[pfx] Re: dnsbl submissions

2024-07-07 Thread Nick Edwards via Postfix-users
retired in > 2021. > > > > Every main.cf config I've seen uses commas. Ive added them to your quote > below. > > On 7/6/2024 11:18 PM, Nick Edwards via Postfix-users wrote: > > Main: > submission_recipient_restrictions = > reject_rbl_clien

[pfx] Re: dnsbl submissions

2024-07-07 Thread Nick Edwards via Postfix-users
Thanks John! You nailed it, made the two changes you suggested, and it is now blocking, client will be happy, On Sun, Jul 7, 2024 at 8:52 PM John Fawcett via Postfix-users < postfix-users@postfix.org> wrote: > On 07/07/2024 06:18, Nick Edwards via Postfix-users wrote: > > Howdy,

[pfx] dnsbl submissions

2024-07-06 Thread Nick Edwards via Postfix-users
Howdy, I've never seen the point in this before, but i've been asked by a client to implement it if possible, that is, place dnsbl checks on submission and smtps connections, I've tried a few combinations but it does not seem to be working, no doubt someone can see the error and slap me a new one

[pfx] Connect Postfix to Dovecot SASL with TLS?

2023-11-02 Thread Nick Lockheart via Postfix-users
If I have Postfix configured to use Dovecot SASL via TCP, and Dovecot is running on a remote server, can I set up Postfix to use TLS for its connection to Dovecot SASL? Postfix main.cf: smtpd_sasl_path = inet:dovecot.example.com:12345 smtpd_sasl_type = dovecot Dovecot: service auth { inet_l

[pfx] Re: dkim and submission and opendkim

2023-10-24 Thread Nick Edwards via Postfix-users
ntomas via Postfix-users < postfix-users@postfix.org> wrote: > On 24.10.23 14:35, Nick Edwards via Postfix-users wrote: > > I need a refresher hand with DKIM, we have in main.cf > > > >smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8892 > >non_smtpd_milters = $smtp

[pfx] dkim and submission and opendkim

2023-10-23 Thread Nick Edwards via Postfix-users
then you wouldn't do dmarc checking there so I got to thinking again, maybe not.. Just asking the collective guru's here before I change/break anything given my lengthy time away for running pf boxes :) maybe an above option is cancelling out so

Re: Outlook TLS errors after Microsoft Windows Update

2022-10-17 Thread Nick Tait
La da da da... Original message From: Phil Stracchino Date: 18/10/22 9:51 AM (GMT+12:00) To: postfix-users@postfix.org Subject: Re: Outlook TLS errors after Microsoft Windows Update On 10/17/22 16:08, Jaroslaw Rafa wrote:> Dnia 17.10.2022 o godz. 20:35:11 Gerald Galster pisze

Re: submission configuration and RFC 6409

2022-10-12 Thread Nick Tait
t? E.g. I see the option "always_add_missing_headers" but it seems to work fine without adding this, and besides this appears to be a cleanup option rather than smtpd option? Thanks, Nick.

submission configuration and RFC 6409

2022-10-12 Thread Nick Tait
n_name=ORIGINATING *-o local_header_rewrite_clients=static:all* FYI "-o smtpd_delay_reject=no" above is another manual addition of mine, not part of original distro's master.cf. Thanks, Nick.

Re: no shared cipher revisited

2022-10-04 Thread Nick Tait
by default. Nick.

Re: reject_unknown_reverse_client_hostname not working as I expect

2022-08-11 Thread Nick Howitt
On 11/08/2022 14:49, Matus UHLAR - fantomas wrote: On 2022-08-11 at 07:56:41 UTC-0400 (Thu, 11 Aug 2022 12:56:41 +0100) Nick Howitt is rumored to have said: I can't use reject_unknown_client_hostname as I know at least one major ISP in the UK has their mailserver announcing a ???.

