[pfx] Re: gmail failing SPF/DKIM

are valid. If you are using a contact form, the From: address is typically munged to be the user filling out the form. -- Forwarded message ------ From: Matthew McGehrin To: Matthew McGehrin Cc: Bcc: Date: Tue, 28 Nov 2023 20:25:24 -0600 Subject: Testing to Gmail Test : host

[pfx] Re: No Permissions To TLS Certificates

On 12/10/2023 23:19, Wietse Venema via Postfix-users wrote: If the 'find' command cannot enumerate mode 755 directories, then this is no longer a problem that receives Postfix support. Turning off SeLinux is easy. Wietse Thanks for getting back to me. Yes, turning off SELinux is eas

[pfx] Re: smtpd rate limiting

I might had used the wrong terminology. I was mainly referencing delayed email that occurs with Grey listing. Most of the delay email for me is either Google or Yahoo. Matthew On 9/29/2023 7:40 PM, Wietse Venema via Postfix-users wrote: Matthew McGehrin via Postfix-users: Hi Kevin. If the

[pfx] Re: smtpd rate limiting

1800. IE: flush unix  n   -   n   1800?   0   flush Thank you. Matthew On 9/29/2023 9:34 AM, Wietse Venema via Postfix-users wrote: Wietse Venema via Postfix-users: Kevin Cousin via Postfix-users: Greetings List, We recently had an issue and the active queue was full and

[pfx] Re: postfix/postmap TLS To MariaDB/MySQL Backend

Thanks Étienne, So what's the difference between a MAriaDB Client file and the various "tls_" settings in the connection.cf file (ie see MYSQL_TABLE(5):https://www.postfix.org/mysql_table.5.html )? Hi! From MariaDB 10.5.2, the require_secure_transport system variable is available. When s

[pfx] postfix/postmap TLS To MariaDB/MySQL Backend

Hi All, Got a funny one: Using Postfix 3.8.1 connecting to a MariaDB backend - everything is working AOK. I can get the correct response when I do a `postmap -q my_example.com mysql:/etc/postfix/virtual_domains.cf` - as I said, everything is working AOK. However, when I turn on 1-way TLS

[pfx] Re: Anyone using SMTP relay through dnsexit.com?

Hello. Some alternatives might be to use one of the commercial bulk mail providers such as: Sendgrid AmazonSES MailGun I use mailersend.com for transactional emails for Reverse.net. Other options include buying a $5 KVM and self hosting a public relay for outbound only. Matthew On 6

[pfx] Re: delivery loop?

Yahoo has multiple server weight 1 servers providing redunancy. yahoo.com mail is handled by 1 mta6.am0.yahoodns.net. yahoo.com mail is handled by 1 mta5.am0.yahoodns.net. yahoo.com mail is handled by 1 mta7.am0.yahoodns.net Thanks Matthew On 5/22/2023 6:53 PM, Tom Reed via Postfix-users wrote

[pfx] Re: Painful Postfix

Hello. You can try adding to your main.conf: tcp_windowsize=65535 See also: https://www.postfix.org/postconf.5.html That can help fixing broken window sizes because of a firewall. Thanks Matthew On 4/30/2023 12:35 AM, Kolusion K via Postfix-users wrote: Hello again My e-mail server is

[pfx] Re: Painful Postfix

Hello. Could you post a copy of the logs that you are seeing for this mail delay? What was the reject code? Thanks Matthew On 4/29/2023 5:40 AM, Kolusion K via Postfix-users wrote: Hello I am having a painful experience with Postfix and I hope that someone can help me.  I am trying to

[P-U] Re: New List Host and Reply-to Header

Hi Peter. The Reply-To has always been the original poster for 10+ years. No sense changing it now. :) Matthew On 3/9/2023 1:08 PM, Peter via Postfix-users wrote: On 10/03/23 07:34, postfix--- via Postfix-users wrote: Is it the best idea to add a reply-to header to the author on mailing

