[pfx] Re: Postfix documentation pitfalls. virtual_alias_maps and main.cf macros

On Mon, May 08, 2023 at 11:00:55AM +1000, Sean Gallagher via Postfix-users wrote: > check_rcpt_maps() in smtpd_check.c first looks for the recipient in > rcpt_canon_mapsand virt_alias_maps, that's the class-less part. Then it > classifies the recipient domain and checks the relevant recipient

[pfx] Re: Postfix documentation pitfalls. virtual_alias_maps and main.cf macros

On Mon, May 08, 2023 at 09:55:28AM +1000, Sean Gallagher via Postfix-users wrote: > Q: how would an entry in virtual_alias_maps like > localpart@$virtual_alias_domains localpart@$virtual_alias_domains be > handled? > A: It would stay in $virtual_alias_domains and be handed to >

[pfx] Postfix vs. RedHat/Fedora crypto policies

On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users wrote: > If your system is a RHEL or recent Fedora or similar system, or perhaps > by now other distributions have joined the club, then you'll to find the > relevant crypto policy file and dial it down a bit (

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Fri, May 05, 2023 at 08:28:48PM -0400, Viktor Dukhovni via Postfix-users wrote: > You should of course also share > (https://www.postfix.org/DEBUG_README.html#mail) > > $ postconf -nf > $ postconf -Mf > > without any changes in whitespace, including li

[pfx] Re: TLS Library Problem? (SSL_accept error from ...)

On Fri, May 05, 2023 at 06:55:23PM -0500, E R via Postfix-users wrote: > postfix/smtpd[1234567]: SSL_accept error from xxx.xxx.xxx[yyy.yyy.yyy.yyy]: -1 > postfix/smtpd[1234567]: warning: TLS library problem: > error:0398:digital envelope routines::invalid >

[pfx] Re: inet_interfaces documentation

On Fri, May 05, 2023 at 02:34:53PM +1000, Sean Gallagher via Postfix-users wrote: > That makes sense, and is exactly what I would expect, but it still needs > to be documented. > > But it does raise another question in my mind. Many places in the > documentation state that the "Local" domain

[pfx] Re: inet_interfaces documentation

On Fri, May 05, 2023 at 01:57:19PM +1000, Sean Gallagher via Postfix-users wrote: > > This is rarely what you want. I'd be inclined to require that the > > "inet_interfaces" parameter be non-empty (though it could still be > > effectively empty as a list by setting it to be a mixture of spaces

[pfx] Re: inet_interfaces documentation

On Fri, May 05, 2023 at 02:08:29PM +1200, Peter via Postfix-users wrote: > On 5/05/23 11:33, Wietse Venema via Postfix-users wrote: > > An empty inet_interfaces means that there is no constraint for the > > SMTP client source IP address. I am adding some text for that. > > I think the question

[pfx] Re: inet_interfaces documentation

On Fri, May 05, 2023 at 07:01:03AM +1000, Sean Gallagher via Postfix-users wrote: > Specify "all" to receive mail on all network interfaces (default), > "loopback-only" to receive mail on loopback network interfaces only > (Postfix version 2.2 and later) or leave blank to disable the reception

[pfx] Re: Question on the CNAME

On Thu, May 04, 2023 at 01:02:14AM +, Ken Peng via Postfix-users wrote: > I am just not sure, for this domain SpaceMail.com, who has a CNAME to > CDN for the root domain, every query to this domain will get a CNAME. > for instance, > > $ dig spacemail.com mx +nocmd +noall +answer >

[pfx] Re: inet_interfaces documentation

On Wed, May 03, 2023 at 12:48:28PM -0400, Wietse Venema via Postfix-users wrote: > I updated the inet_interfaces documentation anmd clarified its > relationship with smtp_bind*_address and system-chosen source IP > addresses. > > Wietse > >When smtp_bind_address and/or

[pfx] Re: relocated: Allow custom message

On Wed, May 03, 2023 at 02:53:06PM +0200, Paul Menzel via Postfix-users wrote: > Some of our users, that relocate, ask for a custom message over the > current one: > > user has moved to new_location > > For example: > > This address is out of service. For business please contact >

[pfx] THREAD CLOSED: (was: Contradicting Postfix documentation)

On Wed, May 03, 2023 at 02:57:34PM +1000, Sean Gallagher via Postfix-users wrote: > Documentation can always be improved but there is nothing wrong with the > program itself in this respect. We can close this thread. The OP's membership in the list has been terminated for uncivil behaviour.

