RE: Relaying to 2 SMTP servers

Or https://jyotishp.ml/tutorials/postfix/dual-delivery-for-postfix http://pjrlost.blogspot.com/2012/11/smtp-delivery-to-two-mail-servers-via.html This one, its a bit a search but the files are still available on the internet. Greetz, Louis > -Oorspronkelijk bericht- > Van:

RE: OpenDKIM not signing

The linke of linode, but transformed in a script for Debian 9. https://github.com/thctlo/debian-scripts/blob/master/setup-opendkim-postfix.sh Read it or use it. ( make backups first ). Its tested on a clean setup, but if you read through the script you see everything thats needed to fix this.

RE: Postfix With OpenDKIM: milter: SMFIC_EOH

Did someone look at a "old" howto here? Postfix manual shows clearly. /etc/postfix/main.cf: # Postfix ?? 2.6 milter_protocol = 6 # 2.3 ?? Postfix ?? 2.5 milter_protocol = 2 This works fine on Debian Stretch, if you set milter_protocol = 6 dpkg -l | egrep

RE: multi relay host

All i can think of is. Setup 3 postfix dual smtp. Server 1, incoming relay. Which delivers on server 2 and 3 with dual smtp. Server 2 to Vessel A = *@vessel_A.domain.com Has smtp relay 1 = a ip adress:25 Server 3 to Vessel A = *@vessel_A.domain.com Has Smtp 2 relay as backup with

RE: dnsbl postscreen - not blocking

Hai, recent.spam.dnsbl.sorbs.net = 127.0.0.6 and you gave it 1 point. whats the postscreen_dnsbl_threshold set at ? I'll bet thats set higher than 1. Greetz, Louis Van: cubew...@googlemail.com [mailto:owner-postfix-us...@postfix.org] Namens

FW: RE: Double-Bounce

In order of messages.  ( i got 11 message for 1 postfix list mail ).  I only see this these when . 1) someone tries to mail out of my domainname. 2) when i mail the postfix list.   I never figured this out, why this happens at the postfix list.     This is an authentication failure report for

RE: Double-Bounce

I had a simular things. .. Waiting for the bounce... Greetz, Louis > -Oorspronkelijk bericht- > Van: rei...@bbmk.org [mailto:owner-postfix-us...@postfix.org] > Namens B. Reino > Verzonden: vrijdag 14 september 2018 10:52 > Aan: postfix-users@postfix.org > Onderwerp: Re:

RE: 5 messages per second

Yes.   i did like this setup. https://wiki.deimos.fr/Postfix:_limit_outgoing_mail_throttling  And now you have also options per domain.   Greetz,   Louis Van: paul.martin.b...@gmail.com [mailto:owner-postfix-us...@postfix.org] Namens Paul Martin Verzonden: woensdag 20 juni 2018 16:44 Aan:

RE: Gmail discard my emails

Have a look. https://toolbox.googleapps.com/apps/checkmx/check?domain=schweb.com.ar_selector= schweb.com.ar There were some critical problems detected with this domain. Mail-flow is probably affected. Please refer to the corresponding help articles to fix these. Your base setup is ok, you

RE: Postfix & logrotate

You did not get the hint.. The "wrong" thing here is mail.* Because your rotating now everything behind the mail.* so also .1 .1.1 .1.1.1 etc etc, until you server explodes ;-) You should have this in you postfix logrotate.. Try this. /var/log/mail.info /var/log/mail.warn

RE: Postfix & logrotate

Hai, Did you remove the mail rotate also from /etc/logrotate.d/rsyslog ? You have these lines in the rsyslog file also. /var/log/mail.info /var/log/mail.warn /var/log/mail.err /var/log/mail.log Your now "double" rotateing your logs. ;-) Greetz, louis > -Oorspronkelijk

RE: Spammer rejected, but resends every 10 minutes. Any way to prevent this

Or why not use and SPF like this in the dns. your.domain.tld TXT “v=spf1 -exists:%{ir}.zen.spamhaus.org +mx -all exp:explain.your.domain.tld” explain.your.domain.tld TXT "SPF error %{i} is not one of %{d}’s designated mail servers.” Now these never reaches your server, saving cpu

RE: question about envelop from.

