Wietse Venema put forth on 8/17/2010 6:11 AM:
Stan Hoeppner:
Wietse Venema put forth on 8/16/2010 2:36 PM:
Stan Hoeppner:
Google uses less than 1/10th of 1% Enterprise grade hardware, using the
typical definition of Enterprise grade, in their operations. And Google
is
the undisputed
Robert Fournerat put forth on 8/19/2010 4:46 PM:
Quoting Noel Jones njo...@megan.vbhcs.org:
Same here. reject_unknown_client_hostname is too strict, but
reject_unknown_reverse_client_hostname rejects lots of obvious spambots
without resorting to an RBL lookup. The false-positive rate is
Erwan David put forth on 8/20/2010 4:23 AM:
On Fri, Aug 20, 2010 at 10:39:48AM CEST, Stan Hoeppner
s...@hardwarefreak.com said:
Robert Fournerat put forth on 8/19/2010 4:46 PM:
Quoting Noel Jones njo...@megan.vbhcs.org:
Same here. reject_unknown_client_hostname is too strict
Klaus Engelmann put forth on 8/20/2010 2:32 PM:
Stan, thanks for your answer.
Searching heavily the list I found that this problem was related to
firewall issues, specially when the firewall does a sort of SMTP
(layer 7) validation or check.
I disabled some features on my H3C firewall
Magnus Bäck put forth on 8/22/2010 10:04 AM:
On Sunday, August 22, 2010 at 16:01 CEST,
p...@alt-ctrl-del.org wrote:
So I have,
smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,
check_helo_access regexp:/etc/postfix/heloaccess.cf
If I put the following into heloaccess.cf, for
Wietse Venema put forth on 8/22/2010 11:13 AM:
Stan Hoeppner:
That's not necessarily true. It depends on the order of his
smtpd_*_restrictions and whether he's using delayed evaluation. If he's
using the multiple section restrictions style with delayed eval it's
possible he may have an OK
Stan Hoeppner put forth on 8/22/2010 7:34 PM:
So if we reverse the scenario and put the REJECT first, it's a final
decision? If so, and if I've described the situation correctly, why do
we have this opposite behavior between whitelisting and blacklisting?
If I've not described this correctly
Noel Jones put forth on 8/24/2010 2:18 PM:
- This is specific for dnswl.org. Postfix needs a general mechanism.
Other whitelists are not required to follow dnswl.org's 127.0.x.y
mechanism.
Yeah, I used this example as dnswl is, afaik, the most established of
the dns whitelists. I haven't
Wietse Venema put forth on 8/24/2010 2:37 PM:
With reject_rbl_client etc. Postfix can use different DNSXLs names
in different access lists, and filter the result. For example, to
select responses from some.example.com with value 127.0.0.4:
smtpd_mumble_restrictions =
...
Steve Linford put forth on 8/25/2010 8:27 AM:
Just to add to the mix if Postfix is working on whitelist implementation...
Spamhaus has assigned 127.0.2.0/24 for whitelist return codes. The new
Spamhaus Whitelist (SWL) due out very shortly will return 127.0.2.2 and
127.0.2.3 and Spamhaus'
Would anyone happen to have an example guide showing the proper
master.cf and main.cf parameters for setting up daemonized spamassassin
to run super selectively via FILTER?
I've reached the point that I'm killing about 98% of my spam load but
I'm tired of the few phish/419 that make it into my
Wietse Venema put forth on 8/25/2010 4:27 PM:
Noel Jones:
As I see it, there are two complementary paths we can take
with DNS whitelists, each with a slightly different purpose.
While these are both useful, neither depends on the other, so
postfix can implement either or both.
I'll read
Noel Jones put forth on 8/25/2010 10:11 PM:
In that case, don't use an access table with FILTER; use content_filter
or smtpd_proxy_filter to filter all mail.
(For wildcard access tables, use a regexp table. But for this
application, use content_filter.)
Let me try to make this really
pf at alt-ctrl-del.org put forth on 8/27/2010 1:23 PM:
Is there any known policy server or add-on, that will change the
tempfail action after a couple of hours, for things like
reject_unknown_client_hostname and reject_unknown_client_hostname?
Sending a reject has problems. I don't want to
Noel Jones put forth on 8/27/2010 2:28 PM:
You'll need to show evidence of that claim. Hotmail passes
reject_unknown_client_hostname here consistently. In fact I have a
check_sender_access map that specifically does
reject_unknown_client_hostname on any @hotmail sender address.
