[pfx] Re: Handing off via localhost:10025 to spamassassin for scanning failure

A bit off topic but it just happened to dawn on me that that Ethernet Tap I referred to was a H4000. My brain works that way. Just to see if my memory hadn't failed me I googled it. Yep H4000. And I even found a Wiki page on it with a picture of the backbone cable and the H4000. And the tool

[pfx] Re: Handing off via localhost:10025 to spamassassin for scanning failure

Always in a good mood. It's a waste not to be. When I'm focused on something I just state the facts as I understand them and sometimes that doesn't come across well. Yeah I know localhost can be either that's why I used 127.0.0.1 in the config and don't/didn't use localhost anywhere, as I

[pfx] Re: Handing off via localhost:10025 to spamassassin for scanning failure

* Curtis J. Blank via Postfix-users: > What I am looking for is pretty simple. How to get it to work with > "inet_protocols = all" like my existing server is currently set up to do > and not be limited to ipv4 only. Well, you seem to be in a good mood. ;-) > And it is already set to use

[pfx] Re: Handing off via localhost:10025 to spamassassin for scanning failure

Thank you, Alexander, Matus, Jaroslaw, Peter, and Bill, just the kind of ideas I was looking for. My old postfix server is running 2.11 and I have not dealt much with postfix really since then because like I said it just worked, did what I needed it to do. Currently I'm working with 3.9 and I

[pfx] Re: Handing off via localhost:10025 to spamassassin for scanning failure

On 2024-06-28 at 05:23:27 UTC-0400 (Fri, 28 Jun 2024 11:23:27 +0200) Matus UHLAR - fantomas via Postfix-users is rumored to have said: Who exactly listens on port 10025? looks like postfix sends mail to itself, or is it another postfix instance? Historically that has been a port commonly

[pfx] Re: Roundcube question

On 28/06/2024 19:14, Jeff Peng via Postfix-users wrote: Does one roundcube installation support only one SASL backend? For example I configure it to access aol then it cannot access gmail. Other webmail such as snappy can connect to many smtp/imap backends, such as yahoo/outlook/gmail, they

[pfx] Re: Handing off via localhost:10025 to spamassassin for scanning failure

On 28/06/24 19:01, Curtis J Blank via Postfix-users wrote: What I am looking for is pretty simple. How to get it to work with "inet_protocols = all" like my existing server is currently set up to do and not be limited to ipv4 only. And it is already set to use 127.0.0.1 No it is not, it is

[pfx] Re: Roundcube question

Στις 28/6/24 12:14, ο/η Jeff Peng via Postfix-users έγραψε: Other webmail such as snappy can connect to many smtp/imap backends, such as yahoo/outlook/gmail, they can be set up in one installation. roundcube does the same as snappy , by manually editing config.inc.php (iirc). eg...:

[pfx] Re: Handing off via localhost:10025 to spamassassin for scanning failure

Dnia 28.06.2024 o godz. 00:16:31 Curtis J Blank via Postfix-users pisze: > When "inet_protocols = all" the connection to filter.mynetwork.local > localhost > port 10025 to hand off the message to spamassassin for scanning fails with > "Relay access denied". What I finally noticed is that the

[pfx] Re: Handing off via localhost:10025 to spamassassin for scanning failure

On 28.06.24 02:01, Curtis J Blank via Postfix-users wrote: What I am looking for is pretty simple. How to get it to work with "inet_protocols = all" like my existing server is currently set up to do and not be limited to ipv4 only. simply allow receiving messages from ::1 on port 10025. 10025

[pfx] Roundcube question

Does one roundcube installation support only one SASL backend? For example I configure it to access aol then it cannot access gmail. Other webmail such as snappy can connect to many smtp/imap backends, such as yahoo/outlook/gmail, they can be set up in one installation. Thanks

[pfx] Re: Handing off via localhost:10025 to spamassassin for scanning failure

Am 2024-06-28 09:01, schrieb Curtis J Blank via Postfix-users: What I am looking for is pretty simple. How to get it to work with "inet_protocols = all" like my existing server is currently set up to do and not be limited to ipv4 only. And it is already set to use 127.0.0.1 so why it is

