I
> have tried sending the exact same messages via other servers with luck.
> If I compair the headers inside GMAIL
Did the rest of this sentence get cut off? Are there any spam-related
headers on the GMail side that might give you some clues?
--
Sahil Tandon
rify for the archives, djbdns (with dnscache) works
perfectly well; one should just not add his or her ISP's nameserver(s)
to the list of roots. Though it's not the default, a lot of tutorials
seem to recommend it.
--
Sahil Tandon
On Wed, 14 Jan 2009, Sahil Tandon wrote:
> On Wed, 14 Jan 2009, Noel Jones wrote:
>
> > On Wed, Jan 14, 2009 at 04:41:59PM -0800, Jeff Weinberger wrote:
> > >
> > > On Jan 14, 2009, at 3:53 PM, Roderick A. Anderson wrote:
> > >
> > > >Jeff
this message,
> but
> you receive it anyway.
>
> You can use HOLD with a check_recipient_access map reliably, that's another
> good way to temporarily pause delivery.
I think this affects all recipients of the message, so the OP probably wants to
use transport_maps to limit holding/queuing only for a particular sent of
recipients.
--
Sahil Tandon
one pop/imap server so long as it was decent
>>> hardware.
>>
>> Same here. This is mainly due to the caches dovecot uses.
>
> Not to mention Dovecots LDA fits in nicely with postfix :)
+1 for Postfix w/ Dovecot LDA.
--
Sahil Tandon
software
mailing list.
--
Sahil Tandon
ocal users (local, virtual etc)
are sent only by valid legitimate emails addresses.
Read about reject_unlisted_sender and smtpd_reject_unlisted_sender in
the postconf(5) manual.
--
Sahil Tandon
l to recipient; sender==$$recipient
--
Sahil Tandon
On Jan 12, 2009, at 11:51 AM, "Eduardo JĂșnior"
wrote:
Hi, all
I pretend release to a account in specific the quantity of
recipients in a message be bigger than the default.
For example:
userf...@mydomain.com
number of recipicients allowed: 100
other
number of recipicients allowed: 1
? What do the logs say? Show the output of
'postconf -n' and relevant excerpts from your log. Also see the
DEBUG_README, to which you were referred upon joining this list; it
contains useful troubleshooting tips and advice on how to get help
from this list.
--
Sahil Tandon
connects to your smtpd. It is common practice
for servers that support ESMTP to indicate this in their banner; no harm in
leaving it there. Although Postfix by default sends EHLO even if ESMTP does
not appear in the banner, some other MTAs might need to see ESMTP to know
your server supports it
On Mon, 12 Jan 2009, David Cottle wrote:
> So I should be using smtpd_helo_name to set the server helo name?
All supported main.cf parameters are documented in the postconf(5) manual;
smtpd_helo_name is not one of them.
For the umpteenth time, please stop top-posting.
--
Sahil Tandon
> and it will comply.
Change the code or $myhostname. :-)
--
Sahil Tandon
the most out of this mailing
list, read http://www.postfix.org/DEBUG_README.html#mail before posting
again.
--
Sahil Tandon
sport map and
populates it with the appropriate hostnames and transport nexthops.
--
Sahil Tandon
Sahil Tandon wrote:
> > > Received: by www.thisisireallymydomain.com (Postfix)
> > > id 3C916254775; Tue, 30 Dec 2008 03:50:01 -0800 (PST)
> > > Delivered-To: n...@thisisireallymydomain.com
> > > Received: from alkhorayef.com (unknown [91.189.132.54])
Some a
m your domain; it was the From: header that purports to be from your
domain. The check_sender_access table operates on the envelope, not the
header.
> This arrives in the inbox of no...@thisisreallymydomain.com with no
> indication of the
> actual source being a different domain, as "From"
> n...@thisisreallymydomain.com.
Actually, there is an indication in the headers, as explained above.
> How do I filter on the actual domain that it is coming from instead of
> the forged
> "From:" sent in the message headers?
You need to filter based on the headers
--
Sahil Tandon
t; relaying to destinations you don't accept by hosts outside of
>> mynetworks.