Is there a straightforward (i.e. relatively painless) way to check the
header from, reply-to, and message-id domains against dbl.spamhaus.org
and reject on a positive reply as with reject_r*bl_client?
Without having to write a content filter to be called in action
filter:nexthop in
Wietse Venema put forth on 8/30/2010 1:29 PM:
Victor Duchovni:
On Mon, Aug 30, 2010 at 01:06:28PM -0500, Stan Hoeppner wrote:
Is there a straightforward (i.e. relatively painless) way to check the
header from, reply-to, and message-id domains against dbl.spamhaus.org
and reject on a positive
Patrick Lists put forth on 8/30/2010 4:34 PM:
Hi,
I got a lot of spam lately from dynamic hosts so gradually I have been
adding rules to block them with the help of the rules from
http://gabacho.reto.jp/en/anti-spam/anti-spam-system.html
Unfortunately this type keeps slipping through:
Patrick Lists put forth on 8/30/2010 6:00 PM:
On 08/31/2010 12:40 AM, Stan Hoeppner wrote:
[snip]
/^[12]?[0-9]{1,2}(-[12]?[0-9]{1,2}){3}\.(customer|dsl|dial-up)\.telesp\.net\.br$/
REJECTGeneric - Please relay via ISP (telesp.net.br)
That's all one line, TB wrapped it. You may as well
Charles Marcus put forth on 8/31/2010 6:48 AM:
On 2010-08-30 6:40 PM, Stan Hoeppner s...@hardwarefreak.com wrote:
REJECT Generic - Please relay via ISP (telesp.net.br)
Thanks for this Stan, but just to confirm, was that supposed to be a TAB
between REJECT and Generic?
It doesn't
Charles Marcus put forth on 8/31/2010 11:44 AM:
What the following looked like to me:
REJECTGeneric - Please relay via ISP (telesp.net.br)
was that *everything* rejected by this regex would get the same reject
message:
Please relay via ISP (telesp.net.br)
Apparently that
mouss put forth on 9/1/2010 6:10 PM:
Over 1600 regex patterns matching generic dynamics and statics. Rejects
all generic dynamics, tags generic statics. Provided with no
warranties, use at your own risk, etc. Has worked well here.
http://www.hardwarefreak.com/fqrdns.regexp
Use in
Noel Jones put forth on 9/2/2010 10:41 AM:
On 9/2/2010 10:14 AM, Stan Hoeppner wrote:
mouss put forth on 9/1/2010 6:10 PM:
Over 1600 regex patterns matching generic dynamics and statics.
Rejects
all generic dynamics, tags generic statics. Provided with no
warranties, use at your own risk
Steffan A. Cline put forth on 9/2/2010 10:59 AM:
I can't imagine needing to change them. They are AWESOME!
They work great just as they are. Kills off 80% of the spam at the least.
Thank you, Stan the ma
Given your MX and general system load Steffan, if you edit those three
lines and fix
Noel Jones put forth on 9/2/2010 5:37 PM:
And yes, it is common and acceptable practice to put all restrictions
under smtpd_recipient_restrictions.
Not only common, but as I discovered the hard way, it's very difficult,
nearly impossible, to manage some white listing scenarios if you don't
put
After replacing pflogsumm with logwatch, I've noticed in each summary a
resent stat I wasn't noticing before. What is the significance of
resent-message-id? Log snippet:
Sep 3 11:24:38 greer postfix/smtpd[28881]: 07D976C317:
client=liszt.debian.org[82.195.75.100]
Sep 3 11:24:38 greer
Considering that spam accounts for the bulk of all client connections to
an MX these days, it might be beneficial if we had log data showing
total time per session, not just for queued mail, so an OP can see how
long it's taking to reject at the smtpd stage, as well as time elapsed
when rejecting
Victor Duchovni put forth on 9/4/2010 7:33 AM:
What do you mean by filters?
Spam filters in the form of table lookups and dnsbl queries. I'm
currently processing
12,581 CIDRs
1,568 regular expressions (PCRE)
5 dnsbl lookups
per each inbound connection (assuming no hits). Obviously
pf at alt-ctrl-del.org put forth on 9/7/2010 11:02 PM:
Am I missing something obvious?
