On 9/11/2012 4:33 PM, Wietse Venema wrote:
David J. Weller-Fahy:
-- Start of PGP signed section.
* Noel Jones njo...@megan.vbhcs.org [2012-09-10 23:23 -0400]:
On 9/10/2012 9:20 PM, David J. Weller-Fahy wrote:
1) Am I correct that blocking recipient addresses which consist of
an existing user
to a specific master.cf transport.
http://www.postfix.org/postconf.5.html#smtp_header_checks
#master.cf
smtp unix - - n - - smtp
-o smtp_header_checks=pcre:/etc/postfix/smtp_header_checks
-- Noel Jones
of. This generally isn't much of a problem.
I think the usual action is to accept whatever, then add specific
unwanted/abused extensions to a blacklist.
-- Noel Jones
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net
I use to only accept mail to a specific domain and
address if it's not the final destination?
Thanks,
-Patric
the domains are listed in $relay_domains, the valid recipients are
listed in $relay_recipient_maps
http://www.postfix.org/ADDRESS_CLASS_README.html
-- Noel Jones
.
# transport
special.example.com relay:
# master.cf
relay ... smtp (find this line)
-o smtp_generic_maps=(add this line. note: must be indented)
-- Noel Jones
be rejected for other reasons. The FILTER action
does not prevent other rules from rejecting the message.
-- Noel Jones
On 8/29/2012 10:35 AM, Nasser Heidari wrote:
Hi,
We have Running Postfix and Exchange in our company. The mail system
is illustrated below:
--
| Domain.local |
--
|
V
the
amavis-users mail list.
Clamav should also be able to be shared, but may need additional
configuratoin depending on how it plugs in to postfix. If you're
using clamav inside amavisd-new, no changes to clamav are needed.
-- Noel Jones
rely on a header, assuming the test box has a static IP:
ip.of.test.box REDIRECT j...@example.com
-- Noel Jones
built-in check_*_mx_access will match if ANY of
the MX records match.
To reject domains with ONLY fakemx MX records, you'll need to use an
external policy service.
http://www.postfix.org/SMTPD_POLICY_README.html
-- Noel Jones
your limits.
-- Noel Jones
On 8/27/2012 7:56 AM, an...@isac.gov.in wrote:
- Message from an...@isac.gov.in -
Date: Sat, 25 Aug 2012 15:50:33 +0530
From: an...@isac.gov.in
Subject: Re: exceptions for smtpd_end_of_data_restrictions
To: postfix-users@postfix.org
- Message from Noel Jones
.
-- Noel Jones
on configuring an external delivery agent. The postfix
interface is the same, only the external command differs.
-- Noel Jones
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQEcBAEBAgAGBQJQPCNrAAoJEJGRUHb5Oh6glG8H
On 8/24/2012 11:10 PM, an...@isac.gov.in wrote:
- Message from Noel Jones njo...@megan.vbhcs.org -
Date: Wed, 22 Aug 2012 06:31:10 -0500
From: Noel Jones njo...@megan.vbhcs.org
Reply-To: postfix users postfix-users@postfix.org
Subject: Re: exceptions
. They're quite effective (for me; YMMV), take little
additional resources (assuming you're already using clam), and have
very low false positives.
-- Noel Jones
.
-- Noel Jones
in the clear.
currently have 'no', is likely to bite me if I change to 'yes' ?
If you have users connecting to that port that have not enabled
STARTTLS, they may call for support.
Since this is a new server with presumably few or zero live users,
now is a good time to require encryption.
-- Noel
, not to use this policy service, based on some
headers of a mail?
You can skip the policy based on envelope information by using a
check_*_access map before the policy check. You could also likely
do this inside the policy server itself.
You cannot skip it based on headers.
-- Noel Jones
s_client -connect server.example.com:25 -starttls smtp
If you need more help, please see:
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
#default
http://www.postfix.org/sendmail.1.html
-- Noel Jones
to kill them
and, telephone the sender...
