On Mon, Oct 07, 2013 at 07:36:48PM +0200, DTNX Postmaster wrote:
> Make sure your ISP supports reverse DNS for IPv6, either by request or
> by delegating it to you. If you cannot get this sorted yet, I would
> recommend simply postponing IPv6 rollout for your MX for now, until
> your ISP finally
> > SMTP from an address with no reverse DNS is a fairly good indicator
> > of a spam source. YMMV.
>
> Agreed.
As a matter of fact, I *do* have working PTR, SPF, and all that stuff,
for both IPv4 and IPv6, and it doesn't help. I should note that I did
have that all the time, not just after Googl
On 10/7/2013 11:19 PM, li...@sbt.net.au wrote:
> On Tue, October 8, 2013 3:02 pm, Stan Hoeppner wrote:
>> On 10/7/2013 9:10 PM, li...@sbt.net.au wrote:
>
>> Without the log entries Simon asked for we can't do anything more to
>> help you, as we don't know how the spam is being injected. Please pr
On Tue, October 8, 2013 3:02 pm, Stan Hoeppner wrote:
> On 10/7/2013 9:10 PM, li...@sbt.net.au wrote:
> Without the log entries Simon asked for we can't do anything more to
> help you, as we don't know how the spam is being injected. Please provide
> logging that demonstrates the problem.
Stan,
On 10/7/2013 9:10 PM, li...@sbt.net.au wrote:
> On Tue, October 8, 2013 11:31 am, Simon B wrote:
>> On 8 Oct 2013 01:54, "Voytek" wrote:
>
>> spam from many.na...@adomain.tld, how best to prevent any outbound mails
>> from adomain.tld till I can look at this?
>
>> Postfix stop
>>
>>
>> Then post
On Tue, October 8, 2013 11:31 am, Simon B wrote:
> On 8 Oct 2013 01:54, "Voytek" wrote:
> spam from many.na...@adomain.tld, how best to prevent any outbound mails
> from adomain.tld till I can look at this?
> Postfix stop
>
>
> Then post your postconf -n and a log snippet of an outgoing span pre
On 8 Oct 2013 01:54, "Voytek" wrote:
>
> It seems one of my users has been hacked, my postfix server is spewing
spam from many.na...@adomain.tld, how best to prevent any outbound mails
from adomain.tld till I can look at this?
>
Postfix stop
Then post your postconf -n and a log snippet of an out
It seems one of my users has been hacked, my postfix server is spewing spam
from many.na...@adomain.tld, how best to prevent any outbound mails from
adomain.tld till I can look at this?
--
Sent from Kaiten Mail. Please excuse my brevity.
On 10/7/2013 12:25 PM, Jim Reid wrote:
> On 7 Oct 2013, at 18:15, Erwan David wrote:
>
>> Google is really rejecting emails in IPv6 because of a lack of PTR...
>
> If that's the case, good. Just do The Right Thing and arrange a valid PTR for
> the IPv6 address that speaks SMTP. This should be s
One more thing to keep in mind. When used with mynetworks, as
I already explained the RHS of the table entries is ignored.
Therefore, your attempt at a reject rule:
10.147.11.11 reject
is completely ineffective. If you want to use CIDR rules with
exceptions to define trusted clients, you
On Mon, Oct 07, 2013 at 03:34:38PM -0600, Blake Farmer wrote:
> Method 1
> [root@relay01 postfix]# grep cidr main.cf
> cidr = cidr:${config_directory}/
> mynetworks = ${cidr}mynetworks.cidr
> #mynetworks = cidr:/etc/postfix/mynetworks.cidr
The above is broken.
http://www.postfix.org/post
I tried that method verbatium without success, postfix is able to start
without issue however it continues to reject the machines I am using to
test access and denied access.
