Re: Postfix with "always_bcc" email is 2x or 3x on the always_bcc mail
Hi Wietse, thank you for your help, all works fine. Best regards J.Karliak Dne 2022-10-11 11:45, Wietse Venema napsal: Josef Karliak: Good morning, what could cause the mail copied by postfix's always_bcc - copied email is 2x or sometimes (?) 3x copied in the always_bcc email. I use DKIM and DMARC milter and Spamassasisn as a "check_policy_service". Could the passing to the milters cause it ? No. See https://www.postfix.org/FILTER_README.html for suggestions to set "receive_override_options=no_address_mappings" in master.cf to avoid multiple bcc recipients. Wietse
Postfix with "always_bcc" email is 2x or 3x on the always_bcc mail
Good morning, what could cause the mail copied by postfix's always_bcc - copied email is 2x or sometimes (?) 3x copied in the always_bcc email. I use DKIM and DMARC milter and Spamassasisn as a "check_policy_service". Could the passing to the milters cause it ? Thanks and best regards J.Karliak
Re: Postifix 2.11.3 sends some mails (not spam) to postmater@
Hi, I found that only emails with "dmarc=fail" in the headers are sent to postmaster - as it is defined in our dmarc record, but that should be statistics, not emails... Thanks and best resgards J.K. > Josef Karliak: >> Good morning, >> Postfix copy some mails (not spams) to postmaster@ email of our >> domain, >> what could cause it ? But only some mails. > > The Postfix SMTP server always accepts mail for "postmaster". > That was added in Postfix 1.1.0. > > /* > * XXX 2821: Section 3.6 requires that "postmaster" be accepted even > when > * specified without a fully qualified domain name. > */ > if (strcasecmp(recipient, "postmaster") == 0) > return (0); > > This has not changed in the past 14 years. > > The usual Postfix rules will apply for postmaster@domainname. > > Wietse > -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and implementation of the DMARC. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you.
Postifix 2.11.3 sends some mails (not spam) to postmater@
Good morning, Postfix copy some mails (not spams) to postmaster@ email of our domain, what could cause it ? But only some mails. One idea - "postmaster" file contains : postmaster@ OK abuse@ OK This is new after reconfiguration to incoming MX server. But this file is also on old MX server and there were not this isues. There were postfix 2.9.6 Thanks and best regards J.Karliak -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and implementation of the DMARC. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you.
Re: Postifix 2.11.3 sends some mails (not spam) to postmater@
Yes, I use dmarc milter for postfix, opendmarc. J.K. > Josef Karliak: >> Hi, >> I found that only emails with "dmarc=fail" in the headers are sent to >> postmaster - as it is defined in our dmarc record, but that should be >> statistics, not emails... > > With Postfix, DMARC is implemented by Milters or content filters. > Postfix itself is DMARC-agnostic. > > Wietse > -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and implementation of the DMARC. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you.
postfix and dualstack relayhost.
Hi there, just a little question - when I use in the main.cf dns name for relayhost and dns name has IPv4 and IPv6 IP, how does postfix communicate ? First is IPv6 communication and after timeout is IPv4 communication ? Thanks and best regards J.Karliak -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binCQcDHewOA8.bin Description: Veřejný PGP klíč
postfix 2.9.x and smtpd_recipient_restrictions in the main.cf and master.cf
Good morning, I ve a firewall with 3 network card - WAN, LAN and DMZ. I want to have diferend smtpd_recipient_restrictions on the WAN card, so I've set it in the master.cf 193.11.123.9:smtp inet n - n - - smtpd -o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_recipient_access hash:/etc/postfix/alias_list,check_policy_service inet:127.0.0.1:10040,check_recipient_access hash:/etc/postfix/postmaster,check_policy_service unix:private/spf,permit_mx_backup,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_unknown_recipient_domain,check_sender_access hash:/etc/postfix/dsn_exceptions,permit But postfix complains for everything after check_recipient_access hash:/etc/postfix/alias_list. Maybe he do not like space char. So there is a question - how do you solve it on your postfix ? And why I want it ? I want to accept only existing recipients from internet, alias list contains: alias1@ OK alias2@ OK ... Thank you for your advices and kicking me to the right way. Best regards Josef Karliak. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program.
postfwd2 expericiencies
Good afternoon, I've started to runnning postfwd2 on my server, with aproximately up to 500 mails daily (and 80% spams :) ). I plan to use it to a domain with 30 000 daily emails. Does anybody have postfwd2 applied for similar domain ? What about huge dns count for RBL ? Thanks and best regards J.Karliak. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program.
