^^^^
header
Solution: Specifiy a correct envelope sender.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
way?
address_verify_sender
# postconf -d address_verify_sender
address_verify_sender = $double_bounce_sender
# postconf -d double_bounce_sender
double_bounce_sender = double-bounce
So I don't see postmaster here.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Univ
26] /etc/postfix: postconf -d address_verify_sender
> address_verify_sender = postmaster
-d displays the default - always!
please show postconf -n output.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 3
domain.co.uk
> myhostname = spam.domain.co.uk
> relay_domains = domain.co.uk
That makes no sense. Is domain.co.uk relay_domain or mydestination?
Decide!
The solution is:
address_verify_sender = postmas...@domain.co.uk
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Un
how do I do this ? I already have smtpd_helo_required = no
Find out what rejects it now.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fa
* Mark Goodge :
> I agree. Sender verification has its uses, but it is *not* suitable
> for use as an anti-spam tool on inbound email. At least one major
> webmail provider is known to blacklist hosts that employ it
> excessively.
So use it selectively only.
--
Ralf
m REJECT "Stop spamming our users"
> eric.soul...@bell.net REJECT "Stop spamming our users"
> ...
But this checks the recipient, not the sender.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Fra
;al...@ulgsm.ru" -- ignored
> >
> > Fix that.
> It is not problem.
> al...@ulgsm.ru not exists in mysql:/usr/local/etc/postfix/aliases.mysql
It exists: it returns an empty result. Fix that.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Univer
* Alex :
> reject_maps_rbl,
That's deprecated, for years.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450
t it added with the following DNSRBL provider list:
>
> 1. Spamcop
> 2. Spamhaus
Check their websites.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570
Unerwuenschter Anhang $1.$2 --
http://webmail.charite.de/doku/faq/#3
/name=\"(.*)\.(pif|reg|rm|scr|shb|shm|shs|sys|vbe|vbs|vxd|xl|xsl)\"$/
REJECT Unwanted attachment/Unerwuenschter Anhang $1.$2 --
http://webmail.charite.de/doku/faq/#3
--
Ralf Hildebrandt
Geschäftsbereich IT
exp or pcre format?
I usually use PCRE
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
* Gaby Vanhegan :
> Is there a portable way to share postmapped file across machines?
Yes:
1) share the text files, then use a Makefile to convert them on the
target systems
2) Use compatible BerkeleyDB versions
3) Don't use BerkeleyDB, use CDB
--
Ralf Hildebrandt
Geschäftsbe
* Gaby Vanhegan :
> I was under the impression that there was a performance penalty using
> CDB with Postfix?
A negative penalty, yes
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D
* Gaby Vanhegan :
> I guess I was just misleading myself with respect to CDB and
> performance:
>
> http://www.postfix.org/CDB_README.html
I've been using it for years, no problems...
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universit
headers
body_checks = check the body (everything that's NOT a header!)
mime_header_checks = check the MIME headers (which specify the MIME structure
of the mail)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Frankl
* Ansgar Wiechers :
> > My setup currently copies the plain text versions and creates a flag
> > file. A cron job then looks for the flag file and postmaps the files if
> > needed.
>
> Use incron instead of cron.
Yes, it's a bit tricky to get right, b
* Victor Duchovni :
> On Thu, Nov 12, 2009 at 09:09:22PM +0100, Ralf Hildebrandt wrote:
>
> > mime_header_checks = check the MIME headers (which specify the MIME
> > structure of the mail)
>
> Primary headers = headers of the top-level message
> Nested he
rite.de --> loginn...@mailboxserver.charite.de
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
* Arora, Sumit :
> You are right Joost, 4KB will be the block size...
> But my question is who is taking this disk space, because email is deleted
> already.
How EXACTLY is the email being deleted ?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitä
* J. Roeleveld :
> The log-entries you sent me are nowhere near 4KB in size.
> How do you check that the "maillog" increases by 4KB per message?
