On Thu, Jul 18, 2024 at 08:20:04AM -0700, Kenneth Porter via Postfix-users
wrote:
> On 7/18/2024 7:53 AM, Wietse Venema via Postfix-users wrote:
> > - Disable the recipient_delimiter feature, and use PCRE tables for
> >domain-dependent email address rewriting and routing.
>
> PCRE sounds
On Wed, Jul 17, 2024 at 09:01:58PM -0700, Kenneth Porter via Postfix-users
wrote:
> I'm reading through this document and don't see recipient_delimiter
> mentioned. Where is it applied to the incoming addresses? (It's otherwise a
> great, detailed document. I just don't see this one feature
On Tue, Jul 16, 2024 at 11:59:55AM -0400, Scott Kitterman via Postfix-users
wrote:
> > Note, "undo" isn't quite what I'm suggesting, rather I hope Debian will
> > replace the hardcoded preëmpt of the Cyrus SASL configuration directory,
> > by a default value of $cyrus_sasl_config_path, that
On Sat, Jul 13, 2024 at 02:49:33AM +0200, John Fawcett via Postfix-users wrote:
> I know that I'm not impartial as a Postfix fan for many years, but in
> my opinion it's undeniable that the Postfix project (Wietse, you and
> other contributors) have placed an importance on documentation that is
>
On Fri, Jul 12, 2024 at 07:10:41PM +0200, Steffen Nurpmeso wrote:
> postfix-users@postfix.org wrote in
> :
> |On Fri, Jul 12, 2024 at 01:54:38AM +0200, Steffen Nurpmeso wrote:
> ...
> |No, there is no scenario in which no limit is better than an explicit
> |maximum.
> |
> |>|> Letting
On Sat, Jul 13, 2024 at 12:01:38AM +0200, John Fawcett via Postfix-users wrote:
> I checked https://www.postfix.org/postconf.5.html and I can see:
>
> smtpd_sasl_type (default: cyrus)
> The SASL plug-in type that the Postfix SMTP server should use for
> authentication. The available types
On Fri, Jul 12, 2024 at 10:00:39AM +0800, Jeff Pang via Postfix-users wrote:
> > But, another option, which I'd prefer whenever possible, is to route the
> > messages via a relay host that does have DNS.
> >
> > main.cf:
> > # Punt external mail to a relay that can do DNS
> >
On Fri, Jul 12, 2024 at 12:42:28AM +0200, John Fawcett via Postfix-users wrote:
> On 12/07/2024 00:14, John R. Levine via Postfix-users wrote:
> > Last month I asked for advice on limiting specific senders
> > to specific recipients, and Wietse offered this:
> >
> > /etc/postfix/main.cf:
> >
On Thu, Jul 11, 2024 at 05:53:04PM +0100, Adam Weremczuk via Postfix-users
wrote:
> I have a highly isolated host (e.g. most outgoing traffic blocked, no DNS)
> but I would like to use Postfix on that host to send certain emails to a
> single address exam...@example.com.
>
> I've already
On Fri, Jul 12, 2024 at 01:54:38AM +0200, Steffen Nurpmeso wrote:
> |> I have a problem in that I would like several senders to be able
> |> to send larger messages.
> |
> |You may as well advertise the largest supported size, it is better
> |better than advertising just "SIZE", because
On Thu, Jul 11, 2024 at 06:42:26AM +, Francis Augusto Medeiros-Logeay via
Postfix-users wrote:
> I was wondering - is it possible to bounce e-mails for non-existent
> addresses when using a catchall?
