Re: smtp_bind_address not working through proxy

Am 16.04.2014 19:07, schrieb sedandgrep: > Upon inspection of the headers to an external domain (an email address I have > at gmail), they show the SPF failing claiming that the ip of the client is > not designated to send emails for our domain (the domain of our postfix of > course) you need to

Re: Does it work on an air gapped intranet?

Am 15.04.2014 22:06, schrieb Angus March: > I'm looking for an MTA that will work on an air gapped intranet. > If the network is small enough, can this be done w/out a DNS? http://www.catb.org/esr/faqs/smart-questions.html the medium does not matter *what* is your goal? a MTA without any DNS

Re: v4bl.org anyone knows this ?

Am 14.04.2014 05:20, schrieb Stan Hoeppner: > Clearly I was responding specifically to 'what is hard about making them > match', which is why I snipped the rest. If one controls PTR it's easy > to make all 3 match. When one does not control PTR it is 'hard', in > fact impossible, to make them al

Re: v4bl.org anyone knows this ?

Am 13.04.2014 10:34, schrieb Stan Hoeppner: > On 4/12/2014 3:03 PM, li...@rhsoft.net wrote: > >> but on the other what is that hard to have HELO/PTR/A matching? > > This has been asked and answered multiple times on this list. The short > answer is that customers of

Re: v4bl.org anyone knows this ?

Am 12.04.2014 21:53, schrieb Robert Schetterer: > thx for your info, i was contacted from sombody who is in big trouble by > results of this list using a corect but differnt helo then ptr , and > warned getting banned from his ip/net by third party ignorants in principals agreed that it is too mu

Re: pop-before-smtp problem with postfix 2.10 and 2.11

Am 12.04.2014 19:44, schrieb o...@field.hu: > I totally agree with you guys, SASL auth is already implemented, BUT... there > are a couple thousand mailboxes and > part of them have weak password as it turned out. Spam bots finds out the > password and spam the world from my > server. It never

Re: pop-before-smtp problem with postfix 2.10 and 2.11

Am 12.04.2014 18:34, schrieb Bánhalmi Csaba: > I am using pop-before-smtp with postfix 2.9 to authenticate my users for > years. Now I updated postfix to 2.11 (then > I tried with 2.10) and pop-before-smtp is not working. Also tried with > different pop-before-smtp script, but it > seems postfi

Re: OpenSSL 1.0.1g and Ironport SMTP appliances interop issue

Am 11.04.2014 06:53, schrieb Viktor Dukhovni: > Note that various vendor SSL updates for "Heartbleed" may not > exhibit the issue. For example, Debian wheezy back-ported just the > relevant bug-fix to without back-porting the new padding extension. > I also expect similar (fortunate) behaviour on

Re: DKIM, DMARC, Original-Authentication-Results

Am 11.04.2014 00:53, schrieb LuKreme: > > On 10 Apr 2014, at 09:08 , Viktor Dukhovni wrote: > >> On Thu, Apr 10, 2014 at 06:03:51AM -0400, Miles Fidelman wrote: >> >>> I'm sure at least some of you have been bitten by the debacle associated >>> with Yahoo turning on strict DMARC enforcement (p

Re: Asking about heartbleed

Am 09.04.2014 23:54, schrieb Victoriano Giralt: > I'd like to 'hear' Wietse's and Victor's opinion on how could this nasty bug > affect a TLS service like submission? > > I suppose that the answer would very well be that "it depends on the > availability of exploits", but ... in doubt *any* s

Re: Where is 'localdomain' defined?

Am 07.04.2014 16:34, schrieb Timothy D. Legg: > myhostname = example.com > > but when I run postconf -d myhostname, I get an output that I didn't expect: > > myhostname = example.localdomain re-read the manual postconf -d: default settings postconf -n: current active settings

Re: Lost Connection after AUTH - Dealing with Abuse

Am 07.04.2014 15:42, schrieb Richard Laysell: > Apr 7 12:52:40 polyphemus postfix/smtpd[24765]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:41 polyphemus postfix/smtpd[9398]: lost connection after > AUTH from unknown[78.188.45.153] > Apr 7 12:52:42 polyphemus postfix

Re: Two domains names under the same IP: how to handle this issue ?

