Re: Backup MX setup - alternative to db?

CSS [2017-04-28 15:48 -0400] : > My idea to get my lookup maps in place is just to write a small > perl script that dumps my config info from mysql into flat > files, uses scp to copy the files over to the backup MXers, and > then runs postmap on the output on the backup MXers. Before > I go

Re: Expanding aliases before forwarding mail to milter

Thomas Leuxner [2016-11-24 15:56 +0100] : > * Niklaas Baudet von Gersdorff <st...@niklaas.eu> 2016.11.24 12:28: > > > I appreciate any ideas or hints. > > You should be able to workaround this with a restriction class. > Although the example is not LDAP specific

Expanding aliases before forwarding mail to milter

I use aliases extensively, for administrative accounts (such as abuse@, postmaster@, or webmaster@) or for expanding givenname.surname@ to givenname@. I do so with ldap and, most importantly, regexp databases because the latter enables me to limit entering similar information multiple times. For

Re: regexp for allowing helo host

L.P.H. van Belle [2016-11-16 13:59 +0100] : > I suggest you read : > http://faculty.cs.niu.edu/~rickert/cf/bad-ehlo.html > > personaly i use the following. > smtpd_helo_restrictions = > permit_mynetworks, > check_helo_access pcre:/etc/postfix/pcre/helo.pcre > check_helo_access

Re: (Semi OT) RBL shakedown

li...@lazygranch.com [2016-10-24 14:52 -0700] : > Oh, I didn't me YOU as in you personally. Sorry about that. > Maybe it is an American was of speaking.  No offenSe taken. ;-) > The reply from Digital Ocean is just to change my IP. I'm > shocked they don't want to defend their IP space. I

Re: (Semi OT) RBL shakedown

li...@lazygranch.com [2016-10-24 13:54 -0700] : > ‎So you block all of AS14061 because there supposedly is > a spammer in the block? I grumblingly agreed when Wietse said > it was proper to block a specific IP when only one user was > spamming, but this seems excessive. No, I personally don't.

Re: (Semi OT) RBL shakedown

li...@lazygranch.com [2016-10-24 13:20 -0700] : > If you use the uceprotect RBL, note that they are involved in a > shakedown to solicit money to be removed from their list. Much like > spamrl, I'd suggest not using them since they have an obvious false > positive problem. > >

Re: Postfix persistent connection and MySQL cluster

t...@iredmail.org [2016-10-21 00:11 +0200] : > We use the floating IP address (handled by KeepAlived) in Postfix config > file, we expect Postfix can always connect to a mysql server. I have a similar set up (instead of MySQL I use OpenLDAP though). Assuming that your servers are in a VPN, why

Re: Stop logging haproxy health checks

Wietse Venema [2016-10-16 09:14 -0400] : > Options: > > - Replace syslogd with one that supports filtering Since I have other projects pending... > - Data compression reduces repeated information enormously, when > logfiles are rotated. It's reduced by 16x for my non-HaProxy > server, and

Stop logging haproxy health checks

/var/log/maillog is flooded because of haproxy health checks. To stop the flood I changed syslog.conf: $ grep mail /etc/syslog.conf *.err;kern.warning;auth.notice;mail.crit /dev/console *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages

Re: Trying to wrap my head around reject_sender_login_mismatch

Jeremy Hansen [2016-10-03 01:24 -0700] : > I’m trying to wrap my head around what the issue is. I realize > there’s a mismatch but I’m having trouble understanding exactly > what the mismatch is or where to fix it. > > My smtpd_sender_login_maps=hash:/etc/postfix/valiases contains: > >

Re: Envelope sender address authorization not working

Viktor Dukhovni [2016-08-03 22:28 +] : > On Thu, Aug 04, 2016 at 12:16:48AM +0200, Niklaas Baudet von Gersdorff wrote: > > > > > Funny thing is that `postmap -q m...@niklaas.eu ` > > > > > > Instead of anecdotal re-interpretation of this claim, se

Re: Envelope sender address authorization not working

Viktor Dukhovni [2016-08-03 22:07 +] : > On Wed, Aug 03, 2016 at 11:59:17PM +0200, Niklaas Baudet von Gersdorff wrote: > > > Funny thing is that `postmap -q m...@niklaas.eu ` > > Instead of anecdotal re-interpretation of this claim, send the > actual command you used,

Envelope sender address authorization not working

Hello, I try to configure "Envelope sender address authorization" as described at http://www.postfix.org/SASL_README.html#server_sasl_authz but Postfix keeps complaining that the sender address is not owned by the SASL account I login with. The account is n...@niklaas.eu while the sender

Re: Newbie in postfix

On 21/09/15 10:30, Austin Einter wrote: > OS - Linux Ubuntu 14.04 64 bit. [...] > I want to setup a proper email system for a small startup company. > > My objectives are to > 1) install postfix > 2) install dovecot > 3) Install some anti-virus module to protect email system

Re: keeping off brute force password attempts

On Sun, 13 Sep 2015 21:35:56 +0200 Benny Pedersen wrote: > fail2ban is imho only ipv4 :( Ah, I didn't know that. > google autofwd for replacement > > http://freecode.com/projects/autofwd Thanks. This looks interesting. -- Niklaas

Re: keeping off brute force password attempts

On Sun, 13 Sep 2015 00:25:42 +0530 Ram wrote: > I am seeing a surge in the number of password attempts both at my > postfix smtp servers as well as imap servers > These attacks seem to be targetted since the attempts are made at > correct userids I am using sshguard. It

Re: FreeBSD jails, loopback, and postfix

Wietse Venema [2015-01-23 06:40 -0500] : Niklaas Baudet von Gersdorff: Why do I get this error message and how can I achieve that tank also relays mail via lo1 not looping back to itself? Configure main.cf:inet_interfaces and list ONLY the IP addresses that this Postfix instance must

FreeBSD jails, loopback, and postfix

Hi, on FreeBSD, I successfully set up a jail host with some jails (via ezjail) in it. On the host I have 3 network interfaces: re0, lo0, and lo1. The jails get IP addresses on re0 (IPv6) and lo1 (IPV4), some only on lo1. I use PF to NAT from lo1 to re0. Hence, all of the jails are connected to