;
postfix-users@postfix.org>:
> Wietse Venema via Postfix-users:
> > Andreas Cieslak via Postfix-users:
> > > Hi list,
> > >
> > > i want to achieve that my postfix relay will modify the subject based
> on
> > > the recipients.
> > > The postfiy
to solve this?
Any hints would be appreciated.
Thank you.
Andreas
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
oo many given
that this has been in the code base for so long :)
Andreas
On 13.06.22 17:48, Wietse Venema wrote:
Andreas Weigel:
Hi,
I recently noticed some (for me) unexpected behavior with address
verification probes (reject_unverified_recipient in
smtpd_relay_restrictions). Given an envel
for the observed behavior.
I'd expect the verify daemon to re-quote the local part when sending out
a probe in that case, i.e. transmit a probe for <"a:b"@example.org>. Am
I overlooking some obvious issue here why this would be a bad idea?
Kind regards,
Andreas Weigel
rning: /etc/postfix/main.cf: unused parameter:
nullmx_reject_code=553"
Kind regards,
Andreas
I haven't been able to put my finger on
the exact location.
Andreas
--- Begin Message ---
There is not much interesting stuff going on here.
Just some regular email plain text.
--- End Message ---
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_do
I can confirm that the proposed patch fixes the issue. Just tested with
postfix 3.5.7 patched and unpatched.
On 04.11.20 12:18, Wietse Venema wrote:
Viktor Dukhovni:
On Wed, Nov 04, 2020 at 10:32:57AM -0500, Andreas Weigel wrote:
Hi everyone,
I think I stumbled upon a problem with postfix
think this is not a good idea? Or did I just read the
code incorrectly and stuff actually works fine?
cheers,
Andreas
urce implementations of policy daemons
and it seems nobody has handled the case of long line headers.
Is there a good way of folding the header? Should postfix be doing that
automatically already?
cheers,
Andreas
taste.
--
-- Andreas
:-)
Hi everyone. I have a php contact form, that reports the following postfix
error (getting that in maillog file): https://hastepaste.com/view/jr41N
The same applies for, when I send an e-mail to that e-mail address by using
Outlook.
Obviously my mail server having troubles sending e-mails to some
Hi Viktor,
On Thu, 9 May 2019, Viktor Dukhovni wrote:
On May 9, 2019, at 1:13 PM, Andreas Thienemann wrote:
I have the following items in my config:
http://www.postfix.org/DEBUG_README.html#mail
fair enough...
Problem description:
smtpd_recipient_restrictions seems to be working
generic_checks:
name=reject_unverified_recipient status=2
May 9 18:47:33 mailin01 postfix/smtpd[24094]: >>> END Recipient address
RESTRICTIONS <<<
Does anyone have any pointers what I might be missing?
cheers,
Andreas
red solution? 1. would be the easy fix. 2. seems
cleaner but I am not sure about any side effects. 3. would be the most
work but I fear this might be necessary anyway for moving from local to
virtual mailboxes for my main domain...
Any suggestions?
cheers,
Andreas
Hi Viktor,
On Sun, 5 May 2019, Viktor Dukhovni wrote:
On Mon, May 06, 2019 at 02:38:15AM +0200, Andreas Thienemann wrote:
I currently have a mailserver that serves as final destination for a
domain, say example.com which is configured as mydestination.
This works, but I generally prefer
lad if someone could give me a hint here... The more docs I
read, the less clearer things become. ;-)
Thanks,
Andreas
Hi Wietse,
On Wed, 3 Apr 2019, Wietse Venema wrote:
I do not know if skipping the printable() call does have any side-effects
though.
As a short-term fix it is probably OK, because the cleanup daemon
already filters the response. But smtpd should not rely on the
cleanup server doing that.
7.1 Test Milter rejection Reason 01
<** 450 4.7.1 Test Milter rejection Reason 02
-> QUIT
<- 221 2.0.0 Bye
=== Connection closed with remote host.
cheers,
Andreas
, and a proper solution for Postfix 3,5
and onwards.
