Fighting Backscatter

I've read through the readme at: http://www.postfix.org/BACKSCATTER_README.html and thought I was doing everything right. but my personal mail server is still getting listed at Backscatterer.org. :( I'm running 2.6.5 and here's my postconf -n: alias_database = hash:/etc/aliases alias_maps = has

RE: Fighting Backscatter

er-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Friday, October 15, 2010 8:28 AM To: Postfix users Subject: Re: Fighting Backscatter Steve Jenkins: > I've read through the readme at: > > http://www.postfix.org/BACKSCATTER_README.htm

RE: Fighting Backscatter

to simply tell everyone in my family that I can no longer forward their @familyname.com mail to the accounts of their choice - many of them have relied on these email addresses since I got the domain in 1996. Thanks in advance, Steve -Original Message- From: Wietse Venema [mailto:wie...

RE: Fighting Backscatter

t: Re: Fighting Backscatter Steve Jenkins: > Hi, Wietse. Thanks for the speedy reply. I'm a big fan of Postfix, so first > of all, thank you for developing such a great product. I cringe thinking > about the days when I used to have to run Sendmail (shudder). > > Ok... so let me se

RE: Fighting Backscatter

Gotit. Thanks again for helping me out. I'm still learning. So it seems I need to figure out how to stop the backscatter process at step 6 and NOT return the bounce to the original sender. I went through my log looking for an entire process like you described. I think I found one: Oct 18 18:22:

RE: Fighting Backscatter

pecific guidance there, or anywhere else, is much appreciated. Thanks, SteveJ -Original Message- From: Wietse Venema [mailto:wie...@porcupine.org] Sent: Tuesday, October 19, 2010 5:16 AM To: Steve Jenkins Cc: Postfix users Subject: Re: Fighting Backscatter Steve Jenkins: > Gotit. Thanks

RE: Fighting Backscatter

x.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of pf at alt-ctrl-del.org Sent: Tuesday, October 19, 2010 8:04 AM To: postfix-users@postfix.org Subject: Re: Fighting Backscatter > On 2010-10-18 9:58 PM, Steve Jenkins wrote: >> The instructions at http://www.postfix.org/BACKSCATT

RE: Fighting Backscatter

stfix-users@postfix.org Subject: Re: Fighting Backscatter On 10/20/2010 02:52 AM, Steve Jenkins wrote: I will gladly solve the RIGHT problem. The fact that I'm here looking for guidance should demonstrate that I'm looking to do exactly that. Unfortunately, I can't simply put &q

RE: Fighting Backscatter

and finger wags, I'm open to quietly sinking mail that I can't deliver. Any pointers on exactly how to do that? Thanks again, Steve -Original Message- From: Terry Gilsenan [mailto:terry.gilse...@interoil.com] Sent: Tuesday, October 19, 2010 7:27 PM To: Steve Jenkins; Postfix users

RE: Fighting Backscatter

Well, let's say I can provide you with some pointers. That doesn't absolve you of the responsibility to study the documentation thoroughly. Thank you nonetheless. I was starting to get the impression that doing anything other than telling people to read the documentation was verboten. ;) I'm not

RE: Fighting Backscatter

Jeroen said: My personal server uses: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_reverse_client_hostname, warn_if_reject reject_non_fqdn_helo_hostname,

RE: Fighting Backscatter

Stan Hoeppner said: >This will probably be a big help to Steve. Thanks, Stan. That fqrdns.pcre file rocks. Is that something you created? May I share the link with others? I had already added the spamhaus DBL checks (after Jeroen nudged me toward their Zen IP blocklist), but Surriel PSBL is new t

RE: Fighting Backscatter

Jeroen Geilman said: Make sure you understand the difference between smtpd_reject_unknown_helo_hostname and smtpd_reject_unknown_[reverse_]client_hostname. Ok - here's what I understand them each to be: -reject_unknown_helo_hostname will reject a request if the remote mail server does

com.com weirdness and relay_domains warning

My personal server is happily managing virtual mail domains without any trouble, but I'm now trying to troubleshoot a work server that is being a little more stubborn. It has one primary domain (booyahmedia) and two virtual domains (teamsites.com and virtualvow.com). I've set up a local test accou