Am 05.04.2014 19:34, schrieb Miles Fidelman: > li...@rhsoft.net wrote: >> >> Am 05.04.2014 17:01, schrieb Miles Fidelman: >>> It strikes me that I haven't seen a general answer to the original question >>> how to set up PTR records when one is serving more

Re: Two domains names under the same IP: how to handle this issue ?

Am 05.04.2014 18:06, schrieb /dev/rob0: > One other comment to this thread: please, PLEASE, get rid of > nslookup. It is broken, bug-ridden garbage that will not be fixed. > Nobody in A.D. 2014 should be recommending it. The proper tool for > DNS troubleshooting is dig(1) agreed, but until now

Re: Two domains names under the same IP: how to handle this issue ?

Am 05.04.2014 17:01, schrieb Miles Fidelman: > It strikes me that I haven't seen a general answer to the original question > how to set up PTR records when one is serving more than one domain under > the same IP address. don't setup PTR records and A records for a mailsever setup *one* PTR rec

Re: Two domains names under the same IP: how to handle this issue ?

Am 05.04.2014 15:38, schrieb Germain: > Thank you for the accurate details ! > > When I issue the command: > > nslookup mx1.adtlas.com NSPRI.ADTLAS.COM > > I receive that, and it seems to me correct: > > Server: NSPRI.ADTLAS.COM > Address:88.191.117.125#53 > > Name: mx1.adt

Re: Two domains names under the same IP: how to handle this issue ?

Am 05.04.2014 14:15, schrieb Germain: > Thank you for your appreciated remarks ! > > I apologize for masking at first my data, but a lot of people are doing the > same at first with a generic question. yes, and if you each time trying to help somebody need to go trough several mails for get the

Re: SMTP client rate delay

Am 05.04.2014 13:02, schrieb Anders Melchiorsen: > Den 05/04/14 12.32, li...@rhsoft.net skrev: >> >> Am 05.04.2014 10:47, schrieb Anders Melchiorsen: >>> We have some trouble delivering mail to a particular destination. After >>> something >>> lik

Re: Two domains names under the same IP: how to handle this issue ?

Am 05.04.2014 12:32, schrieb Germain: > Many thanks for your answer, but now I'l lost... > I rent one dedicated server at Online.net with two domains ("vehicall.com" > and "adtlas.com" at Namebay) and my provider's console allows me to manage > the reverse DNS. why don't you just say that from t

Re: SMTP client rate delay

Am 05.04.2014 10:47, schrieb Anders Melchiorsen: > We have some trouble delivering mail to a particular destination. After > something > like five deliveries in a few seconds, our IP packets are dropped for one > hour. if that is true forget it to seeek for workariunds on your site and contac

Re: Two domains names under the same IP: how to handle this issue ?

Am 05.04.2014 08:33, schrieb Germain: > In fact I've already in the BIND configuration of zone-one.com: > > "zone-one.com. A xx.xxx.xxx.xxx" > "mx1.zone-one.com. A xx.xxx.xxx.xxx" > "zone-one.com. MX 10 mx1.zone-one.com." > "xx.xxx.xxx.xxx.zone-one.com. PTR zone-one.com." what is that above? ju

Re: Two domains names under the same IP: how to handle this issue ?

Am 04.04.2014 15:48, schrieb Germain: > Accordingly, I've defined one email account for each one: > webcont...@site-one.com and webcont...@site-two.com. > > Unfortunately when I'm doing the tests with MultiRBL.valli.org, my IP is > ONLY blacklisted on V4BL.org with the following sentence: > >

Re: why my e-mail waiting on queue if Host or domain name not found error exists

Am 01.04.2014 16:17, schrieb Selcuk Yazar: > some of our users sends emails to incorrect mail addresses like gmail.com.tr > . Postfix gives > an error Host or domain name not found. But email still waiting on queue. > can can i change this settings ? > i wantto to try to 1

Re: Can't reject forged sender/from address only when using AfterLogic Webmail

Am 31.03.2014 19:26, schrieb Pau Peris: > i really do not know what to answer to you about your last email. > > Anyway, as i understand envelope sender is where a computer are going to > respond an email, if needed, and the from > header is where people reply emails. If i'm wrong just an explana

Re: Unclear of smtp protocol in a restricted domain

Am 31.03.2014 02:35, schrieb Shawn Zaidermann: > The way I had assumed it earlier was the client authenticates via 993 > (dovecot IMAP in our case), crafts an email > to another user and this email is delivered instantly via lmtp (in our case, > dovecot LDA), but now I see that in > reality, th