>
> Does smtpd_sasl_auth_enable = no completely disable submission and
> prevent relaying for hosts I don't accept? or is there more I have to
> make sure I do?
This disables submission via SASL authenticated clients on port 25.
--
Sahil Tandon
tic.musicreports.com not found: 3(NXDOMAIN)
^^^^^^
Fix that.
--
Sahil Tandon
On Jan 5, 2009, at 11:07 AM, Jeremie Le Hen wrote:
Hi list again,
Wietse, I take advantage of this new email to thank you for your reply
to my earlier email.
This time I just wonder why relay_domains defaults to mydestination?
I looked in the documentation and they appear to be very distinct
Adam wrote:
> Is there a way I can have mail sent through different "smtpd's"
> depending on the outgoing domain? If so I could throw a different
> disclaimer depending.
http://www.postfix.org/transport.5.html
--
Sahil Tandon
n.cf. Mouss
already gave you this clue.
For more information:
http://www.postfix.org/postconf.5.html#mydestination
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
http://www.postfix.org/ADDRESS_CLASS_README.html
--
Sahil Tandon
ostconf -n'. Also see:
http://www.postfix.org/DEBUG_README.html#mail
--
Sahil Tandon
ers known
relay recipients? Or are you trying to devise some sort of 'catch-all'
that forwards *all* mail to unknown users (local or otherwise) to this
other mail server? The latter is a bad idea.
[...]
--
Sahil Tandon
Michael JOLY wrote:
> Can we change or personalize the message sent automatically by postfix such
> as the "mail delivery system" message
http://www.postfix.org/bounce.5.html
http://www.postfix.org/postconf.5.html#bounce_template_file
--
Sahil Tandon
ist, read:
http://www.postfix.org/DEBUG_README.html#mail
--
Sahil Tandon
as you currently do, or route to an address that resolves (via
transport_maps) to a pipe transport.
--
Sahil Tandon
or the Postfix mailing list.
Postfix is an MTA, not a POP3/IMAP server or client.
--
Sahil Tandon
I created an /etc/postfix/aliases file containing:
>jim123: JIM123
>
> Then I ran "newaliases", but it did not seem to work.
Is /etc/postfix/aliases appropriately defined in your main.cf? Please
show the output of 'postconf -n' and read:
http://www.postfix.org/DEBUG_README.html#mail
--
Sahil Tandon
thin that particular smtpd_mumble_restrictions and
moves onto the next one, where the message may still be rejected by
another check. AFAIK, DUNNO stops processing of a particular access
table but continues checks within the same mumble restrictions.
--
Sahil Tandon
Victor Duchovni wrote:
> On Fri, Dec 26, 2008 at 08:25:12AM -0500, Sahil Tandon wrote:
>
> > sean darcy wrote:
> >
> > > Victor Duchovni wrote:
> > >> On Mon, Dec 22, 2008 at 12:08:20PM -0500, Asif Iqbal wrote:
> > >>
> > >>&
(given suitable CAfile or CApath):
>>
>> smtp_tls_security_level = secure
>>
>
> So where would you get the certificate to authenticate to google or
> 1and1.
The smtp (client), as opposed to the smtpd (server), does not need a
certificate to authenticate to google.
--
Sahil Tandon
ease help me!!
Why not simply reject such messages? What is the reason you want to
accept but silently discard messages to that non-existent user? It is
your choice to do so, but please offer some rationale for the archives.
--
Sahil Tandon
tp. You need the latter.
> I followed this
>
> http://www.postfix.org/SASL_README.html#client_sasl
Also follow this: http://www.postfix.org/TLS_README.html
--
Sahil Tandon
In general, no
> > special configuration is required to send mail to any domain.
>
> Correct, as long as there are no spam filters around.
False.
