Re: Connection refused / telnet: connect to address 10.5.2.1: Connection refused

> On 29 Dec 2020, at 12:58, Wolfgang Paul Rauchholz > wrote: > > The server is listening on port 25, 587 and 465 > netstat -plutn | grep 25 and 587 > tcp0 0 127.0.0.1:250.0.0.0:* LISTEN > 28704/master > tcp0 0 127.0.0.1:587

Re: may we suggest ICANN not run that many new tlds?

> On 19 Nov 2019, at 09:58, Merrick wrote: > > in the coming future, everything is a TLD, the cat, the dog, the pig, the > rose, the coffee, the wine, the bike ... > that would be terrible for domain based validation. > we have already too many TLDs today. > may we suggest ICANN not open a

Re: Refuse mail from hosts with closed port 25

> On 16 Sep 2019, at 14:17, Paul van der Vlis wrote: > >> A significant number of installations will use different servers for >> inbound and outbound email. > > I know a provider what is actually using this. I guess only the big > providers will have different servers for inbound and

Re: Refuse mail from hosts with closed port 25

> On 16 Sep 2019, at 13:47, Paul van der Vlis wrote: > > How can I refuse mail from hosts who don't have an open port 25? > > What do you think from such a check? It’s a stunningly bad idea. Don’t do it. Many enterprises and cloud-based mail providers have discrete servers/systems

Re: 'SERVFAIL' error on DNS 'TXT' lookup

> On 14 Jun 2019, at 14:24, klirstr wrote: > > host smtp.customerdomain.com[customer-mx-server-ip] said: 450 4.7.1 > : Recipient address rejected: > SPF-Result=smtp.mydomain.com: 'SERVFAIL' error on DNS 'TXT' lookup of > 'smtp.mydomain.com' (in reply to RCPT TO command)) >

Re: A bit stuck compiling Postfix on Mac Mojave.

On 19 Nov 2018, at 15:42, Robert Chalmers wrote: > > "_OpenSSL_version", referenced from: > import-atom in libpostfix-tls.dylib > ... > "_X509_up_ref", referenced from: > import-atom in libpostfix-tls.dylib > ld: symbol(s) not found for architecture x86_64 > clang: error: linker

Re: Reminder DNSSEC Root KSK roll today

> On 11 Oct 2018, at 19:07, pg...@dev-mail.net wrote: > >> The switch to the new KSK seems the most likely cause, assuming DNSSEC >> validation always worked for you before then. > > It's been 'working' for ages. Yes, I could have been 'just lucky for a long > time'. DNSSEC is very

Re: Reminder DNSSEC Root KSK roll today

On 11 Oct 2018, at 18:27, pg...@dev-mail.net wrote: > > Changing my local dns (named) config to > > - dnssec-enable yes; > + dnssec-enable no; > dnssec-lookaside no; > - dnssec-validation yes; > + dnssec-validation no; > >

Re: Hotmail spam prevention mech.

> On 16 Jan 2018, at 10:49, jin wrote: > > We are having difficulties while delivering mails to Microsoft's domains like > hotmail and outlook. They appear to have a DNS problem which is causing outbound mail to fail. Their SMTP servers are using non-existent hostnames

Re: Accurate install guide for Postfix on Ubuntu 16.04 LTS

> On 15 Sep 2017, at 11:07, pjakcity wrote: > > All i want is enough understanding that wont take me years so i can set this > up, but understand what features are present and what they do (in a broad > sence) Note the O/P's email address Dear Internet, please do

Re: Where are bounce messages for milters configured?

> On 10 Mar 2017, at 16:48, Linda Pagillo wrote: > > Also, is SMFIS_REJECT* even a file where I can configure a bounce message or > is it just a protocol which means "reject”. SMFIS_REJECT is a status/error code in the milter protocol. What some milter application does

launchd plist files on MacOSX

> On 3 Jan 2017, at 14:37, Robert Chalmers wrote: > > To start Postscript I use the following plist file. Based in > /Library/LaunchDaemons > > org.postfix.master.plist Don’t do that. Pick names for your own plist files that don’t clash with the ones Apple use. There

Re: DNS round robin on helo?