Re: reject_unknown_reverse_client_hostname not working as I expect

2022-08-11 Thread Nick Howitt
On 11/08/2022 11:54, Matus UHLAR - fantomas wrote: On 11.08.22 11:43, Nick Howitt wrote: [root@server ~]# postconf -n | grep restrictions smtpd_client_restrictions = permit_mynetworks, reject_unknown_reverse_client_hostname smtpd_recipient_restrictions = permit_mynetworks

Re: Catch-all that pipes to script

2022-06-24 Thread Nick Tait
Hi Luc. I think you need some whitespace at the start of the second line - e.g. "echo '  flags=R user=...' >> master.cf". Otherwise Postfix isn't going to know that this is a continuation of the first line? Nick.

Re: smtpd_recipient_restrictions usage question.

2022-06-24 Thread Nick Tait
ather than check_recipient_a_access)? FYI You can also use OK with check_client_access. Nick.

Re: Mail looping issue

2022-05-21 Thread Nick Tait
ion ${djigzo_rbl_clients} ${djigzo_reject_unverified_recipient? reject_unverified_recipient}* Which would appear to prevent such a process from sending emails to external (Internet) recipients? Nick.

Re: Mail looping issue

2022-05-21 Thread Nick Tait
reject_unverified_recipient} smtpd_data_restrictions = smtpd_end_of_data_restrictions = Sorry, but my only suggestion is "don't do that"! :-( Nick.

Re: milter_header_checks, pcre, chroot

2022-03-22 Thread Nick Tait
t doesn't. The reason is because the results of the first SPF check DNS lookups are cached by the DNS Server, so the second SPF check incurs a negligible delay. Thanks, Nick.

Re: SASL hacking ?

2022-02-22 Thread Nick Tait
for individual countries. The one I use is: https://www.ip2location.com/free/visitor-blocker Just remember that it will also stop you being able to access/send emails while on your overseas holiday! ;-) Nick.

Re: Adding a header on incoming mail, unintended consequences?

2022-02-13 Thread Nick Tait
by DMARC), or could result in a higher SPAM score, which could cause the email to be treated differently? Nick.

Re: Advanced content filter with Unix sockets

2022-02-05 Thread Nick Tait
root root 4096 Jul 25 2021 external 15076729 4 drwxr-x--- 2 dovecot postfix 4096 Feb 1 21:00 external/dovecot 15073313 0 srw-rw 1 dovecot postfix 0 Feb 1 21:00 external/dovecot/auth-dovecot 15073306 0 srw-rw 1 dovecot postfix 0 Feb 1 21:00 external/dovecot/lmtp-dovecot Nick.

Re: Getting Delivered-To when using LDAP?

2021-11-14 Thread Nick Tait
unds: Maybe you could funnel the 'forwarded' messages through another Postfix instance that has a policy service (http://www.postfix.org/SMTPD_POLICY_README.html) which looks for "recipient=/something/" in the request, and then returns "action=prepend Delivered-To: /something/"? Nick.

Re: Relay to google chaning from address

2021-09-20 Thread Nick Howitt
On 20/09/2021 11:15, Adam Barnett wrote: Hi, I have setup a postfix relay to allow us t send some of our mail to google My main.cf looks like this inet_protocols = ipv4 append_dot_mydomain = no biff = no config_directory = /etc/postfix mailbox_size_limit = 0 readme_director

Re: Rewriting the MAILER-DAEMON address and header formats

2021-09-18 Thread Nick Howitt
x27;MAILER-DAEMON', /usr/share/roundcubemail/program/lib/Roundcube/rcube_mime.php: else if (preg_match('/(\s*)$/', $val, $m)) { /usr/share/roundcubemail/program/lib/Roundcube/rcube_mime.php: $address = 'MAILER-DAEMON'; Could changing it break other things? Nick

Re: Rewriting the MAILER-DAEMON address and header formats

2021-09-18 Thread Nick Howitt
#x27;ve configured), it still does not apply any header checks to them. If you are able to apply a milter to them, you can write a milter that rewrites those headers. I've not been paying particular attention to the thread, but can header_checks be used to rewrite MAILER-DAEMON to mailer-daemon? Nick