RE: com.com weirdness and relay_domains warning

On October 22, 2010 9:38 AM I wrote: --- First, I'm trying to figure out why it's giving me that trivial-rewrite warning because teamsites.com appears only in virtual_alias_domains in main.cf. The only references I can find with Google seem to address subdomains of the primary doma

virtual_mailbox_domains Warning

Hello, Postfix Users. Our ultimate goal is to use Postfix to send mail to a large opt-in mailing list "From: nore...@foobar.com" using a "Return-path: addr...@bounce.foobar.com" where "address" is unique to each recipient (a...@bounce.foobar.com, 1...@bounce.foobar.com, etc.) for bounce-processing

RE: virtual_mailbox_domains Warning

/dev/rob0 said: >If you don't plan to use relay_domains, indeed, unset it: > relay_domains = >The $mydestination default setting was for backward compatibility. >Combined with the default of parent_domain_matches_subdomains, this >can cause problems, because all subdomains of mydestination dom

Bounce Processing "Best Practices?"

Happy New Year to you all. This is a "best practices" question for other Postfix users who may be using Postfix to send email to large opt-in mailing lists. We have a subscriber list of 1MM+ registered members of a popular video game website. The vast majority of them are also opted in for our mo

smtp_fallback_relay and Sender Reputation

We're exploring the possibility of using smtp_fallback_relay as a way to offload re-delivery attempts of deferred mails when we send our weekly newsletter to 700K+ recipients. >From the docs at http://www.postfix.org/postconf.5.html#smtp_fallback_relay, here's how I understand this would work: 1)

"Standard" options when compiling Postfix from source?

Up to now, we've been running Postfix 2.3.3 that was installed on a number of CentOS 5.5 production servers with a simple "yum install postfix" We want to run an updated version, so I compiled 2.7.2 from source using the information at http://postfix.wl0.org/en/building-rpms/ When creating the po

RE: "Standard" options when compiling Postfix from source?

> -Original Message- > From: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] On Behalf Of Wietse Venema > Sent: Sunday, January 09, 2011 8:03 PM > Subject: Re: "Standard" options when compiling Postfix from source? > Postfix from postfix.org stores the compile-t

unknown tls_disable_workarounds value

I just built and installed Postfix 2.8-RC2 using "make upgrade" (upgraded from 2.3.3) and I'm getting the following warning in my maillog: postfix/smtpd[27208]: warning: unknown tls_disable_workarounds value "CVE-2010-4180" in "CVE-2005-2969 CVE-2010-4180" I'm able to make the error go away by ad

Re: Patch 2.8.0-RC[12]: was: unknown tls_disable_workarounds value

On Tue, Jan 18, 2011 at 12:34 PM, Victor Duchovni wrote: > Sorry, my mistake, when the OpenSSL team removes a work-around from > SSL_OP_ALL, we should not remove its name from the list of names Postfix > recognizes. It will do no harm. > > Please apply the following patch to 2.8.0-RC[12] or 2.9-20

Re: Patch 2.8.0-RC[12]: was: unknown tls_disable_workarounds value

On Tue, Jan 18, 2011 at 2:35 PM, Wietse Venema wrote: > > The patch applies without error here. Be sure not to corrupt the > file content with some word-wrapping program, or some DOS editor > that appends control-z. > >        Wieste Confirmed. I had initially copied and pasted it from my Gmail c

Re: Config check

On Fri, Jan 21, 2011 at 6:50 PM, Walter Pinto wrote: > CentOS 5.5 > > mail_version = 2.3.3 Hi Walter, I realize that 2.3.3 is the version of Postfix that is installed by the default CentOS repos, but as already recommended on this thread, you may want to consider the jump to a newer version. I

Multiple Milters Separator?

If we're using mutliple milters (with smtpd_milters), is it appropriate to separate them with: a space? smtpd_milters = inet:localhost:10035 inet:localhost:10036 a comma? smtpd_milters = inet:localhost:10035,inet:localhost:10036 a comma and a space? smtpd_milters = inet:localhost:10035, inet:loc

Re: limit/tune the smtp sender dameon for specific destination domains

On Sat, Jan 29, 2011 at 1:23 PM, mouss wrote: > Le 29/01/2011 22:19, David Touzeau a écrit : >> Dear >> >> I would like to tune postfix smtp sender according specific destination >> domains eg number of connexions, number of email per seconds, queue life >> time >> >> Is there any documentation on

