I add addresses to trusted ones regarding ignoring dmarc
and dkim, it works correctly
I assume that when sending such e-mails with someone from the outside,
i.e. an external domain, the effect will be the same, but I have no
way to check when two domains have dmarc with p=reject
Yes, I k
an error for
DKIM Because DKIM also signs the subject and it is changed by sieve
what error exactly happens here? Does the remote server refuse your e-mail
from your smtp server?
W dniu 11.09.2024 o 11:34, Matus UHLAR - fantomas via Postfix-users pisze:
how and when do you DKIM-SIGN yourt
Or is it such a stupid idea that it is worth abandoning?
There are options for modifying incoming mail but that should only be done
after it's checked for spamminess.
I know cases where only the external mail is modified.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas
27;s clearly the milter that told postfix to tempfail
the mail, you need to search in your milter configuration (port 11332, I
guess rspamd)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adre
elaying.
You can then configure separate rules on those ports.
However, the rest is up to rspamd configuration
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolv
ould pass, apparently neither passes.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a d
tches_subdomains contains "smtpd_access_maps".
I recommend you not putting it there and if you need it, use ".example.com"
instead.
http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.
format which you may not want:
https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I&#
#x27;d say there's still a
risk of leakage there.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christia
f.
But I still believe anonymising Received: headers is safer than removing
them.
Perhaps milter-regex could be able to anonymize them.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto ad
nt instance for incoming mail (or has more services in
master.cf)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, th
tions
you apparently have reject_unknown_client_hostname which checks FCRDNS.
you can use reject_unknown_reverse_client_hostname instead, which only
checks for reverse DNS.
I personally check both.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
Matus UHLAR - fantomas via Postfix-users skrev den 2024-08-05 11:57:
So, even setting DMARC policy to "quarantine" or "reject" would not
cause problems.
On 05.08.24 12:14, Benny Pedersen via Postfix-users wrote:
i want to belive when ... if all dmarc policy is allowed wha
On Jul 31, 2024, at 1:19 AM, Matus UHLAR - fantomas via Postfix-users
wrote:
FYI Mailman 2 claims to rewrite From: header to fullfill DMARC requirements only when DMARC policy
is "quarantine" or "reject"
On 01.08.24 12:12, Robert L Mathews via Postfix-use
AAA.AAA
3.
.AAA
or
AAA
4.
AA.AA@
...with REJECT or 5xx result
.AAA or AAA depends on your setting of parent_domain_matches_subdomains
(I don't know your default)
Note that "sender" means the envelope from address.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://ww
ents
only when DMARC policy is "quarantine" or "reject"
- rejecting mail failing DMARC can be safe even with mailing lists which
usually appear to break DKIM.
https://wiki.list.org/DOC/Mailman 2.1 List Administrators
Manual#Additional_settings
--
Matus UHLAR - fant
Dnia 30.07.2024 o godz. 12:38:15 Matus UHLAR - fantomas via Postfix-users pisze:
>I filter messages only based on RBLs, manual blocklists and content
>filtering (SA + many custom rules). And as for the latter, the messages are
>sent to spam folder, never rejected. Rejections are base
sed only on first two.
Funny, since multiple people in the past recommended rejecting on
spamminess, not on the results of single DNSBL listing.
Of course, that's your policy.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adverti
calls this for every postfix instance
and count lines:
postmulti -x postqueue -j|wc -l
most of the time it's enough, but if you use different instances for
incoming/outgoing mail, it may make sense to monitor them separately.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fan
net],
this postfix won't lookup MX records for foo.com, but send messages to
mail.example.net unconditionally.
I hope I understand that correctly. :)
yes.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this add
, so usually /etc/postfix has
files writable by root/admin, readable by postfix and everything writable by
postfix should be in /var/lib/postfix.
