EDH Ciphers

What exactly are the prerequisites for preferring EDH ciphers in Postfix? * Do I need ECC (and thus OpenSSL = 1.0.0) or not? * Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not? -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz

Re: EDH Ciphers

* lst_ho...@kwsoft.de lst_ho...@kwsoft.de: * Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not? This let the *server* (Postfix) choose a cipher suggested by the client, so it depends. If the client has no DH ciphers it doesn't help, if the client list DH ciphers later in

Re: ..:: Keep HTML format ::..

* Alfonso Alejandro Reyes Jiménez are...@ibossmonitor.com: Hi Everyone. Is there some way to keep the exchange format on postfix? Postfix does not alter the body of an email in any way. I have a postfix that gets exchange emails, the problem is that the exchange format is removed and all

Re: ..:: Keep HTML format ::..

The thing is that if you send an email on the same exchange everything looks fine, if you send an email thru the postfixs distribution list What is postfixs distribution list? Please elaborate! -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der

Re: ..:: Keep HTML format ::..

* Alfonso Alejandro Reyes Jiménez are...@ibossmonitor.com: Thanks but the mailing list is on the postfix, the postfix is striping the images according to our tests. :( How is the mailing list implemented? -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669

message may be sent more than once

Sep 11 09:21:22 mail2 postfix/cleanup[23372]: 3cZZKZ2WvdzBt9C: message-id=f0cdc3dbf712aa448525e5dddc62b6f4039fe69d4...@exchange31.charite.de Sep 11 09:21:22 mail2 postfix/qmgr[10759]: 3cZZKZ2WvdzBt9C: from=sen...@charite.de, size=36991, nrcpt=1 (queue active) Sep 11 09:31:23 mail2

Re: message may be sent more than once

* Paul Hoffman p...@flo.org: On Wed, Sep 11, 2013 at 10:19:19AM +0200, Ralf Hildebrandt wrote: Sep 11 09:21:22 mail2 postfix/cleanup[23372]: 3cZZKZ2WvdzBt9C: message-id=f0cdc3dbf712aa448525e5dddc62b6f4039fe69d4...@exchange31.charite.de Sep 11 09:21:22 mail2 postfix/qmgr[10759

Re: message may be sent more than once

* Wietse Venema postfix-users@postfix.org: Delivery fails to the primary MX host (mail.vivantes.de) and then it succeeds to the secondary MX host. Why should Postfix wait when it switches from primary to secondary MX? PEBCAK (on my side here). -- [*] sys4 AG http://sys4.de, +49 (89) 30 90

Re: Anyone use this email server configuration ?

* Frank Bonnet frank.bon...@esiee.fr: Hello Anyone has tested such server in real life ? http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/ I finally got around reading this. I wonder if it should be more strict regaring the used ciphers (both in Postfix and Dovecot), given

Re: Anyone use this email server configuration ?

* Viktor Dukhovni postfix-users@postfix.org: On Wed, Sep 11, 2013 at 01:26:25PM +0200, Ralf Hildebrandt wrote: Anyone has tested such server in real life ? http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/ I finally got around reading this. I wonder if it should

Re: virtual_alias_maps question

* Louis-David Mitterrand vindex+lists-postfix-us...@apartia.org: Hi, I have a virtual_alias_maps with a pcre entry like /^(info|contact|etc)@/ localuser and it delivers i...@anydomain.com to localuser even though 'anydomain.com' is not in virtual_alias_domains, is that normal?

Re: virtual_alias_maps question

* Louis-David Mitterrand vindex+lists-postfix-us...@apartia.org: On Thu, Oct 24, 2013 at 10:42:07AM +0200, Ralf Hildebrandt wrote: * Louis-David Mitterrand vindex+lists-postfix-us...@apartia.org: Hi, I have a virtual_alias_maps with a pcre entry like /^(info|contact|etc

unreasonable virtual_alias_maps map nesting for...