[pfx] Re: Contradicting Postfix documentation

On Wed, May 03, 2023 at 04:57:57AM +0200, Kolusion K via Postfix-users wrote: > Its not naive, its a fact- Postfix is broken. The inet_interfaces > parameter is described in the documentation as making Postfix use only > the interfaces listed for the parameter. In reality, Postfix ignores > the

[pfx] Re: inbound failures only from outbound.protection.outlook.com. Cert issue in this log?

On Tue, May 02, 2023 at 07:03:55PM -0400, PGNet Dev via Postfix-users wrote: > > Also look into other possibilities, the DST Root issue is a bit of a > > longshot. If you can get an account on Outlook.com, send mail and > > see if it bounces with usable diagnostics in the bounce. > > I changed

[pfx] Re: Future Date:

On Tue, May 02, 2023 at 05:47:03PM +0200, Benny Pedersen via Postfix-users wrote: > Matus UHLAR - fantomas via Postfix-users skrev den 2023-05-02 15:28: > > > perhaps you would want to set up spam filter? > > spamassassin has check for date in future and also many other for > > spammy signs. >

[pfx] Re: inbound failures only from outbound.protection.outlook.com. Cert issue in this log?

On Tue, May 02, 2023 at 11:54:00AM -0400, PGNet Dev wrote: > > The DST root, that issued the ISRG X1 cross cert. > > https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ > > yikes. missed that by a mile! > > >>From my renewal.conf file: > > > > [renewalparams] > >

[pfx] Re: Fw: Re: Re: Contradicting Postfix documentation

On Tue, May 02, 2023 at 04:45:13PM +0200, Kolusion K via Postfix-users wrote: > Hang on a second... my Postfix is using a network interface that is > not the one set with the inet_interfaces parameter. So, my experience > is true- the inet_interfaces parameter has no effect. No, it has exactly

[pfx] Re: inbound failures only from outbound.protection.outlook.com. Cert issue in this log?

On Tue, May 02, 2023 at 11:09:59AM -0400, PGNet Dev wrote: > what root CA expiry are you referring to? The DST root, that issued the ISRG X1 cross cert. > > The "ISRG Root X1" CA no longer needs a cross cert. > > it seems that LE still provides them, > >

[pfx] Re: Postfix is not using a specified interface

On Tue, May 02, 2023 at 11:18:26AM +0200, Kolusion K via Postfix-users wrote: > I have specified Postfix to use a certain interface in 'main.cf': > > inet_interfaces = 192.168.2.2 > > http://www.postfix.org/postconf.5.html#inet_interfaces > > The problem is, Postfix is not using this

[pfx] Re: inbound failures only from outbound.protection.outlook.com. Cert issue in this log?

On Tue, May 02, 2023 at 09:54:48AM -0400, Viktor Dukhovni via Postfix-users wrote: > What are some domains your server accepts mail for? Do you perhaps > publish DANE TLSA records and have botched certificate rotation? See if dropping the DST cross cert from your certificate chain wil

[pfx] Re: inbound failures only from outbound.protection.outlook.com. Cert issue in this log?

On Tue, May 02, 2023 at 09:41:50AM -0400, PGNet Dev via Postfix-users wrote: > a server that i don't have shell access to atm has, today, started > seeing undelivered mail from only one domain -- > *outbound.protection.outlook.com. apparently, everything else inbound > is flowing. and, i'm

[pfx] Re: Future Date:

On Mon, May 01, 2023 at 03:41:37PM -0400, Jon LaBadie via Postfix-users wrote: > I've been getting a lot of spam with Date: headers > containing future dates, typically 1 year. > > I don't find any header checks that would look for > this type of message. Have I over looked it? > > In the

[pfx] Re: tls_high_cipherlist parameter

On Mon, May 01, 2023 at 11:01:56AM +0200, Bernardo Reino via Postfix-users wrote: > > Sadly, the documentation lacks specificness, and the output spit out about > > 500 lines, so I am not sure what I am suppose to be looking at. > > postconf -d will print all the (default) settings, you can

[pfx] Re: Painful Postfix

On Mon, May 01, 2023 at 04:46:20AM +0200, Michael Grimm via Postfix-users wrote: > > When I open a raw socket to the remote server on port 25 using > > telnet, I am able to connect and see the server announce itself […] > > Then, do continue to provide all essential *FURTHER* commands via >

[pfx] Re: Painful Postfix

On Sun, Apr 30, 2023 at 06:06:48PM -0500, Matthew McGehrin via Postfix-users wrote: > You can try adding to your main.conf: > > tcp_windowsize=65535 > > See also: > > https://www.postfix.org/postconf.5.html > > That can help fixing broken window sizes because of a firewall. This won't help.