Order of restrictions

After watching the recent thread about filtering restrictions, it's got me curious as to whether mine are optimal. I've recently added support for backscatterer checking in my restrictions, and I moved Stan's fqrdns.pcre check higher in my list per his suggestion in an earlier thread. Mine now look

Re: Order of restrictions

On Wed, Feb 2, 2011 at 11:09 AM, Ralf Hildebrandt wrote: >>         check_sender_access hash:/etc/postfix/check_backscatterer, >> >> The check_backscatterer file setup is as suggested on >> http://www.backscatterer.org/?target=usage, with the exception of >> "hash" instead of "dbm." > > Have you t

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

On Wed, Feb 2, 2011 at 2:33 PM, Stan Hoeppner wrote: > In the mean time, maybe give this a go.  1600+ expressions matching rDNS > patterns of many millions of broadband IPs worldwide that shouldn't be sending > direct SMTP.  Catches quite a bit that PBL/CBL/SORBS-DYNA/etc don't and with > less del

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

On Thu, Feb 3, 2011 at 1:44 AM, J4K wrote: > Its a good idea, but this would limit a user from using a server on his > residential ADSL from being an Email server, and force them to use their > ISPs relay.  Else they might have to upgrade to a business package or spend > more money for a static IP

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

On Fri, Feb 4, 2011 at 5:18 AM, J4K wrote: > I think there is a typo in the file: > > /^ip[12]?[0-9]{1,2}(-[12]?[0-9]{1,2}){3}\.adsl2?\.static\.versatel\.nl$/ > PREPEND X-GenericStaticHELO: (versatel.ml) > should read /ml/nl/ > /^ip[12]?[0-9]{1,2}(-[12]?[0-9]{1,2}){3}\.adsl2?\.static\.versatel\.nl

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

On Thu, Feb 3, 2011 at 7:48 PM, Stan Hoeppner wrote: >>> CentOS 5.5, their latest, ships with Postfix 2.3.3, which hasn't been >>> supported by Wietse for quite some time.  A new install of CentOS 5.5 >>> gives you an officially unsupported Postfix, thought I'm sure CentOS >>> will support it. >>>

Re: newbie question

On Fri, Feb 11, 2011 at 3:38 PM, Gergely Buday wrote: > Dear Postfix experts, > > I'm new to mailing servers and need advice. Is it reasonable for my > small company to use my own mail server? How much configuration is > needed for a secure setup on a CentOS box? The requirements are: I > have thr

Postfix "fatal" message with Amavis-new

I've recently installed Amavis-new with SpamAssassin and ClamAV on one of my boxes running Postfix 2.6.5. I'm now seeing this occasionally in the maillog: Feb 14 20:42:47 carbonfiber postfix/smtp[19516]: fatal: garbage after "]" in server description: [127.0.0.1] :10025 Feb 14 20:42:47 carbonfibe

Re: Postfix "fatal" message with Amavis-new

On Mon, Feb 14, 2011 at 9:01 PM, Victor Duchovni wrote: > On Mon, Feb 14, 2011 at 08:56:07PM -0800, Steve Jenkins wrote: > >> I'm now seeing this occasionally in the maillog: >> >> Feb 14 20:42:47 carbonfiber postfix/smtp[19516]: fatal: garbage after >> &q

Re: 2.8.0 smtpd killed while using TLS + SASL AUTH

On Tue, Feb 22, 2011 at 1:05 PM, Victor Duchovni wrote: > By the way, the OP should NOT be compiling an official release with > "-DSNAPSHOT". If a snapshot is desired, download a snapshot release. Googling "DSNAPSHOT" didn't answer the question for me, so please allow a non-programmer to ask what

Re: posfix rejected from google server

On Wed, Mar 2, 2011 at 10:44 PM, kapetr wrote: > So once again, I am not spamer! > I hate spam and spamers !! Being on a blacklist doesn't automatically make you a spammer, but it does mean something's wrong (possibly with your Postfix config... to keep things back on topic). Check here to see w

Re: Question on how to setup amavisd with dovecot

On Thu, Mar 3, 2011 at 7:33 AM, Islam, Towhid wrote: > I am trying to set up a mail system with postfix being the core (smtp) and > dovecot for imap/pop3 for end-user mail delivery/retrieval.  While I have > configured spam and virus scanning for my postfix based mail relay hosts, > I’m not sure h

