[pfx] Re: Is there a way to just quickly deliver "everything" to a file somewhere

> On Apr 11, 2024, at 08:35, Viktor Dukhovni via Postfix-users > wrote: > > On Wed, Apr 10, 2024 at 11:39:24PM -0400, Dan Mahoney via Postfix-users wrote: > >>> On Apr 2, 2024, at 10:52, Viktor Dukhovni via Postfix-users >>> mailto:postfix-users@postfix.org

[pfx] Re: Is there a way to just quickly deliver "everything" to a file somewhere

> On Apr 2, 2024, at 10:52, Viktor Dukhovni via Postfix-users > wrote: > > On Tue, Apr 02, 2024 at 04:14:29AM -0400, Dan Mahoney via Postfix-users wrote: >> Hey there all, >> >> I’m setting up a staging version of dayjob’s ticket system, and we’d >> basi

[pfx] Is there a way to just quickly deliver "everything" to a file somewhere

Hey there all, I’m setting up a staging version of dayjob’s ticket system, and we’d basically like postfix to still function, but instead of touching the internet at all, just deliver everything to a single file (or a maildir, I suppose), regardless of if a file is invoked via sendmail, or a

[pfx] Re: pushing changes to remote system

> On Mar 6, 2024, at 16:52, Wietse Venema via Postfix-users > wrote: > > Alex via Postfix-users: >> Hi, >> I have a few postfix systems on fedora38 with nearly identical >> configurations. I'd like to be able to push changes to them from a third >> system without having to login to them

[pfx] Is there a way to reject an internal domain on our border MXes

All, Pretty simple question: We have an internal domain, zimbra.example.org, but it's only used for internal routing of our corporate mail (there's a master delivery map that controls what addresses at example.org route to zimbra.example.org). We have other domains under example.org such as

[pfx] Re: Accepting mail from old Dell iDRAC

> On Aug 5, 2023, at 6:46 AM, Matus UHLAR - fantomas via Postfix-users > wrote: > > On 05.08.23 00:35, Charles Sprickman via Postfix-users wrote: >> Just following up to myself here, but this Dell POS just bails if it can't >> do TLS, lol: >> >> Aug 5 00:30:52 mail postfix/smtpd[76663]: <

[pfx] Re: Maildir changes in 3.7.4?

> On Jul 6, 2023, at 6:40 AM, Jaroslaw Rafa via Postfix-users > wrote: > > Dnia 6.07.2023 o godz. 05:43:22 Dan Mahoney via Postfix-users pisze: >> In /etc/aliases: >> >> noc:"|/usr/local/sbin/rtmailgate ops noc cor", >

[pfx] Maildir changes in 3.7.4?

All, We have our aliases file pushing things into our RT install, but also saving things to a maildir, so we can manually feed a single file back in, thusly: In /etc/aliases: noc:"|/usr/local/sbin/rtmailgate ops noc cor",

[pfx] Different set of milters for one domain?

completely splitting the config up? -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org --- ___ Postfix

[pfx] Helping OpenDKIM and OpenDMARC

Hey there all, I am one of the people who has maintainer access to OpenDKIM and OpenDMARC. I use both regularly, but I’m also a novice as a C-coder. (Sysadmin, not developer). As mentioned in another thread, I don’t have access to the web hosting stuff or the list management stuff, though

[pfx] Re: Postfix lists are migrating to a new list server

> On Mar 10, 2023, at 10:59 AM, Ralph Seichter via Postfix-users > wrote: > > * Jim Popovitch via Postfix-users: > >> On Fri, 2023-03-10 at 17:35 +0200, mailmary--- via Postfix-users wrote: >> >>> Looking at the opendkim/opendmarc right now, they appear dead over >>> the past 2 years or so,

[P-U] The joke writes itself.