Re: Unclear of smtp protocol in a restricted domain

Am 31.03.2014 02:07, schrieb cybermass: > 587 is dedicated for submission but is it any different if I have > configured smtps to be port 8809 and just have the clients use that port > with STARTTLS instead of 587? technically you can use whatever port but why not use standars and make users life

Re: Unclear of smtp protocol in a restricted domain

Am 31.03.2014 01:54, schrieb cybermass: > Interesting, that is something I never even thought of why should a server hosting example.com relay a to him submitted message from a...@example.com to b...@example.com trough a foreign server? what should that foreign server do with that message other

Re: Unclear of smtp protocol in a restricted domain

Am 31.03.2014 00:35, schrieb cybermass: > Hi. I am a bit unclear about how email works in a closed domain from roaming > clients (SASL auth clients). > > If there is a postfix server that is configured to only accept and send > email to users in the same domain, say for example > j...@restricted.

Re: Postfix anonymize email sender

Am 30.03.2014 13:13, schrieb Sami Mäntysaari: > The plan is to have srv #1 to send email to srv #2 and srv #2 gets rid > of the sender server IP address so it only shows srv #2 IP address. > > > How can I acomblish it? header_checks = regexp:/etc/postfix/header_checks.cf nested_header_checks =

Re: Can I reject when sender doesn't appear in from: header?

Am 30.03.2014 12:13, schrieb Wijatmoko U. Prayitno: > On Sun, 30 Mar 2014 12:03:45 +0200 > "li...@rhsoft.net" wrote: > >> time to realize them, however, http://dspam.nuclearelephant.com/ > > FYI, > the correct URL for dspam -> http://dspam.sourceforge.

Re: Can I reject when sender doesn't appear in from: header?

Am 30.03.2014 06:30, schrieb Peter: > On 03/30/2014 01:25 PM, li...@rhsoft.net wrote: >> >> while i agree that it is a bad idea to take headers into account > > I wouldn't say that, it depends on exactly what you're doing and how > much you're basing your

Re: Can I reject when sender doesn't appear in from: header?

Am 30.03.2014 01:10, schrieb Peter: > On 03/28/2014 10:16 AM, Adam Moffett wrote: >> I'm seeing messages occasionally where the envelope sender is a >> verifiable address at someone else's domain, but the from: header >> contains some non-existent user @ our local domain. > > This is a very bad

Re: Reject client from domains without MX records

henticated" http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch > Sent from my Android mobile, excuse the brevity. > > On Mar 29, 2014 12:30 AM, "li...@rhsoft.net <mailto:li...@rhsoft.net>" > mailto:li...@rhsoft.net>> > wrote: > >

Re: Reject client from domains without MX records

n.cf > <http://main.cf> should stay after removing > the sasl params and how should master.cf <http://master.cf> look please? > > Thank u so much!! > > Sent from my Android mobile, excuse the brevity. > > On Mar 28, 2014 10:21 PM, "li...@rhsoft.net <mailt

Re: Warning messages from bad return-path

Am 28.03.2014 22:43, schrieb Bruce Sackett: > I am running into a problem where I have a poorly configured SMS system > sending through the mail server. The > messages are delivered properly, but then the sender receives a warning > message: > > Failed to deliver to ‘ SMTP module(domain ) re

Re: Reject client from domains without MX records

Am 28.03.2014 20:33, schrieb Pau Peris: > I think everything was working fine but after update main.cf > file i'm seeing the following warning > for emails incoming outside the box, postfix/smtpd[15455]: warning: > restriction > `reject_authenticated_sender_login_mismatch' ignor

Re: Reject client from domains without MX records

PLEASE LEARN TO USE YOUR MAIL-CLIENT AND HOW TO QUOTE * do not top post * do not post HTML * do not reply only to your own questions while you refer to answers * if you continue that way of posting i just ignore you this is a completly unreadable thread in the meanwhile that below is hardly a res

Re: Reject client from domains without MX records

can you please stop top-posting and using HTML on lists? what is bad with HTML? look at the quote below after convert you message to plain Am 27.03.2014 19:53, schrieb Pau Peris: > i didn't configure mynetworks because i mynetworks_style is set to host. I > thought > it was right thing to do to

