Hi there,
On 10/01/13 07:22, Dominik George wrote:
Yes, I also face that issue and have forced IPv4 on known Google domains.
I also have those problems.
Is there an easy way in postfix the transport to some doamins just over
IPv4 and not IPv6?
thx in advance
-SMA
signature.asc
Description:
On Mon, 07 Oct 2013 13:23:59 +0200
Andreas Herrmann s...@physik.tu-berlin.de wrote:
Is there an easy way in postfix the transport to some
doamins just over IPv4 and not IPv6?
http://marc.info/?l=postfix-usersm=137702158131907w=2
--
WUP
On 2013.10.07 13:23:59 +0200, Andreas Herrmann wrote:
Hi there,
On 10/01/13 07:22, Dominik George wrote:
Yes, I also face that issue and have forced IPv4 on known Google domains.
I also have those problems.
Is there an easy way in postfix the transport to some doamins just over
IPv4
Manuel Bieling wrote the following on 07/10/13 12:45:
Wietse explained this a few weeks ago:
/etc/postfix/transport:
example.comsmtp-ipv4-only:
example.net smtp-upv6-only:
/etc/postfix/master.cf:
smtp-ipv4-only unix - - n - - smtp
On Tue, Oct 1, 2013 at 8:22 AM, Dominik George n...@naturalnet.de wrote:
I somehow consider Google not fit for anything a mail server should do, for a
ton of reasons, and am thinking about blocking them in both directions (along
with Yahoo!), if it weren't for quite some important users
On 2013-10-06 23:13, Viktor Dukhovni wrote:
On Sun, Oct 06, 2013 at 08:52:06PM -0400, Dan Langille wrote:
[ What Noel said, plus see below. ]
10.0.0.1:submission inet n - n - - smtpd
-o smtpd_tls_req_ccert=yes
Fine.
-o smtpd_tls_auth_only=no
This seems silly.
On Mon, Oct 07, 2013 at 01:45:06PM +0200, Manuel Bieling wrote:
/etc/postfix/master.cf:
smtp-ipv4-only unix - - n - - smtp
inet_protocols=ipv4
smtp-ipv6-only unix - - n - - smtp
inet_protocols=ipv6
Manuel Bieling:
On 2013.10.07 13:23:59 +0200, Andreas Herrmann wrote:
Hi there,
On 10/01/13 07:22, Dominik George wrote:
Yes, I also face that issue and have forced IPv4 on known Google domains.
I also have those problems.
Is there an easy way in postfix the transport to some
On Mon, Oct 07, 2013 at 09:06:09AM -0400, Dan Langille wrote:
# cat /usr/local/etc/postfix-config/main/relay_clientcerts
3A:2E:AB:6A:F1:D4:32:74:C9:C6:DD:2B:8D:2A:87:97 cliff.example.org
This looks like md5, and while still largely resistant to 2nd
preimage attacks, you should still avoid
Greetings Postfix users,
I am building a postfix system to act as our SMTP relay at the network
edge. The system will be used by servers and applications to send email
both internal to our network and external as needed.
I have a postfix system specifying the mynetworks parameter noted below
Blake:
mynetworks = hash:/etc/postfix/network_table
# postmap -s hash:/etc/postfix/network_table
11 10.147.9.0/24
That is backwards. The IP address is the lookup key.
Wietse
On Mon, Oct 07, 2013 at 09:12:41AM -0600, Blake wrote:
However when I check the config after restarting or reloading postfix the
parameter does not seem to be updated when reviewing postconf -d.
Not surprising, postconf -d returns compiled-in defaults as
documented. This allows you to quickly
On 10/07/13 16:25, Wietse Venema wrote:
And here is the corrected example in one place. BTW it seems the
real fix is to set up one PTR record, with a matching record.
I have a correct PTR and also got the error:
***@gmail.com: host
gmail-smtp-in.l.google.com[2a00:1450:4001:c02::1b]
Andreas Herrmann:
On 10/07/13 16:25, Wietse Venema wrote:
And here is the corrected example in one place. BTW it seems the
real fix is to set up one PTR record, with a matching record.
I have a correct PTR and also got the error:
***@gmail.com: host
Le 07/10/2013 18:58, Wietse Venema a écrit :
Andreas Herrmann:
On 10/07/13 16:25, Wietse Venema wrote:
And here is the corrected example in one place. BTW it seems the
real fix is to set up one PTR record, with a matching record.
I have a correct PTR and also got the error:
On 7 Oct 2013, at 18:15, Erwan David er...@rail.eu.org wrote:
Google is really rejecting emails in IPv6 because of a lack of PTR...
If that's the case, good. Just do The Right Thing and arrange a valid PTR for
the IPv6 address that speaks SMTP. This should be simpler and less hassle than
On Oct 7, 2013, at 19:25, Jim Reid j...@rfc1035.com wrote:
On 7 Oct 2013, at 18:15, Erwan David er...@rail.eu.org wrote:
Google is really rejecting emails in IPv6 because of a lack of PTR...