--
Sahil Tandon
> Wietse Venema meant in his reply. Sorry if I misunderstood
Yes, see the example in SASL_README for guidance:
http://www.postfix.org/SASL_README.html#client_sasl
--
Sahil Tandon
On Dec 19, 2008, at 10:59 AM, "Asif Iqbal" wrote:
On Fri, Dec 19, 2008 at 6:05 AM, Sahil Tandon
wrote:
Asif Iqbal wrote:
You are right I cannot talk to any domain's MX. My ISP is cox and
I cannot
even talk to their two MXs on port 25. I guess I could do a nmap
to find
elay Host would probably be my only option. However using postfix relay with
> gmail seems to be a *lot* of work
It is not a lot of work at all; what gave you the assumption that it is?
--
Sahil Tandon
Xs? You should see
something like:
% telnet 209.85.133.27 25
Trying 209.85.133.27...
Connected to an-in-f27.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP d38si5830405and.43
Also see:
http://www.postfix.org/postconf.5.html#relayhost
--
Sahil Tandon
M?rcio Luciano Donada wrote:
> Sahil Tandon escreveu:
> > M?rcio Luciano Donada wrote:
> >
> >> I am using the sender_bcc_maps, but would like to know if there is the
> >> possibility of doing the audit in e-mail sent from the field for only
> >>
=
..
check_recipient_access hash:/etc/postfix/filters
..
/etc/postfix/filters
recipi...@example.org FILTER foo:bar
There are some caveats and limitations; for more information see:
http://www.postfix.org/access.5.html
http://www.postfix.org/FILTER_README.html
--
Sahil Tandon
stfix.org/postconf.5.html#sender_bcc_maps
http://www.postfix.org/DEBUG_README.html
--
Sahil Tandon
27;m using both Pyzor and Razor in my spamassassin config. Are there
> any other recommended RBL I can consider for use either in postfix or
> spamassassin?
Obviously a matter of preference; maybe you can try a few, preceding the
checks with "warn_if_reject", and monitor your logs for false positives.
Some people have reported success with the Barracuda RBL.
--
Sahil Tandon
which maildir path style will improve performance?
Postfix == MTA != MDA. Consult the documentation and/or mailing list of your
MDA.
--
Sahil Tandon
7;re editing the above main.cf?
> smtpd_sasl_auth_enable = no
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
These three smtpd_sasl_* parameters are default; why are you re-defining
them in the configuration?
--
Sahil Tandon
n open relay.
> Why Postfix behaves like this? How to catch only 'incoming' mail, and to
> send it away it if recipiend domain isn't listed in the virtual, local,
> and relay domain tables?
Because, as documented, virtual(5) mapping can be applied to non-local
addresses. Your problem is somewhat of a FAQ; search the archives for
proposed workarounds.
--
Sahil Tandon
h a "User unknown" message.
No, this is backscatter. Do not accept mail that you intend to bounce.
Relocated maps should be setup on the MX that sits on the border; not
an internal mail server.
--
Sahil Tandon
ry to local users, additional virtual users or
external destinations.
--
Sahil Tandon
.
> Postfix rejects the mail with a permanent failure. How do I change this
> to a 4xx error code so that the clients server would retry the mail
AFAIK, there is no way to do this by tweaking main.cf. You would have
to modify the code and probably violate RFC 4954.
--
Sahil Tandon <[EMAIL PROTECTED]>
On Sun, Dec 07, 2008 at 04:24:48PM -0700, LuKreme wrote:
> Won't that still break thunderbird? Or did mozilla finally fix that?
It won't. And please stop top-posting.
--
Sahil Tandon <[EMAIL PROTECTED]>
oo many times. So no, I won't send
> you a RBL list.
This is bad and misleading advice. Just because you are listed on one
or more RBLs does not mean they are bad. Tolga, use zen.spamhaus.org
to reject at SMTP time. Also consider rejecting machines that HELO (or
EHLO) with "dynamic looking" hostnames.
--
Sahil Tandon <[EMAIL PROTECTED]>
problem and proposed solutions.
--
Sahil Tandon
Chris Funk <[EMAIL PROTECTED]> wrote:
> On Thu, Dec 4, 2008 at 11:20 AM, Sahil Tandon <[EMAIL PROTECTED]> wrote:
>
> > Chris Funk <[EMAIL PROTECTED]> wrote:
> >
> > <..snip>
> > > Obviously not a good thing to do as then no one internally
m: address is *@
> us-reports.com and it is not from mynetworks then REJECT it?
