Re: Authentication attempts for x...@com.au addresses

On Tue, 2 Apr 2019 at 09:45, Esteban L wrote: > You will need to install fail2ban to ip block failed attempts. > > As you have correctly assumed, a malicious person is trying to hack into > you mail server. > > Fail2ban is a required application now and days. > > On April 2, 2019 8:57:06 AM

Re: nfs as storage for mail queue

On Tue, 2 Apr 2019 at 07:40, De Petter Mattheas < mattheas.depet...@jandenul.com> wrote: > Hello > > > > Can somebody help me? > > > > So I have setup the nfs share on a windows server 2016 with nfs server > role. > > > > Security is set on the device ip of the postfix server read-write with >

Re: how to check email delivered via MX backup host

On Sun, 31 Mar 2019 at 07:40, Jon LaBadie wrote: > When I try to block spam from repeaters, via access.db, > firewall, ... the first thing that happens is the blocked > mail gets delivered via my MX backup host. Mail received > by this route does not seem to be checked against the > access

Re: nfs as mailq storage?

On Wed, 27 Mar 2019 at 07:44, De Petter Mattheas < mattheas.depet...@jandenul.com> wrote: > Hello Wietse > > Can you tell me witch param I need to change in main.cf to mount the nfs > to the mailq? > > Or do I need to make a symbolic link to the current mailq destination? > # postconf -d

Re: Semi-OT: Getting blacklisted by hotmail/Google again and again

On Sat, 16 Mar 2019 at 09:57, Johannes Bauer wrote: > > ... Do any of your users relay incoming emails via your server into their own mailboxes on Gmail/hotmail? In this case, spam they are *receiving* (not sending) is nevertheless being passed to Gmail/Hotmail by your mail server which might

Re: Problems with rspamd, DKIM and a body getting altered after dkim signing because of changed content-transfer-encoding

On Wed, 13 Mar 2019 at 08:16, Michael Ludwig wrote: > > Hi Ralph... You seem to assume that postfix is the guilty party. Wietse wrote: 'Postfix does not convert 7bit mail into quoted-printable.' That is definitive unless you produce evidence to the contrary. So what you are experiencing must be

Re: postscreen_dnsbl_action "drop" not working correctly?

On Wed, 6 Mar 2019 at 03:51, Mayhem wrote: > > LuKreme wrote > > On 05 Mar 2019, at 10:00, Dominic Raferd > > > dominic@.co > > > wrote: > >> Fail2ban is (as you know) a way to tackle it. > > At 1000 connections a day I don’t think fail2ban or

Re: postscreen_dnsbl_action "drop" not working correctly?

On Tue, 5 Mar 2019 at 16:43, Mayhem wrote: > > The reason why I even suggested this is that I don't see a lot different IP > addresses. I figured the Postfix system wouldn't need to cache that many > "bad" IP addresses. You guys obviously see differently. > > My mail logs rotate at 12AM every

Re: Is there any way to add whitelist to ranges or ips domains so that dnsbl are skipped?

You could build a cidr file (say /etc/postfix/postscreen_access.cidr) to whitelist gmail servers with the output from: dig +short _spf.google.com TXT|awk '{for (f=1; f<=NF; f++) {if (substr($f,1,8)=="include:") print substr($f,9)}}'|xargs -I {} dig +short {} TXT|awk '{for (f=1; f<=NF;f++) {if

Re: Discard subject UTF8

On Thu, 28 Feb 2019 at 15:04, Varadi Gabor wrote: > > 2019. 02. 28. 15:48 keltezéssel, Emanuel írta: > > Your Amazon.co.uk order # > > > ^Subject: =?UTF-8?B?WW91ciBBbWF6b24uY28udWsgb3JkZXIgIw/ DISCARD Or use Spamassassin

Re: Cannot get sasl auth working on ubuntu 18.04

On Thu, 21 Feb 2019 at 19:59, Ski Kacoroski wrote: > > I still have the problem though, that sasl is working fine via > testsaslauthd, but I cannot get it to work with postfix. > > Does anyone have ideas on how to debug the postfix - sasl interface (I > am using cyrus sasl). swaks is a useful

Re: How to protect against compromised email account password

On Thu, 21 Feb 2019 at 15:23, John Stoffel wrote: ... > Unfortunately, some big ISPs have now blocked all Digital Ocean IP > Blocks, and wont' accept email, even though my domain is locked down, > doesn't spam, etc. They took the big hammer approach. Which sucks > for me. > > So the question

Re: Problems with scam where from and for is internal addresses of my domain

On Tue, 19 Feb 2019 at 11:41, Francesc Peñalvez wrote: > > Add smtpd_sender_restrictions = > permit_mynetworks > check_client_access cidr: /etc/postfix/trusted_ips.cidr > permit_sasl_authenticated > check_sender_access inline: { > {almogavers.net =

Re: DKIM for locally generated mails - how best to approach?