[P-U] Re: Poster Name not visible in Thunderbird

Hello. I found the issue. It seems I had the list address saved as a contact, so Thunderbird was displaying Postfix Users. I removed the contact and it's displaying the poster name. See screenshot. Thank you. MatthewM ___ Postfix-users mailing lis

[P-U] Poster Name not visible in Thunderbird

Hello. Sadly, when viewing this list in Thunderbird, it only displays "Postfix Users" as the From address, versus showing the posters name. I tend to ignore posters I don't recognize, and now i need to open each post to see who replied. Any workarounds in Thunderbird to override this behavi

Re: nmap says there's vulnerability with Diffie-Hellman settings

-GCM-SHA256 - 0x00,0x9F DHE-RSA-AES256-GCM-SHA384 Matthew On 1/7/2023 2:38 AM, Sam wrote: Hello everyone when I run `nmap --script vuln example.com` against a server I manage, I get the following vulnerability on my server on both ports 465 and 587. The only solutions I found are for legacy

Re: run script on new connection?

might consider using fetchmail to isolate your SMTP server. Then you could internally route your email using Postfix, without it being publicly accessible. You would just need an external 3rd party for your primary MX, such as a $5 VPS. Thank you. Matthew On 12/26/2022 4:18 PM, mats wrote

Re: outlook blocks email from private mailserver

Hello. If the IP is one that you manage, you can submit a de-listing request with Microsoft. However, this process might take 3-5 business days to complete. See: https://sender.office.com/ They usually ask for the a copy of the bounced reply. Otherwise, you might need to use a commercial s

Re: gradual shift of traffic

se: > >default_transport = > randmap:{smtp:old.example, smtp:old.example, smtp:new.example} > >Pick how many old versus new you need. Out of interest, how does this behave if one of the servers is temporarily unreachable? Would Postfix try another server immediately, or defer the message until the next try? -- Best wishes, Matthew

Re: TLS ciphers

ansmitted unencrypted. You are, of course, probably correct that such systems should have been retired some time ago... -- Best wishes, Matthew

Re: AUTH rate limit

ng. > >My guess would be >http://www.postfix.org/postconf.5.html#smtpd_client_auth_rate_limit What might be useful would be a setting which rate limits clients based on the number of FAILED AUTH requests made, probably over a long period of time. I don't see one, but may be missing something... -- Best wishes, Matthew

Re: Enforced TLS with Opportunistic DANE

On Thu, 27 May 2021 13:07:39 -0400, Viktor Dukhovni wrote:- >On Thu, May 27, 2021 at 05:42:34PM +0100, Matthew Richardson wrote: > >> and I am wanting to enhance this for certain specific domains to >> require mandatory encryption, without neutering DANE if present. >> Th

Re: Enforced TLS with Opportunistic DANE

Dear Viktor, Thank you for your (as usual!) most helpful response below, which was much appreciated. On Thu, 27 May 2021 11:57:41 -0400, Viktor Dukhovni wrote:- >On Thu, May 27, 2021 at 04:48:15PM +0100, Matthew Richardson wrote: > >> I am trying to work out the correct incantation

Enforced TLS with Opportunistic DANE

_maps". The question is whether to select "encrypt" or "dane". The problem (if I am reading it correctly!) is that "dane" falls back only to "may" if there are no TLSA records. Any advice would be most welcome... With many thanks. Best wishes, Matthew

Re: passing mail through postfix/spamassassin system

Your Postfix instance will use normal MX delivery for all messages EXEPT for the 3 domain?.zzz listed above. > >Thanks for any direction you may have! > >Phil Best wishes, Matthew

needing to set proxy_read_maps?

