On Fri, Jul 12, 2024 at 10:00:39AM +0800, Jeff Pang via Postfix-users wrote:
> > But, another option, which I'd prefer whenever possible, is to route the
> > messages via a relay host that does have DNS.
> >
> > main.cf:
> > # Punt external mail to a relay that can do DNS
> >
On Fri, Jul 12, 2024 at 12:42:28AM +0200, John Fawcett via Postfix-users wrote:
> On 12/07/2024 00:14, John R. Levine via Postfix-users wrote:
> > Last month I asked for advice on limiting specific senders
> > to specific recipients, and Wietse offered this:
> >
> > /etc/postfix/main.cf:
> >
On Thu, Jul 11, 2024 at 05:53:04PM +0100, Adam Weremczuk via Postfix-users
wrote:
> I have a highly isolated host (e.g. most outgoing traffic blocked, no DNS)
> but I would like to use Postfix on that host to send certain emails to a
> single address exam...@example.com.
>
> I've already allowed
On Fri, Jul 12, 2024 at 01:54:38AM +0200, Steffen Nurpmeso wrote:
> |> I have a problem in that I would like several senders to be able
> |> to send larger messages.
> |
> |You may as well advertise the largest supported size, it is better
> |better than advertising just "SIZE", because clien
On Thu, Jul 11, 2024 at 06:42:26AM +, Francis Augusto Medeiros-Logeay via
Postfix-users wrote:
> I was wondering - is it possible to bounce e-mails for non-existent
> addresses when using a catchall?
This question makes no sense. If you want to reject mail to (all or
most) addresses that do
On Wed, Jul 10, 2024 at 07:44:05PM +0200, Steffen Nurpmeso via Postfix-users
wrote:
> Well, i do not know, .. but i have
>
> message_size_limit = 50
Wow, that's rather restrictive in age when disk capacities are starting
to be measured in 10s of terabytes, while the majority of mail serve
On Wed, Jul 10, 2024 at 11:06:06AM +0200, Fourhundred Thecat via Postfix-users
wrote:
> I sent an email with one "to" and one "cc", and in the logs, I see:
>
> host said: 452 4.5.3 Too many recipients
>
> but the next line says:
>
> Queued mail for delivery
>
>
> 2024-07-10 10:20:56 pos
On Wed, Jul 10, 2024 at 10:29:37AM +0200, Fourhundred Thecat via Postfix-users
wrote:
> I sent an email with one to: and one cc:
> in the logs, I see
>
> host said: 452 4.5.3 Too many recipients
To get help, post the logs to this list (start again with the question
this time including the log
On Tue, Jul 09, 2024 at 06:17:26PM +0100, Gilgongo wrote:
> > > My first thought was to start by firewalling off mail ports on the local
> > > machine to only allow processes owned by root or postfix.
> >
> > Why? Just inspect the messages they submit, SASL is not required.
>
> Apologies - perha
On Wed, Jul 10, 2024 at 12:19:08PM +1000, Gary R. Schmidt via Postfix-users
wrote:
> On 10/07/2024 10:33, Phil Biggs via Postfix-users wrote:
> > Wednesday, July 10, 2024, 8:59:57 AM, Jeff Pang via Postfix-users wrote:
> >
> > > Hello experts,
> >
> > > One of my customers in HK want to send b
On Tue, Jul 09, 2024 at 12:54:38PM +0100, Gilgongo via Postfix-users wrote:
> I've set up our mail server (with some help from this list, for which much
> thanks) to scan sasl-auth senders for spam and viruses with Amavis.
I am puzzled as to why you are linking SASL with content inspection.
You c
On Mon, Jul 08, 2024 at 10:44:46PM -0700, Simon Thorpe (PST) via Postfix-users
wrote:
> All emails to {alias}@mydomain.com sent onto any of a list of other
> domains, i.e. {alias}@domain1.com, {alias}@domain2.com, etc.
This lists a condition, but no action.
> If I can do this without code and p
[ No need to "Cc:" me in replies, just reply to the list. It is
unfortunate that mailman moves my address from "From:" to "Reply-To:",
that's very much not my intent. ]
On Tue, Jul 09, 2024 at 11:50:40AM +1000, hkhk_exact10 wrote:
> > with much additional configuration needed for pam_ldap.
