Re: Mail system is down
Am 04.01.2022 um 16:25 schrieb Wietse Venema: Alex JOST: Am 04.01.2022 um 02:02 schrieb Ken Wright: $ sudo chmod g+s /usr/sbin/postdrop $ ls -la /usr/sbin/postdrop -r-xr-sr-x 1 postfix postdrop 22808 Sep 7 02:58 /usr/sbin/postdrop Wietse, is this what's expected? AFAICT you are lacking write permission for the user. This program must NOT be writable by users. On my Fedora system the file is owned by root. grep postdrop /etc/postfix/postfix-files $command_directory/postdrop:f:root:$setgid_group:2755:u I just downloaded the postfix package for Ubuntu 20.04 and it's the same. -- Alex JOST
Re: Mail system is down
Am 04.01.2022 um 02:02 schrieb Ken Wright: $ sudo chmod g+s /usr/sbin/postdrop $ ls -la /usr/sbin/postdrop -r-xr-sr-x 1 postfix postdrop 22808 Sep 7 02:58 /usr/sbin/postdrop Wietse, is this what's expected? AFAICT you are lacking write permission for the user. -- Alex JOST
Re: virtual mailbox domains??
Am 07.12.2021 um 16:25 schrieb post...@aecperformance.com: Sorry I sent this from the wrong email address. VPS Ubuntu 20.04 postfix 3.4.13 and dovecot 2.3.7.2 I'm making progress but still not there. Any help would be greatly appreciated. I'm getting the errors: warning: SASL: Connect to private/auth failed: Connection refused fatal: no SASL authentication mechanisms I have a param in main.cf: smtpd_sasl_path = private/auth I do not have a folder /etc/postfix/private/auth I do have a folder /etc/postfix/auth but nothing is in it. How can I fix this error? Did you install the 'libsasl2-modules' package? What's the output of 'postconf -A'? -- Alex JOST
Re: Gmail and spam, a request
Am 20.03.2020 um 16:06 schrieb Wietse Venema: Jaroslaw Rafa: Hello all members of this list, I have a kind request to all of you related to deliverability of my messages. Please help. Currently I have an issue (again; the previous one from a few months ago was resolved) with my messages sent to Gmail users - they are put into recipients' Spam folders. I managed to actually reach someone at Google, who told me that this is due to huge increase of number of messages sent from my domain in the last days. I checked DMARC reports I get from Google and found out that there are several hundreds of messages coming to Google from the IP address of this list's server :). So it looks like many recipients of this list use Gmail addresses and my few recent posts to this list (eg. in the thread about plaintext) made me look as a spammer to Google :( It looks like the only way to get me out of this condition is that all of you who have a Gmail address look in their Spam folder for my messages, and click "This is not spam" if you find any, to train the Google's AI that my messages are not spam. That's what I'm asking you. However, the problem is, you probably get this message in your Spam folder too, and won't see it :(. So I would like to ask someone who is active on this list and definitely isn't "spammified" ;) by Google to resend this message to the list, so you can actually see it. Would it help if the postfix list used "dmarc mitigation" so that the From header does not contain your email address: From: Jaroslaw Rafa via Postfix-Users Reply-To: Jaroslaw Rafa "dmarc mitigation" is implemented in mailman(*) and some other list servers. This may well be the end of the line for the majordomo-based list server. Wietse (*) https://mailman.readthedocs.io/en/latest/src/mailman/handlers/docs/dmarc-mitigations.html Mailman would allow you to enable ARC signing [1], which might help aswell. [1]: https://mailman.readthedocs.io/en/latest/src/mailman/handlers/docs/arc_sign.html -- Alex JOST
Re: [OT] Postfwd question
Am 03.09.2018 um 13:15 schrieb Ralf Hildebrandt: id=mass_mailing_feierabend time=17:00:01-23:59:59 time=00:00:00-08:59:59 days=Mon-Fri & action=rcpt(sender/100/43200/450 4.7.1 Recipient limit exceeded) # This is also working, but I feel stupid using these two definitions # for the periods before and after work!! I think you could write it like this: time=!!09:00:00-17:00:00 -- Alex JOST
