reign host.
Would a Postfix instance trigger postscreen of another instance?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570
* Ralf Hildebrandt :
> Today I found this in my log:
> Jan 12 22:39:39 mail postfix/postscreen[17030]: COMMAND PIPELINING from
> [216.46.18.51]:58366 after QUIT
>
> So I wondered -- "after QUIT?" and had a look at the client:
>
> mail:~# host 216.46.18.51
> 51.
tfix-2.8-20110109 as well (now).
Let's see what happens.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hild
idr
which is exactly what I'm using.
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
seems to work, though
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin
The POSTSCREEN_README mentions:
"See the postscreen_access_list manpage documentation for more details."
./man/man8/postscreen.8 is the only man page with postscreen as part
of the name - it does mention postscreen_access_list.
man 5 postconf is also not listing postscreen_access_list
.gz
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
s for postscreen_whitelist_networks and
> postscreen_blacklist_networks
Odd, I replaced then and get no warnings.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30
Which it is, in my case :)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
* J4 :
> Hi there,
>
> I set-up Postfix to enforce quotas using this in the main.cf:
This is a patched, unsupported postfix.
Whose patch is it?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hinde
* J4 :
> On 01/19/2011 02:04 PM, Ralf Hildebrandt wrote:
> > * J4 :
> >> Hi there,
> >>
> >> I set-up Postfix to enforce quotas using this in the main.cf:
> > This is a patched, unsupported postfix.
> > Whose patch is it?
> >
> Hi Ralf,
until
> its in the Debian repos. At least I can keep this stable. I can live
> with a Postfix patch for the timebeing. I shall move to Dovecot 2 when
> it is in the Debian squeeze repositories.
It won't be (as far as I know)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Ne
* /dev/rob0 :
> On Tue, Jan 11, 2011 at 09:46:42PM +0100, Ralf Hildebrandt wrote:
> > smtpd_reject_footer = Contact postmaster at charite.de for assistance
> > caused a SIGNIFICANT increase in postmaster tickets :|
>
> Are these issues that you're able to help them wi
* Ralf Hildebrandt :
> mail.charite.de (on the other hand) was running postfix-2.8-20110109.
> Still no proof of anything, but maybe there's something.
>
> I upgraded mail.python.org to postfix-2.8-20110109 as well (now).
> Let's see what happens.
It was probably no
* Ralf Hildebrandt :
> # awk '/postfix\/postscreen.*COMMAND PIPELINING.*after QUIT/ {print $9}'
> /var/log/mail.log | awk -F: '{print $1}'| sort | uniq -c | sort -n
> 7 [200.124.146.99]
> 7 [209.172.40.211]
>
> 10 [216.46.18.
check pcre config.
You'd have to subject the bounces to the internal filtering:
internal_mail_filter_classes
BUT: In that case the BOUNCE MESSAGE will be subject to filtering -
meaning it's not clear if the header is in the original mail OR in the
attached mail (in the bounce).
So I'd
n Thu, Jan 20, 2011 at 4:59 PM, Ralf Hildebrandt <
> ralf.hildebra...@charite.de> wrote:
>
> > * Joe Wong :
> > > Hello,
> > >
> > > I would like to know if there is possible to configure postfix not to
> > > bounce a message if it contain c
* Condor :
> smtpd_helo_restriction =
smtpd_helo_restriction**S**
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570
er. Also i see
> that spam ip-s that is blocked on bl.spamcop.net for example still can
> send me email. That rule reject_rbl_client bl.spamcop.net does not block
> them. Any one can help and tell me where is my mistake ?
>
>
> --
> Regards,
> Condor
>
--
Ralf Hildeb
format.
> /[!%\@].*\@/550 This server disallows weird address syntax.
> /^postmaster\@/ OK
> /^hostmaster\@/ OK
> /^abuse\@/ OK
> /^nobody\@/ REJECT
This is an open relay that allows relaying to
postmaster, hostmaster, abuse at any domain.
Admittedly that
8.pdf
und dies hier in Deutsch:
http://www.weblearn.hs-bremen.de/risse/papers/IIAkolloq080115/elliptic.pdf
Short: The 2007 PDF says that the best known attacks against ECC are
"worse" than for RSA, DSA, DH.
Thus one can use shorter key lenghts giving the same level of security.