>
On Mon, Jul 08, 2024 at 08:34:57PM -0400, Robert Fuhrer via Postfix-users wrote:
> Hi John,
>
> I've already got that dovecot LDA config line in master.cf (it's how
> delivery for the one login user is set up), though without the "-f"
> flag. I guess the LDA is pulling the "from" address from the
On Mon, Jul 08, 2024 at 08:39:54AM +0200, Patrick Ben Koetter via Postfix-users
wrote:
> > I want to setup SMTP authentication in such a way that the user
> > should first be looked locally (/etc/passwd) and then in AD. Is it
> > possible to do so? I was able to configure AD auth via sasl (cyrus)
On Sun, Jul 07, 2024 at 06:02:00PM -0400, Robert Fuhrer via Postfix-users wrote:
> Oh, thanks; I should’ve realized I could just add another map to
> local_recipient_maps. D’oh!
You're conflating many rather distinct aspects of the delivery stack.
> My Dovecot setup uses MySQL to identify users
On Sun, Jul 07, 2024 at 01:50:19PM +0200, John Fawcett via Postfix-users wrote:
> Ok, I had suspected that it might be a valid alternative. However, the
> reason I mentioned it was because my configuration without $ seems to be
> working fine:
>
> submission inet n - n - -
On Fri, Jul 05, 2024 at 08:45:49AM -0400, Scott Kitterman via Postfix-users
wrote:
> > Note, "undo" isn't quite what I'm suggesting, rather I hope Debian will
> > replace the hardcoded preëmpt of the Cyrus SASL configuration directory,
> > by a default value of $cyrus_sasl_config_path, that match
On Fri, Jul 05, 2024 at 08:42:31AM +0100, Gilgongo via Postfix-users wrote:
> # For OpenDKIM signing
> 127.0.0.1:10027inetn-n--smtpd
> ... configs...
> -o smtpd_milters=inet:127.0.0.1:8891
>
> So I assume DKIM should come last. But the logs imply the spam/v
On Thu, Jul 04, 2024 at 05:01:41PM -, John Levine via Postfix-users wrote:
> OK, I'll invent a user. Perhaps if we can get Scott to undo the control file
> move he can add a sasl user at the same time.
Note, "undo" isn't quite what I'm suggesting, rather I hope Debian will
replace the hardco
On Thu, Jun 27, 2024 at 08:32:08PM +0200, Gerd Hoerst via Postfix-users wrote:
> I had the setup with R3 running for years w/o problems but now i have also
> R11/12/13/14 as backup entries
I hope that also includes R10. It is simplest/best to force an
expedited renewal, then you'll get one of t
On Wed, Jul 03, 2024 at 09:48:06PM -0400, John Levine via Postfix-users wrote:
> * Debian moved the sasl configuration file to a nonstandard place
> /etc/postfix/sasl/smtpd.conf
> Dunno how I would have figured that out if someone here hadn't told me.
This is unfortunate, and I rather hope that S
On Wed, Jul 03, 2024 at 01:43:23PM +0200, Patrick Ben Koetter via Postfix-users
wrote:
> > If not, or, in any case, you might specify
> >
> > saslauthd_path: /var/run/saslauthd/mux
> >
> > in the "smtpd.conf" file, once it is in the correct (for Debian)
> > directory. Note that this settin
On Tue, Jul 02, 2024 at 11:24:53PM -0400, John Levine via Postfix-users wrote:
> >Have you posted "postconf -nf" and "postconf -Mf" output (with as-is
> >whitespace, including line-breaks)?
>
> I will, see below.
Thanks, generally best to do that early when delving into configuration
conundrums.
On Tue, Jul 02, 2024 at 05:15:28PM -0400, John R. Levine via Postfix-users
wrote:
> I've put a few dummy user entries in /etc/sasldb2 and set up the saslauthd
> service, which for now I'm running in debug mode. When I try sending a test
> query the daemon gets it and replies:
Have you posted "p
On Thu, Jun 27, 2024 at 02:13:25PM +0200, Gerd Hoerst via Postfix-users wrote:
> Thanx ! Works
Nope, sorry, you've rather failed to read and understand those docs.