Re: [OT] Postfwd question
Am 03.09.2018 um 13:15 schrieb Ralf Hildebrandt: I know, I know, it's offtopic since it'S not entirely postfix per se, but I am at my wit's end here. I'm trying to implement a (I think) simple ratelimiting feature: * during our business hours 400 Mails per sender from internat host * otherwise 100 # sonst id=mass_mailing_wochenende time=00:00:00-23:59:59 days=Sat-Sun & action=rcpt(sender/100/43200/450 4.7.1 Recipient limit exceeded) # Alas, this is not triggering at all. Dunno why! Sat = 6 Sun = 0 Maybe postwfd has issues dealing with a range of 6-0. Have you tried specifying both weekdays separately? -- Alex JOST
Re: [Off-Topic] ANN: Unofficial Rspamd mailing list
Am 23.08.2018 um 13:45 schrieb Christian Rößner: Because it requires a Google account I'm using it without a google account. Try this link (remove the dash from sub-scribe): https://groups.google.com/group/rspamd/sub-scribe I had to alter the link as this mailing list rejects it otherwise. -- Alex JOST
Re: [Off-Topic] ANN: Unofficial Rspamd mailing list
Am 21.08.2018 um 14:42 schrieb Christian Rößner: Hi there, for those of you, who uses Rspamd with Postfix, I have created an unofficial mailing list and I invite you to join this list: https://mlserv.org/postorius/lists/ The idea is to have a regular mailing list for Rspamd related questions. Also if you have trouble in bringing Postfix and Rspamd together. Many config stuff may be removed from Postfix and put to Rspamd. Thanks for reading and hope to see you. Why not use the official mailing list? https://groups.google.com/forum/#!forum/rspamd -- Alex JOST
Re: domain email autoconfiguration
Am 04.04.2018 um 02:08 schrieb David Mehler: Hello, What I'm wanting to do is configure clients to get their account information automatically. I know this for Mozilla is called autoconfig and for Microsoft it's autodiscover, and apparently there's an srv record I just read about. If anyone has any of these three going with their postfix servers i'd appreciate knowing it. https://automx.org/en/ -- Alex JOST
Re: monitoring outgoing emails
Am 29.03.2018 um 15:30 schrieb Poliman - Serwis: This one works well. One question based on one from generated lines: Mar 26 11:47:41 ORIGINATING LOCAL [127.0.0.1]:38920 <i...@klub-biosfera.pl> -> <i...@klub-biosfera.pl>,<p.krzewi...@poliman.pl>, Hits: 0.742 Mar 26 11:47:41 --> this is date and hour when mail from i...@klub-biosfera.pl was sent to i...@klub-biosfera.pl and p.krzewi...@poliman.pl, am I right? What are "Hits: 0.742" ? Looks like amavisd scoring. -- Alex JOST
Re: Shell script to remote test AUTH with STARTTLS at postfix/dovecot server
Am 20.03.2018 um 09:15 schrieb Dominic Raferd:
I regularly test my remote mail servers (which use postfix - with
dovecot for authentication) to check they are live and functioning,
including that they are responding correctly to authorised login with
STARTTLS.
I currently use this (sorry about line breaks, the original is on one line):
timeout 20 /bin/bash -c "{ time (sleep 2; echo \"EHLO $(hostname
-f)\"; sleep 0.3; echo -n \"AUTH PLAIN \"; printf '%s\0%s\0%s'
\"$USERNAME\" \"$USERNAME\" \"$PASSWORD\"|base64; sleep 0.3; echo
\"QUIT\"; sleep 2; exit) | openssl s_client -connect $MX -starttls
smtp 2>/dev/null >${TMPF}0; } 2>${TMPF}2"
It usually works, but occasionally it gives timeout errors even though
the server is in fact ok. The problem is that the entire one-sided
conversation is piped through to openssl with preset time delays. Is
there a better way to do this (with a shell script) - in particular a
way to await (and check) the expected response from the server before
sending the next command in the sequence?
