--- On Fri, 1/4/13, Wietse Venema wrote:
> From: Wietse Venema
> Subject: Re: TLS Server Key on HSM
> To: "Postfix users"
> Date: Friday, January 4, 2013, 9:12 AM
> Harakiri:
> > Is it possible to not only configure a key (pem) file
> for the
> > se
Is it possible to not only configure a key (pem) file for the server key but
also a location on a secure token ? E.g. somehow set the openssl engine
parameter for postfix instead of using smtpd_tls_key_file?
Is the same possible for client authentication (e.g. sending to a domain which
requires
When trying to sent a mail to -u...@domain.com postfix will complain
warning: Illegal address syntax from host in RCPT command: <-u...@domain.com>
and reject the message with "501 5.1.3 Bad recipient address syntax".
Now can anyone point me to the part in the RFC that prohibits the "-" at the
--- On Mon, 8/20/12, Wietse Venema wrote:
> From: Wietse Venema
> Subject: Re: How to correctly signal postfix to close the session from an TCP
> Table/Policy Service - Connections are kept open for 1min after service
> shutdown
> To: "Postfix users"
> Date: Monday, August 20, 2012, 9:17 AM
--- On Mon, 8/20/12, Wietse Venema wrote:
> From: Wietse Venema
> Subject: Re: How to correctly signal postfix to close the session from an TCP
> Table/Policy Service - Connections are kept open for 1min after service
> shutdown
> You can look at "postconf | grep '= 60'" output and reduce
I have a tcp table and policy service - when i shut these down, i close each
open session and unbind the listener port - for some reason postfix does not
close its client connection to them for about 60sec.
Now, is there a sure way to tell postfix to disconnect from his client session?
Here is
--- On Wed, 8/15/12, Noel Jones wrote:
> From: Noel Jones
> Subject: Re: Transport Maps and TCP Table -> How to realize that postfix
> queries for recipient AND sender ?
> To: postfix-users@postfix.org
> Date: Wednesday, August 15, 2012, 12:26 PM
> On 8/15/2012 10:53
Ive implemented a TCP table which will tell postfix which destination IP should
be used for internal relay.
A TCP Table lookup only works with GET - is it somehow possible to
have all the information provided similar to the check_policy_service ?
E.g. The transport destination should be querie
--- On Tue, 2/21/12, Noel Jones wrote:
> From: Noel Jones
> Subject: Re: check_sender_access only for "outbound" mails e.g. those that
> are in mynetworks
> something like:
>
> # /etc/postfix/mynetworks.cidr
> 127.0.0.0/8 OK {or check_local_sender depending on
> what you want}
> 192.168.0.
--- On Tue, 2/21/12, Wietse Venema wrote:
> From: Wietse Venema
> Subject: Re: check_sender_access only for "outbound" mails e.g. those that
> are in mynetworks
> To: "Postfix users"
> Date: Tuesday, February 21, 2012, 10:47 AM
> Harakiri:
>
I have currently a whitelist which checks inbound recipients against an ldap
using a combination of
relay_recipient_maps = ldap_config...
smtpd_recipient_restrictions = permit_mynetworks ...reject_unlisted_recipient
Now i want to have a similar solution for outbound, only enveloped from
addres
--- On Wed, 5/19/10, Wietse Venema wrote:
> From: Wietse Venema
> Subject: Re: Disable Connection Cache for local filters
> To: "Postfix users"
> Date: Wednesday, May 19, 2010, 7:16 AM
> Harakiri:
> > However, i would like to disable this for local
> fil
--- On Wed, 5/19/10, Michael Tokarev wrote:
> From: Michael Tokarev
> Subject: Re: Using -o
> > postfix complains about an invalid syntax (probably
> due the space between policy server and
> unix:private/policy)
>
> Try using a comma instead of a space there:
>
> -o
> smtpd_end_of_data_re
I can use
smtpd_end_of_data_restrictions=check_policy_service unix:private/policy
just fine in the main.cf. However this has the drawback that i need to
add
-o smtpd_end_of_data_restrictions=
to each filter in the master.cf which should not use the policy service again.
When i try to only set
Does the following
http://www.postfix.org/CONNECTION_CACHE_README.html
apply to : When postfix sents a RSET smtp command, and delivers a new mail
using the same connection ?
I understand that by default it will use smtp_connection_cache_on_demand on a
high queue (what number exactly?).
Howeve
I have postfix relay server, which relays messages from the internet to an
internal mailserver, but it should only expect messages to known internal
recipients.
However, there is one external server which is allowed to sent to users which
are not defined in the recipient maps (i.e. group addre
--- On Tue, 1/19/10, Noel Jones wrote:
> From: Noel Jones
> Subject: Re: Changes in PCRE handling postfix etch vs lenny?
> To: postfix-users@postfix.org
> Date: Tuesday, January 19, 2010, 11:42 AM
> On 1/19/2010 9:57 AM, Harakiri
> wrote:
> >> See the RELEASE_NOTES
--- On Tue, 1/19/10, Wietse Venema wrote:
>
> That is not a valid PCRE file entry, and it has never been
> valid.
>
> Postfix promises compatibility only for behavior that is
> promised
> by documentation. Postfix behavior for invalid inputs is
> subject
> to change without prior warning.
ok
Hi,
after upgrading a machine from etch to lenny i get the following warning
postfix/smtpd[23231]: warning: pcre map /etc/postfix/postfix_rbl_check, line 0:
ignoring unrecognized request
main.cf:
check_client_access pcre:/etc/postfix/postfix_rbl_check
file:
reject_rbl_client zen.spamhaus.or
--- On Fri, 11/27/09, Wietse Venema wrote:
> From: Wietse Venema
> Subject: Re: CMD tool to check if next SMTP hop can use TLS for messages?
