Hello,
I am running postfix server for my personal use.
On the server, I have one unix user, and multiple aliases defined in
/etc/aliases, so that I can use different email addresses for different
purposes.
All these aliases are delivered to the users home / maildir.
Now I would like to have
> On 2023-08-09 07:58, Viktor Dukhovni via Postfix-users wrote:
On Wed, Aug 09, 2023 at 07:34:48AM +0200, Fourhundred Thecat via Postfix-users
wrote:
So that the first hop looks like this:
Received: from [127.0.0.1] (localhost [127.0.0.1])
by mail.xxx.yyy (Postfix) with ESMTPSA
Hello,
my email was flagged as spam by Microsoft.
I have the received email, together with all the headers that Microsoft
added. Specifically the item: X-Microsoft-Antispam-Message-Info:
I have found a tool on github, which attempts to decode this convoluted
item
> On 2023-07-31 15:24, Eugene R via Postfix-users wrote:
Those "ugly characters" are there for a reason: they are specified by the
Maildir standard (and the Dovecot's extensions to it) to encode various metadata such as
message ID, size, flags, etc
https://en.wikipedia.org/wiki/Maildir
> On 2023-07-31 15:09, Bill Cole via Postfix-users wrote:
On 2023-07-31 at 02:43:28 UTC-0400 (Mon, 31 Jul 2023 08:43:28 +0200)
1690633510.M94611123819.mail,S=11706,W=12202:2,S
That message was delivered at Sat Jul 29 12:25:10 2023 UTC. It is 11706 bytes on disk and the
"RFC822Size"
Hello,
I am using Maildir format on my server (Postfix + Dovecot).
The individual filenames have this format:
1690633510.M94611123819.mail,S=11706,W=12202:2,S
Now, I have another, unrelated email account (not my mail server), and I
have set up Thunderbird with local Maildir support. When
Hello,
does anybody have experience with checking and removing email addresses
from spam lists?
I got this when sending email:
SMTP error from remote server for RCPT TO command, host:
mailrelay.nova.gr (80.245.166.6) reason: 550 Rule imposed as ***@*** is
blacklisted on Spamhaus - see
> On 2023-04-12 15:30, Wietse Venema via Postfix-users wrote:
Fourhundred Thecat via Postfix-users:
> On 2023-04-12 14:48, Byung-Hee HWANG via Postfix-users wrote:
The smtp_helo_name used in the Postfix SMTP client should resolve to the
client IP address that is seen by a remote SMTP
> On 2023-04-12 14:48, Byung-Hee HWANG via Postfix-users wrote:
2) change smtp_helo_name to
smtp_helo_name = $mydomain
It is very strange, i think.
what do you mean?
is it strange to use example.com, instead of mail.example.com as
smtp_helo_name, when the smtp client is actually
Hello,
I have domain mydomain.com, with mx record:
$ host -t mx mydomain.com
mail.mydomain.com
and I have SPF record on my domain:
host -t txt mydomain.com
which is the ip address of mail.mydomain.com
I have no SPF record on mail.mydomain.com itself.
Now, when I check my email score
Hello,
I am setting up opendkim on my postfix server:
what is the practical difference between using inet or UNIX domain
socket in /etc/opendkim.conf ?
If I leave socket at the default settings:
Socket local:/var/run/opendkim/opendkim.sock
What do I need to put into /etc/postfix/main.cf
> On 2023-03-20 15:30, Wietse Venema via Postfix-users wrote:
Fourhundred Thecat via Postfix-users:
I occasionally see timeout after END-OF-MESSAGE in my logs:
When asking a timing related question, it would be helpful if you
did not delete the timing related onfo from the logs.
I h
Hello,
I occasionally see timeout after END-OF-MESSAGE in my logs:
timeout after END-OF-MESSAGE from mail-lf1-f49.google.com[209.85.167.49]
disconnect from mail-lf1-f49.google.com[209.85.167.49] ehlo=2
starttls=1 mail=1 rcpt=1 bdat=1 commands=6
Is this misbehaving client, or might this be
> On 2023-03-01 16:05, Bill Cole wrote:
On 2023-03-01 at 07:05:11 UTC-0500 (Wed, 1 Mar 2023 20:05:11 +0800)
Ken Young
Disregard mail-tester.com's misuse of SpamAssassin. It does not reflect
the real-world use of SA and is chronically out of date, with apparently
localized scores applied to
> On 2023-03-01 16:04, Matus UHLAR - fantomas wrote:
On 01.03.23 12:11, Fourhundred Thecat wrote:
I'm not sure about outlook, but gmail penalizes domains without SPF/DKIM.