Hello Victor, > -Oorspronkelijk bericht- > Van: postfix-us...@dukhovni.org > [mailto:owner-postfix-us...@postfix.org] Namens Viktor Dukhovni > Verzonden: dinsdag 13 maart 2018 15:27 > Aan: Postfix users > Onderwerp: Re: question about envelop from. > > > > > On Mar 13, 2018, at 8:54

RE: question about envelop from.

Hai Matus, Thank you for the reply, most apriciated. No, but its a "government" server, so i need to be very sure.. ;-) Thanks, i was looking in the wrong rfc. Best regards, Louis > -Oorspronkelijk bericht- > Van: uh...@fantomas.sk > [mailto:owner-postfix-us...@postfix.org]

question about envelop from.

Hai,   Im reading through rfc's but the following is still not clear for me.   E-mail is rejected base on the envelop-from adres from a mail-daemon with postfix + postfix-policyd-spf   I saw the following in the postfix logs. Feb  7 00:00:16 hostname postfix/smtpd[31726]: Untrusted TLS

RE: manitu.net RBL, opinions? Re: postwhite? (why not?)

I use this list for postscreen, big list. Use with care, this one is customized for my needs. The why to cidr's in the access list. The first is manualy maintaint. The second cidr and spamhous drop are auto updated by script. Greetz, Louis postscreen_greet_banner =$myhostname, checking

RE: Calendar & Contacts

Hai, Kopano with nextcloud, z-push and webapp with files plugin rules here. Very good combo, bit harder to setup, but very compatible with lots of different devices. Greetz, Louis > -Oorspronkelijk bericht- > Van: li...@merit.unu.edu > [mailto:owner-postfix-us...@postfix.org]

RE: Question regarding use of amavisd-new

No, i know it runs fine, after about 2-3 milion emails processed, i know .. Really.. And no i did not ignore him, but i want mailscanner and i want postfix and not exim. Did you even try it and test it? And if so, what did you encounter?? I only found 1 thing and thats fixed. something with

RE: Question regarding use of amavisd-new

Hai, mailscanner runs fine here for about 5-6 years now, with postfix. Mailscanner + postfix (postscreen) rules here :-) But if you want a quicky to test. https://efa-project.org/ = Mailscanner + mailwatch +... Lots of extra's. Greetz, Louis > -Oorspronkelijk bericht- >

RE: Jessie - Stretch to jump on Postfix 3.x

for me it was a good and easy upgrade from jessie to stretch.   Things i needed  to change/run was this :    # for postfix postconf compatibility_level=2 && postfix reload   # for ntp  sed -i 's/restrict -4 default kod notrap nomodify nopeer noquery/restrict -4 default kod notrap nomodify

RE: Trace spam activity on mail server

Maybe its handy to tell us the real domainname and ip involving this problem?    

RE: Trace spam activity on mail server

So far i can see, is your web site the target not you mail server. I personaly use : http://multirbl.valli.org/lookup/netlite.it.html About the same as mx toolbox, but i did notice that the list of multirbl is much shorted when the domainname is used. If i check with this hostname:

RE: Optimising new system and postscreen questions

And if you running debian you can set the min-cache-ttl.. That bind is patched with : https://anonscm.debian.org/cgit/users/lamont/bind9.git/commit/?h=patches=84fa402750fab5cd887d357501e2896494ac551f So you can set these if needed. min-cache-ttl 90; min-ncache-ttl 90; Greetz, Louis >

RE: Postfix cannot start tls: handshake failure

Sorry about that, i was thinking your talking about the remote connecting to you. So, it's you to remote ( so the smtp_tls settings ) I did setup also for client myself, but that more how official you need to have some things. Its about the same, for the client setup im using : # TLS Client

RE: Postfix cannot start tls: handshake failure

Yes is advicable to enable TLS. Whats is your OS and Postfix version? For example, i use Debian. And when you want to use : ca-certificates.crt You need to setup as debian expects and it includes your cert in the ca-certifcate.crt, so thats why i want to know the os and version of postfix.

