[pfx] Re: How to set the minimum number of bits for (non-EC) DH key exchange?

On Sat, Mar 23, 2024 at 12:36:23PM +0100, Matthias Nagel via Postfix-users wrote: > I am currently assessing the TLS security of a Postfix mail server and among > other things sslscan reported that the server allows a (non-EC) DH exchange > with only 1024 bits. While one solution would be to

[pfx] Re: improper command pipelining

On Mon, Jan 15, 2024 at 10:15:53AM +0100, Admin Beckspaced via Postfix-users wrote: > > > somoene is trying to use your postfix as http proxy server. > > Looks like security scanner. > do you know the type of encoding? No, by "CONNECT", which is no SMTP command, but a HTTP one. Bastian --

[pfx] Re: FW: Wrong email in DMARC dns

On Mon, Oct 30, 2023 at 02:36:33PM +0100, Szymon Malinowski via Postfix-users wrote: > You see the point? We got stuck in a loop of sending DMARC reports which are > beeing bounced because of unknown user. > Is there any way to prevent such situations? Don't send failure reports, ever. At least

[pfx] Re: identifying sender failing ssl/tls cipher ?

On Sat, Aug 12, 2023 at 09:47:57AM -0400, pgnd via Postfix-users wrote: > postconf -n | grep -i tls | grep -i cipher > smtp_tls_ciphers = medium > smtp_tls_exclude_ciphers = EXP, LOW, MEDIUM, aNULL, eNULL, SRP, > PSK, kDH, DH, kRSA, DHE, DSS, RC4, DES, IDEA,

[pfx] Re: postfix database, aliases, permissions, configuration issue, help requested, perplexed

On Wed, Jul 19, 2023 at 11:23:53PM -0400, Viktor Dukhovni via Postfix-users wrote: > > #systemctl status postfix > > ? postfix.service - Postfix Mail Transport Agent > > Loaded: loaded (/lib/systemd/system/postfix.service; enabled; preset: > > e> > > Active: active (exited) since Wed

[pfx] Re: Split emails with multiple recipients

On Mon, Jun 05, 2023 at 10:21:47AM +0200, Matus UHLAR - fantomas via Postfix-users wrote: > I've read a trick to reject particular recipient with temporary failure, > which results in mail for other recipient being accepted, and further retry > from sending server should only include that

[pfx] Re: per-domain sender_checks?

On Tue, May 16, 2023 at 09:44:41AM -0400, Wietse Venema via Postfix-users wrote: > Looks like you have a *local* DNS problem. Check your routing, > including netmasks. The domain is broken. See https://dnsviz.net/d/info.apr.gov.rs/dnssec/ On of the listed name servers is unresponsive and also

[pfx] Re: logging strangeness

On Tue, May 16, 2023 at 07:32:55PM +0300, Eugene R via Postfix-users wrote: > Am I correct that the string in question should normally contain the SASL > response? While the "Password:" is apparently some interactive prompt, > indicating that something might be wrong with the connection or >

Re: Cannot resolve support@ alias

Hi Dominiki On Tue, Oct 25, 2022 at 10:58:51PM +0200, Dominik George wrote: > I am facing a strange issue here, where I cannot resolve a virtual > alias with the local part support@. Please follow the instructions in https://www.postfix.org/DEBUG_README.html#mail. Bastian -- Earth -- mother

Re: no shared cipher revisited

On Sat, Oct 01, 2022 at 09:32:49PM +, Eddie Rowe wrote: > > You should have at least an RSA certificate (2048-bit key, not more), and > > only > I do not recall seeing this on the PostFix web site that discusses TLS > settings as I struggle to setup TLS with our existing wildcard

Re: Subject encoding; logs not matching header

On Thu, Aug 25, 2022 at 05:23:26PM -0400, post...@ptld.com wrote: > I know this is minor, just bringing it to light if Wietse feels it is worth > doing something about. > I noticed on emails with encoded subject lines an extra character is being > inserted into the logs. > EMAIL HEADER >

Re: sending high senders to hold queue

On Sat, Jul 09, 2022 at 08:13:40PM +0530, Durga Prasad Malyala wrote: > However now-a-days due to compliance levels - certain people need to > genuinely send a burst of mails like 1000 or 2000 once or twice in a > month as Tax deduction confirmations or asking for some information > from vendors

Re: TLS library problem: error:141FC044 after enabling TLS

On Thu, Jun 09, 2022 at 07:05:24PM +0200, Steffen Nurpmeso wrote: > [also there is > smtpd_tls_mandatory_exclude_ciphers = > aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, > EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, > CBC3-SHA > but i definetely should put more

