Re: Disable Milter per Recipient?

2021-07-12 Thread Bill Cole
On 2021-07-12 at 22:07:23 UTC-0400 (Mon, 12 Jul 2021 22:07:23 -0400) is rumored to have said: Is there a way to disable milters based on recipient like how you can use smtpd_milter_maps to disable based on client IP? No. There's no way to know any recipient until there's a RCPT command, by

Disable Milter per Recipient?

2021-07-12 Thread postfix
Is there a way to disable milters based on recipient like how you can use smtpd_milter_maps to disable based on client IP?

Re: Bypass postscreen

2021-07-12 Thread Wietse Venema
Doug Hardie: > I have a postfix server that uses postscreen. However, occasionally > a needed mail is blocked by one of the spam services. Is there a > way to bypass postscreen for just one or more specific addresses > for a short time?

Bypass postscreen

2021-07-12 Thread Doug Hardie
I have a postfix server that uses postscreen. However, occasionally a needed mail is blocked by one of the spam services. Is there a way to bypass postscreen for just one or more specific addresses for a short time? -- Doug

Re: [ENHANCEMENT] Log SMTP protocol errors to SYSLOG

2021-07-12 Thread Kevin N.
For example the following transaction will not show any errors in SYSLOG: In: AUTH LOGIN Out: 503 5.5.1 Error: authentication not enabled In: QUIT Out: 221 2.0.0 Bye You can use the existing notify_classes based mechamism and pipe that into syslog. notify_classes = protocol, ...

Re: [ENHANCEMENT] Log SMTP protocol errors to SYSLOG

2021-07-12 Thread Wietse Venema
Kevin N.: > > Kevin N.: > >> For example the following transaction will not show any errors in SYSLOG: > >> > >> In: AUTH LOGIN > >> Out: 503 5.5.1 Error: authentication not enabled > >> In: QUIT > >> Out: 221 2.0.0 Bye > > > > You can use the existing notify_classes based mechamism and pipe >

Re: [ENHANCEMENT] Log SMTP protocol errors to SYSLOG

2021-07-12 Thread Kevin N.
For example the following transaction will not show any errors in SYSLOG: In:  AUTH LOGIN Out: 503 5.5.1 Error: authentication not enabled In:  QUIT Out: 221 2.0.0 Bye You can use the existing notify_classes based mechamism and pipe that into syslog. notify_classes = protocol, ...

Re: [ENHANCEMENT] Log SMTP protocol errors to SYSLOG

2021-07-12 Thread Kevin N.
Kevin N.: For example the following transaction will not show any errors in SYSLOG: In: AUTH LOGIN Out: 503 5.5.1 Error: authentication not enabled In: QUIT Out: 221 2.0.0 Bye You can use the existing notify_classes based mechamism and pipe that into syslog. notify_classes = protocol,

RE: Newbie problem: infinite loop when From/To match

2021-07-12 Thread Dan Morton
> Forcing all senders to be "dan@mydomain" seems like the wrong > solution, but I guess that's ok if it works for you and no one else uses the > server. > Sometimes when you hold a hammer everything looks like a nail. Agreed, it is a bit draconian! But there won't be any users of my server

Re: debug_peer_level

2021-07-12 Thread Viktor Dukhovni
> On 12 Jul 2021, at 3:22 pm, post...@ptld.com wrote: > > debug_peer_level (default: 2) The smtp(8) manpage SYNOPSIS reads: smtp [generic Postfix daemon options] This is then seen again in: SEE ALSO ... master(5), generic daemon options ... That manpage

debug_peer_level

2021-07-12 Thread postfix
Manual: debug_peer_level (default: 2) The increment in verbose logging level when a nexthop destination, remote client or server name or network address matches a pattern given with the debug_peer_list parameter. The default is 2, but what does 2 do? What does 1 do? Is there a 0? How high do

Re: MYSQL_TABLE query %s lookup

2021-07-12 Thread Viktor Dukhovni
> On 12 Jul 2021, at 1:23 pm, post...@ptld.com wrote: > > The manual says: > "It is best not to use SQL to store the domains eligible for SQL lookups." That would rather defeat the goal of avoiding SQL lookups for unsupported domains. The list of values in: domain = ... should avoid

Re: [ENHANCEMENT] Log SMTP protocol errors to SYSLOG

2021-07-12 Thread Wietse Venema
Kevin N.: > For example the following transaction will not show any errors in SYSLOG: > > In: AUTH LOGIN > Out: 503 5.5.1 Error: authentication not enabled > In: QUIT > Out: 221 2.0.0 Bye You can use the existing notify_classes based mechamism and pipe that into syslog. notify_classes =

Re: Newbie problem: infinite loop when From/To match

2021-07-12 Thread Noel Jones
On 7/12/2021 11:05 AM, Dan Morton wrote: I am moving my phpBB website from a shared server to a VPS.  phpBB sends notifications to users that originate from d...@mydomain.net, my email account; and that account can be one of those user recipients.  This is currently functioning on my shared

Re: MYSQL_TABLE query %s lookup

2021-07-12 Thread postfix
If you add: # Replace example.com with one or more appropriate domains: domain = example.com to the table definition, all the lookup keys will be user@domain, with no bare domain or parent domain keys. The manual says: "It is best not to use SQL to store the domains eligible

Re: Stopping backscatter spam to a specific domain

2021-07-12 Thread Ron Garret
For the record: On Jul 11, 2021, at 1:06 PM, Claus R. Wickinghoff wrote: > I think this can be achieved with reject_unverified_recipient to query > dovecot via lmtp but I've no practical experience with this. Probably you've > to do some googling... That turned out to be the Right Answer.

