> On 29 Dec 2020, at 12:58, Wolfgang Paul Rauchholz
> wrote:
>
> The server is listening on port 25, 587 and 465
> netstat -plutn | grep 25 and 587
> tcp0 0 127.0.0.1:250.0.0.0:* LISTEN
> 28704/master
> tcp0 0 127.0.0.1:587
> On 19 Nov 2019, at 09:58, Merrick wrote:
>
> in the coming future, everything is a TLD, the cat, the dog, the pig, the
> rose, the coffee, the wine, the bike ...
> that would be terrible for domain based validation.
> we have already too many TLDs today.
> may we suggest ICANN not open a
> On 16 Sep 2019, at 14:17, Paul van der Vlis wrote:
>
>> A significant number of installations will use different servers for
>> inbound and outbound email.
>
> I know a provider what is actually using this. I guess only the big
> providers will have different servers for inbound and
> On 16 Sep 2019, at 13:47, Paul van der Vlis wrote:
>
> How can I refuse mail from hosts who don't have an open port 25?
>
> What do you think from such a check?
It’s a stunningly bad idea. Don’t do it.
Many enterprises and cloud-based mail providers have discrete servers/systems
> On 14 Jun 2019, at 14:24, klirstr wrote:
>
> host smtp.customerdomain.com[customer-mx-server-ip] said: 450 4.7.1
> : Recipient address rejected:
> SPF-Result=smtp.mydomain.com: 'SERVFAIL' error on DNS 'TXT' lookup of
> 'smtp.mydomain.com' (in reply to RCPT TO command))
>
On 19 Nov 2018, at 15:42, Robert Chalmers wrote:
>
> "_OpenSSL_version", referenced from:
> import-atom in libpostfix-tls.dylib
> ...
> "_X509_up_ref", referenced from:
> import-atom in libpostfix-tls.dylib
> ld: symbol(s) not found for architecture x86_64
> clang: error: linker
> On 11 Oct 2018, at 19:07, pg...@dev-mail.net wrote:
>
>> The switch to the new KSK seems the most likely cause, assuming DNSSEC
>> validation always worked for you before then.
>
> It's been 'working' for ages. Yes, I could have been 'just lucky for a long
> time'.
DNSSEC is very
On 11 Oct 2018, at 18:27, pg...@dev-mail.net wrote:
>
> Changing my local dns (named) config to
>
> - dnssec-enable yes;
> + dnssec-enable no;
> dnssec-lookaside no;
> - dnssec-validation yes;
> + dnssec-validation no;
>
>
> On 16 Jan 2018, at 10:49, jin wrote:
>
> We are having difficulties while delivering mails to Microsoft's domains like
> hotmail and outlook.
They appear to have a DNS problem which is causing outbound mail to fail. Their
SMTP servers are using non-existent hostnames
> On 15 Sep 2017, at 11:07, pjakcity wrote:
>
> All i want is enough understanding that wont take me years so i can set this
> up, but understand what features are present and what they do (in a broad
> sence)
Note the O/P's email address
Dear Internet, please do
> On 10 Mar 2017, at 16:48, Linda Pagillo wrote:
>
> Also, is SMFIS_REJECT* even a file where I can configure a bounce message or
> is it just a protocol which means "reject”.
SMFIS_REJECT is a status/error code in the milter protocol. What some milter
application does
> On 3 Jan 2017, at 14:37, Robert Chalmers wrote:
>
> To start Postscript I use the following plist file. Based in
> /Library/LaunchDaemons
>
> org.postfix.master.plist
Don’t do that. Pick names for your own plist files that don’t clash with the
ones Apple use. There
> On 15 Dec 2016, at 16:01, L.P.H. van Belle wrote:
>
> Hello Noel/Jim,
>
> Thank you for the replies.
If you’re going to continue hiding the actual names and addresses, don’t bother
posting followups. As far as I know, nobody on this list is a mind reader.
How do you
> On 15 Dec 2016, at 14:56, L.P.H. van Belle wrote:
>
> Now the thing i dont get.