-
* Ralf Hildebrandt :
> I can recommend this PDF:
> http://blogs.sun.com/jyrivirkki/resource/ECC-TLS-BOF-6958.pdf
> und dies hier in Deutsch:
> http://www.weblearn.hs-bremen.de/risse/papers/IIAkolloq080115/elliptic.pdf
>
> Short: The 2007 PDF says that the best known attac
* Ralf Hildebrandt :
> Incidentially, I recompiled Postfix against opensssl-1.0 yesterday :)
> I still have to find out if the DFN-PKI-CA (which we're using) is
> issuing certs on ECC keys
>
> I could just try that :)
> Like... now :)
Doesn't work. It triggers an e
* Stefano Mason :
> Sometimes the "postscreen" process behaviour is:
>
> ( After postfix stop, another postscreen is started, look PID number! )
Yes, I've seen this once or twice, but assumed it was somehow my fault.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abte
* Wietse Venema :
> The postscreen daemon creates a child and finishes work in the
> background. The parent terminates immediately.
Meaning it's safe to igore and it will go away eventually. Fine.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universi
* JKL :
> >> How many Postfix master daemons are running on your machine?
Meaning:
ps auxwww|grep master
> Sent again, as I do not think this Email made it through.
It made it through, but it didn'T answer the question!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung N
've done that for python.org and it took me 3
months (setting everything up, cleaning list, fixing settings) of my
spare time.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berli
ed as a solution. I don't recall seeing feedback from that OP
> regarding that solution. In this case I'd say no negative feedback
> means it's working.
Of course it's working. In fact it can be the first step towards the
optimal solution (from an artistic point of
> mydestination = localhost.localdomain, localhost
> myhostname = klunky.co.uk
...
> virtual_mailbox_domains =
> proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
Just for kicks, try:
postconf -e "mydestination ="
postfix reload
Then check again.
* Michael Orlitzky :
> but one web server is running Mailman and can't do that (I think?)
If it has a seperate domain for lists, you can use:
lists.domain.com local:
in transport_maps and thus route that one domain to local:
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
=2.7, delays=2.7/0/0/0, dsn=5.0.0,
> status=bounced(Local delivery is disabled.)
>
> The more I think about it, the more I think it should have worked. I'll
> try again once things slow down a bit (5pm).
postconf transport_maps
is showing what?
--
Ralf Hildebrandt
Geschä
ote users from masquerading as local users to bypass policies
--> You can use smtpd_sender_login_maps and the restriction
reject_authenticated_sender_login_mismatch to prebent users from
faking sender addresses
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwe
x27;d need
multiple instances for that.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
t; root privileges?
Yes.
> Is it not a risk running master as root (the same reason for running
> other processes as unprivileged) ?
It must bind to ports < 1024 AND it must be able to spawn processes as
other, unprivileged users.
--
Ralf Hildebrandt
Geschäftsbereich IT | A
tpd_data_restrictions =
> reject_unauth_pipelining,
> permit
>
> #########
>
> It works but I suspect it needs some corrections and tuning.
> Any suggestions and comments are welcome.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netz
cbl.abuseat.org,
> reject_rbl_client zen.spamhaus.org
becomes:
smtpd_client_restrictions =
hash:/etc/postfix/client_restrictions
> disable_vrfy_command = yes
>
> smtpd_recipient_restrictions =
Is kept like it was
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
* Ralf Hildebrandt :
The resulting set of restrictions after cleaning up:
> > smtpd_helo_required = yes
> > smtpd_helo_restrictions =
> > smtpd_client_restrictions =
> > hash:/etc/postfix/client_restrictions,
> > disable_vrfy_command = yes
&g
* Aggelos :
> smtpd_helo_restrictions should be empty?
Yes.
> reject_rbl_client cbl.abuseat.org isn't needed?
It's included in zen
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgd
client dbl.spamhaus.org,
> reject_rhsbl_sender dbl.spamhaus.org,
> reject_rhsbl_helo dbl.spamhaus.org,
> permit
It looks OK to me
> The check_backscatterer file setup is as suggested on
> http://www.backscatterer.org/?target=usage, with the exception of
>
ore I go through the steps of doing that, what's the advantage
> to doing so over just using hash: ? We don't get massive amounts of
> incoming mail, so I'm not sure if there'd be a noticeable performance
> improvement.
OK; in that case no need to recompile :) M
* David Touzeau :
> Did anyone have tips to integrate PostScreen with SenderBase DNSBL has
> the Cisco IronMail blacklist ?