Your recomendation I beleive assigns the path and file designation to
the variable cidr when then continues to the next
--On Thursday, September 26, 2013 4:38 PM -0400 Wietse Venema
wrote:
Quanah Gibson-Mount:
One of our customers has an interesting setup where they did the
following:
a) Created 50 users
b) Added a secondary address for the 50 users to an external server with
50 users (So any email sent to
--On Monday, October 07, 2013 6:07 PM + Viktor Dukhovni
wrote:
Note, the new "%" substitution pattern for a comma-separated
list of DC= components is "%," not "%". I hope that's reasonably
clear in the patch documentation.
Yeah, it is quite clear, I was just adjusting the config on the
On Mon, Oct 07, 2013 at 01:06:59PM -0600, Blake wrote:
> I tried Victor's soltuion adding the code he noted however postfix would
> fail to reload or restart generating the following errors.
> Oct 7 12:47:32 relay01 postfix[22897]: warning: macro name syntax error:
> "/etc/postfix/"
Your setting
Blake:
> 10.147.11.0/24 4
As Victor noted, the form 10.147.11.0/24 does not work with indexed
files. This also written in the access(5) manpage. If you must use
this, use cidr: format instead.
Wietse
> On 7 Oct 2013, at 19:30, Erwan David wrote:
> But it is false to say tjat a mail server without reverse surely is a spammer.
But nobody was saying that. Almost no legitimate mail comes from addresses with
no reverse DNS. Sure, some spammers will have reverse DNS. Which is why this is
just o
Viktor Dukhovni:
> This thread is becoming repetitive with no new insights, time to
> wrap it up.
In particular Reindl, you are getting close to be kicked off the list again.
Wietse
Thank you to Victor & Wietse for your response.
I thought the mynetworks parameter was the issue in terms of rejecting
clients from access.
I tried Victor's soltuion adding the code he noted however postfix would
fail to reload or restart generating the following errors.
Oct 7 12:47:32 relay01 p
This thread is becoming repetitive with no new insights, time to
wrap it up.
--
Viktor.
Am 07.10.2013 20:47, schrieb Erwan David:
> Le 07/10/2013 20:37, li...@rhsoft.net a écrit :
>> Am 07.10.2013 20:30, schrieb Erwan David:
>>> Le 07/10/2013 20:24, li...@rhsoft.net a écrit :
Am 07.10.2013 19:42, schrieb Erwan David:
> That's a matter of policy, if you cannot afford to loose
On 10/07/2013 07:49 PM, Luigi Rosa wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wietse Venema said the following on 07/10/2013 16:25:
And here is the corrected example in one place. BTW it seems the real fix
is to set up one PTR record, with a matching record.
No, it doesn't wor
Le 07/10/2013 20:37, li...@rhsoft.net a écrit :
> Am 07.10.2013 20:30, schrieb Erwan David:
>> Le 07/10/2013 20:24, li...@rhsoft.net a écrit :
>>> Am 07.10.2013 19:42, schrieb Erwan David:
That's a matter of policy, if you cannot afford to loose legitimate
email, you may.
>>> show me one
Am 07.10.2013 20:30, schrieb Erwan David:
> Le 07/10/2013 20:24, li...@rhsoft.net a écrit :
>>
>> Am 07.10.2013 19:42, schrieb Erwan David:
>>> That's a matter of policy, if you cannot afford to loose legitimate
>>> email, you may.
>> show me one legitimate mail server in 2013 without a PTR
>>
>>
Le 07/10/2013 20:24, li...@rhsoft.net a écrit :
>
> Am 07.10.2013 19:42, schrieb Erwan David:
>> Le 07/10/2013 19:38, li...@rhsoft.net a écrit :
>>> Am 07.10.2013 19:15, schrieb Erwan David:
No Google is really rejecting emails in IPv6 because of a lack of PTR...
>>> as virtually everbody else
Am 07.10.2013 19:42, schrieb Erwan David:
> Le 07/10/2013 19:38, li...@rhsoft.net a écrit :
>>
>> Am 07.10.2013 19:15, schrieb Erwan David:
>>> No Google is really rejecting emails in IPv6 because of a lack of PTR...