Re: Block MX from recipients

On Tue, May 31, 2022 at 09:02:12PM +0200, Matus UHLAR - fantomas wrote: > for hotmaul.com and hormail.com use simple check_sender_access and > check_recipient_access. Or check the recipient domain in the application that receives the e-mail addresses. Just reject everything that does not have a

Re: transport_maps with address extension (user+ext@domain)

On Thu, May 19, 2022 at 01:06:09PM +0200, Jan-Martin Raemer wrote: > Config: > main.cf: Maybe try to set "recipient_delimiter"? Without delimiter, none will be used. Bastian -- We have phasers, I vote we blast 'em! -- Bailey, "The Corbomite Maneuver", stardate 1514.2

Re: dnswl.org lookup error

Hi On Sun, May 08, 2022 at 07:42:00PM +0900, Byung-Hee HWANG wrote: > May 8 10:24:25 bionic190316003 postfix/smtpd[10918]: warning: > 17.188.51.209.list.dnswl.org: RBL lookup error: Host or domain name not > found. Name service error for name=17.188.51.209.list.dnswl.org type=A: Host > not

Re: Q: configuring Postfix as a front for Exchange 365

On Tue, Apr 05, 2022 at 06:15:49PM +0200, Arrigo Triulzi wrote: > In retrospect the above doesn’t work - I set up some valid relay recipients > in the map and the virtual_alias_map is never used because you cannot have > both a relay_domain and a virtual_domain set. Where exactly did I show

Re: Mail and mail traces lost (?)

On Wed, Mar 30, 2022 at 03:32:39PM +0300, Nikolaos Milas wrote: > Any help in troubleshooting the issue are appreciated! Please follow https://www.postfix.org/DEBUG_README.html#mail. I would say you have chroot enabled on some services. Bastian -- The face of war has never changed. Surely it

Re: Mail and mail traces lost (?)

On Wed, Mar 30, 2022 at 07:10:09PM +0200, Emmanuel Fusté wrote: > Systemd/journald is far from perfect, but clearly not the culprit here. Also it write a log message if something runs into rate limits. We actually have systems, where we break the default rate limits of journald. Bastian --

Re: Transport_regexp permission denied - I don't see why...

On Sun, Mar 27, 2022 at 01:04:07AM -0700, Roger Klorese wrote: > [root@divine etc]# ls -ld /home > drwxr-xr-x. 4 root root 33 Mar 25 23:56 /home ^ You have SELinux enabled. > [root@divine etc]# ls -ld /home/sympa > drwxr-x--x. 14 sympa sympa 4096 Mar 26 14:45 /home/sympa You don't

Re: Q: configuring Postfix as a front for Exchange 365

On Tue, Mar 22, 2022 at 08:38:39AM +0100, Arrigo Triulzi wrote: > I was hoping to be able to use a transport re-write but if I set it up it is > ignored because of the virtual domain settings. Please show real configs. > Does anyone have any recommendations on how to go about with this? Well.

Re: Trying to understand this DNSBL blocking issue

On Fri, Mar 04, 2022 at 06:58:33PM +0100, Gerben Wierda wrote: > Feb 27 06:02:19 mail postfix/dnsblog[46930]: addr 113.197.35.193 listed by > domain zen.spamhaus.org as 127.255.255.254 > The 254 response means: the query comes form an open resolver so we’re not > going to reply properly. The

Re: Preserve milter_mail_macros

Hi Michael On Wed, Feb 09, 2022 at 08:54:34PM +1300, Michael Hallager wrote: > Is there a way to preserve milter_mail_macros? You need to set the Postfix setting in the config of the instance after Amavis. Please follow https://www.postfix.org/DEBUG_README.html#mail. Bastian -- Lots of

Re: Preserve milter_mail_macros

Hi Michael On Wed, Feb 09, 2022 at 09:07:41PM +1300, Michael Hallager wrote: > I can not find a way to scale Amavis to ISP level with multiple client > domains because it appears to only support hard coded values. "hard coded values"? > Have you found a good option? Yes, we do DKIM signing

Re: header_check PREPEND option different behavior in hotmail and gmail

Hi name less On Tue, Feb 08, 2022 at 05:25:54PM -0300, SysAdmin EM wrote: > I use the header_checks file to insert a data in the Reply-To header but > depending on the provider it is added incorrectly. Don't, just don't. This is up to the mail client, not you. Bastian -- It would seem that

Re: Postmulti not binding instances to aliased IPs

On Wed, Feb 09, 2022 at 12:45:21PM +0530, Nitin N wrote: > I checked out master_service_disable at here > but I am a > bit uncertain of how I should use it. Well. Did you understand what it does? > So here is the output of

Re: Accepting expired client certificate

Hi On Thu, Feb 03, 2022 at 08:24:07AM -0500, Martin Hicks wrote: > There is an smtp server that is trying to send e-mail to my > domain, but with an expired certificate: > Feb 2 11:20:52 darwin postfix/smtpd[9181]: warning: TLS library problem: > error:14094415:SSL

Re: SMTPUTF8 is required...