[pfx] Re: Deny any sender address with subdomain

On Sun, Apr 30, 2023 at 01:33:13AM +0100, Allen Coates via Postfix-users wrote: > Any ideas on the opposite - i.e. WITHOUT a domain? > > I sometimes receive messages from "u...@co.uk"... With eTLD (effective TLD) domains that have neither address nor MX records the

[pfx] Re: Painful Postfix

On Sun, Apr 30, 2023 at 03:26:24PM +1000, Sean Gallagher via Postfix-users wrote: > from smtp.c: debug_peer_check(request->nexthop, "noaddr"); That is not the only check: src/smtp/smtp.c:debug_peer_check(request->nexthop, "noaddr"); src/smtp/smtp_session.c:

[pfx] Re: Painful Postfix

On Sun, Apr 30, 2023 at 07:11:45AM +0200, Kolusion K wrote: > - Does the word "list" suggest any possibilities? > > Please shut the fuck up with your arrogance. Act like a normal person, > otherwise, don't talk to me at all. Best to accept help graciously, in all the ways it is offered. > The

[pfx] Re: Painful Postfix

On Sun, Apr 30, 2023 at 06:41:06AM +0200, Kolusion K wrote: > Apr 30 14:32:16 generalpurpose postfix/smtp[2299]: > 78D1D80AD7: to=, relay=none, > delay=414074, delays=413981/0.19/93/0, dsn=4.4.1, > status=deferred (connect to mxw.mxhichina.com[47.246.99.195]:25: > Connection timed out)  

[pfx] Re: Painful Postfix

On Sat, Apr 29, 2023 at 12:40:46PM +0200, Kolusion K via Postfix-users wrote: > I am trying to send an e-mail, but the receving e-mail server is > timing out, as per Postfix's mail log file. 1. Per post (this time in plain text rather than HTML

[pfx] Re: Deny any sender address with subdomain

On Fri, Apr 28, 2023 at 06:38:04PM +0200, Jaroslaw Rafa via Postfix-users wrote: > Also take into account that many countries use two-level domain registration > scheme ... In Japan, 3rd-level public suffixes are quite common, taking the form: ...jp. For example: hospital.hekinan.aichi.jp.

[pfx] Re: forwarding questions

On Fri, Apr 28, 2023 at 08:32:29AM +0800, Tom Reed via Postfix-users wrote: > I have a local real mailbox: u...@foo.com. When I setup this alias > map in virtual_alias_maps file: > > u...@foo.com u...@gmail.com > > (then postmap this file). The message sent to u...@foo.com won't > reach

[pfx] Re: Postfix server is sending non-delivery notifications with a blank "from" address

On Thu, Apr 27, 2023 at 02:15:38PM -0300, Rejaine Monteiro wrote: > I know that bounces are necessary.. > but addresses like "noreply" are usually automation robots and do not > receive responses and can generate double bounces.. Responses may not be read (or, in particular, *replied-to*), but

[pfx] Re: Postfix server is sending non-delivery notifications with a blank "from" address

On Thu, Apr 27, 2023 at 11:13:13AM -0300, Rejaine Monteiro via Postfix-users wrote: > I have a Postfix 3.4.13 that sends non-delivery notifications with a blank > "from" address, like so: > > postfix/bounce[3337994]: 536301634D8: sender non-delivery notification: > 421CF1634EB >

[pfx] Re: Sender address rejected, but domain is found?

On Tue, Apr 25, 2023 at 08:43:26PM +0200, Gerald Galster via Postfix-users wrote: > >; Delegation NS > >eurobank-direktna.rs. IN NS ns1.eurobank.rs. ; AD=0 > >eurobank-direktna.rs. IN NS ns2.eurobank.rs. ; AD=0 > >eurobank-direktna.rs. IN NS ns3.eurobank.rs. ; AD=0 > > > >;

[pfx] Re: Postfix Amavis (Virus Checker) PHPList workaround

On Mon, Apr 24, 2023 at 02:23:54PM -0400, Wayne Spivak via Postfix-users wrote: > My PHPList (broadcast only) goes through port 587, and since it sits on the > server, it doesn't need authentication (I'm the only user). How does it send mail, a separate message per recipient, or one message with

[pfx] Re: Sender address rejected, but domain is found?