On Mon, 18 Feb 2019 at 10:51, Andrey Repin wrote: > I just discovered that mail generated locally (i.e. introduced by pickup > daemon) is not signed. > > Digging in documentation, I've found > http://www.postfix.org/postconf.5.html#non_smtpd_milters > But its description made me reluctant to

Re: Click tracker removal ideas?

On Thu, 14 Feb 2019 at 16:28, Phil Stracchino wrote: > Does anyone have any suggestions for a tool for filtering out click > trackers from links in email bodies and rewriting the links without the > click tracking? Anything that does this will also break DKIM, if the email has it (which many

Re: Postfix With OpenDKIM: milter: SMFIC_EOH

On Wed, 13 Feb 2019 at 16:26, Viktor Dukhovni wrote: > On Wed, Feb 13, 2019 at 03:52:54PM +0000, Dominic Raferd wrote: > > > > With hostnames the [] are optional and usually not used. > > > > OT: is this true generally or just for milter lookups? > >

Re: Postfix With OpenDKIM: milter: SMFIC_EOH

On Wed, 13 Feb 2019 at 15:10, Viktor Dukhovni wrote: > With hostnames the [] are optional and usually not used. OT: is this true generally or just for milter lookups? I thought that for hostname-based relay transports (for example), including in transport_maps, it was recommended to use [] to

Re: Problems invoking amavis from postfix

On Fri, 8 Feb 2019 at 17:33, Viktor Dukhovni wrote: > > #postconf -Mxf > > > > pickup unix n - n 60 > > 1 pickup > > pickup unix n - n 60 > > 1 pickup > >

Re: Problems invoking amavis from postfix

On Fri, 8 Feb 2019 at 16:18, Robert Moskowitz wrote: > > I have dug some more and not found anything to help. I went through > http://www.postfix.org/docs.html where 2 of the amavis howtos are no longer > available. I have replicated the main.cf and master.cf as shown in >

Re: Stopping acceptence from unowned networks address as from my domains

On Fri, 8 Feb 2019 at 01:31, li...@lazygranch.com wrote: > I'm having trouble finding check_sender_access AND inline. Is inline > some way of not using hash? For example, I have: > > check_sender_access hash:/etc/postfix/sender_checks, > > Maybe I'm using this wrong. I have this set up to

Re: Fixing open relay problem

On Tue, 22 Jan 2019 at 06:22, Stephen McHenry wrote: > I've been running Postfix for many years now (so thanks to Wietse and all > the others who have put in hard work to make it such a great mail system) > and recently I built a new mail server and copied most of the config files > from the old

Re: spam with doutle at (fake@domain1@domain2)

On Fri, 18 Jan 2019 at 21:03, kazabe wrote: > My server is crying with a spam problem. we are receiving a lot of > fake messages with virus attached. > The messages coming from an account like > fakeu...@mydomain.com@spammerdomain.com with content very similar > to the messages sent by our

Re: Assistance to protect from spam flood

On Sat, 12 Jan 2019 at 11:10, Nick Howitt wrote: > Hi all, > Until recently I did not receive too much spam and had it pretty-much > under control. This week has gone mental. So far this week I have > received 29860 connection attempts form {some_random_number}@qq.com to >

Re: Canonical?

On Wed, 2 Jan 2019 at 15:52, Me wrote: > Thank you very much for that. It is an interesting possibility and deserves > consideration... OT: please don't top post and please don't call yourself 'Me'. Some of the rest of us (and our Gmail systems) think we are 'me' too, so it is confusing.