This question makes no sense. If you want to reject mail to (all or
most) addresses that
On Wed, Jul 10, 2024 at 07:44:05PM +0200, Steffen Nurpmeso via Postfix-users
wrote:
> Well, i do not know, .. but i have
>
> message_size_limit = 50
Wow, that's rather restrictive in age when disk capacities are starting
to be measured in 10s of terabytes, while the majority of mail
On Wed, Jul 10, 2024 at 11:06:06AM +0200, Fourhundred Thecat via Postfix-users
wrote:
> I sent an email with one "to" and one "cc", and in the logs, I see:
>
> host said: 452 4.5.3 Too many recipients
>
> but the next line says:
>
> Queued mail for delivery
>
>
> 2024-07-10 10:20:56
On Wed, Jul 10, 2024 at 10:29:37AM +0200, Fourhundred Thecat via Postfix-users
wrote:
> I sent an email with one to: and one cc:
> in the logs, I see
>
> host said: 452 4.5.3 Too many recipients
To get help, post the logs to this list (start again with the question
this time including the
On Tue, Jul 09, 2024 at 06:17:26PM +0100, Gilgongo wrote:
> > > My first thought was to start by firewalling off mail ports on the local
> > > machine to only allow processes owned by root or postfix.
> >
> > Why? Just inspect the messages they submit, SASL is not required.
>
> Apologies -
On Wed, Jul 10, 2024 at 12:19:08PM +1000, Gary R. Schmidt via Postfix-users
wrote:
> On 10/07/2024 10:33, Phil Biggs via Postfix-users wrote:
> > Wednesday, July 10, 2024, 8:59:57 AM, Jeff Pang via Postfix-users wrote:
> >
> > > Hello experts,
> >
> > > One of my customers in HK want to send
On Tue, Jul 09, 2024 at 12:54:38PM +0100, Gilgongo via Postfix-users wrote:
> I've set up our mail server (with some help from this list, for which much
> thanks) to scan sasl-auth senders for spam and viruses with Amavis.
I am puzzled as to why you are linking SASL with content inspection.
You
On Mon, Jul 08, 2024 at 10:44:46PM -0700, Simon Thorpe (PST) via Postfix-users
wrote:
> All emails to {alias}@mydomain.com sent onto any of a list of other
> domains, i.e. {alias}@domain1.com, {alias}@domain2.com, etc.
This lists a condition, but no action.
> If I can do this without code and
[ No need to "Cc:" me in replies, just reply to the list. It is
unfortunate that mailman moves my address from "From:" to "Reply-To:",
that's very much not my intent. ]
On Tue, Jul 09, 2024 at 11:50:40AM +1000, hkhk_exact10 wrote:
> > with much additional configuration needed for pam_ldap.
On Mon, Jul 08, 2024 at 08:34:57PM -0400, Robert Fuhrer via Postfix-users wrote:
> Hi John,
>
> I've already got that dovecot LDA config line in master.cf (it's how
> delivery for the one login user is set up), though without the "-f"
> flag. I guess the LDA is pulling the "from" address from the
On Mon, Jul 08, 2024 at 08:39:54AM +0200, Patrick Ben Koetter via Postfix-users
wrote:
> > I want to setup SMTP authentication in such a way that the user
> > should first be looked locally (/etc/passwd) and then in AD. Is it
> > possible to do so? I was able to configure AD auth via sasl
On Sun, Jul 07, 2024 at 06:02:00PM -0400, Robert Fuhrer via Postfix-users wrote:
> Oh, thanks; I should’ve realized I could just add another map to
> local_recipient_maps. D’oh!
You're conflating many rather distinct aspects of the delivery stack.
> My Dovecot setup uses MySQL to identify
On Sun, Jul 07, 2024 at 01:50:19PM +0200, John Fawcett via Postfix-users wrote:
> Ok, I had suspected that it might be a valid alternative. However, the
> reason I mentioned it was because my configuration without $ seems to be
> working fine:
>
> submission inet n - n - -
On Fri, Jul 05, 2024 at 08:45:49AM -0400, Scott Kitterman via Postfix-users
wrote:
> > Note, "undo" isn't quite what I'm suggesting, rather I hope Debian will
> > replace the hardcoded preëmpt of the Cyrus SASL configuration directory,
> > by a default value of $cyrus_sasl_config_path, that
On Fri, Jul 05, 2024 at 08:42:31AM +0100, Gilgongo via Postfix-users wrote:
> # For OpenDKIM signing
> 127.0.0.1:10027inetn-n--smtpd
> ... configs...