On Tue, Apr 25, 2023 at 12:24:04PM -0400, Alex via Postfix-users wrote: > Hi, I realize this is probably one of the most frequently asked questions, > but I really can't figure out why this was rejected. > > Apr 25 12:06:01 petra postfix-226/smtpd[592344]: NOQUEUE: reject: RCPT from >

[pfx] Re: postfix mail server qmgr log entry query

On Mon, Apr 24, 2023 at 05:39:01PM +, Jitendra Chaudhari via Postfix-users wrote: > Mail flow is as follows. > > IceWarp (email Server)---> >postfix---> >cisco(ironport email gateway)---> >Internet > > I found some strange messages

[pfx] Re: Regarding transport maps (sender_dependent_relayhost_maps not working)

On Sat, Apr 22, 2023 at 07:58:25PM -0700, Andrew Athan wrote: > If I understand it well enough I'll write and submit a doc PR. This is unlikely to be productive. > If I put all this together what I think I'm hearing is that transport_map > overrides everything The transport(5) table has the

[pfx] Re: Regarding transport maps (sender_dependent_relayhost_maps not working)

On Sat, Apr 22, 2023 at 05:56:12PM -0700, Andrew Athan via Postfix-users wrote: > "This information is overruled with... the transport(5) table." In other words, "transport_maps", a logical dictionary built from a list of component tables (some of which may also be composite). > But

[pfx] Re: www.postfix.org certificate expired

On Sat, Apr 22, 2023 at 11:25:14AM -0400, Viktor Dukhovni via Postfix-users wrote: > On Sat, Apr 22, 2023 at 01:08:06PM +0200, Matus UHLAR - fantomas via > Postfix-users wrote: > > > >You should set a POST_HOOK in certbot renew (assuming you're using > > >cert

[pfx] Re: www.postfix.org certificate expired

On Sat, Apr 22, 2023 at 01:08:06PM +0200, Matus UHLAR - fantomas via Postfix-users wrote: > >You should set a POST_HOOK in certbot renew (assuming you're using > >certbot, that is) that restarts or reloads the web server. > > I guess this exactly what failed. The "post hooks" in certbot are

[pfx] Re: Reject mail by language

On Wed, Apr 19, 2023 at 11:33:36AM +0800, tom--- via Postfix-users wrote: > I got a lot of spams (20+ every day) like the following for which i even > don't know what language they were. > > مميز المنتدى العربي الثالث The script is Arabic. Language is harder for an MTA to deduce. A priori

[pfx] Re: Reject mail by language

On Wed, Apr 19, 2023 at 02:54:22AM +0800, tom--- via Postfix-users wrote: > How to reject messages by languages? > For example, only English, Germany and Chinese messages will be > accepted. All others should be rejected. Email messages almost never carry language information, they carry

[pfx] Re: smtp code 450 and delivery to secondary MX

On Tue, Apr 18, 2023 at 10:35:22AM +0800, tom--- via Postfix-users wrote: > So my question is, smtp code 450 will cause the sender to retry delivery > to secondary MX? Yes, if the client is a legitimate MTA, less common with a junk-sending botnet. Once you're confident your restriction

[pfx] Re: is localhost.localdomain a FQDN?

On Tue, Apr 18, 2023 at 10:19:58AM +0800, tom--- via Postfix-users wrote: > I saw many peer MTA connecting me with this default HELO hostname: > localhost.localdomain. > > Is this a FQDN? Yes, it is a fully-qualified domain name. > Is it valid? Depends on your perspective. This FQDN does not

[pfx] Re: Postfix refuses to accept email from video camera

On Sun, Apr 16, 2023 at 10:05:02PM +0300, Oleksandr wrote: > > You now need to again post your configuration settings. Post the output > > of: > > ># postconf -nf smtpd_tls_cert_file smtpd_tls_key_file smtpd_tls_chain_files ># ls -l $(postconf -xh smtpd_tls_cert_file smtpd_tls_key_file

[pfx] Re: Postfix refuses to accept email from video camera

On Sun, Apr 16, 2023 at 09:24:09PM +0300, Oleksandr wrote: > I think I've followed all your instructions, and now I've got another > mistake: That means that either my instructions had a typo, or your implementation of correct instructions had a typo. > Apr 16 21:20:29 mailserver

[pfx] Re: Postfix refuses to accept email from video camera

On Sun, Apr 16, 2023 at 07:49:00PM +0300, Oleksandr wrote: > > Did you reconfigure Postfix to use the generated PEM file > > as your certificate and private key file? > > I didn't know it had to be done... I just do what you recommend. How > do I need to do this reconfiguration? Please tell

[pfx] Re: Postfix refuses to accept email from video camera

On Sun, Apr 16, 2023 at 06:03:09PM +0300, Oleksandr via Postfix-users wrote: > Okay, Viktor! I executed these commands and got this result: > > $ dnsname=mailserver.mail.lan > $ rm certkey.pem > rm: Unable to delete 'certkey.pem': No such file or directory > user@mailserver:~$ openssl req -new

[pfx] Re: Postfix refuses to accept email from video camera

On Sun, Apr 16, 2023 at 03:07:38AM +0300, Oleksandr via Postfix-users wrote: > Yes, it looks like this :-) > But I was hoping that it would be enough to make corrections in the main.cf > and master.cf, and Postfix friendship with the camera would be restored. It isn't actually Postfix

[pfx] Re: any web.de staff here?