> On 15 Dec 2016, at 16:01, L.P.H. van Belle wrote: > > Hello Noel/Jim, > > Thank you for the replies. If you’re going to continue hiding the actual names and addresses, don’t bother posting followups. As far as I know, nobody on this list is a mind reader. How do you

Re: DNS round robin on helo?

> On 15 Dec 2016, at 14:56, L.P.H. van Belle wrote: > > Now the thing i dont get. > > 1) if both ipnumbers have a hostname, why do i see : unknown[1.2.3.4] Your starting assumption is wrong or mistaken. If the postfix logs are saying "unknown[1.2.3.4]” it means

Re: TLD blocking revisited

> On 21 Sep 2016, at 01:40, Sebastian Nielsen wrote: > > I would really suggest using DISCARD instead of "500 This TLD sends spam - g > e t lost.". > Thus the spammer dosen't get to know he got stuck in a spam filter and can > update their tools to bypass it. Spammers

Re: TLD blocking revisited

> On 20 Sep 2016, at 21:10, li...@lazygranch.com wrote: > > What is the simplest way to block a TLD? Put the offending TLD in a map and have that map referenced through check_sender_access and/or check_client_access. ie in main.cf: smtpd_client_restrictions = permit_mynetworks

Re: OpenBSD build 'OPENSSL_VERSION' undeclared

> On 23 Aug 2016, at 20:44, David Benfell wrote: > > What I have now, which should not be considered complete because the dovecot > part isn't working I’d bet money on that being caused by a broken OpenSSL installation too. Check your OpenSSL setup before you do

Re: OpenBSD build 'OPENSSL_VERSION' undeclared

> On 23 Aug 2016, at 20:16, Wietse Venema wrote: > > David Benfell: >> So now I have: >> >> make tidy \ >>&& make makefiles CCARGS="-DUSE_TLS >> -I/usr/local/include/eopenssl/openssl > > Try: -I/usr/local/include/eopenssl Looks like the OP made a typo when they

Re: Postscreen white listing based on MX, SPF

> On 16 Jul 2016, at 02:50, Lefteris Tsintjelis wrote: > > I was thinking it more in simple DNS terms only and a simply reverse > look up of the IP and then extract the domain from there but it is not > possible without the FROM. That wouldn’t have worked anyway. Assuming a

Re: Is not honoring bounces-to violation of RFC?

> On 28 Jun 2016, at 20:26, Jeffs Chips wrote: > > I'm just saying that ALL email campaign services allow and indeed suggest > users to identity a specific sole purpose email account in which to receive > bounces to eliminate spam and which almost all email campaigners

Re: Is not honoring bounces-to violation of RFC?

> On 28 Jun 2016, at 19:28, Chip wrote: > > Okay maybe it's not in RFC's but I would it would be at least a > recommendation that bounces can be routed back to bounces-to rather than > reply-to. After all, why have the field at all if it's not used properly. No RFC

Re: detecting /etc/resolv.conf

> On 13 May 2016, at 09:56, Hans Ginzel wrote: > > Does Postfix detect changes in /etc/resolv.conf to flush its dns caches etc, > please? Changing /etc/resolv.conf has no impact on what DNS data an application or name server has cached. All that can do is tell an application

Re: Is the reason for this "connect from unknown[65.181.123.80]" from NXDOMAIN? Is it safe to reject it always?

