some providers block access to smtp port 25. You
probably need to enable the submission port 587 and/or the smtps
port 465 in your master.cf, and use those alternate ports on your
mail client.
http://www.postfix.org/TLS_README.html
http://www.postfix.org/SASL_README.html
If you need more help, please see
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
very ugly, with
complex master.cf gyrations. If you want to give it a shot anyway,
start with looking at the master.cf and postscreen documentation,
and the smtpd_service_name parameter.
-- Noel Jones
rned mail might
be found on the originating server.
-- Noel Jones
On 10/13/2015 1:01 AM, Christian Kivalo wrote:
> Hi,
>
> On 2015-10-13 05:22, Richard B. Pyne wrote:
>> I am running postfix 2.10.1, dovecot 2.2.10, with postfixadmin and
>> maia mailguard.
>>
>> I am trying to figure out how to disable the HELO/EHLO
>> reject_non_fqdn_hostname on the submission
, it figures that right now there are no false positives in
> my quarantine that I can test with, only valid spam hits that I don't
> want to retrain as FPs... so I can't retest until a new FP comes in.
>
>
Maybe you can (temporarily) set soft_bounce=yes on the master.cf
interface that accepts your FPs so they don't get lost.
-- Noel Jones
able with DUNNO.
Longer answer is the relay_recipients_maps tables are used as a
list, and the actual value isn't used -- it can be anything. But
the unused return value must be present since tables must be a
key/value pair; bare keys are not allowed.
http://www.postfix.org/postconf.5.html#relay_recipient_maps
-- Noel Jones
ou use the postscreen feature, and can easily
handle hundreds of rejects per second without overtaxing modest
hardware. So sometimes the best thing to do is nothing.
-- Noel Jones
m this mailing list.
>
> I will read more in the book tonight but hope someone can point me in
> the right direction while I continue to study the problem.
Basic debugging info:
http://www.postfix.org/DEBUG_README.html
And to get help from this list:
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
On 9/16/2015 3:16 AM, Mario Rosic wrote:
>
> For the record:
> Apparently there is a way to do conditional rewriting in postfix but
> it's ugly and doesn't scale. It is described here in a post from
> Noel Jones:
> http://thread.gmane.org/gmane.mail.postfix.user/1
o.eu ONLY IF the the recipient is
> postfix-users@postfix.org.
>
> Is that even possible with postfix?
>
> Regards,
> Mario rosic
>
Postfix does not implement conditional address rewriting. You may
be able to do your conditional rewriting with an external milter or
proxy filter.
-- Noel Jones
mer W. Smith
> CEO Lightlink Internet
>
Seems to me smtp-source isn't really the right tool for that job.
Maybe try a command line SMTP tool such as mini_sendmail.
http://acme.com/software/mini_sendmail/
and you could tcping the host to see if port 25 is open before
performing the SMTP test.
-- Noel Jones
to:cahamocqaxyxcxmp9tmpw6uude6eygxusmfzwc5by8swlvc0...@mail.gmail.com>>,autolearn=no
> autolearn_force=no
>
> How to fix this??
> Thanks in advance.
> Rgds
> Czarek.
Looks as if your error is in spamd (part of SpamAssassin), not
postfix. Maybe someone on the spamassassin-users mail list can help.
-- Noel Jones
to
outer domain without applying any restrictions.
May be this problem is due to less restrictive relay host ? What do
you think ?
The example works as documented. Note these rules are for mail
submitted via SMTP.
-- Noel Jones
.
--Regards
Ashishkumar S. Yadav
postconf -nf output and logs showing what happens.
-- Noel Jones
a header based on the recipient, you'll need a milter or
proxy filter. Possibly milter-regexp can do this.
To filter out DSN NOTIFY=SUCCESS options, maybe you can use use a
variation of the examples in
http://www.postfix.org/postconf.5.html#smtpd_command_filter
-- Noel Jones
The RESTRICTION_CLASS_README example works.
http://www.postfix.org/RESTRICTION_CLASS_README.html#external
If you have trouble, show what you did and what happened.
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
provided by
postfix at some point in the past, but no longer. You can remove
them by hand *if you don't use them*. Or just ignore them.