On Sun, Apr 16, 2023 at 09:15:24AM +0800, tom--- via Postfix-users wrote: > one of web.de's sender IPs is listed into zen.spamhaus.org as the > following info. > > 554 5.7.1 Service unavailable; Client host [82.165.159.35] blocked using > zen.spamhaus.org;

[pfx] Re: Postfix refuses to accept email from video camera

On Sun, Apr 16, 2023 at 12:30:14AM +0300, Oleksandr wrote: > Viktor, How you have analyzed everything perfectly! :-) > > Of course, I cannot influence the camera firmware, it is old and there > are no new firmware. > > But maybe you can change the Postfix settings so that he makes friends >

[pfx] Re: Postfix refuses to accept email from video camera

On Sat, Apr 15, 2023 at 10:09:10PM +0300, Oleksandr wrote: > Sorry, I temporarily changed the IP camera to 192.168.8.144, but it doesn't > affect anything. > > So, I executed the command: > > # tcpdump -s0 -w file.pcap tcp port 465 and host 192.168.8.144 > > The result is in the

[pfx] Re: Postfix refuses to accept email from video camera

On Sat, Apr 15, 2023 at 08:09:58PM +0200, Benny Pedersen via Postfix-users wrote: > > As stated above, there was no need. What's needed now is a PCAP file > > with a full recording of exactly one TCP connection between the camera > > and Postfix on port 465. > > first remove the 2nd port 465 >

[pfx] Re: Postfix refuses to accept email from video camera

On Sat, Apr 15, 2023 at 08:37:14PM +0300, Oleksandr wrote: > > > provide postconf -nf not just raw file, and postconf -Mf not just raw > > > file > > > > No longer necessary. > > Please, here are the results of executing this command in attachment: As stated above, there was no need. What's

[pfx] Re: Postfix refuses to accept email from video camera

On Sat, Apr 15, 2023 at 05:57:51PM +0200, Benny Pedersen via Postfix-users wrote: > add 192.168.1.44 to mynetwork in postfix main.cf, in master.cf allow > permit_mynetwork before permit Irrelevant. The TLS connection setup hadn't completed yet. > but best is simply to make another

[pfx] Re: Postfix refuses to accept email from video camera

On Sat, Apr 15, 2023 at 05:39:21PM +0300, Oleksandr via Postfix-users wrote: > However, Postfix refuses to accept mail from the video camera and > demonstrates these lines in the log: That's not an accurate statement. Postfix is happy to accept mail from the camera, but the camera aborts the

[pfx] Re: header_checks not work with regexp

On Fri, Apr 14, 2023 at 05:51:21PM -0300, SysAdmin EM via Postfix-users wrote: > postmap -q "Subject: [KIS] ERROR (EXTERNAL IP): Invalid HTTP_HOST header: > '10.54.130.188:8020'. You may need to add u'10.54.130.188' to ALLOWED_HOSTS." > regexp:/etc/postfix/header_checks Works here (bash

[pfx] Re: header_checks not work with regexp

On Fri, Apr 14, 2023 at 03:31:17PM -0300, SysAdmin EM via Postfix-users wrote: > Sorry for such a basic question but I couldn’t find a solution on my > part. I’m trying to block a Subject using header_checks but it’s not > working. > > This is my rule: > > /^Subject:.*Invalid HTTP_HOST

[pfx] Re: temporary lookup error with utf8mb4 characters

On Fri, Apr 14, 2023 at 01:06:16PM -0400, Wietse Venema via Postfix-users wrote: > Wietse Venema via Postfix-users: > > As for the temp error becoming persistent, the Postfix pgsql: client > > code returns an error when it gets an error from all of the hosts > > configured in the Postfix pgsql:

[pfx] Re: Debugging SSL_accept error Connection reset by peer

On Tue, Apr 11, 2023 at 08:32:19AM -0400, micah anderson via Postfix-users wrote: > >> The certificate that the server sends (smtpd_tls_cert_file) is [...] > >> is the client refusing my certificate at this stage? > > > > See above. Your certificate details look fine: > > Good. Of course some