RE: postsceen and smtpd_recipients_restrictions

He is multiple times listed. See : http://multirbl.valli.org/lookup/46.22.210.2.html Spamhaus ( listed in DBL Advisory. ) ( aerial.astogle.us.dbl.spamhaus.org ) The remote server probley sends "listed at zen.spamhaus.org" but is using DBL also. https://www.spamhaus.org/dbl/ Greetz,

RE: Strong Ciphers to use with Postfix

Hai, It all depends all in what you need and want. After monitoring for about a year on with or without encryption. I have 0 unecrypted mail servers found and a handfull of SSLv2 or V3. Which i simply dont allow anymore. ( The sslv2/v3 ) Due to the dutch "Privacy laws" users are oblgated to

RE: SPF entries for IPv4 & IPv6

No mx lookup in the SPF? Why not : mail.example.org. TXT "v=spf1 mx ip4:1.2.3.4 ip6:: -all" And why no A record Every host in you dns with A can send, which is not (always) what you want. For example: www.example.org and now you server gets comprimized and is

RE: request improved logging for postfix.

Hello Noel, Would you please stop say that im labeling.. im not. Sorry im so bad in explaining things in english. I just trying to explain something based on what i did read here: http://www.postfix.org/postconf.5.html#reject_unknown_helo_hostname reject_unknown_helo_hostname (with Postfix <

RE: request improved logging for postfix.

Thank you Noel, again :-)   Based on my loglines i found that;   postfix/ [smtp/smtpd/postscreen]  show [client-hostname or unknown] IP   (*always unknown if A/PTR mismatches in client hostname OR helo hostname)   postfix/ cleanup  (header Received) show from helo-hostname

RE: request improved logging for postfix.

Hai,   Well, Thank you Noel, This makes much more sence now.   I was mislead due to the log messages of postfix. My own server has an A/PTR to the hostname and A/MX for helo name. This is the confusing part, at least it was for me. The logs showed me: postfix/smtpd[29331]: connect

request improved logging for postfix.

Hello,   After the message from yesterday, im asking if the postfix logging can be changed. To improve the loggings and a better more clear reject message.   A small change maybe, i dont know, i’ll show what i mean below. Maybe im totaly incorrect here so correct me if needed.   Now,

RE: DNS round robin on helo?

Hai, First sorry to have the ips and name anonymized, i had to do that. I cant expose details until i first talked to the company in question. Thas a moral thing to do in my believe. And i need to be sure that i tell the right info when i do that. The "helo=" space was a copy past error,

RE: DNS round robin on helo?

Hello Noel/Jim,   Thank you for the replies.   Ok, thats clear, so multple A are allowed but i thing its the way around here. I'll explain bit more.   I did run also that way, one host multiple ip's but both ip's has a different helo name to match a/ptr and mx records with it. But

DNS round robin on helo?

Hello,   I couldnt find this on the internet and is was thinking, the postfix list wil know this. Customer send email which are rejected by my server.  I thinks that is correctly rejected.   Now i digged into this and i found the following but i dont know if this is allowed by RFC. To

RE: regexp for allowing helo host

Hai Florian, No, Thats is due my setup with the mailscanner antispam behind it. Just give those sites a good read, and the adjust the config to your needs. Running a caching dns on that server helps dns queries. Extra to that, install fail2ban and add postfix-dnsbl.conf With filter :

RE: regexp for allowing helo host

Some good info to read into. http://rob0.nodns4.us/postscreen.html http://blog.schaal-24.de/mail/postscreen-im-kampf-gegen-spam/?lang=en and ofcourse a must read: http://www.postfix.org/POSTSCREEN_README.html Greetz, Louis > -Oorspronkelijk bericht- > Van: flo...@floppy.org