Re: Local delivery to mbox / inode issue

On Fri, 7 Dec 2018 at 10:22, Dominic Raferd wrote: > On Fri, 7 Dec 2018 at 09:15, Matus UHLAR - fantomas > wrote: > >> On 06.12.18 15:45, Dominic Raferd wrote: >> >I am using incrond to monitor an mbox file (in /var/mail) for changes, >> >> I thin

Re: capture information for internal generated mails

On Thu, 20 Dec 2018 at 14:23, d tbsky wrote: > Matus UHLAR - fantomas > >> On 20.12.18 21:50, d tbsky wrote: > >>I don't know if it is easier. but what I want is three information: > >>the mail content, who send the mail, the mail send to whom. > > > >the latter 2 information is not available

Re: capture information for internal generated mails

On Thu, 20 Dec 2018 at 11:19, d tbsky wrote: > Dominic Raferd > > > > On Thu, 20 Dec 2018 at 09:22, d tbsky wrote: > >> > >> hi: > >>I want to bcc all mails for archive purpose. one kind of mail is > like below: > >> > >

Re: capture information for internal generated mails

On Thu, 20 Dec 2018 at 09:22, d tbsky wrote: > hi: >I want to bcc all mails for archive purpose. one kind of mail is like > below: > >outside user (a...@gmail.com) mail to -> postfix alias with settings > to forward outside (myal...@example.com) -> forward to outside user >

Re: dnsbl postscreen - not blocking

On Wed, 19 Dec 2018 at 14:51, Matus UHLAR - fantomas wrote: > On 19.12.18 14:00, Stefan Bauer wrote: > >Dec 19 13:04:36 mx1 postfix/postscreen[4770]: CONNECT from > >[209.85.166.196]:52168 to [public-ip]:25 > >Dec 19 13:04:42 mx1 postfix/dnsblog[4774]: addr 209.85.166.196 listed by > >domain

Re: Local delivery to mbox / inode issue

On Fri, 7 Dec 2018 at 10:40, Matus UHLAR - fantomas wrote: > >> On 06.12.18 15:45, Dominic Raferd wrote: > >> >I am using incrond to monitor an mbox file (in /var/mail) for changes, > > >On Fri, 7 Dec 2018 at 09:15, Matus UHLAR - fantomas > >wrote: > >

Re: Local delivery to mbox / inode issue

On Fri, 7 Dec 2018 at 09:15, Matus UHLAR - fantomas wrote: > On 06.12.18 15:45, Dominic Raferd wrote: > >I am using incrond to monitor an mbox file (in /var/mail) for changes, > > hmmm, why? > maybe there's other way to implement your requirement > I think I have it wor

Re: Local delivery to mbox / inode issue

On Thu, 6 Dec 2018 at 16:37, Bill Cole < postfixlists-070...@billmail.scconsult.com> wrote: > On 6 Dec 2018, at 11:15, Dominic Raferd wrote: > > >> Have you verified that the inode number changes? > >> > > > > > > no, I will check how to do this

Re: Local delivery to mbox / inode issue

Thanks for the swift response - see below. On Thu, 6 Dec 2018 at 16:10, Wietse Venema wrote: > Dominic Raferd: > > I am using incrond to monitor an mbox file (in /var/mail) for changes, > but > > it is failing to trigger when postfix adds an incoming mail to the file. &

Local delivery to mbox / inode issue

I am using incrond to monitor an mbox file (in /var/mail) for changes, but it is failing to trigger when postfix adds an incoming mail to the file. (It triggers fine however if I touch the file.) I may be barking up the wrong tree but I wonder if this is because instead of merely appending to the

Re: avoid external emails that the from=< and the to=< are the same user

ECT From header impersonation type 1 # (b) e.g. From: Dominic Raferd if /^From: ?(Mr?s? )?(D(ominic)?.*Raferd)/ # but allow some exceptions... e.g. apple, launchpad !/(@bugs\.launchpad\.net|noreply@email\.apple\.com)>?\s*$/ REJECT From header impersonation type 2 endif

Re: Rejecting based on From is...not rejecting

On Fri, 16 Nov 2018 at 06:49, Dennis Carr wrote: > On Fri, 16 Nov 2018 06:10:28 + > Dominic Raferd wrote: > > > - you say you want to ban based on the 'From:' address which if true > > would require you to use header_checks ( > > http://www.postf

Re: Rejecting based on From is...not rejecting

On Fri, 16 Nov 2018 at 05:18, Dennis Carr wrote: > Heya. Postfix 3.1.8 on Debian Stable. > > I'm trying to use /etc/postfix/sender_access to pretty much reject > anything showing as 'From: *@qq.com' as there's a plethora of spam > coming from that domain - and it's not rejecting. Suffice it to

Re: G Suite mx checker complains "do not configure the mail service on the only domain name."