Re: multiple ip addresses for submission -- My Google Fu is lacking

2021-09-14 Thread Nick Howitt
On 14/09/2021 04:29, raf wrote: On Tue, Sep 14, 2021 at 01:20:03PM +1000, raf wrote: But chances are that mail clients just do what any other TCP client would do. That might be why you can't find any discussion on the topic. Remember, the only IP address(es) that the mail client will be co

Re: How can I temporarily defer internal delivery of e-mails?

2021-09-11 Thread Nick Howitt
On 11/09/2021 20:28, Viktor Dukhovni wrote: On Sat, Sep 11, 2021 at 08:22:46PM +0100, Nick Howitt wrote: I interpreted this, perhaps mistakenly, as if this were now the running config of postfix. There is no such thing as "the running config of Postfix". There's just mai

Re: How can I temporarily defer internal delivery of e-mails?

2021-09-11 Thread Nick Howitt
On 11/09/2021 20:05, Wietse Venema wrote: Nick Howitt: Partly answering my own question, "postconf -o body_checks=regexp:/etc/postfix/body_checks" seems to do the right thing in that the output of the command shows it is set No it doesn't. Where did you get the idea from th

Re: How can I temporarily defer internal delivery of e-mails?

2021-09-11 Thread Nick Howitt
On 11/09/2021 16:40, Nick Howitt wrote: On 11/09/2021 14:03, Nick Howitt wrote: On 11/09/2021 13:57, Nick Howitt wrote: On 11/09/2021 13:24, Kristian wrote: On 11/09/2021 13.43, Nick Howitt wrote: As part of a backup script for cyrus-imapd, I'd like to temporarily stop po

Re: How can I temporarily defer internal delivery of e-mails?

2021-09-11 Thread Nick Howitt
On 11/09/2021 14:03, Nick Howitt wrote: On 11/09/2021 13:57, Nick Howitt wrote: On 11/09/2021 13:24, Kristian wrote: On 11/09/2021 13.43, Nick Howitt wrote: As part of a backup script for cyrus-imapd, I'd like to temporarily stop postfix delivering mails to cyrus-imapd and to

Re: How can I temporarily defer internal delivery of e-mails?

2021-09-11 Thread Nick Howitt
On 11/09/2021 13:57, Nick Howitt wrote: On 11/09/2021 13:24, Kristian wrote: On 11/09/2021 13.43, Nick Howitt wrote: As part of a backup script for cyrus-imapd, I'd like to temporarily stop postfix delivering mails to cyrus-imapd and to just queue them. If it is I believe you c

Re: How can I temporarily defer internal delivery of e-mails?

2021-09-11 Thread Nick Howitt
On 11/09/2021 13:24, Kristian wrote: On 11/09/2021 13.43, Nick Howitt wrote: As part of a backup script for cyrus-imapd, I'd like to temporarily stop postfix delivering mails to cyrus-imapd and to just queue them. If it is I believe you can do this with check_recipient_access

Re: How can I temporarily defer internal delivery of e-mails?

2021-09-11 Thread Nick Howitt
On 11/09/2021 13:42, Wietse Venema wrote: Nick Howitt: Hi, As part of a backup script for cyrus-imapd, I'd like to temporarily stop postfix delivering mails to cyrus-imapd and to just queue them. If it is at all possible I'd like to do it without restarting any services (I know

How can I temporarily defer internal delivery of e-mails?

2021-09-11 Thread Nick Howitt
ed instead of a more conventional setup. Is there any way of achieving what I want without stopping services? Thanks, Nick

Re: Conditional milter_header_checks?

2021-07-15 Thread Nick Tait
portunities for mail server administrators to set it up badly, and that's when it causes problems. And FWIW, I've never seen evidence of any DKIM signature breakage from this mailing list (i.e. Postfix Users). But perhaps other mailing list software might be problematic? Nick.