> Am 27.06.24 um 13:29 schrieb Viktor Dukhovni via Postfix-users:
> > > BTW: where to get the cert from to gen
> BTW: where to get the cert from to generate the 2 1 1 enty for DNS ?
-
https://list.sys4.de/hyperkitty/list/dane-us...@list.sys4.de/message/ZTM3XQMI3XP7PWMWJTXBYDPVU4UENE24/
- https://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html
--
Viktor.
On Thu, Jun 27, 2024 at 10:45:09AM +, Gino Ferguson via Postfix-users wrote:
> I have two questions regarding multi instance management.
>
> 1. is there a way to batch migrate multi instances from serverA to
> serverB? We are planning to replace our servers and I'd spare as much
> manual work
On Wed, Jun 26, 2024 at 04:29:53PM -0400, John Levine via Postfix-users wrote:
> I'm trying to set up a little POP toaster on debian that has a few
> addreses all in virtual domains.
>
> I'm using Cyrus SASL (no Dovecot allowed for reasons)
That's unfortunate, b/c often much simpler...
> and to
On Wed, Jun 26, 2024 at 01:35:30PM +0200, Joachim Lindenberg via Postfix-users
wrote:
> I have done some testing via my own tool and published results on
> https://blog.lindenberg.one/EmailSecurityTest.
>
> Gmx and web.de do support SMTP-DANE (with bugs)
Can you provide a bit more detail on the
On Wed, Jun 26, 2024 at 07:45:20PM +0800, Jeff Pang via Postfix-users wrote:
> Can you also add SecuMail.de into the list? Thanks victor.
The list of MX hosters is machine-generated by aggregating DNSSEC-signed
customer domains by their MX host domain. Only providers with 1000 or
more DNSSEC-sig
On Wed, Jun 26, 2024 at 07:19:01PM +0800, Jeff Pang via Postfix-users wrote:
> May I ask if the main providers like gmail, outlook, yahoo, proton, gmx etc,
> have smtp-dane deployed?
- gmail: NO
- yahoo: NO
- outlook:
- outbound: YES
- inbound: Still in development/pil
On Wed, Jun 26, 2024 at 11:26:59AM +0200, Gerd Hoerst via Postfix-users wrote:
> I checked my domain with posttls-finger it brings some errors (I can
> only do it on the machine itself)
>
> posttls-finger: warning: DNSSEC validation may be unavailable
> posttls-finger: warning: reason: dnssec_pro
On Tue, Jun 25, 2024 at 10:24:31AM +0200, Alexander Leidinger via Postfix-users
wrote:
> > how to deploy the following email security features?
> > RFC 7672 SMTP-DANE
>
> Outgoing:
> # validate DANE
> smtp_dns_support_level = dnssec
> smtp_tls_security_level = dane # or dane-only
> (https
On Sun, Jun 23, 2024 at 06:06:40PM +, Дилян Палаузов wrote:
> «sendmail -v myself@domain» however hangs.
Of course it does, it is waiting to read the message headers and body
from standard input as expected.
> until I press Ctrl+C. This is Postfix 3.4.13. On Postfix 2.11 the
> same command
On Fri, Jun 21, 2024 at 07:54:40AM +0800, Jeff Peng via Postfix-users wrote:
> Hello
>
> for these options for submission in master.cf:
>
> submission inet n - y - - smtpd
> # -o syslog_name=postfix/submission
> # -o smtpd_tls_security_level=encrypt
> -o smtpd_sa
On Thu, Jun 20, 2024 at 02:33:08PM +0200, Michael Grimm via Postfix-users wrote:
> > One could try some variant of /^X-Spam-Status: Yes, score=[5-9]/
>
> Please correct me if I am mistaken, but that won't catch scores >= 10?
Yes, but easily adapted.
> But I don't know how such a regex should be
> On 19 Jun 2024, at 4:29 PM, Gilgongo via Postfix-users
> wrote:
>
> > The defaults for those settings, as far as postfix is concerned, are as
> > follows:
> >
> > smtpd_tls_auth_only = no
>
> Why? Surely, "yes" is the better choice...