Logs in /var/log/ should be written by syslog daemon, postfix should not be
able to modify them.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
, so it
detects changes in logfiles immediately and not retroactively as you
stated. So at the moment when Postfix logs connection from
"fluffy.cuddly.port.raping.internet-measurement.com" ;), fail2ban can
block it. It's all the matter of writing proper rules for fail2ban.
--
Matus UH
have to do that with 20.04LTS
within a year, unless you pay ubuntu for extended LTS.
However, if you wan tanother provider, you can choose any other system that
has 3.9 available.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
g these headers.
However, together with comment above, it should be safe if you don't
oversign them - I don't expect List-* header to appears in any mail sent to
the list, and their appearance can indicate error.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
r go later as I just want the email server
up and running seeing, I lost access to the other one. My ISP changed
its network topology which changed my home IP, the server only lets my
old IP access SSH.
On 7/23/2024 4:52 AM, Matus UHLAR - fantomas via Postfix-users wrote:
The best on Debi
dated when new version appears in backports or
system is upgraded.
Example: trixie has version 3.9.0-3, I would download it and rebuild as
3.9.0-3~local0
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this ad
bmission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o milter_macro_daemon_name=ORIGINATING
this is misformatted so I find it hard to read, but I guess the
"smtpd_reject_unlisted_recipient=no" is why recipient is not rejected on
port 58
On 08.07.24 11:42, natan via Postfix-users wrote:
What you propose use ?
Maybe instead of not accepting such mail will better is change
score in SA ?
W dniu 15.07.2024 o 12:06, Matus UHLAR - fantomas via Postfix-users pisze:
This is a policy issue. You can choose your policy to be
right way to do
this?
I understand this as safety measure to avoid mail loops when sending mail to
server that has the same hostname as postfix.
Having different hostnames also helps tracking issues with e-mail -
you can see in Received: headers where the mail went through.
--
Matus UHLAR
ect = Fail
Mail_From_reject = Fail
#update 20240706
#PermError_reject = False
PermError_reject = True
TempError_Defer = False
I don't know if that's maybe too restrictive PermError_reject
But on the other hand, the sender should have correctly configured
SPF for his domain
--
Matus
erver just reject it (5xx code)? This deferral is very
confusing to our administrators.
Common reasons for deferrals
- mailbox quota full
- you are blocklisted
- your (or their) DNS produces temporary errors
- others
does the deferral message explain why the deferral happens?
--
Matus UHLAR - fan
't tell whether the DKIM sig is OK or not in my test
setup, but I'd like to ensure it's the last thing to happen before sending.
How can I do that?
deliver it to mailbox locally and run spamassassin scan, it should tell you
whether the signature is correct.
--
Matus UHLAR - fantom
postfix to the sasl group and allowing group access for
sasl group to the proper directory.
The file I mentioned above contains information on running saslauthd as
saslaush user/group under systemd, haven't tried that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fanto
r-x--- 2 root sasl 4096 Apr 25 17:29 /var/spool/postfix/var/run/saslauthd
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all
if you expect the port_name in logs, it must be send by your spampd and
if it's not, you won't find it anywhere, which is why I recommended
overriding syslog_name in master.cf
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
omain postfix/smtpd[20770]: connect from
localhost[::1]
are mostly related to port 10026.
Add " -o syslog_name=postfix/spampd-in" to master.cf options to see them
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
tworks=127.0.0.0/8,[::1]
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
__
alhost does not necessarily resolve to
127.0.0.1 if both IPv4 and IPv6 are used. That's not a problem. If you
do need to make the distinction, you can be explicit by using either
[127.0.0.1] or [::1] in your settings. Does this help?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fan
ns you got the answer and the sender IP is not allowed for a
domain.
What you propouse to set in PermError_reject ?
if you want to envorce SPF, set it to true.
Note that there are mails that fail SPF but still pass DMARC test, you may
want those. rejecting at DMARC level looks safer alte
e defining mua_recipient_restrictions
in main.cf and in master.cf use something like:
-o smtpd_recipient_restrictions=$mua_recipient_restrictions
this way you can define the same for "submission" and "smtps" (or
"submissions") service.
