[pfx] What is best way for backup solution?
Hellow, I am running two Postfix servers. Both are in Cloud -- Google GCP and Rimuhosting-EU VM. Recently i thought that i have to backup servers setting values. Because sometimes i meet minor accidents. Somebody say Docker is good for backup. Though i would like to hear more opinions. Any comments welcome! My domain is this [DORAJI.XYZ]. Sincerely, -- ^고맙습니다 _地平天成_ 감사합니다_^))// ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Access control review
On Tue, 28 Mar 2023 at 18:15, Viktor Dukhovni via Postfix-users < postfix-users@postfix.org> wrote: > On Tue, Mar 28, 2023 at 08:42:42AM +0200, Mihaly Zachar via Postfix-users > wrote: > > > smtpd_recipient_restrictions = > > reject_non_fqdn_recipient > > reject_unknown_recipient_domain > > permit_mynetworks > > permit_sasl_authenticated > > reject_unauth_destination > > You don't need and generally don't want to apply: > > reject_unknown_recipient_domain > > to inbound traffic on port 25. A brief glitch in DNS resolution of your > domain will cause you reject domains that you know to be yours. And > outbound relaying of mail, via SASL or mynetworks, ... should if at all > possible be via ports 587 and/or 465. Therefore: > > smtpd_recipient_restrictions = > # Only if some internal trusted IPs can't use submission instead > # SASL should always be over TLS on a submission port. > # permit_mynetworks > # > reject_unauth_destination, > # > # You might also want an RBL, and a local DNS resolver! > # Open public DNS resolvers are shunned by RBL services. > # > reject_rbl_client zen.spamhaus.org=127.0.0.[2..11] > > > # Used via master.cf overrides for the submission services. > # > submit_client_restrictions = > submit_helo_restrictions = > submit_sender_restrictions = > submit_recipient_restrictions = > submit_relay_restrictions = > reject_plaintext_session, > permit_mynetworks, > permit_sasl_authenticated, > reject > submit_data_restrictions = > submit_end_of_data_restrictions = > > Thank you very much ! Mitya ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: max_use and smtp connection cache
Amit Gupta via Postfix-users: > Is there any relation between max_use and the smtp connection cache? C None whatsoever. The max_use parameter specifies a limit for number of consequtive client connections that a short-lived Postfix daemon process will handle before it terminates. For example, a Postfix smtpd(8), cleanup(8), and smtp(8) process will handle up to 100 consecutive client connections, while the long-lived qmgr(8) daemon has no such limit. Wietse > I read the documentation for max_use (default: 100) and was unclear what it > means when it's "ignored by the Postfix queue manager and by other > long-lived Postfix daemon processes". Could you give some examples of > where max_use would have an effect? > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] max_use and smtp connection cache
Is there any relation between max_use and the smtp connection cache? I read the documentation for max_use (default: 100) and was unclear what it means when it's "ignored by the Postfix queue manager and by other long-lived Postfix daemon processes". Could you give some examples of where max_use would have an effect? ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Access control review
On Tue, Mar 28, 2023 at 08:42:42AM +0200, Mihaly Zachar via Postfix-users wrote: > smtpd_recipient_restrictions = > reject_non_fqdn_recipient > reject_unknown_recipient_domain > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination You don't need and generally don't want to apply: reject_unknown_recipient_domain to inbound traffic on port 25. A brief glitch in DNS resolution of your domain will cause you reject domains that you know to be yours. And outbound relaying of mail, via SASL or mynetworks, ... should if at all possible be via ports 587 and/or 465. Therefore: smtpd_recipient_restrictions = # Only if some internal trusted IPs can't use submission instead # SASL should always be over TLS on a submission port. # permit_mynetworks # reject_unauth_destination, # # You might also want an RBL, and a local DNS resolver! # Open public DNS resolvers are shunned by RBL services. # reject_rbl_client zen.spamhaus.org=127.0.0.[2..11] # Used via master.cf overrides for the submission services. # submit_client_restrictions = submit_helo_restrictions = submit_sender_restrictions = submit_recipient_restrictions = submit_relay_restrictions = reject_plaintext_session, permit_mynetworks, permit_sasl_authenticated, reject submit_data_restrictions = submit_end_of_data_restrictions = -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Different set of milters for one domain?