On Thu, 15 Nov 2018 at 09:40, Poliman - Serwis wrote: > Really appreciate help. About " In other words: if you want mail to end up > at your MX, your A ip-address should not accept incoming mail. " - > currently I have spf which allow sending emails only for google servers > added as MX records

Re: what does it mean?

On Thu, 8 Nov 2018 at 08:07, Poliman - Serwis wrote: > > > 2018-11-08 8:49 GMT+01:00 Dominic Raferd : > >> On Thu, 8 Nov 2018 at 07:35, Poliman - Serwis wrote: >> >>> I have domain kamir-transport.pl deployed on the server with dns zone >>> w

Re: what does it mean?

On Thu, 8 Nov 2018 at 07:35, Poliman - Serwis wrote: > I have domain kamir-transport.pl deployed on the server with dns zone > where are configured google MX servers like aspmx.l.google.com, > alt1.aspmx.l.google.com (and few more). Mailboxes are not on my server, > all email things are deployed

Re: OT: Sender header vs DKIM

On Fri, 26 Oct 2018 at 07:58, Richard James Salts wrote: > On Friday, 26 October 2018 12:53:48 AM AEDT Scott Kitterman wrote: > > On October 25, 2018 10:56:53 PM UTC, Richard James Salts > wrote: > > >Hi all, > > > > > >This is offtopic in regards to postfix but I bring it up because of the > >

Re: postfix stops sending mail after sometime

On Tue, 23 Oct 2018 at 09:06, B. Reino wrote: > On Sat, 20 Oct 2018, Wietse Venema wrote: > > > gaurav.parashar: > >> Hii, > >> I had installed postfix in Ubuntu 16.04 and it was working seamlessly. > Some > >> time back I upgraded it to Ubuntu 18.04 and suddenly emails stop coming > to > >> my

Re: SV: Re: How do I best get SMTP statements logged ?

On Wed, 17 Oct 2018 at 12:27, K F wrote: > ... What we've seen is some recipients sort of 'goes dark', and they just > timeout on the SMTP connection, and the troubling for us is that it's not > 'small companies' that does this But all of the sudden the problem > disappears, sometime after

Re: unused parameter: sender_dependant_default_transport_maps

On Tue, 16 Oct 2018 at 13:01, Emmanuel Jaep wrote: > My main.cf contains: > transport_maps = hash:/etc/postfix/transport_maps > sender_dependant_default_transport_maps = > hash:/etc/postfix/sender_dependant_default_transport_maps > > I get a warning about the directive not being used:... >

Re: Outbound DKIM signing milter options for Postfix?

On Thu, 11 Oct 2018 at 08:49, B. Reino wrote: > On 2018-10-11 04:08, pg...@dev-mail.net wrote: > > I'm setting up outbound DKIM signing for a Postfix instance. > > > > I'd prefer something other that OpenDKIM or Amavisd. > > > > Other than DIY, is there a solid/stable milter for outbound signing

Re: Renewal of Let's encrypt certs being used in postfix

On Thu, 11 Oct 2018 at 09:08, Ignacio Garcia wrote: > Hi there. We just started using let's encrypt certs in our mail servers. > Since renewal of the certs is done automatically, will postfix cope well > with that or will we have to restart it after the renewal takes place? > Viktor answered

Re: header_checks help, please

On Sun, 7 Oct 2018 at 21:37, Janos Dohanics wrote: > I have been trying to edit the Subject: line using header_checks, > without success: > > header_checks.pcre: > > if /^From: (.*)<(.+)mydomain\.com\>$/i > /^Subject: (.*)$/i > REPLACE Subject: some_string $1 > endif > > main.cf: > >

Re: Double-Bounce

On Fri, 14 Sep 2018 at 07:14, Benny Pedersen wrote: > Benny Pedersen skrev den 2018-09-14 08:08: > > Dominic Raferd skrev den 2018-09-14 07:33: > >> On Fri, 14 Sep 2018 at 00:29, Julian Opificius > >> wrote: > >>> > >>> Why is it that

Re: Double-Bounce

On Fri, 14 Sep 2018 at 00:29, Julian Opificius wrote: > > Why is it that my system marks everything from you as spam, Benny? Is it > your tld? I've added you to my address book, but my server keeps > spitting you out. Because the domain that he uses to send emails through this mailing list has

Re: Spamhaus blocking Spectrum IPs; rbl_override not working

On Tue, 21 Aug 2018 at 16:43, Fongaboo wrote: > > Sorry.. reposting with correct subject... > > I tried putting a bunch of /8's that I know to be assigned to Spectrum, > one of > which my own IP was definitely within, into rbl_override. I then ran > postmap > rbl_override and restarted postfix.