Hi everyone, We're running multi-instance postfix 3.1.15 and we want to rewrite message headers via LDAP tables using smtp generic (so that it happens after transport selection). Our transport table has: domain1.invalid affiliate:[external1.invalid] And master.cf has: affiliate

Re: Trying to add custom header to messages from a given cloud provider

Hi Viktor, On Mon, Dec 21, 2020 at 11:20:30PM -0500, Viktor Dukhovni wrote: > On Tue, Dec 22, 2020 at 03:23:56AM +0000, Matthew Selsky wrote: > > > cidr = cidr:${config_directory}/ > > smtpd_recipient_restrictions = > > reject_non_fqdn_recipient > > r

Re: Trying to add custom header to messages from a given cloud provider

Hi Viktor! On Mon, Dec 21, 2020 at 07:52:49PM -0500, Viktor Dukhovni wrote: > On Tue, Dec 22, 2020 at 12:27:13AM +0000, Matthew Selsky wrote: > > > I'm using multi-instance postfix and I want to relay messages from a > > given CIDR block at a cloud provider, and I want to

Trying to add custom header to messages from a given cloud provider

Hi all, I'm using multi-instance postfix and I want to relay messages from a given CIDR block at a cloud provider, and I want to add a custom header. I have this in main.cf: cidr = cidr:${config_directory}/ smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient

RE: how do I pass thru incomplete destination email addr to relayhost for 'To' rewrite?

> Why send mail as user@myhostname, when the named host will never > ever receive email? Because I need to retain FROM what host it originated. If I see an email from root@domain I have no idea which host it came from. The emails are cron scripts and the like, not user-generated email. If 'orig

how do I pass thru incomplete destination email addr to relayhost for 'To' rewrite?

On a regular sending host I have set 'myhostname' (because logical hostname differs from the system-level nee AWS autogenerated hostname), 'myorigin=$myhostname' (Postfix default) and 'relayhost=[1.2.3.4]' but 'mydestination' does NOT include $myhostname. I want the relayhost to be the sole rep

RE: Advice: NFS, hardware, SATA vs SAS etc

> > > Yes. Do any Postfix administrators with busy systems rely on NFS? > > That seems like a really bad idea, honestly. > > So NFS is a poor, outdated choice for mail storage in 2020 for a small/medium > enterprise? The problem is one of data consistency and locking. Running a farm of IMAP serve

Re: Reject Chinese mail

this data is combined with a route-dump of the default free zone, as seen from AS12859.E, ARIN, APNIC, LACNIC and AFRINIC regions and this data is combined with a route-dump of the default free zone, as seen from AS12859. Thanks, Matthew On 11/20/2019 10:51 PM, merr...@fn.de wrote: We did

RE: Postfix log

Hi Enrico, I can't speak for why postscript behaviour has changed, but this is a known issue for other applications that hold a file open across time instead of opening it to write / closing it after write. Logrotate allows you to put in a postrotate / endscript sequence that can be used to mak

RE: custom mail forwarder/relay program?

> On 7/1/2019 10:19 AM, Patton, Matthew [Contractor] wrote: > > I need a way for Postfix to listen to SMTP (think smarthost) and then > > re-send > all emails via HTTP POST operation. Is the correct way to tackle this (aside > from > Maybe if you explain your base probl

custom mail forwarder/relay program?

I need a way for Postfix to listen to SMTP (think smarthost) and then re-send all emails via HTTP POST operation. Is the correct way to tackle this (aside from telling them to go to hell) a transport definition using Pipe(8)? I've never done this before and it doesn't appear to be a very common

Re: Semi-OT: Getting blacklisted by hotmail/Google again and again

/lookup?search=37.120.172.118 37.120.172.166 mail.digi-media-net.de    Yes    0.0    1.7 No    Poor You might need to use one of the commercial providers, such as Amazon or Sendgrid, to send your outbound emails, since the large providers will not block them as easily. Matthew

Re: TLS client certificates and auth external

> On Jan 8, 2019, at 5:17 PM, Bastian Schmidt <[hidden email]> wrote: > > I have an email client (K-9 on Android), which, when using TLS client > certificates insists on sending an auth external. However, postfix/SASL > does not advertise external auth, which causes the client to not being > able