With many ISPs providing generic PTR,
reject_unknown_reverse_client_hostname is too gentle.
I'd really like to implement reject_unknown_client_hostname, but I've
seen too many cases where address-name
Diego Lima put forth on 9/8/2010 2:46 PM:
I considered creating a
shellscript that checks the directory for new files and then sends
them using sendmail -t, but that isn't really good performance-wise.
Performance-wise? How many emails are you sending per minute? Unless
you have others
Diego Lima put forth on 9/8/2010 3:33 PM:
Hi Stan,
This is actually a server for a mail marketing company, so I can
expect several thousands of messages per minute being sent from the
system. That's why I was wondering if there was any way to get postfix
to pick up the messages
Nick Edwards put forth on 9/10/2010 2:32 AM:
Before the fans cry foul of why not Dovecot. we have followed the list
thread of what may be a problem with Dovecot its author has identified but
decided is a tuff luck case, he indicates serious corruption risks with
index and caches using
post...@corwyn.net put forth on 9/10/2010 10:28 AM:
Hi!
what I'd like to do is block all emails from individual contries based
on sender email address (.au, .jp, etc)
In reading the docs, it looks like I can block particular domains with
check_client_access and check_sender_access
Is there a way to have locally submitted mail (my_networks) bypass
header_checks when using a single master.cf smtpd instance?
Since implementing Sahil's fine checkdbl.pl tcp server in header_checks,
I've noticed a 1-3 second delay when submitting from my workstation MUA.
Prior to this
mouss put forth on 9/10/2010 5:54 PM:
for header_checks, the option is no_header_body_checks:
http://www.postfix.org/postconf.5.html#receive_override_options
Got it, I think.
for smtpd restrictions:
-o smtpd_foo_restrictions=blahblah
if you want per smtpd header checks,
No. I
Sahil Tandon put forth on 9/11/2010 1:15 AM:
Stan Hoeppner wrote:
Sep 10 22:30:14 greer postfix/smtpd[12354]: before input_transp_cleanup:
cleanup flags = enable_header_body_filter enable_automatic_bcc
enable_address_mapping enable_milters
Sep 10 22:30:14 greer postfix/smtpd[12354]: after
Ralph Seichter put forth on 9/11/2010 4:12 AM:
There were no recommendations so far, and I wonder if that means I do
have to write a before-queue content filter myself? Has nobody else yet
tried to remove headers from submitted e-mail before DKIM signatures are
added?
First hit on Google:
mouss put forth on 9/12/2010 3:46 AM:
=== header_checks_submission.pcre:
/^Received:\s*from\s+\S+\s+\(\S+\s+\[192\.168\.1\.\d+\]\)\s+by\s+your\.server\.example\s+\(Postfix\)/
IGNORE
Isn't this a bit heavy mouss? All he really needs to match is the
RFC1918 address, yes? Something like
Stan Hoeppner put forth on 9/12/2010 5:08 AM:
mouss put forth on 9/12/2010 3:46 AM:
=== header_checks_submission.pcre:
/^Received:\s*from\s+\S+\s+\(\S+\s+\[192\.168\.1\.\d+\]\)\s+by\s+your\.server\.example\s+\(Postfix\)/
IGNORE
Isn't this a bit heavy mouss? All he really needs
Ralph Seichter put forth on 9/12/2010 6:44 AM:
On 12.09.10 12:37, Stan Hoeppner wrote:
Ralph, do you restrict submission to only certain public subnets or
do you allow your users/customers to submit from any network?
Submission is allowed for SASL-authenticated users from any network
Sahil Tandon put forth on 9/13/2010 8:31 PM:
On Mon, 2010-09-13 at 19:20:05 -0400, Matt Hayes wrote:
I've not had to use anything involving a DNSBL and a password before
so just curious what I'm missing.
That is probably because you do not pay for a DNSBL datafeed. :) In such
cases, the
Jeroen Geilman put forth on 9/14/2010 5:56 PM:
On 09/14/2010 04:42 PM, Christian Rößner wrote:
Sep 11 10:34:36 mx0 postfix/lmtp[29594]: 40FC3520A6:
to=ad4f0.5040...@roessner-net.com, relay=127.0.0.1[127.0.0.1]:24,
delay=0.39, delays=0.19/0.06/0.01/0.13, dsn=5.1.1, status=bounced
(host
Vernon A. Fort put forth on 9/16/2010 6:16 PM:
I've read but its not clear (to me) if one can (or should) use rhsbl
sites in postscreen. Well, actually, i did configure but then removed.
http://www.postfix.org/postconf.5.html#postscreen_dnsbl_sites
postscreen_dnsbl_sites (default: empty)
Jos Chrispijn put forth on 9/19/2010 11:11 AM:
I have this email client that takes care of distrubition of email to
different mail folders.