>
> 1) if both ipnumbers have a hostname, why do i see : unknown[1.2.3.4]
Your starting assumption is wrong or mistaken. If the postfix logs are saying
"unknown[1.2.3.4]” it means
> On 21 Sep 2016, at 01:40, Sebastian Nielsen wrote:
>
> I would really suggest using DISCARD instead of "500 This TLD sends spam - g
> e t lost.".
> Thus the spammer dosen't get to know he got stuck in a spam filter and can
> update their tools to bypass it.
Spammers
> On 20 Sep 2016, at 21:10, li...@lazygranch.com wrote:
>
> What is the simplest way to block a TLD?
Put the offending TLD in a map and have that map referenced through
check_sender_access and/or check_client_access.
ie
in main.cf:
smtpd_client_restrictions = permit_mynetworks
> On 23 Aug 2016, at 20:44, David Benfell wrote:
>
> What I have now, which should not be considered complete because the dovecot
> part isn't working
I’d bet money on that being caused by a broken OpenSSL installation too. Check
your OpenSSL setup before you do
> On 23 Aug 2016, at 20:16, Wietse Venema wrote:
>
> David Benfell:
>> So now I have:
>>
>> make tidy \
>>&& make makefiles CCARGS="-DUSE_TLS
>> -I/usr/local/include/eopenssl/openssl
>
> Try: -I/usr/local/include/eopenssl
Looks like the OP made a typo when they
> On 16 Jul 2016, at 02:50, Lefteris Tsintjelis wrote:
>
> I was thinking it more in simple DNS terms only and a simply reverse
> look up of the IP and then extract the domain from there but it is not
> possible without the FROM.
That wouldn’t have worked anyway.
Assuming a
> On 28 Jun 2016, at 20:26, Jeffs Chips wrote:
>
> I'm just saying that ALL email campaign services allow and indeed suggest
> users to identity a specific sole purpose email account in which to receive
> bounces to eliminate spam and which almost all email campaigners
> On 28 Jun 2016, at 19:28, Chip wrote:
>
> Okay maybe it's not in RFC's but I would it would be at least a
> recommendation that bounces can be routed back to bounces-to rather than
> reply-to. After all, why have the field at all if it's not used properly.
No RFC
> On 13 May 2016, at 09:56, Hans Ginzel wrote:
>
> Does Postfix detect changes in /etc/resolv.conf to flush its dns caches etc,
> please?
Changing /etc/resolv.conf has no impact on what DNS data an application or name
server has cached. All that can do is tell an application
> On 21 Apr 2016, at 20:46, wrote:
>
> What is "unknown" in this case?
>
> I think it is the RDNS that is not there?
Yes. There’s no reverse DNS for the connecting IP address.
> host 65.181.123.80
> Host 80.123.181.65.in-addr.arpa. not
> On 13 Mar 2016, at 15:06, Robert Chalmers wrote:
>
> Nice hardware, but the software is really recycled FreeBSD. say what?
The MacOSX kernel is based on Mach, not BSD, though that Mach kernel presents a
largely BSD-flavour/POSIX API to user mode applications. It
> On 13 Mar 2016, at 14:07, Larry Stone wrote:
>
> The only “pain” likely to result is if you aren’t smart and let malware do
> something bad. OS X (at least so far) does not care if SIP is on or off. SIP,
> IMHO, is protection for those who don’t know what they
> On 13 Mar 2016, at 08:41, Alice Wonder wrote:
>
> It's possible the mail command on OS X is using the OS X sendmail command
> provided by the OS X postfix which would want its configuration file at
> /etc/postfix/main.cf
It is. Though MacOSX puts the sendmail
> On 5 Mar 2016, at 15:38, Robert Chalmers wrote:
>
> Also, I can see that pfctl -e turns it on - enables it, but I can’t see how
> that is put in place automatically. On re boot, it’s once again disabled, and
> pf is not working. Even though the plist is loading.
Did
> On 19 Feb 2016, at 23:52, Sebastian Nielsen wrote:
>
> but if you're hosting for example a mail server for a company, and only you
> as a sysadmin has shell access to the server, its no danger 666'ing files
> that throw permission errors. Then the file isn't really
On 4 Sep 2015, at 23:43, Takae Harrington wrote:
> does u_short/u_int, and unassigned makes difference?
Maybe, maybe not. Consult your C compiler documentation. BTW I assume you meant
"unsigned" instead of "unassigned".
