.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
/VIRTUAL_README.html
Regards
Ansgar Wiechers
--
All vulnerabilities deserve a public fear period prior to patches
becoming available.
--Jason Coombs on Bugtraq
.
Apparently your server is configured to relay mail for the domain
dur.bounceme.net to mailman, which doesn't seem to be configured to
accept the recipient thu...@dur.bounceme.net.
Please post the output of postconf -n.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't
you're trying to achieve is possible. A server cannot
at the same time be the final destination and not the final destination
for a given domain.
What is the actual problem you're trying to solve with a setup like
this?
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't
destination for that domain, or you have to
make the server accept mail to that domain for relaying.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
: the Postfix sendmail command must be installed
without set-uid root file permissions
These are warnings, not errors.
Is there a way to fix this?
chmod u-s /usr/sbin/sendmail
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
On 2012-08-07 tobi wrote:
I'm currently doing some brainstorming on how to protect backup-mx
servers from being directly contacted by clients.
That kinda defeats the purpose of having a backup MX in the first place.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't
connecting my backup-mx as long as the
main-mx is up and running. Like spammers sometimes try by connecting
directly to a backup-mx instead trying main-mx first.
Why do you consider this a problem? Your backup MX should neither accept
nor allow anything the primary MX wouldn't.
Regards
Ansgar
mails
went to that user.
Umm... yes. This is expected behavior. Not to mention that a catch-all
is a Really Bad Idea(tm) to begin with. What problem are you trying to
solve by doing this?
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel
a message in a particular folder
inside a mailbox you have to use sieve.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
on PostIts and leaving them
around? How do you effectively protect your infrastructure against
customers getting their own systems compromised?
If you happen to have a solution for this problem, I'm honestly
interested in learning about it, because I don't see any.
Regards
Ansgar Wiechers
Mark,
On 2012-07-25 Mark Blackman wrote:
On 25 Jul 2012, at 08:20, Ansgar Wiechers wrote:
On 2012-07-25 mouss wrote:
oh come on! the users excuse is wa too old. if your software accepts
weak passwords, then the problem is with the software, not the user.
I'd have to disagree on this one
On 2012-07-25 Mark Blackman wrote:
On 25 Jul 2012, at 10:09, Ansgar Wiechers wrote:
Please re-read what I wrote, particularly the second half of it. Is
Joseph Zebediah Average 4/1/1999 really a strong password?
It is a strong password, unless you believe attackers would regard
that format
this:
relay_domains = /etc/postfix/relay_domains
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
check_client_access.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
is $relay_domains still a map in
your config? Change this
relay_domains = hash:/etc/postfix/relay_domains
into this
relay_domains = /etc/postfix/relay_domains
and run /etc/init.d/postfix reload.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time
, the
only thing we could tell you is that hMailServer most likely does not
have the exact same functionality as Postfix.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
sure that the
account used for running amavisd has proper permissions to access the
PID file (may be incorrect permissions on the file itself or on the
containing directory).
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
across
this post [1], which may or may not help. If it doesn't, I'd suggest to
consult a more appropriate list, as this isn't a Postfix issue.
[1] http://lists.mailscanner.info/pipermail/mailscanner/2006-April/060174.html
Regards
Ansgar Wiechers
--
All vulnerabilities deserve a public fear period
to the
correct address and re-queue the mail. Then remove the temporary alias
after all mail was delivered.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
that anything you
write to the POSTFIX MAILING LIST would cause the person running the
GMANE.ORG WEBSITE to take any kind of action? Please get a clue and stop
bothering this list with your misplaced requests. Thank you.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save
to the decision to not have the relay
know about valid recipients.
This avoids backscatter but no one would get the helpful bounces in
the case of address typos, user being over quota, etc.
Yes.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel
it is being relayed to indirectly.
All of your restrictions should be implemented on the frontend server,
and the backend server should accept mail only from trusted locations.
[1] http://www.postfix.org/postconf.5.html#reject_unverified_recipient
Regards
Ansgar Wiechers
--
Abstractions save us time
, the relay server ends up with a list of valid
destination addresses right? Looks like there's just no other correct
way to do it. Right?
There may be other ways, but I'm not aware of any.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning
On 2012-06-23 Len Conrad wrote:
Releasing from HOLD to deliverable is clear (and used often)
but how to move deferred to HOLD?
man postsuper | grep -A 11 -- -h
-h queue_id
Put mail on hold so that no attempt is made to deliver it.