I'm seeing this in my log: 2013-11-12T03:12:45.129959+01:00 mail postfix/smtpd[13775]: 3dJXXs0vySz10tc: client=mail.r0.3dz.com[5.9.40.9] 2013-11-12T03:12:47.707119+01:00 mail postfix/cleanup[27219]: warning: 3dJXXs0vySz10tc: unreasonable virtual_alias_maps map nesting for i...@example.com --

Re: unreasonable virtual_alias_maps map nesting for...

* Ralf Hildebrandt r...@sys4.de: I'm seeing this in my log: 2013-11-12T03:12:45.129959+01:00 mail postfix/smtpd[13775]: 3dJXXs0vySz10tc: client=mail.r0.3dz.com[5.9.40.9] 2013-11-12T03:12:47.707119+01:00 mail postfix/cleanup[27219]: warning: 3dJXXs0vySz10tc: unreasonable virtual_alias_maps

Re: incoming mail errors

* Dave Johnsom da...@wsnet.co.za: It's either this: check_policy_service inet:127.0.0.1:, or this: check_policy_service inet:127.0.0.1:10031, Find out what's listening on port and 10031: % sudo netstat -tulpen |egrep :(|10031) (which are both listed TWICE in your config!) --

Re: SORBS SPAM, do I have to bother?

* Roland Plüss rol...@rptd.ch: Do I have to bother about this list or is it a crappy blacklist I should not care about? I personally don't see rejections based on this. mail.python.org got listed once for spamming. Looking at the evidence I found that somebody subscribed (using double opt

Re: Make TLS errors hard, not soft

* Viktor Dukhovni postfix-users@postfix.org: It is far easier to enable fast delay notices, or set a very short maximal queue lifetime if fast failure is more appropriate than eventual success for the messages being sent. Yes, but the delay notice is (probably!) too cryptic for the end-user.

Re: Make TLS errors hard, not soft

* Wietse Venema wie...@porcupine.org: Yes, but the delay notice is (probably!) too cryptic for the end-user. Nonsense. It is the exact same error message that you want Postfix to send in a bounce email. None of the users actually read this :( -- [*] sys4 AG http://sys4.de, +49 (89) 30

Re: Make TLS errors hard, not soft

The error mesage being one of: TLS is required, but host %s refused to start TLS: %s TLS is required, but was not offered by host %s TLS is required, but our TLS engine is unavailable %s: TLS is required but unavailable, don't know why TLS is required, but unavailable

Re: Make TLS errors hard, not soft

* li...@rhsoft.net li...@rhsoft.net: that may also be the MUA in case of a iPhone you can reject with whatever status code you like in case of sending without authentication and the device will try to do the same every 5 minutes i had a customer doing this for the same message of *3

Re: Possible to block all attachments?

* jmct tune...@gmail.com: I've looked around online quite a bit and have seen that you can block specific types of files - and even found a forum post here (http://postfix.1071664.n5.nabble.com/blocking-all-attachments-td14552.html), but unfortunately, this solution did not work for me. When

Re: Possible to block all attachments?

* jmct tune...@gmail.com: Thanks for the quick reply! Correct. This file does exist in /etc/postfix. Postfix tends to disagree. Fix that. You probably typoed something somewhere. -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der

Re: Possible to block all attachments?

* jmct tune...@gmail.com: Thanks for the quick reply! Correct. This file does exist in /etc/postfix. The contents are that of the same in the previous forum post I linked. /etc/postfix/mime_header_checks != /etc/postfix/mime_header_check (note the extra s at the end) -- [*] sys4 AG

Re: Mail Server Accused of Spam!

* Tim Smith tcsmith1...@googlemail.com: That's fine and I totally understand why they do that but is there a way that Postfix can flag the message so that Google understands that we are just forwarding the message and that we are not the originator of the spam? You could filter out the spam

Re: How to force Postfix 2.5.9 to try another MX?

* Viktor Dukhovni postfix-users@postfix.org: On Thu, Mar 27, 2014 at 03:24:14PM +0200, Bogdan Enache wrote: A user is trying to send email to a domain, tn.odessa.ua which has 3 MX servers. One of them is clearly not working, notes.uptel.net[195.138.170.139], which has a priority of 30.