Re: Postfix 2.8.x anti anti backscattering settings
Ohh. So there is only one solution - on mail server generate an alias list that contains aliases and result. Like : chose OK user OK ... ... And in main.cf use directive smtpd_recipient_restrictions = other options,check_recipient_access hash:/etc/postfix/alias_list,other options So we'll generate aliases into a alias_list file and scp it from email server to incomming smtp and use it in postfix. Is it only one option ? Or there are better ? Just asking. Thanks very much. J.Karliak. Cituji Wietse Venema wie...@porcupine.org: Josef Karliak: Hi, thanks for tip. I may be something missed: In main.cf I've added: address_verify_relayhost = 19.13.13.11 #ip of my mail server that knows all users address_verify_sender = mas...@mojedomena.cz This overrides the relayhost setting, which is used ONLY for REMOTE delivery, not LOCAL. It will NEVER be used to find out if a LOCAL email address is valid. Which override SHOULD you use? That depends on your Postfix configuration. Wietse -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program.
Re: Postfix 2.8.x anti anti backscattering settings
Hi, thanks for tip. I may be something missed: In main.cf I've added: address_verify_relayhost = 19.13.13.11 #ip of my mail server that knows all users address_verify_sender = mas...@mojedomena.cz communication between this incoming server and final imap server (between them is antispam/antivir server) is enabled. But in the log I see no records, that the server wanted to communicate with imap server for verification. Did I missed something else ? Ofcourse, postmap of main.cf and postfix restart has been done... Thanks and best regards J.Karliak. Cituji Stan Hoeppner s...@hardwarefreak.com: On 4/19/2013 1:28 AM, Tom Hendrikx wrote: Last time I read ADDRESS_VERIFICATION_README, I noticed that this isn't true: you can route your probes to the final delivery machine while leaving the current delivery mechanism intact: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#probe_routing Ahh, you are correct. This may make things much simpler for Josef. http://www.postfix.org/postconf.5.html#address_verify_relayhost But let's note the caveats: Inconsistencies can happen when probe messages don't follow the same path as regular mail. For example, a message can be accepted when it follows the regular route while an otherwise identical probe message is rejected when it follows the forced route. The opposite can happen, too, but is less likely. -- Stan -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program.
Postfix 2.8.x anti anti backscattering settings
Good morning, our outgoing smtp server gets into a backscatter blacklist. When I checked my logs, there were only one mailer daemon email to some server in the time that is mentioned on the backscatter web. In all servers in the way of the email (incoming MX-antispam server- our imap server) has unknown_local_recipient_reject_code = 550. What else could I do ? There could be one thing - incoming MX accept all emails for our domain, he doesn't know our aliases. The mail is send to antispam and when antispam wanna sent the email to imap server and the target email address doesn't exists, it has 550 error and it is send away by our antispam server (it is our outgoing server). So, is this all wrong ? We decided to have more servers because of loading reasons (we've daily up to 15 000 emails, but there were a 60 000 peak) Thanks and best regards J.Karliak. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program.
Re: Postfix 2.8.x anti anti backscattering settings
Hi, thanks for reply. We thought that we have to copy existing aliases file from imap server to incoming MX. If we reject an emailduring smtp communication, we won't relay spam to victim. Am I right ? Best regards J.K. Cituji Mikael Bak m...@inbox.lv: Hi Josef, On 04/18/2013 11:06 AM, Josef Karliak wrote: Good morning, our outgoing smtp server gets into a backscatter blacklist. When I checked my logs, there were only one mailer daemon email to some server in the time that is mentioned on the backscatter web. In all servers in the way of the email (incoming MX-antispam server- our imap server) has unknown_local_recipient_reject_code = 550. What else could I do ? There could be one thing - incoming MX accept all emails for our domain, he doesn't know our aliases. The mail is send to antispam and when antispam wanna sent the email to imap server and the target email address doesn't exists, it has 550 error and it is send away by our antispam server (it is our outgoing server). So, is this all wrong ? We decided to have more servers because of loading reasons (we've daily up to 15 000 emails, but there were a 60 000 peak) You can have reject_unverified_recipient on the MX to check the IMAP server if the email address exists before accepting it. HTH, Mikael -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program.