I know that P-U stands for postfix users. I get it that a short subject tag was desired, but would [postfix] have been that much more distracting, without adding the obvious third-grader label that might better be held by qmail? -Dan ___

[P-U] Re: Postfix lists are migrating to a new list server

If there’ a pull request to get it into the current “develop” branch of opendmarc, I have the privs to merge it. -Dan > On Mar 8, 2023, at 11:14 AM, Peter Ajamian via Postfix-users > wrote: > > On 9/03/23 08:11, Peter wrote: >> On 8/03/23 15:46, Scott Kitterman via Postfix-users wrote: >>>

Re: Simple forwarder for postfix?

> On Jan 10, 2023, at 18:28, Viktor Dukhovni wrote: > > On Tue, Jan 10, 2023 at 05:10:41PM -0800, Dan Mahoney wrote: >> My actual question of "is there a mailing list engine that *just* >> handles a tiny subset of what a full-blown mailman does (no cgi, no >> m

Re: Simple forwarder for postfix?

So much for keeping our company domain off of the postfix mailling lists, LOL. Redacting moving forward. Rather than try to reply to every point you cited, let me start over: Our process to send to this list would do the following: Construct an email like this: To: support-st...@dayjob.org

Re: Simple forwarder for postfix?

023, at 2:07 PM, Viktor Dukhovni > wrote: > > On Tue, Jan 10, 2023 at 01:07:40PM -0800, Dan Mahoney wrote: > >> Does anyone know of a simple remailer tool that can be used inside an >> aliases (via a pipe) file that will: > > If you configure: > ># Add explic

Simple forwarder for postfix?

All, Does anyone know of a simple remailer tool that can be used inside an aliases (via a pipe) file that will: * ‘explode’ messages out to a group statically defined in a textfile. * not expose my original envelope sender and recipients? Office365 is rejecting when they see our internal alias

Re: Authenticated Receive Chain (ARC Sealing) in Postfix?

> On Jan 2, 2023, at 4:20 PM, raf wrote: > > On Mon, Jan 02, 2023 at 08:32:42PM +, "Cooper, Robert A" > wrote: > >> I have a request from my downstream Exchange admins to look into >> implementing ARC sealing in some postfix relay servers we use for >> address rewriting. From the bit

Re: Spammer succeeded in relaying through my server

(Speaking with my Trusted Domain Project hat on). Yes, we'll take help. I have commit access to all the Github repos, and am trying to push out a new release of OpenDKIM. I've been meaning to do this for months, but life and family stuff has been getting in the way. Here are the things I'd

Re: DKIM not signing in plesk server with postfix

Can you post the relevant bits of the postfix and opendkim configs (omit the actual key data, of course). Anything in the logfiles? -Dan > On Dec 25, 2022, at 15:18, Water Around wrote: > > > > Hi, thanks for the response... > I have exhausted my attempts with plesk docs, and plesk support

Re: remailer for alias lists?

> On Dec 4, 2022, at 11:30, Wietse Venema wrote: > > Dan Mahoney: >> Hey all, >> >> We have a mailing list (of like ten, not-often-changing people) >> that we'd like to not have to spin up a full mailing list program >> like mailman or whatnot. >

remailer for alias lists?

Hey all, We have a mailing list (of like ten, not-often-changing people) that we’d like to not have to spin up a full mailing list program like mailman or whatnot. We don’t need subsciption management or archiving, but we could really use the user rewriting akin to mailman’s from_is_list

How to forward to aliases with correct envelope-sender

Hey there all… (Attempted to send this a few days ago, believe I hit an odd mailing list issue). At the day job, we periodically do an export of our ticketing system into an internal alias where the alias does an :include:, for the cases where we need to send an all-customers mail. However,

How to forward to aliases with correct envelope sender

script that can handle that expansion better than an alias :include:? Controlling who may *send* to such an alias/script is also a consideration. Is there a good answer for that as well? -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com

Re: placing recipient_canonical_maps before/after milters

> On Oct 8, 2022, at 18:57, Wietse Venema wrote: > > Wietse Venema: >> Dan Mahoney: >>> >>> >>>> On Oct 8, 2022, at 12:59, Wietse Venema wrote: >>>> >>>> Dan Mahoney: >>>>> Hey there all, >>&