> -o smtpd_milters=inet:127.0.0.1:8891
>
> So I assume DKIM should come last. But the logs imply the
On Thu, Jul 04, 2024 at 05:01:41PM -, John Levine via Postfix-users wrote:
> OK, I'll invent a user. Perhaps if we can get Scott to undo the control file
> move he can add a sasl user at the same time.
Note, "undo" isn't quite what I'm suggesting, rather I hope Debian will
replace the
On Thu, Jun 27, 2024 at 08:32:08PM +0200, Gerd Hoerst via Postfix-users wrote:
> I had the setup with R3 running for years w/o problems but now i have also
> R11/12/13/14 as backup entries
I hope that also includes R10. It is simplest/best to force an
expedited renewal, then you'll get one of
On Wed, Jul 03, 2024 at 09:48:06PM -0400, John Levine via Postfix-users wrote:
> * Debian moved the sasl configuration file to a nonstandard place
> /etc/postfix/sasl/smtpd.conf
> Dunno how I would have figured that out if someone here hadn't told me.
This is unfortunate, and I rather hope that
On Wed, Jul 03, 2024 at 01:43:23PM +0200, Patrick Ben Koetter via Postfix-users
wrote:
> > If not, or, in any case, you might specify
> >
> > saslauthd_path: /var/run/saslauthd/mux
> >
> > in the "smtpd.conf" file, once it is in the correct (for Debian)
> > directory. Note that this
On Tue, Jul 02, 2024 at 11:24:53PM -0400, John Levine via Postfix-users wrote:
> >Have you posted "postconf -nf" and "postconf -Mf" output (with as-is
> >whitespace, including line-breaks)?
>
> I will, see below.
Thanks, generally best to do that early when delving into configuration
On Tue, Jul 02, 2024 at 05:15:28PM -0400, John R. Levine via Postfix-users
wrote:
> I've put a few dummy user entries in /etc/sasldb2 and set up the saslauthd
> service, which for now I'm running in debug mode. When I try sending a test
> query the daemon gets it and replies:
Have you posted
On Thu, Jun 27, 2024 at 02:13:25PM +0200, Gerd Hoerst via Postfix-users wrote:
> Thanx ! Works
Nope, sorry, you've rather failed to read and understand those docs.
> Am 27.06.24 um 13:29 schrieb Viktor Dukhovni via Postfix-users:
> > > BTW: where to get the cert from to generate
> BTW: where to get the cert from to generate the 2 1 1 enty for DNS ?
-
https://list.sys4.de/hyperkitty/list/dane-us...@list.sys4.de/message/ZTM3XQMI3XP7PWMWJTXBYDPVU4UENE24/
- https://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html
--
Viktor.
On Thu, Jun 27, 2024 at 10:45:09AM +, Gino Ferguson via Postfix-users wrote:
> I have two questions regarding multi instance management.
>
> 1. is there a way to batch migrate multi instances from serverA to
> serverB? We are planning to replace our servers and I'd spare as much
> manual
On Wed, Jun 26, 2024 at 04:29:53PM -0400, John Levine via Postfix-users wrote:
> I'm trying to set up a little POP toaster on debian that has a few
> addreses all in virtual domains.
>
> I'm using Cyrus SASL (no Dovecot allowed for reasons)
That's unfortunate, b/c often much simpler...
> and
On Wed, Jun 26, 2024 at 01:35:30PM +0200, Joachim Lindenberg via Postfix-users
wrote:
> I have done some testing via my own tool and published results on
> https://blog.lindenberg.one/EmailSecurityTest.
>
> Gmx and web.de do support SMTP-DANE (with bugs)
Can you provide a bit more detail on
On Wed, Jun 26, 2024 at 07:45:20PM +0800, Jeff Pang via Postfix-users wrote:
> Can you also add SecuMail.de into the list? Thanks victor.
The list of MX hosters is machine-generated by aggregating DNSSEC-signed
customer domains by their MX host domain. Only providers with 1000 or
more
On Wed, Jun 26, 2024 at 07:19:01PM +0800, Jeff Pang via Postfix-users wrote:
> May I ask if the main providers like gmail, outlook, yahoo, proton, gmx etc,
> have smtp-dane deployed?