Move one message with the named queue ID
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
# through Postfix.
Yes.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
#reject_unverified_recipient
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
anyone.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
our domain on our own server
(at least not yet).
Unsubscribe from the newsgroup. Problem solved.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
not processed by body_checks. Also, as
documented, checks are processed one line at a time, meaning that nested
matches can only operate on the same line.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
a catch-all somewhere, which you shouldn't). However, I
consider it good practice to reject mail for invalid recipients early
on (before doing more expensive checks), which is what the
reject_unlisted_recipient restriction is for.
Regards
Ansgar Wiechers
--
Abstractions save us time working
-relay.pippo.xxt.it does not have the IP address 210.85.7.10. Do
not fake or obfuscate log excerpts.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
that
sets the from FDQN to what my ISP requires.
Can someone point me in the right direction? Thanks.
As requested per http://www.postfix.org/DEBUG_README.html#mail, please
post the output of postconf -n and a log excerpt demonstrating the
problem.
Regards
Ansgar Wiechers
--
Abstractions
On 2012-05-04 Steve wrote:
1) Should not happen but it did. No one is perfect.
2) I hope you guys don't just blindly trust one RBL provider?
Postscreen allows perfectly to craft weighted BL.
policyd-weight does weighted checks, too.
Regards
Ansgar Wiechers
--
Abstractions save us time
anyway.
Remove what, specifically? All of those? What does nothing?
Bastian probably meant just the trailing permit, because that's the
default anyway.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
reference of this message, I've checked chkconfig to make sure that
amavis is turned off and it was, I'm at a lost atm.
Instead of saying what you don't have, please provide the information
that you have. Particularly the contents of your master.cf and the
output of postconf -n.
Regards
Ansgar
Message headers added by the cleanup(8) daemon itself are excluded from
inspection. Examples of such message headers are From:, To:, Message-
ID:, Date:.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
and a log excerpt
demonstrating the problem.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
On 2012-04-10 Igmar Palsenberg wrote:
Anyone with a suggestion on how to start debugging this ?
You received the following link with the welcome message when you
subscribed to this list:
http://www.postfix.org/DEBUG_README.html#mail
Regards
Ansgar Wiechers
--
Abstractions save us time working
...@archive.domain.com
u...@mail.domain.com u...@archive.domain.com
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
://www.postfix.org/DEBUG_README.html#mail. Please help us
help you by following the directions given there.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
to another local mailbox, the mail get
delivered without check for the MX of the domain, so if I put the
gmail.com domain as local I will never able to send mail di Gmail
users anymore.
Well, don't make gmail.com a local domain when it isn't a local domain.
Problem solved.
Regards
Ansgar Wiechers
...
[sysmail01:/data/home/dunphy] root% postconf -n
anvil_rate_time_unit = 60s
[...]
smtpd_milters = unix:/var/run/clamav/clamav-milter
unknown_local_recipient_reject_code = 550
... but not in your active configuration. Is your Postfix chrooted
(causing it to use a different main.cf)?
Regards
Ansgar
On 2012-03-19 Luca Pacor wrote:
On 19 Mar 2012, at 20:04, Ansgar Wiechers li...@planetcobalt.net wrote:
On 2012-03-19 Luca Pacor wrote:
If that.domain is in mydestination everything @ that.domain is
delivered locally (wrong), if it's in transport everything will be
delivered to that.domain
a virtual alias to send mail for myuser@that.domain
myuser@exchangeserver.local?
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
?
debug_peer_list = 173.225.251.221
Also, do not enable debug logging unless you have specific reasons to do
so. Postfix' default logging is sufficient for any normal amount of
troubleshooting.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
postmaster: root
hostmaster: root
abuse: root
root: mailad...@example.com
8
For the virtual mailbox domain setup follow the examples in the Virtual
Domain Hosting Howto [1].
[1] http://www.postfix.org/VIRTUAL_README.html
Regards
Ansgar Wiechers
--
Abstractions save us time working
.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
if your mail server tests negative on this site, it may still not
be 100% secure
Pls. suggest.
Please post the output of postconf -n.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
mind having
an ever growing whitelist. Can they they be weighted somehow?
policyd-weight does a weighted check on several RBLs. And even without
that you can always add a whitelist before an RBL check.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time
IP
address). How can I fix it? Below is my postconf -n:
[root@bilgisayarciniz ~]# postconf -n
[...]
smtpd_client_restrictions = check_client_access
cidr:/etc/postfix/sinokorea.cidr
Move the check_client_access restriction to $smtpd_recipient_restrictions.