As I now started to read my email with a mobile phone, there is a load
of messages that aren't sorted, as my 'home client' hasn't taken care of
that.
bper put forth on 9/20/2010 3:29 PM:
Hello,
I have set up a postfix-dovecot server with smtp-auth using sasl by
following this link:
https://help.ubuntu.com/10.04/serverguide/C/postfix.html
It seems to be working OK. The only thing is that when I view my logs, I see
a lot of 'relaying
Yang Zhang put forth on 9/20/2010 3:46 PM:
On Mon, Sep 20, 2010 at 12:33 PM, Wietse Venema wie...@porcupine.org wrote:
Yang Zhang:
Can you pinpoint the exact RFC section you're referring to? Thanks.
I will give you as home work to study the following documents:
RFC 821
RFC 2821
RFC 5321
Victor Duchovni put forth on 9/20/2010 6:01 PM:
On Tue, Sep 21, 2010 at 12:56:14AM +0200, Jeroen Geilman wrote:
Yes, when traffic to the destination is light (message deliveries
are spaced multiple seconds or more apart) or is very heavy (message
deliveries are many in each interval equal to
Wietse Venema put forth on 9/21/2010 10:12 AM:
Michael Weissenbacher:
Hi Wietse!
Michael Weissenbacher:
Sep 21 15:04:58 smtp1 postfix/smtpd[14679]: warning: unknown smtpd
restriction: med
That is also a configuration error.
This error was really HARD to track. Took me the whole day. But
bper put forth on 9/21/2010 2:26 PM:
Point taken. I have, and still am, investigating AV scanning. What are your
thoughts on the best solution/fit with postfix?
Someone else will need to answer. I don't do A/V scanning in Postfix.
I simply reject any emails, using mime_header_checks, that
Jeroen Geilman put forth on 9/22/2010 5:06 PM:
I don't know if anybody has run tests of this yet (it's still kinda
new), but it would be instructive to compare a regular postfix setup
(pre-postscreen) to a postscreen setup with fairly strict settings, with
respect to the load when a large
Alejandro Facultad put forth on 9/23/2010 2:58 PM:
A week ago my Postfix server goes down because of error disks...I have to
review
the disks and finally restore a backupI spent one dady and people from my
company had not mail service and they were not happy :)
I need a high
I don't see your master.cf here. In a setup like this I'd assume you
may be running more than one smtpd for submission. master.cf settings
can override main.cf settings. This might explain why you're seeing
behavior different than what main.cf says you should be seeing. Please
post master.cf.
an then with /./ checking it against all_rbls.
Comment out the /./ catch all line and see what happens. I *think*
that's what is happening anyway. Like I said, my regex foo is rather weak.
--
Stan
Michael Orlitzky put forth on 9/23/2010 8:59 PM:
On 09/23/10 21:55, Stan Hoeppner wrote:
I don't see
Michael Orlitzky put forth on 9/23/2010 9:44 PM:
Alternatively, lookup tables can be specified in Perl Compatible Regu-
lar Expression form. In this case, each input is compared against a
list of patterns. When a match is found, the corresponding result is
returned and the search is
Michael Orlitzky put forth on 9/24/2010 2:37 AM:
Ok, I see what's going on. 'unknown' gets looked up first, and so /./
matches it before the client IP address gets looked up. Wouldn't
check_reverse_client_hostname_access suffer the same fate? I think
switching to a CIDR map probably avoids
Sahil Tandon put forth on 9/24/2010 12:10 AM:
Sep 23 10:05:42 mx1 postfix/smtpd[12164]: connect from
unknown[64.191.79.245]
^^^
Nice catch Sahil. I'd momentarily forgotten the fact that
check_client_access goes after rdns host name as well as IP.