Re: Looking for examples of separated MTA / MDA pairs

2021-06-10 Thread Nick Tait
i.e. so that you can administer the passwords in a single place). And have the mail server postfix deliver to dovecot using lmtp. Hopefully that will get you going? Reach out if you get stuck? Nick.

Re: [NON-HA] Re: Need help with response to HELO, 502 5.5.2 Error

2021-06-09 Thread Nick
ly nothing as far as protecting the SMTP server and causes more problems than it solves... Have a nice day! Nick

Re: Need help with response to HELO, 502 5.5.2 Error

2021-06-09 Thread Nick
but I am surprised this would disable regular SMTP ones like HELO. If it is indeed Cisco Pix protocol fixup turn it off, it cause(d) more problems than it solves/solved. Have a nice day! Nick

Re: Want to configure domain localhost to support root

2021-04-29 Thread Nick Tait
"postmap hash:/etc/postfix/virtual".) I seem to recall there is a bit more to this, including checking that myorigin is set, but hopefully that will get you heading in the right direction? Nick.

Re: Milters and policy

2021-04-23 Thread Nick Tait
MAILFROM)? Or some other trickery? (AFAIK each invocation of a policy server can only return a single action?) Thanks, Nick.

Re: Certificate Postfix.org missing?

2021-04-21 Thread Nick Tait
On 22/04/2021 10:32 am, Gary Smith wrote: -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Viktor Dukhovni Sent: Wednesday, April 21, 2021 3:02 PM To: Postfix users Subject: Re: Certificate Postfix.org missing? On Apr 21, 2021, at 4:34 PM, Gary Smith wrote: Chr

Re: connect then disconnect; backscatter?

2021-04-18 Thread Nick Tait
al reasons for doing this: 1. It stops the number of firewall rules growing indefinitely. (Each rule has a cost in terms of processing.) 2. If the IP address gets reassigned to a legitimate user, you aren't penalising them indefinitely for someone else's misbehaviour. Nick. P.S.

RE: Problem with starttls / orange.fr

2021-03-29 Thread Nick Tait
Original message  > smtp_tls_protocols = !SSLv2, !SLv3 TLSv1.1, TLSv1.2You have several issues in the line above. I suggest removing this line and using the default setting?Nick.

Re: Milter Behavior

2021-03-11 Thread Nick Tait
signify this, or will it be reflected in the Authentication-Results header? (FWIW Probably the latter would satisfy my requirements.) Thanks, Nick.

Re: ways to process HOLD queue

2021-02-24 Thread Nick Tait
essage (by adding a header), and then it could still be delivered to the user, optionally using sieve to put it into a different (e.g. Junk) folder? Nick.

Re: client and ehlo hostname mismatch

2021-02-11 Thread Nick Tait
On 12/02/21 7:12 pm, Bill Cole wrote: Mail transport often involves MTAs not under the control of the original sender or ultimate recipient or the authorities for the sender's domain. Traditional forwarding (e.g. ~/.forward) still exists and many systems supporting it run Sendmail, which will m

Re: client and ehlo hostname mismatch

2021-02-11 Thread Nick Tait
On 12/02/21 6:57 pm, Bob Proulx wrote: Nick Tait wrote: Nick Tait wrote: Perhaps the advice should be: If you are using Sendmail, then (a) you shouldn't publish a DMARC policy and (b) you shouldn't reject emails based on failed DMARC check; but if you aren't using Sendmail then

Re: client and ehlo hostname mismatch

2021-02-11 Thread Nick Tait
On 12/02/2021 5:49 pm, Nick Tait wrote: Perhaps the advice should be: If you are using Sendmail, then (a) you shouldn't publish a DMARC policy and (b) you shouldn't reject emails based on failed DMARC check; but if you aren't using Sendmail then as long as you don't mind r

Re: client and ehlo hostname mismatch

2021-02-11 Thread Nick Tait
rwarded by a mailing list. :-( Nick.

