On Fri, Jun 24, 2016 at 11:44 AM, francis picabia <fpica...@gmail.com>
wrote:
>
> I saw one discussion on this error from back in 2013, but didn't
> learn anything from it that resolves my error.
>
> We have an MX pointing to O365. It sends any email it can't
> m
I saw one discussion on this error from back in 2013, but didn't
learn anything from it that resolves my error.
We have an MX pointing to O365. It sends any email it can't
match to a mailbox to our "smarthost", which runs Postfix 3.0.2-20150720
On the Postfix smarthost we have:
The tests have been done in both 2.6.6 and 3.0.2
We've been using canonical_maps for over a decade
without a hitch, but recently came across a situation
where an account is referenced in both mapping files.
canonical_maps =
On Tue, Jan 12, 2016 at 10:09 AM, @lbutlr <krem...@kreme.com> wrote:
> On Jan 12, 2016, at 6:43 AM, francis picabia <fpica...@gmail.com> wrote:
>> We've been using canonical_maps for over a decade
>> without a hitch, but recently came across a situation
>> where
On Wed, Jun 3, 2015 at 3:29 PM, francis picabia fpica...@gmail.com wrote:
On Wed, Jun 3, 2015 at 3:18 PM, Noel Jones njo...@megan.vbhcs.org wrote:
On 6/3/2015 11:18 AM, francis picabia wrote:
On Wed, Jun 3, 2015 at 11:42 AM, Wietse Venema wie...@porcupine.org wrote:
francis picabia:
/etc
On Tue, Jun 2, 2015 at 1:30 PM, francis picabia fpica...@gmail.com wrote:
On Tue, Jun 2, 2015 at 12:13 PM, Wietse Venema wie...@porcupine.org wrote:
francis picabia:
A remaining concern is bypassing the content_filter
I've scanned through http://www.postfix.org/FILTER_README.html
and googled
On Wed, Jun 3, 2015 at 10:48 AM, Wietse Venema wie...@porcupine.org wrote:
francis picabia:
Let's say I want everything to go through the content filter unless
it comes from 1.2.3.4/24 or 5.6.7.8/24 How is that configured?
A cidr: based access map would be the most convenient here.
/etc
On Wed, Jun 3, 2015 at 11:42 AM, Wietse Venema wie...@porcupine.org wrote:
francis picabia:
/etc/postfix/main.cf:
smtpd_client_restrictions =
check_client_access cidr:/etc/postfix/client_access.cidr
/etc/postfix/client_access.cidr:
1.2.3.4/24 DUNNO
5.6.7.8/24
On Wed, Jun 3, 2015 at 3:18 PM, Noel Jones njo...@megan.vbhcs.org wrote:
On 6/3/2015 11:18 AM, francis picabia wrote:
On Wed, Jun 3, 2015 at 11:42 AM, Wietse Venema wie...@porcupine.org wrote:
francis picabia:
/etc/postfix/main.cf:
smtpd_client_restrictions =
check_client_access
A remaining concern is bypassing the content_filter
I've scanned through http://www.postfix.org/FILTER_README.html
and googled this issue.
I think I'd understand the FILTER documentation better
with a real example.
Let's say I want everything to go through the content filter unless
it comes
On Tue, Jun 2, 2015 at 12:13 PM, Wietse Venema wie...@porcupine.org wrote:
francis picabia:
A remaining concern is bypassing the content_filter
I've scanned through http://www.postfix.org/FILTER_README.html
and googled this issue.
I think I'd understand the FILTER documentation better
In the past, including up to 2.11.3, I compiled Postfix
and ran two instances of it with different IPs. One was
an MX, and the other dedicated SMTP. The dedicated
SMTP instance required a unique queue_directory,
slightly different init script, etc. The dedicated SMTP
instance used a config
I'm sure there are other Postfix sites which have looked
into the question of what is required for Everbridge email
to come in without potential delays or non-delivery.
I'm asking someone working with our contact at Everbridge
for a list of IPs which are used on their end,
as I've found there are
We've been running authenticated smtp for awhile.
I want to implement smtpd_sender_login_maps
and reject_sender_login_mismatch
For most logins, the log is showing the fqdn of the smtp
server. As in:
sasl_username=u...@smtp.example.com
For some users it shows only the domain name.
On Thu, Jul 10, 2014 at 11:11 AM, Patrick Ben Koetter p...@sys4.de wrote:
* francis picabia fpica...@gmail.com:
We've been running authenticated smtp for awhile.