--
Stan
Michael Orlitzky put forth on 9/23/2010 8:37 PM:
# sutton-partners.com
/^64\.191\.79\.245$/public_rbls
# mabel.ca
/^70\.38\.108\.42$/ public_rbls
# dsnews.com
/^209\.172\.40\.21[157]$/ public_rbls
Should the carat and dollar be there? I just
Sahil Tandon put forth on 9/24/2010 7:12 AM:
On Fri, 2010-09-24 at 05:31:15 -0500, Stan Hoeppner wrote:
Michael Orlitzky put forth on 9/23/2010 8:37 PM:
# sutton-partners.com
/^64\.191\.79\.245$/public_rbls
# mabel.ca
/^70\.38\.108\.42$/ public_rbls
Noel Jones put forth on 9/24/2010 7:43 AM:
Stan Hoeppner wrote:
/\[([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\]/ all_rbls
It only matches on a dotted quad enclosed in []. It won't match on the
rdns name, or lack thereof (unknown).
No, the table is searched twice; first
Matthias Leisi put forth on 9/24/2010 9:12 AM:
Hi all,
On Thu, Sep 23, 2010 at 12:15 AM, mouss mo...@ml.netoyen.net wrote:
postfix-dnswl-header
222.255.237.6/32 PREPEND X-REPLACEME: low vinabook.com DNSWLId 17147
postfix-dnswl-permit
222.255.237.6/32 permit_auth_destination low
Grobe, Tony put forth on 9/24/2010 12:36 PM:
| j...@main:~/bin grep 222.255.237.6 /opt/rsync/dnswl/postfix-dnswl-
permit
| 222.255.237.6/32permit_auth_destination
-- Matthias
That's fine, and solves the problem of using unmodified files from dnswl, but
it complicates life for
Jerry put forth on 9/25/2010 6:37 AM:
On Fri, 24 Sep 2010 18:30:40 -0500
cajun ca...@cajuninc.com articulated:
Only reason is it is a production machine and using Debian Lenny. Not
that I would have any question at all about whether Postfix was
stable at all.
Sorry, I am not familiar
Dudi Goldenberg put forth on 9/25/2010 6:57 AM:
Debian lenny testing holds postfix 2.7.1, works without any issues for a long
time here.
Just to clarify, Debian Lenny is the Stable distribution. Debian
Squeeze is the Testing distribution.
Or, at least, it was. The Squeeze code base has
Michal Bruncko put forth on 9/26/2010 4:24 AM:
It is possible in some way to configure postfix, that SPF Passed mails
will be automatically accepted with postfix without greylisting?
If I may be blunt: this is a really dumb idea. Many, maybe all,
snowshoe spammers have valid SPF records.
--
From: mouss mo...@ml.netoyen.net
Sent: Sunday, September 26, 2010 1:38 PM
To: postfix-users@postfix.org
Subject: Re: SPF and greylisting conditioning
Le 26/09/2010 12:08, Stan Hoeppner a écrit :
Michal Bruncko put forth on 9/26/2010 4:24 AM:
It is possible
Mikael Bak put forth on 9/27/2010 6:18 AM:
Stan Hoeppner wrote:
Michal Bruncko put forth on 9/26/2010 4:24 AM:
It is possible in some way to configure postfix, that SPF Passed mails
will be automatically accepted with postfix without greylisting?
If I may be blunt: this is a really dumb
Jim McIver put forth on 9/27/2010 5:00 PM:
I'm running postfix 2.5.6 on Freebsd 7.2 and am having an issue with
message size limit and a user not being able to send a file.
I'm trying to limit the message size to 6 megabytes and in the main.cf I
set:
message_size_limit = 600
Henrik K put forth on 9/28/2010 12:28 AM:
On Mon, Sep 27, 2010 at 03:12:01PM -0500, Stan Hoeppner wrote:
Snowshoe spam will most probably pass greylisting too. Better not
clutter greylisting database with useless things. Have the blacklists
block'em instead.