Postfix 2.8.x and weir accepting emails
Good mornig to every body, postfix accept me emails that comes from servers sending emails with IP instead of the domain. For example pok@[1.2.3.4]. Postfix accept me this email: Escape character is '^]'. 220 destination.mx.com ehlo bad.server.com 250-destination.mx.com 250-PIPELINING 250-SIZE 6000 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from: pok@[1.2.3.4] 250 2.1.0 Ok rcpt to: ch...@mx.com 250 2.1.5 Ok data 354 End data with CRLF.CRLF Subject: hernajs . 250 2.0.0 Ok: queued as E4D0F5D But when I use domain instead of [1.2.3.4], SPF works fine, email is rejected. What I've missed? Thanks and best regards J.Karliak. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. bin25TxfAsSvc.bin Description: Veřejný PGP klíč
Re: Postfix 2.8.x and archive options
Hi, thanks for answer. I forgot to write our daily email's count - about 4. And as a email system we use cyrus. But I thought if postfix could store emails for archiving, alternate for always_bcc ... J.K. Cituji Robert Schetterer rob...@schetterer.org: Am 11.10.2012 07:28, schrieb Josef Karliak: Good morning, I know about Postfix's always_bcc that sends all emails to another email mailbox. But are there some other options to archive emails ? For example all emails will be copied to a some direcotory. How do you solve your emails archoves ? Thanks and best regards J.Karliak. if mail delivered to another mailbox , this mailbox may have filters like sieve, which can sort and create auto maildir folder named by date/user + in/out ( may ask i.e dovecot list ) or use some special archive software -- Best Regards MfG Robert Schetterer -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binoW742IOI0Y.bin Description: Veřejný PGP klíč
Re: Postfix 2.8.x and archive options
Hi, I want all emails. Email could be filtered as a spam (false positive). Co I want to have an option to resend the email - copy it into a spool or so. First option is that I've all emails in the another mailbox (in the cyrus mail system), the email could be forwarded to an original recipient. Second option is that we've all emails from the Postfix copied into a some directory, file's names will be like postfix's queue id. So I check mail log for the filtered email, I know it id, move or copy the file named by that id into a resend and postfix will send it. I presume that we will archive emails for a month, archive is mostly used only for false positive spam. Or what are your expericiencies ? How do you solve emails filtered by spam (flase positives) ? Ok, one option is only marking and not filtering, but our users .. Thanks J.K. Cituji Robert Schetterer rob...@schetterer.org: Am 11.10.2012 09:13, schrieb Josef Karliak: Hi, thanks for answer. I forgot to write our daily email's count - about 4. number is not that relevant for basic archive actions, relevant for the archive storage is how much mail must be stored, where and for how long and what is the archive policy , is it for i.e restore etc, as well there may law related stuff, for special archive goals there is special archive software in www And as a email system we use cyrus. But I thought if postfix could store emails for archiving, alternate for always_bcc ... what you dont like on postfix always_bcc ( or sender recipient bcc )? for sure there are possibilities like write copy with milter or policy server etcso what is your exact archive idea, what depence are you trying to goal with your archive...? J.K. Cituji Robert Schetterer rob...@schetterer.org: Am 11.10.2012 07:28, schrieb Josef Karliak: Good morning, I know about Postfix's always_bcc that sends all emails to another email mailbox. But are there some other options to archive emails ? For example all emails will be copied to a some direcotory. How do you solve your emails archoves ? Thanks and best regards J.Karliak. if mail delivered to another mailbox , this mailbox may have filters like sieve, which can sort and create auto maildir folder named by date/user + in/out ( may ask i.e dovecot list ) or use some special archive software -- Best Regards MfG Robert Schetterer -- Mfg Best Regards Robert Schetterer -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binprs93l6JnK.bin Description: Veřejný PGP klíč
Postfix 2.8.x and archive options