My guess is the mails are marked as deleted. Nothing more. They never
get deleted, thus the space never gets free.
Furthermore it
e
>
> the debuging rule is working instead the of first one.
>
> Why does the postfix ignore the first rule?
I'd think the regexp is wrong
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
* Eugene V. Boontseff :
> >>eug...@mail [/usr/local/etc/postfix]# postmap -fq
> >>" >I'd think the regexp is wrong
> Why this regexp is "wrong" for postfix, but isn't wrong for postmap?
postfix matches the HOSTNAME:
ppp92-100-127-177.pppoe.avangarddsl.ru
and/or the IP
92.100.127.177
not
http://w
* Paweł Burzyński :
> how can i make copy custiom user mail
> because always_bcc = make copy all mails i need custiom copy of mail
postconf |grep bcc
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenbu
t of "postconf |grep bcc"
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
reject_unauth_destination
>
> but it seems from the log that spammer still send me and to other
> local users spam mails.
> Humm...strange
Not strange. Look at the difference in the two configs.
The solution is right there.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abt
Is there a configuration
> in postfix that would ignore the localhost and show original source ip
> address?
That depends on which software you using.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenbur
* Roman Gelfand :
> On Fri, Nov 27, 2009 at 3:00 AM, Ralf Hildebrandt
> wrote:
> > * Roman Gelfand :
> >
> >> Is it preferable that machine running postfix should have publlic
> >> address as opposed NATed address?
> >
> > That depends on what you
mx.premore.net.
>
> ;; ADDITIONAL SECTION:
> a.mx.premore.net. 3093IN A 198.186.193.20
>
> However my mail server wont send to this destination address and I
> have no idea why. Can someone tell me how I can better examine this
> situation to understand whe
er on that IP isn't answering.
# telnet 198.186.193.20 25
Trying 198.186.193.20...
Connected to 198.186.193.20.
Escape character is '^]'.
220 share.docforge.org ESMTP Postfix
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Ben
o connect to remote host: No route to host
What is the output of traceroute 198.186.193.20 ?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 |
* Luciano Mannucci :
> Dec 3 14:21:51 baobab postfix/smtpd[15814]: warning: unknown smtpd
> restriction: "`"
Some (map) lookup returns "`"
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Frankl
heir
> message has been tossed and not delivered. For obvious reasons you
> can't do this as a bounce to the From: or Reply-To: header emails so it
> has to happen during the initial MTA transaction. Can someone point me
> to a how to for this? Thanks, Tom
Run amavisd-new as
* Marty Anstey :
> I don't think you can pass messages directly to spamc/spamd in a
> before-queue scenario.
Yes, that's because it doesn't speak SMTP
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Cam
* Alexander :
> Mr Rob0,
> I really take exception to your insulting language.
Which insulting language?
He simply told you to send plain text mail and even answered your
question.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
hrough
> the first transaction. Or does amavisd reference postfix's
> configuration at all?
Postfix doesn't accept mail to non-existing recipients by default.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Fran
* JORGE CARMINATI :
> Hi all! I'm trying to integrate Postfix (chrooted) with ClamAV and am
> looking for some information about this. It seems that the old
> fashioned style of configuring Postfix + amavisd-new now days is not
> recommended (performance)
Says who?
--
he writer.
Neither do I. Virus scanning takes the least amount of time here.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570
And a side note: It doesn't matter how well (or not) clamav-milter
performs if you can't get it running...