Re: Cloud9.net related responses

2021-02-11 Thread Nick Tait
On 12/02/2021 7:09 am, Jos Chrispijn wrote: Hi team, can it be that responses in this mailinglist are also send by cloud9.net instead of only postfix.org? Just asking to prevent contermination by importing parallel newsgroup source. All mail that I receive from this mailing list is relayed to

Re: Catch a forged Return Path

2021-02-06 Thread Nick Tait
aking advantage of the null sender address? Sounds like it might be the latter, in which case Postscreen may prove useful? Nick.

Re: AW: Controlling MS Azure Cloud Spam

2020-12-29 Thread Nick Tait
On 30/12/2020 2:38 am, ludic...@gmail.com wrote: @Nick A check for a valid FQDN in From is in smtpd_sender_restrictions. At the point where it got to bounce message, SPF was skipped. Would OpenDMARC then still work? The smtpd_sender_restrictions that you specify are applied to the

Re: Disable unauthenticated sending of OUTGOING email for all local users

2020-12-29 Thread Nick
t omit permit_mynetworks from the other smtpd_*_restrictions. HTH, -- Nick

Re: Controlling MS Azure Cloud Spam

2020-12-27 Thread Nick Tait
so be rejected. If I understand the RFC correctly this includes the Date and From headers. Nick. On 26/12/20 6:58 am, ludic...@gmail.com wrote: Hi, I am seeing a wave of MS Azure Cloud Spam these days. Many of these mails come with a header: * Return-Path: * Empty From Field They than pas

Re: Can I somehow customise the From: address when root sends mail?

2020-12-08 Thread Nick
ix/sender-canonical-map sender-canonical-map root foo-root HTH, -- Nick

Re: Can a more useful bounce message be provided - correction

2020-11-15 Thread Nick Tait
ntire message in the bounce notification? Which comes back to the original question about whether this message can be customised? But I suspect the answer to that question is still no? Nick.

Re: Limiting HELO spoofing in Postfix?

2020-10-23 Thread Nick Tait
On 23/10/20 6:26 pm, Nick Tait wrote: In summary, you'd want to create a script in a language of your choice, which in the simplest case does this: 1. Reads in lines until a blank line. 2. Then sees if the lines that it read included the line "client_address=127.0.0.1"

Re: sanity-check postfix XCLIENT usage ?

2020-10-23 Thread Nick Tait
was willing to do so, which is a win for everyone! Unfortunately, lately I haven't had the time... /[Rhetorical q//uestion to everyone] Have you checked your DMARC lately? ;-)/ Nick.

Re: sanity-check postfix XCLIENT usage ?

2020-10-23 Thread Nick Tait
ejectFailures true" in /etc/opendmarc.conf currently? Try changing that to false, to allow the email to be delivered, and then see what Authentication-Results headers get added? (E.g. They might suggest something like an alignment failure?) Nick.

Re: Forward mail and obey SPF and DKIM

2020-10-22 Thread Nick Tait
x27;t forget about bounce notifications. So rather than rewriting addresses using sender_canonical_maps, you might be better off looking into Sender Rewriting Scheme (SRS)? Nick.

Re: Limiting HELO spoofing in Postfix?

2020-10-22 Thread Nick Tait
ython for SPF) to get your head around how policies work, before implementing what I suggested above. Also remember "warn_if_reject" is your best friend when writing policy scripts! :-) Nick.

Re: Accessing the sending user from a canonical(5) table

2020-10-22 Thread Nick Tait
et that in doing this site.net will also be expected to handle bounce notifications, and then forward them back to the original from address. :-) Nick.

Re: Sub-addressing ("plus-addressing") questions...

2020-10-15 Thread Nick
Hi! On 2020-10-14 3:33 p.m., Phil Stracchino wrote: On 10/14/20 3:20 PM, Nick wrote: I also have to tell the developers of our applications what should be allowed... Good luck with that one. I have encountered INNUMERABLE werb sites which fervently insist that '+' is not a legal

Re: Sub-addressing ("plus-addressing") questions...