Take a look at SWAKS.
http://www.jetmore.org/john/code/swaks/
--
Alex JOST
Re: ot: MySQL config/tuning advice
Am 04.01.2018 um 13:58 schrieb Phil Stracchino: On 01/04/18 00:52, Voytek wrote: Phil, thanks, as it was, the my.cnf that this server uses turned to be in /etc/opt/rh/rh-mariadb102 I have to say, that location is pretty whacked. I wonder who came up with that? Who built the MariaDB packages? Those are official packages by Red Hat. Sofware collections are a way to concurrently install different versions of a software on the same system. It's important that SCL packages do not interfere with 'normal' packages. -- Alex JOST
Re: stupid question about removing maildir attachments
Am 29.12.2017 um 21:15 schrieb Eero Volotinen: Hi list, A bit offtopic, but I need cli-tool to remove attachments from specific maildir messages, so how to do that? The Thunderbird add-on 'AttachmentExtractor' should be able to do that, but I don't know if it still works with recent versions of Thunderbird as it hasn't been updated in a long time. As Bill already noted such operations should be considered wisely. Wrong manipulation of the message can make it unreadable. Backups are mandatory. -- Alex JOST
Re: bounce notify class
Am 07.11.2017 um 14:54 schrieb Dominic Raferd: I want to turn off the the bounce error class to reduce clutter in my postmaster mailbox, but don't want to miss something important. The bounce error class is defined ( http://www.postfix.org/postconf.5.html#notify_classes) as: 'Send the postmaster copies of the headers of bounced mail, and send transcripts of SMTP sessions when Postfix rejects mail.' I understand the second of these (and receive many of them, which I don't want) but not the first (and don't seem to receive any). What are 'copies of the headers of bounced mail' - would this be mail that has been bounced by Postfix (not interesting to me) or mail bounced by an onward mailserver (interesting to me - but maybe this is covered by the 2bounce error class)? No, only bounces of outgoing mails. For us that's mainly bounces because of misspelled e-mail addresses (connection timeout and mailbox unavailable). -- Alex JOST
Re: Best way to setup auto configure for mail clients
Am 22.08.2017 um 23:15 schrieb Alef Veld: Does anyone know how to setup postfix in such a way so that clients can "auto configure" (you just fill in the email address and password and it guesses the settings) I apologise if this is not a postfix thing perse. https://automx.org/en/ -- Alex JOST
Re: exempting user or domain from one RBL check ?
Am 07.08.2017 um 05:17 schrieb Voytek: I have a user's inbound mail blocked by barracudacentral, is there a way to exempt this particular user/domain from this particular RBL check ? or what else can or should I do ? You could rearrange your restrictions and add check_*_access before the Barracuda test to stop the restriction processing for that recipient. Alternatively you can add a restriction class: http://www.postfix.org/RESTRICTION_CLASS_README.html -- Alex JOST
Re: Switch from LDA to Postfix - Dovecot LMTP delivery (with virtual users)
Am 04.08.2017 um 11:37 schrieb Nikolaos Milas: Hello, I am setting up a new box with Postfix 3.2.2 and Dovecot. Until now I have been using LDA delivery successfully. On the new server LDA setup works fine too, but I am considering to move to LMTP. IMPORTANT NOTE: It is important in my setup to keep functional all virtual_alias_maps & virtual_mailbox_maps. I've followed the directions at: https://wiki.dovecot.org/HowTo/PostfixDovecotLMTP but LMTP delivery does not work. Here is a session: Aug 4 12:19:42 vmail2 postfix/lmtp[3151]: 64EF58EE1BCBE: to=<imaptes...@noa.gr>, relay=vmail2.noa.gr[private/dovecot-lmtp], delay=0.21, delays=0.17/0.015/0.01/0.015, dsn=5.1.1, status=bounced (host vmail2.noa.gr[private/dovecot-lmtp] said: 550 5.1.1 <imaptes...@noa.gr> User doesn't exist: imaptes...@noa.gr (in reply to RCPT TO command)) Dovecot needs to know about the user. What does 'doveadm user -u imaptes...@noa.gr' print? -- Alex JOST
Re: Forward to gmail and DMARC