But you'll probably get it running, fear not.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Be
* Dennis Putnam :
> I'm trying to set up TLS on Postfix 2.5.5 and 'tlsmgr' keeps getting a fatal
> error on this statement:
>
> tls_random_source = dev:/dev/urandom
Which error exactly?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité -
109892 dropped=648105 entries
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
ant to
> do the same for internal servers, so I would like to now if it´s
> possible to set primary and backup internal servers on the transport
> configuration file
Setup an MX interally :)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin
* Ralf Hildebrandt :
> * Luis Conrado Andrade :
> >
> > Hi,
> >
> > I have this situation
> >
> > 2 postfix accting as a relay for domain.com and 2 internal exchange
> > servers as mailbox server. I have MX records pointing to both postfix
> >
DAV/2 SVN/1.5.4 PHP/5.2.6-3ubuntu4.4 with
> Suhosin-Patch mod_python/3.3.1 Python/2.6.2 Server at ftp.wl0.org Port
> 80
>
> I don't know who to report this to since there is no 'contact' or
> 'webmaster' address on the page.
I fixed it.
--
Ral
100101 these minutes; maybe something
changes.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
* Ralf Hildebrandt :
> I updated to postfix-2.7-20100101 these minutes; maybe something
> changes.
postfix-2.7-20091228-nonprod was the old version that caused all the
logentries.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
* Wietse Venema :
> Introduced 20091227, fixed 20091230 (dangling pointer in event manager).
Yes, I'm not seeing those in 20100101
> Sometimes non-production software has a defect.
That's why I'm reporting them...
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilu
ed to 4.8.24-1 (debian version
numbers). Let's see what happens.
If I'm still getting the errors, I'll turn off the automatic cache
cleanup
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
H
* richard lucassen :
> Hello list,
>
> I want to send once a week a simple mail to a list of 3000 recipients. I
> can set smtpd_recipient_limit and smtpd_recipient_overshoot_limit to
> higher limits, but is there a better way to handle this?
Use an MLM
--
Ralf Hildebrandt
Gesc
e=791, nrcpt=1 (queue active)
That's the envelope, not the header
> From: testm...@library.state.or.us
There's no " " behind "testm...@library.state.or.us"
> Output of postconf -n :
it lists no header_checks
> Can someone help with th
/ REJECT
^space
Look at the space after testm...@library.state.or.us
Remove it.
A nice twist for analysis is this:
/^From:/ WARN
/^From: testm...@library.state.or.us/ REJECT
That way you can see how postfix percieves the headers.
--
Ralf Hildebrandt
Geschäft
* Port Able :
> Hi,
>
> What is the proper command that a client can use to send an email using
> Postfix?
sendmail
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berli
ting into feedback
loops at major email providers
* get into the feedback loops at major email providers
* SPF
* good reputation (e.g. SenderBase, senderscore)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenbu
llowed:
The originator fields of a message consist of the from field, the sender
field (when applicable), and optionally the reply-to field. The from
field consists of the field name "From" and a comma- separated list of
one or more mailbox specifications.
--
Ralf Hildebrandt
Gesc
what to do for that command, as I don't know which command is
> that...
> Can anybody tell me, is there any command of less than 4 alphabets, postfix
> sends
4 letters.
Hmm.
EXPN, VRFY, HELO, EHLO, STARTTLS, ETRN,...
Hm, I'd think the commands are 4 letters or more.
--
Ralf Hi
550 5.1.2 Your reverse DNS entries are off
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
* Jaroslaw Grzabel :
> Ralf Hildebrandt wrote:
> > Use an access(5) map on the client:
> >
> > check_client_access hash:/etc/postfix/nice_reject
> >
> > with:
> >
> > unknown 550 5.1.2 Your reverse DNS entries are off
> >
> >
>
e PTR. So I don't want to reject them.
Which restrictions are you using?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
check_policy_service inet:127.0.0.1:2525,
> reject_unverified_recipient,
> permit
And where is the check that needs to have aa nice error message?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité -
ejected: "Fix your reverse DNS..."
> >
> >
> OK, but the problem is at this moment that I'm afraid that some host
> presented as unknown here will be rejected even if they have reverse
> DNS. Do you know what I mean ?
Yep. unknown is applied for more clients
* Carlos Williams :
> cause any redundant checks or worse, break something. Can you guys
why not use soft_bounce = yes :) ?