Re: Reject client from domains without MX records

Am 27.03.2014 18:52, schrieb Pau Peris: > If i try to spoof email/sender address through Mozilla Thunderbird i get the > same error message as the one when > relaying mailto:u...@example.com>>: Sender address > rejected: not owned by user us...@example.com > ; So it loo

Re: StartSSL.com SSL Class2 Certificate and Postfix

the problem is that you can't control what the client expects there are a lot of clients, recent and outdated rule of thumbs: avoid all that domain-specific crap in caes of mail and just use and communicate "mail.yourdomain.tld" indepdendent what domains you are hosting - that scales and works in

Re: Virtualmin + Mailman 5.5.4 Relay denied

x.io/wildcard.crt> > smtpd_tls_key_file = /etc/certs/ssx.io/private.key <http://ssx.io/private.key> > smtpd_tls_security_level = may > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = hash:/etc/postfix/virtual > > On Tue, Mar 25, 2014 at 11:52 AM, li...@rhsoft

Re: Virtualmin + Mailman 5.5.4 Relay denied

Am 25.03.2014 12:48, schrieb Scott Wilcox: > Mar 25 12:32:03 aeson postfix/smtpd[24981]: connect from > mail-wi0-f176.google.com > [209.85.212.176] > Mar 25 12:32:03 aeson milter-greylist: smfi_getsymval failed for > {daemon_port}, using default smtp port > Mar

Re: Reject client from domains without MX records

Am 24.03.2014 20:54, schrieb Pau Peris: > I'm wondering why are you setting the following policies under recipient > restrictions > and not under sender restrictions? Maybe it's more efficient? > > reject_non_fqdn_sender > reject_unlisted_sender > reject_authenticated_sender_login_mismatch bec

Re: Postfix + relayhost via riseup.net => Problems?

Am 22.03.2014 22:08, schrieb Anonymous12: > 22.3.2014 23:06, li...@rhsoft.net kirjoitti: >> uhm you posted that line in your "postconf -n" output >> >> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy >> >> besides a complete log what is the co

Re: Postfix + relayhost via riseup.net => Problems?

Am 22.03.2014 22:02, schrieb li...@rhsoft.net: > break: > > openssl s_client -starttls smtp -crlf -connect mail.riseup.net:587 > shows after the SSL stuff and the "EHLO command" that the other > host supports LOGIN / PLAIN, so i am somehow out of ideas > > did y

Re: Postfix + relayhost via riseup.net => Problems?

Am 22.03.2014 21:47, schrieb Anonymous12: >> package: libsasl2-modules >> This package provides the following SASL modules: LOGIN, >> PLAIN, ANONYMOUS, NTLM, CRAM-MD5, and DIGEST-MD5 (with DES support) ok, you are even too lazy to read what others googled for you just

Re: Postfix + relayhost via riseup.net => Problems?

Am 22.03.2014 20:08, schrieb Anonymous12: > 22.3.2014 21:04, li...@rhsoft.net kirjoitti: >> >> >> Am 22.03.2014 19:57, schrieb Anonymous12: >>> 22.3.2014 20:48, li...@rhsoft.net kirjoitti: >>>> Am 22.03.2014 19:41, schrieb Anonymous12: >>>>&

Re: Postfix + relayhost via riseup.net => Problems?

Am 22.03.2014 19:57, schrieb Anonymous12: > 22.3.2014 20:48, li...@rhsoft.net kirjoitti: >> Am 22.03.2014 19:41, schrieb Anonymous12: >>> 22.3.2014 20:02, Viktor Dukhovni kirjoitti: >>>> On Sat, Mar 22, 2014 at 07:58:15PM +0200, Anonymous12 wrote: >

Re: Postfix + relayhost via riseup.net => Problems?

Am 22.03.2014 19:41, schrieb Anonymous12: > 22.3.2014 20:02, Viktor Dukhovni kirjoitti: >> On Sat, Mar 22, 2014 at 07:58:15PM +0200, Anonymous12 wrote: >> apt-cache search sasl suggests that libsasl2-2 may be what you need. >> >> There are additional mechanism-specific packages with

Re: Postfix + relayhost via riseup.net => Problems?