Your decision. Or you can add a transport entry to fail the bad
domain and return it to the sender.
# transport
domain.tld error:5.1.2 try @domain.tld.au instead
-- Noel Jones
thanks again
# cat mysql_virtual_alias_maps.cf
user = aaa
private TLS
certificates.
http://www.postfix.org/SASL_README.html
http://www.postfix.org/TLS_README.html
-- Noel Jones
On 8/16/2012 6:25 PM, li...@sbt.net.au wrote:
On Fri, August 17, 2012 8:26 am, Noel Jones wrote:
On 8/16/2012 3:43 PM, li...@sbt.net.au wrote:
If just delivering mail for your own domain, it should still work.
If you need to relay through the new server, you'll need to set up
some sort
.
- is it somehow possible to have all the information provided similar to the
check_policy_service ?
No. The use-case for transport_maps and smtpd_*_restrictions
check_policy_service is very different.
-- Noel Jones
if you explain why you need this highly unusual routing an
alternate solution can be found.
-- Noel Jones
at an unusual rate, and to monitor whatever external
content filters, policy services, and milters your postfix depends
on. But you'll probably need root for that too.
-- Noel Jones
On 8/10/2012 7:23 AM, Vishal Agarwal wrote:
Hi,
As most of us are using postfix, I feel that I can get help for
MailScanner problem also here.
For mailscanner support, please contact the mailscanner user list.
-- Noel Jones
I am getting the following error in mail scanner
: with soft_bounce = yes, rejects generated by the cleanup
daemon will be logged as 5xx, but the client will still receive a
4xx code.
That at least conveys the idea that sometimes 5xx will be logged.
-- Noel Jones
. This will be sufficient for the few
people that we write documentation for.
Wietse
Indeed, a brief note would have been sufficient in this case.
Note: postfix may log a 5xx response before the transformed 4xx
response is sent to the client.
-- Noel Jones
On 8/9/2012 12:24 PM, Wietse Venema wrote:
Noel Jones:
On 8/9/2012 11:27 AM, Wietse Venema wrote:
It might be practical to add a note that in some cases, soft_bounce=yes
is implemented by modifying server responses. Therefore, the responses
that Postfix will log may differ from the responses
On 8/9/2012 3:06 PM, Wietse Venema wrote:
Noel Jones:
On 8/9/2012 12:24 PM, Wietse Venema wrote:
Noel Jones:
On 8/9/2012 11:27 AM, Wietse Venema wrote:
It might be practical to add a note that in some cases, soft_bounce=yes
is implemented by modifying server responses. Therefore
, but the client receives a 4xx response and a 4.x.x status.
-- Noel Jones
always_add_missing_headers=yes OR the client matches
local_header_rewrite_clients. Am I interpreting this wrong?
-- Noel Jones
On 8/6/2012 10:19 AM, Benny Pedersen wrote:
Den 2012-08-06 17:02, Noel Jones skrev:
http://www.postfix.org/postconf.5.html#always_add_missing_headers
http://www.postfix.org/postconf.5.html#local_header_rewrite_clients
The docs seem to say missing headers are added if EITHER
to be inserted before any other
restrictions, ie. before permit_mynetworks.
-- Noel Jones
in main.cf,
the example above will need to be inserted before any other
restrictions, ie. before permit_mynetworks.
-- Noel Jones
Nice, it works now the /maintenance/ user can only send emails to
the /sample.com/ domain.
Finally I note it is still a too large range of destinations, how
basic anti-spam tests -- postscreen is
excellent for this.
Some folks use use fail2ban or similar to auto-block offenders (X
unknown users within N seconds) for a period of time. It's not
clear if this is worthwhile, but it's easy and it might make you
feel better.
-- Noel Jones
#virtual_alias_maps
If you need to override the MX for a specific user, use a
transport_maps entry.
http://www.postfix.org/postconf.5.html#transport_maps
-- Noel Jones
://www.postfix.org/DEBUG_README.html#logging
If you need more help, please see
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
behavior. If possible, the list would like to see
the postconf -n and logging produced that constitutes throwing up
hands when there is no MX record.