Am 16.07.2017 um 02:55 schrieb Peter: On 14/07/17 08:06, @lbutlr wrote: I forward mail to a gmail user, but there are a lot of bounces from gmail. I don't honestly care about the ones that google says are spam, You should. When Google sees SPAM coming form your server it will affect your server's IP reputation with Google and eventually cause mail from your server to go to Spam folder or you get blacklisted, etc. but recently I'm also getting DMARC failures on Facebook mails. Right, DMARC makes the situation worse. The only way to get around this is to completely own the message by rewriting the envelope sender and From: header to come from your domain. Of course this alters the content of the message and will likely cause DKIM to fail, so you'll need to address that as well. If you've successfully managed to do this then you'll be even more embroiled in making your server look like a source of any SPAM that gets relayed through it in this method. AFAIK Authenticated Received Chain (ARC) was designed for exactly this use case. Wondering if anyone has some experience with it or knows if Gmail is already honouring ARC-headers. -- Alex JOST
Re: Postfix ignoring order of smtpd_recipient_restrictions
Am 11.07.2017 um 17:21 schrieb Darren Share: Hi, I've posted this as a serverfault [1]question but had no bites so far. I am receiving about 50 rejected emails per day because there is a typo in the sending email address and it's hitting reject_unknown_sender_domain: Jul 10 12:21:31 serverb3 postfix/smtpd[6647]: NOQUEUE: reject: RCPT from smtp.correctly-spelt-domain.co.uk[X.X.X.X]: 450 4.1.8 <em...@mis-spelt-domain.co.uk>: Sender address rejected: Domain not found; from=<em...@mis-spelt-domain.co.uk> to=<em...@mydomain.co.uk> proto=ESMTP helo= I've added em...@mispelt-domain.co.uk OK to /etc/postfix/sender_access, ran postmap /etc/postfix/sender_access and restarted postfix. Despite check_sender_access hash:/etc/postfix/sender_access appearing in my smtpd_recipient_restrictions list before reject_unknown_sender_domain the emails are still being rejected for that reason. Why is this and how can I fix it? Postfix v2.11.3 Output of postconf -n: smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_non_fqdn_sender reject_unknown_sender_domain reject_non_fqdn_recipient reject_unknown_recipient_domain check_sender_access hash:/etc/postfix/sender_access reject_rbl_client bl.spamcop.net reject_rbl_client zen.spamhaus.org reject_rbl_client dul.dnsbl.sorbs.net permit You have 'reject_unknown_sender_domain' in 'smtpd_relay_restrictions' which is evaluated before 'smtpd_recipient_restrictions'. Note that the reject is delayed until RCPT TO. http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions http://www.postfix.org/postconf.5.html#smtpd_delay_reject -- Alex JOST
Re: policyd-spf and temperrors
Am 18.03.2017 um 13:42 schrieb Scott Kitterman: On March 18, 2017 6:13:15 AM EDT, Alex JOST <jost+postfix...@dimejo.at> wrote: Am 17.03.2017 um 22:38 schrieb James B. Byrne: The host system runs under CentOS-6. Other than Postfix itself all the packages on this system are either from CentOS or EPEL. Python was last updated in September 2016. pypolicd-spf was last updated January 2017. These problems only evidenced themselves very recently: Moving to the most recent version of pypolicyd-spf requires upgrading python. Since the YUM package manager on CentOS-6 requires python 2.6 this is a non-starter. AFAIK Red Hat provides a newer version of python via Software Collections. That should make it easy to run both versions side by side. The new version needs python3, FYI. Python 3.4.2 is available for CentOS 7. See: https://wiki.centos.org/SpecialInterestGroup/SCLo/CollectionsList -- Alex JOST
Re: policyd-spf and temperrors
Am 17.03.2017 um 22:38 schrieb James B. Byrne: The host system runs under CentOS-6. Other than Postfix itself all the packages on this system are either from CentOS or EPEL. Python was last updated in September 2016. pypolicd-spf was last updated January 2017. These problems only evidenced themselves very recently: Moving to the most recent version of pypolicyd-spf requires upgrading python. Since the YUM package manager on CentOS-6 requires python 2.6 this is a non-starter. AFAIK Red Hat provides a newer version of python via Software Collections. That should make it easy to run both versions side by side. -- Alex JOST
Re: smtp-cache problem
Am 24.02.2017 um 09:03 schrieb Thomas Minor: Hmm, ok, I did search but found nothing. I'll check again. http://marc.info/?t=14876316702=1=2 -- Alex JOST
Re: [postfix-users] whitelisting
