we want it :-)
Have a nice weekend
tobi
On Fri, 2024-04-26 at 01:46 -0400, Viktor Dukhovni via Postfix-users
wrote:
> On Fri, Apr 26, 2024 at 07:21:24AM +0200, Tobi via Postfix-users
> wrote:
>
> > Or would it be possible to use a sender_dependent_relayhost_maps
> >
that transport (to be
defined in master.cf) and the normal MX of recipient domain?
Have a good one
tobi
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[115.236.121.165]
Would it be possible to log at least the queue-id as well? Also sender
and/or recipient would be nice ;-) Or is it for security that no more
information is logged?
Have a good one
tobi
___
Postfix-users mailing list -- postfix-u
the header via the milter app then :-)
Cheers
tobi
On 23/03/2023 13:27, Matus UHLAR - fantomas via Postfix-users wrote:
Dnia 23.03.2023 o godz. 12:48:36 Tobi via Postfix-users pisze:
I wonder if the following is possible: can postfix add a header with
a dynamic value? My goal would be to add
Hi there
I wonder if the following is possible: can postfix add a header with a
dynamic value? My goal would be to add a header with the current unix
timestamp on the edge system and then check that header against current
time on last system in the delivery chain.
Have a good one
tobi
> relayhost = [mx.krowverse.services]
If I got your first post right you only have nat rules for port 465 and 587 but
the setting above implies usage of port 25. Ever tried to add :587 to your
postfix relayhost setting?
Am 7. August 2021 11:51:33 UTC schrieb masstransitk...@365stops.org:
>When
you could add a sender access map in your relay config which rejects those
domains. Place it before your sender login maps
Am 31. Juli 2021 06:06:17 UTC schrieb Simon Wilson :
>A quick query on smtpd_sender_login_maps format.
>
>I have this working well on port 587 to ensure that specified
If dovecot is in play as auth backend then weakforced could be a viable option.
Quite a powerful tool tailored to fight/detect brute force attacks:
https://github.com/PowerDNS/weakforced
Am 30. Juli 2021 15:12:40 UTC schrieb post...@ptld.com:
>> Unfortunately, the required data, i.e. client IP
se when they loose a huge customer order because
customer still operates an Exchange 2003 server, which by best can talk
TLS 1.0. Then Management will soon show up in IT department and highly
probably ignore the fact that it was them pushing this policy in first
place ;-)
Cheers
tobi
OpenPGP_sig
on may and deploy a proper DANE setup instead.
Sure it's their servers so their rules applies. Everyone is allowed to
shot own foot ;-)
Cheers
tobi
On 7/28/21 4:39 PM, Josh Good wrote:
> Hello everybody.
>
> I've been made aware of this communication recently received at some
> site
something like this?
http://www.postfix.org/RESTRICTION_CLASS_README.html#internal
On 4/26/21 10:11 AM, George Papas wrote:
> Hi list,
>
>
> what the title says actually, I have an alias for all current users
> of an SMTP server but
>
> I want to restrict sending to this alias address to some
On 4/23/21 3:33 PM, natan wrote:
> for test I send (this same method) from old server (debian8 postfix
> 2.11.x) and works ok
does the old server have another ip address than the new one? Smells to
me that your new server ip maybe blocked at destination
--
Cheers
tobi
Would it be an option to configure a policy for your DNS server to
**not** send queries from postfix host(s) through the add filter?
Cheers
tobi
On 4/22/21 12:20 PM, Simon Wilson wrote:
> Is there a way to make Postfix/postscreen use a specific DNS server?
>
> Reason for the quest
ternal content filter and is fixed now.
Was an error that had been undetected in our content-filter for more
than 10 years :-)
Cheers
tobi
nd to "import" a
file as message directly into postfix queues?
Thanks for any idea as we really need to be able to reproduce it or else
debugging will be very hard :-)
Cheers
tobi
on of .$2 is not allowed
> endif
the pattern above now runs without any changes to stack size :-)
--
Cheers
tobi
troducing limits where we can in our patterns.
Anyway I think that this should not end in such an ugly error where
postfix cleanup goes south because of such header/pattern combination.
--
Cheers
tobi
Am 14.05.20 um 09:13 schrieb Viktor Dukhovni:
> On Thu, May 14, 2020 at 08:53:42AM +0200, Tobi
thout any limits :-)
Thanks a lot for your appreciated help
--
Cheers
tobi
Am 13.05.20 um 16:05 schrieb Wietse Venema:
> Tobi:
>> Hi
>>
>> as usual: thanks to Wietse :-)
>>
>> Adding the info rule to the pcre maps solved more than expected. After
>> addin
3%82;
First of all any idea why cleanup did not segfault with the info rule in
place?