-- Noel Jones
this is not a polite delivery policy towards the
other servers, but to prevent spam/bulk/etc mailing from the sender
domains that I'm hosting
Sender limits requires an external policy service. Postfwd is
frequently recommended for this.
-- Noel Jones
.
-- Noel Jones
master.cf smtp and
smtpd services so you can easily distinguish them in the logs.
This insures that mail is really entering on the port you intend.
For example, add to the 127.0.0.01:10026 entry:
-o syslog_name=postfix/after-filter
or whatever name makes sense to you.
HTH.
-- Noel Jones
#smtpd_sasl_exceptions_networks
Alternately, you can do that and more with
http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
-- Noel Jones
guessing only one is of functional interest to me ... In
any case, I suspect I've got some config-cleaning to do.
I'm done providing free consulting for your system. Best wishes.
-- Noel Jones
solution such as
SpamAssassin to tag-and-deliver ALL mail, possibly sorting unwanted
mail into a junk folder.
-- Noel Jones
or power outages are frequent, and likely
to last more a couple days. Even then, you're better off renting a
gateway server in a data center and configuring it with a long queue
lifetime.
-- Noel Jones
On 6/29/2015 11:47 PM, PGNd wrote:
On Mon, Jun 29, 2015, at 09:32 PM, Noel Jones wrote:
I would certainly move clamav to pre-queue, so you can reject
unwanted mail. AV scanning is generally much faster than
full-content spam scanning, and this is certainly true with clamd
vs
On 6/30/2015 10:25 AM, Benny Pedersen wrote:
Noel Jones skrev den 2015-06-30 17:13:
http://sanesecurity.com/usage/signatures/
got spammed with link to
https://www.mywot.com/en/scorecard/flixjunky.com
is this domain in some javascript link ?
Works fine for me. But I don't have
, you have to replace the checks you don't want done with
what you do want.
Specifically, we don't know what you need to replace since you
provide no details. Show us postconf -n plus logging with the
unwanted behavior if you need more specific advice.
-- Noel Jones
may
require more hardware resources compared to an after-queue
content_filter.
-- Noel Jones
On 6/29/2015 10:47 PM, PGNd wrote:
On Mon, Jun 29, 2015, at 08:23 PM, Noel Jones wrote:
That DISCARD action is logged in the amavisd logs, but occurs silently from
Postfix's perspective -- it's not notified, and does not log the message
disposition in its log.
This is correct. From
defining the external_transports table even if it's
empty as a form of self-documentation.
A more complex and more flexible solution is to use a Makefile and
build the files you need from common input files.
-- Noel Jones
, use an alias maps entry to pipe the mail to a
program during local delivery.
main.cf
alias_maps = hash:/path/aliases
# aliases
spam: | /path/spam
ham: | /path/ham
http://www.postfix.org/aliases.5.html
-- Noel Jones
On 6/19/2015 11:05 PM, PGNd wrote:
On Fri, Jun 19, 2015, at 06:44 PM, Noel Jones wrote:
You can control it with a check_recipient_access map in place of
your blanket reject_unverified_recipient.
Ah.
My goal is:
-- for {spam,ham}.1...@mail..com accept pipe to FILTER
'sa
it shouldn't affect postfix.
-- Noel Jones
reject_unverified_recipient
...
If you have lots of relay domains, you can use a PCRE map, something
like:
/@local\.example\.com$/ reject_unlisted_recipient
/./ reject_unverified_recipient
-- Noel Jones
-- Noel Jones
of rejects it doesn't matter
too much.
None of this means you should stop using (or start using) fail2ban.
It just means that postscreen doesn't change the argument very much.
-- Noel Jones
.
-- Noel Jones
On 6/17/2015 9:45 AM, francis picabia wrote:
On Wed, Jun 3, 2015 at 3:29 PM, francis picabia fpica...@gmail.com wrote:
On Wed, Jun 3, 2015 at 3:18 PM, Noel Jones njo...@megan.vbhcs.org wrote:
On 6/3/2015 11:18 AM, francis picabia wrote:
On Wed, Jun 3, 2015 at 11:42 AM, Wietse Venema wie
/DEBUG_README.html#mail
-- Noel Jones
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = my-FQDN
newaliases_path = /usr/bin/newaliases.postfix
queue_directory
if permit_mynetworks in not
written in the smtpd_recipient_restrictions?