- gmail: NO
- yahoo: NO
- outlook:
- outbound: YES
- inbound: Still in
On Wed, Jun 26, 2024 at 11:26:59AM +0200, Gerd Hoerst via Postfix-users wrote:
> I checked my domain with posttls-finger it brings some errors (I can
> only do it on the machine itself)
>
> posttls-finger: warning: DNSSEC validation may be unavailable
> posttls-finger: warning: reason:
On Tue, Jun 25, 2024 at 10:24:31AM +0200, Alexander Leidinger via Postfix-users
wrote:
> > how to deploy the following email security features?
> > RFC 7672 SMTP-DANE
>
> Outgoing:
> # validate DANE
> smtp_dns_support_level = dnssec
> smtp_tls_security_level = dane # or dane-only
>
On Sun, Jun 23, 2024 at 06:06:40PM +, Дилян Палаузов wrote:
> «sendmail -v myself@domain» however hangs.
Of course it does, it is waiting to read the message headers and body
from standard input as expected.
> until I press Ctrl+C. This is Postfix 3.4.13. On Postfix 2.11 the
> same
On Fri, Jun 21, 2024 at 07:54:40AM +0800, Jeff Peng via Postfix-users wrote:
> Hello
>
> for these options for submission in master.cf:
>
> submission inet n - y - - smtpd
> # -o syslog_name=postfix/submission
> # -o smtpd_tls_security_level=encrypt
> -o
On Thu, Jun 20, 2024 at 02:33:08PM +0200, Michael Grimm via Postfix-users wrote:
> > One could try some variant of /^X-Spam-Status: Yes, score=[5-9]/
>
> Please correct me if I am mistaken, but that won't catch scores >= 10?
Yes, but easily adapted.
> But I don't know how such a regex should
> On 19 Jun 2024, at 4:29 PM, Gilgongo via Postfix-users
> wrote:
>
> > The defaults for those settings, as far as postfix is concerned, are as
> > follows:
> >
> > smtpd_tls_auth_only = no
>
> Why? Surely, "yes" is the better choice...
>
> You need to set this to "yes" if you plan to have
On Tue, Jun 18, 2024 at 10:02:20PM -0500, Cody Millard via Postfix-users wrote:
> as for why I set these explicitly, I figured that more random bits means
> more secure.
>
> tls_random_bytes = 64
> tls_daemon_random_bytes = 64
No need to clutter the configuration with overzealous low-level
On Tue, Jun 18, 2024 at 04:15:33PM -0500, Cody Millard via Postfix-users wrote:
> The defaults for those settings, as far as postfix is concerned, are as
> follows:
>
> smtpd_tls_auth_only = no
Why? Surely, "yes" is the better choice...
> smtpd_tls_security_level =
Why empty? Surely "may" is
On Tue, Jun 18, 2024 at 03:20:46PM +0200, Benny Pedersen via Postfix-users
wrote:
> xpoint@tux ~ $ posttls-finger -w -lsecure -C "www.stovebolt.com:465"
> "www.stovebolt.com"
> posttls-finger: Connected to www.stovebolt.com[108.174.193.28]:465
> posttls-finger: server certificate verification
On Tue, Jun 18, 2024 at 01:04:25AM -0500, Paul Schmehl via Postfix-users wrote:
> >> posttls-finger: warning: TLS library problem: error:1408F10B:SSL
> >> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:
> >
> > Your port 465 "smtps" service is misconfigured, it is
On Mon, Jun 17, 2024 at 11:39:27PM -0500, Paul Schmehl via Postfix-users wrote:
> That might have uncovered a problem.
>
> # posttls-finger -w -lsecure -C "www.stovebolt.com:465" “www.stovebolt.com"
>
> posttls-finger: Connected to www.stovebolt.com[108.174.193.28]:465
> posttls-finger:
On Mon, Jun 17, 2024 at 09:54:01AM +0800, Jeff Peng via Postfix-users wrote:
> smtp_use_tls = yes
Obsolete, ignored when the preferred form below is specified.
> smtp_tls_security_level = may
Keep this one.