Good morning, I know about Postfix's always_bcc that sends all emails to another email mailbox. But are there some other options to archive emails ? For example all emails will be copied to a some direcotory. How do you solve your emails archoves ? Thanks and best regards J.Karliak. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binSufFh4cQgH.bin Description: Veřejný PGP klíč
Postfix 2.8.x and how to log summary into a mysql
Good morning, did anybody solved recording sender,recipient and date into a mysql ? Normally postfix log it into a maillog, I want it into a database record sender recipient date. Or it is able to change postfix's logging, where is summary on a one line ? Thanks for tips and best regards J.K. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. __ Information from ESET Mail Security, version of virus signature database 7447 (20120905) __ The message was checked by ESET Mail Security. http://www.eset.com binemyJBThGgb.bin Description: Veřejný PGP klíč
Re: Postfix 2.8.x and how to log summary into a mysql
Great, thanks. I'm logging, its easy. I must find variable for inserting sender email address into a mysql, hosts, time and recipient is done by your tip. Or anybody knows ? Thanks a lot! J.K. Cituji Robert Schetterer rob...@schetterer.org: Am 05.09.2012 10:57, schrieb Reindl Harald: Am 05.09.2012 10:50, schrieb Josef Karliak: Good morning, did anybody solved recording sender,recipient and date into a mysql ? Normally postfix log it into a maillog, I want it into a database record sender recipient date. Or it is able to change postfix's logging, where is summary on a one line ? postfix is logging to syslog-daemon rsyslog supports mysql as target however sender recipient date is impossible perhaps its possible with prefilter logging rsyslog mysql with template but it might not be trivial look ( sorry german ) http://lab4.org/wiki/Mailbounces_monitoren_mit_rsyslog_und_mysql for ideas -- Best Regards MfG Robert Schetterer __ Information from ESET Mail Security, version of virus signature database 7447 (20120905) __ The message was checked by ESET Mail Security. http://www.eset.com -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. __ Information from ESET Mail Security, version of virus signature database 7447 (20120905) __ The message was checked by ESET Mail Security. http://www.eset.com bin8990B3KFXP.bin Description: Veřejný PGP klíč
postfix 2.8.8.x and SPF rejecting emails from my MX servers
Good afternoon, I use SPf for spf authorized domains. When my primary MX fails, email is sent to my backup MX. When my primary get up, email that waits in the spool of my backup is rejected by my primary server because of SPF. For example http://www.openspf.org/Why?id=aukro%40info.aukro.czip=77.48.63.10receiver=gw Email is sent for some user in the tcmcentrum.cz from aukro.cz. tcmcentrum.cz is down, email is sent to backup celer.ajetaci.cz . tcmcentrum.cz got up, celer.ajetaci.cz try to deliver email from aukro.cz and it is rejected (celer.ajetaci.cz is not authorized for aukro.cz). But why, I'm just backup... What did I missed ? Thanks for your time and kicking to a right way. J.K. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binezA2Pm4nHy.bin Description: Veřejný PGP klíč
Postfix 2.8.x and customization DSN email?
Good morning, is it able to change for example DSN email's text ? This is the mail system at host server.fhk.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. We wanna to use it in our language (don't ask:-/)... Thanks and best regards J.Karliak. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binc5faxFD1jS.bin Description: Veřejný PGP klíč
dkim-milter verify, but don't sign.
Good morning, I configured dkim-milter (2.7.2-x) to postfix (2.7.2-x) on opensuse 11.4 64-bit, generated keys (named mail). In the dkim-milter config I defined my options: DKIM_MODES=sv DKIM_DOMAIN=ajetaci.cz DKIM_SELECTOR=mail DKIM_CANON=simple DKIM_REJECTION=bad=a,dns=t,no=a,sec=t DKIM_EXTRA_ARGS=-l -h -D DKIM_SIGNALG=rsa-sha256 and in the main.cf I've : milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 milter_default_action = accept I tried this over unix socket too. Where is an error ? Any kicks to the right way ? :-/ Thanks and best regards J.K. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. bin65sT3qy3JH.bin Description: Veřejný PGP klíč
Re: dkim-milter verify, but don't sign.