Please rephrase and please do mention how one would query the
SenderBase DNSBL!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
C
sm, it is
> unlikely that postfix can natively support it.
>
> If it uses the common query method, just add it to your list of DNSBLs.
>
> Have you tried using it ?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Fran
* Stan Hoeppner :
> Ralf Hildebrandt put forth on 2/4/2011 2:18 AM:
> > * Jeroen Geilman :
> >
> >> I think Ralph meant: do you have an example how one would query this DNSBL
> >> ?
> >
> > Is there public documentation for using the SenderBase DNSBL
ver is a virtual mail server
> With mysql backend
What exactly IS your performance problem? Sending? Receiving? Local
delivery? How are you measuring?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30
ssful
> In: MAIL FROM:
> Out: 250 2.1.0 Ok
> In: RCPT TO:
> Out: 451 4.3.0: Temporary lookup failure
> In: RSET
> Out: 250 2.0.0 Ok
Please show the logs for exactly that error. Because the logs show
WHAT failed (DNS, or mysql lookups)
--
Ralf Hildebrandt
Geschäftsberei
ations (latin1_swedish_ci,IMPLICIT) and
> (utf8_general_ci,COERCIBLE) for
> operation '='
> Feb 4 00:00:58 localhost postfix/trivial-rewrite[2579]: warning:
> transport_maps lookup failure
> Feb 4 00:00:59 localhost postfix/trivial-rewrite[2579]: warning:
>
* Reindl Harald :
> > Way to make your case.
>
> sorry, but this was the only right answer for you can not
> use dns-forwarder and blacklists"
Well, you cannot use (for example) zen.spamhaus.org via 8.8.8.8 or
8.8.4.4
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilun
> spam.
Is the ironport br0ken or why are you getting so much spam (I assum
you're getting spam, not sending it).
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel
* Ultrabug :
> Hi list,
>
> I have a client platform trying to send me a mail with a non-RFC
> compliant sender address like '-test-mai...@mydomain.com'.
allow_min_user = yes
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Be
* lst_ho...@kwsoft.de :
> virtual_alias_maps is used for domains listed in
> virtual_alias_domains (= virtual alias domain class)
No, it's always applied!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjam
owed, what is the correct table format
> (if the above is not correct)?
That's documented:
In all cases the result of table lookup must be either "not found" or
a list of SASL login names separated by comma and/or whitespace.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
resses are mapped to
> many SASL login usernames), it's just formatted differently.
Yes
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax:
300s
and I'm not sure how
smtp_connection_reuse_time_limit = 300s
could be lowered in such a way that busy destination MXes are not
keeping a lot of mail in the active queue...
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Be
iases file?
postalias -s hash:aliases
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
* Ralf Hildebrandt :
> Goal:
> =
>
> Make mails go to a target server within 60s.
> Target server is defined as either:
>
> * the MX host of the destination domain
> * my smtp_fallback_relay which keeps trying delivery
> It's really fast and can take a lot o
tting is applicable to fallback_relay, you would
> want to keep that one open indefinitely.
>
> You could either lower this value, or increase the limit on smtp
> processes, or both.
>
>
>
> --
> J.
>
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
-use time-limit to match,
OK, then I should definitely drop that to a much lower value!!
> or leave it higher, it does not harm if the servers don't object.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
ostfix/smtp:
bad command startup -- throttling
Feb 13 11:07:05 mail postfix/error[24746]: 98D0E1C3633:
to=, relay=none, delay=7.5, delays=6.7/0.75/0/0,
dsn=4.3.0, status=deferred (unknown mail transport error)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
C
* Ralf Hildebrandt :
> postfix-2.9-20110212 is segfaulting in smtp:
>
> Feb 13 11:07:04 mail postfix/postfix-script[24738]: starting the Postfix mail
> system
> Feb 13 11:07:04 mail postfix/master[24739]: daemon started -- version
> 2.9-20110212, configuration /etc/postfix
* Wietse Venema :
> Ralf Hildebrandt:
> > This seems to be TLS related, since it happens whenever TLS is being
> > used.
>
> Here is a patch. This part of the TLS library still needs to be
> restructured. There is redundancy in the internal APIs: multiple
> function a
dr.arpa domain name pointer smtp.academicjobseu.com.