[pfx] Re: Handing off via localhost:10025 to spamassassin for scanning failure

What I am looking for is pretty simple. How to get it to work with "inet_protocols = all" like my existing server is currently set up to do and not be limited to ipv4 only. And it is already set to use 127.0.0.1 so why it is using [::1] instead when the old server uses 127.0.01, that is part

[pfx] Re: Handing off via localhost:10025 to spamassassin for scanning failure

* Curtis J. Blank via Postfix-users: > I would like to get some insight as to the cause and correct > configuration to use. [...] Maybe it is simply too early in the morning for me to get your point, but what insight are you looking for, exactly? You already found out that localhost does not

[pfx] Handing off via localhost:10025 to spamassassin for scanning failure

I would like to get some insight as to the cause and correct configuration to use. Building a new server that in part is my postfix server and spent the last couple of days pulling my hair out trying to get it to deliver mail. I have an existing postfix server that has been working since 2014

[pfx] Re: DANE and STS

Hi ! Sure...    i distribute 3 1 1 and 2 1 1 are onl for backup... I had the setup with R3 running for years w/o problems  but now i have also R11/12/13/14 as backup entries Ciao gerd Am 27.06.2024 um 15:34 schrieb Michael Grimm via Postfix-users: Gerd Hoerst via Postfix-users wrote: I

[pfx] Re: spf and Permerror

natan via Postfix-users escribió el 27/06/2024 a las 15:48: W dniu 27.06.2024 o 15:39, Scott Kitterman via Postfix-users pisze: Hi Scott Jun 27 15:39:06 MX policyd-spf[3729]: prepend Received-SPF: Permerror (mailfrom) identity=mailfrom; client-ip=200.28.23.150;

[pfx] Re: spf and Permerror

On 27.06.24 15:30, natan via Postfix-users wrote: I have a strange problem with SPF and I honestly don't know what to pay attention to What is a Permerror in SPF In log i get: Jun 27 15:09:11 MX policyd-spf[57158]: prepend Received-SPF: Permerror (mailfrom) identity=mailfrom;

[pfx] Re: spf and Permerror

W dniu 27.06.2024 o 15:48, natan via Postfix-users pisze: W dniu 27.06.2024 o 15:39, Scott Kitterman via Postfix-users pisze: On June 27, 2024 1:30:37 PM UTC, natan via Postfix-users wrote: Hi I have a strange problem with SPF and I honestly don't know what to pay attention to What is a

[pfx] Re: spf and Permerror

W dniu 27.06.2024 o 15:39, Scott Kitterman via Postfix-users pisze: On June 27, 2024 1:30:37 PM UTC, natan via Postfix-users wrote: Hi I have a strange problem with SPF and I honestly don't know what to pay attention to What is a Permerror in SPF In log i get: Jun 27 15:09:11 MX

[pfx] Re: spf and Permerror

On June 27, 2024 1:30:37 PM UTC, natan via Postfix-users wrote: >Hi >I have a strange problem with SPF and I honestly don't know what to pay >attention to > >What is a Permerror in SPF >In log i get: > >Jun 27 15:09:11 MX policyd-spf[57158]: prepend Received-SPF: Permerror >(mailfrom)

[pfx] Re: DANE and STS

Michael Grimm wrote: > [see Viktors link: http://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html] > correction: http://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html Regards, Michael ___

[pfx] Re: DANE and STS

Gerd Hoerst via Postfix-users wrote: > I checked my cert and it related to R10 , but i will also publish the rest > regarding you advice I do recommend investigating '3 1 1' records, instead. "Hence, my best advice is to not play Let's Encrypt whack-a-mole, and use "3 1 1" records with

[pfx] spf and Permerror

Hi I have a strange problem with SPF and I honestly don't know what to pay attention to What is a Permerror in SPF In log i get: Jun 27 15:09:11 MX policyd-spf[57158]: prepend Received-SPF: Permerror (mailfrom) identity=mailfrom; client-ip=84.205.190.72; helo=h2.3hosting.pl;