RE: SMTP_HELO_NAME can cause Blacklist triggers

> > On 06.02.19 02:42, Patton, Matthew [Contractor] wrote: > >>>> I learned the hard way that if you don't set $myhostname to a FQDN > >>>> you can quickly end up on a black list despite having valid SPF > >>>> records. > > >

RE: SMTP_HELO_NAME can cause Blacklist triggers

> I repeat, you misunderstood the documentation. Postfix computes its best > guess at the FQDN when you DO NOT *explicitly* set myhostname, in main.cf. The issue is NOT that I wanted Postfix to willy-nilly mangle $myhostname into a FQDN on my behalf. If there were a private keyword of $fqdn th

RE: SMTP_HELO_NAME can cause Blacklist triggers

> If that's what you want, and you're setting myhostname explicitly, then it is > your > responsibility to do that. This allows users who do want dotless hostnames to > have those if that's right for them. In Internet-connected SMTP (which is something like 99.9% of installations) if $myh

RE: SMTP_HELO_NAME can cause Blacklist triggers

> Returning to the OP's question, Postfix does append $mydomain to the > automatically derived value of $myhostname when the latter is not explicitly > set > in main.cf and is not fully qualified. Except that it doesn't. (or I misunderstood what you wrote) I set $myhostname = 'smtp'. $mydomain w

SMTP_HELO_NAME can cause Blacklist triggers

I learned the hard way that if you don't set $myhostname to a FQDN you can quickly end up on a black list despite having valid SPF records. The documentation is IMO insufficiently clear that $myhostname MUST be fully qualified and that Postfix will NOT tack on $mydomain if no 'dots' are detected.

Re: SMTP filter using geo-localization

sbl/; from= to= proto=ESMTP helo= Matthew On 1/5/2019 4:15 PM, Matt Anton wrote: Hello, A simpler solution would be using a cidr access map from <http://ipdeny.com/ipblocks/data/countries/> that match netblocks you allow in master.cf for submission (or smtps if using the legacy SMTPS ser

Re: SASL LOGIN authentication failed

On 13/05/18 12:09, Erwan David wrote: Le 05/13/18 à 09:49, Matthew Broadhead a écrit : i get loads of these from different ip addresses all over the world with the exact same password.  no idea what causes it.  i always wondered myself. e.g. cat /var/log/maillog | grep UGFzc3dvcmQ6 ... May 13

Re: SASL LOGIN authentication failed

i get loads of these from different ip addresses all over the world with the exact same password.  no idea what causes it.  i always wondered myself. e.g. cat /var/log/maillog | grep UGFzc3dvcmQ6 ... May 13 08:43:43 ns1 postfix/smtpd[8800]: warning: unknown[46.148.27.71]: SASL LOGIN authentic

Re: trigger script at login

i have smtpd_sasl_auth_enable=true.  i am using dovecot which i guess may be providing the sasl login mechansim.  thanks for pointing me in the right direction On 06/05/18 18:30, @lbutlr wrote: On 2018-05-06 (09:21 MDT), Matthew Broadhead wrote: is it possible to trigger a script to run

trigger script at login

is it possible to trigger a script to run when a user logs in to send an email?  ideally the script would also have access to username, ip address and user agent?

Re: Hotmail spam prevention mech.

i am also having problems delivering to microsoft domains since sunday.  i am in their SDNS program and it doesn't show our domain as being blacklisted. i contacted their engineers via https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3&lo

Re: Best practice when setting up a mail relay

bounces/delayed messages. Matthew Wietse Venema wrote: Jonathan S?lea: Good evening, I am in the process of setting up a smtp-relay for a hosting provider. Basically, the relay should relay emails from hundreds of servers out to the net. I do want some "protection" against if a

detect suspicious logins

does anyone know of a linux module (maybe similar to fail2ban) that could be installed which would monitor email logs (sign ins) and alert the user to any suspicious activity on their account? i suspect it would need to log geo location, device type and ip address to a database. it seems like

Re: Prevent local delivery for unix accounts

:/dev/null -- Matthew Msd wrote: Hello, Is it possible to prevent local delivery for unix accounts below 1000 (system accounts)? I have read http://www.postfix.org/LOCAL_RECIPIENT_README.html and http://www.postfix.org/postconf.5.html#local_recipient_maps without success.