Am 22.03.2014 18:01, schrieb Anonymous12: > 22.3.2014 18:57, Drizzt kirjoitti:>> 22.3.2014 18:17, li...@rhsoft.net > kirjoitti: >>>> >>>> >>>> Am 22.03.2014 17:04, schrieb Anonymous12: >>>>> 22.3.2014 18:02, li...@rhsoft.n

Re: Postfix + relayhost via riseup.net => Problems?

Am 22.03.2014 17:45, schrieb Anonymous12: > 22.3.2014 18:17, li...@rhsoft.net kirjoitti: >> Am 22.03.2014 17:04, schrieb Anonymous12: >>> 22.3.2014 18:02, li...@rhsoft.net kirjoitti: >>>> >>>> Am 22.03.2014 16:59, schrieb Anonymous12: >>>>&g

Re: Postfix + relayhost via riseup.net => Problems?

Am 22.03.2014 17:04, schrieb Anonymous12: > 22.3.2014 18:02, li...@rhsoft.net kirjoitti: >> >> >> Am 22.03.2014 16:59, schrieb Anonymous12: >>> How can I relay mail via riseup.net? >>> You need to be using starttls before it allows you to login >> &g

Re: Postfix + relayhost via riseup.net => Problems?

Am 22.03.2014 16:59, schrieb Anonymous12: > How can I relay mail via riseup.net? > You need to be using starttls before it allows you to login then just enable TLS, these days that should be done anyways http://www.postfix.org/TLS_README.html

Re: Reject client from domains without MX records

enderaccess.cf smtpd_recipient_restrictions = permit_mynetworks reject_non_fqdn_recipient reject_non_fqdn_sender reject_unlisted_sender reject_authenticated_sender_login_mismatch permit_sasl_authenticated > I'm already using reject_unknown_sender_domain. > Thank you so much

Re: mod-sftp can't replace the exist file on server

Am 22.03.2014 08:58, schrieb Sense Zeng: > proftpd version: 1.3.4a > mod_sftp version: 0.9.8 nice but how is that a postfix topic?

Re: Reject client from domains without MX records

Am 22.03.2014 10:29, schrieb Pau Peris: > The issue here is mail.domain.com is responsible of > sending email for domain.com > but not *.domain.com so the latter > are not DKIM signed and obviously are > not valid recipient addres

Re: Sending notification to sender

Am 21.03.2014 18:47, schrieb Ignacio Garcia: > I wish I could send an automated notification upon receiving emails from a > couple of domains. for example, let's > assume those domains are hotmail.com and gmail.com. What I need is, everytime > my users receive a message from > either any...@hotm

Re: Issue with Windows mail client software

Am 20.03.2014 17:32, schrieb Viktor Dukhovni: >> smtpd_tls_key_file = /etc/pki/mail/private/hostkey.pem >> smtpd_tls_mandatory_ciphers = high > > I would leave this at "medium", otherwise you're disabling RC4, > which is the best cipher available on older Windows systems > (Windows XP) Windows

Re: Issue with Windows mail client software

Am 20.03.2014 17:01, schrieb mizuki: > I'm running Postfix-2.6.6 which is the version coming with latest Redhat6 and > we have firewall in between the > public network and campus so we have conduits 465 opened for sending emails > from outside networks. All mail clients > work fine except the mai

Re: Separate postfix server for mail submission (MSA)

why do you still post in HTML? Am 20.03.2014 13:16, schrieb ML mail: > Sorry my fault, it is working now! I have forgotten to add user > authentication into my mail client for testing :( and that is what i said in my first reply: that is only one log line - where is the evidence that the sender

Re: Separate postfix server for mail submission (MSA)

Am 20.03.2014 13:11, schrieb ML mail: >> Sorry about that. Here below is the output of a postconf -n: >> >> append_dot_mydomain = no >> biff = no >> config_directory = /etc/postfix >> default_transport = smtp >> inet_interfaces = all >> inet_protocols = all >> mailbox_command = procmail -a "$EXTE

Re: Separate postfix server for mail submission (MSA)

Am 20.03.2014 12:24, schrieb ML mail: > That's actually the guide I have followed but I thought there must be > something missing because I alwayse get the > following Access denied error message: > > Mar 20 12:22:38 debian postfix/submission/smtpd[18467]: NOQUEUE: reject: RCPT > from unknown[