>
> You need to set this to "yes" if you plan to have ac
On Tue, Jun 18, 2024 at 10:02:20PM -0500, Cody Millard via Postfix-users wrote:
> as for why I set these explicitly, I figured that more random bits means
> more secure.
>
> tls_random_bytes = 64
> tls_daemon_random_bytes = 64
No need to clutter the configuration with overzealous low-level
setti
On Tue, Jun 18, 2024 at 04:15:33PM -0500, Cody Millard via Postfix-users wrote:
> The defaults for those settings, as far as postfix is concerned, are as
> follows:
>
> smtpd_tls_auth_only = no
Why? Surely, "yes" is the better choice...
> smtpd_tls_security_level =
Why empty? Surely "may" is
On Tue, Jun 18, 2024 at 03:20:46PM +0200, Benny Pedersen via Postfix-users
wrote:
> xpoint@tux ~ $ posttls-finger -w -lsecure -C "www.stovebolt.com:465"
> "www.stovebolt.com"
> posttls-finger: Connected to www.stovebolt.com[108.174.193.28]:465
> posttls-finger: server certificate verification fa
On Tue, Jun 18, 2024 at 01:04:25AM -0500, Paul Schmehl via Postfix-users wrote:
> >> posttls-finger: warning: TLS library problem: error:1408F10B:SSL
> >> routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:
> >
> > Your port 465 "smtps" service is misconfigured, it is mis
On Mon, Jun 17, 2024 at 11:39:27PM -0500, Paul Schmehl via Postfix-users wrote:
> That might have uncovered a problem.
>
> # posttls-finger -w -lsecure -C "www.stovebolt.com:465" “www.stovebolt.com"
>
> posttls-finger: Connected to www.stovebolt.com[108.174.193.28]:465
> posttls-finger: SSL_conn
On Mon, Jun 17, 2024 at 09:54:01AM +0800, Jeff Peng via Postfix-users wrote:
> smtp_use_tls = yes
Obsolete, ignored when the preferred form below is specified.
> smtp_tls_security_level = may
Keep this one.
> smtpd_use_tls = yes
Obsolete, ignored when the preferred form below is specified.
>
On Sun, Jun 16, 2024 at 01:41:44PM -0400, John Levine via Postfix-users wrote:
> Turns out it's more complicated than I thought, they want a restricted
> sending address to be able to send only to particular recipients.
> Suggestions?
If the allowed recipients are the same for all restricted send
On Sun, Jun 16, 2024 at 10:06:41AM -0400, Wietse Venema via Postfix-users wrote:
> John R. Levine via Postfix-users:
> > On Sat, 15 Jun 2024, Jeff Peng wrote:
> > > I think postscreen can block them easily.
> >
> > I'm looking at the postscreen man page and I don't see anything about mail
> > add
On Sat, Jun 15, 2024 at 09:19:58AM -0400, Wietse Venema via Postfix-users wrote:
> > However, we would like our rootmail to respect our aliases file,
> > which tells root to go to a specific mail destination on a specific
> > box.
>
> Use virtual_alias_maps, as shown below.
The null-client overv
On Sat, Jun 15, 2024 at 07:06:43PM +0800, Jeff Peng via Postfix-users wrote:
> On 2024-06-15 18:14, John Levine via Postfix-users wrote:
> > People I'm working with have a short list of addresses from which they
> > don't want to accept mail at all, and they'd like to reject as early
> > as possibl
On Sat, Jun 15, 2024 at 12:14:01PM +0200, John Levine via Postfix-users wrote:
> People I'm working with have a short list of addresses from which they
> don't want to accept mail at all, and they'd like to reject as early
> as possible without running it through anti-spam milters, ideally by
> re
On Thu, Jun 13, 2024 at 08:51:38AM +0800, Jeff Peng via Postfix-users wrote:
> 8. have reject_unknown_client_hostname, reject_unknown_sender_domain options
> for smtpd_sender_restrictions.
You may find "reject_unknown_client_hostname" to be too "aggressive", in
which case "reject_unknown_reverse_
On Tue, Jun 11, 2024 at 10:18:17AM +0800, Jeff Peng via Postfix-users wrote:
> spf, dmarc have the policy to reject a message.
