[pfx] Re: [ext] ehlo=2
* postfix--- via Postfix-users : > I have noticed in most deliveries, servers are issuing two ehlo commands. For > example: > > postfix/smtpd[232271]: disconnect from talvi.dovecot.org[94.237.105.223] > ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 One EHLO before STARTTLS and one afterwards. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] active queue is too high
* Gino Ferguson via Postfix-users : > Hi, > > > We have a relay server which has been working fine (postfix 3.3.0-1ubuntu0.4) > > Now there are ~20K mails in the active queue for a certain recipient and they > are just sitting there. mailq is reporting what reason? > Such an email just comes in from the client, gets its queue id, etc. and > lands in the active queue. Then it stays there. OK > There are regularly repeated postfix/qmgr logs like this but nothing more: > postfix/qmgr ... from=..., size=9499, nrcpt=1 (queue active) > > How can I tell why postfix keeps them in the active queue for so long? Try grepping for the queueid of such an email. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Re: Feature request
* Allen Coates via Postfix-users : > > Better yet, don't be lazy, include a fingerprint string in your RHS > > reject rule values. > Postscreen doesn't have the option of unique RHS fingerprints; nonetheless, > it would useful to see which (of several) > ACLs was rejecting an incoming connection. Luckily, postscreen doesn't use regexp (which was my use case) either :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Feature request
Hi! I wonder if this is possible: If a PCRE/regexp style map is triggering, it can be quite hard to find out WHICH pattern actually caused the action. So maybe postmap (when invoked with "-b", "-h" or "-q key") could emit which regular expression (or which line it was in) actually matched. Yes, I could give all my regular expressions patterns a unique RHS or find the regular expressions by divide-et-impera, but I'm being lazy. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Re: [OT] postfwd3 as check_policy_service hogging the CPU
* Viktor Dukhovni via Postfix-users : > Note that if you want the actual recipient addresses, (not just a > count), I just need the count in this case > you'll need to also intercept recipient restrictions. oh! > The Postfix smtpd(8) server does not keep the recipient list in memory, the > list is streamed out into the queue file (really cleanup service or > pre-queue proxy filter). -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Re: [OT] postfwd3 as check_policy_service hogging the CPU
* Matus UHLAR - fantomas via Postfix-users : > > envelope sender address and number of recipients. > > not authenticated user? ;-) Yes, I'm also checking if the come from our exchangeserver. > if you want to see/process mail size, using it in > smtpd_end_of_data_restrictions is necessary. > if not, you can use it in smtpd_data_restrictions. Then I shall try that instead, since I don't care about the size of the mail. > However, I'd say the optimal place is where you need it. Before > smtpd_data_restrictions you don't see recipient_count either. Yup. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] [OT] postfwd3 as check_policy_service hogging the CPU
I'm using postfwd3 as a policy service for rate limiting based on the envelope sender address and number of recipients. We're both limiting "freemailer" senders (they can only reach a low number of internal recipients before being restricted) as well as our internal users (they can only reach a low number of external recipients before being subject to inspection) The integration into postfix boils down to: smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040 Now postfwd3 is written in Perl, and that thing is hogging the CPU: # ltrace -c -p 2722940 % time seconds usecs/call calls function -- --- --- - 24.955.368282 86 62012 free 16.653.582837 86 41368 memmove 15.743.387136 86 38990 malloc 15.653.368211 86 39100 __errno_location 10.812.327013 85 27109 calloc 10.312.217849 86 25717 memcpy 2.960.637078 85 7418 memcmp 2.780.597770 85 6958 memchr ... snip ... -- --- --- - 100.00 21.516662249020 total I put the check into smtpd_end_of_data_restrictions, so all recipients are known... Is smtpd_end_of_data_restrictions maybe a suboptimal place for that check_policy_service? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] reject_unverified_recipient triggers Recipient address rejected
> postfix/submission/smtpd[23263]: NOQUEUE: reject: RCPT from > unknown[21.193.143.55]: 450 4.1.1 : Recipient address rejected: > unverified address: unknown mail transport error; from= > to= proto=ESMTP helo= The verification fails with a "unknown mail transport error" Check the logs (on both sides, sending and receiving): egrep "(error|fatal):" /var/log/mail.log (or wherever your logs are) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: transport_maps : fatal: garbage after "]" in server description...