RE: regexp for allowing helo host

Ah yes, In master.cf adust these. smtp inet n - - - 1 postscreen smtpd pass - - - - - smtpd dnsblog unix - - - - 0 dnsblog > -Oorspronkelijk bericht- > Van: flo...@floppy.org

RE: Open relay, found it

Hai Paul, I saw you got it fixed, comprimized pass as i suspected. ;-) I saw also this in you log. from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi [87.92.55.206] This should never be allowed. ( from 127.0.0.1 ) ( on the external ip ) Thats impossible imo. To fix that you can use

Re: permit after all

paul, check if there are messages still in queue.  i had a comprimized account also and same as you it didnt stop. it did after clearing up the queue list. the user in question has used its email and pass om a website which was   omprimized, at least thats what i think.  i my case i allow

RE: Block certain prefixes/TLDs from accessing

.. fail2ban Sasl filer. Of add xtable (geo ip) and block then countries. I only allow sasl auth from my own country AND an A record must exist in the dns for the host sending. And Blacklisting the spamming domains is often useless. You better check for the age of the domain or so.

RE: This ought to be simple to stop. Am I missing something?

here your have an bind log example, WITH lame server logging. Adjust where needed. Just enable only lameserver logging. Set all to null and enable lameserver logging. No performance drop. logging { channel bind_log { file "/var/log/bind/bind.log" versions 3 size 1m;

RE: This ought to be simple to stop. Am I missing something?

Then stop using google dns or other dns servers that block dns request to rbl servers. Source : https://www.spamhaus.org/faq/section/DNSBL%20Usage Check what DNS resolvers you are using: If you are using a free "open DNS resolver" service such as the Google Public DNS or large

RE: This ought to be simple to stop. Am I missing something?

A good combination of rbl lists with postscreen im using. postscreen_dnsbl_threshold=4 postscreen_dnsbl_sites = b.barracudacentral.org*4 bad.psky.me*4 zen.spamhaus.org*4 dnsbl.cobion.com*2 bl.spameatingmonkey.net*2 fresh.spameatingmonkey.net*2

RE: thousands of "lost connection after AUTH"

The are after username/passwords. And when that happend they will user your server als relay. Happend on one of my servers also. One of my users used his email and pass in facebook and linkedin. And the same as on the server.. :-/ About 60.000 mails where tried to send over my server.

postfix sasl auth required

Hai,   Im testing out my servers and i noticed the following   telnet localhost 587 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.mydomain.tld ESMTP Ready ehlo localhost 250-mail.mydomain.tld 250-PIPELINING 250-SIZE 1536 250-VRFY 250-ETRN

RE: transport smtp failure after MySQL connection

Did you reboot the server? If not, try it first. Why.. find out with: apt-get install debian-goodies checkrestart but, most of these cant restart, so rebooting the server is the only option. When thats done, check again. Greetz. Louis > -Oorspronkelijk bericht- > Van:

RE: Change Temporary failure in name resolution response code

First in reply to. . ... cannot find your hostname Optional to add: unknown_hostname_reject_code = 550 but if you have dns problems, everything gets rejected as Wiets already told you.. .. but I think.. , so what, the sender does get the NDR, he can send again but thats a choice. And think

RE: Can anyone decipher this Policyd-spf error?

Switch to the perl version of this and your problem is fixed. Use postfix-policyd-spf-perl Not postfix-policyd-spf-python Both work the same, but the perl version works fine with ipv6 on my server. Greetz, Louis > -Oorspronkelijk bericht- > Van: t...@whyscream.net

RE: lmtp: transport unavailable

Ok, debian, my thing.. ;-) Try : Edit /etc/dovecot/dovecot.conf To Change : protocols = imap lmtp And add: service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } protocol lmtp {

RE: Helo Checks not always working?