2020-10-15 Thread Nick
Hi! On 2020-10-14 9:29 p.m., Viktor Dukhovni wrote: On Thu, Oct 15, 2020 at 01:09:33PM +1300, Peter wrote: On 15/10/20 8:20 am, Nick wrote: Is it possible to have more than one "+" sign in the email address, what does Postfix do when it sees that, does it stop at the first one and

Sub-addressing ("plus-addressing") questions...

2020-10-14 Thread Nick
ur emails but as long as it is not involved in the reception of the emails there should be no problem, right? (Because the plus sign was always a recognized character by the RFC (originally 822 and 2822 I believe...)) Thank you and have a nice day! Nick

Re: How to allow relaying per domain?

2020-09-26 Thread Nick Tait
ample.org ok <>ok server3_sender_access: example.net ok <>ok I use something like this myself and it works well if the number of servers is small and doesn't change often. Nick. On 25/09/20 2:42 am, Hans van Zijst wrote: Is it pos

Re: Forward mail and obey SPF and DKIM

2020-09-16 Thread Nick Tait
omain" to trick your server into forwarding emails to "user@targetdomain"). Of course the real cost of implementing something like this is the increased effort required to figure out what went wrong when something isn't working properly. :-P Nick.

Re: spam uses my email address as sender in "header from"

2020-09-15 Thread Nick
On 2020-09-15 19:39 BST, Fourhundred Thecat wrote: > > On 2020-09-15 10:18, Nick wrote: > > <http://www.postfix.org/BUILTIN_FILTER_README.html#mx_submission> > But when I remove it from main.cf and add last line to master.cf: > > smtp inet n - n

Re: spam uses my email address as sender in "header from"

2020-09-15 Thread Nick
On 2020-09-15 08:53 BST, Fourhundred Thecat wrote: > yes, I am accepting authenticated senders on port 465, and port 25 is > only for unauthenticated. > > But how do I ensure that header_checks only apply to port 25 ? <http://www.postfix.org/BUILTIN_FILTER_README.html#mx_submission> HTH -- Nick

Re: Checking from-addresses on outbound mail

2020-09-02 Thread Nick
} ? For check_sender_access I can use the DISCARD action instead of REJECT, but what should replace reject_unverified_sender? Thanks, -- Nick

Re: Checking from-addresses on outbound mail

2020-09-01 Thread Nick
ng out to forged sender > addresses you need to accept and discard messages, rather than reject > them. I have to ask the stupid question - why? Since "bounce-discard" is working for me in practise, so far, and rejection triggers a notification to postmaster. Please elaborate? Thank you for your comments. -- Nick

Re: Checking from-addresses on outbound mail

2020-09-01 Thread Nick
data=1 quit=1 commands=5 which I interpret as: smtpd-sndmail accepted the mail, then cleanup-sndmail placed the mail into the hold queue. Nothing was sent. It's now impossible, I think, for either a local or a submission user to send mail without a valid address in $mydomain in both the envelope- and header-from. Thanks, comments welcome. -- Nick

Re: Checking from-addresses on outbound mail

2020-08-30 Thread Nick
old queue. It's then for the postmaster to check what's going on. If the mail's from-address is forged, which is my concern in this thread, then it's better that no non-delivery notification is attempted. Thank you for your attention to my question, this is more than I had expected. -- Nick

Re: Checking from-addresses on outbound mail

2020-08-30 Thread Nick
On 2020-08-30 21:30 BST, Wietse Venema wrote: > Nick: > > I would like to have a postconf(5) parameter such as > > "local_via_submission = yes" which changes that path to something like > > > > sendmail(1) -> postdrop(1) -> maildrop -> pickup(