>> as virtually everbody else does for IPv4
>> why should someone handle IPv6 di
On Mon, Oct 07, 2013 at 11:02:35AM -0700, Quanah Gibson-Mount wrote:
> Well, I can only speak to what Zimbra does. ;) As you guess, all of
> our domains are in subtrees, so right now we use a search base of
> "". So it certainly seems to me like your patch would allow the
> LDAP queries to be mo
Hi,
> > I somehow consider Google not fit for anything a mail server should
> > do, for a ton of reasons, and am thinking about blocking them in
> > both directions (along with Yahoo!), if it weren't for quite some
> > important users switching to Google Apps.
> >
>
> I would love to know the res
--On Wednesday, September 25, 2013 12:21 AM + Viktor Dukhovni
wrote:
If anyone is using LDAP for virtual hosting with a separate search
base for each hosted domain using domain component RDNs, please
reply on list whether the feature below is useful, and whether you
tested the code and fou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wietse Venema said the following on 07/10/2013 18:58:
> It may be that their "bulk sender" threshold is lower than you expect.
About 5 or 10 mails per day.
Funny that the threshold is applied to IPv6 connections and not IPv4.
Ciao,
luigi
- --
/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wietse Venema said the following on 07/10/2013 16:25:
> And here is the corrected example in one place. BTW it seems the real fix
> is to set up one PTR record, with a matching record.
No, it doesn't work :(
My MX has both IPv6 rDNS and SPF rec
li...@rhsoft.net skrev den 2013-10-07 19:38:
if you have no PTR do not deliver emial
PTR is unsafe, avoid it
PTR is only safe if the name is on domains dns with the same ip
will google really reject mails with spf ip6: ?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Manuel Bieling said the following on 07/10/2013 13:45:
> Wietse explained this a few weeks ago:
Just remember to put the "-o" that Wietse forgot before "inet_protocols"
Works like a charm.
Ciao,
luigi
- --
/
+--[Luigi Rosa]--
\
I've already
Le 07/10/2013 19:38, li...@rhsoft.net a écrit :
>
> Am 07.10.2013 19:15, schrieb Erwan David:
>> No Google is really rejecting emails in IPv6 because of a lack of PTR...
> as virtually everbody else does for IPv4
> why should someone handle IPv6 different?
>
> if you have no PTR do not deliver emia
Am 07.10.2013 19:15, schrieb Erwan David:
> No Google is really rejecting emails in IPv6 because of a lack of PTR...
as virtually everbody else does for IPv4
why should someone handle IPv6 different?
if you have no PTR do not deliver emial
On Oct 7, 2013, at 19:25, Jim Reid wrote:
> On 7 Oct 2013, at 18:15, Erwan David wrote:
>
>> Google is really rejecting emails in IPv6 because of a lack of PTR...
>
> If that's the case, good. Just do The Right Thing and arrange a valid PTR for
> the IPv6 address that speaks SMTP. This should
On 7 Oct 2013, at 18:15, Erwan David wrote:
> Google is really rejecting emails in IPv6 because of a lack of PTR...
If that's the case, good. Just do The Right Thing and arrange a valid PTR for
the IPv6 address that speaks SMTP. This should be simpler and less hassle than
changing the postfix
Le 07/10/2013 18:58, Wietse Venema a écrit :
> Andreas Herrmann:
>> On 10/07/13 16:25, Wietse Venema wrote:
>>> And here is the corrected example in one place. BTW it seems the
>>> real fix is to set up one PTR record, with a matching record.
>> I have a correct PTR and also got the error:
>>
Andreas Herrmann:
> On 10/07/13 16:25, Wietse Venema wrote:
> > And here is the corrected example in one place. BTW it seems the
> > real fix is to set up one PTR record, with a matching record.
>
> I have a correct PTR and also got the error:
>
> <***@gmail.com>: host
> gmail-smtp-in.l
On 10/07/13 16:25, Wietse Venema wrote:
> And here is the corrected example in one place. BTW it seems the
> real fix is to set up one PTR record, with a matching record.