I want to implement smtpd_sender_login_maps
and reject_sender_login_mismatch
For most logins, the log is showing the fqdn
Hello,
I'm looking at the logs for an SMTP only service where iptables
should be stopping new connections on port 25, and I'm
seeing connects with no sasl auth. They fail to relay, but
I'd rather we didn't talk to them at all.
In the maillog-internal log:
Oct 17 11:28:18 myserver
On Fri, Oct 18, 2013 at 10:12 AM, li...@rhsoft.net li...@rhsoft.net wrote:
Am 18.10.2013 15:00, schrieb francis picabia:
I'm looking at the logs for an SMTP only service where iptables
should be stopping new connections on port 25, and I'm
seeing connects with no sasl auth. They fail
On Fri, Oct 18, 2013 at 12:35 PM, Viktor Dukhovni
postfix-us...@dukhovni.org wrote:
On Fri, Oct 18, 2013 at 05:25:10PM +0200, Dominik George wrote:
No, that also turns off SMTP for LAN clients.
Then.. Put your LAN IP there :D.
- Typically there is no LAN IP vs WAN IP for a machine that
On Fri, Oct 18, 2013 at 12:45 PM, Noel Jones njo...@megan.vbhcs.org wrote:
On 10/18/2013 8:00 AM, francis picabia wrote:
Hello,
I'm looking at the logs for an SMTP only service where iptables
should be stopping new connections on port 25, and I'm
seeing connects with no sasl auth. They fail
On Fri, Oct 18, 2013 at 1:35 PM, Viktor Dukhovni
postfix-us...@dukhovni.org wrote:
On Fri, Oct 18, 2013 at 06:19:14PM +0200, Benny Pedersen wrote:
Viktor Dukhovni skrev den 2013-10-18 16:44:
No, that also turns off SMTP for LAN clients.
not if adding one more pr lan ip
192.168.0.1:smtp
OK, with the syslog entry Noel suggested, I can see traffic has arrived on
submission port. Yet if I grep for the IP connecting, I see no sasl login.
Oct 18 14:39:24 myserver postfix-internal/submission/smtpd[25329]:
connect from blk-222-132-252.eastlink.ca[24.222.132.252]
Oct 18 14:39:24
I had imagined sasl authentication would have to be resolved before
the smtpd process would be taking commands and responding.
I was thinking of how postscreen and postscreen_dnsbl_sites
are handled. I've adjusted the picture.
I like the suggestion to make it into access denied,
as this is more
On Fri, May 31, 2013 at 5:56 PM, Wietse Venema wie...@porcupine.org wrote:
After the confusion that Postfix 2.10 is not Postfix 2.1, maybe it
is time to change the release numbering scheme.
We could to the Linux thing where 2.mumble was followed by 3.mumble.
A version number change based
On Tue, Feb 19, 2013 at 9:20 PM, Sahil Tandon sahil+post...@tandon.netwrote:
On Thu, 2013-02-14 at 13:13:54 +0100, Miha Valencic wrote:
On Thu, Feb 14, 2013 at 1:01 PM, Noel Jones njo...@megan.vbhcs.org
wrote:
HOLD acts at the message level, not the recipient level.
If one recipient of
On Tue, May 14, 2013 at 10:37 AM, francis picabia fpica...@gmail.com wrote:
On Tue, Feb 19, 2013 at 9:20 PM, Sahil Tandon sahil+post...@tandon.net
wrote:
On Thu, 2013-02-14 at 13:13:54 +0100, Miha Valencic wrote:
On Thu, Feb 14, 2013 at 1:01 PM, Noel Jones njo...@megan.vbhcs.org wrote
Hi,
The number of phishing or otherwise compromised accounts is needing
an automation to manage it. Last night the spammers waited until
the evening and simultaneously used 3 compromised accounts to send
spam over secure smtp. A nagios alert on number of messages
in the queue was our only
On Wed, Feb 27, 2013 at 10:11 AM, francis picabia fpica...@gmail.comwrote:
Hi,
The number of phishing or otherwise compromised accounts is needing
an automation to manage it. Last night the spammers waited until
the evening and simultaneously used 3 compromised accounts to send
spam over
On Wed, Feb 27, 2013 at 4:52 PM, Reindl Harald h.rei...@thelounge.netwrote:
Am 27.02.2013 21:45, schrieb francis picabia:
I had a set of cascading iptables rules to rate limit new connections,
but they circumvented this as well. Based on the IP, there were 5
connections
per minute
On Wed, Feb 27, 2013 at 5:22 PM, Noel Jones njo...@megan.vbhcs.org wrote:
On 2/27/2013 2:45 PM, francis picabia wrote:
Over 390 unique IPs simultaneously sent email at a gradual rate
using 3 sets of
compromised credentials.