Am 26.08.2016 um 14:09 schrieb Aggelos: On 26/08/2016 02:53 μμ, Kiss Gabor (Bitman) wrote: smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_unknown_helo_hostname Yet, in the logs I still get these reports (sample on one line): Aug 26 03:37:52 postfix/smtpd[27675]: NOQUEUE: reject: RCPT from spam1.vodafone.gr[213.249.16.2]: 450 4.7.1 : Helo command rejected: Host not found; from=<onl...@vodafone.gr> to= proto=ESMTP helo= What am I missing and/or doing wrong? See the config snippet above. Gabor Are you saying that it goes on with checking and fails later on? If so, how can I make postfix accept those IPs after it checks the file /etc/postfix/maps/whitelisted_clients? This should work: smtpd_helo_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/maps/whitelisted_clients, reject_invalid_helo_hostname, reject_unknown_helo_hostname -- Alex JOST
Re: alterMIME
Am 23.08.2016 um 14:29 schrieb Lucius Rizzo: I cannot praise Barracuda enough. Its absolutely necessary if you run a busy MTA these days and have not given up control to Office365,Google :) I have seen Barracudas rejecting empty envelope senders. I wouldn't praise such a system. -- Alex JOST
Re: Header or body checks question
Am 10.02.2016 um 09:51 schrieb Selcuk Yazar: Ok, i try some alternatives but they doesn't work, i wantto try my last chance i found email source ; From: "Turkcell Online" <sungwon7...@hanmail.net> Turkcell is a big telecom. company in turkey and it domain name turkcell.com.tr. if the string begin with From : "Turkcell.* but doesn't contain turkcell.com.tr i want to catch this string thanks. Something like this works for us with PCRE: /^From:.*Turkcell.*<.+@((?!turkcell.com.tr).)*>/ -- Alex JOST
Re: Feedback on Postscreen Whitelist Article
Am 27.11.2015 um 02:53 schrieb @lbutlr: On Nov 26, 2015, at 1:03 PM, ale@proto <alessan...@protodigital.net> wrote: I know somebody discourages the use of postscreen + postgrey. But I don't understand those MS retries. If by “someone” you mean just about everyone including the developer of postfix, then yes, someone discourages it. Greylisting and Postscreen go together like peanut butter and nails. Care to explain? While I do think that postscreen is a great tool to block the majority of spambots it doesn't make other tools obsolete. -- Alex JOST
Re: Weak Ciphers
Am 08.11.2015 um 13:52 schrieb John Allen: I ran the ssl-tools tests on my mail server. Everything seems to be OK, *BUT* it reports that i am using a weak cipher "ECDHE_RSA_WITH_RC4_128_SHA"! So I sat down and googled - postfix/dovecot/apache - ciphers suites/recommendations less than one year old. I gave up at about the fifteenth response. Everyone of them was different and gave me lists of cipher ranging in length from about eight to almost a full web page. Would somebody point me in the right direction. I am trying to make my installation secure, but manageable. http://marc.info/?l=postfix-users=143884497605106=2 -- Alex JOST
Re: transport_maps and check_recipient_access
Am 25.09.2015 um 18:42 schrieb Alex: Hi, I have a postfix-3.0.1 system on fedora22 that relays its mail to an internal postfix system where the users receive their mail and send as users of the domain. I have a transport map configured on the external mail system that forwards mail to the internal server for a handful of domains. On the internal system I have a check_recipient_access list configured that rejects mail from non-existent users. I'd like to move that access list to the external system so bounces are sent directly to the sender instead of back through to the external server. How can I configure the external system to support the check_recipient_access while also then forwarding on valid users to the internal system? Thanks, Alex Use recipient verification[1] on the forwarder to reject recipients that do not exist on the internal system. [1] http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient -- Alex JOST
Re: Conditional Greylisting