Re: New to Postfix. 3 questions about security functions.

On Wed, 15 Aug 2018 at 10:52, wrote: > That 'trusteddomainproject' sounds a bit more official. Or at least > broader. But I really don't know. Seems like there aren't a lot of people > working on it. Or that bugs get the attention they need. > That is the home of opendkim and opendmarc (and

Re: New to Postfix. 3 questions about security functions.

On Wed, 15 Aug 2018 at 09:32, Gary wrote: > ... > I'm guessing you will be using a VPS. I'm on Digital Ocean running Centos. > But I assume this is a function of what country you reside in. Some > sysadmins will assume if you are on a VPS, you are a spammed. ATT for > example. They will

Re: message-id logging broken by utf8?

On Tue, 14 Aug 2018 at 15:22, Tom Sommer wrote: > I noticed a mail that broke logging syntax: > > Aug 14 15:29:57 X postfix/cleanup[11962]: 41qYP05TZCz5xY9: > message-id==?utf-8?Q?=3CE1F7DC2C-82B5-4927-B0DB-0179227E665C=40aalborgf?=? > =?utf-8?Q?=C3=B8rstehj=C3=A6lp=2Edk=3E?= > > I guess the

Re: Blocking spammers who spoof From: addresses from my domain

On Mon, 13 Aug 2018 at 12:20, @lbutlr wrote: > On 12 Aug 2018, at 17:29, Stuart Longland > wrote: > > We have a problem where some smart-arse spammers/phishers are spoofing > > the From address, specifying our domain as their from address. In one > > case, the person in question uses my

Re: Blocking spammers who spoof From: addresses from my domain

On Mon, 13 Aug 2018 at 06:52, Matthias Fechner wrote: > Am 13.08.2018 um 01:29 schrieb Stuart Longland: > > We have a problem where some smart-arse spammers/phishers are spoofing > > the From address, specifying our domain as their from address. In one > > case, the person in question uses my

Re: See a double-bounce mail generated by my postfix

On Wed, 8 Aug 2018 at 14:54, Wietse Venema wrote: > Dominic Raferd: > > On Wed, 8 Aug 2018 at 11:50, Wietse Venema wrote: > > > > > Dominic Raferd: > > > > canonical: > > > > <> root > > > > > > I don't know of any prom

Re: See a double-bounce mail generated by my postfix

On Wed, 8 Aug 2018 at 11:50, Wietse Venema wrote: > Dominic Raferd: > > canonical: > > <> root > > I don't know of any promise that canonical_maps will use <> as the > lookup key for the null address. > I will remove that, I put it there a long time ag

Re: See a double-bounce mail generated by my postfix

On Wed, 8 Aug 2018 at 07:39, Dominic Raferd wrote: > I would like to be able to see an example of a double-bounce message > generated by my postfix (3.3.0) server. Can I get my postfix to send me > (say to an unrelated external mailbox) a double-bounce message? > Alternatively is t

See a double-bounce mail generated by my postfix

I would like to be able to see an example of a double-bounce message generated by my postfix (3.3.0) server. Can I get my postfix to send me (say to an unrelated external mailbox) a double-bounce message? Alternatively is there a way I can save, on the server, the double-bounce message as and when

Re: Greylisting (Was Re: Fall back to relay after [some] 5XX repl[ies] from destination?)

On Tue, 7 Aug 2018, 20:58 @lbutlr, wrote: > On 07 Aug 2018, at 04:49, Luc Pardon wrote: > > but in any case it serves no useful purpose (unlike greylisting, SAV, > etc. > > Are people still finding grey listing to be useful? I found it caused far > more problems than it solved and the endless

Re: bounced posts go to spam

On Tue, 31 Jul 2018 at 16:52, Sonic wrote: > > Apparently, mail.example.org and ASPMX.L.GOOGLE.com enforce DMARC > > in different ways. > > > > Regardless, if the DMARC policy does not authorize host Y to send > > mail on behalf of domain $myorigin, then you need to fix the DMARC > > policy so

Re: SPF + outside backup MX relay = redelivery failures: Help requested

On Mon, 23 Jul 2018 at 15:04, Phil Stracchino wrote: > On 07/21/18 21:25, Scott Kitterman wrote: > > Only check SPF at the external border of your email architecture. The > relay > > from your backup MX is an internal relay. SPF checks from that host > should be > > skipped. If you look at

Re: what's smtpd_tls_wrappermode 'non standart' ?