[pfx] Re: DANE and STS

Hi ! I checked my cert and it related to R10 , but i will also publish the rest regarding you advice Ciao Gerd Am 27.06.24 um 14:24 schrieb Viktor Dukhovni via Postfix-users: On Thu, Jun 27, 2024 at 02:13:25PM +0200, Gerd Hoerst via Postfix-users wrote: Thanx ! Works Nope, sorry,

[pfx] Re: DANE and STS

On Thu, Jun 27, 2024 at 02:13:25PM +0200, Gerd Hoerst via Postfix-users wrote: > Thanx ! Works Nope, sorry, you've rather failed to read and understand those docs. > Am 27.06.24 um 13:29 schrieb Viktor Dukhovni via Postfix-users: > > > BTW: where to get the cert from to generate the 2 1 1 enty

[pfx] Re: DANE and STS

Hi ! Thanx ! Works Ciao Gerd Am 27.06.24 um 13:29 schrieb Viktor Dukhovni via Postfix-users: BTW: where to get the cert from to generate the 2 1 1 enty for DNS ? -https://list.sys4.de/hyperkitty/list/dane-us...@list.sys4.de/message/ZTM3XQMI3XP7PWMWJTXBYDPVU4UENE24/

[pfx] Re: DANE and STS

> BTW: where to get the cert from to generate the 2 1 1 enty for DNS ? - https://list.sys4.de/hyperkitty/list/dane-us...@list.sys4.de/message/ZTM3XQMI3XP7PWMWJTXBYDPVU4UENE24/ - https://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html -- Viktor.

[pfx] Re: managing multi instances

On Thu, Jun 27, 2024 at 10:45:09AM +, Gino Ferguson via Postfix-users wrote: > I have two questions regarding multi instance management. > > 1. is there a way to batch migrate multi instances from serverA to > serverB? We are planning to replace our servers and I'd spare as much > manual

[pfx] Re: managing multi instances

If you were using cloud VM There is a tech called live migration Under which you take no care on applications such as postfix. Hi, I have two questions regarding multi instance management. 1. is there a way to batch migrate multi instances from serverA to serverB? We are planning to replace

[pfx] managing multi instances

Hi, I have two questions regarding multi instance management. 1. is there a way to batch migrate multi instances from serverA to serverB? We are planning to replace our servers and I'd spare as much manual work if possible. 2. is there an ad-hoc way to move mails between instances by their

[pfx] Re: Using postfwd for sasl auth clients only?

On 27.06.24 08:15, Gilgongo via Postfix-users wrote: I have some simple postfwd rules that count the number of emails being sent per hour/day per sasl account (and reject once a limit is reached). I'm not sure how best to implement that though, Should I just have the following in master.cf? So

[pfx] Re: working simple config for cyrus SASL

On 26.06.24 16:29, John Levine via Postfix-users wrote: I'm trying to set up a little POP toaster on debian that has a few addreses all in virtual domains. I'm using Cyrus SASL (no Dovecot allowed for reasons) and to keep it simple, I'm using sasldb authentication. I can set up the sasldb with

[pfx] Re: DANE and STS

Hi ! OK this is in Work now :-) BTW: where to get the cert from to generate the 2 1 1 enty for DNS ? Ciao Gerd Am 26.06.24 um 12:56 schrieb Viktor Dukhovni via Postfix-users: On Wed, Jun 26, 2024 at 11:26:59AM +0200, Gerd Hoerst via Postfix-users wrote: I checked my domain with

[pfx] Using postfwd for sasl auth clients only?

I have some simple postfwd rules that count the number of emails being sent per hour/day per sasl account (and reject once a limit is reached). I'm not sure how best to implement that though, Should I just have the following in master.cf? So if an account sent a CC to [n] addresses, the rules

[pfx] Re: working simple config for cyrus SASL

On Wed, Jun 26, 2024 at 04:29:53PM -0400, John Levine via Postfix-users wrote: > I'm trying to set up a little POP toaster on debian that has a few > addreses all in virtual domains. > > I'm using Cyrus SASL (no Dovecot allowed for reasons) That's unfortunate, b/c often much simpler... > and

[pfx] working simple config for cyrus SASL

I'm trying to set up a little POP toaster on debian that has a few addreses all in virtual domains. I'm using Cyrus SASL (no Dovecot allowed for reasons) and to keep it simple, I'm using sasldb authentication. I can set up the sasldb with saslpasswd2 but I am stuck getting the Cyrus sasl daemon