Hahaha, thank you very much. I appreciate it. Especially as we all know
about that copious spare time.
If it helps, the sample milter I used is at
https://gist.github.com/ixs/70ec5ba23c8da0c9ee3c682eeb8fe452
cheers,
Andreas
ther hand, this seems
to be the source for the ?? replacement in the log message.
cheers,
Andreas
QUIT..
< : 32 32 31 20 32 2E 30 2E 30 20 42 79 65 0D 0A
221.2.0.0.Bye..
<- 221 2.0.0 Bye
=== Connection closed with remote host.
The lines are separated by 0x20, 0x20 ([space][space]) rather than 0x0d,
0x0a (\n\r).
I had a quick look at the postfix source but did not find the right
codepath where this happens.
Any ideas if this really is a bug in Postfix or am I making a mistake
somewhere in my milter?
cheers,
Andreas
on the fact that Postfix with
postscreen itself blocks the by far largest part of malicious mail.
Of course, YMMV,
--
-- Andreas
:-)
Hi,
postfix-3.3.0
we got a bug report (https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/
1753470) where postconf was crashing if main.cf had a map pointing to a
file that the user couldn't read.
ubuntu@bionic-postfix:~$ l /etc/postfix/valiases.cf
-rw-r- 1 root root 169 May 7 14:08
I also use postwhite and similar whitelisting, but I also have
postscreen_dnsbl_sites =
...
list.dnswl.org=127.0.[5;9].0*-2
--
-- Andreas
:-)
On Tue, 12 Dec 2017, at 16:27, Alex wrote:
I don't have enough perl knowledge to join or associate then parse
multiple lines.
Did you have a look at auxiliary/collate from Postfix's source?
--
-- Andreas
:-)
debug" and can WARN. But RTFM again or,
as Noel wrote, get on the Postfwd mailing list.
--
-- Andreas
:-)
e through lmtp...
I can live with that.
cheers,
Andreas
ases with one level of redirection but not for something like
i...@example.com -> i...@example.net -> spam-mails.
But I should get most of the problematic entries with that. Thanks for the
suggestion.
cheers,
Andreas
ccording to the logs.
Is there a way to configure postfix to check after rewriting of addresses?
cheers,
Andreas
to not have been
consulted, but then again I also did not have the j...@real.example.com
mapping back to itself. Is that entry needed in such a form?
cheers,
Andreas
have a hint how to get this working correctly? Adding the
domain to both virtual_domains and relay_domains seems to work but as far
as I understand previous discussions here on the list this is a rather bad
idea.
Cheers,
Andreas
o add the frequently abused `.jar` to the
regex.
--
-- Andreas
:-)
]:
http://postfix.1071664.n5.nabble.com/Idea-multiple-actions-in-access-header-checks-policy-results-td71906.html
--
-- Andreas
:-)
sender
> leads you to
> http://www.postfix.org/postconf.5.html#reject_unlisted_sender
Thanks, you are right that I was confused about this reference. So,
smtpd_sender_restrictions = (...)
warn_if_reject
reject_unlisted_sender
works as expected but only if smtpd_reject_unlisted_sender = no.
--
-- Andreas
:-)
On Sun, 7 May 2017, at 15:04, Wietse Venema wrote:
> /etc/postfix/main.cf:
> smtpd_reject_unlisted_sender = yes
Is there a way to test-run this similar to warn_if_reject?
--
-- Andreas
stop them? No matter on all the LDAP stuff,
shouldn't postfix be intelligent enough to detect if forwarding source
and destination are similar?
It would be great, if someone has an idea how we could solve this!
Cheers,
Andreas Krischer
akbyte webentwicklung
Pastor-Lüpschen-Str. 82
52351 Düren
https
a Postfix question, but I'm hoping that all the
> Postfix-Gods in here might share an opinion or advice.
My advice would be use amavis. I integrates very well with
Postfix and is running just fine. It does Spam- and Viruschecking
and intergrates DKIM as well if you like to use it.