Re: placing recipient_canonical_maps before/after milters

> On Oct 8, 2022, at 12:59, Wietse Venema wrote: > > Dan Mahoney: >> Hey there all, >> >> We have a couple of recipient canonical maps that do things like >> transform firstname_lastname into username (i.e. dan_mahoney --> >> dmahoney), also handle

Re: placing recipient_canonical_maps before/after milters

> On Oct 7, 2022, at 15:08, Wietse Venema wrote: > > Dan Mahoney: >> Hey there all, >> >> We have a couple of recipient canonical maps that do things like >> transform firstname_lastname into username (i.e. dan_mahoney --> >> dmahoney), also handle

Re: placing recipient_canonical_maps before/after milters

> On Oct 7, 2022, at 15:08, Wietse Venema wrote: > > CONTENT_FILTER_README I assume by that you mean https://www.postfix.org/FILTER_README.html CONTENT_FILTER_README yields a 404. -Dan

placing recipient_canonical_maps before/after milters

Hey there all, We have a couple of recipient canonical maps that do things like transform firstname_lastname into username (i.e. dan_mahoney --> dmahoney), also handle things like mapping people's former names into current names. This is useful where a user wants to have one canonical

Reject when delivering to a pipe?

Hello all, If I am piping my mail to a program (in this case, day job's RT install), is there some way in which I can exit that will cause a message to be bounced back to the sender? Or do I need a full-on milter to do this kind of rejection? -Dan

Re: Client Certificate recommended/not-recommended RFCs?

> On Sep 29, 2022, at 14:37, Viktor Dukhovni wrote: > > On Thu, Sep 29, 2022 at 01:33:58PM -0700, Dan Mahoney wrote: > >> I've always figured "if you configure your sendmail with both a client >> cert and a server cert, you might as well use it, after a

Client Certificate recommended/not-recommended RFCs?

All, Using sendmail, I've been asking for client certs for a long time. I've always figured "if you configure your sendmail with both a client cert and a server cert, you might as well use it, after all, you paid for the thing". (This may have been the sunk-cost fallacy back when I was

Tool to correlate mail logs?

Hey all, I seem to recall discussion on this list of some tool that can look at your maillog and show a single-line-per-message summary of messageid/from/to/delivery-status tuples. I mean, if not, it's a perl script away, but is there something that already exists that does what I'm thinking

Re: TLS issue with purchase order emails from ariba.com system.

> On Jun 14, 2022, at 5:30 PM, P V Anthony wrote: > > On 15/6/2022 2:43 am, Viktor Dukhovni wrote: > >> The simplest configuration is therefore to just leave the parameter >> unset, the default value will be sensible. > > I have just commented out smtpd_tls_dh1024_param_file > > I have made

Spamtrap email — milter that can still receive, but reject?

Hey all, Is there a milter of some sort that I can configure to reject (for some to: addresses) at the end of DATA, but still forward the mail on? Im dealing with some deleted users who both got a lot of spam, but also were in the critical path for things and I’m hoping the VERP bounces trim

Re: TLS reporting

> On Apr 19, 2022, at 6:08 PM, Viktor Dukhovni > wrote: > > On Tue, Apr 19, 2022 at 05:33:50PM -0700, Dan Mahoney wrote: > >> Does postfix have any support for TLS reporting (RFC8460)? >> >> Technically, one need not be using MTA-STS to benefit

Re: password security

> On Apr 25, 2022, at 12:07 AM, Laura Smith > wrote: > > > --- Original Message --- > On Monday, April 25th, 2022 at 05:26, ミユナ wrote: > >> do you know how to stop passwords from being brute-forced for a >> mailserver? do you have any practical guide? >> > > Simple. You've got

Re: Rewriting envelope-from of root mail (realname, not email address)