[pfx] Re: DANE and STS

>there is also this online test tool : >https://en.internet.nl/mail/gmail.com/1276778/ >https://en.internet.nl/mail/outlook.com/1276787/ >https://en.internet.nl/mail/proton.me/1276789/ Most of these online tools check inbound (the easy and marketing part) only. Joachim

[pfx] Re: inquiry for milter server

check also rspamd, it's a great software On 6/24/24 01:19, Jeff Peng via Postfix-users wrote: what's the mainstream milter server for customized content analysis such as headers and languages? I may want to block some special messages which have a special header or  special language (like

[pfx] Re: DANE and STS

Hi Victor, >> Gmx and web.de do support SMTP-DANE (with bugs) >Can you provide a bit more detail on the outbound problems with gmx.de/web.de? Negation missing in your wording: United Internet never delivers to a server that has a certificate valid via TLSA record only but cannot be validated to

[pfx] Re: DANE and STS

As of 6 month ago, proofpoint had no current plans to implement DANE. They perceived it mostly as a European ’thing’, and begin to talk about smtp-sts.. -michael > On 26 Jun 2024, at 13.45, Jeff Pang via Postfix-users > wrote: > > > I am sorry to see pphosted.com and mimecast.com have no

[pfx] Re: DANE and STS

On Wed, Jun 26, 2024 at 01:35:30PM +0200, Joachim Lindenberg via Postfix-users wrote: > I have done some testing via my own tool and published results on > https://blog.lindenberg.one/EmailSecurityTest. > > Gmx and web.de do support SMTP-DANE (with bugs) Can you provide a bit more detail on

[pfx] Re: DANE and STS

On Wed, Jun 26, 2024 at 07:45:20PM +0800, Jeff Pang via Postfix-users wrote: > Can you also add SecuMail.de into the list? Thanks victor. The list of MX hosters is machine-generated by aggregating DNSSEC-signed customer domains by their MX host domain. Only providers with 1000 or more

[pfx] Re: DANE and STS

I am sorry to see pphosted.com and mimecast.com have no DANE deployed, since proofpoint and mimecast are the lartest email protection companies here. Can you also add SecuMail.de into the list? Thanks victor. Global:https://dnssec-stats.ant.isi.edu/~viktor/hosters.html -- Jeff

[pfx] Re: DANE and STS

Στις 26/6/24 14:19, ο/η Jeff Pang via Postfix-users έγραψε: May I ask if the main providers like gmail, outlook, yahoo, proton, gmx etc, have smtp-dane deployed? there is also this online test tool : https://en.internet.nl/mail/gmail.com/1276778/

[pfx] Re: DANE and STS

thank you so much victor for letting us know. - gmail: NO - yahoo: NO - outlook: - outbound: YES - inbound: Still in development/pilot phase, with initial deployments at: - hotmail.cz - hotmail.nl - uoou.cz

[pfx] Re: DANE and STS

I have done some testing via my own tool and published results on https://blog.lindenberg.one/EmailSecurityTest. Gmx and web.de do support SMTP-DANE (with bugs), outlook and gmail don´t. outlook and gmail also support MTA-STS at least partially. Proton support SMTP-DANE inbound only. Yahoo

[pfx] Re: DANE and STS

On Wed, Jun 26, 2024 at 07:19:01PM +0800, Jeff Pang via Postfix-users wrote: > May I ask if the main providers like gmail, outlook, yahoo, proton, gmx etc, > have smtp-dane deployed? - gmail: NO - yahoo: NO - outlook: - outbound: YES - inbound: Still in

[pfx] Re: DANE and STS

May I ask if the main providers like gmail, outlook, yahoo, proton, gmx etc, have smtp-dane deployed? Thanks That's the reason you're unable to verify your TLSA records, the resolver in /etc/resolv.conf is not a DNSSEC-validating resolver, or you're missing "options trust-ad" in