Re: Change gateway on bounce

relay. -- Matthew Peter wrote: Hey guys, I have been thinking if postfix has capability to forward a bounced email to another server. I know I can relay emails using transport but can I relay (retry) an email from a different server? Let's say the target server says 'blacklisted' and I

Re: gratuitous failure on host address bits not zero

>> since the user's intent is clearly obvious. > What is the clearly obvious intent of 192.0.2.8/28 or 192.0.2.31/27? How > should Postfix guess which part of the CIDR notation is wrong? I consider the netmask to be always primary - any bits set to the right of the mask are inconsequential and

gratuitous failure on host address bits not zero

in ./src/util/cidr_match.c there is this bit of code: 240 /* 241 * Sanity check: all host address bits must be zero. 242 */ 243 for (np = ip->net_bytes, mp = ip->mask_bytes; 244 np < ip->net_bytes + ip->addr_byte_count; np++, mp++) { 245 i

Re: Proper Forwarding Procedure?

. smtp_mx_session_limit=5 Also, I increased my flush delay from 1000 to 1800 so it runs every 30 minutes. Gmail doesn't complain as often with a longer retry it seems. flush unix n - n 1800? 0 flush -- Matthew Dominic Raferd wrote: On 9 June 2017 at 20:45, Steve Je

Re: Domain Relay Question

f.5.html#smtp_fallback_relay>. By default, mail is returned to the sender when a destination is not found, and delivery is deferred when a destination is unreachable. -- Matthew Joey J wrote: Hello, I have been using postfix for a long time to relay email in a backup or filtering rol

Wietse: Old Mirrors on postfix.org/download.html

Wietse, There are several old mirrors with bad links that don't work on the postfix download page and needs to be updated. 404 Not Found http://mirrors-usa.go-parts.com/postfix/source/index.html USA, MI, Lansing 404 Not Found http://mirrors.xserver

Re: Getting bounces from only one server

Hello, On Server2, configure bounce_notice_recipient to a e-mail address that is located on server1. By default it's using Postmaster. Otherwise, on Server2, forward mail from the Postmaster account to server2. Marco Pizzoli wrote: Dear all, I need to find a workaround an issue I am facing

sieve sending vacation message from vm...@ns1.domain.tld

I have a server running centos-release-7-2.1511.el7.centos.2.10.x86_64 with postfix version postfix-2.10.1-6.el7.x86_64 and dovecot version 2.2.10. I am also using roundcube for webmail. when a vacation filter (reply with message) is created in roundcube it adds a rule to managesieve.sieve in

Re: postfix not delivering mail to user

Hello. What are you using for local delivery in main.cf? virtual or procmail? Usually, I add a domain to relay_domains and virtual relay_domains = /etc/postfix/relay_domains virtual_maps = hash:/etc/postfix/virtual alias_database = hash:/etc/aliases And then have an associated entry in /etc/pos

Re: Spamrl.com RBL problem

Hello. Your assuming that port 25 needs to be open on the local side to send mail. this is not the case. There are two possibilities here. 1. A dirty IP was assigned to your server, and that the previous owner had a spam issue. 2. It's a php exploit, that spawns a perl script to send outbou

Re: Spamrl.com RBL problem

they try to mask the process id. The end of DATA command is just the sequence at which it was denied. It's standard. -- Matthew li...@lazygranch.com wrote: : host smx1.web-hosting.com[209.188.21.38] said: 550 The sending IP (my dotted quad) is listed on https://spamrl.com as a sour

OT: mirror update contact e-mail

Hello. I run a mirror for Postfix and I need to update the URL. I have e-mailed Wietse several times in the past few years, and every time the e-mail is being ignored. What is the proper subject to use to contact Wietse to update my mirror details? Thanks

Odd filtering/config needs...