Greetings
Andreas
distributions lack /usr/libexec, wouldn't it be
a better idea to leave it up to the package/distribution maintainers to
separate shared objects from shared executables?
Andreas
Am 2/18/2015 um 18:39 schrieb Viktor Dukhovni:
With 3.0.0 Linux distributions should start using the upstream
default. This does mean that users should remove explicit legacy
default settings of daemon_directory from their main.cf files.
Distribution package upgrades will need to update or
with instance /etc/postfix,
daemon_directory=/usr/lib/postfix
makedefs.out: http://pastebin.com/HhD0AZKQ
Only if i set shlib_directory=no all works as expected. I'm wondering if
this is normal.
--Andreas
, Arch, and probably more) daemon_directory is
/usr/lib/postfix as well, which will lead to a broken multi-instance
capability by default.
Hopefully i just missed some important point.
Andreas
Am 2/18/2015 um 01:32 schrieb Wietse Venema:
Andreas:
Hi,
i installed the new postfix-3.0.0 in my
:/etc/postfix# postmap -q m...@mydomain.com
mysql:/etc/postfix/virtual_mailbox_maps.cf
mydomain.com/me/
Now why postfix doesn't lookup mydomain.com over MySQL?
Best regards,
Andreas
Since the virtual_mailbox_domains default value is virtual_mailbox_maps I
thought I didn't need a new query, but it works!
Thank you a lot!
but mostly after manual interaction
( postsuper -r ALL and so )
Andreas
: added by amavisd-milter from amavisd + spamassassin
Received: from MTA
Authentication-Results: from spf-milter
...
in short: no problem here (as before ...)
Andreas
that verify has, so that smtpd
could reject itself in this situation.
Thanks for any advice. Avoiding backscatter here would be a great
achievement.
Andreas
Complete main.cf:
-8---
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU
=$buggy_client when searching anomalies
and would expect such details only in that context.
Andreas
André Rodier:
I am looking for a milter script (mail filter) that would classify
emails automatically. Something in Perl, for instance.
you could use spamassassin for that purpose, too.
write your own SA rules and your done.
Andreas
André Rodier:
I cannot see in the SpamAssassin rules documentation a way to add
headers.
point for you. Adding any header with SA isn't possible at a first view.
You may ask again on spamassasin-users
Andreas
postfix has to recode a message?
No.
good
Thanks,
Andreas
way at all.
Andreas
Wietse,
I wonder about changes in tls_server.c !?
Andreas
channel security status.
yes, I mostly like to distinguish plain vs. TLS
The security element can either be always present,
with none to signal non-TLS delivery, or simply absent to signal the same.
As admins have to adjust logfile parser anyway, I would prefer version #1
Andreas
Robert Schetterer:
openssl 0.9.8j and Postfix 2.11.1.
maybe a suboptimal mixture
any hint's to build postfix + openssl-1.x on a system based on openssl-0.9.x ???
I also avoided building openssl from source for good reasons over the last
years.
But I'm open to try.
Andreas
Viktor Dukhovni:
It may be simpler to upgrade your system.
yes, upgrade would be best but sometimes,
older crypto is not as painfull as it should be
Andreas
because they try/have only a
higher protocol version.
But these should fallback to plaintext anyway.
Andreas
lists:
To get a +, the descriptions says:
Your system requires authentication (AUTH) on port 587 before the
MAIL FROM command is issued
that is pure nonsense
+1
you cannot enforce any client to not send any command.
but you can enforce proper answers.
Andreas
...
-o smtpd_milters=${dkim_milter},${dmarc_milter}
sumbission inet ...
-i smtpd_milters=${dkim_milter}
this master.cf is much more selfexplaining.
Andreas
LuKreme:
OK, what is pfqgrep? I don't see it in my ports tree?
see http://www.arschkrebs.de/postfix/scripts/
wietse:
But wait, there is more
does not sound like an easy job.
just an idea: if the timestamp of a queuefile is relevant, could a
changed time
of a queuefile be interpreted as bounce immediately ?
for example timestamp to a fixed date near 1.1.1970
Andreas
also needed such feature some times.