Have you SPF configured and have you tried DKIM signing for your domain?
I do have SPF record, but not DKIM
Hello,
(not strictly postfix specific question, but hopefully allowed)
I have postfix for my personal use, with my own domain, hosted as VPS.
(not this email account that I am sending from)
Recently, several emails I sent ended up in spam on the receiving side,
in all cases the mail was
> On 2023-02-27 15:08, Wietse Venema wrote:
Fourhundred Thecat:
The problem is, postfix does not seem to distinguish between IP having
no DNS record, and my DNS server being temporarily unavailable.
Actually it does. 450 means temporary error.
thank you, but I only see "45
> On 2023-02-27 08:43, Matus UHLAR - fantomas wrote:
On 27.02.23 08:07, Fourhundred Thecat wrote:
The problem is, postfix does not seem to distinguish between IP having
no DNS record, and my DNS server being temporarily unavailable.
why do you think that?
the error above is a "4x
Hello,
I am using simple python script to parse postfix logs, and ban offending
IP addresses. One of the patterns I am matching is unknown host:
NOQUEUE: reject: RCPT from unknown[195.133.40.183]: 450 4.7.25
Client host rejected: cannot find your hostname
The problem is, postfix does not
Hello,
when I receive "Delayed Mail" notification, the message only has the
header of the original email.
Is it possible to have the full email body included in the notification
message, so that I can see which email has not been delivered?
I am dealing with a remote mail server, which uses
> On 2022-12-20 12:13, Wietse Venema wrote:
Fourhundred Thecat:
Also, if I wanted to test scache, how can I trigger it?
If I send one email to multiple email addresses on same domain, will
this trigger scache? (ie, deliver multiple emails in one connection to
the server?)
Did you bu
Hello,
I had this in my logs:
postfix/master: warning: process /usr/lib/postfix/sbin/scache pid
1215 killed by signal 11
postfix/master: warning: /usr/lib/postfix/sbin/scache: bad command
startup -- throttling
postfix/smtp: warning: problem talking to service
private/scache:
This is not specific to postfix, but I cannot pass this opportunity to
remind/inform people that chroot is itself a potential source of
security vulnerabilities:
Please enjoy studying this beautiful local privilege escalation bug in
FreeBSD's ftpd, which was enabled by chroot jail:
Hello,
I am receiving spam which has missing Return-Path and envelope-from (in
SPF check):
Return-Path: <>
X-Original-To: a...@aaa.aaa
Delivered-To: a...@aaa.aaa
Received-SPF: Pass (helo) identity=helo; client-ip=185.117.73.75;
helo=bjsabbatini.co.uk; envelope-from=<>;
Hello,
I have this option in master.cf for smtpd:
-o cleanup_service_name=anonymize-sender-ip
and here it is defined:
anonymize-sender-ip unix n -n-0
cleanup
-o header_checks=regexp:/var/local/postfix/maps/anonymize-sender-ip
and in
Hello,
I am receiving spam emails, where the "to:" line is entirely missing in
the email header.
The header has "X-Original-To:" and "Delivered-To:", but no "to:" line.
I have pasted the header here: https://ctxt.io/2/AABg30FRFQ
How could I block such emails? Can I use header-check for this?