Hey all, long time since I was last here... which goes to show just how good Postfix is I guess ;-) Anyhow still using 2.11.x and have come into an odd filtering need. I need to *accept* email based on certain helo lines... Which I'm pretty sure is possible, however the other part is I have t

Re: filtering domains and e-mails - how ?

Hello. See: http://www.postfix.org/transport.5.html Per the table search order, user accounts need to be listed first, before the domain IE: us...@domain.com relay:[smtp1.server.com] domain.com relay:[smtp.server.com] See: Postfix users Zalezny Niezalezny wrote: Hi All, by defa

Re: Puting the Postfix's queue into RAM disk

Is it possible to configure a 2nd VPS instance just for fallback_relay? That way your primary queue is only for deliveries, and your 2nd instance can handle the bounces. I was working for an Online Gaming company and we would deliver 1-2 million messages per day, we had 3 active queues, and 1

Re: status=bounced (mail for ... loops back to myself)

Hello. I would also recommend having unique hostnames as well, so that postfix can keep track. It's perfectly fine to have the same IP. IE: mail.mydomain.com, mail2.mydomain.com etc Also, it might not be necessary to have two instances, you can probably do it with one, as SMTPD is for incomi

Re: (Debian) startup script?

le/28/Making_scripts_run_at_boot_time_with_Debian -- Matthew Nick wrote: Hi! After many years away from doing any kind of (mail) server administration, I have been called into duty again... (-; As I always did I installed everything from source and if I start Postfix manually everything works great... Thi

Re: Rerouting specific domains....

It should be possible with the transports, just specify an account u...@abc.domain.comsmtp:[my.other.relay.com]:25 SH Development wrote: Is there a way to configure Postfix to send specific FROM domains to an alternate outbound server? I want to do the opposite. When user from xyz.domain

Re: Rerouting specific domains....

It should be possible with the transports, just specify the account # user level /user@domain transport/:/nexthop/ Deliver mail for /user@domain/ through /transport/ to /nexthop/. u...@abc.domain.comsmtp:[my.other.relay.com]:25 SH Development wrote: Is there a way to con

Re: Mail delivery problem.. intermittent .. I dont see what could be wrong...

It also seems like you have a permissions error as well with your quarantine directories. Feb 17 16:49:52 mail amavis[16508]: (16508-03) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20140217T163033-16508/parts: lstat() failed: Permission denied. ERROR\n"

Re: Email clients timing out. Can you help?

Perhaps you should review: https://help.ubuntu.com/community/PostfixBasicSetupHowto Anthony Papillion wrote: Hello Everyone, I have a rather odd problem that I hope someone can help me figure out. I've installed Postfix on my Ubuntu 12.04 LTS server. It's accepting mail for the anonymail.us d

Re: sender domaion restrict to defined recipient

Instead of relying on postfix, perhaps create a procmail recipe for a...@domain.com For example: :0: * ^From.*sender@foo\.bar /dev/null # default :0: /var/mail/A -- Matthew Lanfeust troy wrote: thanks for reply. Yes i want to a...@domain.com <mailto:a...@domain.com> receive all

Re: disable tls for legacy versions

I renamed /usr/local/include/tls.h and it compiled fine. No errors. Thank You. Wietse Venema wrote: Postfix builds without TLS by default. I see. The "-I. -I../../include" should be before "-I/usr/local/include". Meanwhile, can you temporarily rename /usr/local/include/tls.h? Wie

disable tls for legacy versions

Is there a make flag to disable tls for legacy releases? I'm getting a compile error for 2.10.3 when trying to compile on FreeBSD 7.x 64bit. In file included from tls_level.c:52: /usr/local/include/tls.h:23:53: error: tcl.h: No such file or directory In file included from tls_level.c:52: /usr/lo