> On 21 Apr 2016, at 20:46, wrote: > > What is "unknown" in this case? > > I think it is the RDNS that is not there? Yes. There’s no reverse DNS for the connecting IP address. > host 65.181.123.80 > Host 80.123.181.65.in-addr.arpa. not

source code for MacOSX tools

> On 13 Mar 2016, at 15:06, Robert Chalmers wrote: > > Nice hardware, but the software is really recycled FreeBSD. say what? The MacOSX kernel is based on Mach, not BSD, though that Mach kernel presents a largely BSD-flavour/POSIX API to user mode applications. It

working around System Integrity Protection on MacOSX

> On 13 Mar 2016, at 14:07, Larry Stone wrote: > > The only “pain” likely to result is if you aren’t smart and let malware do > something bad. OS X (at least so far) does not care if SIP is on or off. SIP, > IMHO, is protection for those who don’t know what they

Re: Is /usr/bin/mail a link to sendmail/postfix

> On 13 Mar 2016, at 08:41, Alice Wonder wrote: > > It's possible the mail command on OS X is using the OS X sendmail command > provided by the OS X postfix which would want its configuration file at > /etc/postfix/main.cf It is. Though MacOSX puts the sendmail

pfctl on MacOSX

> On 5 Mar 2016, at 15:38, Robert Chalmers wrote: > > Also, I can see that pfctl -e turns it on - enables it, but I can’t see how > that is put in place automatically. On re boot, it’s once again disabled, and > pf is not working. Even though the plist is loading. Did

access permissions 101

> On 19 Feb 2016, at 23:52, Sebastian Nielsen wrote: > > but if you're hosting for example a mail server for a company, and only you > as a sysadmin has shell access to the server, its no danger 666'ing files > that throw permission errors. Then the file isn't really

Re: postfix3.0.2 compile error on AIX61/71

On 4 Sep 2015, at 23:43, Takae Harrington wrote: > does u_short/u_int, and unassigned makes difference? Maybe, maybe not. Consult your C compiler documentation. BTW I assume you meant "unsigned" instead of "unassigned". Though I doubt compiler documentation will help you

Re: postfix3.0.2 compile error on AIX61/71

On 4 Sep 2015, at 23:43, Takae Harrington wrote: > does u_short/u_int, and unassigned makes difference? Maybe, maybe not. Consult your C compiler documentation. BTW I assume you meant "unsigned" instead of "unassigned". Though I doubt compiler documentation will help you

Re: postfix3.0.2 compile error on AIX61/71

On 3 Sep 2015, at 22:11, Takae Harrington wrote: > When I compile postfix3.0.2 (the same issue has existed since 2.11.x) on > aix61 and aix71, I get this error: > > [vq2ua613:/staging/Postfix-3.0.2]make > dns_lookup.c: In function 'dns_query': > dns_lookup.c:339: error:

Re: Postfix and Mailman 2 virtual alias domain integration

On 18 Aug 2015, at 22:06, Tom Browder tom.brow...@gmail.com wrote: Okay, I assume then that this should be the only PTR record: 4.3.2.1.in-addr.arpa. IN PTR B.tld. Yes. Provided of course B.tld is The One True Hostname for your server. BTW, you will get on a lot better if your postings

Re: Postfix and Mailman 2 virtual alias domain integration

On 18 Aug 2015, at 21:55, Tom Browder tom.brow...@gmail.com wrote: Okay, now assuming my server IP address is 1.2.3.4, do the following DNS records appear reasonable? No. There should be just one PTR record for an IP address.

Re: why is maildir apparently nailed down to $HOME?

On 10 Jul 2015, at 00:24, Wietse Venema wie...@porcupine.org wrote: Don't use home_mailbox if you want maildirs outside the home directory. Doh! How did I miss that? Thanks Wietse

why is maildir apparently nailed down to $HOME?

Is there some reason why home_mailbox gets hard-wired to a user's home directory for maildir-flavour delivery? I would like to arrange for user inboxes to be held in the IMAP store -- say in /var/imap/username/INBOX -- rather than in each user's home directory. ie All email gets stored in one

Re: Local recipients ?