[pfx] Re: DANE and STS

On Wed, Jun 26, 2024 at 11:26:59AM +0200, Gerd Hoerst via Postfix-users wrote: > I checked my domain with posttls-finger it brings some errors (I can > only do it on the machine itself) > > posttls-finger: warning: DNSSEC validation may be unavailable > posttls-finger: warning: reason:

[pfx] Re: DANE and STS

Hi ! Regarding this topic here i checked my domain with posttls-finger it brings some errors (i can only do it on the machine itself) posttls-finger: warning: DNSSEC validation may be unavailable posttls-finger: warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC

[pfx] Re: DANE and STS

Jeff Pang via Postfix-users: > > I asked the question "what's smtp dane in modern email system?" to > chatgpt. Here is gpt's answer which I think to be valueful. so I share here. I see similarities with https://www.nccoe.nist.gov/publication/1800-6/VolB/index.html Wietse

[pfx] Re: DANE and STS

Jeff Pang via Postfix-users skrev den 2024-06-25 08:44: how to deploy the following email security features? google it :) RFC 7672 SMTP-DANE smtp_dns_support_level = dnssec smtp_tls_security_level = dane thats all if you already have tls setup in smtp_ test with posttls-finger

[pfx] Re: DANE and STS

I asked the question "what's smtp dane in modern email system?" to chatgpt. Here is gpt's answer which I think to be valueful. so I share here. -- SMTP DANE (DNS-based Authentication of Named Entities) is a security protocol used in modern email systems to ensure secure and

[pfx] Re: DANE and STS

On Tue, Jun 25, 2024 at 10:24:31AM +0200, Alexander Leidinger via Postfix-users wrote: > > how to deploy the following email security features? > > RFC 7672 SMTP-DANE > > Outgoing: > # validate DANE > smtp_dns_support_level = dnssec > smtp_tls_security_level = dane # or dane-only >

[pfx] Re: DANE and STS

Thanks alex so much for the great info. Am 2024-06-25 08:44, schrieb Jeff Pang via Postfix-users: Hello sorry for the beginner question. how to deploy the following email security features? RFC 7672 SMTP-DANE Outgoing: # validate DANE smtp_dns_support_level = dnssec

[pfx] Re: DANE and STS

Am 2024-06-25 08:44, schrieb Jeff Pang via Postfix-users: Hello sorry for the beginner question. how to deploy the following email security features? RFC 7672 SMTP-DANE Outgoing: # validate DANE smtp_dns_support_level = dnssec smtp_tls_security_level = dane # or dane-only

[pfx] DANE and STS

Hello sorry for the beginner question. how to deploy the following email security features? RFC 7672 SMTP-DANE RFC 8461 MTA-STS is there a guide for that? Thanks -- Jeff Pang jeffp...@aol.com ___ Postfix-users mailing list --

[pfx] Re: inquiry for milter server

Thank you. I will check the doc of MIMEDefang. I am also quite familar with MIME::Lite (source level). I don't know what you consider qualifies as "mainstream" but if you need customized analysis, the most widely used FOSS milter for that is MIMEDefang, which has a rewrite by the original

[pfx] Re: Bounces are disappearing

Nico Hoffmann via Postfix-users: >Jun 23 22:50:02 schubert postfix/qmgr[26673]: 60970354BC3: >from=, size=471, nrcpt=1 (queue active) This message was sent from x...@lewonzelewonze.de, therefore a non-delivery notification will be sent to that address. This is defined in the SMTP

[pfx] Bounces are disappearing

Hello, I hvae a question about dealing with locally generated email (non delivery notifications) with an empty sender address. I am running postfix 3.8.5 on my 'dialup' box. It is used to deliver my email by smtp via a relay host. I submit outgoing email with a user settable envelope address

[pfx] Re: how to implement this route

Jeff Peng via Postfix-users: > On 2024-06-23 20:24, Wietse Venema via Postfix-users wrote: > > Jeff Peng via Postfix-users: > >> Hello > >> > >> I saw gmx.de/web.de have a policy that, if the submission IP is not > >> from > >> DE/EU, messages will be routed to a different gateway which is

[pfx] Re: inquiry for milter server

On 2024-06-23 at 19:19:49 UTC-0400 (Mon, 24 Jun 2024 07:19:49 +0800) Jeff Peng via Postfix-users is rumored to have said: what's the mainstream milter server for customized content analysis such as headers and languages? I may want to block some special messages which have a special header or