Re: mynetworks equivalent for sender address

2020-08-30 Thread Nick
tml#client_sasl_enable>. HTH, -- Nick

Re: Checking from-addresses on outbound mail

2020-08-30 Thread Nick
On 2020-08-09 21:52 BST, Ansgar Wiechers wrote: > On 2020-08-09 Nick wrote: > > For mail sent via submission it's possible to prevent a forged > > mail-from, by using options on the submission service in master.cf. > > > > It's also possible to pre

Checking from-addresses on outbound mail

2020-08-09 Thread Nick
t work for mail originating locally via the sendmail command. What does work for that? Thanks -- Nick

Re: Unable to receive emails from btinternet.com

2020-06-19 Thread Nick Tait
On 19/06/20 8:28 pm, @lbutlr wrote: On 19 Jun 2020, at 02:18, Nick Tait wrote: 1. My server was using the default MTU of 1500 bytes. 2. My connection to my ISP uses PPPoE, which adds an 8-byte header onto all packets travelling between my home to my ISP, effectively reducing the maximum

Re: Unable to receive emails from btinternet.com

2020-06-19 Thread Nick Tait
y that I did it, because it only reduces the packet size for traffic that is going to/from the Internet, not traffic between my servers.) Hopefully this helps? Feel free to email me directly if you think this is the cause of your problem, but you need more explanation about anything above? Thanks, Nick.

Re: ADVICE: Best Practice - Usernames with Domain components

2020-05-27 Thread Nick Piggott
at at all, so that's why I'm looking to fix it around postfix. Nick On Tue, 26 May 2020 at 13:49, mj wrote: > Hi, > > I have read your mail, and we're using a setup similar to yours (samba, > postfix, debian) and we're using 'regular' usernames, witho

ADVICE: Best Practice - Usernames with Domain components

2020-05-26 Thread Nick Piggott
r the mailbox files DOMAIN\username and domain\username in /var/mail, or is there a solution I can put into postfix to revert back to DOMAIN\username before outputting to the mail file? Thanks in advance, -- Nick

Re: Preferred/maintained greylisting options?

2020-05-21 Thread Nick
any fuss. -- Nick

Re: logrotate script for Postfix

2020-05-09 Thread Nick
ebian 10 machines, it's configured in /etc/logrotate.d/rsyslog belonging to the package rsyslog. -- Nick

Re: smtpd and submission inet_interfaces

2020-05-08 Thread Nick
On 2020-05-08 20:15 BST, Wietse Venema wrote: > Nick: > > I think I found the way, which is to repeat the entire submission > > definition in master.cf and c h a n g e the a d d r e s s [my previous > > post was bounced so I'm trying those words with spaces]. If there

Re: smtpd and submission inet_interfaces

2020-05-08 Thread Nick
On 2020-05-08 20:03 BST, Wietse Venema wrote: > Nick: > > Is there a way to make it work for both ipv4 and ipv6 at the same time? > > I tried "127.0.0.1,[::1]:submission ..." but postfix wouldn't start. > > See: http://www.postfix.org/master.5.html I think I f

Re: smtpd and submission inet_interfaces

2020-05-08 Thread Nick
ks. Is there a way to make it work for both ipv4 and ipv6 at the same time? I tried "127.0.0.1,[::1]:submission ..." but postfix wouldn't start. -- Nick

Re: smtpd and submission inet_interfaces

2020-05-08 Thread Nick
On 2020-05-08 18:59 BST, Wietse Venema wrote: > Nick: > > Can postfix be configured such that it changes to > > > > 127.0.0.1:submission > >0.0.0.0:smtp > > > > (and similarly for ipv6)? > > If you want two services to listen on different IP a