[pfx] Re: Postfix as relay server let us send messages with anothyer domain than ours

On Tue, Apr 11, 2023 at 03:34:09PM -0300, Roberto Carna via Postfix-users wrote: > But we have realized that if we send messages using another domains > than ourdomain1.com, the messages reach the recipients in Gmail, > Hotmail and other public mail platforms. Perhaps as well considering how to

[pfx] Re: aliases for mailbox domain

On Tue, Apr 11, 2023 at 12:49:18AM +0800, tom--- via Postfix-users wrote: > > You can create virtual(5) aliases for any address you want, with > > any syntactically valid rewrite target(s) of your choice. > > > > Neither the LHS nor the RHS addresses need be in domains under your > > control.

[pfx] Re: aliases for mailbox domain

On Mon, Apr 10, 2023 at 04:19:28PM +0800, tom--- via Postfix-users wrote: > And a real user t...@myposts.ovh which exists in dovecot-users table. > > After then, can I create aliases in virtual_alias_maps like follows? > > al...@myposts.ovh t...@myposts.ovh > b...@myposts.ovh t...@myposts.ovh

[pfx] Re: DNS resolvers difference for RBL checks

On Mon, Apr 10, 2023 at 10:22:24AM +0800, tom--- via Postfix-users wrote: > > My comiserations... > > Do you mean systemd-resolve is a bad choice for local resolver? Wow, you read my mind! :-) The only use-case I can think of for systemd-resolved is on mobile devices, or home networks, where

[pfx] Re: REPOST: Envelope sender is not modified correctly

On Sun, Apr 09, 2023 at 10:29:46PM -0400, François wrote: > I did post the relevant parts (I believe) of main.cf: If you were fully equipped to know what's relevant, you'd not need to look for help here. When you do seek help here, you need to be willing to let others judge what is relevant.

[pfx] Re: REPOST: Envelope sender is not modified correctly

On Sun, Apr 09, 2023 at 08:08:04PM -0400, François via Postfix-users wrote: > The regexp:/etc/postfix/canonical just did not want to map reliably a > domain name to a certain Return-Path, even though I tested successfully all > regular expressions with (for example): > > postmap -q

[pfx] Re: DNS resolvers difference for RBL checks

On Mon, Apr 10, 2023 at 09:14:19AM +0800, tom--- via Postfix-users wrote: > I have two debian boxes, one is running unbound for dns resolver, Congratulations on a sound choice. > another is running systemd-resolve. My comiserations... -- Viktor.

[pfx] Re: confused about two options

On Sun, Apr 09, 2023 at 09:35:49AM +0800, tom--- via Postfix-users wrote: > >> 2. Content-Transfer-Encoding: 7bit > > > > The 2nd is more of a property assertion, than an encoding. The > > MIME-part content is transmitted as-is, but is asserted to consist > > entirely of 7-bit octets (i.e.

[pfx] Re: Headers and Forwarding

On Sat, Apr 08, 2023 at 12:16:30PM -0700, Doug Hardie via Postfix-users wrote: > >> Are there any others and how close am I? > > > > > > https://www.iana.org/assignments/mail-parameters/mail-parameters.xhtml#mail-parameters-7 > > Wow, I never would have guessed there would be that many.

[pfx] Re: Headers and Forwarding

On Sat, Apr 08, 2023 at 11:51:06AM -0700, Doug Hardie via Postfix-users wrote: > A couple of questions. Looking in the postfix generated Received: > header, the SMTP id often has a few other letters included: ESMTPA > etc. I am guessing that the extra letters mean: > > E - EHLO used

[pfx] Re: invalid and non-fqdn hostname

On Sat, Apr 08, 2023 at 11:49:49AM +1000, Sean Gallagher via Postfix-users wrote: > I think the outcome of the discussion in this thread was that > valid_utf8_hostname() really has no "official" use case. Not all hostnames are HELO hostnames. The domain part of an email address is a

[pfx] Re: confused about two options

On Sat, Apr 08, 2023 at 02:59:49PM +0800, tom--- via Postfix-users wrote: > 1. use MIME encoding for 8bit chars That would be either quoted-printable or base64: https://www.iana.org/assignments/transfer-encodings/transfer-encodings.xhtml applicable to "leaf" MIME entities, but not