Re: postfix after queue content filter

stfix.org/FILTER_README.html > > On 3/19/14, li...@rhsoft.net wrote: >> as lonf you are talking about pickup there is no port >> involved at all and no smtp/smtpd setting is relevant >> because it's just not SMTP >> >> Am 19.03.2014 20:49, schrieb Tim Preps

Re: postfix after queue content filter

as lonf you are talking about pickup there is no port involved at all and no smtp/smtpd setting is relevant because it's just not SMTP Am 19.03.2014 20:49, schrieb Tim Prepscius: > I'm looking through the docs of sendmail, seeing how I can get it to > send to a specific port. But not seeing it. >

Re: postfix + mailman: undelivered, user unknown

Am 19.03.2014 20:08, schrieb Tout Guy: > I set up postfix + dovecot and know that I want to have mailing lists I > decided to install mailman. > > Everything is working except that I cannot send emails to my mailing list > (and this is quite important, don't you > think?). > > When I'm sendin

Re: Forwarding by Sender

just don't switch to top-posting in the middle of a thread Am 19.03.2014 19:57, schrieb Drew Mazurek: > Rewriting the envelope sender address at the first hop out of the application > seems to work best. Next question: > is it possible to log what the address was before it gets rewritten? Our

Re: Forwarding by Sender

Am 19.03.2014 15:19, schrieb Drew Mazurek: > I have an application that sends and receives email. I don't want to have it > process bounces, though, so I'd like > its dedicated Postfix relay to forward all mailer-daemon messages to me > rather than to the application. In other > words, I'd like

Re: non TLS Auth only from local

Am 18.03.2014 22:21, schrieb Sergei: > Is there a way to announce and allow unencrypted smtp authentication (AUTH > LOGIN) only from 127.0.0.1? > > I want Roundcube (webmailer) to use the users credentials when sending mail > for them and for performance reasons this should not require TLS. Bu

Re: 20-40+ second delays. Is this normal?

Am 18.03.2014 16:38, schrieb Wietse Venema: > Now, look for SELINUX warnings. > > Or see if the warning goes away with: > > /etc/selinux/config: SELINUX=disabled > > and > > $service selinux restart selinux is not a service http://www.cyberciti.biz/tips/enable-permissive-mode-for-selinux-trou

Re: Network TCP port 47107 is being used by /usr/lib/postfix/proxymap. Possible rootkit: T0rn

Am 18.03.2014 16:09, schrieb Ben Johnson: > A daily rkhunter scan produced the following warning, which mentions Postfix. > Is this a false-positive? > > Warning: Network TCP port 47107 is being used by /usr/lib/postfix/proxymap. > Possible rootkit: T0rn > Use the 'lsof -i' or 'netsta

Re: Limit number of Cci recipient

Am 17.03.2014 12:36, schrieb Alexandre Ellert: > Some of our customers have bad malling practices and I want to limit the max > number of Cci recipient. > I already use smtpd_recipient_limit but I would like to use a lower value for > Cci. > Do you know how can I achieve this using Postfix? on

Re: Force "AUTH" before "MAIL FROM" command for submission port 587

Am 16.03.2014 01:53, schrieb Karl Klein: > when I run the security test on http://www.emailsecuritygrader.com, I always > get a "-" > for "AUTH Required (port 587)". To get a "+", the descriptions says: > "Your system requires authentication (AUTH) on port 587 before the MAIL FROM > command i

Re: Mail Server Accused of Spam!

Am 15.03.2014 11:08, schrieb Tim Smith: > I have a few users who just want their email forwarded onto GMail Accounts > however these users seem to receive an > inordinate amount of spam and so I get a message from Google in my logs > stating: > > /Feb 7 09:39:53 xxx postfix/smtp[15191]: 1

Re: mx backup

Am 13.03.2014 21:08, schrieb Pol Hallen: >> There's evidence that some spammers reverse-sort MX records, >> intentionally sending to the backup MX first. Consequently, the >> backup MX /must/ have anti-spam controls identical to the primary. >> >> But consider if you truly need a backup MX. Most

Re: mx backup

Am 13.03.2014 14:46, schrieb li...@rhsoft.net: > Am 13.03.2014 14:42, schrieb Pol Hallen: >> Hi all, I need an advice about my mx-backup server >> >> main mail server has many antispam system (amavis, spamassassin, etc.), >> when an email bounced by these antispam,

Re: mx backup

Am 13.03.2014 14:42, schrieb Pol Hallen: > Hi all, I need an advice about my mx-backup server > > main mail server has many antispam system (amavis, spamassassin, etc.), > when an email bounced by these antispam, the email goes to mx-backup > server. mx-backup server keep email inside own queue.

