On Thu, Mar 07, 2024 at 00:22:31 +0100, Steffen Nurpmeso via Postfix-users
wrote:
> Thanks to the README i got it going with
>
> masquerade_domains = $mydomain
> local_header_rewrite_clients = permit_mynetworks,permit_tls_clientcerts
>
> However, i first tried to add these via -o to the
On Tue, Feb 13, 2024 at 12:51:51 -0500, Viktor Dukhovni via Postfix-users wrote:
> On Tue, Feb 13, 2024 at 06:32:14PM +0100, Geert Hendrickx via Postfix-users
> wrote:
> > What's the alternative for masquerade_domains ?
>
> It is canonical_maps, ideally with explicit mappings
On Tue, Feb 13, 2024 at 12:23:32 -0500, Wietse Venema via Postfix-users wrote:
> - masquerade_domains complicates table-driven address validation.
> Log a deprecation warning with compatibility_levels>=3.9.
What's the alternative for masquerade_domains ?
Geert
On Sat, Jan 06, 2024 at 20:10:34 -0500, Wietse Venema via Postfix-users wrote:
> People are welcome to test tools against postfix-3.9-20240106.
With postfix-3.9-20240106 (with smtpd_forbid_bare_newline=yes but
smtpd_forbid_unauth_pipelining=no) all smuggling tests now fail,
including CRCRL
On Sat, Jan 06, 2024 at 14:47:59 -0500, Wietse Venema via Postfix-users wrote:
> Damian:
> > If I remember correctly, on the wire there was \r\n\r\n.\r\r\n
>
> Viktor Dukhovni:
> > Does that also need to be more strict? :-(
>
> Indeed, and as usual the fix is trivial. This process is backwards,
On Thu, Jan 04, 2024 at 10:36:23 -0500, Wietse Venema via Postfix-users wrote:
> Wietse Venema via Postfix-users:
> > Geert Hendrickx via Postfix-users:
> > > I just found an unexpected side effect of this particular configuration
> > > (unrelated to SMTP smuggling).
&g
On Thu, Dec 21, 2023 at 07:51:31 -0500, Wietse Venema via Postfix-users wrote:
> * With all Postfix versions, "smtpd_data_restrictions =
> reject_unauth_pipelining" will stop the published exploit.
Hi
I just found an unexpected side effect of this particular configuration
(unrelated to
On Sat, Dec 23, 2023 at 18:09:10 -0500, Wietse Venema via Postfix-users wrote:
> Note that only the encapsulating message can contain a DKIM signature
> by the authenticated sender's domain. The smuggled message caannot
> contain a DKIM signature by the impersonated sender's domain unless
> the
On Mon, Dec 18, 2023 at 17:40:49 -0500, Wietse Venema via Postfix-users wrote:
> Viktor Dukhovni via Postfix-users:
> > - Postfix 3.9 (pending official release soon), rejects unuthorised
> > pipelining by default: "smtpd_forbid_unauth_pipelining = yes".
> >
> > - Postfix 3.8.1, 3.7.6, 3.6.10
On Wed, Nov 15, 2023 at 10:29:41 -0500, James Cloos via Postfix-users wrote:
> LE announced a while back that they would not renew the cross cert.
Yes, but dropping the cross-signed X1 root cert from the default chain
last week was an accident:
On Tue, Jun 06, 2023 at 10:31:30 -0400, Wietse Venema via Postfix-users wrote:
> Geert Hendrickx via Postfix-users:
> > What is the relation between new "smtpd_forbid_unauth_pipelining"
> > and existing "reject_unauth_pipelining" in smtpd_*_restrictions?
On Tue, Jun 06, 2023 at 09:48:11 -0400, Wietse Venema via Postfix-users wrote:
> * Optional: harden a Postfix SMTP server against remote SMTP
> clients that violate RFC 2920 (or 5321) command pipelining
> constraints. With "smtpd_forbid_unauth_pipelining = yes", the
> server
On Wed, Oct 12, 2022 at 10:41:36 -0400, Wietse Venema wrote:
> local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
>
> Why it isn't the default I cannot remember.
The HISTORY file says it is:
> 20041014-23
>
> Postfix still appends $@myorigin or .$mydomain to
On Mon, Oct 10, 2022 at 07:22:18 -0400, Wietse Venema wrote:
> To find out if you have messages flagged as "corrupt", you can
> use the "postfix check" command.
>
> Execute as root:
>
> postfix check
>
FYI, with grep 3.8, this triggers deprecation warnings on 'egrep':
$
with the domain-default action:
us...@example.com action1
us...@example.com action2
@example.comREJECT foobar
Geert
--
Geert Hendrickx -=- g...@telenet.be -=- PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!
with regexp command editing.
You're probably right, there are too many different cases to be handled by
simple regexpes. But a separate rewrite olddomain to newdomain feature
(perhaps in cleanup(8) instead) would be really nice.
Geert
--
Geert Hendrickx -=- g...@telenet.be -=- PGP
of your
own. Be careful about error handling here, so you don't start bouncing
mails to senders when the sms script doesn't work. For something non-
essential as SMS notifications, I'd just log and ignore errors, and
always return 0.
