Re: Postfix issue
why are you not using your ISP to relay emails, using its mail gateway (which should have a static IP address)? ... I do not like the fact that a number of governments (including most european ones) now have the right to access all emails that pass through an ISP's server. They do not have the right to access private server systems unless they have a warrant. This *is* a valid concern, but it's not clear to me how it applies to messages that are being sent to public mailing lists where they will be as available to Big Brother as to anyone else. How about configuring your MTA to send anything going to a public list via your ISP, and send directly only messages that aren't going to be posted for the world to see? Another emerging issue is cable operators refusing to allow fixed IP address so they can receive revenue from reporting on user usage data. I seriously doubt that as a motivation. If anything, static IP assignments would make it *easier* to track per-customer usage. A more likely reason is that most residential users, even on cable or DSL, do not keep their router (or system, if they have only one and therefore don't use a router) on-line anywhere near 24-7. The ISP can serve several customers per IP address by using DHCP (so that customers occupy IP addresses only when on-line). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
On Mon, 8 Sep 2008 02:47:47 -0700, David Southwell [EMAIL PROTECTED] wrote: Hi Could anyone tell me what entry I should make in postfix configuration files to bounce mails directed to [EMAIL PROTECTED] that emanate from a source outside my local network. Sorry to ask the question here but postfix users mailing list is currently rejecting mails from servers on a dynamic ip address - so I cannot get through to ask a question there. I don't think that restriction is going to be lifted any time soon. So why are you not using your ISP to relay emails, using its mail gateway (which should have a static IP address)? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
On Monday 08 September 2008 03:57:11 you wrote: On Mon, 8 Sep 2008 02:47:47 -0700, David Southwell [EMAIL PROTECTED] wrote: Hi Could anyone tell me what entry I should make in postfix configuration files to bounce mails directed to [EMAIL PROTECTED] that emanate from a source outside my local network. Sorry to ask the question here but postfix users mailing list is currently rejecting mails from servers on a dynamic ip address - so I cannot get through to ask a question there. I don't think that restriction is going to be lifted any time soon. So why are you not using your ISP to relay emails, using its mail gateway (which should have a static IP address)? I think the restriction is OTT especially in the light of civil liberties issues. I do not like the fact that a number of governments (including most european ones) now have the right to access all emails that pass through an ISP's server. They do not have the right to access private server systems unless they have a warrant. BIG BROTHER is watching far too much. Frankly I am surprised that organisations such as Postfix are not aware of the issue and realise the civil liberties implicati Another emerging issue is cable operators refusing to allow fixed IP address so they can receive revenue from reporting on user usage data. Additionally low volume users, unless they pay a high premium and subscribe to a business service cannot acquire fixed IPs. IN some areas that are primarily residential they will not even allow fixed IPs at any price. This movement to commercialise the internet and limit access in this way is deplorable when there are alternative methods of dealing with legitimate problems. David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
On Monday 08 September 2008 03:38:05 Sahil Tandon wrote: David Southwell [EMAIL PROTECTED] wrote: Could anyone tell me what entry I should make in postfix configuration files to bounce mails directed to [EMAIL PROTECTED] that emanate from a source outside my local network. After permitting your networks in the smtpd_recipient_restrictions, use check_recipient_access to REJECT any messages with an RCPT TO [EMAIL PROTECTED] http://www.postfix.org/postconf.5.html#check_recipient_access http://www.postfix.org/access.5.html Thanks very much.. I seem to be struggling getting with the postfix command structure. If you have the time would you be kind enough to give me specific examples of the actual entries to be made in the appropriate files. In case it is relevant my server has a number of virtual domains but the problem I am getting is on the primary address for the mail server. Assume the email address in question is [EMAIL PROTECTED] which appears to be subjected to problems and I want to permit only addresses on the local network to send emails to that address. Thanks in advance No problem if you are too busy David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