Am 19.09.2015 um 00:57 schrieb Bruce Marriner: On Friday, September 18, 2015 04:59 PM CDT, "Bill Cole" <postfixlists-070...@billmail.scconsult.com> wrote: On 18 Sep 2015, at 14:29, Bruce Marriner wrote: So I want to be able to set up Postfix so, if it passes DKIM or other checks that give me a high confidence then just skip the postgrey stuff entirely. In what exactly does a valid DKIM signature give you high confidence? I suspect that this is misplaced... All a DKIM signature validation tells you is that a message was in fact signed at the mail system where it claimed to have been signed by an entity in control of the DNS for the domain identified the signature and that none of the message fields specified in the DKIM header have been changed in transit. Looking at the spam that has made it through my filters this year, I see that 27% of those messages had a valid DKIM signature, because in fact any spammer who can open a Yahoo account or register a domain can send mail with a valid DKIM signature. Ah, well. I think you might be right about misplaced. I've been reading about this all day learning it and I've started to realize the same thing. I would like Now, why can't all the spammers just add a ThisIsSpam header. Sure would make my life easier :) I'd still like to reduce my dependency on postgrey. So, if has valid SPF, valid DKIM, has a low SpamAssassin score, then I could skip it without raising spam too much, or at all :). Postgrey just works so well :) I mean, if I have that on I get almost no spam. But sometimes somethings that should come though don't and many things are delayed. When I turn it off, I get tons of spam. So, I need to start adding more stuff into the mix like SpanAssassin, SPF, DKIM, whatever so I can reduce my Postgrey dependency a little. My first few google searches were covered in the DKIM/SPF stuff so I guess that's where I've started first. We are using Postfwd[1] to conditionally use Greylisting when the sender seems suspicious. There is already a good example configuration for "Selective greylisting". [1] http://postfwd.org/ -- Alex JOST
Re: Postfix 3.x for RedHat/CentOS 7.x
Am 05.09.2015 um 20:43 schrieb Viktor Dukhovni: What I've not yet checked, is whether Fedora (like Debian) has started splitting up Postfix into multiple RPMs with optional databases (LDAP, MySQL, ...) in separate packages, now that Postfix supports shared library builds, and dynamic maps. If they have not, they probably should. AFAIK the upcoming Fedora 23 will be the first release providing separate packages: https://apps.fedoraproject.org/packages/postfix/changelog/ -- Alex JOST
Re: SPF clear up
Am 01.08.2015 um 16:07 schrieb Martin S: Hi, If I want to add SPF in this scenario: I have a mailserver (mail.foo.com) which handles mail for foo.com. It also handles mail for the domains bar.com and acme.com. bar.com and acme.com doesn't have any mail servers (mx records points to mail.foo.com). Would the correct SPF record then be: v=spf1 include:foo.com ~all For each domain? I might just be confused (again). Assuming that mail.foo.com handles incomming and outgoing traffic for all those domains you could set the SPF record pointing to the MX record. This would be the simplest solution. v=spf1 mx ~all -- Alex JOST
Re: session fingerprint and policy servers
Am 17.07.2015 um 17:05 schrieb Wietse Venema: Alex JOST: Hi all, I've recently read the release notes for Postfix 3.0 and stumbled over session fingerprint. I was wondering if there do exist any plans to make this information accessible via the SMTP Access Policy Delegation Protocol to use it with a policy server like postfwd. These are end-of-session statistics. Making them available mid-session would require that Postfix can predict the future. You are right, but I was hoping that at least parts of the information would be available mid-session (END-OF-DATA). Is this feature mainly designed to easily debug sessions? I was hoping to block some bad behaving bots with it. -- Alex JOST
session fingerprint and policy servers
Hi all, I've recently read the release notes for Postfix 3.0 and stumbled over session fingerprint. I was wondering if there do exist any plans to make this information accessible via the SMTP Access Policy Delegation Protocol to use it with a policy server like postfwd. -- Alex JOST
Re: SASL AUTH dictionary attacks
Am 10.06.2015 um 00:19 schrieb Scott Lambert: I've been looking for, but haven't found, yet, a postfix option that would delay x seconds after a failed auth attempt. We still use fail2ban, but the botnets are just too large. This can be set within Dovecot when using Dovecot for SASL authentication. /etc/dovecot/conf.d/10-auth.conf auth_failure_delay = 5 secs -- Alex JOST
Re: Postfix forward mail to other server but leaving a copy...