I have a correct PTR and also got the error:
<***@gmail.com>: host
gmail-smtp-in.l.google.com[2a00:1450:4001:c02::1b
On Mon, Oct 07, 2013 at 09:12:41AM -0600, Blake wrote:
> However when I check the config after restarting or reloading postfix the
> parameter does not seem to be updated when reviewing postconf -d.
Not surprising, "postconf -d" returns compiled-in defaults as
documented. This allows you to quic
Blake:
> mynetworks = hash:/etc/postfix/network_table
>
> # postmap -s hash:/etc/postfix/network_table
> 11 10.147.9.0/24
That is backwards. The IP address is the lookup key.
Wietse
Greetings Postfix users,
I am building a postfix system to act as our SMTP relay at the network
edge. The system will be used by servers and applications to send email
both internal to our network and external as needed.
I have a postfix system specifying the mynetworks parameter noted below and
On Mon, Oct 07, 2013 at 09:06:09AM -0400, Dan Langille wrote:
> ># cat /usr/local/etc/postfix-config/main/relay_clientcerts
> >3A:2E:AB:6A:F1:D4:32:74:C9:C6:DD:2B:8D:2A:87:97 cliff.example.org
> >
> >This looks like md5, and while still largely resistant to 2nd
> >preimage attacks, you should stil
Manuel Bieling:
> On 2013.10.07 13:23:59 +0200, Andreas Herrmann wrote:
> > Hi there,
> >
> > On 10/01/13 07:22, Dominik George wrote:
> > > Yes, I also face that issue and have forced IPv4 on known Google domains.
> >
> > I also have those problems.
> >
> > Is there an easy way in postfix the t
On Mon, Oct 07, 2013 at 01:45:06PM +0200, Manuel Bieling wrote:
> /etc/postfix/master.cf:
> smtp-ipv4-only unix - - n - - smtp
> inet_protocols=ipv4
> smtp-ipv6-only unix - - n - - smtp
> inet_protocols=ipv
On 2013-10-06 23:13, Viktor Dukhovni wrote:
On Sun, Oct 06, 2013 at 08:52:06PM -0400, Dan Langille wrote:
[ What Noel said, plus see below. ]
10.0.0.1:submission inet n - n - - smtpd
-o smtpd_tls_req_ccert=yes
Fine.
-o smtpd_tls_auth_only=no
This seems silly. S
On 2013-10-06 22:40, Noel Jones wrote:
On 10/6/2013 7:52 PM, Dan Langille wrote:
I managed to get this running tonight and I'm looking for sanity
checking, in case I'm completely missing something. Thanks.
I wish to allow incoming mail from any client with a valid certificate.
My master.cf i
On Tue, Oct 1, 2013 at 8:22 AM, Dominik George wrote:
> I somehow consider Google not fit for anything a mail server should do, for a
> ton of reasons, and am thinking about blocking them in both directions (along
> with Yahoo!), if it weren't for quite some important users switching to
> Googl
Manuel Bieling wrote the following on 07/10/13 12:45:
Wietse explained this a few weeks ago:
/etc/postfix/transport:
example.comsmtp-ipv4-only:
example.net smtp-upv6-only:
/etc/postfix/master.cf:
smtp-ipv4-only unix - - n - - smtp
On 2013.10.07 13:23:59 +0200, Andreas Herrmann wrote:
> Hi there,
>
> On 10/01/13 07:22, Dominik George wrote:
> > Yes, I also face that issue and have forced IPv4 on known Google domains.
>
> I also have those problems.
>
> Is there an easy way in postfix the transport to some doamins just over
On Mon, 07 Oct 2013 13:23:59 +0200
Andreas Herrmann wrote:
> Is there an easy way in postfix the transport to some
> doamins just over IPv4 and not IPv6?
>
http://marc.info/?l=postfix-users&m=137702158131907&w=2
--
WUP
Hi there,
On 10/01/13 07:22, Dominik George wrote:
> Yes, I also face that issue and have forced IPv4 on known Google domains.
I also have those problems.
Is there an easy way in postfix the transport to some doamins just over
IPv4 and not IPv6?
thx in advance
-SMA
signature.asc
Description:
53 matches
Mail list logo