> On Apr 22, 2022, at 8:53 PM, Viktor Dukhovni > wrote: > > On Fri, Apr 22, 2022 at 06:54:56PM -0700, Dan Mahoney wrote: > >> masquerade_domains = !ops.foo.org, !support.foo.org, !gitlab.foo.org, >> !lists.foo.org, isc.org >> masquerade_exception

Rewriting envelope-from of root mail (realname, not email address)

Hey all, We set: masquerade_domains = !ops.foo.org, !support.foo.org, !gitlab.foo.org, !lists.foo.org, isc.org masquerade_exceptions = root So that when root generates an email (like a system mail) it's obvious what system generated it. We *also* recently set sp=reject in dmarc. Which

TLS reporting

Hey there, Does postfix have any support for TLS reporting (RFC8460)? Technically, one need not be using MTA-STS to benefit from this. We get monitoring of this with our dmarc monitoring provider, and it feels like it would be useful to send these reports as well. -Dan

Re: Muliple mail delivery

> On Mar 23, 2022, at 2:52 PM, Homer Wilson Smith > wrote: > > >Dear Folks, > >Is there any easy way to get a single instance of > postfix running on a single server to deliver a piece of mail > to a two different but identical mailboxes on the same server. > >For example to

Re: Received-SPF: Temperror

> On Feb 5, 2022, at 2:08 PM, David Bürgin wrote: > > post...@ptld.com: >> If you are going to use DMARC then you do not need to mess around with or >> install policyd-spf. >> OpenDMARC has built in SPF lookup, it adds a header with the SPF results, >> and uses it in deciding if the email

Re: https://www.postfix.org/ in trouble

> On Jan 11, 2022, at 10:38 AM, Claus R. Wickinghoff > wrote: > > Mojn, > >> Today I find only a directory listing at www.postfix.org or www.postfix.com > With http it's working. > > With https I get a certificate warning (issued for archive.science.uu.nl) and > a directory listing. > >

Re: Some DNSSEC/DANE questions

> On Jan 3, 2022, at 1:46 PM, Mike wrote: > > On 1/3/2022 2:38 PM, Dan Mahoney (Gushi) wrote: >> [snip] >> >> One more question: Does anyone know of a "reflector" like service that one >> can use to test DANE validation, i.e. a site th

Re: Some DNSSEC/DANE questions

On Mon, 3 Jan 2022, Dan Mahoney wrote: This is a problem when your local resolver is slaving the root zone, as a standard root zone "type slave" will hand . NS out with the AA bit set, but will not set the AD bit. There's a feature in more recent versions of BIND (mirror zones) th

Re: Some DNSSEC/DANE questions

> On Jan 3, 2022, at 6:22 AM, Viktor Dukhovni > wrote: > > On Mon, Jan 03, 2022 at 05:49:05AM -0800, Dan Mahoney (Gushi) wrote: > >> We run validating resolvers at the day job, but by default not on the box >> where postfix runs. (I.e. we rely on the AD bit).

Some DNSSEC/DANE questions

? If you've set smtp_tls_security_level=dane, but haven't set smtp_dns_support_level=dnssec, is a warning logged? -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org ---

Re: Macro explanation?

On Sat, 1 Jan 2022, Wietse Venema wrote: Dan Mahoney (Gushi): Hey there, I'm trying to modernize older configs at the day job and have found that a coworker specified: milter_connect_macros = b i j _ {daemon_name} {if_name} {if_addr} milter_end_of_data_macros = b i j _ {daemon_name} {if_name

Macro explanation?

/MILTER_README.html#macros ... ..I don't see a "b" in the postfix docs. Is there a former value associated with this, or some sendmail compatibility shim or something? (For that matter, I don't see if_name or if_addr, but I do see the "workaround" notes). Clue, please? --

Are the CApath/CAfile config knobs case-sensitive?

All, Question really says it all. Everything in postfix, except these, seems to be lower case. I’m not sure if this is a stylistic thing, or something having to do with an openssl internal, but if these get lowercased in a config, will it break? -Dan

Formatting long lists of mynetworks with comments?