$ host smtp.academicjobseu.com.
smtp.academicjobseu.com has address 212.89.81.106
212.89.81.105 != 212.89.81.106
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hi
; # host 212.89.81.105
> 105.81.89.212.in-addr.arpa domain name pointer smtp.academicjobseu.com.
> # host 212.89.81.106
> 106.81.89.212.in-addr.arpa domain name pointer smtp.academicjobseu.com.
$ host smtp.academicjobseu.com
smtp.academicjobseu.com has address 212.89.81.106
106 != 105
--
erested in this?
basically I want to show that it's NOT lingering in the queue after
it has been scanned for viruses and reinjected into the queue
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm
* Wietse Venema :
> Ralf Hildebrandt:
> > Is there a way of getting a log entry that documents when Postfix is
> > trying to actually deliver a mail?
>
> The queue manager connects to the UNIX-domain socket for a particular
> delivery agent such as smtp(8) or local(8),
looked only at the end of the line :-(
> so they have a poor setup
That's a very commonplace error.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
* Nikolaos Milas :
> Wietse,
>
> Would you have any plans to integrate in Postfix support for global
> AND per user mailbox quotas supporting both Maildir and MBOX?
But why? dovecot (which has an LMTP server and a LDA) can do both.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteil
7:48:25 buzon postfix/pipe[8263]: 2169CC7758:
> to=, relay=dovecot, delay= *13*, delays=
> *0.83/11/0/1.2*, dsn=2.0.0, status=sent (delivered via dovecot service)
The mail stays in the queue for a longer time. Probably because the
dovecot transport is busy (qmgr is waiting for a delive
* Linda Pagillo :
> Will Postfix always accept mail from null senders by default
Yes, to valid recipients.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30
.
It comes after 40s!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
* Ralf Hildebrandt :
> * Richard Smits :
> > Hello,
> >
> > We have a problem in SMTP communication with some external
> > mailservers. I will explain.
> > If i do a telnet to port 25 on a remote server, I get no greeting
> > message, it just waits. I
s_maps =
cidr:/etc/postfix/smtpd_discard_ehlo_keyword.cidr
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
ssue with OpenSSL (at least it has been
mentioned some time ago on this list).
> I also think that the "flavor" option has some importance. If it
> allows Postfix to be more widely used in a way that is comfortable to
> IBM, then I think that is a good thing.
Agreed.
n PATCHED
into Postfix.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
uilt by some of the original
authors of MySQL, with assistance from the broader community of Free
and open source software developers. In addition to the core
functionality of MySQL, MariaDB offers a rich set of feature
enhancements including alternate storage engines, server
optimizations, and pat
.brunosrl.net instead of host-247-92.91-212.enter.it
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
* mouss :
> seems promissing, but a fork like that requires a year or so to see
> what gets out of it. so either the guys are very good and they'll get
> out with a great success, or the project will die.
Yes. Promising, to say the least.
--
Ralf Hildebrandt
Geschäftsbereich
say...
> # free
> total used free shared buffers
> Mem:6204048348136920 5916
> Swap: 5242840 524284
> Total: 586324 48348 537976
>
> Best regards,
* john :
> What hardware are running openwrt on?
Sounds like a MIPS based OpenWRT system, e.g. a WRT54g (am I correct?)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel.
estrictions?
Yes.
> Or I must put each restrictions in each stage?
No.
--
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.computerbeschimpfung.de
"You know the world is going crazy when the best rapper is a white
guy, the bes
ished. But what does the "20" signify?
--
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.computerbeschimpfung.de
Now that we know Microsoft's plan for world domination isn't superman
supposed to come out and kick some ass?
* Stefan Palme :
>
> On Tue, 2009-06-16 at 16:43 +0200, Ralf Hildebrandt wrote:
> > I'm trying out postscreen. No unexpected explosions so far.
> > ...
>
> May I ask what exactly "postscreen" is? I've never heard about it
> and can not find any re
me kind of
dialup. maybe I'll whip up some gnuplot graphs...
--
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.computerbeschimpfung.de
In brightest day, in blackest night
no evil shall escape my sight!
for those that worship evil's mi
:)
> Early results indicate that 1/3 of all the "new" hosts is a
> pre-greeter, at least with my own porcupine.org mail server.
> I may report more at the Berlin mailserver conference.
I'm collecting data at python.org and here...
--
Ralf Hildebrandt
Postfix - Einrichtung
* Ralf Hildebrandt :
> % awk '/PREGREET/ {print $NF}' /var/log/mail.log |sort | uniq -c | sort -n
>
> emits
> ...
