[pfx] Re: Strengthen email system security

>All of these entries are using the LOGIN mech. Unless you have an >extremely old outlook express MUA (or similar) you xan and should be >using the PLAIN mech. You can eliminate all of the above attacks by >removing LOGIN from the list of mechs you accept. Peter: I too see a lot of these so I

[pfx] Re: postfix check_sender_access and subdomain test

Noel: As I understand from your explanation, if I keep my parent_domain_matches_subdomains = smtpd_access_maps Then the preceding dot format is moot/not needed. Only outbound.protection.outlook.com OK Check. >The reason it doesn't work is you're confusing sender and client.

[pfx] Re: postfix check_sender_access and subdomain test

>>Depending on whether omain is client or sender or ... >> >>... >>reject_unauth_destination >>... >>check_client_access hash:/pathname >>reject_rbl_client example.com >>... >> >>Or >> >>... >>reject_unauth_destination >>... >>check_sender_access

[pfx] Re: postfix check_sender_access and subdomain test

>> check_sender_access hash:/etc/postfix/sender_checks, > >That directive checks the email address which is used in the SMTP MAIL >FROM command. > >I believe you need to use check_client_access to check the verified >client hostname instead of check_sender_access. > > Bill & Noel, thank you both

[pfx] Re: postfix check_sender_access and subdomain test

>Scott Techlist via Postfix-users: >> I need to allow a domain to bypass my RBL checks. I'm doing something >> wrong, or I'm >misunderstanding what I'm checking from my logs. I'd be grateful for an >assist to remedy. >> > >Depending on

[pfx] Re: postfix check_sender_access and subdomain test

>I can tell you there is significant spam from that Microsoft IP space. That >spamcop doesn't have false positives, but rather due to >the sharing of IP >space, senders that aren't spammers get tarred with the same brush as the >spammers. I did a grep on the maillog >files and that is a

[pfx] postfix check_sender_access and subdomain test

I need to allow a domain to bypass my RBL checks. I'm doing something wrong, or I'm misunderstanding what I'm checking from my logs. I'd be grateful for an assist to remedy. This box is an old postfix install Postfix version 2.2.10. (I know, working on migrating) main.cf: (full

[pfx] debugging an appliance connection

Client has an appliance (Axion RTAC) that sends email based reports. I don't have access to the appliance or its docs. It used to send its emails to an Exchange server that has been decommissioned. I'm trying to get it to send to my postfix server. I have it whitelisted for postfix checks.

[pfx] Re: A new Postfix book in the making - "Run Your Own Mail Server"

>>Michael W. Lucas is writing a book about "Run Your Own Mail Server" >>featuring the Postfix mail server. Michael has written and published a >>Chapter 0 that gives an impression what the book will contain. Besides >>the technical aspects, the book will cover the email ecosystem and how >>to fit

[pfx] Re: A new Postfix book in the making - "Run Your Own Mail Server"

>Michael W. Lucas is writing a book about "Run Your Own Mail Server" >featuring the Postfix mail server. Michael has written and published a >Chapter 0 that gives an impression what the book will contain. Besides >the technical aspects, the book will cover the email ecosystem and how >to fit well

[P-U] Re: Postfix lists are migrating to a new list server

>> On Tue, 7 Mar 2023, John Stoffel via Postfix-users wrote: >> >>> So what's the option for a more upto date version of DKIM milter for debian? >> >> rspamd does DKIM, SPF, DMARC and ARC (and lots more), and doesn't segfault >> (so >> far ;-) > > >I'm STILL trying to figure out rspamd's

RE: Assist with a spam message, check_sender_access and check_client_access targets

>> No idea what's stripping them. I use amavisd and spamassassin, the >> later I expect. > >Nope. ASF SpamAssassin does not manipulate existing headers in any way >except for pre-existing X-Spam-* headers that it is specifically >configured to remove. When used via amavisd or MIMEDefang or any

RE: Assist with a spam message, check_sender_access and check_client_access targets

Re: Raf >In other words, check_sender_access tests the address >that ended up being stored in the From_ mbox pseudo header: > > From > bounce-91040_html-994996332-142678-514026815-45...@bounce.s11.mc.pd25.com > Fri Jan 20 12:40:11 2023 > >And check_client_access doesn't check any headers at

RE: Comcast 421 throttling multiple recipients

>But then how do we configure Postfix to do this automatically so that >we can gain enough reputation to send more than one recipient at a >time? Because Comcast is not rejecting all mail. Comcast is only >rejecting mail with multiple recipients. Comcast is accepting mail >with single

RE: Raw postfix newbie here...