Re: Allow client hostname to relay mails.

Am 12.03.2014 12:58, schrieb tejas sarade: >> how should that be possible? >> the hostname the client pretends? >> how could you trust that? >> how could you trust any hostname? >> there is nothing else trustable than the connecting real IP > > No. Not the hostname that client pretends, I am talki

Re: Allow client hostname to relay mails.

Am 12.03.2014 12:06, schrieb tejas sarade: > I want to allow a machine with dynamic IP address but static hostname through > DynDNS. > I know that hostname in smtpd_client_restricions works only through reverse > DNS lookup. > Is there any way, I can allow the client based on hostname which has

Re: Possible to block all attachments?

Am 11.03.2014 14:33, schrieb jmct: > mime_header_checks = regexp:/etc/postfix/mime_header_check > > regexp:/etc/postfix/mime_header_check is unavailable. open > /etc/postfix/mime_header_check: No such file or directory and the file "/etc/postfix/mime_header_check" exists?

Re: Translate error messages

Am 10.03.2014 17:58, schrieb Eduardo Ramos: > I'd like to know if it's possible translate a bounce message as: > > Original: > : User has moved to fabiana.ci...@a2.net > > Translated > : Usuário movido para fabiana.ci...@a2.net please don't do that even if you find a way nothing more bad for

Re: TLS help request

Am 08.03.2014 01:11, schrieb Glenn English: >> Secure Renegotiation IS supported >> Compression: zlib compression >> Expansion: zlib compression let me guess: BSD as operating system there where a lot of posts recently that this is a problem honestly you should always disable compression in con

Re: postfix doesn't use NIS "behind by back", right?

Am 07.03.2014 22:32, schrieb Jay G. Scott: > That is, I deliberately banish all references to NIS from > main.cf. (I might need the NIS client libraries to compile > and link but I don't care about that.) postfix does not > (in that case) use NIS for anything, right? I could firewall > the port

Re: Compromised Passwords

Am 06.03.2014 18:04, schrieb Adam Moffett: > Two steps eliminated this problem for us: > > 1) Accounts with more than 6 failed login attempts in a 10 minute period are > disabled for 10 minutes. This makes > brute force methods to find passwords almost impossible. that is fine > 2) Limit to

Re: backscatter

Am 04.03.2014 17:55, schrieb Mike McGinn: > I ma getting some backscatter problems lately. > I used to have the line: > reject_unknown_reverse_client_hostname, > in my smtpd_client_restrictions but I commented it out because an important > client is on a microsoft cloud and had been having problem

Re: How to redirect one specific sender to one specific non-existent recipient?

Am 04.03.2014 14:19, schrieb Matthias Egger: > Can somebody point me to the propper direction on how to solve this? > > What we have: > > * has bought a long time ago some software where > she regulary receives "hidden" (to the public) download links for upgrades. > * Secretary has quit and her

Re: any known issues with mailing lists?

Am 03.03.2014 23:45, schrieb Jay G. Scott: > I have one user telling me that he has a long mailing list > (on the order of 34 -- hardly long) and some of the recipients > bounce. If he mails them one at a time the mail works -- so > the addresses are okay. > > What else should I tell you? the

Re: Make TLS errors hard, not soft

Am 03.03.2014 15:44, schrieb Ralf Hildebrandt: >> The error mesage being one of: >> >> TLS is required, but host %s refused to start TLS: %s >> TLS is required, but was not offered by host %s >> TLS is required, but our TLS engine is unavailable >> %s: TLS is required but unavaila

Re: Mac Postfix gateway local delivering.

Am 02.03.2014 01:08, schrieb Rick Zeman: > Howdy, I'm trying to set up a Mac version of postfix (2.9.4) as a mail > gateway. It's been many years since I've > set up a postfix instance, and being extremely rusty I've gotten myself > stuck. I've got things working so that > mail destined for o

Re: Make TLS errors hard, not soft

Am 27.02.2014 19:28, schrieb Viktor Dukhovni: > On Thu, Feb 27, 2014 at 12:48:47PM -0500, Wietse Venema wrote: >> Peer Heinlein: >>> You got it. That's what we ARE doing and that's why I'm asking for. :-) >> >> Well this is a very non-standard deployment. I have to spend my >> limited cycles wise

Re: is transport_maps order dependent?