Re: Postfix inserts artifacts when logging headers

header_checks is not designed for such things it's just limited basic functionality consider to use a policy-daemon with more features Rather: a milter. A policy-daemon doesn't see the mails' contents. -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669

status=deferred (Server certificate not trusted) - but why?

Jun 25 15:12:23 albatross postfix/smtp[16480]: Untrusted TLS connection established to mail.lastmikoi.net[212.83.147.35]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Jun 25 15:12:23 albatross postfix/smtp[16480]: 3gz3jG3v0Mz7LjZ: to=...@lastmikoi.net,

Re: status=deferred (Server certificate not trusted) - but why?

* Ralf Hildebrandt r...@sys4.de: Jun 25 15:12:23 albatross postfix/smtp[16480]: Untrusted TLS connection established to mail.lastmikoi.net[212.83.147.35]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Jun 25 15:12:23 albatross postfix/smtp[16480]: 3gz3jG3v0Mz7LjZ

Re: status=deferred (Server certificate not trusted) - but why?

* Viktor Dukhovni postfix-users@postfix.org: On Mon, Jun 30, 2014 at 01:45:19PM +0200, Ralf Hildebrandt wrote: Jun 25 15:12:23 albatross postfix/smtp[16480]: Untrusted TLS connection established to mail.lastmikoi.net[212.83.147.35]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM

Problem with make makefiles shared=yes

I used to build Postfix like this: make tidy CCARGS='-Wl,--as-needed -I/usr/include/sasl -DHAS_CDB -DUSE_TLS -DHAS_PCRE -DUSE_SASL_AUTH -DUSE_CYRUS_SASL' \ AUXLIBS=-Wl,--as-needed -lpcre -lssl -lcrypto -lcdb -lsasl2 -lnsl -lresolv make makefiles \ time make -j postfix stop; make -j upgrade

Re: Problem with make makefiles shared=yes

* Wietse Venema postfix-users@postfix.org: Try without -Wl,--as-needed. That was the culprit! -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc

Problem with make makefiles dynamicmaps=yes

After my initial (ultimately successful) attempts with shared=yes, I gave dynamicmaps=yes a spin, like this: make tidy CCARGS=`pkg-config --cflags openssl libpcre libcdb` -DUSE_TLS -DHAS_PCRE -DHAS_CDB -DHAS_LDAP \ AUXLIBS=`pkg-config --libs openssl` -lnsl \ AUXLIBS_CDB=`pkg-config --libs

Re: Problem with make makefiles dynamicmaps=yes

* Wietse Venema wie...@porcupine.org: Ralf Hildebrandt: -DUSE_DYNAMIC_LIBS -DUSE_DYNAMIC_MAPS -g -O -I. -I../../include -DLINUX3 -Wl,-rpath,/usr/lib/postfix -o master master.o master_conf.o master_ent.o master_sig.o master_avail.o master_spawn.o master_service.o master_status.o

Re: Problem with make makefiles dynamicmaps=yes

* Ralf Hildebrandt r...@sys4.de: First, build without any extras. If that works, start adding extras until it stops building. Will do. Current build status: It builds with TLS, CDB, PCRE. Adding LDAP now -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669

Re: Problem with make makefiles dynamicmaps=yes

* Ralf Hildebrandt r...@sys4.de: Current build status: It builds with TLS, CDB, PCRE. Adding LDAP now Building with LDAP alone: works ok Building with TLS, CDB, PCRE: works ok Building with TLS, CDB, PCRE and LDAP together: gcc -Wmissing-prototypes -Wformat -Wno-comment -I. -I../../include

Re: Problem with make makefiles dynamicmaps=yes

* Wietse Venema postfix-users@postfix.org: Ralf Hildebrandt: I then replaced ld (a symlink to ld.bfd) with gold (ld.gold), and everything would build happily. 1) Do you have a (pointer to a) description of the difference between these programs? http://wiki.gentoo.org/wiki/Gold http

Re: Problem with make makefiles dynamicmaps=yes

* Ralf Hildebrandt r...@sys4.de: I then replaced ld (a symlink to ld.bfd) with gold (ld.gold), and everything would build happily. Running, though, is another issue: Jul 8 14:01:15 mail postfix/master[6676]: daemon started -- version 2.12-20140703, configuration /etc/postfix Jul 8 14:01