Regards
Ansgar Wiechers
that the contents of main.cf are
far less relevant than the output of postconf -n.
Did you restart Postfix after changing the config?
Did you try to re-queue the mail (postsuper -r ALL) instead of flushing
the queue?
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't
that an SSH tunnel were any less reliable than
ssh -W?
Regards
Ansgar Wiechers
--
All vulnerabilities deserve a public fear period prior to patches
becoming available.
--Jason Coombs on Bugtraq
On 2011-08-18 Jeroen Geilman wrote:
On 2011-08-18 14:59, Reindl Harald wrote:
587 is AUTHENTICATED submission
Says who ?
Chapter 4.3 of RFC 4409, unless I'm misunderstanding something.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning
expressions as exact as possible.
It helps avoiding problems where you least expect them.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
evidence. Please post
a) output of postconf -n
b) output of postmap -q apotmail.org hash:/etc/postfix/sender_access
c) a log excerpt demonstrating the issue (from submission to delivery of
the mail in question)
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us
, alias a mail from an
unknow domain to an outdoordomain ( like @blackberry),
WITH
A closed Relay?
No hint ? no ticks ?
Sorry, but this isn't clear at all. Please rephrase, because I have no
idea what you're asking here.
Regards
Ansgar Wiechers
--
Abstractions save us time working
On 2011-08-03 Baptiste Bauer wrote:
De : Ansgar Wiechers [mailto:li...@planetcobalt.net] Envoyé : mercredi
Sorry, but this isn't clear at all. Please rephrase, because I have no
idea what you're asking here.
I draw something, it could be easy to explain :
http://img827.imageshack.us
top-post.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
?
You configure your mail client to start your reply BELOW the qoute. Or
you do it manually.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
to RFC4409.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
requirements (in which case your ruleset would allow far less protocols
to begin with), you can simply accept everything in the OUTPUT chain:
iptables -P OUTPUT ACCEPT
Also, when posting your tables somewhere, use iptables -nL rather than
just iptables -L.
Regards
Ansgar Wiechers
--
Abstractions save
?
Neither, nor. Use submission (port 587/tcp) for this purpose.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
problem is not a modification to some
backup MX, but fixing your response times.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
is from
your domain(s), but AFAIK Postfix does not have a built-in check for
this.
I would, however, blacklist any client who sends spam to a postmaster
address.
HTH
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
to detect and
block IP addresses which are known spam sources and/or are dynamically
assigned.
Personally I prefer policyd-weight (to avoid rejecting valid mails
because of false positives on a single RBL), but yes.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save
On 2011-06-14 mouss wrote:
Le 14/06/2011 20:35, Ansgar Wiechers a écrit :
On 2011-06-14 Rich Wales wrote:
b) rdns for 95.53.111.119 gives
pppoe.95-53-111-119.dynamic.lenobl.avangarddsl.ru
This might be covered by Stan Hoeppner's PCRE for dynamic IP ranges:
http://www.hardwarefreak.com
the postmaster address of his domain, so how is this
suggestion supposed to help?
reject all .hinet.net email senders based on evelope sender
That would be throwing out the baby with the bath water.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning
On 2011-06-15 mouss wrote:
Le 14/06/2011 23:21, Ansgar Wiechers a écrit :
My rationale is that no matter how reliable a single source is, they
can still be wrong at times. Getting a second opinion helps
mitigating these cases.
[...]
now consider:
P1 = listed on zen
P2 = listed on spamcops
a log excerpt demonstrating the problem.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
deferred.
Why? What issue in particular do you see with simply doing recipient
verification (and rejection of messages to invalid recipients) on bot
MXs?
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
On 2011-06-10 Wiebe Cazemier wrote:
Ansgar Wiechers li...@planetcobalt.net wrote:
On 2011-06-09 Wiebe Cazemier wrote:
I was setting up a fallback MX server with Postfix and was struggling
with preventing backscatter mail. I thought I found a good solution,
but it turned out to be an illegal
in
using VBScript to extract the data, and then switching to Perl for
further processing.
I also don't see any point in using awk to transform the output of a
Perl script, BTW.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
would probe
the nexthop before accepting the mail, but was unable to find it in the
list archive. Can someone refresh my memory? Or did I mis-remember that?
