Postfix: SASL authentication failure

ynetworks, reject_unauth_destination I would be really thankful if someone could point out the misstakes I have done, or point me to the right direction. Thanks! -- Jonathan Sélea

Re: Postfix: SASL authentication failure

saslauthd -d did not print the socket in use sadly. ss - I only found one socket being in use - /var/run/saslauthd I wonder, should a symlink from /var/run/saslauthd to /var/spool/postfix/var/run/saslauthd ? Thank you -- Jonathan Sélea Fingerprint: 4AF2 10DE 996B 673C 0FD8 AFA0 8B35 B3C8 94B9 64DD

Re: Postfix: SASL authentication failure

ank you for pointing me to the right direction! -- Jonathan Sélea Website: https://jonathanselea.se PGP Key: 0x8B35B3C894B964DD Fingerprint: 4AF2 10DE 996B 673C 0FD8 AFA0 8B35 B3C8 94B9 64DD On 2021-05-10 12:58, Jonathan Sélea wrote: May 10 09:17:42 smtp01 postfix/smtpd[21033]: warning: SASL

Emails sent as an authenticated user does not route throu amavis

ject = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination I am currently at loss why this happend, and I am having trouble parsing throu the documentation to find why this happend. Could someone point me in the right direction? Thankful for any help! -

TLS-RPT milter for postfix?

Hi everyone, Hopefully this question is relevant for this mailing-list.. Does anyknow know of a TLS-RPT milter for postfix that can generate and send reports, kinda like what you can do with OpenDMARC? Thanks in advance -- Jonathan Sélea

Re: TLS-RPT reporting for postfix?

Hi, Thank you for your prompt reply! I got the terminology mixed up, ofcourse milters are for incoming emails :) But well, hopefully someone lurking here knows a solution. -- Jonathan Sélea On 2022-07-21 20:33, Viktor Dukhovni wrote: On Thu, Jul 21, 2022 at 08:26:37PM +0200, Jonathan Sélea

Accept all emails sent to *.example.com

Hi, Is there a way to configure postfix to accept all emails sent to *.example.com? For example. I want the postfix-server to accept emails sent to t...@oahfoaoga.example.com aswell as test...@example.com and h...@bye.example.com. Is this doable in Postix? -- Jonathan

Re: Accept all emails sent to *.example.com

All recipients[1], or only "valid" recipients[2]?? [1] Makes sense if the mail is NOT delivered. Examples of that are spamtraps or honeypots. Yes, that is the case here - honeypots/spamtraps. [2] Requires that the Postfix SMTP server can figure out what addresses are valid. Otherwise, yo

Re: Accept all emails sent to *.example.com

lso Victor who came with a great answer - as always. This seems indeed to work as it should. -- Jonathan Sélea

Re: How to setup the secondary MX server

Here you go: <https://www.howtoforge.com/postfix_backup_mx> The first result on Google ;) -- Jonathan Sélea Website: https://jonathanselea.se PGP Key: 0x8B35B3C894B964DD Fingerprint: 4AF2 10DE 996B 673C 0FD8 AFA0 8B35 B3C8 94B9 64DD On Wed, Sep 14 2022 at 07:10:57 PM +0800, Henri

Re: How to setup the secondary MX server

This is a perfect example of why NOT to use Google for your first resort in asking questions! The linked howto is very bad, and it will make your new secondary MX host a spam magnet. You are absolutely correct. I wrongly assumed that antispam/antivirus measures was something that everyone imp

Regarding ciphers

Hi, I did struggle alot to understand and deploy a secure cipher list that https://hardenize.com and https://ssl-tool.net would not complain on, so I came up with this: smtpd_tls_protocols = !SSLv2 !SSLv3 smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 smtp_tls_protocols = !SSLv2 !SSLv3 smtp_tl

Re: Regarding ciphers

about PGP/GPG. I already use s/MIME as you probably can see in email clients like Thunderbird, Outlook and Evolution. /J On 11/23/2017 02:15 PM, Dirk Stöcker wrote: On Thu, 23 Nov 2017, Jonathan Sélea wrote: I did struggle alot to understand and deploy a secure cipher list that

Re: Regarding ciphers

Thanks you very much! Very informative! On 2017-11-23 16:03, Mel Pilgrim wrote: > On 2017-11-23 01:30, Jonathan Sélea wrote: >> Hi, >> >> I did struggle alot to understand and deploy a secure cipher list that >> https://hardenize.com and https://ssl-tool.net would no

Re: recommend TLS settings

Hi, I recently stumbled upon hardinze too, and came up with this config that makes the checks "all green". smtpd_tls_protocols = !SSLv2 !SSLv3 smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 smtp_tls_protocols = !SSLv2 !SSLv3 smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 lmtp_tls_protocols = !SSL

Re: recommend TLS settings

"hardenize" is made by "encryption zealots" (I like that name btw) that "does not understand who don't understand opportunistic TLS". Thanks again Viktor On 12/04/2017 03:24 PM, Viktor Dukhovni wrote: On Dec 4, 2017, at 8:22 AM, Jonathan Sélea wrote: I

Postfix BIMI support?