On Monday 08 September 2008 04:10:11 Sahil Tandon wrote: David Southwell [EMAIL PROTECTED] wrote: Sorry to ask the question here but postfix users mailing list is currently rejecting mails from servers on a dynamic ip address - so I cannot get through to ask a question there. Incidentally, your IP is also listed on several RBLs. You are right - that is why I am asking this question to help me fix the problem. Someone hacked our network. I have fixed most stuff but need to fix this issue to close the final door. !!! Someone got a trojan onto my wifes windows 32 bit system which has access to my picture library (I am a photographer). It has taken me three days to fix the problem there and then I found they had used that route to get onto the freebsd server. I have blocked that access now but there are some things to fix on the mail suystem and this is one of them. I think I have closed most loopholes now. If you could help me with this one it would be appreciated. Thanks for your help David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
I do not like the fact that a number of governments (including most european ones) now have the right to access all emails that pass through an ISP's only if you use big operators. BIG BROTHER is watching far too much. Frankly I am surprised that we have democracy. in democracy majority decides for everybody. majority wanted it for they own good. minority has to shut up or go away. Another emerging issue is cable operators refusing to allow fixed IP address so they can receive revenue from reporting on user usage data. could you please tell more about the sentence above. maybe it's my bad english but i don't understand. why constantly changing user IP could help reporting user data and getting revenue? This movement to commercialise the internet and limit access in this way is deplorable when there are alternative methods of dealing with legitimate even now we are more restricted than people in China, where they have chinese internet with very very limited access to outside, but withing chinese internet there are very little limits. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
On Monday 08 September 2008 04:19:11 Wojciech Puchar wrote: I do not like the fact that a number of governments (including most european ones) now have the right to access all emails that pass through an ISP's only if you use big operators. All UK operators are big operators and covered by this -- if you provide internet access you jhave to give government access!! BIG BROTHER is watching far too much. Frankly I am surprised that we have democracy. in democracy majority decides for everybody. majority wanted it for they own good. minority has to shut up or go away. A democracy that does not respect minority rights including civil liberties is not a democracy but an authoritarian state. Another emerging issue is cable operators refusing to allow fixed IP address so they can receive revenue from reporting on user usage data. could you please tell more about the sentence above. maybe it's my bad english but i don't understand. why constantly changing user IP could help reporting user data and getting revenue? They keep track of who is connected by using hardware info and by use of login security. This movement to commercialise the internet and limit access in this way is deplorable when there are alternative methods of dealing with legitimate even now we are more restricted than people in China, where they have chinese internet with very very limited access to outside, but withing chinese internet there are very little limits. Whether anyone else is more or less affected is irrelevant. I would not want to sanction state executions in my own country because state executions are permitted in either USA or China or Iran or Iraq!! Neither would I want to approve breaches of civil liberties because there are breaches in Chine. David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
On Mon, 8 Sep 2008 04:33:14 -0700, David Southwell [EMAIL PROTECTED] wrote: On Monday 08 September 2008 03:57:11 you wrote: On Mon, 8 Sep 2008 02:47:47 -0700, David Southwell [EMAIL PROTECTED] wrote: Could anyone tell me what entry I should make in postfix configuration files to bounce mails directed to [EMAIL PROTECTED] that emanate from a source outside my local network. Sorry to ask the question here but postfix users mailing list is currently rejecting mails from servers on a dynamic ip address - so I cannot get through to ask a question there. I don't think that restriction is going to be lifted any time soon. So why are you not using your ISP to relay emails, using its mail gateway (which should have a static IP address)? I think the restriction is OTT especially in the light of civil liberties issues. I do not like the fact that a number of governments (including most european ones) now have the right to access all emails that pass through an ISP's server. They do not have the right to access private server systems unless they have a warrant. 