Hi, modes sv is configured - see my config bellow. That's crazy on that. When I ps -ef : /usr/bin/dkim-filter -p inet:8891@localhost -b sv -c simple -C bad=a,dns=t,no=a,sec=t -d ajetaci.cz -S rsa-sha256 -s mail -k /etc/mail/dkim/mail.private -l -h -D Thanks J.K. Cituji Robert Schetterer rob...@schetterer.org: Am 07.11.2011 10:39, schrieb Josef Karliak: Good morning, I configured dkim-milter (2.7.2-x) to postfix (2.7.2-x) on opensuse 11.4 64-bit, generated keys (named mail). In the dkim-milter config I defined my options: DKIM_MODES=sv DKIM_DOMAIN=ajetaci.cz DKIM_SELECTOR=mail DKIM_CANON=simple DKIM_REJECTION=bad=a,dns=t,no=a,sec=t DKIM_EXTRA_ARGS=-l -h -D DKIM_SIGNALG=rsa-sha256 and in the main.cf I've : milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 milter_default_action = accept I tried this over unix socket too. Where is an error ? Any kicks to the right way ? :-/ Thanks and best regards J.K. perhaps this helps Mode (string) Selects operating modes. The string is a concatenation of characters which indicate which mode(s) of operation are desired. Valid modes are s (signer) and v (verifier). The default is sv except in test mode (see the dkim-filter(8) man page) in which case the default is v. so configure your DKIM_MODES=sv as you want it -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binZgFQzQIJuG.bin Description: Veřejný PGP klíč
Re: dkim-milter verify, but don't sign.
Hi, modes sv is configured - see my config bellow. That's crazy on that. When I ps -ef : /usr/bin/dkim-filter -p inet:8891@localhost -b sv -c simple -C bad=a,dns=t,no=a,sec=t -d ajetaci.cz -S rsa-sha256 -s mail -k /etc/mail/dkim/mail.private -l -h -D Thanks J.K. Cituji Robert Schetterer rob...@schetterer.org: Am 07.11.2011 10:39, schrieb Josef Karliak: Good morning, I configured dkim-milter (2.7.2-x) to postfix (2.7.2-x) on opensuse 11.4 64-bit, generated keys (named mail). In the dkim-milter config I defined my options: DKIM_MODES=sv DKIM_DOMAIN=ajetaci.cz DKIM_SELECTOR=mail DKIM_CANON=simple DKIM_REJECTION=bad=a,dns=t,no=a,sec=t DKIM_EXTRA_ARGS=-l -h -D DKIM_SIGNALG=rsa-sha256 and in the main.cf I've : milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 milter_default_action = accept I tried this over unix socket too. Where is an error ? Any kicks to the right way ? :-/ Thanks and best regards J.K. perhaps this helps Mode (string) Selects operating modes. The string is a concatenation of characters which indicate which mode(s) of operation are desired. Valid modes are s (signer) and v (verifier). The default is sv except in test mode (see the dkim-filter(8) man page) in which case the default is v. so configure your DKIM_MODES=sv as you want it -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. bint45iSemasf.bin Description: Veřejný PGP klíč
Re: dkim-milter verify, but don't sign.
In the message header I've : X-DKIM: Sendmail DKIM Filter v2.7.2 kostnew.ajetaci.cz 8840B239C3 Authentication-Results: kostnew.ajetaci.cz; dkim=none (no signature) header.i=unknown; dkim-adsp=fail And in the mail log: Nov 7 10:48:37 kostnew dkim-filter[16623]: 8840B239C3 external host [192.168.2.5] attempted to send as ajetaci.cz I've a few similar dkim installations that works (but on older opensuses..). Maybe some small stupid misconfig, but where. It is all simple :-/ thanks J.K. Cituji Robert Schetterer rob...@schetterer.org: Am 07.11.2011 10:46, schrieb Robert Schetterer: Am 07.11.2011 10:39, schrieb Josef Karliak: Good morning, I configured dkim-milter (2.7.2-x) to postfix (2.7.2-x) on opensuse 11.4 64-bit, generated keys (named mail). In the dkim-milter config I defined my options: DKIM_MODES=sv DKIM_DOMAIN=ajetaci.cz DKIM_SELECTOR=mail DKIM_CANON=simple DKIM_REJECTION=bad=a,dns=t,no=a,sec=t DKIM_EXTRA_ARGS=-l -h -D DKIM_SIGNALG=rsa-sha256 and in the main.cf I've : milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 milter_default_action = accept I tried this over unix socket too. Where is an error ? Any kicks to the right way ? :-/ Thanks and best regards J.K. perhaps this helps Mode (string) Selects operating modes. The string is a concatenation of characters which indicate which mode(s) of operation are desired. Valid modes are s (signer) and v (verifier). The default is sv except in test mode (see the dkim-filter(8) man page) in which case the default is v. so configure your DKIM_MODES=sv as you want it ups sorry, guess that was not what you asked for what exactly does not work do you have any logs? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binzO2tcjszwx.bin Description: Veřejný PGP klíč
Re: dkim-milter verify, but don't sign.