> i am running Postfix 3.4.14 and try to set up mailrouting to multiple > smtp hosts. > transport_maps = hash:/etc/postfix/mailertable > > example.com smtp:[mx1.foobar.com],smtp:[mx2.foobar.com] > > However i get: > fatal: garbage after "]" in server description: > [mx1.foobar.com],smtp:[mx2.foobar.com] > > Whats the correct syntax? I cant find a hint in the docs :-/ example.com smtp:[mx1.foobar.com],[mx2.foobar.com] -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Logging of SMTP smuggling mitigation
> Would it be possible to log at least the queue-id as well? Also sender > and/or recipient would be nice ;-) Or is it for security that no more > information is logged? 20240104 Cleanup: when the Postfix SMTP server rejects bare , log the helo, mail and rcpt information if available. Files: smtpd/smtpd.c, smtpd/smtpd_check.c. Will be in 3.9, but I guess not in the other versions. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Downloadlinks for postfix-3.9-20240109 seem to be broken
http://ftp.porcupine.org/mirrors/postfix-release/index.html lists: http://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-3.9-20240109.tar.gz http://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-3.9-20240109.HISTORY both of which report: The requested URL /mirrors/postfix-release/experimental/postfix-3.9-20240109.tar.gz was not found on this server. The requested URL /mirrors/postfix-release/experimental/postfix-3.9-20240109.HISTORY was not found on this server. Apache/1.3.29 Ben-SSL/1.53 Server at ftp.porcupine.org Port 80 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] 25 years today
* Wietse Venema via Postfix-users : > As a few on this list may recall, it is 25 years ago today that the > "IBM secure mailer" had its public beta release. This was accompanied > by a nice article in the New York Times business section. Ah, it's today. Recently I scrolled through the Changelog and wondered "oh, it's 25 years soon". > That was a long time ago. Postfix has evolved as the Internet has > changed. I am continuing the overhaul of this software, motivated > by people like you on this mailing list. Cheers, on to the next 25 years :* -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Why can't I get /etc/aliases to do anything?
* Chris Green via Postfix-users : > On Tue, Dec 05, 2023 at 05:41:11PM +0100, Ralf Hildebrandt via Postfix-users > wrote: > > * Chris Green via Postfix-users : > > > > > mydestination = > > > > no mail is delivered locally. Thus "/etc/aliases" doesn't get to do > > anything > > > Ah, that explains it. > > So what's the minimal way of doing this? > > I don't want to deliver any mail locally but I do want something like > /etc/aliases to redirect mail sent to root (i.e. errors) to me off site. I'd say: leave mydestination at the default (delete the line from main.cf) then it should work. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Why can't I get /etc/aliases to do anything?