> check_helo_access pcre:/etc/postfix/helo_checks.pcre,
And what is the content of the file?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Ne
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net
smtpd_data_restrictions =
reject_unauth_pipelining,
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel.
sier to read :)
> Are you suggestion I leave 'smtpd_helo_restrictions =' blank on my
> main.cf or should I omit that completely since there are no variables
> for this trigger?
That is the same :)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Univ
* tobi :
> @Ralf
> would it not make more sense to place check_sender_access before the
> check_policy_service? Otherwise you might greylist senders you don't
> want (like maillists)
I was thinking about this as well... Up to you I guess :)
--
Ralf Hildebrandt
Geschäftsberei
nton sends mail to bertha, the the verification is done HOW?
Like:
MAIL FROM:
RCPT TO:
?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 45
* Jaroslaw Grzabel :
> Ralf Hildebrandt wrote:
> > Which sender? If anton sends mail to bertha, the the verification is done
> > HOW?
> >
> > Like:
> > MAIL FROM:
> > RCPT TO:
> > ?
> >
> >
> Hi Ralf,
>
> If emails comes from
* Jaroslaw Grzabel :
> Ralf Hildebrandt wrote:
> > Some systems block mail if sender and recipient are the same!
> > Especially if THEIR sender is used coming from the outside...
> >
> Sorry but It's not that what I meant. You misunderstood me.
> > BUT verif
* Ansgar Wiechers :
> Sounds to me like you're trying to do something like callback
> verification [1].
Yes he is. We're talking about details of that here.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus B
rejections (other than the
> obvious -- get dba...@example2.com to fix his address book)?
Hm, you could try and alias " soli...@example.com" to
"soli...@example.com"
But how???
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin B
* Victor Duchovni :
> This said, far better to just reject this, and let the sender correct
> their address list.
Yes.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
smtpd
> -o local_transport=vpn-procmail
smtpd knows no "local_transport"
see man smtpd
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 1
* Eero Volotinen :
> Hi,
>
> One problem: how to force postfix to deliver one outgoing host via
> other smtp relay? /etc/postfix/transport ?
Yes. man 5 transport
> smtp server is delivering all mails directly via smtp without
> smarthost.
>
> --
> Eero
--
Ralf Hil
>
> WORKS BUT ADDS IT MULTIPLE TIMES:
>
> /^/ PREPEND MyString
>
>
>
> DOES NOT WORK:
>
> /^DomainKey-Signature:$/ PREPEND MyString
/^From:/ PREPEND MyString
Please note:
When prepending text before a message header line, the prepended text
must begi
* AMP Admin :
> WORKS BUT ADDS IT MULTIPLE TIMES:
>
> /^/ PREPEND MyString
This matches EVERY header line
> DOES NOT WORK:
>
> /^DomainKey-Signature:$/ PREPEND MyString
This matches a header line like:
DomainKey-Signature:
(with NOTHING after the :)
--
* Victor Duchovni :
> On Thu, Jan 28, 2010 at 05:41:03PM -0600, AMP Admin wrote:
>
> > just in case anyone comes across this I got it sorted with the following:
> >
> > /^Subject: .*/ PREPEND MyString
>
> This is still wrong.
Because it doesn't contain a
* fakessh :
> > Eh? 0.3.1 is the current version, so how is 0.2.2 'up to date'?
>
> attention
>
> 0.3.1 is the current version , so 0.2.2 is 'up to date'
That's probably some sort of twisted Debian humor .)
message and send a NDR
> at the same time?
Use an error: transport
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570
* Arora, Sumit :
> Using message_size_limit, message size will be limited
> But want to limit attachment size, not message size.
One might argue these two values are intertwined.
But individual enforcement is not possible
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
C
;
> Is there a way to call a script at the transport level that can return a
> transport:destination value?
You can do that using a tcp_map. Look for "grinch"
(http://www.zonque.org/projects/grinch/), you can adjust that to your
needs and use it in transport_maps
--
Ralf Hildebran
of the problem. The client should retry the request later.