[pfx] Re: sendmail -v add@ress hangs / postdrop calls read(0, … and waits forever

On Sun, Jun 23, 2024 at 06:06:40PM +, Дилян Палаузов wrote: > «sendmail -v myself@domain» however hangs. Of course it does, it is waiting to read the message headers and body from standard input as expected. > until I press Ctrl+C. This is Postfix 3.4.13. On Postfix 2.11 the > same

[pfx] inquiry for milter server

what's the mainstream milter server for customized content analysis such as headers and languages? I may want to block some special messages which have a special header or special language (like middle-east). Thanks in advance. regards. ___

[pfx] Re: how to implement this route

On 2024-06-23 20:24, Wietse Venema via Postfix-users wrote: Jeff Peng via Postfix-users: Hello I saw gmx.de/web.de have a policy that, if the submission IP is not from DE/EU, messages will be routed to a different gateway which is listed in spamhaus already. Otherwise if submission client's

[pfx] Re: No email forwarding?

On 2024-06-23 at 17:15:33 UTC-0400 (Sun, 23 Jun 2024 23:15:33 +0200) Jaroslaw Rafa via Postfix-users is rumored to have said: The forwarding issue is easily solvable. It's only the unwillingness of mainstream email providers to solve it. That implies a definition of "easily" that somehow

[pfx] Re: No email forwarding?

Jaroslaw Rafa via Postfix-users skrev den 2024-06-23 23:15: But nobody wants to implement this, they rather want to advise against forwarding. forwarding is not brokken, what is brokken is that srs is needed to solve another domains spf records ? no just stop fokus on dkim, and dmarc

[pfx] Re: No email forwarding?

Dnia 23.06.2024 o godz. 12:20:37 Bill Cole via Postfix-users pisze: > Transparent forwarding is infeasible of the modern net. Forwarding > using SRS or encapsulation is still usable if you are willing to > accept that those methods are imperfect and add complexity to a mail > system. > >

[pfx] Re: DQS key in error responses

Bill Cole via Postfix-users: > On 2024-06-23 at 08:30:53 UTC-0400 (Sun, 23 Jun 2024 08:30:53 -0400 (EDT)) > Wietse Venema via Postfix-users > is rumored to have said: > > > Wietse Venema via Postfix-users: > >> If you specify > >> > >> reject_rbl_client string-with-complex-syntax > >> > >>

[pfx] Re: Precision of time in Postfix log files

Peter Uetrecht via Postfix-users: > Hello list, > > is the precision of time in Postfix log files (version 3.8.4) configurable > (microseconds or milliseconds)? Postfix does not generate the timestamp for logfiles written by syslogd or equivalent. That is done by the syslog(3) system library

[pfx] Re: DQS key in error responses

On 2024-06-23 at 08:30:53 UTC-0400 (Sun, 23 Jun 2024 08:30:53 -0400 (EDT)) Wietse Venema via Postfix-users is rumored to have said: > Wietse Venema via Postfix-users: >> If you specify >> >> reject_rbl_client string-with-complex-syntax >> >> Then the rbl_reply_maps seach key will be that >>

[pfx] Re: No email forwarding?

On 2024-06-22 at 18:54:32 UTC-0400 (Sat, 22 Jun 2024 22:54:32 +) Jeff Pang via Postfix-users is rumored to have said: But google "why email forwarding is a bad idea" will get a lot of results. That is an extraordinarily poor measure of anything other than Google's indexing capability

[pfx] Precision of time in Postfix log files

Hello list, is the precision of time in Postfix log files (version 3.8.4) configurable (microseconds or milliseconds)? Thanks in advance Peter ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to

[pfx] Re: how to implement this route

Wietse Venema via Postfix-users: > Jeff Peng via Postfix-users: > > Hello > > > > I saw gmx.de/web.de have a policy that, if the submission IP is not from > > DE/EU, messages will be routed to a different gateway which is listed in > > spamhaus already. Otherwise if submission client's IP is in