Place the check after permitting your networks, SASL auth'd clients, and
reject_unauth_destination.
> The check_sender_access option is working great for the MAIL FROM: header,
> but that isn't catching these other ones.
check_sender_access works on the ENVELOPE, not the HEADER.
--
Sahil Tandon <[EMAIL PROTECTED]>
; testdomain.com and another domain that this machine receive mail with
> anotherdomain.com:
As advised in the DEBUG_README, next time include the output of
'postconf -n'.
--
Sahil Tandon <[EMAIL PROTECTED]>
Stick to postqueue. Isn't qstat for qmail?
--
Sahil Tandon <[EMAIL PROTECTED]>
at causes the error? Is Postfix running chrooted? Have you read the
DBEUG_README?
--
Sahil Tandon <[EMAIL PROTECTED]>
sign? Are the
> correct services running on the correct machines?
Paste the output of 'postconf -n' from one of the INBOUND MXs; you might
then receive more suggestions. And if you are not already, I recommend
postfwd as a policy server while rejecting all mail listed on
zen.spamha
Dan Langille <[EMAIL PROTECTED]> wrote:
> Sahil Tandon wrote:
>> john mickler <[EMAIL PROTECTED]> wrote:
>>
>>> I have a question pertaining to message headers on outbound mail from
>>> remote smtp auth'd clients. I have been asked to adju
round with header_checks assuming that this
> is where the REWRITE would go, but it doesn't seem like I'm getting
> anywhere.
You need REPLACE, not REWRITE.
See http://riseuplabs.org/privacy/postfix/; ignore the patch section and
scroll down to "Postfix 2.3 and later". Copy and modify as necessary to
meet your needs.
--
Sahil Tandon <[EMAIL PROTECTED]>
domains
You needn't place anything but tiscali.co.uk in your transport file.
Mail addressed to the other (local and non-local) domains should arrive
at the appropriate nexthop by default. You are only trying to override
the default nexthop for tiscali.co.uk.
--
Sahil Tandon <[EMAIL PROTECTED]>
sure that the second gateway accepts and relays mail on behalf of
the first (blacklisted) gateway.
--
Sahil Tandon <[EMAIL PROTECTED]>
e, Postfix
acts as documented:
http://www.postfix.org/postconf.5.html#undisclosed_recipients_header
--
Sahil Tandon <[EMAIL PROTECTED]>
ve never
> captured/viewed smtp data and wouldn't know how to interpret it and filter
> out the session of interest!
http://www.postfix.org/DEBUG_README.html#sniffer
--
Sahil Tandon <[EMAIL PROTECTED]>
using the problem. Just because other test emails get through does
not rule out a problem. And yes, what software the relay MTA runs is
relevant; especially if this software does not properly implement SMTP.
--
Sahil Tandon <[EMAIL PROTECTED]>
know what MTA the relay
is running? Have you recorded the SMTP conversation with something like
tcpdump to see what happens right before the connection is lost?
--
Sahil Tandon <[EMAIL PROTECTED]>
d passes packets
between the sending and receiving machine.
--
Sahil Tandon <[EMAIL PROTECTED]>
> information on the routing/delivery process.
Isn't it performing DNS lookups just fine when delivering to other
domains? Is this problem limited to att.blackberry.net or was that just
one of many examples? Also see:
http://www.postfix.org/DEBUG_README.html#mail.
--
Sahil Tandon <[EMAIL PROTECTED]>
il, but I have
> to (I think) set up some authentication so that I don't
> become an open relay. What's the simplest way to do
> this?
http://www.postfix.org/SASL_README.html
http://www.postfix.org/TLS_README.html
--
Sahil Tandon <[EMAIL PROTECTED]>
te? His host is the only host I have a problem with, for everybody
> else it seems to work fine.
