Thanks for your help Wietse.
I had actually started reading it a few minutes ago. It's a tough read
for a new guy. I'm having to learn mostly with a lot of trial, error
and experimentation. I gotta go track down that postfix book I
downloaded a while ago.
On Wed, Mar 3, 2021 at 6:53 PM Wietse
On 3/3/2021 1:39 PM, Marek Kozlowski wrote:
One user's password has been compromised. Someone had authenticated
as this user (SASL) and was able to send mail with:
Return-Path: <>
These are bounces or Non Delivery Notices. You should not disable these.
Quite possibly the mail originated
Steve Dondley:
> OK, I found some guidance here:
> http://www.postfix.org/ADDRESS_REWRITING_README.html
>
> Adding in "-o receive_override_options=no_address_mappings" to the
> smtpd section worked.
>
> I really don't understand the master configuration file at all,
> however. Is there a good
Steve Dondley:
> I have enabled the always_bcc setting with:
>
> always_bcc = exam...@example.org
>
> It works, but I'm getting everything three times. How do I prevent duplicates?
Postfix by default deduplicates if one message has multiple identical
recipients. However Postfix cannot
OK, I found some guidance here:
http://www.postfix.org/ADDRESS_REWRITING_README.html
Adding in "-o receive_override_options=no_address_mappings" to the
smtpd section worked.
I really don't understand the master configuration file at all,
however. Is there a good basic tutorial that explains it?
I have enabled the always_bcc setting with:
always_bcc = exam...@example.org
It works, but I'm getting everything three times. How do I prevent duplicates?
On 03 Mar 2021, at 12:45, @lbutlr wrote:
> csmtpd_helo_restrictions = reject_invalid_helo_hostname
Paste error. That should, of course, be
smtpd_helo_restrictions = reject_invalid_helo_hostname
check_helo_access pcre:/etc/postfix/helo_checks.pcre permit
--
'That's blasphemy,' said the
> On 03 Mar 2021, at 09:33, Paul Netpresto wrote:
>
> Hi
>
> What is the best way to block MAIL FROM: addresses where the username
> component begins with a '$' character. Is this recommended or bad practice?.
Why would you want to do that?
The local part of the email address is defined
:-)
On 3/3/21 5:18 PM, Bill Cole wrote:
On 3 Mar 2021, at 9:51, Marek Kozlowski wrote:
:-)
When testing my server via telnet ... 25 it works:
MAIL FROM: <"">
250 2.1.0 Ok
Rejections in SMTP based on client, helo, and sender policy criteria are
normally postponed until the RCPT stage of the
> On Mar 3, 2021, at 10:24 AM, Marek Kozlowski
> wrote:
>
> One more question just for sure: 'a client' means 'an IP address' for the
> setting mentioned in the previous mail? If so - postfix must store them
> somewhere. Isn't there a risk of too much memory allocated for that purpose?
> How
Am 03.03.21 um 13:09 schrieb Marek Kozlowski:
I mean protecting from the situation that one user's password has been
compromised and it results in a lot of spam in being sent by our server
(human's reaction takes a few minutes and it my be too much, I'm afraid).
postfwd
Hi
What is the best way to block MAIL FROM: addresses where the username
component begins with a '$' character. Is this recommended or bad
practice?.
Thanks
Paul
On 3 Mar 2021, at 9:51, Marek Kozlowski wrote:
:-)
When testing my server via telnet ... 25 it works:
MAIL FROM: <"">
250 2.1.0 Ok
Rejections in SMTP based on client, helo, and sender policy criteria are
normally postponed until the RCPT stage of the transaction, no matter
what the reason
On 2021-03-03 16:03, Matus UHLAR - fantomas wrote:
On 2021-03-03 10:45, natan wrote:
This is server for incomming e-mail with many vdomain and vusers
On 03.03.21 11:38, Benny Pedersen wrote:
number of domains is irrelevant for backscatter
I check rbl in smtpd_recipient_restrictions
..
On Wed, Mar 3, 2021 at 4:15 PM Roberto Ragusa wrote:
> On 2/25/21 10:43 AM, Emond Papegaaij wrote:
> > We are hardening our services and would like to run postfix as a
> > non-root user. All our primary services, including postfix run as
> > docker containers.
>
> If you are inside a container,
On 2021-03-03 16:03, Matus UHLAR - fantomas wrote:
On 2021-03-03 10:45, natan wrote:
This is server for incomming e-mail with many vdomain and vusers
On 03.03.21 11:38, Benny Pedersen wrote:
number of domains is irrelevant for backscatter
I check rbl in smtpd_recipient_restrictions
..
On 2/25/21 10:43 AM, Emond Papegaaij wrote:
Hi all,
We are hardening our services and would like to run postfix as a
non-root user. All our primary services, including postfix run as
docker containers.
If you are inside a container, can't you just run the container
unprivileged?
The software
On 2021-03-03 10:45, natan wrote:
This is server for incomming e-mail with many vdomain and vusers
On 03.03.21 11:38, Benny Pedersen wrote:
number of domains is irrelevant for backscatter
I check rbl in smtpd_recipient_restrictions
..
reject_rbl_client b.barracudacentral.org,
:-)
When testing my server via telnet ... 25 it works:
MAIL FROM: <"">
250 2.1.0 Ok
Moreover an active 'reject_sender_login_mismatch' restriction not
blocked mail from SASL authenticated user (a compromised account) with
such an envelope address. What have I missed?
BTW:
MAIL FROM: <>
503
:-)
One more question just for sure: 'a client' means 'an IP address' for
the setting mentioned in the previous mail? If so - postfix must store
them somewhere. Isn't there a risk of too much memory allocated for that
purpose? How is it controlled? Should I decrease anvil_rate_time_unit
for
:-)
I mean protecting from the situation that one user's password has been
compromised and it results in a lot of spam in being sent by our server
(human's reaction takes a few minutes and it my be too much, I'm afraid).
I've found several useful settings in
On 2021-03-03 10:45, natan wrote:
This is server for incomming e-mail with many vdomain and vusers
number of domains is irrelevant for backscatter
I check rbl in smtpd_recipient_restrictions
..
reject_rbl_client b.barracudacentral.org,
reject_rbl_client dynamic.rbl.tld,
>
> why is rbl testing missing in this stage ?
>
> you miss rhsbl in sender accesss testing the sender domain is listed
> as dbl
>
> pipelining is a data stage test, remember postfix is first match wins
> over later restrictions
>
> so you need to reorder restrictions to not accept and later
On 2021-03-02 23:58, natan wrote:
smtpd_client_restrictions = check_client_access
cidr:/etc/postfix/client_checks, check_client_access
cidr:/etc/postfix/amavis_bypass, reject_unauth_pipelining, permit
chaos :(
why is rbl testing missing in this stage ?
you miss rhsbl in sender accesss
24 matches
Mail list logo