If this is a secondary MX delivering to an internal mailstore,
generally it is not required to be listed in mynetworks, and
permit_mynetworks is not required.
-- Noel Jones
records the envelope sender as given in the MAIL FROM
command during the SMTP conversation. This is recorded before any
headers are transmitted by the client.
-- Noel Jones
.
the secondary MX is on totally different network than the main MX, so do i
need to add permit_mynetworks in main.cf ? and why ?
Probably not. Individual configurations may vary, but the secondary
does not normally bounce mail back to the primary, nor vice versa.
-- Noel Jones
.
then why the from address in the email is different than the from address
in the /var/log/maillog for the same email ?
There is no requirement that the addresses are the same. Look at
this mail for an example.
-- Noel Jones
Thank you.
Peter Michael
The log records the envelope
!
http://www.postfix.org/SOHO_README.html#client_sasl_sender
you already have most of this in place, so it shouldn't be too
complicated.
-- Noel Jones
On 6/16/2015 9:43 PM, Jithesh AP wrote:
Grep for the message-id in maillog just gives this, should i search
in some other location
grep kflvqedfdosxjjhkebewy...@sfilc.com /var/maillog-2015 | head
Jun 16 13:21:48 ml postfix/cleanup[22906]: 6CB5841627:
On 6/15/2015 7:01 PM, Mike McKoy wrote:
I have one more question for those who have the time to answer. I
ran a deleverability test and am getting this warning. *Reverse DNS
is not a Valid Hostname*
*
*
What should I do to clear this up? Here is my header once again.
Delivered-To:
.
If you need more help, you'll need to show us postconf -n and logs
demonstrating the problem, and explain what isn't working as
expected. Please also see:
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
the
same ClamdSocket path.
For more help with clamav-milter, see the helpful clamav users list.
-- Noel Jones
. A DNSBL also allows a custom reject message
-- another of the OP's requests, and not supported with
postscreen_access_list.
-- Noel Jones
to different processes using
different versions of the table.
-- Noel Jones
://www.postfix.org/SOHO_README.html
If you need more help, we'll need more info on what you're trying to
do and what isn't working as expected. For the kind of information
we need, please see:
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
see any glaring errors in the above. Is something not
working as expected?
-- Noel Jones
On 6/12/2015 8:11 PM, PGNd wrote:
On Fri, Jun 12, 2015, at 05:57 PM, Noel Jones wrote:
I think a careful reading of
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
will answer all your questions.
Actually, no.
It was a careful reading of that document, including each
greylisted
-- until the internal server comes online.
Try to ask concise questions. The rambling is tedious to follow.
-- Noel Jones
On 6/12/2015 6:24 PM, PGNd wrote:
The general gist of my lengthy question is --
I have 2 physically separated Postfix instances, the 1st uses remote
no longer getting
those errors.
Either you now have it compiled in, or you don't have it configured
anymore. Hard to tell from here.
Test procedure here:
http://www.postfix.org/SASL_README.html#server_test
For more help, see:
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
codes) from being cached?
The best solution is to not attempt to verify external senders.
Many sites will consider this abuse and blacklist you.
-- Noel Jones
-3.hsd1.ca.comcast.net[24.6.42.3]: SASL LOGIN
authentication
failed: authentication failure
But your credentials were somehow wrong at that point in time. Some
desktop mail clients have separate credentials for IMAP and SMTP.
Check your client setup.
-- Noel Jones
? Is it really the wrong username?
Anyway, seems to me dspam should be sending all mail back to postfix
for delivery, not trying to pass mail to procmail.
HTH.
-- Noel Jones
-- Noel Jones
Exchange to
postfix, or configure LDAP on the postfix server to query your AD.
See google for details.
-- Noel Jones
Alternately, you can do those tests in your policy service with the
information provided by the policy protocol. If the mail doesn't
qualify for processing, just answer DUNNO.
-- Noel Jones
for the message ends, and
postfix cannot track what happens to it.
-- Noel Jones
are performed as normal.
If it is from the general Internet, it would be sent off
to amavis on 127.0.0.1 port 10024.
It will be sent to the FILTER destination *after* the mail is
received normally and put in the queue, just like any other incoming
mail.