Dspam integration order

Hi all, I’m trying to integrate dspam into my mail flow and have got some conflict configuration suggestions. Regarding on incoming mail what are the advantages of using dspam as a content filter (and then reinjecting into postfix)[1] vs postfix delivering it to dspam who then delivers it t

Re: Changing SMTP Default destination port

502, etc. It's a way to hint to the loadbalancer which external IP to use. (We have a small number of external IP's, and need to ensure that the correct type of email traffic comes out the right IP, basically.) Thanks! Matthew > Em 13/06/2013, às 19:01, Matthew Barr escreveu: &g

Changing SMTP Default destination port

ue came up, the response was to use 2.2, since it still allowed this. This is for internal mail server use, with traffic generated by trusted hosts. --- BTW- Yes, I mean destination port. No, I don't mean SMTP inbound listening port. Matthew Barr Technical Architect E: mb...@snap

Re: GSSAPI SMTPD Authentication and MS Active Directory

On 4/25/2013 1:02 PM, Viktor Dukhovni wrote: What evidence do you have that the server is "doing" GSSAPI? It seems likely you're mistaken. Simply listing GSSAPI as a supported SASL AUTH mechanism is not "doing" GSSAPI, the client would actually have to use GSSAPI. It is quite possible your clie

Re: GSSAPI SMTPD Authentication and MS Active Directory

On 4/25/2013 12:41 PM, Quanah Gibson-Mount wrote: --On Thursday, April 25, 2013 12:27 PM -0700 Matthew Larsen wrote: If you want to use SASL/GSSAPI, the clients have to be able to get a TGT from the KDC. The reason I've been looking at configuring the SASL/GSSAPI mechanism is that

Re: GSSAPI SMTPD Authentication and MS Active Directory

On Wed, Apr 24, 2013 at 5:57 PM, Quanah Gibson-Mount > wrote: If you replaced Exchange 2003 with Zimbra, and set up external auth to your AD server, then it would use the custom zimbra authentication method for cyrus-sasl to auth your clients against AD.

GSSAPI SMTPD Authentication and MS Active Directory

I'm working on a project to replace an Exchange 2003 server that is only still around these days because we have lots of SMTP clients around the country that use it as an SMTP relay. It only relays messages for clients authenticated by our Active Directory domain. Members of a group in the parent

Re: StartTLS frustrations

. Good luck, Matthew. On Apr 5, 2013 7:47 AM, "Peter L. Berghold" wrote: > Hi Folks, > > Gettting very frustrated with trying to set up TLS using a StartSSL > (StartCom) > cert. > > Here are the applicable lines (sanitized of course) I used to set this > up: &g

Re: Time based blacklist or similar?

How about a DNS daemon to be used as a blacklist, which is backed by a SQL DB instead of by zone files? Such as PowerDNS with a SQL backend. Then add and remove BL entries based on the times you have in mind.

Re: dictionary-attack

ublish my latest working file, with your sweet fqrdns.pcre mentioned therein, into a Github Gist for posterity after it's baked for a couple of weeks on my medium-busy server. Hopefully that way I can prevent others from repeating my own errors. :) Matthew.

Re: dictionary-attack

On Wed, Mar 27, 2013 at 7:20 PM, Noel Jones wrote: > On 3/27/2013 7:18 PM, Matthew Hall wrote: >> I altered the restrictions according to the new advice: >> >> relay_restrictions - removed > > there's no reason to remove the safety net.

Re: dictionary-attack

than what I did before? Or am I still off base. Thanks for your help. Matthew.

Re: dictionary-attack

d this before posting: smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, #check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre, reject_unauth_destination So the evaluation order issue must have been caused by using two lists, instead of the ordering in relay_restrictions. Matthew.