-- Noel Jones
store.
Solutions are to either set home_mailbox = mailbox ie. no trailing
/ for mailbox-style delivery, or use a different mail reader such
as mutt.
http://www.postfix.org/postconf.5.html#home_mailbox
-- Noel Jones
inet_interfaces = all
inet_protocols = all
mailbox_command
and configure a mail reader?
Looks as if postfix is working, so our work here is finished. Your
next step is to install whatever other software you need for your
project.
Good luck!
-- Noel Jones
help, we need to see your postconf -n output and
postfix logging when it tries to deliver mail. If you suspect your
MX record is wrong, we also need the actual domain so we can check
it. http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
. If you want to get fancy, you can use a
memcache map with a btree backend.
Thank you
-- Noel Jones
Note there is no : separator used in this file.
If the rewritten address is delivered locally, that address will
then be subject to rewriting by the usual aliases file.
http://www.postfix.org/ADDRESS_REWRITING_README.html
http://www.postfix.org/OVERVIEW.html
-- Noel Jones
queue content_filter, do your
archiving in the after-filter postfix instance.
If you need a more specific answer, you'll need to share full
details of your postfix setup, your archiving procedure, and how
you've integrated spamassassin.
http://www.postfix.org/DEBUG_README.html#mail
-- Noel
://www.postfix.org/documentation.html
http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/SOHO_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
and if you need more help:
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
is
something like 189-68-88-213.dsl.telesp.net.br, it will be pretty
obvious to most anti-spam systems that it's not really paypal.
-- Noel Jones
handle it.
-- Noel Jones
too many for your
hardware, preventing amavisd from responding before a timeout occurs.
Reduce smtpd process count and amavisd $max_servers until you stop
having timeouts.
Typical values are 3 to 10 times the number of CPUs you have, and
enough RAM to support them with no swapping.
-- Noel
On 7/13/2012 12:01 PM, Michael Orlitzky wrote:
On 07/13/12 12:22, Noel Jones wrote:
$max_servers = 100;
$max_requests = 25;
$child_timeout = 180;
$smtpd_timeout = 120;
I suspect 100 smtpd/amavisd processes is way too many for your
hardware, preventing amavisd from responding before
. Make sure you look deep
enough to find the resource that is being exhausted.
-- Noel Jones
, and
sticking with all virtual delivery
2. If you must use $mydomain, tell Postfix that local deliveries are
supposed to go to Dovecot by adding to main.cf:
mailbox_command = /usr/lib/dovecot/deliver
alternately, you can set
# main.cf
mydestination = localhost
-- Noel Jones
is not proceeded by error: or warning:. You can
probably get rid of the annoying message by upgrading your BDB
version, but beware of DLL dependency problems if other programs are
also using BDB.
-- Noel Jones
/postconf.5.html#initial_destination_concurrency
and for an overview on postfix queues:
http://www.postfix.org/QSHAPE_README.html
http://www.postfix.org/TUNING_README.html
Read all about postfix here:
http://www.postfix.org/documentation.html
-- Noel Jones
On 7/4/2012 11:19 PM, Noel Jones wrote:
On 7/4/2012 10:40 PM, F. Mendez wrote:
Hello everyone.
Just a quick question.
I'm starting some tests with 2 boxes.
How can I gran to have postfix in queue only mode?. Postfix must
only receive mails into the queue without sending them inmediately
a filter at all?
-- Noel Jones
will make both initial configuration and future
maintenance far easier.
-- Noel Jones
local_destination_recipient_limit =
300 and cyrus_destination_recipient_limit=1?
No, use one or the other depending on the domain address class.