> smtpd_use_tls = yes
Obsolete, ignored when the preferred form below is specified.
On Sun, Jun 16, 2024 at 01:41:44PM -0400, John Levine via Postfix-users wrote:
> Turns out it's more complicated than I thought, they want a restricted
> sending address to be able to send only to particular recipients.
> Suggestions?
If the allowed recipients are the same for all restricted
On Sun, Jun 16, 2024 at 10:06:41AM -0400, Wietse Venema via Postfix-users wrote:
> John R. Levine via Postfix-users:
> > On Sat, 15 Jun 2024, Jeff Peng wrote:
> > > I think postscreen can block them easily.
> >
> > I'm looking at the postscreen man page and I don't see anything about mail
> >
On Sat, Jun 15, 2024 at 09:19:58AM -0400, Wietse Venema via Postfix-users wrote:
> > However, we would like our rootmail to respect our aliases file,
> > which tells root to go to a specific mail destination on a specific
> > box.
>
> Use virtual_alias_maps, as shown below.
The null-client
On Sat, Jun 15, 2024 at 07:06:43PM +0800, Jeff Peng via Postfix-users wrote:
> On 2024-06-15 18:14, John Levine via Postfix-users wrote:
> > People I'm working with have a short list of addresses from which they
> > don't want to accept mail at all, and they'd like to reject as early
> > as
On Sat, Jun 15, 2024 at 12:14:01PM +0200, John Levine via Postfix-users wrote:
> People I'm working with have a short list of addresses from which they
> don't want to accept mail at all, and they'd like to reject as early
> as possible without running it through anti-spam milters, ideally by
>
On Thu, Jun 13, 2024 at 08:51:38AM +0800, Jeff Peng via Postfix-users wrote:
> 8. have reject_unknown_client_hostname, reject_unknown_sender_domain options
> for smtpd_sender_restrictions.
You may find "reject_unknown_client_hostname" to be too "aggressive", in
which case
On Tue, Jun 11, 2024 at 10:18:17AM +0800, Jeff Peng via Postfix-users wrote:
> spf, dmarc have the policy to reject a message.
> My question is, why dkim has no choice for rejecting messages?
> for example, if dkim signature failed, where to instruct this message can be
> rejected?
Per the
On Tue, Jun 11, 2024 at 09:55:56AM +0800, Jeff Peng via Postfix-users wrote:
> Jun 11 01:52:16 tls-mail postfix/smtpd[67409]: warning:
> TLS library problem:error:1417A0C1:SSL routines:
> tls_post_process_client_hello:no shared cipher:
> ../ssl/statem/statem_srvr.c:2283:
> Jun 11 01:52:16
On Sat, Jun 08, 2024 at 07:12:01PM -0400, Wietse Venema via Postfix-users wrote:
> > |> Jun 7 23:41:16 outwall/smtpd[19222]: warning: run-time library \
> > |> vs. compile-time header version mismatch: OpenSSL 3.3.0 may not \
> > |> be compatible with OpenSSL 3.2.0
> > ...
> > |[.]
On Fri, Jun 07, 2024 at 11:31:04AM +0200, Daniel Hiepler via Postfix-users
wrote:
> TLSv1.0 and TLSv1.1 were deprecated long ago (e.g. RFC 8996) and some
> legislation suggest or even requires to disable them. Doesn't that
> ">=TLSv1" statement mean "TLS1.0 or higher?".
Yes, it allows TLS 1.0
On Fri, Jun 07, 2024 at 10:20:58AM +0200, Daniel Hiepler via Postfix-users
wrote:
> I'm trying to rule out a config error on my setup since Postfix is a
> beast and I'm no beastmaster :)
If you're willing to keep making progress, just give it time...
> When I enabled "reject_plaintext_session"
On Fri, Dec 08, 2023 at 02:00:56PM -0500, Viktor Dukhovni wrote:
> It now turns out that they will also be switching to new underlying
> intermediate CAs. So you'll a random choice of *new* issuers.