[pfx] Re: Debugging SSL_accept error Connection reset by peer

On Fri, Apr 07, 2023 at 11:25:33AM -0400, micah via Postfix-users wrote: > I have a few remote hosts who cannot send me mail, and I'm trying to > determine the best way to debug these SSL_accept error messages and > turn them into a solution so the mail can be actually sent. > > With

[pfx] Re: invalid and non-fqdn hostname

On Fri, Apr 07, 2023 at 10:07:08AM +0800, Ken Peng via Postfix-users wrote: > i have the similar questions on these two clauses: > > reject_unknown_reverse_client_hostname > reject_unknown_client_hostname > > I know the first one require the sender IP has a valid PTR. > but for the second one,

[pfx] Re: pf snap 3.8-20230402 mem corruption issues

On Thu, Apr 06, 2023 at 11:20:17PM +0200, Steffen Nurpmeso via Postfix-users wrote: > It seems so square to have a need to use the C library resolver, > or external library, or even code something yourself, in order to > implement a policy or milter or filter for postfix. Even though > possibly

[pfx] Re: invalid and non-fqdn hostname

On Thu, Apr 06, 2023 at 04:57:51PM +1000, Sean Gallagher via Postfix-users wrote: > What a can of worms.. > IDNA2003 allowed UTF8 in domain names IDNA specified an encoding system for mapping UTF8 labels to ACE-prefixed LDH labels that can be used in DNS. The resulting data in DNS (in zone

[pfx] Re: invalid and non-fqdn hostname

On Thu, Apr 06, 2023 at 07:33:28AM +0800, Corey Hickman via Postfix-users wrote: > reject_invalid_helo_hostname > reject_non_fqdn_helo_hostname > > what are the differences between them? does the second one hold the > first one already? Neither subsumes the other, perhaps due to an

[pfx] Re: surprise with strict_mime_encoding_domain

On Tue, Apr 04, 2023 at 09:00:16PM +0200, A. Schulze via Postfix-users wrote: > Mime-Version: 1.0 > Content-Type: multipart/signed; > boundary="mua-name=_some_random"; > protocol="application/pkcs7-signature"; > micalg=sha-256 > Content-Transfer-Encoding:

[pfx] Re: virtual_alias_domains user in dovecot-users

On Sun, Apr 02, 2023 at 09:09:11AM +0800, fh--- via Postfix-users wrote: > If a domain is in virtual_alias_domains only, not in the > virtual_mailbox_domains. This means that the underlying mailboxes (after rewriting) must be in some other domain, i.e. Postfix will ultimately *deliver* mail to

[pfx] Re: Wildcard delivery from Postfix to Dovecot LDA issues

On Sat, Apr 01, 2023 at 07:02:51PM +0100, EML via Postfix-users wrote: > How, exactly, do postfix and dovecot communicate when postfix attempts > to determine whether to deliver a message to the dovecot LDA, or to > bounce it? In other words, how does postfix decide to bounce foo, and >

[pfx] Re: Success DSN for virtual mailboxes not working

On Fri, Mar 31, 2023 at 02:00:49PM +0100, Nuno Pereira via Postfix-users wrote: > Logs of message with success DSN sent: Are you sure you syslog system is not dropping some of the log messages? (A common problem with systemd-based logging). > Mar 31 13:26:19 MAIL01 postfix/lmtp[1444780]:

[pfx] Re: Access control review

On Wed, Mar 29, 2023 at 02:17:52PM +0200, Matus UHLAR - fantomas via Postfix-users wrote: > On 28.03.23 12:15, Viktor Dukhovni via Postfix-users wrote: > >You don't need and generally don't want to apply: > > > >reject_unknown_recipient_domain > > > >to inb

[pfx] Re: Access control review

On Tue, Mar 28, 2023 at 08:42:42AM +0200, Mihaly Zachar via Postfix-users wrote: > smtpd_recipient_restrictions = > reject_non_fqdn_recipient > reject_unknown_recipient_domain > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination You don't need and

[pfx] Re: destination based rate limiting

On Mon, Mar 27, 2023 at 11:21:15AM +, Gino Ferguson via Postfix-users wrote: > How can one set up outbound rate limiting for a certain mail service > provider? Postfix rate limiting is implemented in the queue manager, which does not (and cannot without a major redesign) know the MX hosts

[pfx] Re: Blocked Sender

On Mon, Mar 27, 2023 at 02:16:06PM +0200, Matus UHLAR - fantomas via Postfix-users wrote: > On 27.03.23 12:39, natan via Postfix-users wrote: > >/etc/postfix/sender_checks.pcre > >/@scripkabox\.com/ > > >/@domain\.ltd/ OK > > > In any case I recommend using