* Chris Green via Postfix-users : > mydestination = no mail is delivered locally. Thus "/etc/aliases" doesn't get to do anything -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] non_smtpd_milters = $smtpd_milters
* duluxoz via Postfix-users : > A quick question (just to clarify things in my own mind): > > If `non_smtpd_milters = $smtpd_milters`, does this mean that an email > received on port 25 passes through the milters twice; once for the > `smtpd_milters` (from the `smtpd(8)` process) and again for the > `non_smtpd_milters` (from the `cleanup(8)` process)? No. non_smtpd_milters are for new mail that does not arrive via the Postfix smtpd server. This includes local submission via the sendmail command line, new mail that arrives via the Postfix qmqpd server, and old mail that is re-injected into the queue with "postsuper -r". smtpd_milters are for new mail that arrives via the Postfix smtpd(8) server. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] gmail failing SPF/DKIM
* Linkcheck via Postfix-users : > If someone wishes to check this, a typical form (which is sent to me with > copy to "you") is at > https://www.linkcheck.co.uk/ > under menu option Contact & Enquiries. I tried your form: Authentication-Results: mail-cbf-ext.charite.de; dkim=pass header.d=linkcheck.co.uk header.s=mail header.b=LiOUpR1t; spf=pass (mail-cbf-ext.charite.de: domain ofenquiryf...@linkcheck.co.uk designates 185.35.151.121 as permitted sender) smtp.mailfrom=enquiryf...@linkcheck.co.uk; dmarc=pass (policy=reject) header.from=linkcheck.co.uk Looking good if you ask me :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] CORRECTION: How to temporarily pause virtual mail delivery
* Wietse Venema via Postfix-users : > Wietse Venema via Postfix-users: > > If you use defer_transports to freeze mail deliveries, then some > > messages may get close to the bounce_queue_lifetime, meaning that > > Postfix will try to deliver them only once. > > And that was incorrect. defer_transports will not freeze mail in > the queue, it just moves a message to the deferred queue withoout > trying to deliver it. After a message reaches bounce_queue_lifetime, bounce_queue_lifetime or maximal_queue_lifetime (depending on what it is)? > it may be returned to sender just like any deferred message. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Re: Question about postscreen
* Matus UHLAR - fantomas via Postfix-users : > > And thus the solution is: Don't use the dnsbl in postscreen, but ONLY > > in spamassassin/rspamd instead. > > No problem, you can safely use postscreen with multiple DNSBLs and DNSWLs. > - just don't rely on single hit, unless it's your own DNSBL. Hey, it was not my idea, but the OP's :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Re: Question about postscreen
* Matus UHLAR - fantomas via Postfix-users : > On 02.11.23 10:49, Ivan Ionut via Postfix-users wrote: > > Hi, it's possible that postscreen does not block the email when > > postscreen_dnsbl_threshold is reached but to pass that email to > > spamassassin(with a score and a tag). > > Postscreen does not tag. It passes or blocks the mail. And thus the solution is: Don't use the dnsbl in postscreen, but ONLY in spamassassin/rspamd instead. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] *.mail.protection.outlook.com reporting "452 4.5.3 Too many recipients (AS780090)" for many domains
Hi! Since this morning, various MX hosts in *.mail.protection.outlook.com reporting are reporting back temporary errors for us: Exhibit A) host ohri-ca.mail.protection.outlook.com[104.47.75.228] said: 452 4.5.3 Too many recipients (AS780090) [YQBCAN01FT018.eop-CAN01.prod.protection.outlook.com 2023-10-11T02:11:41.144Z 08DBC99CDEC51952] (in reply to RCPT TO command) (for a mail with 4 recipients, in that particular case) Exhibit B) host fraport-de.mail.protection.outlook.com[52.101.73.16] said: 451 4.7.500 Server busy. Please try again later from [193.175.73.209]. (S77719) [AMS0EPF019E.eurprd05.prod.outlook.com 2023-10-11T01:32:21.804Z 08DBC9B278D9A989] (in reply to end of DATA command) (for a single recipient mail) This is happening for multiple tenants on *.mail.protection.outlook.com Has anybody made similar observations? According to https://sendersupport.olc.protection.outlook.com/snds/ : "All of the specified IPs have normal status." -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] milter outgoing not working