-- Noel Jones
On 6/28/2012 10:18 AM, James B. Byrne wrote:
On Thu, June 28, 2012 13:41, Noel Jones wrote:
cyrus_destination_recipient_limit=1 means deliver a maximum of one
recipient to each cyrus transport defined in master.cf, which
pipes to the cyrus deliver program; there may be multiple
processes
for that. Typically virtual_alias_maps would be
only aliases that cyrus doesn't know about, and all valid cyrus
recipients listed in virtual_mailbox_maps.
-- Noel Jones
, no wildcard @domain names.
-- Noel Jones
On 6/27/2012 11:31 AM, James B. Byrne wrote:
On Wed, June 27, 2012 14:28, Noel Jones wrote:
On 6/27/2012 8:47 AM, James B. Byrne wrote:
The background is this. We are moving from a Sendmail/Cyrus-imap
based system of many years to a Postfix/Cyrus-imap based email
system.
During
On 6/25/2012 11:59 PM, santosh malavade wrote:
On Mon, Jun 25, 2012 at 10:17 PM, Noel Jones njo...@megan.vbhcs.org
mailto:njo...@megan.vbhcs.org wrote:
On 6/25/2012 2:03 AM, santosh malavade wrote:
Hi,
I am trying to hold messages based on the client and sender
be given to the
relay_domain variable.
Untrue.
...
why the distinction between virtual_domains and virtual_aliases_map?
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/OVERVIEW.html
-- Noel Jones
; that's what they're for.
Alternately, look at
http://www.postfix.org/postconf.5.html#smtp_fallback_relay
-- Noel Jones
for gateway.example.com.
These can be private .local addresses, or an internal-only view.
Alternately, use
relayhost = [gateway.example.com]
smtp_fallback_relay = [gatew2.example.com]
This doesn't prevent you from using a customized transport, but it
does assume SMTP.
-- Noel Jones
, not just those in
virtual_alias_domains. To avoid surprises, it's best to
fully-qualify the result in virtual_alias_maps.
aliases apply only to mail delivered by local(8), and do not use
domains.
-- Noel Jones
.html#smtp_mx_session_limit
-- Noel Jones
/225900 where Noel
Jones replied giving the following response :
HOLD is not absolute and will be overridden by a later REJECT or
DISCARD action.
Yes, still true.
I did not understand the said response.
HOLD does not imply OK. You can create smtpd_restriction_classes
that will do
-H QUEUEID. That releases the message to the
deferred queue, which is after header_checks are performed.
-- Noel Jones
; communications will not be
encrypted.
The debug output is already verbose enough to be pretty useless to
anyone not willing to also read the source code to determine which
messages are important; adding gratuitous warnings is not likely to
improve its usefulness.
-- Noel Jones
resource for English/Spanish
technical terms?
Reply on-list or to me directly.
Thanks!
-- Noel Jones
the protocol I can not find
my mistake you can help me
The SMTP protocol is described in RFC5321.
There are several small smtp server (and client) C programs
available to use as examples, such as the smtp-soucre.c and
smtp-sink.c bundled with the postfix source code.
Good luck.
-- Noel Jones
On 6/15/2012 2:58 AM, Adrian Gibanel wrote:
- Mensaje original -
De: Noel Jones njo...@megan.vbhcs.org
Para: postfix-users@postfix.org
Enviados: Jueves, 14 de Junio 2012 19:58:23
Asunto: Re: How to handle local mail when throttling?
On 6/14/2012 12:40 PM, Adrian Gibanel wrote
is to require webmail to AUTH
even though it's on localhost. Unfortunately, it's not unusual for
webmail systems to be compromised -- often through phishing -- and
the AUTH logging gives you a little more information about where the
breach is.
-- Noel Jones
in the lookups.
http://www.postfix.org/CDB_README.html
(use the tinycdb implementation)
-- Noel Jones
to rewrite
hostX.example.com to example.com.
-- Noel Jones
an alternative way to implement this?
If you insist on a default delay, you can create a zerodelay
transport for your local domain that resets the delay to zero.
