On Mon, 30 Oct 2023, Jens Hoffrichter via Postfix-users wrote:
We are looking into implementing DKIM signing for one of our services,
and there are multiple ways to implement that.
So far I have found that you can do it with opendkim and amavis - any
recommendation for one or the other, or
On Mon, 24 Jul 2023, Wietse Venema via Postfix-users wrote:
Bernardo Reino via Postfix-users:
On Sun, 23 Jul 2023, Viktor Dukhovni via Postfix-users wrote:
On 23 Jul 2023, at 4:21 pm, Charles Sprickman via Postfix-users
wrote:
In the case of the dehydrated ACME client
(https://github.com
On Sun, 23 Jul 2023, Viktor Dukhovni via Postfix-users wrote:
On 23 Jul 2023, at 4:21 pm, Charles Sprickman via Postfix-users
wrote:
In the case of the dehydrated ACME client
(https://github.com/dehydrated-io/dehydrated) there's an option to run
a bunch of commands on successful update,
On Mon, 22 May 2023, Tom Reed via Postfix-users wrote:
Given the case that:
1. postfix is a backup MX for foo.com
2. this postfix uses other MTA as relay_host
When the primary MX for foo.com is down, messages to u...@foo.com will be
delivered into backup MX. And, backup MX delivers the
On Tue, 2 May 2023, Victoriano Giralt via Postfix-users wrote:
[very good information and advice]
Just show/check the output of "ip a" if you are on Linux, please, you
will be surprised.
Maybe also add "ip r", as this would clarify whether the default route is the
VPN or not (and
On Mon, 1 May 2023, Kolusion K via Postfix-users wrote:
When I open a raw socket to the remote server on port 25 using telnet, I am
able to connect and see the server announce itself, so, it is reasonable to
assume that Postfix is doing the same and timing out during the SMTP
transaction
On Mon, 1 May 2023, Kolusion K via Postfix-users wrote:
Hello
Postfix's documentation for the tls_high_cipherlist parameter states to see
the output of the command 'postconf -d' to see the default setting.
Sadly, the documentation lacks specificness, and the output spit out about
500
On Sat, 29 Apr 2023, Ken Peng via Postfix-users wrote:
Nope. I found that if I enabled protocol test, every provider including
gmail/orange/vodafone sending messages to me will get response code 450. After
I disabled those protocol test, everything goes fine.
So what's the correct way to
On Sat, 29 Apr 2023, Ken Peng via Postfix-users wrote:
Hello
When I enabled postscreen, why even gmail's sender IP was greylisted?
Did you expect or configure to deal with gmail differently?
The log says:
Apr 29 15:35:35 mxin postfix/postscreen[59408]: NOQUEUE: reject: RCPT from
On Mon, 10 Apr 2023, tom--- via Postfix-users wrote:
I have two debian boxes, one is running unbound for dns resolver, another is
running systemd-resolve.
[..]
Checking for RBL on first node is successful:
[..]
But second is not:
[..]
Can you tell me why?
unbound will, per default,
On Thu, 23 Mar 2023, Steffen Nurpmeso via Postfix-users wrote:
[...]
(That is pretty off-topic for postfix; except maybe for fun
posting my SMTP related firewall
[...]
add_rule -p tcp --src ${addr}${mask} \
--dport ${p_smtp} -m limit --limit 60/m -j
On Wed, 8 Mar 2023, Phil Stracchino via Postfix-users wrote:
On 3/7/23 15:36, Bernardo Reino via Postfix-users wrote:
On Tue, 7 Mar 2023, John Stoffel via Postfix-users wrote:
So what's the option for a more upto date version of DKIM milter for
debian?
rspamd does DKIM, SPF, DMARC
On Tue, 7 Mar 2023, John Stoffel via Postfix-users wrote:
So what's the option for a more upto date version of DKIM milter for debian?
rspamd does DKIM, SPF, DMARC and ARC (and lots more), and doesn't segfault (so
far ;-)
Good luck.
___
On Fri, 26 Aug 2022, post...@ptld.com wrote:
I'm not getting your point. Why do you keep talking about a "quoted space"?