> To: "Postfix users"
> Date: Friday, November 27, 2009, 11:14 AM
> Harakiri:
>
> 1) Configure the Pos
--- On Thu, 11/26/09, Victor Duchovni wrote:
> From: Victor Duchovni
> Subject: Re: CMD tool to check if next SMTP hop can use TLS for messages?
> To: postfix-users@postfix.org
> Date: Thursday, November 26, 2009, 3:33 PM
> On Thu, Nov 26, 2009 at 05:02:33AM
> -0800, Harakiri
Hi,
i have a filter which does some things to outgoing mail, now i would like to
check if this mail will possibly sent using TLS (config is, try TLS if
available, if not just sent plain). Is there a tool (except openssl) from
postfix to verify if a message could be sent via TLS to a host? I lik
--- On Wed, 10/28/09, Noel Jones wrote:
>
> The proper solution is to use postfix's built-in recipient
>
> validation. Valid recipients should be listed in the
> proper
> table for the address class of the recipient domain, then
> you
> can reject all unknown recipients with a simple
> "rej
Hi,
my current setup is using check_recipient_access with a SQL table. This works
fine since i can negate the query to return REJECT when a user is not found, if
the user is found, the query returns DUNNO to proceed with addtional checks
(greylisting, rbl), im doing this with a simple sql union
--- On Tue, 10/27/09, Sahil Tandon wrote:
> From: Sahil Tandon
>
> I reject with zen before greylisting.
>
Hi,
thanks for your reply - i had thought about it - but since RBL is an external
service - it takes more time to go through, therefor i used greylisting before
RBL since its a local
Hello,
can a postfix guru please look over my easy configuration? I wanted to create
some very easy antispam defense using only postfix (postgrey).
I created a new smtpd_restriction_classes, which i appended to
smtpd_recipient_restrictions.
my_filtering = check_recipient_access
proxy:pgsql:/e
--- On Mon, 10/26/09, Wietse Venema wrote:
>
> In the section titled SECURITY, there needs to be a note
> that
> proxymap always opens tables with the privileges of the
> "$mail_owner"
> UID and GID.
>
> Wietse
Thanks, is there a particular reason why postfix itself can read config from
Im using proxymap for an sql recipient check query, however when the file
doesnt have postfix permission - the following error occurs
postfix/proxymap[12724]: fatal: open /etc/mydir/recipient_check
whats weird is, all other config files like postfix_mynetworks
postfix_relaydomains which have th
Hi,
the documentation wasnt clear about this. Is it possible to use multiple
check_client_access in smtpd_recipient_restrictions?
i.e (example).
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_client_access pcre:/etc/postfix/rbl_checks
check_client_access
--- On Wed, 6/10/09, Ralf Hildebrandt wrote:
> From: Ralf Hildebrandt
> Subject: Re: reject_rbl_client config in map file?
> To: postfix-users@postfix.org
> Date: Wednesday, June 10, 2009, 6:45 AM
> * Harakiri :
> >
> > Is it possible to specify the blackhole serv
Is it possible to specify the blackhole servers in a separate file? I only
found the option, that you specify reject_rbl_client in the main.cf multiple
times. My problem is that i have a cluster of postfix servers and settings like
transport map and relay domains are all in a seperate file whic
--- On Mon, 5/4/09, Victor Duchovni wrote:
> From: Victor Duchovni
> Subject: Re: Generate temporary error for ldap relay_recipient_maps for
> network outages
> To: postfix-users@postfix.org
> Date: Monday, May 4, 2009, 2:38 PM
> On Mon, May 04, 2009 at 09:24:28AM -07
--- On Mon, 5/4/09, lst_ho...@kwsoft.de wrote:
> From: lst_ho...@kwsoft.de
> Subject: Re: Generate temporary error for ldap relay_recipient_maps for
> network outages
> To: postfix-users@postfix.org
> Date: Monday, May 4, 2009, 11:36 AM
> Zitat von Harakiri :
>
>
Hi,
im testing relay_recipient_maps with ldap. The problem is, what happends when
there is a network issue between the ldap and postfix server? What id like is
when there is an error quering the ldap, that postfix should either only
temporary refuse the message or allow it anyway.
I read abou
--- On Thu, 2/26/09, Wietse Venema wrote:
> From: Wietse Venema
> Subject: Re: exclude one domain from reject_unknown_sender_domain
> Why do people expect that OTHER mail servers will not
> reject
> mail with a bogus sender domain?
i dont expect it, i have control over the internal mail so
Hi,
i have one specific sender domain which should be allowed to sent over postfix
servers, however this domain is not registered as MX or DNS.
Is there a way to exclude this domain from the reject_unknown_sender_domain
check? Maybe a whitelist for this setting or add the domain in the /etc/ho
--- On Mon, 2/16/09, Wietse Venema wrote:
>
> There are plenty platforms where the on-disk format of
> Berkeley DB
> database files is stable across many operating system
> releases.
>
> Wietse
that seems correct - i cant verify the issue of the OP - i created a transport
map db in e
--- On Mon, 2/16/09, Ralf Hildebrandt wrote:
> From: Ralf Hildebrandt
> Subject: Re: postmap changed between 2.3.8 and 2.5.5
> To: postfix-users@postfix.org
> Date: Monday, February 16, 2009, 8:00 AM
> * richard lucassen :
>
> > > So it's a Debian bug (maps need to be
> rebuilt). Or you could
38 matches
Mail list logo