​​On Tue, 24 Jul 2018 at 09:06, Miwa Susumu wrote: > Hi all. > > Does 'the non-standard "wrapper" mode' refer to SMTPS using port 465? > smtpd_tls_wrappermode > http://www.postfix.org/postconf.5.html#smtpd_tls_wrappermode > > Run the Postfix SMTP server in the non-standard "wrapper" mode,

Re: Commenting multi line option

On Mon, 23 Jul 2018 at 16:02, wrote: > I would like to know if comments may be used in this fashion. In the > example below, will the last line 'permit' be seen as part of the > 'smtpd_helo_restrictions' option? > > ​​ > smtpd_helo_restrictions = > permit_mynetworks > # > ​​ >

Re: Trouble Postfix ClamSMTP - Help

On Mon, 9 Jul 2018 at 10:10, wrote: > Hello > > > > Please now i troubleshooting 2 days about my problem with ClamSmtp > > and "Postfix" after write ClamAV_Mailinglist the people there are not > > helping and im standing still. The possible help solutions are outdated. > > > > - Debian - 8.11,

Re: Can a ISP block partially the traffic over the port 25 ??

On Thu, 28 Jun 2018 at 13:27, kazabe wrote: > Hi, > > I'm have a very strange issue with a mail server, locate in the main > company office. Until the last five weeks we are experimenting > problems to deliver emails to some domains stored on outlook.com and > other servers. We message stay on

Re: problem on a relay server

On 24 May 2018 at 15:01, pat G wrote: > > Hello, > > i am working on a relay server, but it isn't functionnal. > > my main.cf is : > > http://paste.debian.net/1026390/ > > but i ve theses errors in logs : > > http://paste.debian.net/1026400/ > > did i miss something or did

Re: real life reasons not to use reject_unknown_client_hostname

On Sun, 13 May 2018, 04:01 James, wrote: > >> I use it. I like it. But... real world can/will bite you in the ass: > > > > Yes, it can. Note this Received header from *your* message: > > > >> Received: from trackivity.com (unknown [IPv6:2607:f0b0:0:205::2]) > >>

Re: 454 4.7.1 Relay access denied

On 29 April 2018 at 21:46, Wietse Venema <wie...@porcupine.org> wrote: > Dominic Raferd: > > Do you publish the order in which smtpd restriction lists are > > processed? I thought I knew it but evidently not. > > ​​ > http://www.postfix.org/SMTPD_ACCES

Re: 454 4.7.1 Relay access denied

On 29 April 2018 at 17:51, Wietse Venema <wie...@porcupine.org> wrote: > Dominic Raferd: >> On 29 April 2018 at 17:16, Wietse Venema <wie...@porcupine.org> wrote: >> > Dominic Raferd: >> >> Checking my logs I see that some senders are trying to fake o

Re: 454 4.7.1 Relay access denied

On 29 April 2018 at 17:16, Wietse Venema <wie...@porcupine.org> wrote: > Dominic Raferd: >> Checking my logs I see that some senders are trying to fake our domain >> and use our server to send mails to third parties masquerading as one >> of our own domains (w

454 4.7.1 Relay access denied

Checking my logs I see that some senders are trying to fake our domain and use our server to send mails to third parties masquerading as one of our own domains (without authenticating first). They are stopped by smtpd with response 'Relay access denied', but instead of 5xx permanent rejection

Re: warning: TLS library problem - messages in log

On 29 April 2018 at 16:57, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > >> On Apr 29, 2018, at 3:37 AM, Dominic Raferd <domi...@timedicer.co.uk> wrote: >> >> This is a genuine and expected sender (VoIP provider). I am less sure >> abou

Re: warning: TLS library problem - messages in log

On 29 April 2018 at 08:35, Viktor Dukhovni wrote: > > >> On Apr 29, 2018, at 3:28 AM, @lbutlr wrote: >> >> It appears that Swiss domain uses Google for their email: >> >> finarea.ch. 21599 IN MX 20 alt2.aspmx.l.google.com. >>