The first line ends with CRLF and the second line has to start with a space
to indicate it is a continuation of the previous line (folding). Why are you
saying that means
On Fri, 26 Aug 2022, post...@ptld.com wrote:
EMAIL HEADER
Subject: =?UTF-8?B?8J+YsSBTSE9QIE5PVzogR2V0IDAlIElOVEVSRVNUIERlYWxzIHBs?=
=?UTF-8?B?dXMgZXhjbHVzaXZlIHZvdWNoZXJzIHdpdGggU1BheUxhdGVyISDwn5GJ?=
SIDE BY SIDE COMPARE
=?UTF-8?B?8J+YsSBTSE9QIE5PVzogR2V0IDAlIElOVEVSRVNUIERlYWxzIHBs?=
On Tue, 9 Aug 2022, Bill Cole wrote:
On 2022-08-09 at 12:50:22 UTC-0400 (Tue, 9 Aug 2022 12:50:22 -0400)
Dino Edwards
is rumored to have said:
Let's do some concreate tests.
1) What is the output from:
dig +short 2.0.0.127.zen.spamhaus.org
Output is nothing
Your DNS resolver is
On Sun, 7 Aug 2022, Linkcheck wrote:
And now, during the past few days, zen has blocked a couple of valid emails,
the IPs of which zen claims to know nothing about.
Last week zen.spamhaus blocked over 280 emails; I've going to miss it.
I have now removed spamhaus from postfix entirely and
On Sat, 23 Jul 2022, Sebastiaan la Fleur wrote:
Hello everyone!
Currently I am running into an issue that a (misconfigured) destination
mailserver does not accept mail on port 25. It allows a TCP connection but it
will not send a greeting. Instead, it expects mail to be send to port 587
On 31/05/2022 16:38, Jaroslaw Rafa wrote:
Dnia 31.05.2022 o godz. 22:18:56 Bret Busby pisze:
I keep seeing "AW" prepended to message subjects and I have no idea
of what it means.
What does it mean?
Some MUA authors falsely assume that the string "Re:" at the beginning of
subject of a reply
On 09/05/2022 12:48, Matt Kinni wrote:
I have opendkim configured via 'smtpd_milters' to sign all outbound
mail, and my domain publishes a "quarantine" dmarc record to enforce the
consequences of this.
I recently discovered that MAILER-DAEMON messages generated by postfix
itself bypass this
On Fri, 15 Apr 2022, Benny Pedersen wrote:
On 2022-04-15 10:47, Bernardo Reino wrote:
Many e-mails are sent to "BCC" lists, so they have no To: header (or
have one with "undisclosed-recipients").
bcc does not remove or add to
I didn't say that :)
(maybe the "s
On Fri, 15 Apr 2022, li...@lazygranch.com wrote:
On Fri, 15 Apr 2022 11:06:35 +0200
Tinne11 wrote:
Am 15.04.2022 um 08:49 schrieb Fourhundred Thecat
<400the...@gmx.ch>:
Are there any legitimate cases where "to:" might be missing?
RFC 5322 says: "The only required header fields are the
On Fri, 15 Apr 2022, Fourhundred Thecat wrote:
I am receiving spam emails, where the "to:" line is entirely missing in
the email header.
[...]
Are there any legitimate cases where "to:" might be missing?
Many e-mails are sent to "BCC" lists, so they have no To: header (or have one
with
On Mon, 7 Feb 2022, Narcis Garcia wrote:
I've made some testing and it seems to be this interpretation of table, and
with unique left-column values:
FromAddress1AuthorizedLogin
FromAddress2AuthorizedLogin1 AuthorizedLogin2
FromAddress3AuthorizedLogin1 AuthorizedLogin2
FromAddress4
On Wed, 3 Nov 2021, post...@ptld.com wrote:
Just a FYI programs that change the firewall like fail2ban and sshguard
can put a high burdern on the server in the event your firewall blocks
a large amount of IP space AND you are on a very limited CPU.
Touching the firewall can lock out the
On 20/10/2021 20:44, fp145 wrote:
Well, the *symptom* is exactly the same -- works with vpn off and
doesn't work with vpn on.