Am 26.02.2014 23:59, schrieb Quanah Gibson-Mount: > Fiddling with how Zimbra sets some variables that get pushed to postfix, and > trying to determine if transport_maps > is order dependent. > > I.e., are these equivalent: > > transport_maps = lmdb:/opt/zimbra/conf/postfix/postfix_discard_doma

Re: TLS client logging PATCH

Am 26.02.2014 17:30, schrieb Viktor Dukhovni: >> no - the two dns servers are already in the LAN and working >> >> they are trusted and if i do not trust my own LAN i also can >> not trust a forwarder running on 127.0.0.1 asking them > > Without an anti-spoofing firewall, remote name servers may b

Re: TLS client logging PATCH

Am 26.02.2014 12:57, schrieb Wietse Venema: > li...@rhsoft.net: >> Am 26.02.2014 12:48, schrieb Wietse Venema: >>> lst_ho...@kwsoft.de: >>>>> Yes, of course. In practice, for most users, the local resolver >>>>> is by far the simplest configura

Re: TLS client logging PATCH

Am 26.02.2014 12:48, schrieb Wietse Venema: > lst_ho...@kwsoft.de: >>> Yes, of course. In practice, for most users, the local resolver >>> is by far the simplest configuration. >> >> Is or will this be "enforced" by Postfix in some way for DANE? > > Postfix does not parse /etc/resolv.conf so c

Re: TLS client logging PATCH

Am 26.02.2014 07:33, schrieb Viktor Dukhovni: > On Wed, Feb 26, 2014 at 12:54:37AM +0100, li...@rhsoft.net wrote: > >>> The local resolver can have the resolvers on the LAN configured as >>> forwarders, but you need the local stub resolver. No reason not to have >&g

Re: TLS client logging PATCH

Am 26.02.2014 02:25, schrieb DTNX Postmaster: > On 26 Feb 2014, at 00:54, li...@rhsoft.net wrote: >> Am 26.02.2014 00:46, schrieb DTNX Postmaster: >>> On 26 Feb 2014, at 00:29, li...@rhsoft.net wrote: >>>> Am 25.02.2014 17:41, schrieb Dirk Stöcker: >>>>&g

Re: TLS client logging PATCH

Am 26.02.2014 00:46, schrieb DTNX Postmaster: > On 26 Feb 2014, at 00:29, li...@rhsoft.net wrote: >> Am 25.02.2014 17:41, schrieb Dirk Stöcker: >>> On Tue, 25 Feb 2014, Viktor Dukhovni wrote: >>>>> smtp_dns_support_level = dnssec >>>>> >>>

Re: TLS client logging PATCH

Am 25.02.2014 17:41, schrieb Dirk Stöcker: > On Tue, 25 Feb 2014, Viktor Dukhovni wrote: >>> smtp_dns_support_level = dnssec >>> >>> was enough to fix this. I'll see how many servers will have a >>> "Verified" connection in the future. >> >> I hope you read the note about the importance of having

Re: Bounce mails manually

Am 25.02.2014 10:09, schrieb Birta Levente: > On 25/02/2014 11:02, Andreas Schulze wrote: >> >> Birta Levente: >> >>> Yes, but you sould give some reason why is bounced ... which IMHO is >>> something permanent ... >> good point! >> # postbounce >> >>> so you just set up one time some map and

Re: TLS client logging PATCH

Am 24.02.2014 01:16, schrieb Dirk Stöcker: > On Sun, 23 Feb 2014, Viktor Dukhovni wrote: >>> smtp_tls_verify_certs=whenpossible >> >> SMTP is not HTTP. Due to MX indirection, peer authentication is >> not possible without explicit per-destination configuration. Once >> you've gone to all that

Re: TLS client logging PATCH

Am 23.02.2014 23:57, schrieb Dirk Stöcker: > Seems Postfix still need to learn a lot about secure connections seems you need to do so in case of opportunistic there is not real trust trusted in case of a secure connection means both sides know each other - opportunistic means the other side nee

<    2   3   4   5   6   7   8   9   >