On Thu, Dec 09, 2021 at 10:25:40AM -0300, Daniel Armando Rodriguez wrote: > This error came up: "SMTPUTF8 is required, but was not offered by host..." > Error appeared again, so. What else can I do? Please follow the documentation: http://www.postfix.org/DEBUG_README.html#mail Bastian --

Re: FYI SMTP/25 security (was: "Correct" way to override cipher list?)

On Sat, Oct 30, 2021 at 06:57:41PM +0200, Matus UHLAR - fantomas wrote: > unfortunately, security bureau in Slovakia started scanning gov. agencies > and we already received requests to close those on smtp/25. And do they actually have anything to say? Just disable cleartext then. Bastian --

Re: delete from hold queue

On Thu, Oct 28, 2021 at 10:39:52AM +0200, richard lucassen wrote: > Anyone here who wrote a shell script that deletes messages older than X > days from the hold queue? Why do you have _any_ messages in the hold queue? Don't do that! Bastian -- You're too beautiful to ignore. Too much woman.

Re: Rewrite 'Message-Id' to "Message-ID"

Hi On Mon, Aug 23, 2021 at 08:31:39AM +0200, rud...@padaru.de wrote: > recently we have noticed, that our postfix add a lowercase ‚d‘ when he > append value missing Headers, concrete i mean to the mail by the Message-Id > value. Is there a simple and less error way to change this behavior? So

Re: Best current practice to analyze brute force login attempts?

On Sun, Aug 01, 2021 at 04:51:36PM +1000, raf wrote: > With only ports 25 and 465 open, the Mail app on an > iphone will auto-configure itself to use port 25. It > would use port 587/STARTTLS if that were open, but > sadly, it ignores 465/TLS). The iphone can be coerced > into connecting to port

Re: Conditional milter_header_checks?

On Wed, Jul 14, 2021 at 05:43:57PM +1000, raf wrote: > Here's a (silly) thing that wrong with DMARC: :-) > I've sent two messages to this mailing list so far, and > I've received 52 DMARC forensic/failure report emails > as a result! :-) Your mails are not DKIM signed, so of course they will

Re: smtp_tls*_protocols and !TLSv1

On Fri, Jul 02, 2021 at 03:14:58PM +0200, Marek Kozlowski wrote: > It looks like '!TLSv1' is seen as something like > "!TLSv1.x" ("no TLS 1.x at all") rather than "!TLSv1.0". Yes it is a stupid > supposition but I cannot think of any other explanation. Is it possible? No,

Re: Skipping SPF checks

On Wed, Jun 30, 2021 at 10:31:08AM +0300, Dima Veselov wrote: > As I understand my rules does not allow any message skip SPF check: > smtpd_recipient_restrictions = > permit_sasl_authenticated > permit_mynetworks > Is there any circumstances that can make postfix skip SPF? I see two

Re: Unable to connect to IMAP - Exceeded Maximum Number of Connections

On Wed, Jun 23, 2021 at 10:36:49AM +0100, Adam Weremczuk wrote: > "Unable to connect to your IMAP server. > You may have exceeded the maximum number of connections to this server. > If so use the Advanced IMAP Server Settings dialog to reduce the number of > cached connections." Postfix does not

Re: Mail not being sent to file

On Wed, Jun 16, 2021 at 05:59:16PM -0700, Jeremiah Rothschild wrote: > To triple check my sanity, I created a brand new VM and confirmed the > behavior. > So anyone should be able to easily reproduce this. > > * Fresh CentOS 8.4 install > * Choose "Minimal" base environment > * Defaults for

Re: postscreen appears to be misinterpreting zen.spamhaus.org's error return codes

On Sat, May 29, 2021 at 11:55:02AM -0400, Timo Geusch wrote: > On 5/29/21 11:03 AM, Wietse Venema wrote: > > Timo Geusch: > > > Based on zen.spamhaus.org's documentation 127.255.255.25[245] are > > > actually error codes and not indicators of allow/denylisting - in this > > > case, their error is

