Re: Rough postscreen policy design

On Mon, Sep 19, 2016 at 7:19 PM, Wietse Venema wrote: > What you are asking for requires either that a test happens for > every connection, or the ability to store configuration overrides > in the postscreen cache. The first is not a good idea, and the > latter just adds

Re: Rough postscreen policy design

That is great! Can you consider override smtpd_service_name based on the reply ? This would allow to have different smtpd profiles depending on some criteria defined in the policy daemon . Thanks, José Borges Ferreira On Sun, Sep 18, 2016 at 2:40 AM, Wietse Venema wrote:

Re: A transport maps dilema

You allmost got it. Transport_map is used to override the default transport and the ones you don't want to override just left out. Just take the * and that should work as you intended. José Borges Ferreira On Dec 21, 2014 12:55 PM, Istvan Prosinger ist...@prosinger.net wrote: Hello, Is it

Re: DMARC and AOL

Hi all, You must fully understand the implications of having a DMARC policy other that p=none. The use of DMARC protected domains in Mailling lists like this may have undesired effects. This is a generic warning. That said , to fully understand the problem you must provide more details, namely

DANE status in logfile

=127.0.0.1[127.0.0.1]:10026, delay=0.28, delays=0.12/0/0.04/0.12, dsn=2.0.0, tls=Verified status=sent (250 OK) Jose Borges Ferreira

Re: DANE status in logfile

On Wed, Dec 10, 2014 at 5:28 PM, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Wed, Dec 10, 2014 at 05:04:57PM +, Jose Borges Ferreira wrote: The problem, for me, is to correlate the smtp proc id with the message. Is it possible to have a extra key=value pair in the final smtp log

Re: Bounce Message

and that will only include the headers Jose Borges Ferreira

Postfix bounces

Hi, I'm looking deeper into bounce handling in Postfix and cam across 2 issues: 1) The default From: header, MAILER-DAEMON (Mail Delivery System), is not RFC valid. It can change, though. in ubuntu install the postfix-doc package, then cat

Re: Postfix bounces

On Wed, Dec 3, 2014 at 12:28 PM, Wietse Venema wie...@porcupine.org wrote: Jose Borges Ferreira: Hi, I'm looking deeper into bounce handling in Postfix and cam across 2 issues: 1) The default From: header, MAILER-DAEMON (Mail Delivery System), is not RFC valid. YOU create a non

Re: Postfix bounces

On Wed, Dec 3, 2014 at 1:51 PM, Wietse Venema wie...@porcupine.org wrote: Jose Borges Ferreira: This is the scenario. Box 1 : just receive email from outside - inbound flow. Box 2 : used to sent email to the outside - oubound flow. Inbound MTA: primary MX for your domain(s). If mail can't

Re: Documentation update: Milter signing bounces

On Sun, Nov 30, 2014 at 9:00 PM, Wietse Venema wie...@porcupine.org wrote: I have added this text at the end of Non-SMTPD Milter applications: Wietse Signing internally-generated bounce messages Postfix normally does not apply content filters to mail that is forwarded or aliased

Milter signing bounces

Hi, I'm returning with this issue* but I consider it starting to have bad side effects. Yesterday on the dmarc-ietf list on a subject of bounce emails, Franck Martin stated that .It is notoriously known that postfix cannot DKIM sign the messages it generates(MDN). and he send the link to Postfix

Re: Milter signing bounces

On Fri, Nov 28, 2014 at 2:13 PM, Wietse Venema wie...@porcupine.org wrote: Can you in a few words explain what the difference is, without asking the reader to dig into other mailing list messages? Hi, I just reference the other lists for full context and quoted the relevant parts. I'm just

Re: Milter signing bounces

On Fri, Nov 28, 2014 at 4:30 PM, li...@rhsoft.net li...@rhsoft.net wrote: I'm just pointing that the Milter documentation*, quote: Postfix currently does not apply content filters to mail that is forwarded or aliased internally, or to mail that is generated internally such as bounces or