--
Matus UHLAR - fantomas, uh...@fanto
/var/run/saslauthd
restart saslauthd & postfix
perhaps it helps you
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640
firewall logs.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept
from:
Correct, note that this requires implementing SRS on forwarding machine.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random n
, but spamassassin not working as milter?
spamass-milter can already REJECT the mail that scores too much.
It can't discard them though.
amavisd-milter can do either.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to th
, make sure that address is
deliverable.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to th
It appears that Matus UHLAR - fantomas via Postfix-users
said:
If one of recipients wants to accept mail from a sender while another
recipient doesn't, teoretically you can reject that sender at recipient
level, but that complicates configuration (but it's possible).
This would mea
ecipient doesn't, teoretically you can reject that sender at recipient
level, but that complicates configuration (but it's possible).
This would mean that for single mail to more recipients, sendes gets
accepted and different recipients get refused.
--
Matus UHLAR - fantomas, uh
at:
http://www.postfix.org/smtp-smuggling.html
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to
>BTW in the meantime, if I add this (where mx2.mydomain.com is our
>secondary MX hostname), I take it that would be a good idea:
>
>permit_mx_backup_networks = $mynetworks mx2. mydomain.com
On Tue, 11 Jun 2024 at 10:36, Matus UHLAR - fantomas via Postfix-users <
postfix-us
address verification (if that's what is
going on) with something better?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Sc
reeting
tests, it will be a lighter load than a Perl policy filter.
Not mentioning pregreet test which is AFAIK impossible with policy server.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varov
y should use port 25 for sending mail out.
3.
smtpd_recipient_restrictions = permit_mx_backup
avoid this whenever possible. Or at least define permit_mx_backup_networks
I've put a couple of questions in as comments in the configs - any
thoughts/suggestions very much appreciated! :-)
--
Matus UHLAR - fantomas, u
Le 05/06/2024 à 14:01, Matus UHLAR - fantomas via Postfix-users a écrit :
What I mean is: wildcard TXT (SPF) record for
*.single-wild.porcupine.org only applies to wildcarded hosts, not to
any other record explicitly defined in single-wild.porcupine.org
zone.
Thus, when A record for mail01
Matus UHLAR - fantomas via Postfix-users:
>- Create a wild-card SPF policy for *.raystedman.org that permits
>all your SMTP client IP addresses.
Sorry: wildcard in DNS only applied for non-existing names and since
the hostname already exists:
On 04.06.24 13:02, Wietse Venema via Postfix
e that already has an SPF policy.
This is messy because the name should match the PTR record for the
SMTP client IP address.
I think this only applies for SPF records that have "ptr" option which is
discouraged in SPF. Otherwise, the IP must be listed in SPF record which is
a bit easi
.1 instead?
However I'm sure this isn't the 'right' way to do this. How do I get
postfix to pick up the resolv.conf file that is used/created by dnsmasq?
restarting postfix does set up proper environment, should apply on Ubuntu.
After changing resolv.conf restarting postfix s
smtpd_client_restrictions=$mua_client_restrictions
do you think there is any stuff I am missing?
Use postscreen on port 25, it will drop many bots from trying to connect and
send mail through your server.
http://www.postfix.org/POSTSCREEN_README.html
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
ta=0/1 rset=1 quit=1 commands=7/8
What am I doing wrong?
It's the milter that tempfailed the message, it's not postfix.
perhaps you need allow facebook mail at milter level.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adv
phe Kalt via Postfix-users wrote:
For this to be worthwhile, I assume you also set smtpd_delay_reject to no ?