Use postfwd or similar policy service to rate-limit the total
On Tue, Oct 2, 2012 at 9:20 PM, Wietse Venema wie...@porcupine.org wrote:
Nope. If you were testing this more carefully then you would have
found that upper or lower case does not matter in this context.
I tested the exact same line with PERMIT and permit.
permit allowed the whitelist entry
I now notice there is a warning in the log file only when the postscreen_access
file is read (and should have matched):
Oct 2 15:41:05 mx10 postfix/postscreen[11731]: warning:
cidr:/etc/postfix/postscreen_access: unknown command: OK -- ignoring
the remainder of this access list
Also same
On Tue, Oct 2, 2012 at 4:36 PM, Wietse Venema wie...@porcupine.org wrote:
francis picabia:
[ Charset ISO-8859-1 unsupported, converting... ]
I now notice there is a warning in the log file only when the
postscreen_access
file is read (and should have matched):
Oct 2 15:41:05 mx10 postfix
On Fri, Sep 28, 2012 at 5:41 PM, /dev/rob0 r...@gmx.co.uk wrote:
On Fri, Sep 28, 2012 at 08:58:33AM -0300, francis picabia wrote:
When the remote site attempts to deliver it is caught in blocklist:
Sep 28 05:29:50 mx10 postfix/postscreen[15338]: NOQUEUE: reject: RCPT
from [210.44.128.104
On Fri, Sep 21, 2012 at 10:45 AM, Mikkel Bang facebookman...@gmail.com wrote:
2012/9/20 Anonymous nore...@breaka.net:
Thanks a lot everyone! After thinking long and hard about all your advice I
finally ended up with:
..+ postfix-anti-UCE.txt +..
Ultimate server, or cheap server?
On Thu, Aug 23, 2012 at 1:33 PM, Mike Mitchell m...@mitchellzone.org wrote:
Hi all,
Fairly newbie user here (okay, waiting for collective groan to die down).
I am attempting to configure a postfix server to handle really high-speed
mail delivery. This means I'll be sending (via Java API)
I use postfix with postscreen, spamhaus and other RBLs, nolist greylisting,
sqlgrey greylisting, amavisd-new (which calls in spamassassin), and clamav.
Freshclam and sa-update are run daily by cron.
Here are my stats today on the primary MX (actually secondary due to nolist)
Aug 21
Connect:
On Fri, Mar 23, 2012 at 2:01 PM, Ralf Hildebrandt
ralf.hildebra...@charite.de wrote:
* John Peach post...@johnpeach.com:
http://blog.arschkrebs.de/blog/working-around-broken-cisco-pix-or-asa-installations/
Indeed. I apologize for the shitty formatting :(((
Thanks for this.
This solution
We have a difficulty delivering to a site running a barracuda appliance.
I can email them from a gmail account, or via a telnet session,
but not via postfix on our SMTP gateway. I've contacted the remote
site from my gmail to discuss it but no progress so far.
I have the default pix conf settings
On Fri, Mar 23, 2012 at 11:33 AM, francis picabia fpica...@gmail.com wrote:
We have a difficulty delivering to a site running a barracuda appliance.
I can email them from a gmail account, or via a telnet session,
but not via postfix on our SMTP gateway. I've contacted the remote
site from my
On Fri, Mar 23, 2012 at 12:43 PM, Giles Coochey gi...@coochey.net wrote:
On 23/03/2012 15:37, francis picabia wrote:
On Fri, Mar 23, 2012 at 11:33 AM, francis picabiafpica...@gmail.com
wrote:
We have a difficulty delivering to a site running a barracuda appliance.
I can email them from
Just starting today we've received dozens of spam from websites,
all coming from anonym...@www.example.com where
www.example.com is a website showing Plesk.
I've blocked dozens of IPs. Has anyone else seen this?
On Wed, Jan 4, 2012 at 4:28 PM, Phill Macey phill...@gmail.com wrote:
On 05/01/2012 6:16 AM, francis picabia fpica...@gmail.com wrote:
Connect: 11661
...
Reject total: 18525
Huh? You have more rejects than you had connects in the first place (every
rejected client must first connect
On Wed, Jan 4, 2012 at 12:36 PM, Gary Smith gary.sm...@holdstead.com wrote:
Am 03.01.2012 18:30, schrieb Stan Hoeppner:
To add to this sentiment, haven't most/all the viri/malware pushers
switched from an email delivery vector to drive-by downloads? I can't
recall the last time I saw a
43 matches
Mail list logo