Re: Kernel Oops

On Fri, Mar 4, 2011 at 8:01 AM, Denis Shulyaka wrote: > Thanks! I will try to do this and will update you with the result. When I read Denis' first post I thought "WHAT? Postfix on a WRT54G? He's crazy!" But now I'm rooting for you, Denis! I hope you get it working! :) SteveJ

Re: transport throttling issue

On Sat, Mar 5, 2011 at 12:04 PM, wrote: > Yes, I'll try. I hope that the upstream will accept it, they have a very low > (and weird) rate policy This thread was helpful for me, too, since I'm trying to make sure our Postfix settings are compliant with Yahoo!'s guidelines. Their Postmaster site

Re: Problems with postfix while sending emails

On Tue, Mar 15, 2011 at 12:23 PM, Murray S. Kucherawy wrote: >> -Original Message- >> From: owner-postfix-us...@postfix.org >> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Ralf Hildebrandt >> Sent: Tuesday, March 15, 2011 9:55 AM >> To: postfix-users@postfix.org >> Subject: Re:

Re: Problems with postfix while sending emails

On Tue, Mar 15, 2011 at 8:54 PM, Stan Hoeppner wrote: > Steve Jenkins put forth on 3/15/2011 1:34 PM: > >> and anyone not signing should consider it. > > "Anyone not using seat belts and turn signals should consider it". > > I can see a clear advantage to the la

Re: Postscreen + Postfix configuration

On Thu, Mar 17, 2011 at 10:59 AM, Victor Duchovni wrote: > On Wed, Mar 16, 2011 at 11:46:47PM -0500, Noel Jones wrote: > >>> if I configure postscreen to use DNSBL, may I remove the lines >>> for DNSBL checking on main.cf for postfix? I understand >>> enabling that on both postscr

Re: 1st post new to postfix and fixing a server crash!

On Mar 18, 2011, at 2:50 PM, lance raymond wrote: > What a way to welcome myself to the group! But with that, the mailserver > crashed (HD fail) and the backups from last night were in tact. Problem is > the old os was a RH9 (I know) system, built from source, etc. The new box is > staged (

Re: Milter question - three milters co-existance (dkim spamass clamav)

On Tue, Mar 22, 2011 at 9:34 AM, J4K wrote: > > Hi there, > >    I had two milters running on postfix: dkim-filter, spamass-milter. > Both of these worked fine. > I have added the clamav-milter to the config, but  I noticed that now > the spamass-milter does not 'seem' to do anything. > > System s

Re: Limit the number of forwarded emails

On Tue, Mar 22, 2011 at 5:45 AM, Brian Evans - Postfix List wrote: > On 3/22/2011 8:33 AM, Kenneth Holter wrote: >> Thanks for the quick reply. >> >> Your solution seems to be a very good one, but unfortunately that >> default_destination_rate_delay parameter is not available in the >> postfix ver

Re: Limit the number of forwarded emails

On Tue, Mar 22, 2011 at 11:50 AM, Brian Evans - Postfix List wrote: > It is rather obscure. To say the least. :) >The first blog post, which references 2.6, has a > link that also contains info for 2.8. For the sake of anyone looking through the archives, that link is: http://ftp.wl0.org/offic

Address Tagging in Postfix?

I've been reading through http://www.postfix.org/ADDRESS_REWRITING_README.html and Googling in an attempt to figure out how to allow "tagging" of email accounts for SPAM fighting purposes (mail to bob+any...@server.com gets delivered to b...@server.com), but haven't been able to figure it out. Can

Re: Address Tagging in Postfix?

On Tue, Mar 22, 2011 at 2:47 PM, Wietse Venema wrote: > Steve Jenkins: >> I've been reading through >> http://www.postfix.org/ADDRESS_REWRITING_README.html and Googling in >> an attempt to figure out how to allow "tagging" of email accounts for >&g

Re: Address Tagging in Postfix?

On Tue, Mar 22, 2011 at 4:08 PM, mouss wrote: > if you're not running mailing lists, then yes, '-' is ok. if the domain > has mailing-lists, then '-' is already in use Interesting. Could the '-' delimiter still work in this case, as long as the tagged address doesn't match an existing address use

Re: Address Tagging in Postfix?