Re: long_queue_ids

On Thu, May 27, 2021 at 11:31:15AM -0400, post...@ptld.com wrote: > Any other tips for parsing logs for queue ID? Only contain alphanumeric characters, at least 11 characters long. Bastian -- You're too beautiful to ignore. Too much woman. -- Kirk to Yeoman Rand, "The Enemy

Re: long_queue_ids

On Thu, May 27, 2021 at 11:50:14PM -0400, post...@ptld.com wrote: > Is it possible for two different servers to have a same long_queue_ids ? > Are the long queue ID's unique to the world or only unique to that postfix > instance? Queue ID are only unique to a single Postfix instance. Why do you

Re: kolabsys.com still have dnssec unsecure :/

Hi Benny On Tue, May 04, 2021 at 09:35:29PM +0200, Benny Pedersen wrote: > in bind9 i just do > rndc nta kolabsys.com > it have being a problem very long time now :/ What is the problem you are seeing? Yes, kolabsys.com is not in good shape, see https://dnsviz.net/d/kolabsys.com/dnssec/. But

Re: SPF/DMARC modified by host en route

On Mon, Apr 26, 2021 at 02:31:28PM +0200, Jeff Abrahamson wrote: > Thanks.  That's what I thought, too.  But this is the strange thing: > gmail reports that the DKIM signature is good even while complaining > that DMARC fails.  (And so gmail classes as spam, apparently.) This should only happen

Re: Milter Behavior

On Sun, Mar 14, 2021 at 11:51:05AM +0100, Juri Haberland wrote: > You should get this information from the AR-header. It should look like > this: > Authentication-Results: mx.example.org; dmarc=pass (p=quarantine > dis=none) header.from=example.com; > See the "p=quarantine dis=none" in the

Re: can't send to GSuite mailserver via IPv6 protocol

On Mon, Mar 01, 2021 at 09:44:46AM +0100, Erwan David wrote: > Google demands a reverse in IPv6, Thomas, does your server have one ? Worse, Google tells you and Postfix will show it in the logs and tell the sender. So Thomas needs to provide error messages and stop wasting out time for guessing.

Re: client and ehlo hostname mismatch

Hi On Thu, Feb 11, 2021 at 12:32:25PM +0300, Eugene Podshivalov wrote: > Is it safe enough nowadays to drop dmarc failed incoming mail with > opendmarc? No. You can reject them however. Bastian -- Prepare for tomorrow -- get ready. -- Edith Keeler, "The City On the Edge of

Re: email loops back from localhost

Hi On Thu, Feb 11, 2021 at 01:14:59PM +0100, Zsombor B wrote: > Can you help me please why does this fall into a loop? > postfix > localhost:1 > localhost:1 > localhost:1 > etc. until > too much hops. > --- master.cf > 127.0.0.1:1 inet n - y - - smtpd >-o

Re: TLS is required, but was not offered

On Sat, Feb 06, 2021 at 12:05:44PM +0100, OzyMate wrote: > TLS is required, but was not offered by host 127.0.0.1 127.0.0.1 is not Amazon SES. So you are not showing stuff or running into the wrong direction. Please follow the instructions laid down in

Re: About messages bounced due name resolution issues using IPv6

Hi Sergio On Thu, Dec 03, 2020 at 05:34:45PM -0300, Sergio Belkin wrote: > Is quite interesting that I find the following in logs: > Dec 2 23:53:09 muteriver postfix/smtp[28063]: warning: no MX host for > another-example.com has a valid address record Well, more serious: another-example.com

Re: Unable to send email

On Mon, Nov 16, 2020 at 10:34:08AM +0100, Enrico Morelli wrote: > 5F2E68092A2 335691 Mon Nov 16 10:00:40 i...@mydomain.it > (Host or domain name not found. Name service error for > name=recipient-it.mail.protection.outlook.com type=A: Host not found, > try again) recipi...@recipient.it | %

Re: Transport_map error

Hi Piette On Fri, Oct 30, 2020 at 09:50:12AM +0100, Pierre Couderc wrote: > postmap -q "yahoo.fr" pgsql:/etc/postfix/sql/transport_map.cf > yahoo.fr,relay:[mx-eu.mail.am0.yahoodns.net] > I do not understand the error, and partiucularly the "private"... You asked Postfix to use the transport

Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

Hi Viktor On Wed, Oct 28, 2020 at 01:00:35PM -0400, Viktor Dukhovni wrote: > On Wed, Oct 28, 2020 at 09:01:38AM -0700, PGNet Dev wrote: > > Oct 28 15:02:40 svr019 postfix/postdrop[64624]: warning: > > mail_queue_enter: create file maildrop/553726.64624: Permission denied > > Oct 28

Re: Postfix smtp gets stuck with XCLIENT when using smtps

On Fri, Oct 23, 2020 at 11:55:20AM -0400, Demi M. Obenour wrote: > On 10/22/20 12:47 PM, Aki Tuomi wrote: > > I stumbled upon a possible bug with postfix. I am using postfix 3.4.14, and > > when I use XCLIENT command over smtps (not starttls), the session gets > > stuck until further input,

Re: sanity-check postfix XCLIENT usage ?