>
>
>
On Thu, Jun 06, 2024 at 10:40:20PM -0400, Wietse Venema via Postfix-users wrote:
> > It might be reasonable to infer "mydomain = $myhostname" when the latter
> > has two or fewer labels.
>
> There are top-level domains with more than 2 components.
Yes, but we could handle at least the obvious
On Thu, Jun 06, 2024 at 04:01:06PM -0400, Wietse Venema via Postfix-users wrote:
> GDS via Postfix-users:
> > Hello, I am seeing hundreds of lines like the one below in my mail.log from
> > this specific IP address, which belongs to Google.
> > Jun 5 19:09:32 arthemis postfix/error[86771]:
Original text:
--
For those that haven't heard. Proofpoint is retiring SORBS effective
immediately(ish).
Zones will be emptied shortly and within a few weeks the SORBS domain will be
parked on dedicated "decommissioning" servers.
I am being made redundant as part of the shutdown and my
On Mon, Jun 03, 2024 at 08:55:11PM +0800, Jeff P via Postfix-users wrote:
> I have closed sasl auth on port 25. but users still can use port 587
> for login with plain text. how can I force users to use submission
> via start-tls only? I know I can open port 465 for ssl connection.
> but for
On Sun, Jun 02, 2024 at 07:19:38AM +0800, Jeff P via Postfix-users wrote:
> I am using a subdomain xxx.eu.org for sending email.
> Though I have not set a dmarc for xxx.eu.org, but gmail says DMARC pass.
> So i checked that eu.org does have a DMARC record:
>
> _dmarc.eu.org.7200
On Fri, May 31, 2024 at 02:01:50PM +0200, Gerben Wierda via Postfix-users wrote:
> It sends: "PROXY TCP4 192.168.2.2 192.168.2.2 65535 587\r\nQUIT\r\n"
> It expects a response that matches regex ^220
Don't send "QUIT\r\n", just send the PROXY handshake and wait for 220,
and then drop the
On Fri, May 31, 2024 at 01:06:20PM +0200, Gerben Wierda via Postfix-users wrote:
> Hmm, I just noticed (all outgoing smtp was going to a backup server
> that works) that one of my postfix instances cannot send mail (smtp
> doesn't work, postscreen and smtpd work fine).
What *exactly* do you mean
On Fri, May 31, 2024 at 12:33:34AM +, Mailman29 via Postfix-users wrote:
> Yeah, so even changing the domain name on the server (Ubuntu) itself
> doesn't fix the issue. It must be ip based. Since the proxy and
> Postfix share an IP address, Postfix will always think it's looping
> back to
On Wed, May 29, 2024 at 08:40:50AM -0400, John Hill via Postfix-users wrote:
> On 5/29/24 8:31 AM, Benny Pedersen via Postfix-users wrote:
> > Viktor Dukhovni via Postfix-users skrev den 2024-05-29 14:07:
> >
> > > Perhaps a bit of luck? For me, the XBL only catches arou
On Wed, May 29, 2024 at 07:26:10AM -0400, John Hill via Postfix-users wrote:
> > > The wrapper-mode TLS "smtps" rejects are naturally after the TLS
> > > handshake.
> > >
> >
> > 465 inet n - n - - smtpd
> > -o smtpd_delay_reject=no
> >
On Tue, May 28, 2024 at 10:03:05PM -0400, John Hill via Postfix-users wrote:
> Mail all works but I still can't block these SASL attempt.
To block SASL authentication attempts (rather than mail transactions),
you need to do the RBL check in "smtpd_client_restrictions", and have
On Wed, May 29, 2024 at 11:58:31AM +1000, Viktor Dukhovni via Postfix-users
wrote:
> You might in fact want to reject XBL IPs early, before they even
> attempt authentication. So I have:
>
> 465inet n - n - - smtpd
> -o smt
On Tue, May 28, 2024 at 09:32:29PM -0400, John Hill via Postfix-users wrote:
> On 5/28/24 9:23 PM, Viktor Dukhovni via Postfix-users wrote:
> >-o { smtpd_recipient_restrictions =
> > reject_rbl_client zen.spamhaus.org=127.0.0.4,
> > reject_
On Tue, May 28, 2024 at 08:18:06PM -0400, John Hill via Postfix-users wrote:
> -o
> smtpd_recipient_restrictions=permit_sasl_authenticated,reject_rbl_client=zen.spamhaus,org=127.0.0.4,reject
>
> > I added and = after reject_rbl_client=
That's wrong, in multiple ways.