Am 30.04.2015 um 13:43 schrieb gilbertoferreira: Thanks for your answer, but I need this only for a few accounts... I thing use procmail or .forward rules... Have a look at recipient_bcc_maps: http://www.postfix.org/postconf.5.html#recipient_bcc_maps -- Alex JOST
Re: smtpd: warning: hostname does not resolve to address Name or service not known
Am 18.04.2015 um 16:35 schrieb Krzs: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 That's while i use openssl: :~$ openssl s_client -starttls smtp -crlf -connect 88.198.107.18:25 CONNECTED(0003) depth=0 C = DE, ST = Berlin, L = Berlin, O = Frozenstar Communications, OU = SMTP, CN = smtp.frozenstar.info, emailAddress = admin[at]frozenstar.info verify error:num=18:self signed certificate verify return:1 depth=0 C = DE, ST = Berlin, L = Berlin, O = Frozenstar Communications, OU = SMTP, CN = smtp.frozenstar.info, emailAddress = admin[at]frozenstar.info verify return:1 --- Certificate chain 0 s:/C=DE/ST=Berlin/L=Berlin/O=Frozenstar Communications/OU=SMTP/CN=smtp.frozenstar.info/emailAddress=admin[at]f rozenstar.info [...] Start Time: 1429367076 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- 250 DSN If I issue the same command and continue with EHLO AUTH is offered to me but my credentials (obviously) get rejected. So far working as it should. 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6 This is insted by telnet: :~$ telnet smtp.frozenstar.info 25Trying 88.198.107.18... Connected to smtp.frozenstar.info. Escape character is '^]'. 220 smtp.frozenstar.info ESMTP Postfix ehlo frozenstar.info 250-smtp.frozenstar.info 250-PIPELINING 250-SIZE 1024 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH is NOT on the list and logs say: That's because you told Postfix not to offer AUTH on unsecure connections. smtpd_tls_auth_only = yes To me it looks as if everything is working as it should. This might simply be a Thunderbird misconfiguration. -- Alex JOST
Re: Blocked via Spamhaus
Am 04.09.2014 um 18:23 schrieb LuKreme: dwl.spamhaus.org=127.0.2.[2;3]*-3 swl.spamhaus.org=127.0.2.[12;13]*-3 AFAIR someone posted a few months ago that those lists are empty. Has that changed? -- Alex JOST
Re: Is there any document about debian+postfix+dovecot+mysql?
Am 26.08.2014 um 18:21 schrieb leonwei: Hi, everybody: How do you do ? I want to setup a mail server in Debian, and want to use postfix+dovecot+mysql. Is there any documents can i used? Best Regard! Leon Wei E-mail: leon...@mail.kingdest.com Well written and comprehensive guide to start off with: https://workaround.org/ispmail/wheezy -- Alex JOST
Re: Allowing alert messages from home server {Sender address rejected: Domain not found)
Am 25.07.2014 um 04:45 schrieb Ian Evans:
I'm currently running postfix in two places. I have a fully functioning
postfix email server for my site's domain and at home I have postfix
installed to allow my home server to send alert messages.
The home server is relaying through my home ISP's smtp server, but the
messages get rejected by my site's postfix because the messages don't have
a FQDN:
RCPT from myhomeisp.com[xxx.xxx.xxx.xxx]: 450 4.1.8 ian@homeserver:
Sender address rejected: Domain not found; from=ian@homeserver
How do I tell postfix that @homeserver email's are okay despite not having
a FQDN?
Thanks.