Re: Problem with make makefiles dynamicmaps=yes

* Viktor Dukhovni postfix-users@postfix.org: On Tue, Jul 08, 2014 at 02:04:12PM +0200, Ralf Hildebrandt wrote: Running, though, is another issue: No idea what gentoo is up to, however try the following patch, perhaps the shared object dependencies need to be explicit. To test make

Re: Problem with make makefiles dynamicmaps=yes

In my test on Ralf's system the above fixes the problem. Not surprising, since with versioned symbols the shared objects need to record the right symbol names at link time. Shared objects generally need to record their dependencies explicitly, rather than attempt to inherit them from the

Re: Problem with make makefiles dynamicmaps=yes

* Viktor Dukhovni postfix-users@postfix.org: On Thu, Jul 10, 2014 at 11:08:40AM +0200, Ralf Hildebrandt wrote: Wietse wanted to avoid $(SYSLIBS) when linking the shared libraries, and removed them from SHLIB_LD line, but they are indeed not optional in many cases. But when

Re: non DNSSEC destination?

* Patrick Ben Koetter postfix-users@postfix.org: If you don't see it, you resolver cannot authenticated DNSSEC enabled domains. Then you need to change that. One solution would be to install unbound as local caching resolver and then let resolv.conf point to 127.0.0.1 -- [*] sys4 AG

Re: How to interpret these two errors related to mx lookup

* tejas sarade tejas.a.sar...@gmail.com: Hello, I am trying to interpret two different MX lookup errors. 1) In first case Postfix generated NDR immediately and error message as follows dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=aaa-rus.ru

Address verification callable via sendmail?

Is the Address verification functionality callable via an invocation of the sendmail compatability binary? Background: I'd like to use the existing functionality of reject_unverified_recipient to verify recipient addresses from teh command line. -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46

Re: Address verification callable via sendmail?

* A. Schulze s...@andreasschulze.de: Benny Pedersen: Ralf Hildebrandt skrev den 2014-09-19 11:20: Is the Address verification functionality callable via an invocation of the sendmail compatability binary? sendmail -bv root sure, simple :-) but would be nice to simply get

Problem building postfix-2.12-20140922 (postfix-2.12-20140907 builds ok)

I'm rebuilding 20140922 20140907 like this: CCARGS=-DUSE_TLS -DHAS_PCRE -DHAS_CDB -DHAS_LDAP \ AUXLIBS=-lssl -lcrypto -lnsl \ AUXLIBS_CDB=-lcdb \ AUXLIBS_PCRE=-lpcre \ AUXLIBS_LDAP=-lldap -llber \ make makefiles shared=yes dynamicmaps=yes make While 20140907 ist building OK, I'm getting an

Address verification probes smtp_fallback_relay

Currently I'm using smtp_fallback_relay but I don't want Address verification probes to take that particular path. How can I disable smtp_fallback_relay for the address verification probes? -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der

Re: Address verification probes smtp_fallback_relay

* Viktor Dukhovni postfix-users@postfix.org: On Mon, Sep 29, 2014 at 12:00:04PM +0200, Ralf Hildebrandt wrote: Currently I'm using smtp_fallback_relay but I don't want Address verification probes to take that particular path. How can I disable smtp_fallback_relay for the address

Re: Address verification probes smtp_fallback_relay

Yes, but it also says: Probe messages are like normal mail, except that they are never delivered, deferred or bounced Wait what? - and - Postfix assumes that an address is undeliverable when the nearest MTA for the address rejects the probe, regardless of the reason for rejection

Re: Address verification probes smtp_fallback_relay

* Wietse Venema postfix-users@postfix.org: Robert Schetterer: Am 29.09.2014 um 13:45 schrieb Noel Jones: Is smtp_fallback_relay even used with a verification probe? I would expect the probe to fail before it tries the fallback. hm...