Hello,
I have suddenly started seeing following messages in my logs:
timeout after END-OF-MESSAGE from a9-244.smtp-out.amazonses.com
Full context here: https://ctxt.io/2/AABgbxFEFQ
These errors are coming from completely unrelated clients. Are suddenly
all clients on the internet
Hello,
I have header_checks configured in master.cf:
header-check unix n -n-0
cleanup
-o header_checks=regexp:/var/local/postfix/maps/header_checks
when I edit the header_checks file containing the regex rules, how do I
make postfix re-read the
> On 2022-02-06 05:10, Scott Kitterman wrote:
On Saturday, February 5, 2022 11:36:40 AM EST Fourhundred Thecat wrote:
> On 2022-02-05 16:00, Scott Kitterman wrote:
Here's how you would do essentially the same query as mentioned in the log
directly with pyspf:
python3 /usr/lib/python
> On 2022-02-05 16:00, Scott Kitterman wrote:
On Saturday, February 5, 2022 8:48:22 AM EST Fourhundred Thecat wrote:
policyd-spf: prepend Received-SPF: Temperror (mailfrom)
identity=mailfrom; client-ip=77.75.76.210; helo=mxd2.seznam.cz;
The policy server itself has the abil
Hello,
I am using python3-spf and I am getting following error from one host
trying to deliver email:
policyd-spf: prepend Received-SPF: Temperror (mailfrom)
identity=mailfrom; client-ip=77.75.76.210; helo=mxd2.seznam.cz;
full log here: https://ctxt.io/2/AABgmS4AFw
What exactly is
> On 2022-01-11 10:40, Matus UHLAR - fantomas wrote:
On 11.01.22 05:00, Fourhundred Thecat wrote:
What I am asking is, are there situations where legitimate sender
(non-spam) would generate soft fail?
misconfiguratons.
I am quite happy to ban misconfigured / misbehaved servers.
Should
> On 2022-01-11 11:32, Jaroslaw Rafa wrote:
Dnia 11.01.2022 o godz. 05:00:43 Fourhundred Thecat pisze:
What I am asking is, are there situations where legitimate sender
(non-spam) would generate soft fail?
Forwarding.
you mean SPF fail in general?
I am asking specifically for "soft fail"
> On 2022-01-11 05:00, Fourhundred Thecat wrote:
Hello,
is it safe to ban senders that generate SPF Softfail ?
policyd-spf: prepend Received-SPF: Softfail
I have pasted full header here: https://ctxt.io/2/AABg5vIYEw
What I am asking is, are there situations where legitimate sender
(
Hello,
is it safe to ban senders that generate SPF Softfail ?
policyd-spf: prepend Received-SPF: Softfail
I have pasted full header here: https://ctxt.io/2/AABg5vIYEw
What I am asking is, are there situations where legitimate sender
(non-spam) would generate soft fail?
Hello,
I have strict helo checks:
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
reject_unknown_helo_hostname
now I have noticed mails being rejected:
Hello,
I see following lines in my log (pasted below). What do these errors
mean? Is somebody sending garbage characters to my server?
postfix/trivial-rewrite[5179]: warning: midna_domain_to_ascii_create:
Problem translating domain "اختبار-اÙ
> On 2021-04-29 08:00, lists wrote:
Sorry for the top posting.
http://www.stretchoid.com/
has a way to opt out. Unfortunately they want you to give them your IP space
rather than the other way around. They use a floating IP scheme and can't
easily be blocked.
stretchoid was just an example.
> On 2021-04-29 10:25, Matus UHLAR - fantomas wrote:
On 29.04.21 06:25, Fourhundred Thecat wrote:
Postfix does not show hostname for a connecting IP address, when the
hostname does not have reverse lookup:
Example from my log:
warning: hostname zg-0416b-243.stretchoid.com does not reso
Hello,
Postfix does not show hostname for a connecting IP address, when the
hostname does not have reverse lookup:
Example from my log:
warning: hostname zg-0416b-243.stretchoid.com does not resolve to
address 192.241.220.141: Name or service not known
connect from unknown[192.241.220.141]
Hello,
I am processing mail logs, where each new connection usually looks like
this:
connect from
...
disconnect from
But occasionally I notice there is no matching "connect from ..", and I
only have:
postfix/smtpd: lost connection after CONNECT from unknown[103.47.82.188]
Hello,
I am using regex header_checks for smtpd. This rule works fine:
/^Subject: Your parcel .*/ DISCARD
But when I try to do a recipient-specific rule
if /^To: /
/^Subject: Your parcel .*/ DISCARD
endif
it does not work, even when the recipient is exactly
Any idea why ?