On Tue, Mar 22, 2011 at 4:41 PM, Wietse Venema wrote: > Didn't I write that Postfix will attempt the unextended name first, > before trying the name without the text after $recipient_delimiter? I'm assuming you meant "extended name first" - otherwise I'm confused! :) Yes. I understand that with

Re: postfix performance

On Wed, Mar 23, 2011 at 3:22 PM, Victor Duchovni wrote: > All of this is overkill, but a local DNS resolver is a requirement. With high volume outbound mail, any advantage to having a local DNS resolver on the same machine as Postfix? We've got one that's provided by our colo provider, but it's n

Re: postfix performance

On Wed, Mar 23, 2011 at 5:09 PM, Joe wrote: > IMNSHO it's standard practice to run a dns server on the MX host. If you > don't want a full blown bind server, at least run some sort of caching dns > server; the difference in the lookup times has a big impact when you're > sending messages at a high

Re: postfix performance

On Thu, Mar 24, 2011 at 8:28 AM, Victor Duchovni wrote: > A LAN DNS server with a 2ms lookup delay is fine. Unbound, bind, ... > does not matter. Thanks for all the nudges in the right direction. We're now running Unbound on the same box as Postfix, getting cached responses in 0 msec from the Pos

Re: postfix performance

On Thu, Mar 24, 2011 at 10:34 AM, Victor Duchovni wrote: > If all you changed was adding a local DNS cache, unless your previous > cache was >100ms away, you'll not see much change. Actually, after doing some tests with dig on our colo provider's DNS servers we noticed that they were taking an av

Re: postfix performance

On Fri, Mar 25, 2011 at 5:20 AM, Stan Hoeppner wrote: > You simply need a caching resolver on an MX/outbound, not a zone server. >  A zone server is useless in this case. Yep - I know that now. :) > I use PowerDNS Recursor on my MX/outbound and never had a problem. > Under Debian it's a 3 minute

Postfix for Kids

I've set it up in /etc/postfix/virtual on my personal server so that when our kids get mail at theirn...@ourfamilydomain.com, both parents get a copy of the incoming message. Is there a simple was to configure Postfix so that I also get a copy of only selected users' (our kids in this case) outbou

Re: Postfix for Kids

On Sun, Mar 27, 2011 at 2:22 PM, Wietse Venema wrote: > See: http://www.postfix.org/postconf.5.html#sender_bcc_maps Perfect. Although, I can only seem to include one address as a valid sender bcc. The following doesn't work (parent 1 is a local UNIX account, parent 2 is a virtual alias): /etc/po

Postscreen + Logwatch = A bunch of unmatched entries

Ever since turning on Postscreen (which I love), my nightly LogWatch reports (running 7.3.6) have bunches of unmatched entries due to Postscreen. Anyone know if LogWatch 7.4.0 recognizes them, or how to configure it so that I get usable Postscreen stats? Thanks, SteveJ

Re: Postscreen + Logwatch = A bunch of unmatched entries

On Thu, Mar 31, 2011 at 12:29 PM, Steve Jenkins wrote: > Anyone know if LogWatch 7.4.0 recognizes them Well, I can answer my first question myself. I just installed it and can confirm that Logwatch 7.4.0 (released earlier this month) does NOT recognize Postscreen entries: **Unmatched Entr

Re: Performance or delivery problems caused by "sleep"?

On Friday, April 8, 2011, Stan Hoeppner wrote: > email builder put forth on 4/8/2011 10:14 PM: >> Hello, >> >> I'm thinking about trying the example suggested in the documentation for >> "sleep": >> >> >> /etc/postfix/main.cf: >> smtpd_client_restrictions = >>         sleep 1, reject_unauth_pipeli

Am I sending backscatter?

I saw this in my maillog just now: Apr 15 09:03:00 carbonfiber postfix/qmgr[28665]: 53D87104259C: from=, size=16858, nrcpt=1 (queue active) Apr 15 09:03:01 carbonfiber amavis[28076]: (28076-20) Blocked BAD-HEADER, [50.22.180.134] [50.22.180.134] -> , Message-ID: <3297072511617582...@ibu134.olepyk

Re: Am I sending backscatter?