* Ralf Hildebrandt via Postfix-users : > * Stanislav via Postfix-users : > > Greetings, > > > > After upgrading from postfix 3.7.3 to postfix 3.8.2, I've noticed my email > > is not signed with DKIM anymore. After further investigation, I've found > > that Postfix ignores milter on outgoing emails (incoming goes through milter > > ok). > > How is the milter being invoked? > postconf -n |grep milter In my case this yields: # postconf -n |fgrep milter non_smtpd_milters = $smtpd_milters smtpd_milters = inet:127.0.0.1:7357 inet:127.0.0.1:8891 ^ so, two milters are used: clamav-milter and opendkim # netstat -tulpen | egrep "(7357|8891)" tcp0 0 127.0.0.1:8891 0.0.0.0:* LISTEN 983 295923257 3588942/opendkim tcp0 0 127.0.0.1:7357 0.0.0.0:* LISTEN 981 318524015 39048/clamav-milter (you might be using milters in master.cf, selectively for some processes only, so also check master.cf) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] milter outgoing not working
* Stanislav via Postfix-users : > Greetings, > > After upgrading from postfix 3.7.3 to postfix 3.8.2, I've noticed my email > is not signed with DKIM anymore. After further investigation, I've found > that Postfix ignores milter on outgoing emails (incoming goes through milter > ok). How is the milter being invoked? postconf -n |grep milter -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] pipelining issue
* Joey J via Postfix-users : > I have been getting a ton of pipelining errors over the past few weeks and > I can't figure out why. I'm not seeing any here, so let's focus on what you're posting here. > It keeps saying queue write error, but disk & cpu performance is good, disk > space is good. What does your log day for those events? > In: MAIL FROM: SIZE=36318 > In: RCPT TO: Most likely it's a filter of some sort, probably a milter or a pre-queue filter. Show "postconf -n" output. > In: MAIL > FROM:<3yzajzrukbnydggc6j-klm5ag-fgj6hdq8gg8d6.4ge2d6p2f5j6mk@data-studio.bounces.google.com> Given thar address, this event should be easy to find in the logs -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] TLS issues
> smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem > smtpd_tls_key_file = /etc/pki/tls/private/postfix.key Try adding: smtp_tls_key_file = $smtpd_tls_key_file smtp_tls_cert_file = $smtpd_tls_cert_file -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] warn_if_reject and MILTER
* Patrick Ben Koetter via Postfix-users : > Greetings, > > I was wondering if there's something similar to warn_if_reject when it comes > to dry-run / test-run MILTER applications in Postfix. The documentation on > warn_if_reject does not mention MILTERs, which usually means the feature isn't > there because otherwise it would be documented, and the per-Milter settings in > MILTER_README don't mention something I could use to warn_if_reject either. If I remember correctly, sof_bounce is some sort of el-cheapo "replace 5 with 4 in the output to the client"-thing. And thus should work even with milters. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Help with spamhaus listing
* Tom Reed via Postfix-users : > > Dear lists, > > I in fact use rarely this mailbox: t...@dkinbox.com > But today I found both my domain "dkinbox.com" and the mailserver IP: > 38.45.66.54 are listed into spamhaus "css" and "dbl" blacklists. Checking https://multirbl.valli.org/lookup/38.45.66.54.html yields other listings, sometimes with reasons: "Spamtrap hit" another listings ( https://matrix.spfbl.net/38.45.66.54 ) shows: "This IP was flagged due to misconfiguration of the e-mail service or the suspicion that there is no MTA at it." (and it's not rDNS - my addition!) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Re: DKIM and DMARC
* Scott Kitterman via Postfix-users : > DKIM has no policy mechanism associated with it, so there's no basis in any > standardized mechanism to determine if a DKIM failure should be cause for > rejection. I don't think it makes logical sense to treat a message with a > DKIM signature that failed to verify any more harshly than you would unsigned > mail. > > DMARC does have such a policy component. Rejecting mail which fails DMARC > for domains that have a policy of p=reject is common. DMARC does have a high > error rate for some types of email, so I would recommend a careful evaluation > of what you would be rejecting before you do so. I always thought DMARC was the policy component for DKIM. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] how to implement plus address
* Tom Reed via Postfix-users : > Hello > > How can I implement the following feature? > the messages sent to: > > foo+la...@sample.com > foo+lab...@sample.com > ... > > all them will be delivered into: > f...@sample.com recipient_delimiter = + -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] multi smtp servers question
* Corey Hickman via Postfix-users : > Hello list, > > We have 3 smtp servers for sending messages. When mail in one server has > delivery issue, how can we setup it to use another more servers for > second/third delivery? You could use smtp_fallback_relay -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Question to reject_rbl_client zen.spamhaus.org
