Re: userbase table and catchall
On 2015-04-11 21:19, ED Fochler wrote: The b quite how it functions. accept for domain will also reject if not in that domain, and at that point the domain is fully accounted for. Another line attempting to do something for that same domain should not have any affect as there is nothing left for it to process. If you want to process different recipients in the same domain with different rules, you must specify the b to limit the match to less than the full domain. ED. That makes it clear for me. Using "recipient" was what I expected to work from the beginning, but - "recipient" does work with "local" only. The are not "local". As far I can see there is no way to handle the external as local through a rule in smtpd.conf to "local" only, isn't it? I won't use things like smtp proxying or such things. On 2015, Apr 11, at 1:46 PM, jseb wrote: Hello, I answer to myself. In fact, swapping two lines in the config file makes the catch-all working. I don't know why :( This one won't work: accept from any for domain alias deliver to maildir accept from any for domain virtual deliver to maildir This one works: accept from any for domain virtual deliver to maildir accept from any for domain alias deliver to maildir Okb -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: userbase table and catchall
On 2015-04-11 19:46, jseb wrote: Hello, I answer to myself. In fact, swapping two lines in the config file makes the catch-all working. I don't know why :( This one won't work: accept from any for domain alias deliver to maildir accept from any for domain virtual deliver to maildir This one works: accept from any for domain virtual deliver to maildir accept from any for domain alias deliver to maildir But in this case all will be catched! Your setup was similar to one that I tried too. Okb -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: userbase table and catchall
The “accept” terminology implies a firewall style accept. This is not quite how it functions. accept for domain will also reject if not in that domain, and at that point the domain is fully accounted for. Another line attempting to do something for that same domain should not have any affect as there is nothing left for it to process. If you want to process different recipients in the same domain with different rules, you must specify the “recipient” in the “accept” line to limit the match to less than the full domain. ED. > On 2015, Apr 11, at 1:46 PM, jseb wrote: > > Hello, > > I answer to myself. > > In fact, swapping two lines in the config file makes the catch-all > working. > I don't know why :( > > This one won't work: > accept from any for domain alias deliver to maildir > accept from any for domain virtual deliver to maildir > > > This one works: > accept from any for domain virtual deliver to maildir > accept from any for domain alias deliver to maildir > > > Ok… magic ? > > > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: userbase table and catchall
Hello, I answer to myself. In fact, swapping two lines in the config file makes the catch-all working. I don't know why :( This one won't work: accept from any for domain alias deliver to maildir accept from any for domain virtual deliver to maildir This one works: accept from any for domain virtual deliver to maildir accept from any for domain alias deliver to maildir Ok… magic ? -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: pre-queue spam check
On Sat, Apr 11, 2015 at 04:06:49PM +0100, Craig Skinner wrote: > On 2015-04-11 Sat 16:04 PM |, Joerg Jung wrote: > > > > From my understanding, the user connects on port 25 (using STARTTLS and > > SMTP AUTH), is blocked by spamd (451 temporarily greylisted for 25 min), > > but usually MUAs try again some seconds later... > > Users connect to the submission port 587 via their MUAs. As I wrote earlier, in my (inherited) migration scenario some users still connect on port 25 via their MUAs. > Otherwise, request them to upgrade their mail app to something that's > less than 20 years old. Sure, that is what I'm currently working on and why I wrote *legacy* users. Unfortunately, in real world scenarios (with thousands of users) such migrations take a while, thus I need to provide the legacy access a little bit longer. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: pre-queue spam check
On 2015-04-11 Sat 16:04 PM |, Joerg Jung wrote: > > From my understanding, the user connects on port 25 (using STARTTLS and > SMTP AUTH), is blocked by spamd (451 temporarily greylisted for 25 min), > but usually MUAs try again some seconds later... Users connect to the submission port 587 via their MUAs. Otherwise, request them to upgrade their mail app to something that's less than 20 years old. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: pre-queue spam check
On Sat, Apr 11, 2015 at 12:12:05PM +0200, Peter N. M. Hansteen wrote: > Joerg Jung writes: > > > I also know about spamd, but that is not really an option for now as the > > server speaks v6 and STARTTLS, moreover I have legacy users which AUTH > > on port 25 as well. This does not play well with spamd. > > spamd doesn't even attempt smtp auth, but then once the sender is > whitelisted (as a valid sender should be), the problem would go away. >From my understanding, the user connects on port 25 (using STARTTLS and SMTP AUTH), is blocked by spamd (451 temporarily greylisted for 25 min), but usually MUAs try again some seconds later... so I do not see how these senders become valid and whitelisted? Besides, spamd does not (yet) support IPv6 or STARTTLS. > Your regular and valid correspondents would not see spamd at all -- > after all spamd is supposed to simply slow down the obvious spambots. > > In your scenario (as in most others) it's likely useful to explore the > nospamd option, as in maintain a table of IP addresses or ranges that > are simply never redirected to spamd. It's even in the spamd man page > (first pf.conf ruleset example). With legacy users using SMTP AUTH I meant users from (global) dialup connections with (often) changing IP(v6) client addresses. I see no chance how I could whitelist them. Regards, Joerg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: pre-queue spam check
Joerg Jung writes: > I also know about spamd, but that is not really an option for now as the > server speaks v6 and STARTTLS, moreover I have legacy users which AUTH > on port 25 as well. This does not play well with spamd. spamd doesn't even attempt smtp auth, but then once the sender is whitelisted (as a valid sender should be), the problem would go away. Your regular and valid correspondents would not see spamd at all -- after all spamd is supposed to simply slow down the obvious spambots. In your scenario (as in most others) it's likely useful to explore the nospamd option, as in maintain a table of IP addresses or ranges that are simply never redirected to spamd. It's even in the spamd man page (first pf.conf ruleset example). - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