I'm not sure how that's different than "In summary, postfix mail works
fine if VPN if off, does not work if VPN is on."
Those two sound suspiciously similar to me.
Hello,
I'm not sure if you'll receive this message, so I send to the list as well.
(and excuse me for top-posting, but this e-mail has no direct relevance to this
thread..)
Your server is refusing connections on port 25, so this, inter alia, prevents my
server from sending you the DMARC
On Wed, 8 Sep 2021, TTM wrote:
Wietse:
Without further information I can't say what mistake you made. Maybe
you're looking at an old message that is already in the queue.
What would be needed?
After each test, I clear thee queue with "postsuper -d ALL".
I'm wondering why postfix tries to
On Wed, 7 Jul 2021, Mike Hughes wrote:
I just noticed that we have a bunch of undeliverable messages piling up in the
queue. I have root defined in aliases for another address, which works when
sending to r...@domain.com. However, since the FQDN in main.cf is defined as
Hello,
On Tue, 27 Apr 2021, R-VISOR-TOVIS wrote:
My home server have no static, but public internet address using
freedns.
This weakness was draw me to use VPS with static, public ip address.
[...]
Seem to be I need sasl authentication between my home server and vps
server. That mean I need
Hello,
On Sat, 17 Apr 2021, Francesc Peñalvez wrote:
Is it possible to identify which password smtp is trying to use? if so I
would like to know how
With dovecot, you can set:
auth_verbose = yes
auth_verbose_passwords = plain
When I'm bored, I run:
#!/bin/sh
grep "given password: "
On Thu, 29 Oct 2020, Maurizio Caloro wrote:
Please i need little understanding help about setup TLS Certification. i
plan to implement
this on me farm but here i'am not 100% shure about the concept. For example
here i'am run
with a simple DNS Entry "mail.compa...@abc.ch" that will be the
On Fri, 16 Oct 2020, Jason Long wrote:
Thank you.
Thus, in Postfix or Dovecot configuration file I can't change the standard
record?
You a bot or something?
I think GPT-3 can understand more than you appear to do.
Good luck.
On Tue, 13 Oct 2020, Jason Long wrote:
I have an Internet domain name and a Linux server and I want to have an
email server for send and receive emails. For example, if my domain is
"example.net" then I want to have a "i...@example.net" address for send
and receive emails from the Internet.
On Sun, 16 Feb 2020, li...@lazygranch.com wrote:
Some gmail gets through, some doesn't. Is there a time limit on the DNS
check? A google search finds several timers, but nothing specific to
DNS.
Log:
Feb 17 06:18:10 mydomain postfix/smtpd[2619]: connect from
unknown[209.85.219.177]
Feb 17
On Sun, 16 Feb 2020, Viktor Dukhovni wrote:
As luck would have it, you've come to the right place. Your domain is
DNSSEC-signed, and your MX host has DANE TLSA records:
$ hsdig -t a maple.killian.com
maple.killian.com. IN A 199.165.155.8 ; NoError AD=1
[...]
May I ask you where to
On Thu, 16 Jan 2020, Dominic Raferd wrote:
I recently started using an RBL service where we have a 'private key' and
this operates very simply by prefixing the key to the RBL address. But I
just realised that this appears to mean that for any rejections the whole
address - including the key -
On Tue, 26 Nov 2019, Wesley Peng wrote:
on 2019/11/26 17:02, Matus UHLAR - fantomas wrote:
I would set up port 465 also. Note that TLS on 465 is implicit, while on
587 is
explicit, so it's easier to allow unencrypted connections by a mistake on
587.
587 is also used for StartTLS, am I
On Tue, 19 Nov 2019, Merrick wrote:
Bernardo Reino wrote:
The messages should be stored in one place, such as webmail/IMAP could
read all messages directly from this location.
Use a single IMAP server. Have both mail servers deliver the messages to
the single IMAP server.
Do you mean I
On Tue, 19 Nov 2019, Merrick wrote:
The question is, how to make storage shared by two MX servers?
MX (SMTP) servers don't store messages. They deliver them to whatever
system makes them available to the users.
(or do you mean you want have a shared queue? -- not recommended!)