If that's the case, good. Just do The Right Thing and arrange a valid PTR for
the IPv6 address
Am 07.10.2013 19:15, schrieb Erwan David:
No Google is really rejecting emails in IPv6 because of a lack of PTR...
as virtually everbody else does for IPv4
why should someone handle IPv6 different?
if you have no PTR do not deliver emial
Le 07/10/2013 19:38, li...@rhsoft.net a écrit :
Am 07.10.2013 19:15, schrieb Erwan David:
No Google is really rejecting emails in IPv6 because of a lack of PTR...
as virtually everbody else does for IPv4
why should someone handle IPv6 different?
if you have no PTR do not deliver emial
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Manuel Bieling said the following on 07/10/2013 13:45:
Wietse explained this a few weeks ago:
Just remember to put the -o that Wietse forgot before inet_protocols
Works like a charm.
Ciao,
luigi
- --
/
+--[Luigi Rosa]--
\
I've already told
li...@rhsoft.net skrev den 2013-10-07 19:38:
if you have no PTR do not deliver emial
PTR is unsafe, avoid it
PTR is only safe if the name is on domains dns with the same ip
will google really reject mails with spf ip6: ?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wietse Venema said the following on 07/10/2013 16:25:
And here is the corrected example in one place. BTW it seems the real fix
is to set up one PTR record, with a matching record.
No, it doesn't work :(
My MX has both IPv6 rDNS and SPF
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wietse Venema said the following on 07/10/2013 18:58:
It may be that their bulk sender threshold is lower than you expect.
About 5 or 10 mails per day.
Funny that the threshold is applied to IPv6 connections and not IPv4.
Ciao,
luigi
- --
/
--On Wednesday, September 25, 2013 12:21 AM + Viktor Dukhovni
postfix-us...@dukhovni.org wrote:
If anyone is using LDAP for virtual hosting with a separate search
base for each hosted domain using domain component RDNs, please
reply on list whether the feature below is useful, and whether
Hi,
I somehow consider Google not fit for anything a mail server should
do, for a ton of reasons, and am thinking about blocking them in
both directions (along with Yahoo!), if it weren't for quite some
important users switching to Google Apps.
I would love to know the rest of your
On Mon, Oct 07, 2013 at 11:02:35AM -0700, Quanah Gibson-Mount wrote:
Well, I can only speak to what Zimbra does. ;) As you guess, all of
our domains are in subtrees, so right now we use a search base of
. So it certainly seems to me like your patch would allow the
LDAP queries to be more
Am 07.10.2013 19:42, schrieb Erwan David:
Le 07/10/2013 19:38, li...@rhsoft.net a écrit :
Am 07.10.2013 19:15, schrieb Erwan David:
No Google is really rejecting emails in IPv6 because of a lack of PTR...
as virtually everbody else does for IPv4
why should someone handle IPv6 different?
Le 07/10/2013 20:24, li...@rhsoft.net a écrit :
Am 07.10.2013 19:42, schrieb Erwan David:
Le 07/10/2013 19:38, li...@rhsoft.net a écrit :
Am 07.10.2013 19:15, schrieb Erwan David:
No Google is really rejecting emails in IPv6 because of a lack of PTR...
as virtually everbody else does for
Am 07.10.2013 20:30, schrieb Erwan David:
Le 07/10/2013 20:24, li...@rhsoft.net a écrit :
Am 07.10.2013 19:42, schrieb Erwan David:
That's a matter of policy, if you cannot afford to loose legitimate
email, you may.
show me one legitimate mail server in 2013 without a PTR
as server-admin
Le 07/10/2013 20:37, li...@rhsoft.net a écrit :
Am 07.10.2013 20:30, schrieb Erwan David:
Le 07/10/2013 20:24, li...@rhsoft.net a écrit :
Am 07.10.2013 19:42, schrieb Erwan David:
That's a matter of policy, if you cannot afford to loose legitimate
email, you may.
show me one legitimate mail
On 10/07/2013 07:49 PM, Luigi Rosa wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wietse Venema said the following on 07/10/2013 16:25:
And here is the corrected example in one place. BTW it seems the real fix
is to set up one PTR record, with a matching record.
No, it doesn't
Am 07.10.2013 20:47, schrieb Erwan David:
Le 07/10/2013 20:37, li...@rhsoft.net a écrit :
Am 07.10.2013 20:30, schrieb Erwan David:
Le 07/10/2013 20:24, li...@rhsoft.net a écrit :
Am 07.10.2013 19:42, schrieb Erwan David:
That's a matter of policy, if you cannot afford to loose legitimate
This thread is becoming repetitive with no new insights, time to
wrap it up.
--
Viktor.
Thank you to Victor Wietse for your response.
I thought the mynetworks parameter was the issue in terms of rejecting
clients from access.
I tried Victor's soltuion adding the code he noted however postfix would
fail to reload or restart generating the following errors.