Good point. But only on smtps/submission level, so in master.cf services.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail a
xbl listed clients with postscreen, one would configure
xbl.spamhaus.org or zen.spamhaus.org=127.0.0.4
On 5/27/24 4:13 AM, Matus UHLAR - fantomas via Postfix-users wrote:
While they are the same, I recommend using the latter, so you can
benefit from caching DNS results in case the same source IP
ces.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the s
this is something very different from what Stephan said.
He mentioned that on postfix with "smtpd_tls_auth_only=yes" (the default)
authentication is only available when TLS is active
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
I would expect all of them to use EHLO,
especially because of DSN and SIZE extensions.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
-unreachable
so any outgoing (dst) packet from TCP port 25 to IP address in ipset
"block-smtp" will result in icmp port unreachable.
It can be changed to tcp-reset.
On 5/24/24 6:18 AM, Matus UHLAR - fantomas via Postfix-users wrote:
On 23.05.24 21:03, John Hill via Postfix-users wr
ld use 465/587), it's
better to disable it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteri
Postfix?
I use fail2ban a way where incoming packets to port 25 get dropped and
outgoing packets from port 25 get reset, so smtpd should receive info to
close connection when first packet leaves.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
Zen includes the "PBL" component, which consists largely of
residential and mobile consumer IPs.
On 24/05/24 02:12, Matus UHLAR - fantomas via Postfix-users wrote:
Yes, but these are (usually) not considered valid clients, these
should use submission/submissions(smtps) p
lution is to use "-N never" instead
resubmit unix - n n - 10 pipe
flags=Rq user=nobody null_sender=
argv=/usr/local/libexec/resubmit_mail.sh -N success -- ${recipient}
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fanto
onnection? thank you
Wietse.
On 2024-05-23 at 02:31:05 UTC-0400 (Thu, 23 May 2024 08:31:05 +0200)
Matus UHLAR - fantomas via Postfix-users
is rumored to have said:
not, unless they are listed in zen.spamhaus.org, which should not
happen.
On 23.05.24 09:45, Bill Cole via Postfix-users wro
onnection? thank you Wietse.
not, unless they are listed in zen.spamhaus.org, which should not happen.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akuk
may cause troubles.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a tal
lda, which produced the output.
postfix/local is just reporting error message from dovecot-lda.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7
reverses the ipv6 ip, thus
not recognizing it like postscreen?
Matus UHLAR - fantomas via Postfix-users skrev den 2024-05-15 11:29:
This is how DNSBLs work, so you can simple block 2607:f8b0:4864:: by
defining *.4.6.8.4.0.b.8.f.7.0.6.2.bl.spamcop.net
On 15.05.24 12:17, Benny Pedersen via Postfix
reverses the ipv6 ip, thus not
recognizing it like postscreen?
This is how DNSBLs work, so you can simple block 2607:f8b0:4864:: by defining
*.4.6.8.4.0.b.8.f.7.0.6.2.bl.spamcop.net
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
.c:1621:SSL alert number
46:
simple search for "ssl alert 46" provides answer, that it is certificate
unknown by client. Perhaps you have self-signed certificate or you fail to
provide intermediate certificate from your CA.
--
Matus UHLAR - fantomas, uh...@fantomas
ue and the documentation does not elaborate
whether this is a good or bad idea.
perhaps the default value for alias_maps could be something like:
alias_maps = $alias_database, nis:mail.aliases
But the rest still applies.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning:
no idea how feasible this is - would be
some tooling to pull out different versions of the message as they flow
through the queues.
Interesting how long latent bugs can lie around, isn’t it?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
e to be wrapped".
Do not rely on these MUAs behaviour by dropping the final "=".
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
rect and signed by the From: header domain.
looking backup my mailbox I found that mail from a domain with no DKIM that
passes SPF is marked as dmarc=fail so it looks like SPF is not checked at
all on the list server.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Wa
tion
I also recommend to look at the "format=flowed" option which is nicer
approach.
RFC 3676 addresses this.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAV
th DKIM and SPF fail, there's stil possibility of rewriting From:
header and DKIM-signing it.