Re: smtpd and submission inet_interfaces

2020-05-08 Thread Nick
I'll try again at my question, maybe it wasn't clear. On my server, 'ss -l -4 -t' show postfix listening on these addresses: 0.0.0.0:submission 0.0.0.0:smtp Can postfix be configured such that it changes to 127.0.0.1:submission 0.0.0.0:smtp (and similarly for ipv6)? Thanks, -- Nick

smtpd and submission inet_interfaces

2020-05-08 Thread Nick
Can these be different - e.g. smtpd listens on 0.0.0.0 and [::], while submission listens on 127.0.0.1 and [::1]? Adding '-o inet_interfaces=loopback-only' in master.cf under the submission service then restarting postfix made no difference, according to 'ss'. Thanks -- Nick

Re: AUTH Messages in log

2020-04-30 Thread Nick
ail2ban? A pattern like this should catch them, postfix/smtpd\[[0-9]+\]: disconnect from [^[ ]+\[\]( [a-z=0-9/ ]+)? auth=0/[1-9] HTH, -- Nick

Re: Reject external mails to certain aliases

2020-04-03 Thread Nick
all of them. E.g. smtpd_recipient_restrictions = ... check_recipient_access hash:/etc/postfix/check-recipient-access-inbound In check-recipient-access-inbound, internal-only@REJECT My hovercraft is full of eels Ensure it's set for smtpd only and not for submission. HTH, -- Nick

Re: LMTP and undeliverable addresses

2020-01-29 Thread Nick
On 2020-01-29 18:38 GMT, Wietse Venema wrote: > Nick: > >local_transport = lmtp:unix:private/dovecot-lmtp > >local_recipient_maps = $real_recipients, $virtual_alias_maps > >550 5.1.1 : Recipient address > > rejected: undeliverable address: host > &

LMTP and undeliverable addresses

2020-01-29 Thread Nick
bogus-recipi...@acrasis.net (in reply to RCPT TO command) This is dovecot, not postfix, giving the verdict on the validity of 'bogus-recipient', yes? If postfix has "a database that lists all the known user names or addresses", why does postfix consult dovecot? Thanks, -- Nick

Re: Remove part of rbl name from response to blocked client

2020-01-16 Thread Nick
locked using > sp8lefi4grtb7jftpslxxztu3y.zen.dx.spamhous.net Haven't used it myself but <http://www.postfix.org/POSTSCREEN_README.html#config> part 7 should help? -- Nick

Re: Question about DMARC

2019-11-22 Thread Nick
n ask them. I also have strict DMARC policy and no difficulty with this list. -- Nick

Re: Relay attempt questions

2019-11-19 Thread Nick
> be accomplished? > > You can add "reject_unauth_destination" (possibly preceded by > permit_mynetworks) also near the top of the recipient restrictions. I'll try that, thanks. -- Nick

Re: Relay attempt questions

2019-11-19 Thread Nick
On 2019-11-19 05:59 GMT, Viktor Dukhovni wrote: > On Mon, Nov 18, 2019 at 09:40:24PM +0000, Nick wrote: > > > Why did reject_unauth_destination (line 11) only take effect after the > > probe (line 8, if that's what it is) and after check_policy_service > > (l

Re: Relay attempt questions

2019-11-18 Thread Nick
trictions applies first, why didn't its reject_unauth_destination cause rejection before anything in smtpd_recipient_restrictions was consulted? -- Nick

Relay attempt questions

2019-11-18 Thread Nick
554 5.7.1 <***@gmail.com>: Relay access denied; from= to=<***@gmail.com> proto=SMTP helo= 12 Nov 18 01:28:47 rolly postfix/smtpd[26774]: lost connection after RCPT from unknown[162.246.19.201] [End log] -- Nick

Re: Vague error message - SASL plain authentication failed:

2019-11-17 Thread Nick
t/conf.d/10-master.conf: unix_listener /var/spool/postfix/private/auth { mode = 0666 } /etc/postfix/main.cf: smtpd_sasl_path = private/auth HTH, -- Nick

Re: Fwd: Postfix as an outgoing spam filter. How to block email for unknown senders in local network?

2019-05-13 Thread Nick
ert you if anything appears in the HOLD queue, e.g. a cron script that examines 'postqueue' output. HTH, -- Nick

  1   2   3   >