Hey there, At the day job, our mynetworks list is like 20 items (v4 and v6) deep. We’re converting all our configs to git and puppet management, so the ability to git blame this stuff is useful. Is there a way of putting it one-item-per-line that allows comments, like: myetworks = 1.2.3.4,

Re: "Correct" way to override cipher list?

> On Oct 29, 2021, at 10:01 PM, Viktor Dukhovni > wrote: > > On Fri, Oct 29, 2021 at 08:36:38PM -0700, Dan Mahoney (Gushi) wrote: > >> I see sites like cipherlist.eu suggesting overriding the "medium" cipher >> set to only be: > > Ignore much

"Correct" way to override cipher list?

e point postfix stopped doing sslv2 and sslv3 (so the above smtpd_tls_protocols is already wrong for a modern postfix?), but with tls10 also known-problematic, will that drop out at some point? Best, -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC

Re: smtp disobeying smtp_bind_address

> On Oct 26, 2021, at 4:54 PM, raf wrote: > > On Tue, Oct 26, 2021 at 09:42:33AM -0400, Wietse Venema > wrote: > >> Vincent Pelletier: >>> On Mon, 25 Oct 2021 12:36:35 -0400 (EDT), >>> Wietse Venema wrote : This would require a new setting, for example to make smtp_bind_address

Way to apply a postfix rule to both FROM and TO?

easy way in postfix to say things like "Block all gmail.com addresses for stuff sent to i...@dayjob.com"? -Dan -- ----Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org ---

Overriding nonexistent site error for auth'd hosts.

as trusted. Is there a way to tell Postfix "we know it's invalid, accept it at the border anyway?" only for sites that have presented a valid client cert? -Dan -- ----Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: li

Re: SpamC - connection refused

Yup, either fix spamd so it listens on localhost (you'd see a LISTEN on port 783, which is missing), or correct your spamc flags to include -U /var/spool/postfix/spamass/spamd.sock -Dan > On Sep 28, 2021, at 11:45 AM, Viktor Dukhovni > wrote: > > On Tue, Sep 28, 2021 at 08:38:33PM +0200,

Re: SpamC - connection refused

Connection refused speaks to the socket not running. What does netstat -na report? -Dan > On Sep 28, 2021, at 11:38 AM, Maurizio Caloro wrote: > > Sending to spamassassin group, and no answer will by appair, possible this > are outdated? > Please how I can fix this connection refused,

Re: Best current practice to analyze brute force login attempts?

still requires to understand, who is attacking and how.) regards Hadmut -- "This Is Not Goodbye!" -DM, August 11th 2001, 10 PMish Chicago Time Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.co

Re: Google spam...

> On Aug 17, 2021, at 2:13 PM, SH Development > wrote: > > We have been getting inundated by spam from Google (gmail). > > I know that if our server gets reported for even a few spammy messages, > Google won’t hesitate to block our server. > > Short of blocking Google on our server, is

Re: dkim=pass but unprotected

It's not dnssec signed. -Dan Mahoney > On May 17, 2021, at 6:14 PM, post...@ptld.com wrote: > > I noticed in the headers it shows: > > dkim=pass (2048-bit key; unprotected) > > What does the unprotected part refer to? > Anything to worry about? Something i need to

Re: OpenDMARC 1.4.1 Released

> On Apr 30, 2021, at 2:58 PM, John R. Levine wrote: > >> Fair warning, we’re likely to relese a 1.4.1.1 shortly to cover a minor >> gaffe that happened when we merged our “develop” branch back to “master”. >> >> We are also trying to clear up the fact that sourceforge is stuck on an >>

Re: OpenDMARC 1.4.1 Released

Fair warning, we’re likely to relese a 1.4.1.1 shortly to cover a minor gaffe that happened when we merged our “develop” branch back to “master”. We are also trying to clear up the fact that sourceforge is stuck on an older version, and trusteddomain.org claims 1.3.x

OpenDMARC 1.4.1 Released

be turning our attention to OpenDKIM next, as it's also long due for a maintenance release. I'd like to thank the people on this mailing list for your lively discussion and feedback, and tolerance of the occasional off-topic post. Stay safe out there, -Dan Mahoney For the Trusted Domain project