Hi, I've been using milter-manager [1] for a long time now to run various milters selectively. In my case, I defined a custom 'Applicable condition' (see docs) to exempt various email accounts from spamfilter/virus checks (f.i. spamtraps). The docs look like they haven't been updated in a while, but the github repo [2] is quite active. [1] https://milter-manager.osdn.jp/ [2] https://github.com/milter-manager/milter-manager/ On 28-03-2023 15:32, Bill Cole via Postfix-users wrote: On 2023-03-28 at 06:10:27 UTC-0400 (Tue, 28 Mar 2023 03:10:27 -0700 (PDT)) Dan Mahoney (Gushi) via Postfix-users is rumored to have said: Hey there all, Dayjob sometimes receives mail for one domain that we'd like to have bypass certain milters (specifically, we want to exempt them from some filtering/scanning mitlers since the domain is pretty much entirely passthrough) -- Is there an easy way to do this in postfix without completely splitting the config up? Short answer: No. The question has come up here multiple times and always gets the same assortment of alternative ideas for how to do what people want... Fortunately, many milters provide the tools to be selective about how to handle different target domains. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Different set of milters for one domain?
Dan Mahoney (Gushi) via Postfix-users:
> Hey there all,
>
> Dayjob sometimes receives mail for one domain that we'd like to have
> bypass certain milters (specifically, we want to exempt them from some
> filtering/scanning mitlers since the domain is pretty much entirely
> passthrough) --
The recipient domain is not known until deep into the SMTP session.
> Is there an easy way to do this in postfix without completely splitting
> the config up?
You don't need to split much, just the smtpd service. If it
is added to an existing Postfix instance it may be as simple as:
master.cf:
1.2.3.5:smtp inet n - n - - smtpd
-o { smtpd_milters = }
with suitable MX and A records to direct mail there.
This additional smtpd service for would have an empty smtpd_milters
setting, and perhaps a -o { name = value } override to reject mail
for other domains (relay_domains or access map).
(it's a bit more complicated if this service is implemented by a
separate Postfix instance, because you would have to make sure that
other Postfix instances don't listen on a wildcard IP address because
they would receive mail for 1.2.3.5 when that service is down).
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Different set of milters for one domain?
On 2023-03-28 at 06:10:27 UTC-0400 (Tue, 28 Mar 2023 03:10:27 -0700 (PDT)) Dan Mahoney (Gushi) via Postfix-users is rumored to have said: Hey there all, Dayjob sometimes receives mail for one domain that we'd like to have bypass certain milters (specifically, we want to exempt them from some filtering/scanning mitlers since the domain is pretty much entirely passthrough) -- Is there an easy way to do this in postfix without completely splitting the config up? Short answer: No. The question has come up here multiple times and always gets the same assortment of alternative ideas for how to do what people want... Fortunately, many milters provide the tools to be selective about how to handle different target domains. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Different set of milters for one domain?
Dan Mahoney (Gushi) via Postfix-users skrev den 2023-03-28 12:10: Dayjob sometimes receives mail for one domain that we'd like to have bypass certain milters (specifically, we want to exempt them from some filtering/scanning mitlers since the domain is pretty much entirely passthrough) -- On 28.03.23 13:23, Benny Pedersen via Postfix-users wrote: smtpd_milter_maps maptype:filterrules This works ar client IP level, which may not be wnat OP wants. Is there an easy way to do this in postfix without completely splitting the config up? milters may support that, a limited way. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Enter any 12-digit prime number to continue. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Different set of milters for one domain?
Dan Mahoney (Gushi) via Postfix-users skrev den 2023-03-28 12:10: Hey there all, Dayjob sometimes receives mail for one domain that we'd like to have bypass certain milters (specifically, we want to exempt them from some filtering/scanning mitlers since the domain is pretty much entirely passthrough) -- smtpd_milter_maps maptype:filterrules for one domain its need one more main.cf pr domain, or multiple domains in master.cf where smtpd_milter_maps is specific pr domain # maptype:filterrules 127.0.0.1 DISABLE other then DISABLE is imho milter names and ports, but i dont know syntax to just disable one miiler Is there an easy way to do this in postfix without completely splitting the config up? fuglu does it nicely, if just there was more users of fuglu ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Different set of milters for one domain?
Hey there all, Dayjob sometimes receives mail for one domain that we'd like to have bypass certain milters (specifically, we want to exempt them from some filtering/scanning mitlers since the domain is pretty much entirely passthrough) -- Is there an easy way to do this in postfix without completely splitting the config up? -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org --- ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Access control review
Dear All, I would like to build a relay smtp server for a system, where this system would like to send out mails to its customers. I went through the access control documentation, and this is what I came up with (in terms of access control). The system has its own IP address range and that is added to mynetworks and also there is one SASL authenticated user should be able to send out mails. Theoretically the setup is working, but I am interested in your opinions. # ACCESS CONTROL smtpd_helo_required = yes smtpd_client_restrictions = reject_unknown_reverse_client_hostname smtpd_helo_restrictions = reject_unknown_helo_hostname reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_unknown_helo_hostname smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated reject_unauth_destination Could you please take a look and suggest me what is wrong and what would you change? I am using Debian 12 with Postfix 3.7.4-2. I am still planning to add a strict SPF record and also DKIM. Thank you, Mitya ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