[pfx] Re: DQS key in error responses

Wietse Venema via Postfix-users: > If you specify > > reject_rbl_client string-with-complex-syntax > > Then the rbl_reply_maps seach key will be that > string-with-complex-syntax. ... > Unlike rbl_reply_maps, postscreen strips the filter (and weight) > before searching the reply table. There

[pfx] Re: how to implement this route

Jeff Peng via Postfix-users: > Hello > > I saw gmx.de/web.de have a policy that, if the submission IP is not from > DE/EU, messages will be routed to a different gateway which is listed in > spamhaus already. Otherwise if submission client's IP is in DE/EU, > messages will be routed out via

[pfx] Re: DQS key in error responses

Cody Millard via Postfix-users: > Check out this link showing a example postfix configuration. > > https://portal.spamhaus.com/dqs/#3.1.2 > > I found it to be very helpful in displaying the ranged syntax that > spamhaus supports. For a web page that does not require logging in, see:

[pfx] how to implement this route

Hello I saw gmx.de/web.de have a policy that, if the submission IP is not from DE/EU, messages will be routed to a different gateway which is listed in spamhaus already. Otherwise if submission client's IP is in DE/EU, messages will be routed out via the normal gateway whose IP is clean. How

[pfx] Re: DQS key in error responses

Check out this link showing a example postfix configuration. https://portal.spamhaus.com/dqs/#3.1.2 I found it to be very helpful in displaying the ranged syntax that spamhaus supports. On 6/22/2024 4:25 PM, Bill Cole via Postfix-users wrote: On 2024-06-22 at 16:58:26 UTC-0400 (Sat, 22 Jun

[pfx] Re: No email forwarding?

Benny Pedersen via Postfix-users wrote in : |Jeff Pang via Postfix-users skrev den 2024-06-23 00:54: |> I know how to setup postfix + opensrs for email forwarding. But google |> "why email forwarding is a bad idea" will get a lot of results. Should |> we not enable forwarding in now days?

[pfx] Re: No email forwarding?

Jeff Pang via Postfix-users skrev den 2024-06-23 00:54: I know how to setup postfix + opensrs for email forwarding. But google "why email forwarding is a bad idea" will get a lot of results. Should we not enable forwarding in now days? Thanks postfix can easely be setup as sasl client so it

[pfx] No email forwarding?

I know how to setup postfix + opensrs for email forwarding. But google "why email forwarding is a bad idea" will get a lot of results. Should we not enable forwarding in now days? Thanks Jeff Pang jeffp...@aol.com ___ Postfix-users mailing list --

[pfx] Re: DQS key in error responses

Bill Cole via Postfix-users: > > Absolutely. If you specify > > > > reject_rbl_client string-with-complex-syntax > > > > Then the rbl_reply_maps seach key will be that > > string-with-complex-syntax. > > OK. Right now I have multiple items like this in > smtpd_recipient_retrictions > >

[pfx] Re: DQS key in error responses

Wietse Venema via Postfix-users: > The rbl_reply_maps are searched with the domain specified with > reject_rbl_client. > > That includes the optional "=address" portion, added in Postfix > 2.8, but that was not added to the much older rbl_reply_maps > documentation. I have added documentation

[pfx] Re: DQS key in error responses

On 2024-06-22 at 16:58:26 UTC-0400 (Sat, 22 Jun 2024 16:58:26 -0400 (EDT)) Wietse Venema via Postfix-users is rumored to have said: Bill Cole via Postfix-users: On 2024-06-22 at 15:19:42 UTC-0400 (Sat, 22 Jun 2024 15:19:42 -0400 (EDT)) Wietse Venema via Postfix-users is rumored to have

[pfx] Re: DQS key in error responses

Bill Cole via Postfix-users: > On 2024-06-22 at 15:19:42 UTC-0400 (Sat, 22 Jun 2024 15:19:42 -0400 > (EDT)) > Wietse Venema via Postfix-users > is rumored to have said: > > [...] > > The rbl_reply_maps are searched with the domain specified with > > reject_rbl_client. > > > > That includes the