These are 2 different things.   Unknow hostname is a missing PTR record   For that you can use : smtpd_client_restrictions = ...   "unknown" is also the name in the case of a temporary dns lookup failure. so using 5xx for all "unknown" is not a good idea.   #

Re: SASL binds

never knew this, what is the SPN postix/sasl needs? and a simple way to make the client work, setup a samba client, if setup correctly, samba wil refres the keytab file. if someone want info on this, i can answere monday again. greetz, louis > Op 1 jan. 2016 om 21:17 heeft Viktor Dukhovni

RE: 53% of Postfix servers are black-listed (DNSBL)

Well, your allowed to have your opionion .. no problems with that. And good for you then there are other MTA's you can try to configure.. Im using postfix for more that 10 years now, and im very happy with it. I get about 0.05% spam of all mails, and that 0.05% is catched by spamassassin, i

RE: How to Block EHLO/HELO that has IP Only

This is how i run it. ( postfix 2.11.x on debian Jessie ) This stops a lot of "spamming" servers, and if anyone sees improvements,... im all ear... ;-) This was a drop op about 90% of all spam, remaining used "good" configured servers.. :-/ but for that spamassassin..

RE: 2 questions: Can I add another smtp line into master.cf for spam assassin? & spa-policy.pl

Hai,   I run this on a debian Jessie, postfix 2.11 (all debian packages )   Route for me is like this.   -> postscreen -> policy-weight -> policy-spf -> clamsmtp (-> -> spamassassin) -> user     A1. I have in main.cfg    content_filter = clamsmtp:127.0.0.1:10025   A2.  Yes,

RE: Suggestions for more logging?

Try starting spamd with --listen-ip 127.0.0.1 --listen-ip ::1 Greetz, Louis > -Oorspronkelijk bericht- > Van: v...@cfcl.com [mailto:owner-postfix-us...@postfix.org] Namens Vicki > Brown > Verzonden: woensdag 18 november 2015 9:13 > Aan: Postfix users > Onderwerp: Suggestions for

RE: Disable spooling

> -Oorspronkelijk bericht- > Van: pa...@matos-sorge.com [mailto:owner-postfix-us...@postfix.org] Namens > Paulo Matos > Verzonden: maandag 16 november 2015 21:14 > Aan: L.P.H. van Belle; postfix users > Onderwerp: Re: Disable spooling > > > > On 09/11/15 16:43, L.P.H. van Belle wrote:

RE: receiving message - checking mx record by postfix

Read :  http://www.sorbs.net/faq/rfc_helo_enforcement.shtml   I contains also the links to the RFC’s   Greetz,   Louis       Van: zalezny.niezale...@gmail.com [mailto:owner-postfix-us...@postfix.org] Namens Zalezny Niezalezny Verzonden: dinsdag 10 november 2015 13:30 Aan: Postfix

RE: Disable spooling

> -Oorspronkelijk bericht- > Van: njo...@megan.vbhcs.org [mailto:owner-postfix-us...@postfix.org] > Namens Noel Jones > Verzonden: maandag 9 november 2015 16:05 > Aan: postfix-users@postfix.org > Onderwerp: Re: Disable spooling > > On 11/9/2015 3:46 AM, Paulo Matos wrote: > > Hi, > > > >

FW: Using postscreen_dnsbl_reply_map

> Hai Alex, > > I use the same as in the link you posted. > http://rob0.nodns4.us/postscreen.html > This is used for my bases setup also. > > Just put all your servers (rbls) in here and copy the response lines, Like > : > /^zen\.spamhaus\.org$/blocked by rbl, see >

RE: Using postscreen_dnsbl_reply_map

I just point everything to http://multirbl.valli.org so they can see if they are listed on multiple rbl servers. And imo thats better, then, mailing, getting rejected, by for example spamhaus. Going to that site, checking, removing. Mailing again, and now again blocked, other rbl server etc.