> 25 urhousecareer.info??
> 26 dmx1.bfi0.com??
> 104 freenet.de??
> 111 gmx.de??
> 113 t-online.de??
> 113 w
is a little bit complicated and refer to MMS center. I use a
> postfix like a SMTP proxy for modification and so on.
Aha.
--
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.computerbeschimpfung.de
What about the four lusers of the ap
rfaces = IP1
smtp_bind_address = IP1
and the other
inet_interfaces = IP2
smtp_bind_address = IP2
but that's somewhat obvious. Setting myhostname properly would also
make sense.
--
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.compute
client safe.dnsbl.sorbs.net,
> reject_rbl_client cbl.abuseat.org,
>
> Since the end of May blacklisting is performing worse. Is there an
> explanation for this?
Of course.
Read: http://dsbl.org/
Remove list.dsbl.org
Replace pbl.spamhaus.org with zen.spamhaus.org
Remove cbl.abuseat.org, which i
* Ralf Hildebrandt :
> Of course.
>
> Read: http://dsbl.org/
> Remove list.dsbl.org
>
> Replace pbl.spamhaus.org with zen.spamhaus.org
>
> Remove cbl.abuseat.org, which is included in cbl.abuseat.org
Remove cbl.abuseat.org, which is included zen.spamhaus.org :) (sorr
* K bharathan :
> my setup:
> external relay1 -->internal postfix mail server
>
> how can i restrict postfix to receive only mails from relay1; can i do it
> through a access map?
mynetworks = externalrelay1
smtpd_recipient_restrictions =
permit_mynetworks
reject
--
Can I change hash_queue_depth on the fly? I mean, with a queue already
filled? If so, how? stop, change, start?
--
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.computerbeschimpfung.de
Wenn die Leute mit dem Logfile die IT-Kompetenz von
* Wietse Venema :
> Ralf Hildebrandt:
> > Can I change hash_queue_depth on the fly? I mean, with a queue already
> > filled? If so, how? stop, change, start?
>
> If you don't change hash_queue_depth of the active queue, edit
> main.cf, then "postfix reload".
* The Doctor :
> I am contemplating howto use spamassassin effectively with postfix.
Usually we use amavisd-new
* The Doctor :
> I tried runing amavisd but it is running into weird errors.
It's the wrong list here, but usually one shows the errors and is
being helped :)
* Wietse Venema :
> Perhaps there a case of name confusion. There are several tools
> that have "amavis" in the name. The one that reportedly works well
> with Postfix is called "amavisd-new".
Well, the other project are dead, really. amavis is nowadays synonym
for Mark^h^h^h^hamavisd-new.
Anyw
* Sahil Tandon :
> Noel are you suggesting something might not work for me because I don't
> know how to use it? Blasphemer!
Sigged.
* The Doctor :
> Anyway to use the spamassassin headers to reject mail
> instead of using amavisd?
amavisd-new USES Mail::SpamAssassin
* Steve :
> Hi,
>
> I'm running through the brilliant 'Book of Postfix' and running into
> some confusion with anvil/rate control - specifically syntax. around
> page 384
>
> smtpd_client_connection_limit_exceptions =
> smtpd_client_connection_rate_limit = 3
> smtpd_client_connection_count_limit
* Ralf Hildebrandt :
> > Which makes me wonder what the right syntax should be. Has the syntax
> > changed since the box was produced or is it going to change in the near
> > future?
>
> The former. The concept stays the same, though.
Reason: When the book was writte
* Steve :
> smtpd_client_event_limit_exceptions = my_networks
smtpd_client_event_limit_exceptions = $mynetworks
> or
>
> smtpd_client_event_limit_exceptions = my_networks, 1.2.3.4, 5.6.7.8
smtpd_client_event_limit_exceptions = $mynetworks, 1.2.3.4, 5.6.7.8
> and that will be good?
Yep
You
our server. I investigated
>> and found that postfix was rejecting the sending server with:
>> NOQUEUE: reject: RCPT from bb02d1.eurorscg.com[69.74.116.40]: 554 5.7.1
>> : Client host rejected: Access
>> denied;
>
> This looks like a REJECT from a check_client_
[1]xremov...@psyop.tv> proto=ESMTP
>helo=
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
501 - 600 of 1566 matches
Mail list logo