[pfx] Re: Blocked Sender

On Sun, Mar 26, 2023 at 04:10:57PM -0700, Doug Hardie via Postfix-users wrote: > > The suggested inline:{{key = value}} replacement will work if > > implemented correctly. > > Mar 26 15:42:30 mail postfix/smtpd[15243]: NOQUEUE: reject: > RCPT from mx4.messageprovider.com[156.55.193.213]: 450

[pfx] Re: Blocked Sender

On Sun, Mar 26, 2023 at 02:53:42PM -0700, Doug Hardie wrote: > >inline:{{digitalinsight.firefightersfirstcreditunion.org = > > permit_auth_destination}} > > or > > > > inline:{digitalinsight.firefightersfirstcreditunion.org=permit_auth_destination} > > > > Per the documentation: > > >

[pfx] Re: Blocked Sender

On Sun, Mar 26, 2023 at 02:15:27PM -0700, Doug Hardie via Postfix-users wrote: > Thanks Viktor. I went with the first approach and am getting errors: > > warning: inline:{DigitalInsight.firefightersfirstcreditunion.org = > permit_auth_destination} is unavailable. missing '=' after attribute

[pfx] Re: Blocked Sender

On Sun, Mar 26, 2023 at 12:52:01PM -0700, Doug Hardie via Postfix-users wrote: > I don't want to remove the "reject_unknown_sender_domain" function as > it gets used properly a lot. Is there some way I can get postfix to > accept these for local delivery? smtpd_sender_restrictions =

[pfx] Re: smtp_connection_cache_on_demand and "high volume"

On Sun, Mar 26, 2023 at 12:13:55PM -0700, Amit Gupta via Postfix-users wrote: > Hello, according to the docs, when there is a "high volume" of mail in the > active queue, then a connection is added to the cache, How is "high > volume" determined? Below is the quote from the documentation: > >

[pfx] Re: connection_cache_ttl_limit

On Sat, Mar 25, 2023 at 12:46:26PM -0700, Amit Gupta via Postfix-users wrote: > Hi, Is there any reason for smtp_connection_cache_time_limit to be set > differently than connection_cache_ttl_limit? No. After all, both have the same default. But also note that the reason there are two

[pfx] Re: smtp_tls_security_level per user

On Sat, Mar 25, 2023 at 02:43:35PM -0400, Wietse Venema via Postfix-users wrote: > postfix--- via Postfix-users: > > smtp_tls_security_level = may/encrypt sets global policy for the > > server. Is there a way to override that on a per user basis when > > delivering mail to another public server?

[pfx] Re: [ext] Re: Configuration of postfix on Ubuntu 22

On Fri, Mar 24, 2023 at 02:55:32PM +0100, Ralf Hildebrandt via Postfix-users wrote: > > smtp_use_tls=yes > > relayhost = smtp.gmail.com:587 Small correctness improvement: relayhost = [smtp.gmail.com]:587 >] # we want to relay all mails via smtp.gmail.com (port 587) > >

[pfx] Re: difference between relay and smtp

On Thu, Mar 23, 2023 at 03:49:07AM +0800, fh--- via Postfix-users wrote: > Relay uses SMTP protocol, as well as submission. No. The two transports are functionally equivalent, and use the same underlying delivery agent (smtp(8)). They are separate because: - As Wietse noted, and documented in

[pfx] Re: Allow TLSv1 only for internal senders

On Wed, Mar 22, 2023 at 04:28:36PM +0100, Benny Pedersen via Postfix-users wrote: > >> mx ~ # posttls-finger sdaoden.eu > >> posttls-finger: Connected to sdaoden.eu[217.144.132.164]:25 > >> posttls-finger: < 220 sdaoden.eu ESMTP Postfix > > > > I can't even get the connection. I can't even ping

[pfx] Re: timeout after END-OF-MESSAGE

On Mon, Mar 20, 2023 at 04:41:27PM +0100, Fourhundred Thecat via Postfix-users wrote: > > On 2023-03-20 15:30, Wietse Venema via Postfix-users wrote: > > Fourhundred Thecat via Postfix-users: > >> > >> I occasionally see timeout after END-OF-MESSAGE in my logs: > > > > When asking a timing

[pfx] Re: Debugging options

On Mon, Mar 20, 2023 at 12:59:29AM -0700, Doug Hardie via Postfix-users wrote: > >> Is there a debug setting that will show which tables are searched when > >> an incoming email is received and delivered to a mailbox? > > > > The best answer to that is the documentation: > > > >

<    1   2   3   4   5   6   7   >