On 11 Jun 2015, at 00:20, Timothy Murphy gayle...@eircom.net wrote: Here helen.gayleard.com is the internal name of my server (on which postfix and dovecot are running), while mail.eircom.net is my smarthost. helen.gayleard.com does not resolve in the public DNS and mail.eircom.net is

Re: Goodbye IBM, Hello Google

Can y'all please stop posting messages of goodwill to the list? Just send your best wishes direct to Wietse. There's no reason for the list to see these. Thanks.

email from banks

On 11 Mar 2015, at 11:07, John j...@klam.ca wrote: Your bank sends you an email that actually CONTAINS information about your account This discussion is not relevant to postfix. Could you please take it elsewhere? Thanks.

DLV and DANE - again

On 12 Jan 2015, at 16:42, James B. Byrne byrn...@harte-lyne.ca wrote: The DANE Validator https://dane.sys4.de is intended to identify configuration errors and to help administrators create working DANE SMTP configurations. This validator specifically declares DLV trust rooted sites as

Re: DANE and DLV

On 6 Jan 2015, at 23:18, Viktor Dukhovni postfix-us...@dukhovni.org wrote: My email server, for example, specifically does not support the ISC DLV. Yay! With the root zone and most TLDs signed, I don't think it makes sense to use it anymore. +1000. DLV has always been a *remarkably* bad

Re: Why does EHLO [X.X.X.X] always pass helo restrictions?

On 5 Sep 2014, at 21:36, Edwin Marqe edwinma...@gmail.com wrote: I have this in my Postfix config: smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_unknown_helo_hostname permit However, any time I connect via telnet to this server and specify

Re: Why does EHLO [X.X.X.X] always pass helo restrictions?

On 5 Sep 2014, at 21:53, Edwin Marqe edwinma...@gmail.com wrote: But in this case the client IP is *not* listed in $mynetworks, so it is not being matched (it's a public IP that is not listed anywhere). Please post the output of postconf -n. All of it. Unedited. And provide the actual IP

libprce on MacOSX

On 16 Jul 2014, at 08:10, Viktor Dukhovni postfix-us...@dukhovni.org wrote: That explains it, I'm on 10.9.4, and there is no libpcre in /usr/lib. Strange. My 10.9.4 boxes have libpcre in /usr/lib. I'm fairly sure Apple put them there because I certainly didn't install them. If I had, they'd

Re: Multiple Targets on transport map

On 18 Jun 2014, at 15:45, Michael Orlitzky mich...@orlitzky.com wrote: Nitpick: the .local TLD is reserved by RFC 6762, .invalid may be a better long-term choice. I'll raise you another nitpick. .invalid is reserved by RFC6761 and in the IANA registry of Special-Use Domain Names, just like

Re: Asking about heartbleed

On 10 Apr 2014, at 08:14, lst_ho...@kwsoft.de wrote: I still wonder why OpenSSL does not use the memory wipe before free, is it a performance killer or a feature? I imagine the OpenSSL developers didn't think this was necessary when they first started on the code 10-15 years ago and that

Re: behavior about black list

On 31 Jan 2014, at 10:19, Pol Hallen postfi...@fuckaround.org wrote: I've fear if a virtual host could go inside a black list, and the result should be all virtual host become black listed... so, what's the better way to escape this situation? Make sure you avoid anything that's likely to

Re: loop help

On 17 Nov 2013, at 08:11, DJ Lucas d...@lucasit.com wrote: delays=17/0.01/0/0, dsn=5.4.6, status=bounced (mail for mail.lucasit.com loops back to myself) ... mydestination = localhost myhostname = mail.domain.com Your mail system is not configured to serve lucasit.com. So when it gets

Re: Google rejecting IPv6 mails

On 7 Oct 2013, at 18:15, Erwan David er...@rail.eu.org wrote: Google is really rejecting emails in IPv6 because of a lack of PTR... If that's the case, good. Just do The Right Thing and arrange a valid PTR for the IPv6 address that speaks SMTP. This should be simpler and less hassle than