Re: postscreen deep protocol tests and Amazon timeouts

On Mon, Sep 15, 2014 at 10:24 PM, Wietse Venema wie...@porcupine.org wrote: When you follow the include: directives you get lists of net/mask forms that are easy to convert to postscreen. $ host -t txt spf1.amazon.com | tr ' ' '\12' | sed -n '/^ip.:/{ s/^ip.:\(.*\)/\1 permit/

Re: R: Sender transport settings not override default transport

On Fri, Jul 18, 2014 at 5:05 PM, i...@itrezero.it wrote: So my last questioni is: can I choose smtp transport based on user used for smtpd authentication? Have you tried to use check_sasl_access table and return a FILTER smtp1:. You will need Postfix version 2.11 or later.

Re: Opportunistic TLS vs. plain

On Sat, Jun 21, 2014 at 12:21 PM, li...@rhsoft.net li...@rhsoft.net wrote: Am 21.06.2014 13:11, schrieb Stefan Foerster: our current situation is as follows: 1. Public MX, very low incoming volume, smtpd_tls_security_level = may 2. Senders aren't known beforehand, i.e. no previous business

Re: Opportunistic TLS vs. plain

On Sat, Jun 21, 2014 at 12:45 PM, Stefan Foerster cite+postfix-us...@incertum.net wrote: While I certainly share your view on this - though I would have worded it less strongly - my question still stands: Does anyone have real world data to share (e.g. we disabled ciphers X, Y and Z and then N

Re: New pipeline: lookup table

On Wed, Jun 18, 2014 at 10:15 PM, Wietse Venema wie...@porcupine.org wrote: Each pipeline: query is given to the first table. Each table lookup result becomes the query for the next table in the pipeline, and the last table produces the final result. When any table lookup produces no result,

Re: New pipeline: lookup table

On Sat, Jun 21, 2014 at 1:47 PM, Wietse Venema wie...@porcupine.org wrote: Jose Borges Ferreira: Can you consider a similar behavior to allow caching. Something like: if ( value = get_table1 () ) { return value } else { value = get_table2(); set_table1(value,ttl

Re: implementing per recipient size limit

On Wed, Jun 18, 2014 at 10:36 AM, mailing lists listas.cor...@yahoo.es wrote: Hello all I'm trying to limit big mails to local lists using postfix+postfwd but I must be missing something because it seems too complex to me. Mail size is available in END-OF-MESSAGE (E-O-M) so I do size checks

Re: Multiple Targets on transport map

On Wed, Jun 18, 2014 at 2:30 AM, Joey J jacklistm...@gmail.com wrote: We have 2 gateway servers in multiple locations so that we have redundancy and of course corresponding mx records pointing to both. This handles if GW1 fails, go to GW2 Now once at a GW the transport map handles the routing

message_size_limit weirdness

Hi! I've setup a Postfix like this, having on the submission port a bigger value than the message_size_limit specified in main.cf main.cf message_size_limit = 1000 master.cf smtp inet n - n - - smtpd submission inet n - n - - smtpd

Re: Postfix still sending bounces

On Tue, Nov 5, 2013 at 4:43 AM, LuKreme krem...@kreme.com wrote: Normally, bouncing undeliverable messages is the proper behavior for a good netizen. *NEVER* Bounce. Ever. Reject, yes. Bounce? Absolutely never. If you bounce a message to me, you get put on the deepest darkest shitlist

Re: List attributes sends in a delegated SMTPD access policy request

On Tue, Nov 5, 2013 at 7:55 AM, Nathan Schultheiss nat...@schultheiss.fr wrote: Hello All, By spawn I've a script that checks several parameters before accepting an SMTP email. I found the list of variables here http://www.cs.ait.ac.th/~on/postfix/SMTPD_POLICY_README.html But I would

Re: Postfix still sending bounces

On Tue, Nov 5, 2013 at 11:29 AM, Mark Goodge m...@good-stuff.co.uk wrote: if a server is sending bounces instead reject messages it is wrong configured Indeed. But there are circumstances where a reject isn't possible. In those cases, the choice is between drop or bounce. And bounce is the