Re: warning: TLS library problem - messages in log

On 28 April 2018 at 15:43, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > >> On Apr 28, 2018, at 3:40 AM, Dominic Raferd <domi...@timedicer.co.uk> wrote: >> >> So far I have one genuine sender that is failing TLS, but upon >> checking I see

Re: warning: TLS library problem - messages in log

On 27 April 2018 at 17:17, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > >> On Apr 27, 2018, at 2:22 AM, Dominic Raferd <domi...@timedicer.co.uk> wrote: >> >> $ grep -a "warning: TLS library problem" /var/log/mail.log.1 >> /var/l

Re: warning: TLS library problem - messages in log

On 27 April 2018 at 08:57, Poliman - Serwis <ser...@poliman.pl> wrote: > 2018-04-27 8:22 GMT+02:00 Dominic Raferd <domi...@timedicer.co.uk>: >> >> I have always received a number of warning messages (from >> postfix/smtpd) stating 'TLS library proble

Re: rsyslogd and postfix

> While on the topic of rsyslogd, I have v8.16.0 and use these two lines in rsyslogd.conf to get datetime -MM-DD HH:MM:SS formatting: $template CustomFormat,"%timegenerated:::date-year%-%timegenerated:::date-month%-%timegenerated:::date-day% %timegenerated:

warning: TLS library problem - messages in log

I have always received a number of warning messages (from postfix/smtpd) stating 'TLS library problem' in my mail logs and I think they are always followed by a dropped incoming connection. I have hitherto assumed that they reflect a badly-configured (probably spamming) foreign client/host, but

Re: Virtual Alias and To header rewrite

On 25 April 2018 at 19:25, Gary Smith wrote: > Hi Everyone, > > It's been a long time since something in postfix has stumped me. I am using > virtual alias rewrites to handle 50k incoming email addresses that expand to > 1+n recipients. The recipients are the line

Re: Postfix performance problem (cleanup process)

On 19 April 2018 at 07:21, Peer Heinlein wrote: > > You can save a lot of cpu ressources if you use... > > ...pcre instead of regexp (mostly the syntax is the same, but the engine > is better, just change the prefix!) Check if supported with: # postconf -m|grep

Re: Not receiving messages from mail servers

On 17 April 2018 at 13:38, @lbutlr wrote: > > I finally managed to isolate this. I have no been receiving mails from some > mail servers and there's very little being logged. I obviously set some > configuration that mucked things up. Here is the entire mail.log from the >

Re: Subject Regular expressión

On 11 April 2018 at 01:24, Stephen Satchell wrote: > The | operator is supposed to bind to a single token before and after. > ​Not true - at least for pcre. Just enclose the entire expression in brackets: ​ ​ /^Subject:\s*(Hello there|Hey man)/ DISCARD (However Viktor's

Re: Blocking mail from all but one domain

On 11 April 2018 at 03:27, Alex wrote: > Hi, > I have a postfix-3.1.4 installation and have been given a request to > block all incoming mail from all but a single specific domain and > block all outgoing mail with the exception of only that same single > specific domain.

Re: Removing trace records on submission MSA

On 7 April 2018 at 07:39, J Doe <gene...@nativemethods.com> wrote: > Hi Viktor and Dominic, > > If I do the following on Ubuntu 16.04 LTS: > > $ echo "1 2" | egrep '[[:digit:]]\s[[:digit:]]’ > 1 2 > > … where “1 2” are highlighted in bash >

Re: Removing trace records on submission MSA

On 7 April 2018 at 07:04, Viktor Dukhovni wrote: > > > > On Apr 7, 2018, at 1:59 AM, J Doe wrote: > > > > Ah, interesting - that must be it, then. > > > > This is on an Ubuntu 16.04 LTS server. I can see the dependencies > compiled in from

Re: Does postfix reject spoofed senders?

On 30 March 2018 at 08:09, Bastian Blank wrote: > On Fri, Mar 30, 2018 at 12:03:37AM -0700, Sean Greenslade wrote: >> On Fri, Mar 30, 2018 at 08:38:34AM +0200, Lorenzo Petracchi wrote: >> > In the last few weeks our e-mail users are receiving many

Re: Does postfix reject spoofed senders?