Recently stumpled upon BIMI; https://authindicators.github.io/rfc-brand-indicators-for-message-identification/#rfc.section.3 What is your view on it? I think that BIMI is more a cosmetic thing rather than something that prevent spoofing. Is there any plans to implement support for it in postf

Best practice when setting up a mail relay

Good evening, I am in the process of setting up a smtp-relay for a hosting provider. Basically, the relay should relay emails from hundreds of servers out to the net. I do want some "protection" against if a website is hacked and starts to spew out thousands of emails. For example: www.siteA.xyz

Re: Best practice when setting up a mail relay

Thanks both of you, and Glenn English that answered my first email. I will consider postfw, it looks like it suit me needs at the moment :) I currently use mailscanner - it works OK but that functionality I just asked for is missing in that package. I have never thought about having a fallback se

Re: Setup SquirreMail with Virtual Host

I recommend you post this in the "Apache users" list instead. On 2018-01-18 21:33, Rodrigo Cunha wrote: > Dear, i have a problem in config vhost squirremail. > I'm following the steps in the tutorial > [http://www.100security.com.br/postfix-squirrelmail-outlook/ >

MTA-STS when?

Hi Hopefully, I am not one of several who already has asked this question before, but here it goes: When does postfix plans to implement MTA-STS? Big providers (Google, Yahoo, Comcast and soon Microsoft) has already implemented it and ofcourse - it would be nice if postfix could support it too, 

Re: MTA-STS when?

>> [...]. One can of course automate periodic SMTP TLS policy >> updates from the STS URIs of a handful of providers, and let the >> usual outbound TLS policy take care of the rest: >> >>http://www.postfix.org/TLS_README.html#client_tls_policy > I'm much in favor of reusing the Postfix SMTP

Re: MTA-STS when?

> Likely some time this year, but it is not entirely trivial, because > the spec requires a first successful delivery to "activate" the policy, > and expedited policy cache refresh on delivery failure. Therefore, > there would need to be some sort of new feedback mechanism at delivery > completio

Re: MTA-STS when?

> Thanks. Note that "by manual" I mean not-based on the missing STS support, > but still based on their published STS policy which you can map to a Postfix > TLS policy via a cron job that updates the data once a week or so. > Fair enough :) Looking forward to it! -- Jonathan signature.asc

Question regardin postfix. postfwd and spam

01 client_name==unknown action=rate(client_address/50/300/450 4.7.1 only 5 recipients per 5 minutes allowed) id=RBL_002 HIT_dnsbls>=2 action=554 5.7.1 blocked using $$HIT_dnsbls dnsbls, INFO: [$$DSBL_text] I hope that you understand what I mean! :) -- Jonathan

Re: Change "Return-Path" header on relayed mails

Just bumping this :)On ons, 2018-08-22 at 14:34 +, jonat...@selea.se wrote: > > Some background: > We have an Exchange 2013 server that do not seems capable of setting > a Return-Path header when a user has Autoreply on. > For example, I am mailing "u...@company.com" and that user has an > Aut

Re: DMARC report analyzer - Open Source solution

Hi, I use the following: <https://github.com/techsneeze/dmarcts-report-parser> Together with: <https://github.com/techsneeze/dmarcts-report-viewer> It is not the best looking tool but it does the job :) Jonathan Sélea PGP Key: 0x8B35B3C894B964DD Fingerprint: 4AF2 10DE 996B 673

Postfix - Check SPF for outgoing email

tures, but this would be only one of them and could probably save us from blacklisting in some cases. Thankful for your answers! -- Jonathan Sélea PGP Key: 0x8B35B3C894B964DD Fingerprint: 4AF2 10DE 996B 673C 0FD8 AFA0 8B35 B3C8 94B9 64DD

[P-U] Re: The joke writes itself.

I cant agree more.I personally, would appropriate changing the "P-U" subject // Jonathan On Mar 9, 2023 22:47, Peter via Postfix-users wrote:On 10/03/23 10:04, Dan Mahoney via Postfix-users wrote: > I know that P-U stands for postfix users.  I get it that a short subject tag was desired, but woul