[pfx] Re: DQS key in error responses

On 2024-06-22 at 15:19:42 UTC-0400 (Sat, 22 Jun 2024 15:19:42 -0400 (EDT)) Wietse Venema via Postfix-users is rumored to have said: [...] The rbl_reply_maps are searched with the domain specified with reject_rbl_client. That includes the optional "=address" portion, added in Postfix 2.8, but

[pfx] Re: DQS key in error responses

Cody Millard via Postfix-users: > |Hello list.| > > | > | > > |I included Spamhaus XBL in client restrictions for my server. An error > is supplied to the individual/bot that is trying to connect that looks > like the follow: > > | > > |Transcript of session follows. Out: 554 5.7.1

[pfx] Re: DQS key in error responses

On 2024-06-22 at 06:55:32 UTC-0400 (Sat, 22 Jun 2024 05:55:32 -0500) Cody Millard via Postfix-users is rumored to have said: Hello list. I included Spamhaus XBL in client restrictions for my server. An error is supplied to the individual/bot that is trying to connect that looks like the

[pfx] Re: DQS key in error responses

Cody Millard via Postfix-users skrev den 2024-06-22 12:55: You can see my dqs key in the error send to the client. Is this a problem? If so, how could I remove the DQS key from the response? your postfix conf reveal it postscreen_dnsbl_reply_map =

[pfx] Re: DQS key in error responses

On June 22, 2024 12:55:32 PM GMT+02:00, Cody Millard via Postfix-users wrote: >|Hello list.| > >| >| > >|I included Spamhaus XBL in client restrictions for my server. An error is >supplied to the individual/bot that is trying to connect that looks like the >follow: > >| > >|Transcript of

[pfx] DQS key in error responses

|Hello list.| | | |I included Spamhaus XBL in client restrictions for my server. An error is supplied to the individual/bot that is trying to connect that looks like the follow: | |Transcript of session follows. Out: 554 5.7.1 Service unavailable; Client host [57.152.56.248] blocked using

[pfx] Re: non_smtpd relayhost ?

On Fri, Jun 21, 2024 at 16:22:24 -0400, Wietse Venema wrote: > Locally-generated bounces are generated by the Postfix bounce > daemon which talks to a cleanup service to queue a message. > One could run bounce daemons with a cleanup_service override > in master.cf: Thanks Wietse, that makes

[pfx] Re: non_smtpd relayhost ?

Geert Hendrickx via Postfix-users: > Hi > > We have few different sets of Postfix mailservers with different roles; > inbound servers, outbound servers that DKIM sign outgoing mail with a > milter, and some other servers that just relay mail that is already signed > elsewhere. > > The first and

[pfx] non_smtpd relayhost ?

Hi We have few different sets of Postfix mailservers with different roles; inbound servers, outbound servers that DKIM sign outgoing mail with a milter, and some other servers that just relay mail that is already signed elsewhere. The first and third types of mailservers don't need to sign mail

[pfx] Re: question for a directive in master.cf

On 21/06/2024 13:06, Jeff Peng via Postfix-users wrote: > >> If you want to enable them, you have to uncomment ALL lines for >> submission >> service to work correctly. > > just further, for smtps service, can i just comment out all of options > to enable it? > > #smtps inet  n   -   y 

[pfx] Re: question for a directive in master.cf

Dnia 21.06.2024 o godz. 19:06:38 Jeff Peng via Postfix-users pisze: > > >If you want to enable them, you have to uncomment ALL lines for > >submission > >service to work correctly. > > just further, for smtps service, can i just comment out all of > options to enable it? Yes, you should. --

[pfx] Re: SPF hostname and domainname

Peter via Postfix-users: > On 21/06/24 07:13, Wietse Venema via Postfix-users wrote: > > Bounces are sent with the null envelope.from address which has no > > domain. Therefore, SPF applies policy to a surrogate: the hostname > > in the SMTP client's HELO/EHLO command (as if the envelope.from > >

[pfx] Re: SPF hostname and domainname

On 21/06/24 23:10, Matus UHLAR - fantomas via Postfix-users wrote: Peter via Postfix-users skrev den 2024-06-21 08:45: SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your mail to be accepted: 1.  HELO banner should pass SPF. 2.  Envelope Sender should pass SPF. 3.  Envelope

  1   2   3   4   5   6   7   8   9   10   >