Re: Postfix still sending bounces

On Tue, Nov 5, 2013 at 6:01 PM, Vijay Rajah m...@rvijay.me wrote: How do I configure postfix to drop the mail rather than reject? Is it configurable? I have already configured my servers to REJECT all mails not-intended to my domains and non-exsistant users and I do not accept mails from

Re: Error in milter documentation

On Mon, Oct 21, 2013 at 4:40 PM, Wietse Venema wie...@porcupine.org wrote: I don't have time for that full analysis, but it looks like internal_mail_filter_classes=bounce can be safe (more on that at the end of this email). So, can I assume that is safe as long as the Milter server don't block

Error in milter documentation

Following the thread sign auto-reply vacation with OpenDKIM , I read the MILTER_README where it's stated : Postfix currently does not apply content filters to mail that is forwarded or aliased internally, or to mail that is generated internally such as bounces or Postmaster notifications. This

Re: sign auto-reply vacation with OpenDKIM

On Sat, Oct 19, 2013 at 1:10 PM, Alexandre Ellert aell...@numeezy.comwrote: ** My final goal is to have all kind of outbound mails signed by DKIM, including bounce, auto-reply... And then announce a reject DMARC policy in DNS I already have some kind of separation for inbound/outbound but

Re: Error in milter documentation

On Sun, Oct 20, 2013 at 1:39 PM, Wietse Venema wie...@porcupine.org wrote: Jose Borges Ferreira: Following the thread sign auto-reply vacation with OpenDKIM , I read the MILTER_README where it's stated : Postfix currently does not apply content filters to mail that is forwarded

Re: Error in milter documentation

On 10/20/2013 03:21 PM, Wietse Venema wrote: That is the wrong question. The right question when enabling a feature is **will this feature be safe to use**. I will give one example of why it is not safe: Postfix accepts mail into the queue and then bounces it later. When this bounce is blocked by

Re: Outbound routing decision based on inbound smtpd process

On Thu, Oct 17, 2013 at 8:45 PM, Roel Bouwman r...@qsp.nl wrote: @Jose: thanks for the suggestion, but sender_dependent transport maps are not a solution here. As in this case, it's not the sender address, but the inbound service to which the message was submitted that should determine how

Re: Outbound routing decision based on inbound smtpd process

On Fri, Oct 18, 2013 at 3:04 PM, Viktor Dukhovni postfix-us...@dukhovni.org wrote: If this is the case do a header_check with a regex and then respond a FILTER transport:. That's silly, a -o content_filter=transport: in master.cf is simpler and much more robust. The goal is after all

Re: Outbound routing decision based on inbound smtpd process

On Oct 17, 2013 4:59 PM, Roel Bouwman r...@qsp.nl wrote: Hello, I've been trying to simplify our multi-instance Postfix setup, however, I'm wondering whether it's actually possible. So I was wondering if anyone could tell me whether my idea is futile or could actually work. Let me

Re: dkimproxy signing

Amavis looks at mail coming in from the internet on port 25 so I use it to verify, It isn't in the pipeline for mail going out though. I looked at that option first and decided against it for that reason. I'll look again. Maybe it can be told what parts of itself to use depending on source and

Re: greylisting generates error email?

On Aug 20, 2013 8:03 AM, Erwan David er...@rail.eu.org wrote: On Tue, Aug 20, 2013 at 05:58:44AM CEST, LuKreme krem...@kreme.com said: . http://www.spamhaus.org/zen/ zen blocks these categories: SBL Direct UBE sources, spam operations spam services CSS Direct snowshoe spam

Re: Question about supporting EAI in postfix

After reading this email i was under the impression that Postfix wont deal with UTF8 email addresses and made the test to check it out. Test was made with Postfix Version: 2.9.3-2~12.04.4 ( default config included in Ubuntu server 12.04) 220 lab10.anubis.via ESMTP Postfix (Ubuntu) HELO lab16 250

Re: Postfix used as End to End and relaying to external SMTP server based on FROM address (possible?)

Acording to this : smtp_sasl_password_maps (empty) Optional Postfix SMTP client lookup tables with one username:password entry per remote hostname or domain, or sender address when sender-dependent authentication is enabled.