200 SPACE text NEWLINE
The request was successful. In the case of a lookup request, the
text contains an encoded version of the requested data.
--
Ralf Hildebrandt
Geschäftsbereich IT
ven using (smtp_)fallback_relay.
It's probably easier to set up an (internal) MX record with the
appropriate preferences:
clientsdomain.co.uk MX 10 xxx.xxx.xxx.xxx
clientsdomain.co.uk MX 20 yyy.yyy.yyy.yyy
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - U
* Vladislav Antolik :
> Hello,
>
> I have the same problem, but I don't want to use MX lookup.
> Is there any possibility to do it?
Only with MX lookups
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus
permit_sasl_authenticated
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
* Ralf Hildebrandt :
> You need restriction classes for that :)
I suck. I left out the restriction classes...
> > smtp_recipient_restriction =
> > permit_mynetworks
> > permit_sasl_authenticated
>
> smtpd_recipient_restriction =
>check_client_acces
* Неворотин Вадим :
> Cool)) But then how to combine permit_sasl_authenticated and
> permit_tls_clientcerts? The purpose is to allow send mails only for users
> with valid certificate and valid login+password)))
Phew. Dunno.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
* Неворотин Вадим :
> Mmm... Unfortunatelly, I can't understand how combine
> permit_sasl_authenticated and permit_tls_clientcerts with access_maps.
You can't, since both return PERMIT
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin
* Ralf Hildebrandt :
> * Неворотин Вадим :
> > Mmm... Unfortunatelly, I can't understand how combine
> > permit_sasl_authenticated and permit_tls_clientcerts with access_maps.
>
> You can't, since both return PERMIT
One idea would be to use a policy daemon. The dae
ll be good to add state values
> (something like $is_from_mynetwork, $is_sasl_authenticated,
> $has_valid_certificate and so on) to Postfix configuration, and add ability
> to use logical operations with this variables to decide permit, reject,
> defer etc.
Yes, you can do that u
check_recipient_access pcre:/etc/postfix/recipients_default
// REJECT rejected for testing purposes
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 1
patibility in Postfix? I'm assuming in the example
> above
> that the .pcre file actually contains pcre syntax, not regexp syntax.
It's a naming issue only.
One would OF COURSE name pcre files .pcre and regexp files .regexp (or
similar).
--
Ralf Hildebrandt
Geschäf
o I assure that the normal text is displayed instead of the asterisks?
Disable the smtp protocol fixup feature in the PIX.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30
Of course ALL changes are "ones own risk"
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
ber of changes: Stick with the Apple
version.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
T
The key "*" is not defined (man 5 access)
Are you sure using the HELO is a smart idea?
Better:
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/smtp.domaineok.com
reject
/etc/postfix/smtp.domaineok.com contains:
smtp.domaineok.com OK
--
Ralf Hildebrandt
Geschäftsbereich IT
_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access,
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 96
ing (note that this is
the default for some versions of Postfix). Other‐ wise, specify
.domain.tld (note the initial dot) in order to match subdomains.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm
* Len Conrad :
> is this param server-wide, or can it be present in smtpd_*_restrictions ?
Settings in smtpd_*_restrictions ARE server-wide.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30
be removed from Postfix; use
> "reject_rbl_client domain-name" instead
Use "reject_rbl_client zen.spamhaus.org" in smtpd_*_restrictions
instead of using the deprecated "reject_maps_rbl zen.spamhaus.org"
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Ch
* Patric Falinder :
> Try using reject_rbl_client instead of reject_maps_rbl as it says in
> the logs.
>
> reject_rbl_client = zen.spamhaus.org
No, that's wrong syntax
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
* mouss :
> > Your DNS lookups are broken:
...
> or spamhaus blocks his DNS server.
Yes, but that's within my interpretation of "Your DNS lookups are
broken" :)))
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
201 - 300 of 1381 matches
Mail list logo