Though I doubt compiler documentation will help you
On 4 Sep 2015, at 23:43, Takae Harrington wrote:
> does u_short/u_int, and unassigned makes difference?
Maybe, maybe not. Consult your C compiler documentation. BTW I assume you meant
"unsigned" instead of "unassigned".
Though I doubt compiler documentation will help you
On 3 Sep 2015, at 22:11, Takae Harrington wrote:
> When I compile postfix3.0.2 (the same issue has existed since 2.11.x) on
> aix61 and aix71, I get this error:
>
> [vq2ua613:/staging/Postfix-3.0.2]make
> dns_lookup.c: In function 'dns_query':
> dns_lookup.c:339: error:
On 18 Aug 2015, at 22:06, Tom Browder tom.brow...@gmail.com wrote:
Okay, I assume then that this should be the only PTR record:
4.3.2.1.in-addr.arpa. IN PTR B.tld.
Yes. Provided of course B.tld is The One True Hostname for your server.
BTW, you will get on a lot better if your postings
On 18 Aug 2015, at 21:55, Tom Browder tom.brow...@gmail.com wrote:
Okay, now assuming my server IP address is 1.2.3.4, do the following
DNS records appear reasonable?
No. There should be just one PTR record for an IP address.
On 10 Jul 2015, at 00:24, Wietse Venema wie...@porcupine.org wrote:
Don't use home_mailbox if you want maildirs outside the home directory.
Doh! How did I miss that?
Thanks Wietse
Is there some reason why home_mailbox gets hard-wired to a user's home
directory for maildir-flavour delivery?
I would like to arrange for user inboxes to be held in the IMAP store -- say in
/var/imap/username/INBOX -- rather than in each user's home directory. ie All
email gets stored in one
On 11 Jun 2015, at 00:20, Timothy Murphy gayle...@eircom.net wrote:
Here helen.gayleard.com is the internal name of my server
(on which postfix and dovecot are running),
while mail.eircom.net is my smarthost.
helen.gayleard.com does not resolve in the public DNS and mail.eircom.net is
Can y'all please stop posting messages of goodwill to the list? Just send your
best wishes direct to Wietse. There's no reason for the list to see these.
Thanks.
On 11 Mar 2015, at 11:07, John j...@klam.ca wrote:
Your bank sends you an email that actually CONTAINS information about your
account
This discussion is not relevant to postfix. Could you please take it elsewhere?
Thanks.
On 12 Jan 2015, at 16:42, James B. Byrne byrn...@harte-lyne.ca wrote:
The DANE Validator https://dane.sys4.de is intended to identify
configuration errors and to help administrators create working DANE
SMTP configurations.
This validator specifically declares DLV trust rooted sites as
On 6 Jan 2015, at 23:18, Viktor Dukhovni postfix-us...@dukhovni.org wrote:
My email server, for example, specifically does not support the ISC DLV.
Yay!
With the root zone and most TLDs signed, I don't think it makes sense to use
it anymore.
+1000.
DLV has always been a *remarkably* bad
On 5 Sep 2014, at 21:36, Edwin Marqe edwinma...@gmail.com wrote:
I have this in my Postfix config:
smtpd_helo_restrictions =
permit_mynetworks
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
permit
However, any time I connect via telnet to this server and specify
On 5 Sep 2014, at 21:53, Edwin Marqe edwinma...@gmail.com wrote:
But in this case the client IP is *not* listed in $mynetworks, so it
is not being matched (it's a public IP that is not listed anywhere).
Please post the output of postconf -n. All of it. Unedited. And provide the
actual IP
On 16 Jul 2014, at 08:10, Viktor Dukhovni postfix-us...@dukhovni.org wrote:
That explains it, I'm on 10.9.4, and there is no libpcre in /usr/lib.
Strange. My 10.9.4 boxes have libpcre in /usr/lib. I'm fairly sure Apple put
them there because I certainly didn't install them. If I had, they'd
On 18 Jun 2014, at 15:45, Michael Orlitzky mich...@orlitzky.com wrote:
Nitpick: the .local TLD is reserved by RFC 6762, .invalid may be a
better long-term choice.