[ENHANCEMENT] Log SMTP protocol errors to SYSLOG

2021-07-12 Thread Kevin N.
It would be nice to have an option to enable logging to SYSLOG the SMTP protocol errors that occur during a SMTP session, along with the SMTP commands that caused them. As far as I know, currently these errors can be logged to SYSLOG only by one of the following methods: 1. By making the

Re: Restriction Class, check_recipient_access no results, Unexpected Behavior

2021-07-12 Thread Viktor Dukhovni
> On 12 Jul 2021, at 12:17 pm, post...@ptld.com wrote: > > If i change the query to return 'DUNNO' for false will it be valid returning > "verify_spfpolicy,DUNNO" or "DUNNO,DUNNO"? > Can it be fixed using result_format by adding on an insignificant check or > would it still create an empty

Re: MYSQL_TABLE query %s lookup

2021-07-12 Thread Viktor Dukhovni
> On 12 Jul 2021, at 12:43 pm, post...@ptld.com wrote: > > When postfix looks up an address it repeats the query for each section of an > address. > >%s = u...@example.com >%s = example.com >%s = com > > Is there a way on a single check_recipient_access to tell postfix to only >

Re: Restriction Class, check_recipient_access no results, Unexpected Behavior

2021-07-12 Thread Viktor Dukhovni
> On 12 Jul 2021, at 11:53 am, post...@ptld.com wrote: > >query = SELECT CONCAT(IF(spfVerify, 'verify_spfpolicy,', ''), > IF(senderVerify, 'reject_unverified_sender,', '')) AS restrictions FROM > settings WHERE email='%s' LIMIT 1 This is not a well thought out query. Avoid CONCAT, instead

MYSQL_TABLE query %s lookup

2021-07-12 Thread postfix
When postfix looks up an address it repeats the query for each section of an address. %s = u...@example.com %s = example.com %s = com Is there a way on a single check_recipient_access to tell postfix to only check the full address, only do the query once? %s =

Re: Restriction Class, check_recipient_access no results, Unexpected Behavior

2021-07-12 Thread postfix
On 07-12-2021 12:01 pm, Wietse Venema wrote: Fix the underlying problem: the database must not return an empty result. Don't waste cycles asking why Postfix handles an invalid result in a specific way. If i change the query to return 'DUNNO' for false will it be valid returning

Newbie problem: infinite loop when From/To match

2021-07-12 Thread Dan Morton
I am moving my phpBB website from a shared server to a VPS.  phpBB sends notifications to users that originate from d...@mydomain.net, my email account; and that account can be one of those user recipients.  This is currently functioning on my shared server, and I am attempting to set it up on my

Re: Restriction Class, check_recipient_access no results, Unexpected Behavior

2021-07-12 Thread Wietse Venema
Fix the underlying problem: the database must not return an empty result. Don't waste cycles asking why Postfix handles an invalid result in a specific way. Wietse

Restriction Class, check_recipient_access no results, Unexpected Behavior

2021-07-12 Thread postfix
I think this one is for Wietse or Viktor; OVERVIEW Trying to make a policy server run or not-run per recipient. DETAILS --- main.cf: smtpd_restriction_classes = verify_spfpolicy verify_spfpolicy = check_policy_service unix:private/spfpolicy

Re: Stopping backscatter spam to a specific domain

2021-07-12 Thread Matus UHLAR - fantomas
On 11.07.21 23:26, Ron Garret wrote: This has me wondering: if a message is sent to multiple recipients and some are valid and others are not, what is the Right Thing to do? The right thing is to refuse all non-existing recipients, which postfix does by default if it knows what addresses

Re: Optimum Queue Size

2021-07-12 Thread Greg Sims
> netstat or lsof? Only the Postfix queue manager knows what deliveries > are in progress, and it has never evolved a 'live status' API. None > of the Postfix daemons has a status query API, it just isn't part of > the architecture. I created a way to watch the number of processes that exist for

Re: Stopping backscatter spam to a specific domain

2021-07-12 Thread Ron Garret
Thanks, that was very helpful. This has me wondering: if a message is sent to multiple recipients and some are valid and others are not, what is the Right Thing to do? rg P.S. Just FYI: > I'm not sure what the problem is with Postfix and sqlite See