I don't follow your logic here
Mikael Bak put forth on 9/28/2010 4:25 AM:
Stan Hoeppner wrote:
Mikael Bak put forth on 9/27/2010 6:18 AM:
Stan Hoeppner wrote:
Michal Bruncko put forth on 9/26/2010 4:24 AM:
It is possible in some way to configure postfix, that SPF Passed mails
will be automatically accepted with postfix
Michal Bruncko put forth on 9/29/2010 4:03 AM:
I mean automatically accepted by postfix, but not automatically
forwarded to mailboxes. My idea lies on principle, that if sender have
valid SPF record, there is no need to greylist (and delaying mail
receiving), but... SPF and greylisting are
Kris Deugau put forth on 9/29/2010 2:33 PM:
Hmm, no, less than 100M:
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND
28776 rbldns20 0 81740 65m 700 S0 3.3 118:49.42 rbldnsd
I was going by information I received from another list. I don't use
the data feed
martin f krafft put forth on 10/3/2010 7:34 AM:
Dear list,
I found that a lot of spam can be weeded out by rejecting clients
who greet me with my own hostname. Initially, I achieved this with
the following:
main.cf:
smtpd_helo_restrictions =
[…]
check_helo_access
Jeroen Geilman put forth on 10/4/2010 2:10 PM:
The OP says in so many words that he sees connections WITH HIS IP: who
apparently connect to the MX *with the IP*
This does not happen.
Is this remotely plausible if he's behind a really funky NAT/masquerade?
I've seen some junk quality NAT
Márcio Luciano Donada put forth on 10/8/2010 5:11 PM:
I am configuring a server to read a basic ldap, everything is working
wonders, but to deliver the e-mail, postfix is not creating the maildir
of the user, delivering only a mailbox file, but note that the
configuration that follows below,
Jeroen Geilman put forth on 10/19/2010 8:09 PM:
You're missing some of the better spam prevention methods here, such as
decent HELO checks, and an RBL or two.
I'd suggest at least adding reject_unknown_reverse_client_hostname in
there, as well as (testing out)
Brian Evans - Postfix List put forth on 10/20/2010 12:57 PM:
In your opinion, would check_reverse_client_hostname_access (Postfix
2.6+) work better here?
Many dynamic zombies don't always resolve forward.
Operationally it probably won't make a difference as most ISPs who
bother to assign rdns
Carlos Mennens put forth on 10/22/2010 1:29 PM:
I had someone tell me today that they were unable to send email to
their customer from the mail server because they got the following
error:
*
Failed Recipient: u...@example.tld
Reason: Remote host
Ned Slider put forth on 10/22/2010 2:53 PM:
I guess we can agree to disagree - I simply wanted to highlight the fact
that using such rules can result in ham being blocked, regardless of how
you want to define that.
I think we may be disagreeing on terminology definitions Ned, but we
properly help you if we don't have the full story, or, at
least, a significant portion of it. A tyrannical government isn't the
reason for wanting this encryption is it?
--
Stan
Le samedi 23 octobre 2010 à 11:00 -0500, Stan Hoeppner a écrit :
David Touzeau put forth on 10/23/2010 7:30 AM:
Yes
Rich put forth on 10/24/2010 10:58 PM:
I am getting the below error when I try to send email from a pc from the
same network using sasl authentication to the postfix server.
Oct 24 23:02:36 server postfix/smtp[25874]: 7349F21003C: to=
rhd...@gmail.com, relay=127.0.0.1[127.0.0.1]:10024,
Mikael Bak put forth on 10/25/2010 1:18 AM:
Stan Hoeppner wrote:
[snip]
Yes. I would suggest configuring a new smtpd listener for this. Most
people use the master.cf default TCP 587 listener daemon to accept
submitted mail. MUA clients will need to be configured accordingly.
Apparently
Rich put forth on 10/25/2010 1:23 AM:
587 inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o content_filter=
-o header_checks=
-o smtpd_recipient_restrictions=permit_sasl_authenticaed,reject
Неворотин Вадим put forth on 10/27/2010 4:47 AM:
I have greylisting on my server, but sometimes I need to allow some external
users to send mail to my server without greylisting. I can't add them to
whitelist, because in most cases it's a new clients, so the good idea is to
ask them to add to
for you, then you shouldn't
be using greylisting at all, as it's not a good fit for your needs.
--
Stan
2010/10/27 Stan Hoeppner s...@hardwarefreak.com
Greylisting has but one purpose: stopping spam bots (zombies)
Are these new clients sending emails to you from zombies? No, of course
Покотиленко Костик put forth on 10/27/2010 7:20 AM:
Can somebody comment on this please.