You can use sender_canonical_maps to rewrite the sender address to
something correct.
main.cf:
sender_canonical_maps = hash:${config_directory}/sender_canonical_maps
sender_canonical_maps:
ian@homeserver i...@example.com
--
Alex JOST
Re: virtual_alias_maps, continue after succesful match
Am 09.07.2014 08:48, schrieb Roel van Meer: Hi list! I'm in the process of converting our Postfix/OpenLDAP system to Postfix/Samba 4/Zarafa. The OpenLDAP structure contained mailacceptinggeneralid entries, with maildrop attributes for both local and remote addresses. The problem is that this does not fit the Zarafa way. Basic question: if I have two virtual_mailbox_maps, is there a way to ensure lookups happen in both of them, even if the first already had a match? What I would like to do is this: virtual_mailbox_maps = hash:/etc/postfix/external, ldap:/etc/postfix/zarafa-aliases.cf which, (for the sake of this explanation) can be simplified to this: virtual_mailbox_maps = hash:/etc/postfix/external, hash:/etc/postfix/zarafa-aliases /etc/postfix/external: i...@example.tldi...@example.tld, somewh...@gmail.com /etc/postfix/zarafa-aliases i...@example.tldus...@example.tld, us...@example.tld So, the lookup in the first table would result in an expansion to include external addresses, and the lookup in the second table would expand the address to actual mailboxes. However, with this setup, if there's a match in the first table, the second expansion never happens. I tried using recipient_bcc_maps, and this works, but that map accepts only a single address to send bcc's to. It seems the only way to make this work is to make sure that the LDAP lookup returns external addresses and actual mailboxes in one go (like it used to do with mailacceptinggeneralid/maildrop entries). If anyone can tell me if I've overlooked something, I'd be grateful! Kind regards, Roel You could use a mail filter like Sieve to redirect messages to the external addresses. Of course that would make maintainability a lot harder. -- Alex JOST
Re: SASL and Sender Dependent Relay
smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem smtp_tls_CApath = /usr/local/etc/postfix/certs/ smtp_tls_note_starttls_offer = yes smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_tls_session_cache smtpd_authorized_verp_clients = $mynetworks smtpd_client_restrictions = reject_unauth_pipelining permit_sasl_authenticated reject_unknown_client_hostname smtpd_milters = unix:/var/run/clamav/clmilter.sock smtpd_recipient_restrictions = reject_unauth_pipelining permit_sasl_authenticated permit_mynetworks reject_unknown_recipient_domain reject_unauth_destination smtpd_reject_footer = For assistance, please provide the following information in your problem report: time ($localtime), client ($client_address) and server ($server_name). smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem smtpd_tls_cert_file = /usr/local/etc/postfix/certs/Postfix-cert.pem smtpd_tls_key_file = /usr/local/etc/postfix/certs/Postfix-key.pem smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_tls_session_cache tls_random_source = dev:/dev/urandom transport_maps = hash:/usr/local/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_gid_maps = static:1002 virtual_mailbox_base = /var/mail/vhost virtual_mailbox_domains = seibercom.net virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox virtual_minimum_uid = 100 virtual_transport = dovecot virtual_uid_maps = static:1002 Your configuration misses smtpd_sasl_path. http://www.postfix.org/SASL_README.html#server_sasl_enable -- Alex JOST
Re: How to block offering SASL auth to clients based on RBL
Am 11.06.2014 21:17, schrieb Kai Krakow: * mbox server: handle pop3 and imap requests from users * accepts no external traffic, just from mailout / bulkmail * just a receiver for local domains * maybe handle dovecot outgoing mails (thou we didn't support anyway) Any ideas/suggestions? Do you see problems? When using Dovecot you should consider migrating away from mbox as suggested by the developer. http://dovecot.org/list/dovecot/2014-May/096318.html -- Alex JOST
Re: Unknown users not rejected on Alias Domains (Virtual Domains)
Am 03.06.2014 22:50, schrieb Peter Bittner: Hi, I'm trying to find out which is the correct way to configure alias domains on postfix. For example, I have 3 different domains (example.com, example.info, example.net), and when I send an e-mail to a user on any of the three domains it's always sent to u...@example.com. In other words, I never need to configure mailboxes or users on any of the other two domains (alias domains, as I call them). It's sufficient to have the user configured on the main domain. AFAIK, Postfix Admin can do what you are asking for. http://sourceforge.net/projects/postfixadmin/ -- Alex JOST