Oct 7 12:47:32 relay01
Viktor Dukhovni:
This thread is becoming repetitive with no new insights, time to
wrap it up.
In particular Reindl, you are getting close to be kicked off the list again.
Wietse
On 7 Oct 2013, at 19:30, Erwan David er...@rail.eu.org wrote:
But it is false to say tjat a mail server without reverse surely is a spammer.
But nobody was saying that. Almost no legitimate mail comes from addresses with
no reverse DNS. Sure, some spammers will have reverse DNS. Which is why
Blake:
10.147.11.0/24 4
As Victor noted, the form 10.147.11.0/24 does not work with indexed
files. This also written in the access(5) manpage. If you must use
this, use cidr: format instead.
Wietse
On Mon, Oct 07, 2013 at 01:06:59PM -0600, Blake wrote:
I tried Victor's soltuion adding the code he noted however postfix would
fail to reload or restart generating the following errors.
Oct 7 12:47:32 relay01 postfix[22897]: warning: macro name syntax error:
/etc/postfix/
Your settings
--On Monday, October 07, 2013 6:07 PM + Viktor Dukhovni
postfix-us...@dukhovni.org wrote:
Note, the new %c substitution pattern for a comma-separated
list of DC= components is %, not %. I hope that's reasonably
clear in the patch documentation.
Yeah, it is quite clear, I was just
--On Thursday, September 26, 2013 4:38 PM -0400 Wietse Venema
wie...@porcupine.org wrote:
Quanah Gibson-Mount:
One of our customers has an interesting setup where they did the
following:
a) Created 50 users
b) Added a secondary address for the 50 users to an external server with
50 users
I tried that method verbatium without success, postfix is able to start
without issue however it continues to reject the machines I am using to
test access and denied access.
Your recomendation I beleive assigns the path and file designation to
the variable cidr when then continues to the
On Mon, Oct 07, 2013 at 03:34:38PM -0600, Blake Farmer wrote:
Method 1
[root@relay01 postfix]# grep cidr main.cf
cidr = cidr:${config_directory}/
mynetworks = ${cidr}mynetworks.cidr
#mynetworks = cidr:/etc/postfix/mynetworks.cidr
The above is broken.
One more thing to keep in mind. When used with mynetworks, as
I already explained the RHS of the table entries is ignored.
Therefore, your attempt at a reject rule:
10.147.11.11 reject
is completely ineffective. If you want to use CIDR rules with
exceptions to define trusted clients,
On 10/7/2013 12:25 PM, Jim Reid wrote:
On 7 Oct 2013, at 18:15, Erwan David er...@rail.eu.org wrote:
Google is really rejecting emails in IPv6 because of a lack of PTR...
If that's the case, good. Just do The Right Thing and arrange a valid PTR for
the IPv6 address that speaks SMTP. This
It seems one of my users has been hacked, my postfix server is spewing spam
from many.na...@adomain.tld, how best to prevent any outbound mails from
adomain.tld till I can look at this?
--
Sent from Kaiten Mail. Please excuse my brevity.
On 8 Oct 2013 01:54, Voytek li...@sbt.net.au wrote:
It seems one of my users has been hacked, my postfix server is spewing
spam from many.na...@adomain.tld, how best to prevent any outbound mails
from adomain.tld till I can look at this?
Postfix stop
Then post your postconf -n and a log
On Tue, October 8, 2013 11:31 am, Simon B wrote:
On 8 Oct 2013 01:54, Voytek li...@sbt.net.au wrote:
spam from many.na...@adomain.tld, how best to prevent any outbound mails
from adomain.tld till I can look at this?
Postfix stop
Then post your postconf -n and a log snippet of an outgoing
On 10/7/2013 9:10 PM, li...@sbt.net.au wrote:
On Tue, October 8, 2013 11:31 am, Simon B wrote:
On 8 Oct 2013 01:54, Voytek li...@sbt.net.au wrote:
spam from many.na...@adomain.tld, how best to prevent any outbound mails
from adomain.tld till I can look at this?
Postfix stop
Then post
On Tue, October 8, 2013 3:02 pm, Stan Hoeppner wrote:
On 10/7/2013 9:10 PM, li...@sbt.net.au wrote:
Without the log entries Simon asked for we can't do anything more to
help you, as we don't know how the spam is being injected. Please provide
logging that demonstrates the problem.
Stan,
On 10/7/2013 11:19 PM, li...@sbt.net.au wrote:
On Tue, October 8, 2013 3:02 pm, Stan Hoeppner wrote:
On 10/7/2013 9:10 PM, li...@sbt.net.au wrote:
Without the log entries Simon asked for we can't do anything more to
help you, as we don't know how the spam is being injected. Please provide
SMTP from an address with no reverse DNS is a fairly good indicator
of a spam source. YMMV.
Agreed.
As a matter of fact, I *do* have working PTR, SPF, and all that stuff,
for both IPv4 and IPv6, and it doesn't help. I should note that I did
have that all the time, not just after Google
51 matches
Mail list logo