Hi, thanks for tips, I used -i ilistfile containing list of internal (signing) hosts. It is signing now, but signature fails on the verifier : Nov 7 12:40:54 celer dkim-filter[4888]: 5CCC8C750A SSL error:04077068:rsa routines:RSA_verify:bad signature Nov 7 12:40:54 celer dkim-filter[4888]: 5CCC8C750A: bad signature data In the message header : X-DKIM: Sendmail DKIM Filter v2.7.2 celer.ajetaci.cz 5CCC8C750A Authentication-Results: celer.ajetaci.cz; dkim=hardfail (verification failed) header.i=@fnhk.cz; dkim-adsp=fail Interesting is, that verifier in the way of this email accepted it signing domain fnhk.cz (I don't wanna overwite domain before post it here anymore :) : X-DKIM: Sendmail DKIM Filter v2.7.2 antivir2.fnhk.cz 71EAF282B8 Authentication-Results: antivir2.fnhk.cz; dkim=pass (1024-bit key) header.i=@fnhk.cz; dkim-adsp=pass Maybe error in the adding some headers by server antivir2.fnhk.cz ? : DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fnhk.cz; s=mail; t=1320665813; bh=FD+AeMxIothgfnBUmgiB3BMcpAHS75XIiHCbbzJzcPg=; h=Subject:From:To:Content-Type:Date:Message-ID:Mime-Version: Content-Transfer-Encoding; b=CRNC8R1tz/4LDsr6SwSAErYvN7y7Zfa2EK6pf cwrtlfBBvYWRBCVr8n0doU2dAGdPVEq96q9Jf9cVf2o5deFLosOLxW/OnXuXhflWqzU jao6Pjw/JU5473lDWxr2tk7BzPco6N80LsjvmY3cN+4dChWhUxlnEaGVUm51PlgvU08 = Thanks a lot J.K. Cituji Robert Schetterer rob...@schetterer.org: Am 07.11.2011 10:56, schrieb Josef Karliak: In the message header I've : X-DKIM: Sendmail DKIM Filter v2.7.2 kostnew.ajetaci.cz 8840B239C3 Authentication-Results: kostnew.ajetaci.cz; dkim=none (no signature) header.i=unknown; dkim-adsp=fail And in the mail log: Nov 7 10:48:37 kostnew dkim-filter[16623]: 8840B239C3 external host [192.168.2.5] attempted to send as ajetaci.cz I've a few similar dkim installations that works (but on older opensuses..). Maybe some small stupid misconfig, but where. It is all simple :-/ thanks J.K. sorry i am short in time perhaps this helps man dkim-filter.conf ExternalIgnoreList (string) Identifies a file of external hosts which may send mail through the server as one of the signing domains without credentials as such. Basically suppresses the external host (hostname) tried to send mail as (domain) log messages. Entries in the file should be of the same form as those of the PeerList option below. The list is empty by default. Cituji Robert Schetterer rob...@schetterer.org: Am 07.11.2011 10:46, schrieb Robert Schetterer: Am 07.11.2011 10:39, schrieb Josef Karliak: Good morning, I configured dkim-milter (2.7.2-x) to postfix (2.7.2-x) on opensuse 11.4 64-bit, generated keys (named mail). In the dkim-milter config I defined my options: DKIM_MODES=sv DKIM_DOMAIN=ajetaci.cz DKIM_SELECTOR=mail DKIM_CANON=simple DKIM_REJECTION=bad=a,dns=t,no=a,sec=t DKIM_EXTRA_ARGS=-l -h -D DKIM_SIGNALG=rsa-sha256 and in the main.cf I've : milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 milter_default_action = accept I tried this over unix socket too. Where is an error ? Any kicks to the right way ? :-/ Thanks and best regards J.K. perhaps this helps Mode (string) Selects operating modes. The string is a concatenation of characters which indicate which mode(s) of operation are desired. Valid modes are s (signer) and v (verifier). The default is sv except in test mode (see the dkim-filter(8) man page) in which case the default is v. so configure your DKIM_MODES=sv as you want it ups sorry, guess that was not what you asked for what exactly does not work do you have any logs? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binPzrqOlCTG5.bin Description: Veřejný PGP klíč
Re: Off Topic: Auto-whitelisting from sent mail?