Hi name less On Wed, Oct 21, 2020 at 10:13:54AM -0700, PGNet Dev wrote: > I've online-checked SPF/DMARC records for 'intuit.com'; all _seems_ to be ok. > I've cranked up opendmarc logging level to > MilterDebug 5 > with that, on failed attempt, I see only an unhelpful > Oct 21

Re: implementing offline/maintenance mode, with SMTP reply?

On Fri, Oct 16, 2020 at 10:51:52AM -0700, PGNet Dev wrote: > is there an already built-in maintenance-mode, or somesuch, in postfix? > it'd be most convenient; if it's in docs, i've missed it. Just shut down Postfix, that's equivalent to returning 4xx. Bastian -- Intuition, however illogical,

Re: Send only configuration best practices?

On Wed, Sep 16, 2020 at 04:39:12PM -0600, Bob Proulx wrote: > What's the best configuration for a web server that does not receive > mail but needs to send mail? Send only does not exist. Every e-mail can produce bounces, which are sent to the sender of the original e-mail and needs to be

Re: strangely incoming mails

On Sun, Sep 13, 2020 at 10:17:16PM +0200, Zsombor B wrote: > I'm confused and need your help. And we need information, see http://www.postfix.org/DEBUG_README.html#html Bastian -- The more complex the mind, the greater the need for the simplicity of play. -- Kirk, "Shore

Re: Limiting smtpd_upstream_proxy_protocol to certain IPs

Hi Andreas On Thu, Aug 20, 2020 at 01:28:38PM +0200, Andreas Thienemann wrote: > My plan was to setup a proxy on a backup machine somewhere else and just > proxy 25/tcp to my primary MX. My initial plan was to use > smtpd_upstream_proxy_protocol = haproxy and thus inform the smtpd of the > real

Re: Using Postfix sendmail without having Postfix daemon running all the time?

On Thu, Aug 06, 2020 at 09:44:24AM +0300, Otto Kekäläinen wrote: > Is it possible to send email using the Postfix provided > /usr/sbin/sendmail command on a system where Postfix is installed, but > not running permanently as a service? Sure, the sendmail command will just deposit the mail into

Re: [RFE] - Resolving of SRV records

Hi Peter On Wed, Jul 29, 2020 at 02:46:55PM +1200, Peter wrote: > On 29/07/20 8:19 am, Jaroslaw Rafa wrote: > > Could anybody explain *why* using this record by Postfix is needed at all? > > As far as I understand, SRV records are meant to be use by mail *clients*, > > to > > simplify MUA

Re: DMARC zip file attachments and 5.7.1 message content rejected

On Fri, Jul 17, 2020 at 01:05:18PM +, Paul Littlefield wrote: > Is there a way to ALLOW (perhaps with header_checks?) these .zip files > through? Remove the header check. Bastian -- Vulcans believe peace should not depend on force. -- Amanda, "Journey to Babel", stardate

Re: SMTPUTF8 problem with Exchange servers

On Wed, Jun 17, 2020 at 02:37:23PM +0200, Patrick Proniewski wrote: > For some time now I notice that some messages, either originating from > Internet or from internal servers are bounced when they arrive on the last > hop: Exchange. > Jun 17 12:34:20 postfix-mailgw/smtp[77347]: 57F56EB256: >

Re: TLS best practices

On Thu, May 14, 2020 at 12:56:46PM -0400, Ian Evans wrote: > As some test suite recommendations might be harsher than what is practical > I thought I'd check with the people who actually work on Postfix. The most important question is: are you talking about mandatory or opportunistic TLS. All

Re: filtering locally submitted emails / tidying up the config

On Sat, May 02, 2020 at 11:40:52AM +0200, Patrick Proniewski wrote: > It negates the benefit you were writing about as amavisd-milter will drop the > message on the milter interface (postfix/cleanup[26401]: 87E5316135: > milter-discard: END-OF-MESSAGE from localhost[127.0.0.1]: milter triggers