# postbounce queue-id
Andreas
. Maybe it could be included in postfix
some day.
usage: master.cf
submission inet n - n - - smtpd
-o syslog_name=postfix/submission_with_dsn
-o smtpd_force_dsn_on_success=yes
Andreas
Index: postfix-2.11.0/src/global/mail_params.h
Birta Levente:
Why not just delete from the queue?
from senders perspective that message is lost.
sometimes it's useful to clear bounce back to sender.
Andreas
Birta Levente:
Yes, but you sould give some reason why is bounced ... which IMHO is
something permanent ...
good point!
# postbounce queue-id reason
so you just set up one time some map and no more care about that problem.
just this is unwanted and the reason for the request.
Andreas
Wietse Venema:
Assuming that you haven't configured a global policy of all mail
deliveries shall use TLS,
that's exactly the limitation Peer has in mind.
Andreas
suggested solution.
Andreas
sometimes be useful to
postbounce queue-id reason
Andreas
/)
Andreas
your own identity card to prove that you are you? )
But I assume your problem is consistent behaviour.
If that is the point you have to split mail flows:
* separate system signing all submitted messages
* separate system validating any inbound messages.
Andreas
/new.example.com/cert+intermediate.pem
Andreas
Hello,
I have to add a Reply-To Header in (smtp-) submitted messages.
Adding it unconditionally using PREPEND result in messages with more
then one instance
of this header which violates RFC5322.
Is there a way to add a header _only_ if not present?
Thanks
Zitat von wie...@porcupine.org:
Postfix 2.11.0 stable release candidate 1 is uploaded to ftp.porcupine.org
and will appear on mirror sites in the next 24 hours.
2.11x is running here on different hosts without problems.
Andreas
Hello,
the documentation to these parameters refers the NSA website. However
the links are broken.
Also I don't feel very comfortable these days if postfix uses crypto
approved by NSA :-/
Andreas
in the header
section.
Regards
Andreas
My opinion (slightly off topic but very relevant) having read the thread
carefully:
It is obvious that the English speaking world does not want to abandon
ASCII. For their own reasons.
If you want an RFC (or any project for that matter) to fail then create
but not Verified)
Andreas
Am 15.12.2013 22:08 schrieb Patrick Ben Koetter:
% unbound-control flush DOMAIN
I prefer unbound-control flush_zone DOMAIN because flush don't flush TXT
Andreas
-FOSS) Exchange for a
second. Executives of course
know-it-all-can-do-it-all type always win! That is why I am looking into
retirement the
soonest!!
Thanks
Andreas
On 06-12-2013 12:01, Robert Sander wrote:
On 06.12.2013 10:13, Andreas Kasenides wrote:
The scenario is a classic one:
1. one or more relay SMTP servers in DMZ
2. one or more backend SMTP servers on the inside network
3. There may or may not be separate incoming or outgoing designated
SMTP
are
dealing with internal LDAP
and DB servers which essentially house personal information.
I am very interested to find out how others deal with this conflict in
an SMTP centric set-up.
Thank you.
Andreas
Andreas
Thank you for the reply.
On 05-12-2013 15:26, Charles Marcus wrote:
On 2013-12-05 7:50 AM, Andreas Kasenides andr...@cymail.eu wrote:
smtpd_client_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unknown_client
permit
Obviously this rejects any requests where
Zitat von Luigi Rosa li...@luigirosa.com:
The main goal is to deliver to ISP SMTP the mail rejected by destination MTA
because it thinks that my MTA is not reliable and the causes of this
rejection cannot be solved.
try smtp_fallback_relay and maybe soft_bounce
Andreas
?
Andreas
Zitat von Viktor Dukhovni postfix-us...@dukhovni.org:
For bonus points, you could look at smtpd_tls_askccert and
smtpd_tls_req_ccert. If either is set to yes, append ':!aNULL'
to the raw openssl cipher list.
could you please tell more about that?