0. The RBL check
On Sun, May 26, 2024 at 08:22:53PM -0500, Greg Sims via Postfix-users wrote:
> May 26 00:35:57 mail01.raystedman.org postfix/t124/smtp[39065]:
> 0A7D630F1C7C:
> to==cecytebc.edu...@devotion.raystedman.org>,
> relay=aspmx.l.google.com[142.251.2.26]:25,
> delay=0.52, delays=0/0/0.21/0.31,
On Thu, May 23, 2024 at 05:48:29PM -0400, Wietse Venema via Postfix-users wrote:
> Greg Sims via Postfix-users:
> > We see conn_use about 24% of the time:
>
> But none of the sessions shown in your message have that.
>
> Do they also have multiple-of-5-second type 'c' delays?
Indeed those
On Wed, May 22, 2024 at 11:27:15PM -0500, Scott Techlist via Postfix-users
wrote:
> >All of these entries are using the LOGIN mech. Unless you have an
> >extremely old outlook express MUA (or similar) you xan and should be
> >using the PLAIN mech. You can eliminate all of the above attacks by
On Wed, May 22, 2024 at 12:19:03PM -0500, Greg Sims wrote:
> [root@mail01 postfix]# postconf -nf
> maximal_backoff_time = 16m
> minimal_backoff_time = 2m
> queue_run_delay = 2m
FWIW (not related to your immediate issue) I would not recommend such a
short maximal backoff, you're
On Wed, May 22, 2024 at 08:15:41AM -0500, Greg Sims via Postfix-users wrote:
> I am having problems with "collate". I greped a 10 minute portion of
> our mail.log which created a 6.8M file. I ran "collate" on this file
> and collected the output -- a 796M file. I looked at the file and it
>
On Wed, May 22, 2024 at 05:35:25AM -0500, Greg Sims wrote:
> Thank you again for your feedback on this issue.
You're welcome, but I don't see anything in your reply that responds
directly to my requests for more detailed configuration and log data.
> I watched the workload in real time this
On Tue, May 21, 2024 at 08:31:51AM -0500, Greg Sims wrote:
> Changes:
> * certs back to defaults
> * smtp_tls_loglevel = 1
Better. Now it is time to post a more detailed transcript of a single
message (the sender and recipient addresses can be obfuscated if you
wish, the recipient domain
On Tue, May 21, 2024 at 06:51:08AM -0500, Greg Sims via Postfix-users wrote:
> Our main.cf contains:
> smtpd_tls_cert_file =
> smtpd_tls_key_file =
> smtpd_tls_security_level = none
There's no point in configuring SMTP server certificates when TLS is
disabled in the SMTP
On Tue, May 21, 2024 at 08:33:58AM +0100, Adam Weremczuk via Postfix-users
wrote:
> When I email "bugzi...@mydomain.com" from another account I get "Recipient
> address rejected: User unknown in local recipient table".