> My question is, why dkim has no choice for rejecting messages?
> for example, if dkim signature failed, where to instruct this message can be
> rejected?
Per the specif
On Tue, Jun 11, 2024 at 09:55:56AM +0800, Jeff Peng via Postfix-users wrote:
> Jun 11 01:52:16 tls-mail postfix/smtpd[67409]: warning:
> TLS library problem:error:1417A0C1:SSL routines:
> tls_post_process_client_hello:no shared cipher:
> ../ssl/statem/statem_srvr.c:2283:
> Jun 11 01:52:16 tls-mail
On Sat, Jun 08, 2024 at 07:12:01PM -0400, Wietse Venema via Postfix-users wrote:
> > |> Jun 7 23:41:16 outwall/smtpd[19222]: warning: run-time library \
> > |> vs. compile-time header version mismatch: OpenSSL 3.3.0 may not \
> > |> be compatible with OpenSSL 3.2.0
> > ...
> > |[.] Ope
On Fri, Jun 07, 2024 at 11:31:04AM +0200, Daniel Hiepler via Postfix-users
wrote:
> TLSv1.0 and TLSv1.1 were deprecated long ago (e.g. RFC 8996) and some
> legislation suggest or even requires to disable them. Doesn't that
> ">=TLSv1" statement mean "TLS1.0 or higher?".
Yes, it allows TLS 1.0 a
On Fri, Jun 07, 2024 at 10:20:58AM +0200, Daniel Hiepler via Postfix-users
wrote:
> I'm trying to rule out a config error on my setup since Postfix is a
> beast and I'm no beastmaster :)
If you're willing to keep making progress, just give it time...
> When I enabled "reject_plaintext_session"
On Fri, Dec 08, 2023 at 02:00:56PM -0500, Viktor Dukhovni wrote:
> It now turns out that they will also be switching to new underlying
> intermediate CAs. So you'll a random choice of *new* issuers.
>
>
> https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/L7XoAXt_s1c/m/k_vdk9rQ
On Thu, Jun 06, 2024 at 10:40:20PM -0400, Wietse Venema via Postfix-users wrote:
> > It might be reasonable to infer "mydomain = $myhostname" when the latter
> > has two or fewer labels.
>
> There are top-level domains with more than 2 components.
Yes, but we could handle at least the obvious ca
On Thu, Jun 06, 2024 at 04:01:06PM -0400, Wietse Venema via Postfix-users wrote:
> GDS via Postfix-users:
> > Hello, I am seeing hundreds of lines like the one below in my mail.log from
> > this specific IP address, which belongs to Google.
> > Jun 5 19:09:32 arthemis postfix/error[86771]: 5D9D1
Original text:
--
For those that haven't heard. Proofpoint is retiring SORBS effective
immediately(ish).
Zones will be emptied shortly and within a few weeks the SORBS domain will be
parked on dedicated "decommissioning" servers.
I am being made redundant as part of the shutdown and my la
On Mon, Jun 03, 2024 at 08:55:11PM +0800, Jeff P via Postfix-users wrote:
> I have closed sasl auth on port 25. but users still can use port 587
> for login with plain text. how can I force users to use submission
> via start-tls only? I know I can open port 465 for ssl connection.
> but for hi
On Sun, Jun 02, 2024 at 07:19:38AM +0800, Jeff P via Postfix-users wrote:
> I am using a subdomain xxx.eu.org for sending email.
> Though I have not set a dmarc for xxx.eu.org, but gmail says DMARC pass.
> So i checked that eu.org does have a DMARC record:
>
> _dmarc.eu.org.7200
On Fri, May 31, 2024 at 02:01:50PM +0200, Gerben Wierda via Postfix-users wrote:
> It sends: "PROXY TCP4 192.168.2.2 192.168.2.2 65535 587\r\nQUIT\r\n"
> It expects a response that matches regex ^220
Don't send "QUIT\r\n", just send the PROXY handshake and wait for 220,
and then drop the connecti
On Fri, May 31, 2024 at 01:06:20PM +0200, Gerben Wierda via Postfix-users wrote:
> Hmm, I just noticed (all outgoing smtp was going to a backup server
> that works) that one of my postfix instances cannot send mail (smtp
> doesn't work, postscreen and smtpd work fine).