Re: Trusting postfix client certs for relaying

> On Apr 18, 2021, at 10:30 PM, Viktor Dukhovni > wrote: > > On Sun, Apr 18, 2021 at 08:49:34PM -0400, Demi Marie Obenour wrote: > Each system is issued a certificate for its own domain. Perhaps a better example would be email Subject Alternative Names. >>> >>> That's not an

Re: Trusting postfix client certs for relaying

Sent from my iPad > On Apr 17, 2021, at 14:16, Wietse Venema wrote: > Dan Mahoney (Gushi): >> All, >> >> The dayjob has a number of machines out in the wild that need to be able >> to send mail (mostly from cron jobs) home to the mothership. Not all hav

Trusting postfix client certs for relaying

we may want to *validate*, but *not permit for relaying*, that cert would allow relay) It seems that There are knobs that let you list *individual certs* for allowing trusted relaying, but not *individual ca's*. Is there any way around this? -Dan Mahoney -- Dan Mahoney

OpenDMARC 1.4.1 pre-release announcement

If you hit a show-stopper, push an issue to our github or contact me privately. Best, -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org ---

Re: Milters and policy

such a thing. Apologies for the noise here. It may not fully be over, but it's my hope that the net result is good software for the internet at large. -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com

Re: Milters and policy

Replied inline and snipped. Apologies if my mail.app gets this wrong. > On Apr 1, 2021, at 7:49 PM, Simon Wilson wrote: > > - Message from Dan Mahoney - > Date: Thu, 1 Apr 2021 16:19:05 -0700 > From: Dan Mahoney > Subject: Re: Milters and p

Re: Milters and policy

> On Mar 31, 2021, at 18:23, Simon Wilson wrote: > >  >> >>> ...if multiple milters are called are they run in order specified? >>> >>> smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8893 >> >> yes >> >>> I.e. in the example above if OpenDMARC is to see and trust an >>>

Re: opedmarc and opendkim

> On Mar 31, 2021, at 1:09 PM, David Bürgin wrote: > > Dominic Raferd: >> On 31/03/2021 17:29, Benny Pedersen wrote: >>> On 2021-03-31 18:21, Dan Mahoney wrote: >>> >>>>> problem is your setup used Sender-ID with is long time depric

Re: opedmarc and opendkim

Why would you advise not using libspf2? Sent from my iPad > On Mar 31, 2021, at 09:01, Benny Pedersen wrote: > > On 2021-03-31 17:51, Maurizio Caloro wrote: > >> SPFIgnoreResults true >> SPFSelfValidate true > > set both to false > > and dont use libspf2 > > problem is your setup used

Re: Allowing Special Characters in Email addresses

This really feels to me like a “oh crap somebody put this email address on 10,000 pieces of customer correspondence and now we have to support it” problem. It’s about the only excuse I would consider valid. Sent from my iPhone > On Mar 25, 2021, at 19:00, John Levine wrote: > > It appears

Re: Allowing Special Characters in Email addresses

This has come up before: http://postfix.1071664.n5.nabble.com/special-characters-in-mail-address-td47792.html Short version: lots of outbound mail servers will refuse to *send* to email addresses with special characters. But at least when these posts were written, there was an option that

Re: Milter Behavior

> On Mar 11, 2021, at 11:09 PM, Dominic Raferd wrote: > > On 12/03/2021 02:35, Dan Mahoney wrote: >> >>> On Mar 11, 2021, at 1:00 AM, Dominic Raferd >> <mailto:domi...@timedicer.co.uk>> wrote: >>> >>> This works for me: >>&

Re: Milter Behavior

> On Mar 11, 2021, at 1:00 AM, Dominic Raferd wrote: > > On 10/03/2021 19:00, Dan Mahoney (Gushi) wrote: >> All, >> >> I'm working with the OpenDMARC folks on doing bug triage, and someone has >> requested that if a domain's policy says p=quarantine