Re: delaying postfix until/unless VPN is up/connected

On Mon, Mar 23, 2020 at 01:04:44PM -0500, Ranjan Maitra wrote: > So, I am wondering if I it is possible to have a setup whereby postfix is > delayed unless/until VPN is up and running. If VPN is down, then I would like > postfix to be delayed until such time as it comes up. If it is possible,

Re: Message encoding by guessing

On Sun, Feb 09, 2020 at 01:45:21PM +0300, wes...@199903.xyz wrote: > How to guess the message body’s language encoding if message didn’t have MIME > charset set?  The message may be encoded with utf8, gb2312, gbk or something > others, but it didn’t have an charset header. Well, text/*, with

Re: STARTTLS and PCI requirements

On Thu, Jan 02, 2020 at 12:16:33PM -0500, James B. Byrne wrote: > We recently were forced by our PCI compliance audit to change our > permissible ciphers. I speculate that this is the source of our > problem. Our revised cipher list is: Don't, as long as you don't enforce encryption as well.

Re: smtpd_policy_service_timeout question

Hi Scott On Sun, Dec 29, 2019 at 10:04:39AM -0500, Scott Kitterman wrote: > For the policy server in question, the 100s default should be more than 2x > the > maximum time the policy request can take, even if DNS is very slow, The policy service is supposed to do proper timeouts for everything

Re: Disabling TLS 1.0/1.1, is it advisable?

On Wed, Nov 06, 2019 at 08:54:17AM -0600, Bryan K. Walton wrote: > Apple, Google, Microsoft, and Mozilla have all announced that they will > be deprecating TLS 1.0 and 1.1 in March 2020, in their web browsers. Mail is not a web browser. > Similarly, SSL Labs has announced that they will be

Re: Postfix ignores smtpd_tls_security_level = encrypt ?

On Thu, Oct 31, 2019 at 03:58:03PM +0100, Ferdinand Goldmann wrote: > I need a Postfix (3.3) installation to only accept mails sent after STARTTLS, > so I've set smtpd_tls_security_level = encrypt in main.cf. However, Postfix > still allows sending mails withouth encryption. accept != send.

Re: reject_unknown_sender_domain seems not to work

On Fri, Oct 25, 2019 at 11:37:04AM +0200, Lars Liedtke wrote: > Right and not :-( Sadly, our crystal ball is in revision. So please do as you are told and read http://www.postfix.org/DEBUG_README.html#mail. Bastian -- The heart is not a logical organ. -- Dr. Janet Wallace,

Re: Postfix, Amavis and DKIM body hashes

On Wed, Sep 11, 2019 at 09:24:39PM +0200, Ralph Seichter wrote: > Before filing a bug report for Amavis, I just want to make sure I did > not miss some peculiarity of after-queue content filters? Any reason you don't use Amavis for DKIM signing? Bastian -- Bones: "The man's DEAD, Jim!"

Re: username specification for email system

On Thu, Sep 05, 2019 at 03:45:47PM +0800, Wesley Peng wrote: > Is there the username specification for email system? It is called "local-part". And yes, RFC 5321 and 5322 have a pretty comprehensive spec for it. The following is a valid e-mail address for example: "alert('Ohhai')"@43-1.org

Re: Spoofing Emails to My Own Domain

On Tue, Jul 09, 2019 at 09:25:10PM +0500, bilal.ah...@kfueit.edu.pk wrote: > I am facing a problem that someone is spoofing my domain address and sending > emails to my own domain users. Envelope sender or header from? First is "fixed" by SPF. Second is completely normal, just check your mail

Re: Problem setting a TLS verified connection

On Wed, Jun 19, 2019 at 09:28:52PM +0200, sral...@gmail.com wrote: >  Verified TLS connection established to MXhost[xxx.xxx.xxx.xxx]:25: TLSv1.1 > with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Postfix: I can verify the certificate of the remote host > postfix/smtp[]: : to=,

Re: Milter connection limit

On Thu, Jun 13, 2019 at 11:31:09AM +0200, Tom Sommer wrote: > I'm running into problems with OpenDKIM and a 1024 libmilter connection > limit (or port-reservation limit) during peak hours. Please show your Postfix config and logs, see http://www.postfix.org/DEBUG_README.html#mail. You really

Re: Mail Delivery Status report

Hi nameless On Thu, Jun 06, 2019 at 12:15:10PM -0600, @lbutlr wrote: > On May 31, 2019, at 1:52 AM, Bastian Blank > wrote: > > On Fri, May 31, 2019 at 01:29:11AM -0600, @lbutlr wrote: > >> mail postfix/pipe[78386]: 45FZmb6nfgzdrvL: > >> to=>, relay=dovecot, del