Also, I know I
Hello,
lets say a client connects and triggers several errors. For instance:
EHLO asdf
mail from: a...@asdf.com
250 2.1.0 Ok
rcpt to: a...@gmail.com
504 5.5.2 : Helo command rejected: need fully-qualified hostname
why did the "Helo command rejected" come not immediately after
> On 2020-09-15 10:18, Nick wrote:
On 2020-09-15 08:53 BST, Fourhundred Thecat wrote:
yes, I am accepting authenticated senders on port 465, and port 25 is
only for unauthenticated.
But how do I ensure that header_checks only apply to port 25 ?
<http://www.postf
> On 2020-09-14 14:54, Dominic Raferd wrote:
On 14/09/2020 11:35, Fourhundred Thecat wrote:
I am receiving spam, where the "header from" is my actual email (ie, the
email that this spam is delivered to)
The "envelope from" that I see in postfix logs is some random
Hello,
I am receiving spam, where the "header from" is my actual email (ie, the
email that this spam is delivered to)
The "envelope from" that I see in postfix logs is some random email.
What mechanisms are there to reject such messages, which use my email
address as sender ?
Can I reject
Hello,
I am curious, how can this happen:
postfix/smtpd: connect from unknown[unknown]
postfix/smtpd: lost connection after CONNECT from unknown[unknown]
postfix/smtpd: disconnect from unknown[unknown] commands=0/0
how can postfix not see the IP address?
Why does it say "unknown[unknown]",
> On 2020-06-12 08:57, Jeroen Geilman wrote:
- too many errors after .* from .*
- warning: non-SMTP command from .*
While these do indicate badly-behaved clients, there is no reason to
assume evil intent.
who would send non-SMTP command to a mailserver. I usually see commands
such as GET /
Hello,
I am parsing mail logs, and banning offending IP addresses. Mostly I
match patterns such as:
too many errors after .* from .*
warning: non-SMTP command from .*
reject: RCPT from .* Recipient address rejected: User unknown in
local recipient table; .*'
I think it is safe to block
Hello,
I am using Postfix on Debian. I have noticed that my mail logs are not
being rotated.
I see that there is no rule in my /etc/logrotate.d/ for rotating mail logs.
Which program's responsibility is it?
Is it supposed to come with Postfix, or is this the responsibility of
the operating
On 15/11/2019 05.51, Viktor Dukhovni wrote:
> On Fri, Nov 15, 2019 at 04:47:55AM +0100, Fourhundred Thecat wrote:
>
>> I am wondering what is the purpose of connections like these:
>>
>> postfix/smtpd[5147]: connect from unknown[193.56.28.121]
>> postfix/smtpd[5
On 15/11/2019 06.06, Jeffrey 'jf' Lim wrote:
>
> ok then this makes sense. I've seen bots retry multiple passwords at
> one go in the past; Fourhundred are all of these "auth=0/1"?
yes, all are "auth=0/1".
I have disabled auth on port 25, and I am using non-standard port for
client
On 15/11/2019 05.06, Jeffrey 'jf' Lim wrote:
> On Fri, Nov 15, 2019 at 11:49 AM Fourhundred Thecat <400the...@gmx.ch> wrote:
>>
>> Also, judging by the fact that IP does not resolve to hostname, I assume
>> these are not mail servers. Are these just some bots that a
Hello,
I am wondering what is the purpose of connections like these:
postfix/smtpd[5147]: connect from unknown[193.56.28.121]
postfix/smtpd[5147]: disconnect from unknown[193.56.28.121] ehlo=1
auth=0/1 rset=1 quit=1 commands=3/4
I have lots of these in my logs, from different IP
On 12/11/2019 17.14, Wietse Venema wrote:
> Fourhundred Thecat:
>> On 12/11/2019 16.42, Wietse Venema wrote:
>>> remove the dependency on the proxymap service.
>>
>> you mean change to this ?
>>
>> local_recipient_maps = $alias_maps
>
> You seem to
On 12/11/2019 16.42, Wietse Venema wrote:
>
> With this, the Postfix SMTP server will accept mail for non-existent
> users, the Postfix queue will fill up with bounce messages, and
> your system will be banned because it sends backscatter email.
>
> Instead of deleting the default setting
>
Hello,
I would like to simplify my postfix setup, and disable
components/services which I don't actually need.
I am not using chroot, and I don't need to "consolidate mysql
connections". So I believe, I don't really need proxymap.