Re: Milter Behavior

> On Mar 11, 2021, at 1:22 AM, Nick Tait wrote: > > On 11/03/21 11:37 am, Dan Mahoney wrote: >> This fix has been merged to the opendmarc “Develop” branch as of a few >> minutes ago and will likely be in a 1.4.1 that comes out in the next few >> weeks, and will

Re: Milter Behavior

> On Mar 10, 2021, at 1:45 PM, Wietse Venema wrote: > > Dan Mahoney: >> I?ve been on the project for a few days. I?m feeling a lot of >> vitriol here. Please don?t shoot the messenger. > > The natural response would be to push back - fix the milter (the > root

Re: Milter Behavior

> On Mar 10, 2021, at 12:36 PM, Wietse Venema wrote: > > Dan Mahoney (Gushi): >>> Why not prepend a header (like Milters already do) and let Spamassassin >>> etc. trigger on that label. >> >> Let me try this a second time. >> >> Fixing the

Re: Milter Behavior

On Wed, 10 Mar 2021, Wietse Venema wrote: Dan Mahoney (Gushi): Postifix has a concept of quarantine. It is called the HOLD queue. As of 2006, when the Milter says QUARANTINE, then Postfix will quarantine the message, i.e. place it in the HOLD queue, for admins to deal with manually. Yes

Re: Milter Behavior

On Wed, 10 Mar 2021, Claus Assmann wrote: On Wed, Mar 10, 2021, Dan Mahoney (Gushi) wrote: Yes, and I am asking if there is a postfix knob that says "I know what the milter says, but I want something different, because postfix doesn't know ... Why don't you "fix" the

Re: Milter Behavior

On Wed, 10 Mar 2021, Wietse Venema wrote: Dan Mahoney (Gushi): All, I'm working with the OpenDMARC folks on doing bug triage, and someone has requested that if a domain's policy says p=quarantine, that it should be "accepted" by postfix, and left for something like SpamAssass

Milter Behavior

fixed in the milter, or fixed in postfix, but in an ideal world, both would exist. (I mean, short of an every-minute cron job that just moves the things to the deliver queue). -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV

Re: Multiple lookup entries in an SQL table

From a database point of view, unless you have an ORDER BY statement in your query, the order returned could be either (unless postfix’s code is sorting them). If postfix only wants a single result, then your query would need a LIMIT statement in it. > On Feb 19, 2021, at 5:19 PM, Wietse

Re: on not being spam - mostly about DKIM and DMARC

, but I've found it reasonable. -Dan -- ----Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org ---

RE: Custom reject message for one address?

On Mon, 21 Sep 2020, Dan Mahoney (Gushi) wrote: Figured it out. Turns out with a virtual domain, you still need to point it somwhere, and the reject map needs to match the RIGHT HAND SIDE of that map, not the left. In my case, I pointed it at webmaster@localhost, and updated

RE: Custom reject message for one address?

On Mon, 21 Sep 2020, Koga Hayashi wrote: Dan, -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Dan Mahoney (Gushi) Sent: Monday, September 21, 2020 10:29 AM To: postfix-users@postfix.org Subject: Custom reject message for one address? Hey there all

Custom reject message for one address?

parsed at that point in the process. How can one do this? -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org ---

Re: ISP open relay

Presumably they know what your IP is because they gave it to you. That’s the authorization. I am willing to bet that if you tried to send mail from off network you wouldn’t be able to without doing SMTP auth Sent from my iPhone > On Jan 12, 2020, at 16:15, Wesley Peng wrote: > >  > Hello

Re: Spoofing Emails to My Own Domain

am filters. And if they're doing things like spoofing MUAs you've never used, or email addresses you don't use, that's usable too. Best, -Dan -- ----Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi S

How to validate alias/map files?

would be counting the number of lines of output to stderr, rather than looking at exit code, but that still seems contrived. Perhaps this is best for the manpage: what errors *will* cause actual non-zero exit codes? -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet