Re: Testing Postfix-3.3....0-RC1

2018-02-13 Thread Wietse Venema 
Christian Ro??ner:
> Hi,
> 
> so far, the RC1 works. There is only one thing that is bad:
> 
> Start and stop do not like directories inside /etc/postfix*
> 
> 
> rns root@mx  ~ # postfix stop
> /usr/sbin/postconf: warning: read "ldap" configuration 
> "/etc/postfix-submission/ldap": Is a directory

What are the main.cf settings?

What is /etc/postfix-submission/ldap?

Wietse

Re: How to best test from VM with port 25 closed by ISP

2018-02-13 Thread Matus UHLAR - fantomas 

On 13.02.18 00:04, TG Servers wrote:

how can I best test postfix delivery from a local VM if port 25 is
blocked by ISP.


if you ISP doesn't unblock you, and you want to behave as mail server, you
have problem.


My only intention is to setup another VM and make a network between them
and then send mails between them.
Or is there any other solution how I could get postfix from a VM to the
"world"?


If you only want to send mai lto/through some servers,  you can use
different port with client authentication.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*

Re: temp avoiding RBL block with client_checks OK?

2018-02-13 Thread Voytek 
On Tue, February 13, 2018 9:18 pm, Dominic Raferd wrote:
> On 13 February 2018 at 08:42, Voytek  wrote:

>
> For use within restriction list(s):
> check_client_access is for checking the purported address, or the ip, of
> the incoming connecting client check_sender_access is for checking the
> MAILFROM address (envelope sender)
> check_helo_access is for checking the HELO/EHLO response name
>
> For use outside restriction list(s): (hence later/slower)
> header_checks can be used for checking email headers - including the
> 'From:' header address (which may well be different to the MAILFROM
> address).
>
> In your case you can put either the ip or the client address onto a new
> line in the file referenced by check_client_access, followed by ' OK', and
>  then postmap it afterwards. You might want to add ​tpgi.com.au rather
> than ​mail12​​.tpgi.com.au (assuming smtpd_access_maps  is  listed  in
> parent_domain_matches_subdomains, which is the default case).
>
> Yes it is a little confusing at first...

Dominic,

thanks both for confirming as well as explaining the details, much
appreciated

also, forgot to ask, is there some command to test such change to confirm ?

V

Re: temp avoiding RBL block with client_checks OK?

2018-02-13 Thread Dominic Raferd 
On 13 February 2018 at 11:43, Voytek  wrote:
>
> On Tue, February 13, 2018 9:18 pm, Dominic Raferd wrote:
> > In your case you can put either the ip or the client address onto a new
> > line in the file referenced by check_client_access, followed by ' OK', and
> >  then postmap it afterwards.
> ..
> forgot to ask, is there some command to test such change to confirm ?

If there is something wrong you will see the error when you do:
postmap hash:/etc/postfix/client_checks

For failsafe, make changes to a copy of client_checks in another
location and then postmap this, if no error then copy the amended
client_checks file into /etc/postfix and postmap there.

The changes will be implemented in active postfix pretty quickly after
postmap, but to force immediately do:
postfix reload

Re: temp avoiding RBL block with client_checks OK?

2018-02-13 Thread Dominic Raferd 
On 13 February 2018 at 08:42, Voytek  wrote:

> one of the users is waiting for an email from server currently listed on
> http://www.dnsbl.manitu.net/lookup.php?value=203.12.160.162
>
> chances are it might get fixed in 12 hours, or, maybe not
>
> short of removing dnsbl.manitu.net from my RBL checks, is there a way to
> 'bypass' this current predicament, and, allow mails from the IP/host?
>
> can I simply put IP ? hostname ? both ? in /etc/postfix/client_checks ?
>
> or is it /etc/postfix/sender_checks ? as so:
>
> 203.12.160.162 OK
> mail12.tpgi.com.au OK
>
>
> from main.cf:
> --
> smtpd_recipient_restrictions =
>  reject_unknown_sender_domain,
>  reject_unknown_recipient_domain,
>  reject_non_fqdn_sender,
>  reject_non_fqdn_recipient,
>  reject_unlisted_recipient,
>  check_policy_service inet:127.0.0.1:,
>  permit_mynetworks,
>  check_sasl_access hash:/etc/postfix/sasl_access
>  permit_sasl_authenticated,
>  reject_unauth_destination,
>  check_recipient_access hash:/etc/postfix/recipient_no_checks,
>  check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
>  check_helo_access hash:/etc/postfix/helo_checks,
>  check_sender_access hash:/etc/postfix/sender_checks,     check_client_access hash:/etc/postfix/client_checks,   <=??
>  check_client_access pcre:/etc/postfix/client_checks.pcre,
>  reject_rbl_client zen.spamhaus.org,
>  reject_rhsbl_client dbl.spamhaus.org,
>  reject_rhsbl_sender dbl.spamhaus.org,
>  reject_rbl_client psbl.surriel.com,
>  reject_rbl_client ix.dnsbl.manitu.net,
>  reject_rbl_client bl.spamcop.net,
>  check_policy_service inet:127.0.0.1:10031
>
>
> ---
> Feb 13 15:11:59 emu postfix/smtpd[12324]: NOQUEUE: reject: RCPT from
> mail12.tpgi.com.au[203.12.160.162]: 554 5.7.1 Service unavailable; Client
> host [203.12.160.162] blocked using ix.dnsbl.manitu.net; Your e-mail
> service was detected by spam.over.port25.me (NiX Spam) as spamming at Tue,
> 13 Feb 2018 00:10:11 +0100. Your admin should visit
> http://www.dnsbl.manitu.net/lookup.php?value=203.12.160.162;
> from= to= proto=ESMTP
> helo=<
> ​​
> mail12
> ​​
> .tpgi.com.au >


For use within restriction list(s):
check_client_access is for checking the purported address, or the ip, of
the incoming connecting client
check_sender_access is for checking the MAILFROM address (envelope sender)
check_helo_access is for checking the HELO/EHLO response name

For use outside restriction list(s): (hence later/slower)
header_checks can be used for checking email headers - including the
'From:' header address (which may well be different to the MAILFROM
address).

In your case you can put either the ip or the client address onto a new
line in the file referenced by check_client_access, followed by ' OK', and
then postmap it afterwards. You might want to add ​tpgi.com.au rather
than ​mail12​​.tpgi.com.au (assuming smtpd_access_maps  is  listed  in
parent_domain_matches_subdomains, which is the default case).

Yes it is a little confusing at first...

temp avoiding RBL block with client_checks OK?

2018-02-13 Thread Voytek 
one of the users is waiting for an email from server currently listed on
http://www.dnsbl.manitu.net/lookup.php?value=203.12.160.162

chances are it might get fixed in 12 hours, or, maybe not

short of removing dnsbl.manitu.net from my RBL checks, is there a way to
'bypass' this current predicament, and, allow mails from the IP/host?

can I simply put IP ? hostname ? both ? in /etc/postfix/client_checks ?

or is it /etc/postfix/sender_checks ? as so:

203.12.160.162 OK
mail12.tpgi.com.au OK


from main.cf:
--
smtpd_recipient_restrictions =
 reject_unknown_sender_domain,
 reject_unknown_recipient_domain,
 reject_non_fqdn_sender,
 reject_non_fqdn_recipient,
 reject_unlisted_recipient,
 check_policy_service inet:127.0.0.1:,
 permit_mynetworks,
 check_sasl_access hash:/etc/postfix/sasl_access
 permit_sasl_authenticated,
 reject_unauth_destination,
 check_recipient_access hash:/etc/postfix/recipient_no_checks,
 check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
 check_helo_access hash:/etc/postfix/helo_checks,
 check_sender_access hash:/etc/postfix/sender_checks,    to= proto=ESMTP
helo=

Re: How to best test from VM with port 25 closed by ISP

2018-02-13 Thread TG Servers 



Am 13. Februar 2018 09:52:53 schrieb Matus UHLAR - fantomas 
:



On 13.02.18 00:04, TG Servers wrote:

how can I best test postfix delivery from a local VM if port 25 is
blocked by ISP.


if you ISP doesn't unblock you, and you want to behave as mail server, you
have problem.


My only intention is to setup another VM and make a network between them
and then send mails between them.
Or is there any other solution how I could get postfix from a VM to the
"world"?


If you only want to send mai lto/through some servers,  you can use
different port with client authentication.



I just want to test a real server install on a vm. As i wrote before I 
think there are some general installation issues I have to check before. 
Port 25 is not my problem I think.


Thanks.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*