Re: dictionary-attack

clients, and I don't know what subnet they'll be on since they're mobile devices with an IP from the mobile provider, so whitelisting isn't going to work very well if they roam somewhere surprising, like a different unexpected provider. Thanks, Matthew.

Re: safe setup of smtpd_relay_restrictions and smtpd_recipient_restrictions

n outbound relays that receive mail from from other MTAs. Corrected. > Already covered in the relay rules, no need to repeat it here. Corrected. > Viktor. It seems like I keep seeing you on every crypto and security list! Thanks for being there and assisting people so often. Regards, Matthew.

safe setup of smtpd_relay_restrictions and smtpd_recipient_restrictions

x27;m committing any grave or mortal Postfix and SMTP sins, if I deploy the configuration below. Thanks, Matthew. smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_recipient_restrictions = reject_invalid_hos

Re: relay_recipient_maps not working

the relay_recipient_maps. I guess my understanding of the default value relay_domains takes is incorrect. Thanks On Tue, Feb 12, 2013 at 9:41 PM, Matthew Ceroni wrote: > I thought that was the issue, but when I try submitting via SMTP (using > telnet as my test) it still doesn't work.

Re: relay_recipient_maps not working

t see that same debug output when testing through telnet to the SMTP port. On Tue, Feb 12, 2013 at 5:17 PM, Wietse Venema wrote: > Matthew Ceroni: > > I am trying to setup the relay_recipient_maps option. > > > > I created my LDAP file (/etc/postfix/ldap-relay_recipient

Re: Pointer to 'guide for setting up postfix'?

gt; > Best regards, > > John > John, I'm not much on the postfix side, but would advise you read the documentation throughly before starting anything. However you should seriously consider moving from 8.04 to at least 10.04 LTS, ideally 12.04 LTS, as 8.04 will stop getting updat

Re: my server generates spam

st a full day the mail's been in the queue. Depending on your server config and load, maillog may have been rotated since it first came in, so you may have to check an older log to find the original submission. -- Matthew Fuller (MF4839) | fulle...@over-yonder.net Systems/Network

Re: Current Postfix RPMs?

Awesome! Thank you for that link! On Thu, Jul 8, 2010 at 12:54 AM, Sahil Tandon wrote: > On Thu, 2010-07-08 at 00:32:43 +0100, Matthew Valentino wrote: > > > I'm new to Postfix, and I'm learning all I can from the readme files. > > However, I'm using CentOS

Current Postfix RPMs?

I'm new to Postfix, and I'm learning all I can from the readme files. However, I'm using CentOS 5.5 and the repo contains v2.3 of postfix. Building from source is causing strange problems with yum. Is there anywhere I don't know about where I can find an RPM for a current version of Postfix?

Re: Stop spammers sending us spam from users in our domain...

ny system would require a good hunk of thought to avoid things like replay attacks. Or, you could skip to the end of this mail, where I say "It's kinda hard" 8-} -- Matthew Fuller (MF4839) | fulle...@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ On the Internet, nobody can hear you scream.

Re: Stop spammers sending us spam from users in our domain...

ddenly, you have mail from "outside", with an envelope sender that's you, but is perfectly legitimate. And pretty common. If you know all your users and know none of them do any such thing, filtering it works great. But if you're not absolutely sure, you could be setting out

Re: Catchall account and lots of spam in a short period

On Mon, Jul 27, 2009 at 11:57:20PM +0200 I heard the voice of mouss, and lo! it spake thus: > > I've seen many sites that refuse '+', but for now, no site that > refuses '-'. I have entries in my alias file for several, sadly :| -- Matthew Fuller (MF4

Re: Message with 300,000+ recips via alias_maps

I set up a virtual alias map bigal...@example.com -> addre...@external.example.org -> addre...@external.example.net [etc] such that all of the members of bigal...@example.com are external to postfix, do I still need to define owner-bigal...@example.com in order

  1   2   >