Andreas
Zitat von Viktor Dukhovni postfix-us...@dukhovni.org:
Any evidence of other legitimate MTAs that now routinely fail TLS handshakes?
no, I don't saw more TLS errors.
There is a usual noise of TLS failures that didn't changed.
Andreas
* message volume ...
running postfix at isp level with 6 milters (via inet) is no problem.
Andreas
Am 12.11.2013 13:50 schrieb Simon Loewenthal:
smtpd_milters = unix:/spamass/spamass.sock
try a relative pathname:
smtpd_milters = unix:spamass/spamass.sock
chroot or not chroot, it's always relative to the current directory
( postconf ${queue_directory} in most cases )
Andreas
also.
That make the logging more precise when messages are delivered to a filter.
Maybe the patch could included in future versions of postfix.
Andreas
Index: postfix-2.11-20131103/src/pipe/pipe.c
===
--- postfix-2.11-20131103.orig
that is running: 2.9.1-4 (ubuntu precise)
thanks in advance,
Andreas
:
Google is blocking the complete 2a01:4f8::/32AS24940
(HETZNER-RZ-NBG-IPV6-BLK1) and doesn't care abut seperate subnets like
Luigi's 2a01:4f8:d16:2409::/64 or my 2a01:4f8:d16:4114::/64 :-(
Andreas
signature.asc
Description: OpenPGP digital signature
Hi there,
On 10/01/13 07:22, Dominik George wrote:
Yes, I also face that issue and have forced IPv4 on known Google domains.
I also have those problems.
Is there an easy way in postfix the transport to some doamins just over
IPv4 and not IPv6?
thx in advance
-SMA
signature.asc
Description:
.
mail.ax13.net. 3600IN 2a01:4f8:d16:4114::2
Andreas
signature.asc
Description: OpenPGP digital signature
authentication. Clearly says
about SMTP sessions. This happens for 2.3+
Andreas
On 18-08-2013 08:32, Theodotos Andreou wrote:
Hi guys,
I went through the TLS Readme but I couldn't find a clear answer to the
following question:
Can you configure postfix in a way that it connects using TLS
On 20-06-2013 19:48, Noel Jones wrote:
On 6/20/2013 5:49 AM, Andreas Kasenides wrote:
Apparently there has been some harvesting going on of mail addresses
where everything that has a @ is picked up. The question is: was
this harvesting from our log files or our mail storage - a very
serious
On 19-06-2013 14:37, lst_ho...@kwsoft.de wrote:
Zitat von Andreas Kasenides andr...@cymail.eu:
One of my mail servers (postfix 2.6) has been target of what seems
to me to be an attack.
The attacker tried to deliver messages to a non-existent user names
formed as a long hex
string. It only
One of my mail servers (postfix 2.6) has been target of what seems to
me to be an attack.
The attacker tried to deliver messages to a non-existent user names
formed as a long hex
string. It only happened once from one particular client and kept going
for some time.
SMTP sessions were coming in
Thank you Wietse and Viktor for your clarifications.
I admit, there's absolutely no need for the patch past Postfix 2.8 with
OpenSSL 1.x.
Andreas
through stupid hoops :-).
Regards,
Andreas
to Postfix
2.10. Please can you have a look at it?
Kind regards,
Andreas
--- postfix-2.10.0/src/tls/tls_server.c 2012-05-17 19:15:13.0 +0200
+++ postfix-2.10.0-nosslcomp/src/tls/tls_server.c 2013-05-13 17:09:53.591194385 +0200
@@ -393,6 +393,16 @@
SSL_CTX_set_verify_depth(server_ctx, props
and clamav
options but nothing seems to work well for me.
Thank you in advance for any assistance.
Regards,
-Andreas
Andreas Freyvogel
ecmarket
Customer Solutions Manager
E: afreyvo...@ecmarket.com
P: 604.638.2300 x147
C: 604.603.3319
1 - 100 of 144 matches
Mail list logo