On Fri, Apr 15, 2011 at 3:19 PM, Sahil Tandon wrote: > On Fri, 2011-04-15 at 09:50:16 -0700, Steve Jenkins wrote: > >> I saw this in my maillog just now: >> >> Apr 15 09:03:00 carbonfiber postfix/qmgr[28665]: 53D87104259C: >> from=, size=16858, nrcpt=1 (qu

FYI - Postfix 2.8.2 and CentOS 5.6

This isn't a Postfix issue, just an FYI for those running updated versions of Postfix on CentOS. I recently updated one of my CentOS 5.5 systems (which was running Postfix 2.8.2 compiled from source) to CentOS 5.6. The Postfix package appeared nowhere on the upgrade list, and my /etc/yum.conf has

Re: FYI - Postfix 2.8.2 and CentOS 5.6

On Mon, May 2, 2011 at 2:39 PM, Ned Slider wrote: > There was a (Red Hat/CentOS) security update to Postfix issued almost 3 > months after the upstream release of 5.6: > > https://rhn.redhat.com/errata/RHSA-2011-0422.html > > However, because CentOS were slow with the release of 5.6, the base upda

Re: FYI - Postfix 2.8.2 and CentOS 5.6

On Tue, May 3, 2011 at 2:48 AM, Nikolaos Milas wrote: > I only have an exclude for postfix* in yum.conf and all upgrades (with "yum > update") went without problems. My Postfix was not replaced by the > distribution's package. Ahhh... found the problem. I had excluded postfix-* instead of postfix

Re: fqrdns.regexp

On Tue, Jun 7, 2011 at 7:06 AM, Бак Микаел wrote: > Hi list, > Reading the archives I saw that there is a nice regexp with dynamic > hostnames available here: www.hardwarefreak.com/fqrdns.regexp > > Unfortunately this file seems to be unavailable at the moment for some > reason. > > Do you guys ha

Re: signing multiple domains with dkim

Easy instructions for signing for multiple domains AND setting up with Postfix here: http://stevejenkins.com/blog/2010/09/how-to-get-dkim-domainkeys-identified-mail-working-on-centos-5-5-and-postfix-using-opendkim/ On Mon, Jun 20, 2011 at 10:59 AM, Murray S. Kucherawy wrote: > OpenDKIM has ampl

Re: Fiddling with smtp_fallback_relay

On Wed, Jan 16, 2013 at 4:00 PM, Wietse Venema wrote: > The way smtp_fallback_relay is implemented, it adds each relay as > a low-priority MX host with a safety check: if the relay does not > resolve, then mail is not bounced. > Hey, Wietse. I appreciate the reply. Ok - as far as I can tell, th

Re: Fiddling with smtp_fallback_relay

On Wed, Jan 16, 2013 at 4:12 PM, Steve Jenkins wrote: > Should that not trigger handing the message over to the fallback relay for > subsequent attempts? > Hold on... maybe it IS handing it off, now that I look at it more closely. This is from mailer1: Jan 16 16:14:32 mailer1 postfix

Re: Fiddling with smtp_fallback_relay

On Wed, Jan 16, 2013 at 4:22 PM, Wietse Venema wrote: > With "smtp_skip_5xx_greeting = yes" by default, Postfix pretends > that the session failed due to a temporary error and tries the next > MX host (or fall-back relay). > > If the mail is still in the active queue then Postfix is still > tryin

Re: Fiddling with smtp_fallback_relay

On Wed, Jan 16, 2013 at 4:35 PM, Stan Hoeppner wrote: > Why not simply spread the newsletter load over both your outbounds to > begin with? > Until this week, we were using an OLD server to act as our fallback relay (graveyard) machine and nothing else, since we really couldn't lean on it that

Re: Fiddling with smtp_fallback_relay

On Wed, Jan 16, 2013 at 4:35 PM, Wietse Venema wrote: > You can twiddle with smtp_mx_mumble_limit, but why bother sending > from mailer1, when the mail is accepted only from mailer2? > I think mailer1 got blocked initially by AOL because my aol_destination_concurrency_limit, aol_destination_reci

Re: Fiddling with smtp_fallback_relay

On Wed, Jan 16, 2013 at 4:35 PM, Wietse Venema wrote: > You can twiddle with smtp_mx_mumble_limit FYI - Google returns NO results (nor does the search function on Postfix.org... since it's Google-powered) for "smtp_mx_mumble_limit." Any docs on that? SteveJ