> If I missed anywhere on the web where moving from sendmail to postfix while > using (or modifying) existing external files is discussed >in detail, pointers would be appreciated - might save me from making a bunch >of embarrassing newbie posts here... > If I missed anywhere on the web

RE: check IP before permit_sasl_authenticated

>Is there a workaround for the space in v2.2 (old server, working on migrating)? > >submission inetn - n - - smtpd > -o smtpd_recipient_restrictions=check_client_access > hash:/etc/postfix/access,permit_sasl_authenticated,reject > I found a post where someone

RE: check IP before permit_sasl_authenticated

Thanks Wietse. Is there a workaround for the space in v2.2 (old server, working on migrating)? submission inetn - n - - smtpd -o smtpd_recipient_restrictions=check_client_access hash:/etc/postfix/access,permit_sasl_authenticated,reject

check IP before permit_sasl_authenticated

I'd like to block certain IP's from attempting to authenticate on my submission port. This is what I have now: #master.cf #port 587 submission inetn - n - - smtpd -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_sasl_auth_enable=yes

RE: Restrict outgoing/submission to defined local or virtual users

Matus: >why just outgoing? Are you willing to accept spam with fake from in your >domain? I am not willing. Inbound is already restricted and functioning properly. That said, I migrated my configs from an older version of PF so now you made me worry about *how* it is restricted. I have

RE: Postscreen and reject_rhsbl

Here's a related recent thread http://postfix.1071664.n5.nabble.com/postscreen-dnsbl-AND-smtpd-recipient-restrictions-rbl-tt91307.html#none >-Original Message- >From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] >On Behalf Of Alex >Sent: Tuesday, August 01,

receive_override_options with 2 cleanups

Postfix 3.2.2 Post upgrade, I'm revisiting my configuration to be sure I'm taking advantage of current features relative to my old server. I'm still using 2 cleanup services , pre-cleanup before the content_filter and the regular cleanup after-filter. I was using Patrick Koetter's current

RE: Deciphering maillog transaction that resulted in reply to spammer

>Did you configure your content filter to send a bounce message? Not intentionally. >Jul 26 19:05:57 mail1 postfix/smtpd[11093]: 67FB13910: >client=localhost[127.0.0.1] > >Jul 26 19:05:57 mail1 postfix/cleanup[11094]: 67FB13910: >message-id= > >That is

RE: List posting question

>Do you have concrete evidence that the posting actually reaches the list host, >and isn't blocked at a point closer to you? Yes, but I figured it out. It was right there in front of me in the auto-reply/bounce message. Just missed it. Apologies for the static.

Deciphering maillog transaction that resulted in reply to spammer

Postfix 3.2.2, Centos7, amavisd, clamav Upgrading my server, and recently migrated one of my older domains that gets more spam. When checking my mail queue I saw a few deferred messages to addresses that alarmed me. I had a moment of panic thinking maybe I had configured something allowing a

postscreen log summary

Anyone have or know of a log parser/tool that includes postscreen logs? I don't think Jim's pflogsum includes any type of postscreen data. Would be nice to have some reporting that included how much I'm potentially preventing vs. processing. Thanks, Scott

Clear postscreen whitelist cache

Is it possible to inspect or clear postscreen's whitelist cache?

RE: postscreen fail2ban filter

>There is no need to duplicate the threshold check. I'm not duplicating the check. I was just considering using the logged, recorded checks (of a minimum value) and making use of those. They could trigger a ban of the IP via fail2ban's respective jail's frequency settings, based on those log

RE: postscreen fail2ban filter

>Postcreen logs DISCONNECT for clients that PASS the "after 220 greeting" >tests (bare newline, non-SMTP command, pipelining). Exactly what I was afraid of, thanks for the confirmation. >I don't think there is much to gain from parsing postscreen logging to produce >fail2ban rules. postscreen is

postscreen fail2ban filter

As I watch the bots and spammers hammer my server with connection attempts, I figured I might as well stop them even closer to the front door when they try repeatedly. I have fail2ban running already and once I enabled postscreen it didn't seem to have much to do anymore. My primary question is:

RE: postscreen dnsbl AND smtpd_recipient_restrictions rbl?

>This looks similar to my own config, from which I think Steve adapted his. I >presume therefore that you're using a threshold of 3? Yes. >SWL is no longer active; the zone has been emptied. Check. Thanks. >> reject_rbl_client bl.spamcop.net >> reject_rbl_client psbl.surriel.com > >I

RE: upgrade/compile options

>Do "postfix reload" and see what Postfix version is being logged. Jul 11 15:58:29 tn2 postfix/postfix-script[17935]: refreshing the Postfix mail system Jul 11 15:58:29 tn2 postfix/master[17876]: reload -- version 2.11.10, configuration /etc/postfix