Re: Mail Delivery Status report

On Fri, May 31, 2019 at 01:29:11AM -0600, @lbutlr wrote: > mail postfix/pipe[78386]: 45FZmb6nfgzdrvL: > to=>, relay=dovecot, delay=0.03, > delays=0.01/0.01/0/0.01, dsn=2.0.0, status=deliverable (delivers to command: > /usr/local/libexec/dovecot/dovecot-lda) > mail postfix/pickup[14015]:

Re: Mail Delivery Status report

On Fri, May 31, 2019 at 12:03:37AM -0600, @lbutlr wrote: > I am getting mail delivery status reports for every bcc email (that is, every > email, since I use a bcc map to create a backup of all the mail). Then you missconfigured something. Mails duplicated by bcc maps are sent with NOTIFY=NONE,

Re: opendmarc.dat Permission denied issues

On Thu, May 30, 2019 at 04:44:13AM -0600, @lbutlr wrote: > On 29 May 2019, at 08:52, Benny Pedersen wrote: > > /var/tmp must not be cleaned after boots, /tmp will be cleaned on boot > I've never heard that. Is that a real thing or just your own 'rule'?

Re: Trying to understand smtpd_recipient_restrictions order

Hi Andreas On Thu, May 09, 2019 at 07:13:22PM +0200, Andreas Thienemann wrote: > smtpd_recipient_restrictions = check_recipient_access > proxy:mysql:/etc/postfix/bounce_spam_alias.cf >check_recipient_access > proxy:mysql:/etc/postfix/bounce_routes.cf What I

Re: Trying to understand smtpd_recipient_restrictions order

On Thu, May 09, 2019 at 07:13:22PM +0200, Andreas Thienemann wrote: > I was under the impression, that smtpd_recipient_restrictions and other > restriction configuration items were being processed top to bottom. Show logs. Show complete config. See http://www.postfix.org/DEBUG_README.html#mail.

Re: include full original message in bounce

On Thu, May 09, 2019 at 06:11:46PM +0200, Arjen Van Drie wrote: > I fully agree with you, if it were not that our application needs the full > message in the bounce. You indeed argue that we should rewrite the > application, and again I agree. For now, and for various reasons, that just > isn't

Re: How to emulate Postfix 3.3 setting “header_from_format” in Postfix 3.1?

On Thu, Apr 18, 2019 at 11:47:31AM +0200, Thorsten Schöning wrote: > So, is there some way to get "header_from_format = standard" of > Postfix 3.3 in Postfix 3.1? Of cause there is: set the correct header while submitting mail. Relying on Postfix to fixup stuff is always the least preferred

Re: $queue_directory/private permissions

On Mon, Mar 25, 2019 at 01:32:28AM -0400, Viktor Dukhovni wrote: > Sorry, that breaks the Postfix internal access control model in unsupported > ways. Root needs to be able to read the directory with its standard > permissions. How exactly does "root" get permissions to read the directory? It's

Re: Howto reject only one recipient and not drop entire email?

On Mon, Mar 18, 2019 at 02:40:59PM +0200, Otto Kekäläinen wrote: > My goal is to prevent our system from sending email to addresses that > for sure does not work, and attempt to send only email that has a > chance of being delivered. > > I have this in my Postfix configuration: > >

Re: Semi-OT: Getting blacklisted by hotmail/Google again and again

Hi Johannes On Sat, Mar 16, 2019 at 10:56:11AM +0100, Johannes Bauer wrote: > host > eur.olc.protection.outlook.com[104.47.125.33] said: 550 5.7.1 > Unfortunately, messages from [37.120.172.118] weren't sent. Please contact > your Internet service provider since part of their network is on our

Re: Postfix stable release 3.4.2

On Mon, Mar 11, 2019 at 05:28:15PM +0100, Ralph Seichter wrote: > * John Stoffel: > > And we're going to run into this exact same problem the next time > > Linus bumps the major version > Looking at the Linux Kernel development history, you see that major > versions have been released years apart.