'Civil liberties' are only meaningful in the context of a specific 'civilization'. Welcome to the civilization that allows spammers to use dynamic IP addresses to disrupt, annoy, cause harm, commit commercial and all other sorts of fraud. It is not a perfect civilization, but it's the one we have, and trying to hide our heads in the sand about the *real* problem these restrictions are trying to solve isn't going to make things much better any time soon now. One may easily argue that the 'civil laws' that forbid stealing from other people are 'limiting the freedom we have to use the potentially boundless resources available all over the place'. I don't think anyone would consider the argument in favor of stealing as very sound. The same can be said of the IP address space. One can argue for days, for weeks, or even _years_, that requiring a static IP address to be able to post to a 'common resource' --like the mailing list-- is a limit to the freedom of everyone. I'm not very convinced this limit is as bad as you are trying to describe, though. In particular, I am not really convinced the 'freedom' of everyone to post from non-static IP addresses is worth the immediate problems this would cause by massively increasing the problems we have with spam mail even today. Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
On Monday 08 September 2008 04:47:49 Giorgos Keramidas wrote: On Mon, 8 Sep 2008 04:33:14 -0700, David Southwell [EMAIL PROTECTED] wrote: On Monday 08 September 2008 03:57:11 you wrote: On Mon, 8 Sep 2008 02:47:47 -0700, David Southwell [EMAIL PROTECTED] wrote: Could anyone tell me what entry I should make in postfix configuration files to bounce mails directed to [EMAIL PROTECTED] that emanate from a source outside my local network. Sorry to ask the question here but postfix users mailing list is currently rejecting mails from servers on a dynamic ip address - so I cannot get through to ask a question there. I don't think that restriction is going to be lifted any time soon. So why are you not using your ISP to relay emails, using its mail gateway (which should have a static IP address)? I think the restriction is OTT especially in the light of civil liberties issues. I do not like the fact that a number of governments (including most european ones) now have the right to access all emails that pass through an ISP's server. They do not have the right to access private server systems unless they have a warrant. 'civil liberties' are only meaningful in the context of a specific 'civilization'. Welcome to the civilization that allows spammers to use dynamic IP addresses to disrupt, annoy, cause harm, commit commercial and all other sorts of fraud. One may easily argue that the 'civil laws' that forbid stealing from other people are 'limiting the freedom we have to use the potentially boundless resources available all over the place'. I don't think anyone would consider the argument in favor of stealing as very sound. The same can be said of the IP address space. One can argue for days, nay for _weeks_ or even years, that requiring a static IP address to be able to post to a 'common resource' --like the mailing list-- is a limit to the freedom of everyone. I'm not very convinced this limit is as bad as you are trying to describe, though. Giorgos In yesterday's world anyone could send a physical letter to any address anywhere in the world. I get spam letters through the letter box it is up to me to chuck them in the bin. Why should the internet be different especially when the restrictions on fixed IPs are brought about soleley for commercial interests. If the same protocol was applied to physical mail then we would not have been allowed to send letters unless we had a big building to send it from and all letters would have had to have had a big building sending address. No banning on the grounds of address type is discriminations. Yes bad because there has been specific abuse and ban until the abuse is cleaned up.. but do not ban on type of address!! It would be like saying only the rich could send letters!! David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
On Monday 08 September 2008 05:09:03 Giorgos Keramidas wrote: On Mon, 8 Sep 2008 05:21:03 -0700, David Southwell [EMAIL PROTECTED] wrote: If the same protocol was applied to physical mail then we would not have been allowed to send letters unless we had a big building to send it from and all letters would have had to have had a big building sending address. We have a big building; it's called Post Office. Or do you think that someone determined enough cannot monitor where you are sending physical letters? I agree and they do BUT they need a warrant to do so!! That is the safeguard. With the internet no warrant is needed. There is no protection for civil liberties as applies with pohysical mail. David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
David Southwell: In yesterday's world anyone could send a physical letter to any address anywhere in the world. I get spam letters through the letter box it is up to me to chuck them in the bin. Why should the internet be different especially when the restrictions on fixed IPs are brought about soleley for commercial interests. Because of sheer volume... in yesterday's world one was not able to send thousands of letters in a few seconds for free...or by using services one has not paid for... -- Zbigniew Szalbot www.LCWords.com smime.p7s Description: S/MIME Cryptographic Signature
Re: Postfix issue