Alternativelly, tell customer that the sender does not wish their mail to
be forwarded.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
old server from courier to dovecot + lda
and want to know if I will need the sieve solution again or not...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akuko
Στις 11/4/24 10:59, ο/η Matus UHLAR - fantomas via Postfix-users έγραψε:
It still works, but you may need supplementary software as amavis,
sagator, spamass-milter or mimedefang because SpamAssassin only
focuses on classification, not about delivery.
On 11.04.24 11:54, Dimitris via Postfix
ight the impact of different DNSBLs to fit your needs and to
make explicit direct exemptions if you like.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklam
, Matus UHLAR - fantomas via Postfix-users wrote:
I use them on many servers.
I just use postscreen which supports scoring and only block when
more than one blocklist hits.
On 11.04.24 09:55, DL Neil via Postfix-users wrote:
For the benefit of those of us following-along with the conversation
and
, I use only their "Dynamic IP" list.
sorbs dyna is supposed to contain the same IP addresses as spamhaus PBL
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTA
servers.
I just use postscreen which supports scoring and only block when more than
one blocklist hits.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek
from file
- can feed mail to a program or a file
- can change mail sender when "alias" is the recipient and "owner-alias"
exists
Preferrably use virtual_alias_maps, but if you need any of alias_maps
features, use that one.
--
Matus UHLAR - fantomas, uh...@fantomas.s
nd deliver it to the outside world, and supply bounce/error
notifications.
So, where did you see the error? Can you post the whole syslog message?
On 3/28/2024 7:15 AM, Matus UHLAR - fantomas via Postfix-users wrote:
Please use plaintext for list mail.
On 28.03.24 06:39, Samuel Goodies via Postfi
;s IP to the mynetworks line would authenticate, but I think I
misunderstood.
Can someone point me to where I messed up?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
access_lookup_key as
another allowed sender.
http://www.postfix.org/postconf.5.html#smtpd_null_access_lookup_key
with 10.245.16.24 being list-server1
After all googleing and manual reading I have done, I can't find a
solution and hope someone
can point me into the right direction.
--
Matus UHLAR -
On Thu, Mar 21, 2024 at 03:20:23PM +0100, Matus UHLAR - fantomas via
Postfix-users wrote:
Wietse Venema via Postfix-users:
smtpd_discard_ehlo_keyword_address_maps =
cidr:{ {!10/8 silent-discard,dsn} }
On 23.02.24 11:12, Wietse Venema via Postfix-users wrote:
But that does not
Matus UHLAR - fantomas via Postfix-users:
> as I maintain some mail gateways with postfix, I would like to discard the
> DSN ehlo keyword, from all hosts but internal network.
>
> I see that with smtpd_discard_ehlo_keyword_address_maps
> "Tables will be searched in the spe
directly to some maildir folder ?
The easiest way I know is to use user and let the user store mail to its own
maildir.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
iple DNS-based blocklists
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexi
/0.1,
dsn=2.0.0, status=sent
Mar 8 12:02:21 fantomas postfix/smtp[26684]: 4TrjtN6SF2z4wB0:
to=, relay=...
In case of domains in relay_domains, the command could be even
postfix/relay, so one needs to exclude that one as well.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk
So I guess there is no way for a milter/policy server to know about
rejected recipients (other than parsing log file)?
e.g. the DCC milter would report total count of recipients (including
rejected/non-existing) to DCC servers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.s
m I on the right road? Please disabuse me of any incorrect notions.
yes, that could help, but it's pretty much work.
I find it better to explicitly test server for relaying.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
, not outgoing. Just like smtpd_*_limit
- these are to limit receiving mail from your clients, not sending it out.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akuk
place is where you need it. Before
smtpd_data_restrictions you don't see recipient_count either.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu po
1 - 100 of 1001 matches
Mail list logo