Re: Google rejecting IPv6 mails

On 7 Oct 2013, at 19:30, Erwan David er...@rail.eu.org wrote: But it is false to say tjat a mail server without reverse surely is a spammer. But nobody was saying that. Almost no legitimate mail comes from addresses with no reverse DNS. Sure, some spammers will have reverse DNS. Which is why

email based streaming over UDP

On 30 Aug 2013, at 14:07, Terry Gilsenan terry.gilse...@interoil.com wrote: As attachments get larger, and end users use email rather than ftp for file transfer for convenience sake, a UDP implementation, perhaps using UDP as a data streaming channel could become a very useful configuration,

Re: Re-inventing TCP (was: newbie check..)

On 30 Aug 2013, at 18:36, Terry Gilsenan terry.gilse...@interoil.com wrote: The killer on high latency links is the tcp-window and the continual wait for ack. With links above 1000ms this compounded delay reduces the available bandwidth to a very small percentage of the interface speed

Re: Does Postfix understand MX 0 . ?

On 25 Jun 2013, at 18:01, John Levine jo...@iecc.com wrote: There is a somewhat popular convention that if a domain publishes an MX like this: whatever.example MX 0 . it means the domain does not receive mail. Well yes. But it only works as long as there are no A or records for .

Re: Does Postfix understand MX 0 . ?

On 25 Jun 2013, at 18:53, Viktor Dukhovni postfix-us...@dukhovni.org wrote: This is inaccurate. Postfix will not perform A/ lookups for .. True. But postfix is not the only MTA, even if it is the one that gets discussed on this list. :-)

Re: Does Postfix understand MX 0 . ?

On 25 Jun 2013, at 21:55, John Levine jo...@iecc.com wrote: That works, but it will take a week of repeated connection attempts before the message times out. Seems like the right outcome for the circumstances you refer to: the problem lies with the end user who mistyped the domain name -- who

Re: COMPLETELTY OT: list like this for sendmail?

On 21 Jan 2013, at 14:01, Peter Berghold salty.cowd...@gmail.com wrote: Does anybody on this list know of a list similar to this for sendmail? There were/are mailing lists but Sendmail (the company) doesn't seem to be as supportive of its open source offerings as it used to. For instance the

Re: using the character @ in the local part

On 4 Jan 2013, at 10:12, Michael Blessenohl blessen...@googlemail.com wrote: If there are 'bad ideas' in standards, then why aren't the standards changed? Because it's hard. And even if improved standards emerge from the IETF - ha! - there may not be the business or technical incentives to

Re: DNS issue

On 29 Nov 2012, at 10:49, Ralf Hildebrandt r...@sys4.de wrote: I'm seeing a DNS problem I cannot fathom: # host 65.171.152.29 Well, there's part of your problem right there. Never, ever use host or nslookup to query the DNS. Use dig. [Or drill if you're into debugging DNSSEC.] Accept no

leading zeros

On 18 Nov 2012, at 17:40, Michael Monnerie lists.michael.monne...@is.it-management.at wrote: Nothing should have problems with leading zeroes. Sometimes reality intrudes on ideals. There is legacy software out there which will not behave the way you expect. Sometimes a digit string which

Re: The ultimate email server

On 21 Oct 2012, at 11:05, Mike's unattended mail mike.thomas-dlre...@cool.fr.nf wrote: You're the first to post an ad hominem, without so much as even bundling it with a single logical argument. Which should have been the point where this thread immediately halted... Please take your

Re: [OT] DNS insights required

On 19 Sep 2012, at 10:36, Ralf Hildebrandt wrote: I'm trying to debug a DNS issue: # host www.pimda.eu You'll get better results if you use The One True DNS tool: dig. The DNS admin for pimda.eu has screwed up. He/she has created a delegation for www.pimda.eu and failed to configure the

Re: [OT] DNS insights required

On 19 Sep 2012, at 10:53, Milo wrote: % WHOIS pidma Domain: pidma Status: AVAILABLE Why do you think whois can tell you what the DNS is doing? It might also help if you queried the DNS for pimda.eu, not pidma.