Geert
--
Geert Hendrickx -=- g...@telenet.be
On Wed, Oct 21, 2009 at 06:52:21PM +0500, rihad wrote:
Geert Hendrickx wrote:
In your case (SMS notifications) however, I would keep things simple
and not try to integrate it so tightly into the delivery process, but
just fork your incoming mails to two transports: virtual for actual
delivery
efficient for your case:
http://www.postfix.org/SMTPD_POLICY_README.html
Geert
--
Geert Hendrickx -=- g...@telenet.be -=- PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!
/postconf.5.html#virtual_transport
http://www.postfix.org/master.5.html
Geert
--
Geert Hendrickx -=- g...@telenet.be -=- PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!
? :-)
Geert
--
Geert Hendrickx -=- g...@telenet.be -=- PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!
pipe. You can invoke maildrop via pipe as in:
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
It was just an example.
Geert
--
Geert Hendrickx -=- g...@telenet.be -=- PGP: 0xC4BB9E9F
This e-mail
and just want to drop the messages into
your mailbox, you could just as well deliver directly via procmail,
dovecot deliver or any other LDA. Or use Postfix' sendmail command line
interface.
Just add mda /path/do/delivry/program to your .fetchmailrc.
Geert
--
Geert Hendrickx -=- g
with interrupted connections, from what I found on google.
FWIW, policyd v2 uses innodb.
Geert
--
Geert Hendrickx -=- g...@telenet.be -=- PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!
--
Geert Hendrickx -=- g...@telenet.be -=- PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!
=
check_sender_access hash:/etc/postfix/backscatterer
# backscatterer
reject_rbl_client ips.backscatterer.org
Just wondering; why do you apply this in smtpd_data_restrictions and not in
smtpd_sender_restrictions?
Geert
--
Geert Hendrickx -=- g...@telenet.be -=- PGP: 0xC4BB9E9F
On Thu, Jan 29, 2009 at 12:22:13PM +0100, mouss wrote:
Jan 29 00:38:17 imlil postmx/smtpd[26222]: NOQUEUE: reject: RCPT from
unknown[147.203.208.166]: 550 5.7.1 Client host rejected: cannot find
your hostname, [147.203.208.166];
from=3ff.4.69709687-17084...@cherryimprovise.com
On Thu, Jan 08, 2009 at 11:26:57AM +0800, tony liu wrote:
Hello,
When my customers send mails with nonsexist domain(sometimes maybe typo
error, EX. u...@hotmail.org ), these mails will be rejected and in queue for
a long time(normally 5 days), Is there a way for postfix to remove these
On Thu, Jan 08, 2009 at 09:59:54AM -0300, Reinaldo de Carvalho wrote:
On Thu, Jan 8, 2009 at 6:01 AM, Geert Hendrickx g...@telenet.be wrote:
You can just refuse them: put reject_unknown_recipient_domain in your
smtpd_recipient_restrictions -- assuming the typo domain has no A nor MX
On Wed, Dec 10, 2008 at 04:38:17PM +0100, Dennis // [EMAIL PROTECTED] wrote:
My questions are:
As the spamscanners are the best or primary MX´s
for the customers domains, would postfix then just probe itself, and
always get a positive answer due to my catch-all entry ?
Or would postfix
On Wed, Dec 10, 2008 at 05:36:04PM +0100, Dennis // [EMAIL PROTECTED] wrote:
But how would recipient verification behave when the customers
mailserver is unavailable ?
Postfix then sends a temporary failure (4xx) back to the client.
Would one have to rely on the cache or would postfix hold
On Sun, Dec 07, 2008 at 11:13:15AM -0500, Sahil Tandon wrote:
Also consider rejecting machines that HELO (or EHLO) with dynamic
looking hostnames.
As well as your own IP, hostname and domain(s). No-one shoud use those
as their HELO, but some (stupid) spammers do (hoping to get whitelisted
or
On Thu, Dec 04, 2008 at 10:15:55AM -0500, Sahil Tandon wrote:
Gabriel Hahmann [EMAIL PROTECTED] wrote:
I'm new to the list and have a problem with my mail system. Recently I'm
receiving a lot of spam emails coming from the internet but the sender is a
user from my domain. Then I tried the
On Wed, Dec 03, 2008 at 09:59:17PM -0500, brian dodds wrote:
On Wed, Dec 3, 2008 at 8:25 PM, Wietse Venema [EMAIL PROTECTED] wrote:
Some third-party library is calling stuff before Postfix chroots.
Postfix does not support chroot environments that are out of sync
with the host
On Tue, Aug 19, 2008 at 09:27:39PM -0400, Adam C. Mathews wrote:
Presenting using the following blacklists...
dul.dnsbl.sorbs.net
psbl.surriel.com
zen.spamhaus.org
These do a good job for me, but I wanted to look for opinions on a
couple additional ones. Specifically look for
35 matches
Mail list logo