В Вто, 26/10/2010 в 18:20 +0300, Покотиленко Костик пишет:
I'm now trying to move all RBL and RHSBL checks to policyd-weight. In
policyd-weight I set $ADD_X_HEADER = 1 and very high score so it never
Покотиленко Костик put forth on 10/28/2010 5:31 AM:
a. mail was send directly from company's public ip which is DSL (shouldn't
send direct)
b. advertising company's mail server doesn't have revers DNS
c. doesn't send proper hello
d. advertising company's ip black listed by sorbs
Ahh, I
/dev/rob0 put forth on 10/28/2010 12:36 PM:
SDLU is a descendent of the old SPAM-L list which, like DSBL, also
closed in May 2008.
SDLU is a fork of spam-l.com, which itself is the direct descendant of
the Lsoft SPAM-L mailing list which closed in May 2008. None of this
matters to newcomers
Victor Duchovni put forth on 10/28/2010 2:00 PM:
On Thu, Oct 28, 2010 at 11:41:17AM -0700, Peter wrote:
I want to use postfix for active/active mode.
No, you want to cluster your mailstore (IMAP, POP, ...). This is not
Postfix. Multiple Postfix MX hosts do not need to be clustered, the
Peter put forth on 10/29/2010 1:55 PM:
guess it is something beyond postfix to handle. not sure how postfix users
will handle such an issue?
Attempting to architect your remote site cluster or failover solution
via back-n-forth to the Postfix mail list is not the proper way to go
about this.
Reinaldo de Carvalho put forth on 10/30/2010 3:39 PM:
From Cyrus mailling list:
Now that Cyrus 2.4 has been released with a lot of the groundwork for
bandwidth efficient replication in place, Max is going to be working
on improving the management tools and monitoring of the replication
Peter put forth on 10/29/2010 1:55 PM:
I agree with your point.
the above solution should work well if the active/active server
are located in the same location.
Correct.
for the machines in different data center, there is no guarantee of speed.
Correct.
also, making the server run in a
Victor Duchovni put forth on 11/1/2010 12:27 PM:
- Deploy something similar to the Symantec 8600 (aka Turntide)
SMTP traffic shaping appliance, that can rate limit outgoing
spam without rerouting the SMTP connection (limitation:
it can't see through STARTTLS).
Is this
Peter put forth on 11/1/2010 6:51 PM:
Hi Stan,
1. What are your specific failure concerns with your
primary site?
Network failure? Host failure? Storage hardware
failure?
You have a great suggestion assuming the data center functions well.
the data center primary site failure means
Jack put forth on 11/2/2010 3:56 PM:
I'm just checking all my spam settings on my postfix servers and I wanted to
know if anyone is using any newer RBL's than below?
(which have a low false positive rate)
Low FP noted, FSVO low FP.
reject_rbl_client zen.spamhaus.org,
gu...@lorenzutti.com.ar put forth on 11/2/2010 10:03 PM:
# main.cf
transport_maps = hash:/etc/postfix/transport
# /etc/postfix/transport
exmaple.org lmtp:unix:/path/to/cyrus-lmtp-server-socket
MMmmm... when I remove the local_transport and add everything to the
transport_map I get
Charles Marcus put forth on 11/3/2010 8:49 AM:
On 2010-11-02 10:07 PM, Stan Hoeppner wrote:
Last, but not least important by any means (understatement), you may
wish to try out:
http://www.hardwarefreak.com/fqrdns.pcre
Implement this as:
smtpd_recipient_restrictions
permit_mynetworks
Christian Rohmann put forth on 11/3/2010 10:02 AM:
Maybe any1 has more ideas based on the fact that the
thing is stable with two cores now, but wasn't with eight.
Absolutely. With 8 virtual CPUs (gasp OMG! big no-no) your guest kernel
will be generating a vastly larger number of timer
Ned Slider put forth on 11/3/2010 3:11 PM:
Stan, and others who are using this file - have any of you looked at the
overlap with greylisting? I would imaging that the vast majority of
clients with dynamic/generic rDNS would be spambots and as such I would
expect greylisting to block the vast
Ned Slider put forth on 11/3/2010 6:33 PM:
My other thought was to simply comment (or document) ranges known to
contain FPs and then the user can make a judgement call whether they
want to comment out that particular regex based on their circumstances.
Not a very elegant solution.
I'm
Jerrale G put forth on 11/4/2010 4:54 AM:
you know, they could have made a premium service or addition to offset
overhead and generate revenue while having the white and blacklists as a
free service. This means that spamassassin's accuracy, and opensource,
will reduce as well. I guess Im
401 - 500 of 1223 matches
Mail list logo