Hi, I use whitelisting from Sent Items folder from IMAP (one my mail site) or from logfile of antivir/antispam SW on linux. I get a text file with email addreses that I save into a mysql. Spamassassisn with plugin made by Martin Gregorie check if address exists in database (Postgress, mysql, ...). But this is a whitelisting used by spamassassisn. Yours choice :) J.K. Cituji Stan Hoeppner s...@hardwarefreak.com: On 9/21/2011 1:48 PM, Steve Jenkins wrote: AWESOME little script. Nice, Stan! One minor detail stops me from using it, however. I have an old domain hosted on my server that no longer gets any legit mail, but that serves as a great honeypot. So I direct any emails sent to that domain via Postfix to a file, and then I point my spam filtering software at it nightly to learn from it. However, those addresses all show up in the maillog as SENT - which adds them to the raw file in your script. I'm not a scripter, so any ideas on how to work around that, either via Postfix or via the script? I'm not sure how this could be an issue. The only addresses added to this whitelist are smtp recipient addresses successfully delivered to via the smtp(8) service. Rerouting your trap mail to a local file is going to occur via local(8), pipe(8), or another mechanism, depending on how exactly you're doing it, but not via smtp(8). Thus you should be able to use the script as is without issue, unless you're running something other than GNU/Linux, in which case you may be having sed/sort/uniq switch issues I discussed earlier. If you are truly having undesirable addresses added to the whitelist file, maybe you could share some log snippets and sections of the file /tmp/wrkng-whtlst.tmp showing the address(es) in question, obfuscated of course, or send me the real data off list. -- Stan -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. bin6rnHJZai4l.bin Description: Veřejný PGP klíč
Postfix 2.5.6-x and change SMTP error code
Good day everybody, could I change SMTP error message ? For example email doesn't exists, email return message like 5.1.1 smtp; 550 5.1.1 noem...@fn.ca: Recipient address rejected: User unknown in local recipient table #SMTP#. Could I change this message, for my own message in the czech language ? (without diacritics of course:) Thank you for your advices. J.Karliak -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binbv3KAeKL2T.bin Description: Veřejný PGP klíč
Re: Postfix 2.5.6-x and change SMTP error code
Hi, thanks for answer. Don't worry, I wanna keep english message and Czech message will be added (english error message will be translated to a Czech). My boss want it :-/ Thanks and regards J.K. Cituji Reindl Harald h.rei...@thelounge.net: Am 08.09.2011 09:47, schrieb Josef Karliak: Good day everybody, could I change SMTP error message ? For example email doesn't exists, email return message like 5.1.1 smtp; 550 5.1.1 noem...@fn.ca: Recipient address rejected: User unknown in local recipient table #SMTP#. Could I change this message, for my own message in the czech language ? (without diacritics of course:) Thank you for your advices. J.Karliak even if - please do not! as example we are running automatic bounce-managment by parsing the maillog and to make sure that there really only invalid addresses removed and not hard-fail with other reasons we have a list of answer-messages this list is currently way too large because out there too many people using something wired as answers without leave the User unknown as minimum czech is very very bad because i as admin do not understand any word and onet.pl is as example a personal hate-candidate because they are blocking everything, refer to a polish contact form and anser in polish, so you make it hard for every people out there if something goes wrong server answers should always be a) english and b) as short and clear as possible -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. binY9LFz93TIx.bin Description: Veřejný PGP klíč
Postfix + over quota change to perm error
hi guys, is possible to change error codes for over-quota error ? Here is a thing - there are about 4 recipients in aliases : /etc/aliases: abuse: user1,user2,user3,user4 When someone has a full mailbox (user3 for example), system stop delivering email and try it again after some time (we've 5 minutes). Email is delivered to user1,user2,user4. After time this users has a lot of emails. So how to solve this problem ? Change temporary error to permanent ? How ? What's your recomendation ? Thanks a lot. J.Karliak. This message was sent using IMP, the Internet Messaging Program. binh4dSSpcBrJ.bin Description: Veřejný PGP klíč