-- Noel Jones
On 6/14/2012 10:50 AM, jeffrey j donovan wrote:
On Jun 14, 2012, at 11:34 AM, Noel Jones wrote:
The proper solution is to use a global virtual_alias_maps to map
users to the correct server. Use rsync or similar to synchronize
the virtual_alias file among the servers.
# main.cf
On 6/14/2012 11:26 AM, Adrian Gibanel wrote:
If you insist on a default delay, you can create a zerodelay
transport for your local domain that resets the delay to zero.
Does it mean editing:
/etc/postfix/transport file to add:
my.domain.comrelayratelimit:
line
and then
://www.postfix.org/transport.5.html
# main.cf
transport_maps = hash:/etc/postfix/transport
# transport
example.com smtp:
(deliver example.com directly)
-- Noel Jones
On 6/14/2012 12:06 PM, jeffrey j donovan wrote:
On Jun 14, 2012, at 12:09 PM, Noel Jones wrote:
There's no need to duplicate the users in transport; all the
mappings should be in virtual_alias_maps.
okay,..
all my users are already in transport, but having issue with global alias
I would
/ADDRESS_CLASS_README.html
Your domain must be listed in the correct address class and nowhere
else.
-- Noel Jones
/ recommend getting a proper recipient list and
populating transport_maps with a user-host mapping.
-- Noel Jones
the default_destination_rate_delay will fix that.
-- Noel Jones
:
In main.cf:
internal_mail_filter_classes = bounce
header_checks = regexp:/etc/postfix_out/header_checks
in /etc/postfix_out/header_checks
/^From: *MAILER-DAEMON/ FILTER mail-postfix:
you need to turn off header_checks in your mail-postfix transport.
see the archives for details.
-- Noel
that is not supported.
Anyway, the current backup plan is to run that tool under a sudoer user.
Perhaps you can make use of postcat -h -q QUEUEID which will
output the headers of the specified QUEUEID.
# man 1 postcat
http://www.postfix.org/postcat.1.html
-- Noel Jones
into a
mysql database directly, rather than write the mapping in a file,
Postfix is table-type agnostic; any function that supports table
lookups can use any table type (although some choices might not make
much sense).
-- Noel Jones
the transports?
First, emails sent to @hotmail.com should be queued on the server
(using the slow transport), only then sent to the relay host?
hotmail.com slow:[my.relay]
-- Noel Jones
the following errors in the mail.log
Easy fix:
http://www.postfix.org/transport.5.html
# transport
my.domain relay:[relay.ip.goes.here]
ps. use the [ ] brackets.
Not as easy complete fix:
use split-horizon DNS.
-- Noel Jones
expect the user name to be all-groups:@$myorigin
So your virtual map should resemble:
all-gro...@example.com group_1@localhost, group2@localhost, ...
If this doesn't help, follow Sahil's advice and provide better
information.
-- Noel Jones
...
I'm now moving my mail server within
On 5/26/2012 10:47 PM, Carlos Raúl Laguna Mendoza wrote:
El 26/05/12 22:58, Noel Jones escribió:
Thank for answer me back so fast, one more question should i add tls
support for this server ?
There's no reason to not add TLS, but you don't really /need/ TLS
unless you have end-users
like this
relay_domains = jovenclub.cu *.jovenclub.cu cubava.cu *.cubava.cu
ecured.cu *.ecured.cu some light ove here would be fine and any
suggestion would be appreciated. Regards
http://www.postfix.org/documentation.html
-- Noel Jones
://www.postfix.org/postconf.5.html#authorized_submit_users
-- Noel Jones
internal servers to mynetworks?
Please show your postconf -n output and postfix logs of the
unwanted behavior, along with your description of what you expected
to happen.
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
-- Noel Jones
channel or you'll need to remove that check (or use HOLD
for manual inspection rather than REJECT).
I would personally judge the risk as fairly low, but you'll need to
decide that for yourself.
-- Noel Jones
virtual_mailbox_domains map,
removing it from mydestination might be all that's needed.
-- Noel Jones
1601 - 1700 of 3787 matches
Mail list logo