What *exactly* do you mean
On Fri, May 31, 2024 at 12:33:34AM +, Mailman29 via Postfix-users wrote:
> Yeah, so even changing the domain name on the server (Ubuntu) itself
> doesn't fix the issue. It must be ip based. Since the proxy and
> Postfix share an IP address, Postfix will always think it's looping
> back to itse
On Wed, May 29, 2024 at 08:40:50AM -0400, John Hill via Postfix-users wrote:
> On 5/29/24 8:31 AM, Benny Pedersen via Postfix-users wrote:
> > Viktor Dukhovni via Postfix-users skrev den 2024-05-29 14:07:
> >
> > > Perhaps a bit of luck? For me, the XBL only catches arou
On Wed, May 29, 2024 at 07:26:10AM -0400, John Hill via Postfix-users wrote:
> > > The wrapper-mode TLS "smtps" rejects are naturally after the TLS
> > > handshake.
> > >
> >
> > 465 inet n - n - - smtpd
> > -o smtpd_delay_reject=no
> > -o
On Tue, May 28, 2024 at 10:03:05PM -0400, John Hill via Postfix-users wrote:
> Mail all works but I still can't block these SASL attempt.
To block SASL authentication attempts (rather than mail transactions),
you need to do the RBL check in "smtpd_client_restrictions", and have
"smtpd_delay_rejec
On Wed, May 29, 2024 at 11:58:31AM +1000, Viktor Dukhovni via Postfix-users
wrote:
> You might in fact want to reject XBL IPs early, before they even
> attempt authentication. So I have:
>
> 465inet n - n - - smtpd
> -o smtpd_
On Tue, May 28, 2024 at 09:32:29PM -0400, John Hill via Postfix-users wrote:
> On 5/28/24 9:23 PM, Viktor Dukhovni via Postfix-users wrote:
> >-o { smtpd_recipient_restrictions =
> > reject_rbl_client zen.spamhaus.org=127.0.0.4,
> > reject_
On Tue, May 28, 2024 at 08:18:06PM -0400, John Hill via Postfix-users wrote:
> -o
> smtpd_recipient_restrictions=permit_sasl_authenticated,reject_rbl_client=zen.spamhaus,org=127.0.0.4,reject
>
> > I added and = after reject_rbl_client=
That's wrong, in multiple ways.
0. The RBL check shou
On Sun, May 26, 2024 at 08:22:53PM -0500, Greg Sims via Postfix-users wrote:
> May 26 00:35:57 mail01.raystedman.org postfix/t124/smtp[39065]:
> 0A7D630F1C7C:
> to==cecytebc.edu...@devotion.raystedman.org>,
> relay=aspmx.l.google.com[142.251.2.26]:25,
> delay=0.52, delays=0/0/0.21/0.31, dsn=5.7.2
On Thu, May 23, 2024 at 05:48:29PM -0400, Wietse Venema via Postfix-users wrote:
> Greg Sims via Postfix-users:
> > We see conn_use about 24% of the time:
>
> But none of the sessions shown in your message have that.
>
> Do they also have multiple-of-5-second type 'c' delays?
Indeed those multi
On Wed, May 22, 2024 at 11:27:15PM -0500, Scott Techlist via Postfix-users
wrote:
> >All of these entries are using the LOGIN mech. Unless you have an
> >extremely old outlook express MUA (or similar) you xan and should be
> >using the PLAIN mech. You can eliminate all of the above attacks by
>
On Wed, May 22, 2024 at 12:19:03PM -0500, Greg Sims wrote:
> [root@mail01 postfix]# postconf -nf
> maximal_backoff_time = 16m
> minimal_backoff_time = 2m
> queue_run_delay = 2m
FWIW (not related to your immediate issue) I would not recommend such a
short maximal backoff, you're potentiall
On Wed, May 22, 2024 at 08:15:41AM -0500, Greg Sims via Postfix-users wrote:
> I am having problems with "collate". I greped a 10 minute portion of
> our mail.log which created a 6.8M file. I ran "collate" on this file
> and collected the output -- a 796M file. I looked at the file and it
> seem
On Wed, May 22, 2024 at 05:35:25AM -0500, Greg Sims wrote:
> Thank you again for your feedback on this issue.