RE: Initial test of postfix 3.0.2

This example should wil not relay over outlook.com without the correct outlook.com settings in the dns. Base on : from= to= proto=ESMTP @mygnus.com is missing the ms= and spf settings in the dns Greetz, Louis > -Oorspronkelijk bericht- >

RE: Can Postscreen and Smapassassin be used together

Hai, I thinking why not put them together Ik run a setup like this https://wiki.dest-unreachable.net/pages/viewpage.action?pageId=15892484 which uses postscreen spamassassin clamav and this works very wel for me. And the load is not to much, but depends on the amount of emails your

RE: TLS cert - bug in documentation or bug in my understanding ??

sorry, a correction on the previous. This is wrong : add in main.cf : in smtpd_client_restrictions, just after permit_mynetworks: smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/smtpd_discard_ehlo_keywords_address.cidr just add smtpd_discard_ehlo_keyword_address_maps =

Fwd: trying to figure out regex for custom_header checks

set postix server to check for rfc complaince and you see a spam drop of atleast 90% and setup postscreen with it.. 98% less spam and in above just check for the helo compliance and not hostname checks, that will drop to many ok servers.. greetz Louis Op 19 aug.

RE: TLS cert - bug in documentation or bug in my understanding ??

-Oorspronkelijk bericht- Van: al...@domblogger.net [mailto:owner-postfix-us...@postfix.org] Namens Alice Wonder Verzonden: woensdag 19 augustus 2015 12:42 Aan: postfix-users@postfix.org Onderwerp: Re: TLS cert - bug in documentation or bug in my understanding ?? On 08/19/2015 03:09

RE: Postfix and Mailman 2 virtual alias domain integration

Okay, I assume then that this should be the only PTR record: 4.3.2.1.in-addr.arpa. IN PTR B.tld. Yes. Provided of course B.tld is The One True Hostname for your server. It is! No, imo, it is not.. and this setup can be better i think. read on.. A hostname is not a domain name, and best

RE: TLS cert - bug in documentation or bug in my understanding ??

Hai, Try it like this, there is no need for combining the certificates. # TLS parameters smtp_tls_cert_file = /etc/ssl/certs/certificate.cer smtp_tls_key_file = /etc/ssl/private/certificate.key smtpd_tls_cert_file = /etc/ssl/certs/certificate.cer smtpd_tls_key_file =

RE: FW: SSL Renegotiation Attack Disabling reneotiation

I dont know if its an option, but i suggest have a look here :   multiple packages for postfix on centos 6 http://pkgs.org/search/postfix?type=name or https://solusipse.net/blog/posts/compiling-postfix-with-postgresql-support-on-centos-7/   Not for the postgresql, but just for the upgrade of

SOLVED.. FW: ldap virtual split domain and forwarding.

Finaly i did found the problem. In the end i did add the ldap ldap://etc/postfix/zarafa-ads-*-aliases.cf in the aliases_map and all the redirects in the virtual_alias_maps and now i did some testing with an e-mail address, .. which did not have any typos in the email adres in ldap. that

FW: SSL Renegotiation Attack Disabling reneotiation

Hai, As far as i know, no. Unless you are forceing all clients to use SSLv2 only (since that doesn't support renegotiation). Are you sure you want to disable it and not just prevent old clients from using the vulnerable renegotiation methods? If it's the last you'll need to upgrade to 2.8+

RE: Folder permissions problem, /var/spool/postfix/private

for the policy-spf, check this one. https://bananasfk.wordpress.com/2015/06/05/policyd-spf-in-debian-8-fix/ Greetz, Louis -Oorspronkelijk bericht- Van: robert.sen...@lists.microscopium.de [mailto:owner-postfix-us...@postfix.org] Namens Robert Senger Verzonden: dinsdag 18 augustus

RE: Postfix and Mailman 2 virtual alias domain integration

Hai, ... its all about correct DNS settings, so dont say that does not matter.. Best is you read : rfc2821 section-3.6 and 4.1.1.1 ( and 10.3 thank you Michael good read, i forgot that one.. ) rfc5321 section 2.3.5 in short.. make sure your hostname has an A or record and PTR

ldap virtual split domain and forwarding.

Hai, Im new to the list, so tell me if im do-ing something wrong.. in advance, .. sorry for my english, and sorry for the long explanation.. better to much than to little imo. Im having the following setup. Debian Jessie 8.1 with packages, running a zarafa mail server samba 4 AD