[pfx] configuration for backup mx server
Hello
My settings for backup MX server are as follows. Do you think if they
have problems? I am looking for your kind suggestions.
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
permit_mx_backup, reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unknown_client_hostname,
reject_unknown_sender_domain
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
permit_mx_backup,
reject_unauth_destination,
check_policy_service { unix:private/policyd-spf, default_action=DUNNO
}
permit_mx_backup_networks = xx.xx.xx.xx
Thanks in advance.
corey hickman
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] domain based vhosts
Hello list, another more question, does postfix support domain based vhosts? such as different vhost has different policies, routes, milters etc. Thanks Corey ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] multi smtp servers question
Hello list, We have 3 smtp servers for sending messages. When mail in one server has delivery issue, how can we setup it to use another more servers for second/third delivery? Thanks Corey ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] stop bulk messages
Hello list, Some clients abuse the outgoing smtp server for sending bulk messages. The messages have the same content of business promotion letter. Do you know how to stop this behavior? Thank you. corey ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] simple content filter for outgoing message
Hello buddies, I just want to make some simple filters for outgoing messages. for example, the message content has some keywords (like "VPN sale") included, it will be rejected by the system. I know there are the software Rspamd and Spamassassin, but they are too heavy for my simple usage. Do you have any other ideas? Thanks. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] invalid and non-fqdn hostname
Hello for these two statements, reject_invalid_helo_hostname reject_non_fqdn_helo_hostname what are the differences between them? does the second one hold the first one already? Thanks. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: secondary MX server
On 01/04/2023 08:04, Peter via Postfix-users wrote: On 1/04/23 00:36, Corey Hickman via Postfix-users wrote: Since almost every sending MTA has the queues, do I need a secondary MX for my domain email? Secondary, or backup MXes are almost never recommended in the modern internet and tend to be a relic of the 1990s dialup internet. What is often times done for very high traffic situations is load balancing, which can be implemented similar to a secondary MX (but having the same MX priority for two or more servers instead of different priorities). Secondary MX entries can also be used for a type of spam trap since spammers will often times try to abuse them and send directly to the secondary MX instead of trying the primary first as they should do, see "MAIL EXCHANGER POLICY TESTS" in postscreen(8) for an implementation of this. None of this is what you are considering. If you still want to implement a secondary MX then it must have all of the same anti-spam measures as the primary server, be just as well maintained, and requires a lot of work to get right, all of this for a server which will likely see little or no legitimate email traffic. My opinion is you are better served spending your time and efforts on the primary server. That's all right. Thanks. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] secondary MX server
Hello, Since almost every sending MTA has the queues, do I need a secondary MX for my domain email? I am afraid the secondary MX was abused by spammers. Thanks. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: choose the right email address to send to the lists
On 10/03/2023 19:30, cor...@free.fr wrote: I saw some people using email addresses like yahoo, AOL, mail.ru to post messages to the lists (such as debian-user, postfix-user etc). I am thinking those addresses which have the strictest DKIM setup are not suitable to send a list mail, they will be blocked by many recipients (list members). For example, yahoo has this DMARC setting: v=DMARC1; p=reject; pct=100; rua=mailto:d...@rua.agari.com; ruf=mailto:d...@ruf.agari.com; And Mail.ru: v=DMARC1;p=reject;rua=mailto:dmarc_...@corp.mail.ru And zoho.com: v=DMARC1; p=reject; sp=reject; fo=0; rua=mailto:dmarcaggregat...@zoho.com; ruf=mailto:dmarcaggregat...@zoho.com The all have "p=reject" rules which mean when DKIM (most modern email providers have this enabled) break at the recipient end, this mail will be rejected by the recipient MTA. As we know DKIM will fail due to: 1. SPF fail (for the From: address in header) - this will 100% happen regardless list server implements SRS or not. 2. DKIM fail (for header address as well) - this will most probably happen since some list servers change the message content by adding a signature etc. So we should choose a email address which at least has no "p=reject" in their DKIM policy. I am sorry for the typos. What I meant is DMARC, not DKIM. :) sorry, Corey ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] choose the right email address to send to the lists
I saw some people using email addresses like yahoo, AOL, mail.ru to post messages to the lists (such as debian-user, postfix-user etc). I am thinking those addresses which have the strictest DKIM setup are not suitable to send a list mail, they will be blocked by many recipients (list members). For example, yahoo has this DMARC setting: v=DMARC1; p=reject; pct=100; rua=mailto:d...@rua.agari.com; ruf=mailto:d...@ruf.agari.com; And Mail.ru: v=DMARC1;p=reject;rua=mailto:dmarc_...@corp.mail.ru And zoho.com: v=DMARC1; p=reject; sp=reject; fo=0; rua=mailto:dmarcaggregat...@zoho.com; ruf=mailto:dmarcaggregat...@zoho.com The all have "p=reject" rules which mean when DKIM (most modern email providers have this enabled) break at the recipient end, this mail will be rejected by the recipient MTA. As we know DKIM will fail due to: 1. SPF fail (for the From: address in header) - this will 100% happen regardless list server implements SRS or not. 2. DKIM fail (for header address as well) - this will most probably happen since some list servers change the message content by adding a signature etc. So we should choose a email address which at least has no "p=reject" in their DKIM policy. For example, gmail is good: v=DMARC1; p=none; sp=quarantine; rua=mailto:mailauth-repo...@google.com Free.fr (the one I am using): v=DMARC1;p=none;adkim=r;aspf=r;sp=none GMX.net: v=DMARC1; p=none; sp=quarantine; rua=mailto:dmarcrep...@gmx.net; ruf=mailto:dmarc-...@gmx.net; adkim=r;aspf=r; fo=1 They all have "p=none" so they probably have no delivery issues to mailing lists. Just my thought though... Thanks Corey H ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