You're welcome, but I don't see anything in your reply that responds
directly to my requests for more detailed configuration and log data.
> I watched the workload in real time this morn
On Tue, May 21, 2024 at 08:31:51AM -0500, Greg Sims wrote:
> Changes:
> * certs back to defaults
> * smtp_tls_loglevel = 1
Better. Now it is time to post a more detailed transcript of a single
message (the sender and recipient addresses can be obfuscated if you
wish, the recipient domain wou
On Tue, May 21, 2024 at 06:51:08AM -0500, Greg Sims via Postfix-users wrote:
> Our main.cf contains:
> smtpd_tls_cert_file =
> smtpd_tls_key_file =
> smtpd_tls_security_level = none
There's no point in configuring SMTP server certificates when TLS is
disabled in the SMTP serv
On Tue, May 21, 2024 at 08:33:58AM +0100, Adam Weremczuk via Postfix-users
wrote:
> When I email "bugzi...@mydomain.com" from another account I get "Recipient
> address rejected: User unknown in local recipient table".
If you want this to not happen, see:
https://www.postfix.org/postconf.5.
On Mon, May 13, 2024 at 11:56:30AM +0200, Peter Uetrecht via Postfix-users
wrote:
> I have a working multi-instance setup with Postfix version 3.8.4 What
> surprises me is that “recipient_canonical” works for some recipients
> but not for all. It seems that "recipient_canonical" works for
> orig
On Sat, May 11, 2024 at 11:55:14PM -0400, Jason Hirsh via Postfix-users wrote:
> I have they error message
>
> postfix/smtps/smtpd[39559]: warning: TLS library problem:
> error:14094416:SSL routines:ssl3_read_bytes:
> sslv3 alert certificate unknown:
> /usr/src/crypto/openssl/ssl/record/rec_layer
On Sun, May 12, 2024 at 03:59:27AM +0200, Steffen Nurpmeso via Postfix-users
wrote:
> Well here i am indeed back again, to announce
>
> v0.6.1, 2024-05-12:
> - Adds the algorithm big_ed-sha256 which effectively is RFC 8463
> (aka ed25519-sha256), but performs three digest operations
On Sun, Apr 28, 2024 at 05:31:21PM -0700, Peter via Postfix-users wrote:
> The ideal end goal would be to use the same general set of controls as
> v4, but to start off I would like to use a more permissive/less
> restrictive set of controls, and initially only enable v6 for
> receiving (as that's
On Sat, May 11, 2024 at 11:11:30AM +0200, Benny Pedersen via Postfix-users
wrote:
> > I am running Postfix/Dovecot/MySQL mail server. It was doing ok
> > until I tried to improve it., I
>
> maybe just reboot ? :)
Unlikely to help. Just restarting dovecot would be about the most
that's needed
On Fri, May 10, 2024 at 01:13:06PM -0400, Wietse Venema via Postfix-users wrote:
> > Logs:
> > grep relay=nlp[123456].*status=sent /var/log/maillog | sed
> > 's/.*relay=//' | sed 's/,.*//' | sort | uniq -c
This fails to deduplicate multi-recipient deliveries, which record
the same relay= for each
On Fri, May 10, 2024 at 08:47:26PM -0400, Jason Hirsh via Postfix-users wrote:
> I am running Postfix/Dovecot/MySQL mail server. It was doing ok
> until I tried to improve it.
Reverting back to the "unimproved" prior state may be the best course of
action.
> May 10 20:11:27 triggerfish postfix
On Fri, May 10, 2024 at 09:47:31PM -0400, Alex via Postfix-users wrote:
> Hi, I'm using postfix-3.7.9 multi-instance on fedora38 and can't figure out
> why always_bcc and recipient_bcc_maps aren't working on the outbound
> instance.