I'll raise you another nitpick. .invalid is reserved by RFC6761 and in the IANA
registry of Special-Use Domain Names, just like
On 10 Apr 2014, at 08:14, lst_ho...@kwsoft.de wrote:
I still wonder why OpenSSL does not use the memory wipe before free, is it a
performance killer or a feature?
I imagine the OpenSSL developers didn't think this was necessary when they
first started on the code 10-15 years ago and that
On 31 Jan 2014, at 10:19, Pol Hallen postfi...@fuckaround.org wrote:
I've fear if a virtual host could go inside a black list, and the result
should be all virtual host become black listed...
so, what's the better way to escape this situation?
Make sure you avoid anything that's likely to
On 17 Nov 2013, at 08:11, DJ Lucas d...@lucasit.com wrote:
delays=17/0.01/0/0, dsn=5.4.6, status=bounced (mail for mail.lucasit.com
loops back to myself)
...
mydestination = localhost
myhostname = mail.domain.com
Your mail system is not configured to serve lucasit.com. So when it gets
On 7 Oct 2013, at 18:15, Erwan David er...@rail.eu.org wrote:
Google is really rejecting emails in IPv6 because of a lack of PTR...
If that's the case, good. Just do The Right Thing and arrange a valid PTR for
the IPv6 address that speaks SMTP. This should be simpler and less hassle than
On 7 Oct 2013, at 19:30, Erwan David er...@rail.eu.org wrote:
But it is false to say tjat a mail server without reverse surely is a spammer.
But nobody was saying that. Almost no legitimate mail comes from addresses with
no reverse DNS. Sure, some spammers will have reverse DNS. Which is why
On 30 Aug 2013, at 14:07, Terry Gilsenan terry.gilse...@interoil.com wrote:
As attachments get larger, and end users use email rather than ftp for file
transfer for convenience sake, a UDP implementation, perhaps using UDP as a
data streaming channel could become a very useful configuration,
On 30 Aug 2013, at 18:36, Terry Gilsenan terry.gilse...@interoil.com wrote:
The killer on high latency links is the tcp-window and the continual wait for
ack. With links above 1000ms this compounded delay reduces the available
bandwidth to a very small percentage of the interface speed
On 25 Jun 2013, at 18:01, John Levine jo...@iecc.com wrote:
There is a somewhat popular convention that if a domain publishes an
MX like this:
whatever.example MX 0 .
it means the domain does not receive mail.
Well yes. But it only works as long as there are no A or records for .
On 25 Jun 2013, at 18:53, Viktor Dukhovni postfix-us...@dukhovni.org wrote:
This is inaccurate. Postfix will not perform A/ lookups for ..
True. But postfix is not the only MTA, even if it is the one that gets
discussed on this list. :-)
On 25 Jun 2013, at 21:55, John Levine jo...@iecc.com wrote:
That works, but it will take a week of repeated connection attempts
before the message times out.
Seems like the right outcome for the circumstances you refer to: the problem
lies with the end user who mistyped the domain name -- who
On 21 Jan 2013, at 14:01, Peter Berghold salty.cowd...@gmail.com wrote:
Does anybody on this list know of a list similar to this for sendmail?
There were/are mailing lists but Sendmail (the company) doesn't seem to be as
supportive of its open source offerings as it used to. For instance the
On 4 Jan 2013, at 10:12, Michael Blessenohl blessen...@googlemail.com wrote:
If there are 'bad ideas' in standards, then why aren't the standards changed?
Because it's hard. And even if improved standards emerge from the IETF - ha! -
there may not be the business or technical incentives to
On 29 Nov 2012, at 10:49, Ralf Hildebrandt r...@sys4.de wrote:
I'm seeing a DNS problem I cannot fathom:
# host 65.171.152.29
Well, there's part of your problem right there. Never, ever use host or
nslookup to query the DNS. Use dig. [Or drill if you're into debugging DNSSEC.]
Accept no
On 18 Nov 2012, at 17:40, Michael Monnerie
lists.michael.monne...@is.it-management.at wrote:
Nothing should have problems with leading zeroes.
Sometimes reality intrudes on ideals. There is legacy software out there which
will not behave the way you expect. Sometimes a digit string which
On 21 Oct 2012, at 11:05, Mike's unattended mail
mike.thomas-dlre...@cool.fr.nf wrote:
You're the first to post an ad hominem, without so much as even
bundling it with a single logical argument.
