best way to accomplish the following: We want to block emails bound for the Internet, we have domain based rules already setup in the transport file for our internal domains. But would like email bound for any domains other than those, to go either /dev/null or to a local

RE: ldap validate

...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Gomes, Rich Sent: Tuesday, January 05, 2016 10:28 PM To: postfix users <postfix-users@postfix.org> Subject: RE: ldap validate It's not so much what is missing as there is no in between Smtpd -v just gives so much per trans

RE: ldap validate

ostfix.org Subject: Re: ldap validate On 1/4/2016 3:37 PM, Gomes, Rich wrote: > So I should change the config to use relay domains instead of virtual mailbox? You previously wrote that these domains were defined in relay_domains (which they should be). Don't define domains in more than one add

RE: ldap validate

-us...@postfix.org] On Behalf Of Noel Jones Sent: Tuesday, January 05, 2016 3:04 PM To: postfix-users@postfix.org Subject: Re: ldap validate On 1/5/2016 1:50 PM, Gomes, Rich wrote: > Ok, my bad that does work in fact. > I had shut off smtpd -v in master.cf so I was not seeing the ful

RE: ldap validate

/2016 2:32 PM, Gomes, Rich wrote: > > I'll also need to see if I can filter the logs, smtpd -v gives way too > much while without the -v gives way too little I can't remember the last time I needed verbose logging, even to debug a problem. What is missing from the normal logging

RE: ldap validate

? Or somewhere else? -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Noel Jones Sent: Tuesday, January 05, 2016 2:33 PM To: postfix-users@postfix.org Subject: Re: ldap validate On 1/5/2016 1:22 PM, Gomes, Rich wrote: > Does this im

RE: ldap validate

: Re: ldap validate On 12/30/2015 12:35 PM, Gomes, Rich wrote: > My postfix install is quite vanilla. > Other than inet_interfaces, and the ldap config, I change the following: > > Mydomain > Myorigin > Relayhost > > Carefully study the following, especially the part

RE: ldap validate

Message- From: Gomes, Rich Sent: Monday, January 04, 2016 1:48 PM To: postfix-users@postfix.org Subject: RE: ldap validate I have read over the suggested documentation and I have some questions. But perhaps it would be good to break down my goals here first. First by the postfix\relaying part

RE: ldap validate

Subject: Re: ldap validate On 1/4/2016 3:11 PM, Gomes, Rich wrote: > Ok, I have LDAP working in stream although still have a few bugs. > > I found this article: > > http://www.experts-exchange.com/questions/28251757/How-to-configure-LD > AP-Authentication-for-Incoming

ldap validate

I have a couple of question about LDAP verification. I followed this guide as I am using AD as LDAP source: http://blog.yenlo.com/nl/using-postfix-ldap-search-against-active-directory This works perfectly until I am sending mail to the postfix server, then it accepts the mail and passes with

RE: ldap validate

: Wednesday, December 30, 2015 12:53 PM To: postfix-users@postfix.org Subject: Re: ldap validate On 12/30/2015 11:22 AM, Gomes, Rich wrote: > I have a couple of question about LDAP verification. > > I followed this guide as I am using AD as LDAP source: > > http://blog.yenlo.com/n

RE: ldap validate

, December 30, 2015 1:28 PM To: postfix-users@postfix.org Subject: Re: ldap validate On 12/30/2015 11:56 AM, Gomes, Rich wrote: > Thanks, not using address rewrites > > I am not sure which question you are answering when you listed the following: > > users in local domains defined in

allow by IP?

Good day, I am making the switch from running Sendmail as an internal relay to using Postfix. With Sendmail, I can restrict relaying by IP using the /etc/mail/access file. I cannot seem to find an equivalent of this in Postfix. I have read about using smtpd_client_restrictions =

RE: allow by IP?

Sent: Monday, December 28, 2015 4:21 PM To: postfix-users@postfix.org Subject: Re: allow by IP? On 12/28/2015 3:08 PM, Gomes, Rich wrote: > Good day, > > I am making the switch from running Sendmail as an internal relay to using > Postfix. > With Sendmail, I can restrict relay