Re: Fiddling with smtp_fallback_relay

On Wed, Jan 16, 2013 at 5:27 PM, Wietse Venema wrote: > mumble is a wild-card. > > grep smtp_mx_ in postconf output. > DOH! Roger that. :) Also, any way to use transport in some way on mailer1 to tell Postfix to use mailer2 for aol.com addresses? I could set that temporarily for the remainder o

Re: Fiddling with smtp_fallback_relay

On Wed, Jan 16, 2013 at 4:35 PM, Wietse Venema wrote: > You can twiddle with smtp_mx_mumble_limit, but why bother sending > from mailer1, when the mail is accepted only from mailer2? > For those who are learning along with me, since I didn't want to leave the smtp_mx_address_limit settings at t

Re: smtp_fallback_relay and greylists

On Thu, Jan 17, 2013 at 5:28 AM, Wietse Venema wrote: > host = computer (operating system on top of real or virtual hardware) > MTA = postfix > > The text in main.cf assumes that both non-fallback and fallback > MTA run on the same host and that they send mail from the same > source IP address. Y

Re: Fiddling with smtp_fallback_relay

On Thu, Jan 17, 2013 at 3:45 AM, Stan Hoeppner wrote: > I know you're not Steve. > No.. I AM Steve! ;)

Re: Balancing destination concurrency + rate delay

On Thu, Jan 17, 2013 at 1:03 PM, Wietse Venema wrote: > Steve Jenkins: > > yahoo_destination_concurrency_limit = 4 > > yahoo_destination_recipient_limit = 2 > > yahoo_destination_rate_delay = 1s > > As documented, rate_delay enforces a delay BETWEEN deliveries to

Re: Balancing destination concurrency + rate delay

On Fri, Jan 18, 2013 at 5:06 AM, Wietse Venema wrote: > As for what settings work better with high-volume receivers, I > suggest a search query for "aol postmaster", "yahoo postmaster" etc. > Agreed - but Yahoo is really the only one we're having issues with (even after complying with all their

Re: Balancing destination concurrency + rate delay

On Fri, Jan 18, 2013 at 11:36 AM, Viktor Dukhovni < postfix-us...@dukhovni.org> wrote: > Yes, they are willing to cripple SMTP and expect everyone to cope, > because they are too big to ignore. :-) > Sad, but true. > At that point you may not even need rate delays, just set a modest > concurren

Re: Postscreen status script, take two

On Sun, Feb 3, 2013 at 9:06 AM, Mike. wrote: > Version 1.4 of the pslogscan.sh script, incorporating the above fixes, > is available at: > http://archive.mgm51.com/sources/pslogscan.html Hey, Mike. It's a cool idea - and almost works on a CentOS 6 box, but I'm getting "ambiguous redirect" error

Re: Postscreen status script, take two

On Wed, Feb 6, 2013 at 9:41 AM, Steve Jenkins wrote: > Hey, Mike. It's a cool idea - and almost works on a CentOS 6 box, but I'm > getting "ambiguous redirect" errors in a couple of cases. When it's first > run (/tmp/pslogscan does not exist yet) I get: >

Re: Postfix stable release 2.10.0

On Tue, Feb 12, 2013 at 3:02 AM, Reindl Harald wrote: > and i changed some minutes ago the "fifo" to "unix" for "pickup" > and "qmgr", thank you for that! Will doing so on a standard system have any effect (positive or negative)? What is the default master.cf setting on a fresh 2.10 install for

Re: safe setup of smtpd_relay_restrictions and smtpd_recipient_restrictions

On Tue, Mar 19, 2013 at 4:30 PM, Matthew Hall wrote: > It seems like I keep seeing you on every crypto and security list! > Thanks for being there and assisting people so often. Based on the feedback from Viktor, I've made some similar changes in my 2.10 config. It's close to Matthew's, but di

Re: Postfix + OpenDKIM - milter reject, come back later

'm quite sure that there's some permission issue that I'm missing (yes, > selinux is disabled...) > You referenced SELinux, so I'll assume you're using RHEL or CentOS. If so, just follow these steps: http://www.stevejenkins.com/blog/2011/08/installing-opendkim-rpm-vi

Postfix TLS How-To Feedback Request

While I understand that some of the "hard core" on this list might be tempted to respond to this request with something like "Everyone should simply read all the documentation and understand everything about Postfix before they dare expose it to the world," but we all know that just doesn't happen.