>
> 127.0.0.1:10025 inet n- n - 16smtp
On Tue, May 07, 2024 at 10:07:15AM +0200, Denis Krienbühl via Postfix-users
wrote:
> Ultimately, I ended up with the following rule, but I have a problem with it
> (or any other that I've found):
>
> /^\s*Received:[^\n]+(.*)/ REPLACE Received: from
> [127.0.0.1] (localhost
On Mon, May 06, 2024 at 11:37:54AM +0200, Дилян Палаузов via Postfix-users
wrote:
> My reading is that a domain in virtual_alias_domains can be mentioned
> neither in virtual_mailbox_domains nor as mydestination domain.
Correct, note however, that *all* recipients are subject to virtual(5)
alias
On Sun, Apr 28, 2024 at 07:15:38PM -0700, Doug Hardie wrote:
> > I suppose, but sending bare LF in SMTP is definitely wrong, so he needs to
> > fix that first.
>
> Well, the header lines are properly terminated by CRLF. However, the
> text lines are whatever I get from postfix. Generally that is
On Fri, Apr 26, 2024 at 07:21:24AM +0200, Tobi via Postfix-users wrote:
> Or would it be possible to use a sender_dependent_relayhost_maps and
> define just the transport ex smtps: (without nexthop) in there so
> postfix would use that transport (to be defined in master.cf) and the
> normal MX of
On Wed, Apr 24, 2024 at 07:23:00PM +0200, Kim Sindalsen via Postfix-users wrote:
> > Regardless, as things stand, the default Fedora 39 nsswitch.conf
> > makes Postfix restrictions much too fragile, and needs to be
> > avoided.
>
> files dns is standard on my installation (Gentoo Linux/OpenRC)
C
On Wed, Apr 24, 2024 at 07:43:35AM +0200, Reto via Postfix-users wrote:
> On Mon, Apr 22, 2024 at 03:50:34PM GMT, Viktor Dukhovni via Postfix-users
> wrote:
> > and this (specifically, !UNAVAIL=return) turns soft DNS failures into
> > hard errors.
> >
> > The so
On Wed, Apr 24, 2024 at 01:01:46AM -, John Levine via Postfix-users wrote:
> >I must be interpreting this wrong because it appears postfix is not
> >accepting that. Here is the complete process. A message arrives at
> >my MTA addressed to a specific address. Postfix delivers that
> >message
On Tue, Apr 23, 2024 at 11:46:22AM -0700, Doug Hardie via Postfix-users wrote:
> > RFC 3676 addresses this.
>
> That was an amazing and helpful response. RFC 2045 showed exactly
> what caused the problem. When the message was delivered to a file,
> the CRLFs were replaced by \n. An = followed
The isi.edu DNS nameservers were apparently being DoSed today, and
reverse and forward lookups (from my MX host) were failing. I was
however surprised to then see:
postfix/smtpd[2530673]: NOQUEUE: reject: RCPT from unknown[128.9.29.254]:
550 5.7.1 Client host rejected: cannot find you
On Mon, Apr 22, 2024 at 12:21:01AM -0400, 785 243 via Postfix-users wrote:
> Recently i'm seeing a few messages deferred with status=deferred
> (bounce or trace service failure)
>
> instead of status=deferred (host .. said: 450 ...)
>
> from the logs:
>
> postfix/smtp[272605]: warning: unexpect
On Sat, Apr 13, 2024 at 11:14:34AM -0400, Dan Mahoney wrote:
> >>> virtual_alias_maps = static:allmail@$mydomain
> >>> default_transport = virtual
> >>> virtual_mailbox_maps = static:/var/spool/virtual/allmail/
> >>> virtual_uid_maps = static:12345
> >>> virtual_gid_maps = static:12345
>
On Wed, Apr 10, 2024 at 11:39:24PM -0400, Dan Mahoney via Postfix-users wrote:
> > On Apr 2, 2024, at 10:52, Viktor Dukhovni via Postfix-users
> > wrote:
> >
> > On Tue, Apr 02, 2024 at 04:14:29AM -0400, Dan Mahoney via Postfix-users
> > wrote:
> >> Hey
On Wed, Apr 03, 2024 at 09:23:26AM +0300, Levente Birta via Postfix-users wrote:
> > The other possibility, is that the client never tried TLS 1.3, and was
> > implemented by a clueless keyboard-monkey, who decided to always send
> > the fallback SCSV even though there was no fallback. That's sad
101 - 200 of 728 matches
Mail list logo