SSL Problem with 2.12-20141013 (TLS is required, but unavailable)

Since my upgrade to 2.12-20141013, I'm getting an unusual amount of those in my mailq output: 3jHGY70x2gzBs34 3230 Tue Oct 14 14:39:39 sen...@charite.de (TLS is required, but unavailable)

Re: SSL Problem with 2.12-20141013 (TLS is required, but unavailable)

* Ralf Hildebrandt r...@sys4.de: Since my upgrade to 2.12-20141013, I'm getting an unusual amount of those in my mailq output: With 2.12-20141001 (same config!) Oct 15 11:05:34 mail2 postfix/smtp[5903]: Host offered STARTTLS: [smtp.entelnet.bo] Oct 15 11:05:35 mail2 postfix/smtp[5903

Re: SSL Problem with 2.12-20141013 (TLS is required, but unavailable)

* A. Schulze s...@andreasschulze.de: Ralf Hildebrandt: When I have more time I can test other versions in between. you may force problematic destination to plaintext (smtp_tls_policy_maps) or ignore the STARTTLS announcement (smtp_discard_ehlo_keyword_address_maps) Well yes. both

Re: SSL Problem with 2.12-20141013 (TLS is required, but unavailable)

* Ralf Hildebrandt r...@sys4.de: * Ralf Hildebrandt r...@sys4.de: Since my upgrade to 2.12-20141013, I'm getting an unusual amount of those in my mailq output: With 2.12-20141001 (same config!) I *JUST* found that the change was introduced between postfix-2.12-20141009 (working

Re: Return-Path

* Christian Rößner c...@roessner-network-solutions.com: Hi, simple question: at which point adds Postfix the Return-Path header? Which component is doing that? I think the LDA (pipe/local) Is it also possible to see this header in a milter? In my tests on a submission connector, I do

How can I enforce TLS for certain sending hosts?

Something along the lines of: smtp_tls_policy_maps = cdb:/etc/postfix/tls-policy but for smtpd (if a connection comes in from $HOST, then require encrypt, reject otherwise) -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München,

Re: Mail sent code 250 Queued! ?

* Francis SOUYRI francis.sou...@apec.fr: Hello, On our postfix 2.10.1 we have some mails sent (?) with in the log the code 250 Queued! and not 250 OK what does it mean ? Please show the entire log line. Some OTHER server might say 250 Queued etc. - as long as it says 250 SOMETHING it's OK!

Re: Harddisk was full now a few messages are in queue with: status=deferred (unknown mail transport error)

* J. Echter j.ech...@echter-kuechen-elektro.de: Jun 22 10:26:38 mule postfix/smtp[6901]: fatal: unknown service: smtp/tcp postfix check is reporting what? -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht

Re: unknown logging event

* Postfix User postfix-users@postfix.org: I hope this isn't too stupid of a question. I have been finding this event logged in maillog for the past several days: Jul 16 08:50:38 scorpio postfix/smtpd[69563]: connect from localhost[127.0.0.1] Jul 16 08:50:38 scorpio postfix/smtpd[69563]:

Re: Send a DSN report only to one specified email address

* Ray r...@toolfactory.net: Hello, we are a travel agency and have lot's of outbound email (confirmations, vouchers, etc.). What I want to integrate now is DSN report information in our backend management software. We want the agent in the callcenter be able to see an email has been

Re: Feedback on Postscreen Whitelist Article

> I’m seeing this in the mail.log > > warning: cidr map /usr/local/etc/postfix/msft_whitelist.cidr, line 36: > non-null host address bits in "207.68.169.173/30", perhaps you should use > "207.68.169.172/30" instead: skipping this rule > Nov 26 11:39:25 zeus postfix/postscreen[29402]: warning:

Re: alias_maps delivery rights?

* Jack Bates : > LOCAL(8) DELIVERY RIGHTS says: "Deliveries to external files and > external commands are made with the rights of the receiving user on > whose behalf the delivery is made." > > So I put "nottheoilrig: /mnt/nottheoilrig/" in /etc/aliases (alias_maps) >

Re: alias_maps delivery rights?