Postcreen settings sanity check

I'm trying to come up with a set of suggested Postscreen main.cf settings that can be a suggested "general" starting place for most personal and small business users. Below is what I'm currently running on my personal box, and I would appreciate any "sanity check" feedback from the list. I only en

Re: Postcreen settings sanity check

On Mon, Jul 13, 2015 at 12:48 PM, Wietse Venema wrote: > I would not enable the "after 220 greeting" protocol tests, because > some senders that pass the tests will not retry (mail will never > be delivered), and some will retry from a different client IP address > (mail will be delayed). Whitel

Re: DKIM DNS record

On Wed, Aug 19, 2015 at 10:07 AM, Martin Skjöldebrand < mar...@skjoldebrand.eu> wrote: > > Following the tutorial here: > > http://arstechnica.com/business/2014/03/taking-e-mail-back-part-3-fortifying-your-box-against-spammers/ > > What would a DKIM DNS record look like for my server mail.skjoldeb

Re: Postfix 3.x for RedHat/CentOS 7.x

2015-09-05 11:07 GMT-07:00 Patrick Ben Koetter : > is there anyone who knows a download location of Postfix 3.x packages for > RedHat/CentOS 7.x? Hi, Patrick. It's painless to build from source on RHEL 7.x. I keep this RedHat/CentOS blog post updated for the latest Postfix versions: http://www.

Re: [Postfix-Users] Re: Postfix 3.x for RedHat/CentOS 7.x

On Sat, Sep 5, 2015 at 11:43 AM, John R. Dennison wrote: > Building from source on RHEL or respins is _never_ the correct answer. ...because ?

Re: [Postfix-Users] Re: Postfix 3.x for RedHat/CentOS 7.x

On Sat, Sep 5, 2015 at 5:59 PM, Viktor Dukhovni wrote: > On Sat, Sep 05, 2015 at 04:50:42PM -0700, Steve Jenkins wrote: > > > On Sat, Sep 5, 2015 at 11:43 AM, John R. Dennison > wrote: > > > > > Building from source on RHEL or respins is _never_ the corr

Re: OpenDKIM

On Fri, Nov 6, 2015 at 10:13 AM, John Allen wrote: > Is OpenDKIM worth while? > I use amavis and it says it signs and verifies DKIM so do need anything > else? > Disclaimer: as the OpenDKIM package maintainer for Fedora/EPEL, and a contributor to the upstream project, I'm a bit biased. :) I'm n

Re: OpenDKIM

KIM, DMARC configuration and validation is sending to a Gmail account and then viewing the raw message headers. -- *Steve Jenkins* *st...@stevejenkins.com * <http://www.stevejenkins.com/> <https://www.linkedin.com/in/sjjenkins> <https://twitter.com/sjjenkins/> <h

Re: OpenDKIM

On Sat, Nov 7, 2015 at 9:19 AM, wrote: > Some of my favs: > > https://en.internet.nl/ (if you're running Postscreen, it will fail the > TLS test as it doesn't wait for the STARTTLS offer) > http://www.mail-tester.com > https://ssl-tools.net > https://dane.sys4.de/ (thanks Victor!) > http://arp.si

Suggested fqrdns.pcre updates

ose discussions from experienced Postfix mail admins would be appreciated. Thanks, SteveJ *Steve Jenkins* *st...@stevejenkins.com * <http://t.sidekickopen28.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XX4S9MSCW3LPWyM3LjCtjVQZcFT56dvXWf7fnxkP02?t=http%3A%2F%2Fwww.stevejenkins.com%2F&si=4

Feedback on Postscreen Whitelist Article

dback from anyone on this list generous enough to offer it, so I can fix any mistakes or make the article better. Thanks, Steve *Steve Jenkins* *st...@stevejenkins.com * <http://t.sidekickopen29.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XX4S9MSCW3LPWyM3LjCtjVQZcFT56dvXWf7fnxkP02

Re: Feedback on Postscreen Whitelist Article

On Mon, Nov 23, 2015 at 1:03 PM, Noel Jones wrote: > > Maintaining a local postscreen whitelist of well-known providers is > largely obsolete. > > http://www.postfix.org/postconf.5.html#postscreen_dnsbl_whitelist_threshold > http://www.postfix.org/postconf.5.html#postscreen_dnsbl_sites > > a mini

  1   2   >