On 30 March 2018 at 06:51, Lorenzo Petracchi wrote: > Is there a reliable way to reject incoming mails with a spoofed e-mail > address? Please clarify what you mean.

Re: Shell script to remote test AUTH with STARTTLS at postfix/dovecot server

On 20 March 2018 at 08:34, Alex JOST <jost+postfix...@dimejo.at> wrote: > Am 20.03.2018 um 09:15 schrieb Dominic Raferd: > >> I regularly test my remote mail servers (which use postfix - with >> dovecot for authentication) to check they are live and f

Shell script to remote test AUTH with STARTTLS at postfix/dovecot server

I regularly test my remote mail servers (which use postfix - with dovecot for authentication) to check they are live and functioning, including that they are responding correctly to authorised login with STARTTLS. I currently use this (sorry about line breaks, the original is on one line):

Re: Recording of DANE talk at ICANN61

On 19 March 2018 at 09:12, Mike Guelfi <m...@colmancomm.com> wrote: > The m3u contains a link to: > http://audio.icann.org/meetings/sju61/sju61-OPEN-2018-03-14-T1732-208bc- > zYhNI147Nrs4gtkXUVItrT4uukdYi3nR-en-02.mp3 > > Which does work... > > On 19 Mar. 2018

Re: Recording of DANE talk at ICANN61

On 17 March 2018 at 19:42, Viktor Dukhovni wrote: > > [ Also posted to dane-us...@sys4.de, please pardon the duplication if > you're reading both lists. I'm planning to also post to exim-users > and d...@ietf.org ] > > I gave a talk about DANE for SMTP at the

Re: postscreen_dnsbl_whitelist_threshold and SORBS and Google

On 2 March 2018 at 07:53, MRob <mro...@insiberia.net> wrote: > On 2018-03-02 07:24, Dominic Raferd wrote: >> >> For external rbls this is what I currently use (extract from >> smtpd_recipient_restrictions list in main.cf, not postscreen), I have >> not been

Re: postscreen_dnsbl_whitelist_threshold and SORBS and Google

On 1 March 2018 at 23:24, J Doe wrote: > I know there are a number of lists of publicly available DNS BL’s but is > there a list of BL’s that have a low false-positive history ? I’m aware that > false positives do happen, but blacklisting Gmail seems to be

Re: temp avoiding RBL block with client_checks OK?

On 13 February 2018 at 11:43, Voytek <li...@sbt.net.au> wrote: > > On Tue, February 13, 2018 9:18 pm, Dominic Raferd wrote: > > In your case you can put either the ip or the client address onto a new > > line in the file referenced by check_client_access, followed by ' OK

Re: temp avoiding RBL block with client_checks OK?

On 13 February 2018 at 08:42, Voytek wrote: > one of the users is waiting for an email from server currently listed on > http://www.dnsbl.manitu.net/lookup.php?value=203.12.160.162 > > chances are it might get fixed in 12 hours, or, maybe not > > short of removing

Re: t/s missing inbound mails with limited info

On 10 February 2018 at 05:22, Voytek wrote: > I've noticed I'm missing certain inbound emails addressed to me, the IT > support of sender is of limited help, as when I've asked for any rejection > notice or IP of sending server I was told "Please be informed that we > couldn't

Re: python-policyd-spf doesn't check mail from my own domain

On 31 January 2018 at 09:48, li...@lazygranch.com wrote: > > I'm at a loss on the HELO_reject = False. Why wouldn't you use the > default "fail". I use opendmarc to pass or fail emails, I never fail an email based only on SPF. That can lead to lots of false positives IMO.

Re: python-policyd-spf doesn't check mail from my own domain

On 31 January 2018 at 03:44, li...@lazygranch.com <li...@lazygranch.com> wrote: > On Tue, 30 Jan 2018 10:50:18 + > Dominic Raferd <domi...@timedicer.co.uk> wrote: > >> On 30 January 2018 at 10:11, li...@lazygranch.com >> <li...@lazygranch.com> wrote: &

Re: python-policyd-spf doesn't check mail from my own domain

On 30 January 2018 at 10:11, li...@lazygranch.com wrote: > I've installed the opendmarc milter. I'm not rejecting mail from it at > the moment. I've noticed that if I send myself a message, the > policyd-spf milter isn't run. That in turn causes mail I send myself to > fail

<    1   2   3   4   5   >