Re: [OT] DNS insights required

On 19 Sep 2012, at 11:40, Ralf Hildebrandt wrote: The broken name server at ns1.bdm.microsoftonline.com. The other one is rightly returning NOHOST responses when asked for or MX records for www.pimda.eu. How can I see that? I performed a query using dig and gut: # dig

Re: [OT] DNS insights required

On 19 Sep 2012, at 11:37, Milo wrote: Why do you think whois can tell you what the DNS is doing? whois can tell if domain exists. No it can't. If you want to know what domains are actually in the DNS or what data are there, consult the DNS - not whois. There will be no whois entry

Re: [OT] DNS insights required

On 19 Sep 2012, at 12:49, Milo wrote: On 09/19/2012 01:41 PM, Jim Reid wrote: If you want to know what domains are actually in the DNS or what data are there, consult the DNS - not whois. This is incorrect. Well one of us is wrong. And it's not me. :-) I will repeat what I said above

Re: [OT] DNS insights required

There's clearly no point continuing this thread. You clearly don't understand or choose not to understand what's being discussed. So let's just shut up and agree to disagree. I wish you the very best of luck in using whois to troubleshoot DNS problems.

badly broken mx record for bond.com

On 2 Aug 2012, at 08:38, Varadi Gabor wrote: Sorry because my English. No problem. It's *far* better than my Hungarian. :-) Besides, you've provided full, unedited information -- log entries, dig output, etc -- which makes it clear exactly what the problem is. If only everyone did

Re: badly broken mx record for bond.com

On 2 Aug 2012, at 10:44, Varadi Gabor wrote: The log also shows that the warning: numeric domain name in resource data of MX record for bond.com: 0.0.0.0 Yes, I saw that. This should have resulted in a hard error, not a warning. I want solutions not only in this case in particular, but

off-topic discussions

Please take your debate about password selection policies elsewhere. It has nothing to do with postfix.

Re: Building on Mac OS X 10.7 (Lion)

On 18 Jul 2012, at 06:17, Jim Wright wrote: My make statement is very similar to the one on the above page, but even using the one listed there, when I do the 'sudo make install', I get hundreds of lines of errors, such as the following: $ sudo make install You shouldn't compile and

signals for sysadmin, fun and profit

On 10 Jul 2012, at 11:55, Wietse Venema wrote: Sending sighup to sendmail, postsuper, postqueue, etc. would not be productive. Indeed. Sending signals to daemons is a remarkably crude and mostly clumsy way form of inter-process communication. You can't even manage a bunch of servers

Re: Can I improve the efficiency of my dnsbl reject configuration?

On 27 Apr 2012, at 16:55, kar...@mailcan.com wrote: In the end it's getting blocked, and that's what I want. But, if I understand how this works, every one of those rejects is a DNS check to spamhaus, and some postfix load on my server. Can I somehow configure to be more efficient about

Re: Can I improve the efficiency of my dnsbl reject configuration?

On 27 Apr 2012, at 17:20, kar...@mailcan.com wrote: Is there any way to prevent Postfix from making those repeated DNS checks, regardless of whether it's externally to Spamhaus' servers, or to a locally cached DNS result? No. Well you could but it would be futile make-work that adds needless

clue needed on SMTP envelope whitelisting/bypass

Hi. There must be a glaringly obvious solution to my problem that I can't see for looking at it. Can anyone help? A few trusted senders have trouble getting past my server's vicious anti-spam defences. Sometimes their mail is sent over IPv6 from a source address that has no reverse DNS

Re: clue needed on SMTP envelope whitelisting/bypass

On 26 Apr 2012, at 17:06, Noel Jones wrote: Put here: check_sender_access hash:/etc/postfix/oksenders Facepalm moment. Doh! Noel, thanks very much. This was the obvious thing I'd overlooked. Putting a check_sender_access entry like this in smtpd_client_restrictions does the trick.