Which should have been the point where this thread immediately halted...
Please take your
On 19 Sep 2012, at 10:36, Ralf Hildebrandt wrote:
I'm trying to debug a DNS issue:
# host www.pimda.eu
You'll get better results if you use The One True DNS tool: dig.
The DNS admin for pimda.eu has screwed up. He/she has created a
delegation for www.pimda.eu and failed to configure the
On 19 Sep 2012, at 10:53, Milo wrote:
% WHOIS pidma
Domain: pidma
Status: AVAILABLE
Why do you think whois can tell you what the DNS is doing? It might
also help if you queried the DNS for pimda.eu, not pidma.
On 19 Sep 2012, at 11:40, Ralf Hildebrandt wrote:
The broken name server at ns1.bdm.microsoftonline.com. The other one
is rightly returning NOHOST responses when asked for or MX
records for www.pimda.eu.
How can I see that? I performed a query using dig and gut:
# dig
On 19 Sep 2012, at 11:37, Milo wrote:
Why do you think whois can tell you what the DNS is doing?
whois can tell if domain exists.
No it can't. If you want to know what domains are actually in the DNS
or what data are there, consult the DNS - not whois.
There will be no whois entry
On 19 Sep 2012, at 12:49, Milo wrote:
On 09/19/2012 01:41 PM, Jim Reid wrote:
If you want to know what domains are actually in the DNS or
what data are there, consult the DNS - not whois.
This is incorrect.
Well one of us is wrong. And it's not me. :-)
I will repeat what I said above
There's clearly no point continuing this thread. You clearly don't
understand or choose not to understand what's being discussed. So
let's just shut up and agree to disagree.
I wish you the very best of luck in using whois to troubleshoot DNS
problems.
On 2 Aug 2012, at 08:38, Varadi Gabor wrote:
Sorry because my English.
No problem. It's *far* better than my Hungarian. :-)
Besides, you've provided full, unedited information -- log entries,
dig output, etc -- which makes it clear exactly what the problem is.
If only everyone did
On 2 Aug 2012, at 10:44, Varadi Gabor wrote:
The log also shows that the warning: numeric domain name in
resource data of MX record for bond.com: 0.0.0.0
Yes, I saw that. This should have resulted in a hard error, not a
warning.
I want solutions not only in this case in particular, but
Please take your debate about password selection policies elsewhere.
It has nothing to do with postfix.
On 18 Jul 2012, at 06:17, Jim Wright wrote:
My make statement is very similar to the one on the above page, but
even using the one listed there, when I do the 'sudo make install',
I get hundreds of lines of errors, such as the following:
$ sudo make install
You shouldn't compile and
On 10 Jul 2012, at 11:55, Wietse Venema wrote:
Sending sighup to sendmail, postsuper, postqueue, etc. would not be
productive.
Indeed.
Sending signals to daemons is a remarkably crude and mostly clumsy way
form of inter-process communication. You can't even manage a bunch of
servers
On 27 Apr 2012, at 16:55, kar...@mailcan.com wrote:
In the end it's getting blocked, and that's what I want. But, if I
understand how this works, every one of those rejects is a DNS check
to
spamhaus, and some postfix load on my server.
Can I somehow configure to be more efficient about
On 27 Apr 2012, at 17:20, kar...@mailcan.com wrote:
Is there any way to prevent Postfix from making those repeated DNS
checks, regardless of whether it's externally to Spamhaus' servers, or
to a locally cached DNS result?
No. Well you could but it would be futile make-work that adds needless
Hi. There must be a glaringly obvious solution to my problem that I
can't see for looking at it. Can anyone help?
A few trusted senders have trouble getting past my server's vicious
anti-spam defences. Sometimes their mail is sent over IPv6 from a
source address that has no reverse DNS
On 26 Apr 2012, at 17:06, Noel Jones wrote:
Put here:
check_sender_access hash:/etc/postfix/oksenders
Facepalm moment. Doh! Noel, thanks very much. This was the obvious
thing I'd overlooked. Putting a check_sender_access entry like this in
smtpd_client_restrictions does the trick.
74 matches
Mail list logo