The
On Mon, 18 Nov 2019, siefke_lis...@web.de wrote:
On Mon, 18 Nov 2019 17:23:43 +0100
Matus UHLAR - fantomas wrote:
cannot find your hostname indicated reject_unknown_client_hostname hit.
Ah thank you this what I had search.
seems something is wrong with your (or maybe their) reverse DNS
On Mon, 18 Nov 2019, Benny Pedersen wrote:
Bernardo Reino skrev den 2019-11-18 10:12:
I have now done it with:
rbl_reply_maps = texthash:/etc/postfix/dnsbl_reply_smtpd
where that file has lines like:
$KEY.zrd.dq.spamhaus.net=127.0.2.[2..24] $rbl_code Service
unavailable; $rbl_class [$rbl_what
On Mon, 18 Nov 2019, Matus UHLAR - fantomas wrote:
anything in the logs yet?
I just got a hit, and it worked as expected :)
Nov 18 11:47:17 regenbogen postfix/smtpd[17564]: NOQUEUE: \
reject: RCPT from 71-10-166-63.dhcp.stls.mo.charter.com[71.10.166.63]: \
554 5.7.1 Service unavailable;
On Mon, 18 Nov 2019, Matus UHLAR - fantomas wrote:
On 18.11.19 10:12, Bernardo Reino wrote:
My plan is/was to use only one blacklist (zen, IP-based) during postscreen
but then have the option of using other blacklists (dbl, zrd) at smtpd
time.
I moved all blacklist filtering from smtpd
On Mon, 18 Nov 2019, Matus UHLAR - fantomas wrote:
On 18.11.19 08:42, Bernardo Reino wrote:
I currently use postscreen with postscreen_dbl_sites pointing to my
instance of spamhaus.net. With postscreen_dnsbl_reply_map I hide the secret
key from the server responses.
Now, I also have/had
On Mon, 18 Nov 2019, Merrick wrote:
hello
On 2019/11/18 3:42 下午, Bernardo Reino wrote:
How can I configure postfix to do like postscreen_dnsbl_reply_map but for
smtpd?
can spamassassin do that as well?
I don't know, that was not my question :)
(I use rspamd for spam filtering, where I
Hello,
I currently use postscreen with postscreen_dbl_sites pointing to my
instance of spamhaus.net. With postscreen_dnsbl_reply_map I hide the
secret key from the server responses.
Now, I also have/had "reject_rbl_client zen.spamhaus.org" a part of my
smtpd_recipient_restrictions. I want
On Sun, 3 Nov 2019, Phil Stracchino wrote:
On 2019-11-03 14:21, Bernardo Reino wrote:
On Sun, 3 Nov 2019, Phil Stracchino wrote:
I've been thinking about setting up exactly such a thing myself. Trying
to figure out how to make fail2ban talk to a Shorewall firewall on a
different box is just
On Sun, 3 Nov 2019, John Schmerold wrote:
On 11/2/2019 9:42 PM, Wietse Venema wrote:
John Schmerold:
What is the best way to protect against dictionary attacks in Postfix?
Reportedly, fail2ban (no first-hand experience, because I have no
SASL clients).
Wietse
I am using Postfix
On Sun, 3 Nov 2019, Phil Stracchino wrote:
On 2019-11-03 05:24, Allen Coates wrote:
On 03/11/2019 02:42, Wietse Venema wrote:
John Schmerold:
What is the best way to protect against dictionary attacks in Postfix?
Reportedly, fail2ban (no first-hand experience, because I have no
SASL
On 2019-10-17 12:17, Jaroslaw Rafa wrote:
So you just can't block HTML, because you'll cut yourself off of many
important messages that you actually want to receive. (However, I give
HTML-only messages without a plaintext part quite a large spam score in
my
antispam filter).
Interesting to
On Tue, 4 Jun 2019, Edouard Guigné wrote:
My question was relative to the following problem :
"Lot of SPAM mails are being received where from and to address is
myself and the mail has contents which are dirty/bad."
I ask if reject_unauthenticated_sender_login_mismatch can solve this issue
52 matches
Mail list logo