* Ralf Hildebrandt <r...@sys4.de>: > * Jack Bates <vgn...@nottheoilrig.com>: > > LOCAL(8) DELIVERY RIGHTS says: "Deliveries to external files and > > external commands are made with the rights of the receiving user on > > whose behalf the delivery is made.&

postscreen contantly deferring mail

>From my log: Jul 23 03:58:52 mail-cbf postfix/postscreen[36326]: NOQUEUE: reject: RCPT from [106.10.151.33]:58305: 450 4.3.2 Service currently unavailable; from=, to=, proto=ESMTP, helo= Jul 23 03:58:53 mail-cbf postfix/postscreen[36326]:

Re: postscreen contantly deferring mail

The complete log for 106.10.151.33: > Jul 23 03:58:49 mail-cbf postfix/postscreen[36326]: CONNECT from > [106.10.151.33]:58305 to [193.175.73.208]:25 > Jul 23 03:58:50 mail-cbf postfix/tlsproxy[56082]: CONNECT from > [106.10.151.33]:58305 > Jul 23 03:58:51 mail-cbf postfix/tlsproxy[56082]:

Re: postscreen contantly deferring mail

* Wietse Venema : > > What's odd here, is that the host always makes two parallel TLS > > connections (you must have some "late" tests enabled to get all > > the way to STARTTLS), with the first connection logging tempfailed > > recipients and logging "PASS NEW", and

Re: RBL claims I'm doing a dictionary search

* Ralf Hildebrandt <r...@sys4.de>: > * li...@lazygranch.com <li...@lazygranch.com>: > > body { font-family: "Calibri","Slate > > Pro",sans-serif,"sans-serif"; color:#262626 } > lang="en-US">I've got this > > ‎RB

Re: RBL claims I'm doing a dictionary search

* li...@lazygranch.com : > body { font-family: "Calibri","Slate > Pro",sans-serif,"sans-serif"; color:#262626 } lang="en-US">I've got this > ‎RBLhttps://spamrl.com/;that claims my server is > doing a dictionary search. I see nothing in the maillog. I have checked for

Re: Spamrl.com RBL problem

* Matthew McGehrin : > Hello. > > I would check your local system to see if you have any rogue perl > processes running. These are generally the cause of being blacklisted > for a dictionary attack, which implies that a script is running on your > local server. > >

Re: Spamrl.com RBL problem

> : host smx1.web-hosting.com[209.188.21.38] said: 550 > The >     sending IP (my dotted quad) is listed on https://spamrl.com as a source of >     dictionary attacks. (in reply to end of DATA command) That would mean that something tried logins against a POP/IMAP/SMTP

Re: Spamrl.com RBL problem

* li...@lazygranch.com : > This is probably more of a freebsd question, but it seems to me that Postfix > should be hogging (bound) to the mail ports, so if something is sending > email, it has to be using Postfix. No. Sending can be done by other processes as well, since

Re: Spamrl.com RBL problem

* Matthew McGehrin : > Hello. > > Your assuming that port 25 needs to be open on the local side to send > mail. this is not the case. There are two possibilities here. > > 1. A dirty IP was assigned to your server, and that the previous owner > had a spam issue.

Re: Stopping spam.

* Mark Van Crombrugge : > At this point I receive the above e-mail. > > In the e-mail details below, I can find that the message is sent by > ironp...@ucr.ac.cr but even adding this e-mail address to the Postfix > blacklist has no effect. Why not block the

Re: Postfix 20 years ago

* Wietse Venema : > Last month it was 20 years ago that I started writing Postfix code. > After coming to IBM research in November 1996, I spent most of > December and January making notes on paper. I knew that writing a > mail system was more work than any of my prior

Re: Moved Postfix to new server; Gmail now silently dropping messages sent from it

* Alex Hall : > I just sent a test message to my work address. The log is below. Following > that, I'll post postconf -n. Obviously, I've changed the server name to > just 'server' and our domain to 'domain.com'. After I send this, I'm going > to enable debug-level logging and

Re: Blacklisting googlegroups

* Nikolaos Milas : > On 24/10/2016 5:15 μμ, Fazzina, Angelo wrote: > > > Can't you use REGEX to write a rule to catch them, and then decide what you > > want to do with those emails ? > > Would the following be valid? > > smtpd_recipient_restrictions = > ... >