On Mon, 8 Sep 2008 05:21:03 -0700, David Southwell [EMAIL PROTECTED] wrote: If the same protocol was applied to physical mail then we would not have been allowed to send letters unless we had a big building to send it from and all letters would have had to have had a big building sending address. We have a big building; it's called Post Office. Or do you think that someone determined enough cannot monitor where you are sending physical letters? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
David Southwell [EMAIL PROTECTED] wrote: Sorry to ask the question here but postfix users mailing list is currently rejecting mails from servers on a dynamic ip address - so I cannot get through to ask a question there. Incidentally, your IP is also listed on several RBLs. -- Sahil Tandon [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
On Monday 08 September 2008 05:03:30 Zbigniew Szalbot wrote: David Southwell: In yesterday's world anyone could send a physical letter to any address anywhere in the world. I get spam letters through the letter box it is up to me to chuck them in the bin. Why should the internet be different especially when the restrictions on fixed IPs are brought about soleley for commercial interests. Because of sheer volume... in yesterday's world one was not able to send thousands of letters in a few seconds for free...or by using services one has not paid for... In the past world one paid to send and received for free. That was the deal. In the past people abused the mail system by using forged stamps or freepost labels. There is no difference. I pay for my connection to receive.. and pay for my connection to send. Some people just want to not paly their part in absorbing the risks that go with participation. It is up to us to defend our systems. To classify a whole load of users, the majority of whom are genuine, as invalid users is degrading and discriminatory. My point of viwew -- you are entitled to yours but IMHO not to enforce it!! David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
David Southwell [EMAIL PROTECTED] wrote: Could anyone tell me what entry I should make in postfix configuration files to bounce mails directed to [EMAIL PROTECTED] that emanate from a source outside my local network. After permitting your networks in the smtpd_recipient_restrictions, use check_recipient_access to REJECT any messages with an RCPT TO [EMAIL PROTECTED] http://www.postfix.org/postconf.5.html#check_recipient_access http://www.postfix.org/access.5.html -- Sahil Tandon [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix issue
On Mon, 8 Sep 2008 05:35:14 -0700 David Southwell [EMAIL PROTECTED] wrote: I agree and they do BUT they need a warrant to do so!! That is the safeguard. With the internet no warrant is needed. There is no protection for civil liberties as applies with pohysical mail. First of all, this is not a civil liberties issue. Are you so naive that you honestly believe that by using a dynamic IP rather than securing a static one or using your hosts mail service that you have made the interception and viewing of your mail by someone other than its intended recipient impossible? Furthermore, what are you transmitting that makes you so paranoid? Why not just use some form of encryption if you are so paranoid? Your claim of civil liberties is bogus. Consider the rights of other users, in this case the Postfix mailing list, that does not want to be inundated with SPAM and accordingly blocks mail from sites that fail authentication tests. In your case, reverse DNS. -- Gerard [EMAIL PROTECTED] She won' go Warp 7, Cap'n! The batteries are dead! signature.asc Description: PGP signature
Re: Postfix issue
David Southwell wrote: I pay for my connection to receive.. and pay for my connection to send. Some people just want to not paly their part in absorbing the risks that go with participation. It is up to us to defend our systems. Your server, your rules. You can whitelist or blacklist anyone you choose. The downside is that so can everybody else; your lack of non-generic rDNS means that mail to my server (alcatraz.sequestered.net) will bounce if not smarthosted through somewhere that has a static IP and properly configured DNS. This was deemed an acceptable threshold on my box when I was selecting anti-spam mechanisms. If you're that concerned about privacy, use GPG/PGP and request a key exchange. What's more is that I've applied that same metric at several employers, ranging from mid-sized businesses to universities. My previous (and current!) employers were familiar with all sides of the argument and ultimately decided to reject mail from dynamic address pools to combat spam. Complaining about it doesn't do much good, since (as previously stated) their server, their rules. To classify a whole load of users, the majority of whom are genuine, as invalid users is degrading and discriminatory. The majority of users smarthost their mail. If you want to retain control, drop the $15 a month on a VPS somewhere with a static IP, configure DNS correctly, and be your own smarthost; I did this for a while before I upgraded to a static IP at home. My point of viwew -- you are entitled to yours but IMHO not to enforce it!! Ah, but on my server I can enforce whatever makes the most sense for my userbase; my responsibility is to them, not to you. -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: multicasts on broken packets ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