TIA
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
On 2011-06-01 lst_ho...@kwsoft.de wrote:
Zitat von Ansgar Wiechers li...@planetcobalt.net:
I'm aware of two ways to verify recipients when relaying mail to
upstream Exchange servers:
- Export recipient addresses from AD and use that list as
$relay_recipient_maps.
- Use an LDAP query
On 2011-06-01 Shawn Heisey wrote:
On 6/1/2011 12:57 PM, Ansgar Wiechers wrote:
I'm aware of two ways to verify recipients when relaying mail to
upstream Exchange servers:
- Export recipient addresses from AD and use that list as
$relay_recipient_maps.
- Use an LDAP query
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
) Addresses.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
and replace it with permit_* of other choices
Wouldn't it be better to leave permit_mynetworks in place and restrict
$mynetworks to 127.0.0.0/8 instead?
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
as SMTP
AUTH doesnot apply when mail is sent locally.
How do I enforce that ?
Don't give your users login rights on your mail server.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
On 2011-05-02 R F wrote:
I thought I had this one fixed a while back but apparently not. I want
to reject emails like this that are sent from one person but claim to
be another. Ideas? Notice the first line and the last line:
[...]
Thanks for any ideas.
Quoting from the headers of your own
line I find transport_maps [1], which is an entirely
different beast than mynetworks [2].
[1] http://www.postfix.org/postconf.5.html#transport_maps
[2] http://www.postfix.org/postconf.5.html#mynetworks
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time
. Don't panic, I'll come up with that one
later.
Perhaps I'm missing something, but wouldn't it be a better solution for
your problem to set inet_interfaces = loopback-only in main.cf and
something like 2025 inet n - n - - smtpd in master.cf?
Regards
Ansgar Wiechers
--
Abstractions save us time
is not. TLS only ever
guarantees encrypted transmission to the next HOP. Period. Live with it.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
\.com$/
/^(.*)\+/ $1...@example.com
endif
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
as well
put the addresses into the Cc: header.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
regexp processor implicitly anchors an
expression at the beginning of the string, in which case you'd need the
leading .*, but still won't need to explicitly anchor it with a ^.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
On 2011-03-01 Matteo Cazzador wrote:
Ok thank's but if my server will be a virtual mail server?
with same ip to serve different domain?
Then that other domain should use mail.brunosrl.net as its MX. Problem
solved.
And please don't top-post.
Regards
Ansgar Wiechers
--
All vulnerabilities
to us in any
way. Does anyone know to block this sort of backscatter?
I wrote a backscatter filter based on smtpprox to handle this.
http://www.planetcobalt.net/sdb/backscatter.shtml
WFM, but AFAIK not tested outside low traffic environments.
Regards
Ansgar Wiechers
--
Abstractions save us time
On 2011-01-22 Jerrale G wrote:
you didnt include your entire postfix main.cf
Posting main.cf is discouraged. It's better to post the output of
postconf -n as that will show the current configuration.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time
.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
adoConn.Close
' create output file with Unix line breaks
Set fso = CreateObject(Scripting.FileSystemObject)
Set f = fso.OpenTextFile(OutputFile, 2, True)
f.Write Join(addresses, vbLf)
f.Close
WScript.Echo Finished.
8
Regards
Ansgar Wiechers
--
Abstractions save us time working
without the
need for script magic and without syncronisation delays.
No, it wouldn't. The reason for this is explained in the section MAPS
built from LDAP queries on the same page.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel
of the recipients have an encryption key. Are you positive that
your accountant will never have to send unencrypted mail?
[1] http://www.planetcobalt.net/download/crypter.pl
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
for (several
times), or stop wasting everyone's time.
Regards
Ansgar Wiechers
--
Abstractions save us time working, but they don't save us time learning.
--Joel Spolsky
ignored.
I did run postalias (many times...).
Can someone enlighten me on what I am doing wrong and how to fix it.
I would really appreciate your help since right now I have run out of
ideas.
Please post the output of postconf -n as well as a log excerpt
demonstrating the problem.
Regards
Ansgar
(and an ugly one at that), not a
real solution.
And please use RFC 2606 domain names instead of some made-up fake domain
that may actually be a real domain belonging to someone else. That's why
the domains in RFC 2606 are reserved after all.
Regards
Ansgar Wiechers
--
Abstractions save us time working
101 - 200 of 339 matches
Mail list logo