Without more information (as requested in the DEBUG_README to which you
were linked upon joining this mailing list), the last sentence suggests
the problem is with your friend's server, not yours.
--
Sahil Tandon <[EMAIL PROTECTED]>
Terry Carmen <[EMAIL PROTECTED]> wrote:
> Sahil Tandon wrote:
>> Linux Addict <[EMAIL PROTECTED]> wrote:
>>
>>
>>> Steven King wrote:
>>>
>>>> Postfix is very cautious about system resource usage. It keeps an eye on
>
about the system performance, but possible
> blacklisting as it may send flurry of mails to external domains.
If you're really worried, you can parse the queue for large amounts of
messages heading to the same external domain and release the associated
QUEUE IDs slowly. Bit of a crude option, but one you might consider.
--
Sahil Tandon <[EMAIL PROTECTED]>
arate domains,
non-UNIX accounts". After reading that document and experimenting
yourself, ask for help here following the instructions in
http://www.postfix.org/DEBUG_README.html#mail.
--
Sahil Tandon <[EMAIL PROTECTED]>
r take this up with the Debian package maintainer(s).
--
Sahil Tandon <[EMAIL PROTECTED]>
n your postconf output, I did not see any declaration of
transport_maps. You need something like:
transport_maps = maptype:/etc/postfix/transport
where 'maptype' is probably 'hash' in your case, but see postconf(1) and
postmap(1) for more details.
--
Sahil Tandon <[EMAIL PROTECTED]>
ransport maps:
http://www.postfix.org/transport.5.html
> "joedoe: [EMAIL PROTECTED]:2525"
> and
> "joedoe: [EMAIL PROTECTED] 2525"
>
> The above does not work. How can I accomplish this?
See the link posted above and pay close attention to transport map
syntax.
--
Sahil Tandon <[EMAIL PROTECTED]>
Stephen Liu <[EMAIL PROTECTED]> wrote:
> Please advise where shall I check and how to fix the problem. TIA
Read the DEBUG_README and try again.
--
Sahil Tandon <[EMAIL PROTECTED]>
Victor Duchovni <[EMAIL PROTECTED]> wrote:
> On Sat, Oct 11, 2008 at 11:03:37AM -0400, Sahil Tandon wrote:
>
> > Thank you and Viktor for your response. The sending MTA continues to
> > retry on an hourly basis. I ran tcpdump as per the DEBUG_README and
> > p
was written, headers, etc. I wasn't
sure that was necessary to debug the issue. But if it is, I'm happy
to post that as well.
I understand it is generally better to paste relevant excerpts in the
body, but this particular capture is quite large!
[TCP Previous segment lost] is followed by several duplicate ACKs, and
eventually a 421 timeout error.
http://pastebin.com/m7fb47518
--
Sahil Tandon <[EMAIL PROTECTED]>
irtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = example0.org example1.com example2.com
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
--
Sahil Tandon <[EMAIL PROTECTED]>
f
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,
> $virtual_alias_maps
Don't post snippets of your main.cf; as advised in DEBUG_README, please
post output of 'postconf -n'. Also, what does the pickup service look
like in your master.cf?
--
Sahil Tandon <[EMAIL PROTECTED]>
st REJECT those domains.
--
Sahil Tandon <[EMAIL PROTECTED]>
out-1314.google.com, to which you cannot connect on port 25.
--
Sahil Tandon <[EMAIL PROTECTED]>
Ujjval K <[EMAIL PROTECTED]> wrote:
> BTW - There were no instructions in the welcome message..
[...]
> TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
That, right there, looks like a pretty clear instruction to me.
--
Sahil Tandon <[EMAIL PROTECTED]>
gt; with many different competing registrars. Go to http://www.internic.net
> for detailed information.
Pedantry is OK, but it is reserved only for those who know what they're
talking about. That is to say, it is not for you.
--
Sahil Tandon <[EMAIL PROTECTED]>
.org/postconf.5.html#reject_unknown_sender_domain
% host css2.ndcorp.com
Host css2.ndcorp.com not found: 3(NXDOMAIN)
--
Sahil Tandon <[EMAIL PROTECTED]>
BUG_README.html#mail
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
http://www.postfix.org/SASL_README.html
Give more information; at least the output of 'postconf -n' and
saslfinger.