> smtpd_recipient_restrictions = >permit_mynetworks, >permit_sasl_authenticated, >reject_unauth_destination, >check_policy_service unix:private/policyd-spf, >reject_rbl_client zen.spamhaus.org, >reject_rbl_client bl.spamcop.net > > When I sent message from a Spamhaus Zen listed IP (this IP not in my > whitelist), the message still came into system. In that case you either sent from: a client in $mynetworks (permit_mynetworks) or an authenticated client (permit_sasl_authenticated) Another option might be that your mailserver is querying zen.spamhaus.org and bl.spamcop.net via a public resolver (1.1.1.1, 8.8.8.8 or the like) which might cause all kinds of odd problems -- thus examine /etc/resolv.conf -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Re: Issues on incoming queue
* Wietse Venema via Postfix-users : > Start by looking for "@domain" wildcards in virtual_alias_maps or Somewhat related: I was under the impression that virtual_alias_maps "@domainA @domainB" did NOT break recipient verifiction. Or am I hallucinating? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Issues on incoming queue
* Israel britto via Postfix-users : > Hey, I have a strange problem, my incoming queue is growing and my > active and deferred queues are low on queue items. I checked and I > have a lot of incoming mailer-daemon and double-bounce emails, is > there a way to discard these messages? Read them using "postcat -q QUEUEID" to find out what's causing them. Then fix that first. > I've already tried to create a transport_map by sending all incoming messages > to my domain to be discarded, like this @mydomain discard:silently > But even so I continue to be flooded with messages of this type in incoming. Yes, since they come in FIRST to be discarded after! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] secondary MX server
* Corey Hickman via Postfix-users : > Since almost every sending MTA has the queues, do I need a secondary MX for > my domain email? I don't know if the RFC mandate it, but nowadays everbody knows better, so WTF. > I am afraid the secondary MX was abused by spammers. Indeed. The secondary basically needs to have the same setup as the primary in terms of anti spam and recipient lists. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] Re: Configuration of postfix on Ubuntu 22
* Aosars Repository via Postfix-users : > Hi all, > I have installed postfix on Ubuntu server 22 and configured to use gmail > smtp.But it fails to send mails. The log should inform you why it's failing. I have a config snippet here: main.cf: smtp_use_tls=yes relayhost = smtp.gmail.com:587 # we want to relay all mails via smtp.gmail.com (port 587) smtp_sasl_auth_enable = yes # we need username password for that smtp_sasl_password_maps = hash:/etc/postfix/sasl_password_maps # username password are stored in /etc/postfix/sasl_password_maps /etc/postfix/sasl_password_maps contains: smtp.gmail.com my-gmail-addr...@gmail.com:theapplicationspecificpasswordforthisserver -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] difference between relay and smtp
* Gino Ferguson via Postfix-users : > Can you explain me the practical difference between relay and smtp delivery > on a relay server? The "relay" and "smtp" service are both "smtp" services. But: If you seperated "relay" from "smtp" you can do stuff like: defer_transports = relay without affecting mail to other destinations. Also, the qmgr is assigning delivery slots to services in a round-robin fashion, so having one for "relay" and one for "smtp" ensures fairness for relaying duties vs. delivery to external sites. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] list.sys4.de fails with starttls
* Benny Pedersen via Postfix-users : > Mar 17 11:38:31 localhost postfix/smtpd[22150]: lost connection after > STARTTLS from list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] > Mar 17 12:09:10 localhost postfix/smtpd[23415]: lost connection after > STARTTLS from list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0] > > maybe it works ? I'll check. Which IP is that? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: A new Postfix book in the making - "Run Your Own Mail Server"
> The books Michael writes are little gems, nice to read, often funny, > always "to-the-point" and not expensive. This might be his most > important (technical) book. I took a quick glance, and Chapter 0 is looking good! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [P-U] Re: New List Host and Reply-to Header
* Patrick Ben Koetter via Postfix-users : > approach to subscriber self management. Once you've become a registered > MLM platform participant you can easily change settings that will apply to all > lists you've subscribed to in one place. I consider that a great usability > benefit for subscribers. Furthermore, mm2 get's rid of the awful "this is your password" mails. -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org