Re: Discard subject UTF8

On Thu, Feb 28, 2019 at 11:08:46AM -0300, Emanuel wrote: > From: =?UTF-8?B?QW1hem9uLmNvLnVr?= > > Subject: =?UTF-8?B?WW91ciBBbWF6b24uY28udWsgb3JkZXIgIzk3NDg1MzgxMg==?= > Message-ID: <5a18a03d6412f75876d9ab706b99f5f4@localhost.localdomain> > X-Mailer: PHPMailer 5.3.5 You have an open

Re: Discard subject UTF8

On Thu, Feb 28, 2019 at 10:43:20AM -0300, Emanuel wrote: > How can I discard these emails if they are encoded? yes or if I need to > create a regular expression for the ID in to the subject. You block the users sending them. Bastian -- To live is always desirable. -- Eleen the

Re: Postfix is wrongly marking CA certificate expired

On Mon, Jan 21, 2019 at 12:40:52AM -0700, phoenixsagar wrote: > Logs are like : > postfix/backend/smtp[95117]: CA certificate verification failed for > abc-abc.mail.abc.outlook.com[111.111.111.111]:25: certificate has expired > postfix/backend/smtp[95117]: Untrusted TLS connection established to

Re: Send a BCC based on header check after receiving mail back from amavis-new

On Tue, Jan 01, 2019 at 12:17:15PM +0100, Admin Beckspaced wrote: > If amavis-new detects some spam it will add headers like: > based on those tags I would like to send a BCC to my spam collecting > s...@address.com for further inspection and review. Ask amavisd-new to quarantine the mail.

Re: capture information for internal generated mails

On Thu, Dec 20, 2018 at 08:02:12PM +0800, d tbsky wrote: > I understand the information is in the log. but I need to archive this > information for auditing in the future. so I need this information > when postfix bcc the mail. > with other kind of received mails, I can use bcc_recipient_maps and

Re: G Suite mx checker complains "do not configure the mail service on the only domain name."

On Tue, Nov 13, 2018 at 05:31:13PM +0100, Poliman - Serwis wrote: > It's colonel.com.pl. Please check. I don't see anywhere MX's IP as A record > in dns zone. You missed that the point is called "There should not be a mail exchanger set up on naked domain name." Don't run an externally reachable

Re: Enabling TLSv1.2 support in postfix 2.8.2

On Wed, Oct 24, 2018 at 04:44:19PM -0600, @lbutlr wrote: > On Oct 24, 2018, at 09:19, Benny Pedersen wrote: > > do not disable tlsv1 > I couldn’t disagree more. TLSv1.2 has been out for a decade and there is no > reason to be running v1 or v1.1. At all. You disable cleartext SMTP as well?

Re: What is Postfix telling me?

On Thu, Sep 06, 2018 at 05:04:43PM -0400, James B. Byrne wrote: > Sep 6 12:36:42 mx31 postgrey[85107]: action=pass, reason=client AWL, > client_name=malton22-1176258451.sdsl.bell.ca, > client_address=70.28.71.147, sender=c...@airportcargo.ca, > recipient=impo...@harte-lyne.ca This is from

Re: GSSAPI and Success as a error code

On Wed, Aug 22, 2018 at 06:04:33PM +0200, Kacper wrote: > klist -Kek /etc/postfix/postfix.keytab > Keytab name: FILE:/etc/postfix/postfix.keytab > KVNO Principal > > -- >2 smtp/srv.mydomain.t...@mydomain.test

Re: Blocking spammers who spoof From: addresses from my domain

On Mon, Aug 13, 2018 at 05:19:18AM -0600, @lbutlr wrote: > On 12 Aug 2018, at 17:29, Stuart Longland wrote: > > We have a problem where some smart-arse spammers/phishers are spoofing > > the From address, specifying our domain as their from address. In one > > case, the person in question uses

Re: What is postfix telling me to do?

On Tue, Jun 26, 2018 at 02:34:19PM -0400, James B. Byrne wrote: > When we do we frequently > (always?) get messages like this in the mail queue: Such important mails must not lay around in the queue, but needs to be delivered. > In: RCPT TO: > Out: 250

Re: What is postfix telling me to do?

On Tue, Jun 26, 2018 at 04:47:57PM -0400, Wietse Venema wrote: > > Out: 451 4.3.0 Error: queue file write error > You have "notify_classes = ... bounce ..." somewhere, otherwise > you would not receive the above SMTP session recording. > > Try: postconf -P | grep notify_classes Are you sure

Re: How to pass connection's real IP through Nginx smtp proxy to Postfix/postscreen backend?

On Thu, Jun 21, 2018 at 12:47:50PM -0700, cy...@123mail.org wrote: > I'm beginning to experiment with putting Postfix (and eventually other) > server behind Nginx (v 1.15.0) setup as a mail (SMTP) proxy. Why? > What I see in the Postfix log is > Jun 21 12:10:12 mailprox

  1   2   3   >