I tried disabling the service by commenting out the lines in
> On 2019-11-12 13:08, Wietse Venema wrote:
>
> Fourhundred Thecat:
>> If I am using simplest possible setup (single instance, no chroot), and
>> I don't delete queue directories, can I simply skip postfix-script and
>> post-install and start master directly f
Hello,
I am trying to understand the postfix startup sequence.
I am using postfix 3.4.5 on Debian.
/etc/init.d/postfix, the init script that is used to start postfix does
not start master directly, but calls:
/usr/sbin/postfix quiet-quick-start
which in turn calls postfix-script. And than,
On 27/10/2019 18.20, Stephen Satchell wrote:
>> are you perhaps confusing decryption with verifying the senders signature ?
>
> No. Signature verification and decrypting are two separate operations.
> You will have to investigate how your mail client handles mail that has
> been encrypted with
On 27/10/2019 17.10, Wietse Venema wrote:
> Use the local(8) delivery agent. In your $HOME/.forward file, pipe
> the mail into a program that encrypts it with your public key, then
> writes the result to maildir.
I am using Postfix with Dovecot. I believe it is Dovecot who saves
messages to
On 27/10/2019 15.23, Stephen Satchell wrote:
> OP, let me ask this: your proposal appears to be to modify the delivery
> agent so that, instead of storing e-mail in cleartext, it insteads use
> the public part of a public/private keypair to encrypt the payload of
> incoming email.
I did more
On 27/10/2019 13.29, Ansgar Wiechers wrote:
> Several years ago I wrote something like that [1]. However, if your mail
> server is untrusted I don't think there's a point in bothering.
no server is 100% trusted. By this logic, should I therefore give up?
> Even if
> you pass the mail through an
On 27/10/2019 10.25, Sam Tuke wrote:
> As well as fetching the public key, it'd need access to a private key too. I
> think the private key is considered the bigger problem, for various reasons.
The scheme that I am describing needs only public key on the server.
Not sure why you would think
On 27/10/2019 07.27, lists wrote:
> Let me try again. So the email comes in. Some programs gets your public key
> and then encrypts the email on the server.
I imagine, in theory it should work like this:
New email comes in, and as it moves through the Postfix mail delivery
pipeline, at some
On 27/10/2019 06.26, lists wrote:
> My bank insists I use their website for anything secure. I don't get anything
> in my email that would be a security problem.
I used bank just as an example. Feel free to substitute another
scenario, if you find mine hard to imagine.
> Wouldn't a private key
Hello,
when new email arrives, and it is not already encrypted, I would like to
run it through a filter, which would encrypt the message with my public
gpg key, as if the original sender has sent the email encrypted.
Why do I want to do this ? Why not ask the sender to send encrypted
messages to
On 24/10/2019 07.32, @lbutlr wrote:
> On 23 Oct 2019, at 15:20, lists wrote:
>>
>> /\.asia$/ 510 Denied: Unacceptable TLD .asia
>
> [Long list… removed]
>
> smtpd_helo_restrictions = reject_invalid_helo_hostname
> check_helo_access pcre:/etc/postfix/helo_checks.pcre permit
>
>
Hello,
can I disable the anvil statistics from being written to the logs ?
I have quite short "anvil_rate_time_unit" (60s), and I have set some of
the "smtpd_client" rate limits to 10.
My log is basically flooded with these anvil statistics, which I am not
really interested in.
statistics:
Hello,
I have the "Postfix: The Definitive Guide" book. I like the way it is
written and since Wietse wrote a foreword, I assume it has his "blessing".
But the book is from 2003. Is this still relevant today ? How much has
postfix changed since then ?
I could not find any more recent edition
Hello,
I would like to ask what the Postfix community thinks about base64
encoded emails.
What is the legitimate reason to use base64 encoded emails ?
Seems to me, it is only being used by spammers to complicate body_checks
Would it be crazy to want to configure Postfix to not accept base64 ?
Hello,
suppose I have a server "mail.mydomain.com", and I have disabled SASL
authentication on port 25
smtpd_sasl_auth_enable=no
and I only allow authentication on port 465.
Therefore, all emails originating from mydomain.com should be submitted
via 465. There should never be legitimate
72 matches
Mail list logo