2nd: could such mime headers be the reason for a pcre pattern to let
libpcre segfault?
--
Cheers
tobi
Am 12.05.20 um 15:20 schrieb Wietse Venema:
> Tobi:
>> Hi list
>>
>> we have th
ts: never rely on the reputation of a domain if you do not have
control over parent domain. So if others from eu.org zone sending spam
one should not wonder why the own subdomain of eu.org might be
listed/blocked/seen as spam.
--
Cheers
tobi
re is
no suspicious logging prior to cleanup "crash".
Is there a way to narrow down which pcre rule may is problematic, given
the fact that we do not have access to message source?
--
Thanks and have a good one
tobi
the effort :-)
[1] https://mailgraph.schweikert.ch/
Cheers
--
tobi
Am 24.01.20 um 09:47 schrieb Cédric Gallo:
> Hello,
>
> Munin server and munin nodes with standards and home-made plugins (for
> bounces).
> http://munin-monitoring.org/
>
> Bye
>
> Le 24/01/2020 à 0
Hi Wietse
thanks a lot for your hint :-) Deployed and first tests show it works as
it should: changing 5xx to 4xx in case of NX domain for nexthop.
Cheers
tobi
Am 15.10.19 um 21:58 schrieb Wietse Venema:
> Wietse Venema:
>> Wietse Venema:
>>> Tobi:
>>>>
e a
5xx. I think postfix complains about something in its logs.
Cheers
--
tobi
Am 15.10.19 um 09:27 schrieb Julien Michaux:
> Hi everyone,
>
> I have a problem with postfix.
>
> I use OBM as a mail server (postfix + cyrus + ldap, etc...). My postfix is
> not openrelay :
>
s and return a DEFER action?
Thanks for any idea and have a good one
--
tobi
signature.asc
Description: OpenPGP digital signature
self-healing" to
kick in ;-), I removed the file and postfix reload and it works
Thanks a lot for your help and have a good one
tobi
Am 14.11.18 um 16:29 schrieb Noel Jones:
> On 11/14/2018 2:50 AM, Tobi wrote:
>
>>
>> $ postconf -d|grep parent_domain_matches
>>
ctions = reject_unknown_sender_domain,
reject_non_fqdn_sender, check_sender_access
hash:/etc/postfix/do_callahead, .
Will set postfix to debug as described this evening and see if I can get
more information about this issue.
Thanks a lot
tobi
Am 13.11.18 um 18:22 schrieb Noel Jones:
> On 11/13/2018 10:46
iction that could ACCEPT the
mail.
postmap tells me that it gets the correct value from the map
$ postmap -q 'example.com' /etc/postfix/do_callahead
reject_unverified_recipient
Am 13.11.18 um 17:18 schrieb Noel Jones:
> On 11/13/2018 9:43 AM, Tobi wrote:
>> Hello list
>>
>> I'm tryin
verification.
Is there a way to achieve that with postfix?
Thanks for any idea
tobi
if your auth senders spoof from headers: block their login account and
terminate their service
Am 02.10.18 um 21:17 schrieb Stefan Bauer:
> Hi,
>
> we're running a small smtp send only service for authenticated users
> only. Even though we only accept allowed combinations of authenticated
> user
and from header) are changed to the
value I defined in "custom from address"
Btw: at least the Thunderbird question should go to a thunderbird
mailing list. Not really a postfix issue here :-)
Cheers
tobi
Am 03.10.18 um 17:33 schrieb Stefan Bauer:
> Johannes,
>
> did you double check i
spamassassin and several other plugins of that filter
software. Much work for a message that after proxy filter will be
rejected by postfix header checks anyway :-)
So if I got you right: it's not possible to run header checks before
proxy filter.
Cheers and thanks
tobi
**before**
msg is passed to the content filter?
Cheers
tobi
thod=LOGIN, sasl_username=REDACTED
but I can see no way to correlate these messages with the proxy-reject
message. As I guess that the same smtpd PID is used for several
mailtransactions?
Thanks for any idea
tobi
ize limit that messages over 2mb are not even passed to my scripts
Again thanks for your help Wietse
Cheers
tobi
a
specific address?
Thanks and cheers
tobi
Am 01.08.2017 um 20:39 schrieb Abi Askushi:
> Since this is socks proxy and not vpn you could redirect postfix traffic
> with iptables to the port your socks proxy listens. Plenty examples on
> google.
if you redirect the full postfix traffic you might end up in asymetric
routing.
Most important
routing aka
source based routing on postfix server to ensure answers from postfix go back
via the same gateway they came in.
Cheers
tobi
- Originale Nachricht -
Von: Yubin Ruan <ablacktsh...@gmail.com>
Gesendet: 01.08.2017 - 06:07
An: postfix-users@postfix.org
Betreff: Specify VPN for p
Even with level encrypt the certificates are **NOT** verified which
means anyonymous chiphers are still used.
To verfiy peer certificates see:
http://www.postfix.org/TLS_README.html#client_tls_verify.
Or configure postfix smtp server to enforce clients to present a cert:
Am 12.06.2017 um 15:51 schrieb b...@bitrate.net:
> 25025 init n - n - - smtpd
typo?
signature.asc
Description: OpenPGP digital signature
oblems
Thanks for your lesson in "how dns resolution works" and your patience :-)
Regards
tobi
Hi Wietse
Sorry should have mentioned after your reply that ipv6 is disabled on all my
boxes. And have postfix inet_protocol set to ipv4 anyway
So no reason for postfix to query a nameserver via ipv6. At least I do not see
one :-)
Regards
tobi
- Originale Nachricht -
Von: Wietse
Am 16.05.2017 um 13:15 schrieb Wietse Venema:
> Tobi:
>>> Client host rejected: cannot find your reverse hostname,
>>> [185.140.48.241]
> Here's a hint:
>
> % host 185.140.48.241
> ;; connection timed out; no servers could be reached
I can reliably resolve tha
" it's a unknown/broken rDNS and rejects
it?
Regards
tobi
If you do not accept submission on port 25, you could add a
sender_access map to the service on port 25
smtpd_sender_restrictions =
...
check_sender_access hash:/etc/postfix/sender_access
...
and in said file list your domains each with action "reject"
Am 18.05.2016 um 12:22 schrieb Catalin
Am 17.02.2016 um 09:30 schrieb Suuuper:
>
> I tried to add reject_non_fqdn_recipient in
> smtpd_recipient_restrictions, but it doesn't work.
>
use a regexp on recipient and/or sender domain to reject such messages.
postfix accepts underscore in domain names as this is a common mistake
by many
Just as an update:
Our loadbalancers have troubles with dns responses which contain several
hosts. For some domains they corrupt the dns cache on the loadbalancer
and therefore deliver such bogus responses.
This behaviour even occurs if no dns cache settings are set on the
loadbalancer.
The
a clue where I could dig more to narrow the source of
the problem?
Thanks for any idea
Cheers
tobi
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJVeXn2AAoJEDUc5iWoaKTkFnEP/jjKrJRzSrcUDLsc1LKDtR+y
vKSLAj6cc79HsOIIWQGmuUPFuTrFddes+ztnonzBINqAoGt3xfvkj8cTqYGmICkm
of queries manually and NEVER had problems with
resolving. Therefore I wonder why postfix sees a problem with EVERY
mail for the domain ogrj.ch
Thanks
tobi
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJVeYmQAAoJEDUc5iWoaKTksJIP/irTXg2pRLImE5uSGF1N4Qff
JDOdIaLo8AMDT/HEPmTCjO4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Am 07.05.2015 um 18:43 schrieb Rod K:
I'm trying to implement
check_client_restrictions = check_client_access
pgsql:/path/to/local_blacklist-sql.cf, ...
have you had a look at postfix postscreen featue?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I would suggest you to have a look into the doc
http://www.postfix.org/ADDRESS_REWRITING_README.html#receiving
in our case eigther alias or auto bcc should solve the problem
Am 07.05.2015 um 12:56 schrieb Kashif Ali Bukhari:
Hi list fellows
/validate.html but the tests were always
successfull.
Does anyone have this problem too with Amazon? Or does anyone have an
idea how to solve it?
Thanks
tobi
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJVShrmAAoJEDUc5iWoaKTkd7kP/RxLTO0uzrxcPg348cnm9yjG
l2fIodQqvyRG2BgloKd3ldseVhc5B1+f
for
unbound the queries for spf1.amazon.com TXT were properly answered properly.
Amazon did not retry yet, but I'm sure that this solved the problem.
Thanks a iot
tobi
Am 06.05.2015 um 16:11 schrieb Scott Kitterman:
On Wednesday, May 06, 2015 09:58:57 AM James B. Byrne wrote:
On Wed, May 6, 2015
relay_alias_maps or something like that.
Is there a way to perform the alias on the frontend before it relays to
the respective backend?
Thanks a lot for any idea :-)
tobi
Should have thought before writing :-)
Changed the quries on the backends to
query = SELECT CONCAT('lmtp:[',backend,']:24') AS transport FROM mailbox
WHERE username = '%u@%d' AND active=1 AND backend != '192.168.50.42'
activated dovecot-lmtp on all backends.
That works as it should :-)
tobi
client? But then there should be a RCPT TO or not?
Thanks
tobi
Am 05.11.2014 um 11:40 schrieb li...@rhsoft.net:
Am 05.11.2014 um 11:37 schrieb Tobi:
I got a imho weird problem with understanding the logs. We have an
client that authenticates correctly which generates an id from postfix.
If I grep this id through the logs I can see a logline
Am 18.03.2014 17:13, schrieb jmct:
I spoke with one of our Linux administrators and he advised that SELinux
didn't even cross his mind because he's so used to disabling it on install.
:P
Just curious: normally postfix runs quite well with selinux enabled.
Have you checked the audit logs
Am 04.03.2014 23:38, schrieb Homer Wilson Smith:
Change their password?
from my experience the only thing that really stops the spam
Maybe it's anoying for the account owner but it works most reliable.
Counting IPs might help also but what if the spammer uses the same src
ip for its
Am 07.11.2013 23:55, schrieb Viktor Dukhovni:
On Thu, Nov 07, 2013 at 11:46:43PM +0100, Tobi wrote:
If the ip/port are different, it is not the *SAME* configuration.
I know but it's not possible otherwise. The two other server reach
the mysql-cluster via other ips/ports.
Do double-check
Am 08.11.2013 15:59, schrieb Wietse Venema:
Tobi:
Am 07.11.2013 23:55, schrieb Viktor Dukhovni:
On Thu, Nov 07, 2013 at 11:46:43PM +0100, Tobi wrote:
If the ip/port are different, it is not the *SAME* configuration.
I know but it's not possible otherwise. The two other server reach
Am 08.11.2013 16:18, schrieb Viktor Dukhovni:
On Fri, Nov 08, 2013 at 03:45:03PM +0100, Tobi wrote:
The error message is 99.999% not from mysql. Because when I remove the
backticks around the table name then I get an error from mysql which
looks different
That error is also from MySQL
rename the table which I would do for sure if the problem
would have shown up on all of my servers :-)
It seems that on the affected server the backtick is handled differently
by postfix from the two others.
tobi
Am 07.11.2013 23:02, schrieb Wietse Venema:
Tobi:
Hi list
I really got a weird problem with one of my postfix installations and
the mysql lookup. The weird thing is that it works on two of my three
postfix installtions.
Have the following .cnf file for the mysql lookup
Copy the same config
Am 07.11.2013 23:26, schrieb Viktor Dukhovni:
On Thu, Nov 07, 2013 at 11:21:15PM +0100, Tobi wrote:
Copy the *SAME* config file to different machines and try:
$ postmap -q '192.167.34.21' mysql:/path/to/config-file
Are the results different?
Yes they are. On the two other machines the file
Am 04.09.2013 21:01, schrieb Wietse Venema:
Tobi:
Hello list,
I have been asked if the following is possible somehow with postfix, but
as I'm quite unsure I try to ask the gurus :-)
The goal is something like a conditional recipient rewrite. The
condition would be the envelope sender
those that would not
have met the conditions for rewrite.
Is there a way to achieve this without piping to an external script?
thanks for any idea
tobi
replaced by atmail, which I personally not really
like ;-)
Safer:
postmap /etc/postfix/overquota.new mv /etc/postfix/overquota.new.db
/etc/postfix/overquota.db
Thanks for that I will change it tomorrow.
Cheers
tobi
rejecting everything or something similar)
Thanks for any hints and enjoy the weekend
tobi
Thanks for this very plausible reason for not doing what I wanted :-) I
did not think about such circumstances.
Cheers
tobi
Am 07.08.2012 22:25, schrieb Reindl Harald:
be carfeul with such things
that you primary MX is up from the connection of your
backup-MX means virtually nothing
annoying
if spammers try my backups first but not a real problem ;-)
Anyway because of the example that Harald sent I throw my idea over board
Thanks and cheers
tobi
what the best approach would be.
Thanks a lot for any input/hints/tips
tobi
as long as the
main-mx is up and running. Like spammers sometimes try by connecting
directly to a backup-mx instead trying main-mx first.
tobi
to send customized error messages.
Thanks a lot for any hint
tobi
not be helo checked. I put this map before
my helo checks and it works fine
tobi
port
Thanks for any hints
tobi
On 25.04.2012 13:13, Wietse Venema wrote:
tobi:
Hi list
I have disabled SMTP-Auth on my port 25. so this port is only uses to
receive emails for my domains but no relaying is possible. Now I have
bots that try to auth on port 25 by issue
Out: 250 DSN
In: AUTH LOGIN
Out: 503 5.5.1 Error
not enabled in the logs. Thats
the same message a client receives during smtp-talk if it tries auth
login on auth disabled port.
If there really is no way then I will activate auth again and scan the
logs for brute force on logins. I want the ips of those bastards who
always try auth logins ;-)
tobi
,
which is not my intention ;-)
Would it be possible to define this via a postfix policy or something
similar? My goal would be to get a cidr map that would only be used when
certain receiver addresses occur during smtp dialog.
Thanks for any hint
tobi
On 09.04.2012 15:19, /dev/rob0 wrote:
On Mon, Apr 09, 2012 at 02:23:14PM +0200, tobi wrote:
I wonder if it's somehow possible to block client ips from a cidr
map for a certain receiver address only. I have some addresses for
which I do not want clients from certain providers to send mail
always remains the same and it's fine with chmod 0600. Have a look
here http://wiki2.dovecot.org/VirtualUsers if virtual users are an
option for you
tobi
before the server sends the accept to the client. It possible to
deny messages based on score during the smtp session and the job of
creating a bounce is on the sending side :-)
I use spamass-milter on two postfix servers running on debian-squeeze.
Works really very nice
tobi
greylisting) happend. In the later case the mails should go to the
queue and no fallback should be used.
Anyway to achieve this?
Thanks for any hints and tipps
tobi
there.
@Ralf
would it not make more sense to place check_sender_access before the
check_policy_service? Otherwise you might greylist senders you don't
want (like maillists)
Regards
tobi
be working from Postfix 2.6 onwards
http://www.postfix.org/postconf.5.html#unknown_address_tempfail_action
Regards
tobi
sends emails based on sender to different relay
servers then http://www.postfix.org/SASL_README.html would be something
for you
Cheers
tobi
Castagnet Adrien schrieb:
Hi tobi,
thank you for your reply.
In my main.cf
I uncommented a line mydestination, it's now like this :
mydestination = $myhostname, localhost.$mydomain, localhost
So then $myhostname must be your domain name (mydomain.local) or it wont
work
mydestination
Adripop schrieb:
Hi everybody !
Could someone help me, i've been searching everywhere around without
results.
Almost every local email account has its own email account provided by
an email provider. I use fetchmail to retreive them and store them
locally on my server. This configuration
authenticated users to relay through your Postfix Server and
set mynetworks on a local IP like 127.0.0.1
Cheers
tobi
relay emails based on
the receivers address/domain? So I could send emails for defined
addresses/domains via my ISP mailserver instead of direct-mx.
Is there a way to do this in Postfix?
Thanks a lot for all tipps/hints
Cheers
tobi
Wietse Venema schrieb:
Tobi:
Hello
I just wonder whether my idea is technically possible to fullfill with
Postfix. I already use sender based relaying which works fine.
My problem is that I'm running a Postfix Server on my dynamic IP-Address. I
would say for 80% of the receivers
Wietse Venema schrieb:
tobi:
[ Charset ISO-8859-1 unsupported, converting... ]
Wietse Venema schrieb:
Tobi:
Hello
I just wonder whether my idea is technically possible to fullfill with
Postfix. I already use sender based relaying which works fine.
My problem
tobi schrieb:
Wietse Venema schrieb:
tobi:
[ Charset ISO-8859-1 unsupported, converting... ]
Wietse Venema schrieb:
Tobi:
Hello
I just wonder whether my idea is technically possible to fullfill with
Postfix. I already use sender based
that it's impossible to block all SPAM without being too harsh,
but there is always something what you can do to prevent it.
Regards,
Jarek
This page (http://www.postfix.org/ADDRESS_VERIFICATION_README.html)
looks like it describes part of your problem. Could be the solution
Regards
tobi
,
Tobi
On Mar 29, 2009, at 5:10 PM, Wietse Venema wrote:
Tobi:
Hi All,
I set up an after-queue content filter following the instructions on
http://www.postfix.org/FILTER_README.html .
Everything works fine except that mail directed to local users is
deferred when it is re-injected to postfix after
96 matches
Mail list logo