--
Sahil Tandon <[EMAIL PROTECTED]>
ddressed to [EMAIL PROTECTED] arrives at your server during the
initial move), you could setup a transport(5) map to direct all such
mail to the new MX.
As for deleting the defunct domainAAA.tld mailboxes -- that's entirely
up to you.
--
Sahil Tandon <[EMAIL PROTECTED]>
Camron W. Fox <[EMAIL PROTECTED]> wrote:
> What happened to the mail that met the "FILTER DUNNO" criteria of the
> incorrect config?
Your logs will tell you. You could also see if it's lurking in the
mailq.
--
Sahil Tandon <[EMAIL PROTECTED]>
ry, it was shown in the inline above:
>>>
>>> 133.40.0.0/16 FILTER DUNNO
>>
>> DUNNO is not a filter; that's why Postfix is complaining. See
>> access(5):
>>
>> http://www.postfix.org/access.5.html
>>
> So it should be this:
>
> 133.40.0.0/16 DUNNO
> 0.0.0.0/0 FILTER spamassassin:
Yes.
--
Sahil Tandon <[EMAIL PROTECTED]>
Camron W. Fox <[EMAIL PROTECTED]> wrote:
> Sahil Tandon wrote:
>> Camron W. Fox <[EMAIL PROTECTED]> wrote:
>>
>>> access table cidr:/etc/postfix/per_client_filter entry "10.1.2.3"
>>> requires transport:destination
>>
>> Typo in
Camron W. Fox <[EMAIL PROTECTED]> wrote:
> access table cidr:/etc/postfix/per_client_filter entry "10.1.2.3" requires
> transport:destination
Typo in your per_client_filter CIDR? Show us.
--
Sahil Tandon <[EMAIL PROTECTED]>
is open.
Better fix it then. Rather than reciting cliches, your time is probably
better spent reading the DEBUG_README.
--
Sahil Tandon <[EMAIL PROTECTED]>
ught that what I'm doing is standard but obviously it
> breaks in such a common scenario. Comments?
What is 'example.com' really? The way I understand it,
check_sender_mx_access checks whether the MX host(s) for the MAIL FROM
address match whatever you may have in your access table. Just because
one user is sending to another in the same domain, that does not mean
the domain itself should have an MX record that points to loopback.
--
Sahil Tandon <[EMAIL PROTECTED]>
Victor Duchovni <[EMAIL PROTECTED]> wrote:
> On Wed, Sep 24, 2008 at 06:42:11PM -0400, Sahil Tandon wrote:
>
> > To avoid this situation, use a transport map to temporarily defer mail
> > *just* for those recipients. Once you're ready to "go live" o
mail destined for
example.com should instead be directed to smtp:[some.where.else], then
instead of removing the transport map entirely, you would obviously
update it (replacing the "defer:" portion) as necessary and then flush
the queue. See transport(5).
--
Sahil Tandon <[EMAIL PROTECTED]>
e:
http://www.postfix.org/postconf.5.html#frozen_delivered_to
--
Sahil Tandon <[EMAIL PROTECTED]>
Matthew <[EMAIL PROTECTED]> wrote:
> I know there's a simple solution and it's right in front of me, I just
> can't see it...
>
> Any help with this is sincerely appreciated.
http://www.postfix.org/DEBUG_README.html#mail
... especially the section about '
tch and then write your own script that uses that
and others as inspiration. And next time please don't hi-jack an
unrelated thread. :-)
--
Sahil Tandon <[EMAIL PROTECTED]>
Karl O. Pinc <[EMAIL PROTECTED]> wrote:
> On 09/21/2008 12:08:08 PM, Wayne Catterton wrote:
>> What I'm wondering is if I missed something, is there something vital
>> I missed as far as security/mail processing?
>
> I like sqlgrey, others prefer postgrey.
+1
701 - 800 of 851 matches
Mail list logo