Re: Mail delivery problems to outlook.com controlled domains

* Jack Raats : > Hi everyone, > > > > Please help me!!! > > > > Since last tuesday my mailservers cann’t deliver email to an outlook.com > controlled domain. Before tuesday everything was ok. > > Accoording to microsoft my postfix server doesn’t comply with the several

Re: Ubuntu 16.04lts & ssl unknown states

* Florian Piekert : > Nov 3 08:50:30 blueberry postfix/tlsproxy[8057]: SSL_accept:unknown state I checked my logs and couldn't find any log entries like the one above. Hm, I am not using smtp(d)_tls_loglevel=2, but 1. > smtp_tls_loglevel = 2 > smtpd_tls_loglevel = 2 --

Re: how to remove string "[MASSMAIL]" from the subject ?

* Ralf Hildebrandt <r...@sys4.de>: > * Zalezny Niezalezny <zalezny.niezale...@gmail.com>: > > As I see here header_checks can do it. There is only one problem. This rule > > searching for a subject with string [MASSMAIL] and replacing complete > > subject line wit

Re: how to remove string "[MASSMAIL]" from the subject ?

* Zalezny Niezalezny : > As I see here header_checks can do it. There is only one problem. This rule > searching for a subject with string [MASSMAIL] and replacing complete > subject line with word "test". > > /^Subject:.*[MASSMAIL].*/ REPLACE Subject: test

Re: postfix uses A record for MX less domains

* Mario Theodoridis : > Hi everyone, > > i'm having a curious issue with our postfix instance. > > It seems it is sending emails to a domain's A record when no MX is found. > > Is that standard? Yes. > If so, can i disable this somewhere? No. > connect to

Re: How do I move messages from a sender to the HOLD queue?

* Sean Son : > Hello all > > We have over a thousand messages from a certain user that are stuck in our > mail queue. Is there a way to move those messages to the HOLD queue for > now? I want to move all messages from that specific sender, to the HOLD > queue.

Re: smtp_pix_workaround_threshold_time not working correctly?

* Ralf Hildebrandt <r...@sys4.de>: > In my log I found this: > > Jul 21 07:23:09 mail-cvk postfix/smtp[7329]: 3xDK0Z6RBRz1Z1wy: enabling PIX > workarounds: disable_esmtp delay_dotcrlf for mail.unimed.de[62.154.176.144]:25 > > According to > http://www.electric

smtp_pix_workaround_threshold_time not working correctly?

In my log I found this: Jul 21 07:23:09 mail-cvk postfix/smtp[7329]: 3xDK0Z6RBRz1Z1wy: enabling PIX workarounds: disable_esmtp delay_dotcrlf for mail.unimed.de[62.154.176.144]:25 According to http://www.electric-spoon.com/doc/postfix/html/postconf.5.html#smtp_pix_workaround_maps "By default,

LDAP: "unused parameter: start_tls=yes"?

postconf complains: /usr/sbin/postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: start_tls=yes according to http://www.postfix.org/ldap_table.5.html STARTTLS can be turned on with the start_tls parameter: start_tls = yes Both forms require LDAP protocol version 3,

Re: LDAP: "unused parameter: start_tls=yes"?

* Ralf Hildebrandt <r...@sys4.de>: > postconf complains: > /usr/sbin/postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused > parameter: start_tls=yes > > according to http://www.postfix.org/ldap_table.5.html postfix-3.3-20170716 is complaining, postfix-3.3-201706

Re: Postfix doesn't respect 250-SIZE value

> Here is my configuration: https://pastebin.com/EKHvEveC postconf -n would be more appropriate, I think -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht

Re: OpenDKIM on backup MX

* Davide Marchi : > Hello friends, > On Debian Jessie I would like to enable OpenDKIM on my two Postfix > servers. For signing when sending out mails? > My question is how to behave with the secondary backup server. > Enable it as on the first and then I copy the key from first

Re: Using a date in a bcc map

* @lbutlr : > [This message bounced because the words "c h a n g e" and "a d d r e s s" > were on the same line.] > > I currently have recipient_bcc.pcre: > > if !/backup.*@/ > /^([^+_]*).*@(.*)/ backup+${1}.${2}@localdomain.tld > endif > > I would like to change > this