If you want this to not happen, see:
On Mon, May 13, 2024 at 11:56:30AM +0200, Peter Uetrecht via Postfix-users
wrote:
> I have a working multi-instance setup with Postfix version 3.8.4 What
> surprises me is that “recipient_canonical” works for some recipients
> but not for all. It seems that "recipient_canonical" works for
>
On Sat, May 11, 2024 at 11:55:14PM -0400, Jason Hirsh via Postfix-users wrote:
> I have they error message
>
> postfix/smtps/smtpd[39559]: warning: TLS library problem:
> error:14094416:SSL routines:ssl3_read_bytes:
> sslv3 alert certificate unknown:
>
On Sun, May 12, 2024 at 03:59:27AM +0200, Steffen Nurpmeso via Postfix-users
wrote:
> Well here i am indeed back again, to announce
>
> v0.6.1, 2024-05-12:
> - Adds the algorithm big_ed-sha256 which effectively is RFC 8463
> (aka ed25519-sha256), but performs three digest operations
On Sun, Apr 28, 2024 at 05:31:21PM -0700, Peter via Postfix-users wrote:
> The ideal end goal would be to use the same general set of controls as
> v4, but to start off I would like to use a more permissive/less
> restrictive set of controls, and initially only enable v6 for
> receiving (as
On Sat, May 11, 2024 at 11:11:30AM +0200, Benny Pedersen via Postfix-users
wrote:
> > I am running Postfix/Dovecot/MySQL mail server. It was doing ok
> > until I tried to improve it., I
>
> maybe just reboot ? :)
Unlikely to help. Just restarting dovecot would be about the most
that's
On Fri, May 10, 2024 at 01:13:06PM -0400, Wietse Venema via Postfix-users wrote:
> > Logs:
> > grep relay=nlp[123456].*status=sent /var/log/maillog | sed
> > 's/.*relay=//' | sed 's/,.*//' | sort | uniq -c
This fails to deduplicate multi-recipient deliveries, which record
the same relay= for
On Fri, May 10, 2024 at 08:47:26PM -0400, Jason Hirsh via Postfix-users wrote:
> I am running Postfix/Dovecot/MySQL mail server. It was doing ok
> until I tried to improve it.
Reverting back to the "unimproved" prior state may be the best course of
action.
> May 10 20:11:27 triggerfish
On Fri, May 10, 2024 at 09:47:31PM -0400, Alex via Postfix-users wrote:
> Hi, I'm using postfix-3.7.9 multi-instance on fedora38 and can't figure out
> why always_bcc and recipient_bcc_maps aren't working on the outbound
> instance.
>
> 127.0.0.1:10025 inet n- n - 16
On Tue, May 07, 2024 at 10:07:15AM +0200, Denis Krienbühl via Postfix-users
wrote:
> Ultimately, I ended up with the following rule, but I have a problem with it
> (or any other that I've found):
>
> /^\s*Received:[^\n]+(.*)/ REPLACE Received: from
> [127.0.0.1]
On Mon, May 06, 2024 at 11:37:54AM +0200, Дилян Палаузов via Postfix-users
wrote:
> My reading is that a domain in virtual_alias_domains can be mentioned
> neither in virtual_mailbox_domains nor as mydestination domain.
Correct, note however, that *all* recipients are subject to virtual(5)
On Sun, Apr 28, 2024 at 07:15:38PM -0700, Doug Hardie wrote:
> > I suppose, but sending bare LF in SMTP is definitely wrong, so he needs to
> > fix that first.
>
> Well, the header lines are properly terminated by CRLF. However, the
> text lines are whatever I get from postfix. Generally that
On Fri, Apr 26, 2024 at 07:21:24AM +0200, Tobi via Postfix-users wrote:
> Or would it be possible to use a sender_dependent_relayhost_maps and
> define just the transport ex smtps: (without nexthop) in there so
> postfix would use that transport (to be defined in master.cf) and the
> normal MX of
On Wed, Apr 24, 2024 at 07:23:00PM +0200, Kim Sindalsen via Postfix-users wrote:
> > Regardless, as things stand, the default Fedora 39 nsswitch.conf
> > makes Postfix restrictions much too fragile, and needs to be
> > avoided.
>
> files dns is standard on my installation (Gentoo Linux/OpenRC)
On Wed, Apr 24, 2024 at 07:43:35AM +0200, Reto via Postfix-users wrote:
> On Mon, Apr 22, 2024 at 03:50:34PM GMT, Viktor Dukhovni via Postfix-users
> wrote:
> > and this (specifically, !UNAVAIL=return) turns soft DNS failures into
> > hard errors.
> >
> > The so
On Wed, Apr 24, 2024 at 01:01:46AM -, John Levine via Postfix-users wrote:
> >I must be interpreting this wrong because it appears postfix is not
> >accepting that. Here is the complete process. A message arrives at
> >my MTA addressed to a specific address. Postfix delivers that
>
1 - 100 of 634 matches
Mail list logo