Re: LDAP related "postconf: warning" with most recent build

* Wietse Venema <postfix-users@postfix.org>: > Ralf Hildebrandt: > > % postconf -h queue_directory > > > > gives me a lot of LDAP related warnings: > > > > postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: > > query_filter=(

LDAP related "postconf: warning" with most recent build

% postconf -h queue_directory gives me a lot of LDAP related warnings: postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: query_filter=(proxyAddresses=smtp:%s) postconf: warning: ldap:/etc/postfix/laborberlin.com.cf: unused parameter: start_tls=yes postconf: warning:

Re: available: multiple deliveries per TLS-encrypted connection

* Wietse Venema : > Postfix snapshot 20180617, released a few minutes ago, introduces > Postfix SMTP client support for multiple deliveries per TLS-encrypted > connection. Testing here. -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München

Re: Postfix-3.3.0_1 Can't assign requested address

> 84A19B389 1256 Wed Jun 13 16:03:45 byrn...@harte-lyne.ca > (delivery temporarily suspended: connect to > inet07.hamilton.harte-lyne.ca[216.185.71.27]:25: Can't assign > requested address) ... > smtp_bind_address = 127.0.31.1 That's why. I think. -- [*] sys4 AG https://sys4.de, +49

Re: PATCH: multiple deliveries per TLS-encrypted connection

* Wietse Venema : > Ralf Hildebrandt: > > * Ralf Hildebrandt : > > > > > Error inducing change was introduced between postfix-3.4-20180603 and > > > postfix-3.4-20180605-nonprod > > > > I also tried postfix-3.4-20180603-nonprod which seems to be

Re: PATCH: multiple deliveries per TLS-encrypted connection

* Ralf Hildebrandt : > Error inducing change was introduced between postfix-3.4-20180603 and > postfix-3.4-20180605-nonprod I also tried postfix-3.4-20180603-nonprod which seems to be working ok! So I guess it must have been between postfix-3.4-20180603-nonprod and postfix-3.4-20180605-n

Re: PATCH: multiple deliveries per TLS-encrypted connection

> Also released as postfix-3.4-20180618. postfix-3.4-20180618. Is crashing for me: Jun 19 09:39:10 mail postfix/qmgr[12033]: warning: private/smtp socket: malformed response Jun 19 09:39:10 mail postfix/qmgr[12033]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile

Re: PATCH: multiple deliveries per TLS-encrypted connection

* Ralf Hildebrandt : > > Also released as postfix-3.4-20180618. > > postfix-3.4-20180618. Is crashing for me: > > Jun 19 09:39:10 mail postfix/qmgr[12033]: warning: private/smtp socket: > malformed response > Jun 19 09:39:10 mail postfix/qmgr[12033]: warning: transpor

Re: PATCH: multiple deliveries per TLS-encrypted connection

* Ralf Hildebrandt : > > Also released as postfix-3.4-20180618. > > postfix-3.4-20180618. Is crashing for me: > > Jun 19 09:39:10 mail postfix/qmgr[12033]: warning: private/smtp socket: > malformed response > Jun 19 09:39:10 mail postfix/qmgr[12033]: warning: transpor

Re: Postfix using all CPU after nightly mail submission

> > Jan 15 00:42:42 mailrelay postfix/qmgr[5601]: 8EF0980973: > > from=<...@oconee.k12.sc.us>, size=2408, nrcpt=1 (queue > >

Re: Strange errors in mail.warn log

* Mario : > Mar 18 17:21:25 jessie postfix/proxymap[873]: warning: connect to mysql > server localhost: Can't connect to local MySQL server through socket > '/var/run/mysqld/mysqld.sock' (2 "No such file or directory") a) is the mysql server running? b) does

Re: PATCH: multiple deliveries per TLS-encrypted connection

* Viktor Dukhovni : > Ralf, please try just this patch against the stock 20180618 snapshot, > and check as many of the below as you can: > > * The crashes are gone > * DANE is still used when expected > * TLS connection re-use happens under sustained load > > We might want to log some

<    8   9   10   11   12   13   14   >