-- Noel Jones
now amavisd as a proxy or milter so
that unwanted mail can be rejected during SMTP rather than discarded
or quarantined. Discarding is illegal in some parts of the world
(and seldom a good idea anyway) and quarantine is a pain because
someone has to check it.
-- Noel Jones
volume of nothing but spam. Just don't get caught up in
spending too much time on trying to identify spamblocks.
Are you using some dns blocklists? Looks as if these are listed by
zen.spamhaus.org and others.
-- Noel Jones
, reject_unknown_reverse_client_hostname will block these, and is
(mostly) safe as many big mail providers refuse service to clients
with no rDNS.
-- Noel Jones
a Comacastbusiness.net IP, and I connect without issues).
This looks as if the client and the server don't have a common
cipher enabled.
What are your postconf -n settings? Do you know what the client
software and OS are?
-- Noel Jones
/command_filter
/etc/postfix/command_filter:
# remove return receipt requests for example.com
if /example\.com/
/^(RCPT\s+TO:\s*.*.*)\s+NOTIFY=\S+(.*)/ $1 $2
endif
The above is based on the examples given in
http://www.postfix.org/postconf.5.html#smtpd_command_filter
-- Noel Jones
On 5/26/2015 12:43 AM, James Moe wrote:
On 05/25/2015 02:49 PM, Noel Jones wrote:
Postfix logs all connections. Does the postfix smtp
transport log a connection at the same time as your proxy
detects a connection?
Where are the logs stored?
Logs are stored by the system, not by postfix
detects a connection?
Are you using some monitoring software? nagios? monit?
-- Noel Jones
On 5/24/2015 5:38 AM, Postfix User wrote:
On Sat, 23 May 2015 12:13:33 -0500, Noel Jones stated:
# Avoid obsolete protocol versions
#
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
Wouldn't the following be more secure:
smtpd_tls_protocols
On 5/23/2015 10:01 AM, Grant wrote:
Currently I have the following in main.cf:
smtp_tls_exclude_ciphers = aNULL
smtpd_tls_exclude_ciphers = aNULL
According to weakdh.org/sysadmin.html, I should have this:
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
aECDH,
.
smtpd_use_tls = yes
Deprecated, use smtpd_tls_security_level instead.
-- Noel Jones
as appropriate.
For everyone else, any is better than none.
-- Noel Jones
For details on configuring amavisd-new, see the amavisd-new docs or
their users list.
-- Noel Jones
content_filter = relay:[127.0.0.1]:10026 so
that mail that doesn't trigger the FILTER goes directly to the
postfix reinjection listener. This will cause an extra hop, but
won't do any filtering.
-- Noel Jones
# /etc/postfix/main.cf
smtpd_recipient_restrictions
and bounce)
- use postscreen to reject zombies and known bad hosts
http://www.postfix.org/POSTSCREEN_README.html
-- Noel Jones
On 5/19/2015 10:15 AM, MegaBrutal wrote:
Hi all,
A mailbox is unable to accept any more messages, as all of them is
getting rejected with „delivery failed to mailbox
/var/mail/virtual/mailbox: error writing message: File too large”.
The actual mailbox is about 50M large as of now.
I
via advanced filters way?
I don't remember the content_filter parameter documented as working
with the bounce service.
-- Noel Jones
the cause.
If that's true, do I have to figure out how/where to assign that on the VPS,
or can I set that 'statically' inside my Postfix configuration?
Adding an appropriate entry in the /etc/hosts file is the usual
quick fix. Or add the 10.in-addr-arpa zone to your local DNS.
-- Noel
the
initial server greeting)
——End of Mail Que Error Message
This is a normal error when the other end of the conversation does
not support SMTP.
-- Noel Jones
On 5/18/2015 10:08 PM, pgndev wrote:
I'm locking down a postfix smarthost.
Goal is to only accept submissions to the smarthost from clients that
match known TLS fingerprints.
smarthost' service config is
[172.30.6.19]:587 inet n - n - - smtpd
-o
what's being passed and you'll know for sure without having to
guess.
-- Noel Jones
to be a config error on your system.
-- Noel Jones
,
transports, listeners -- with optional per-service overrides.
Nothing discussed in this thread would benefit from multi-instances.
-- Noel Jones
mynetworks, then add
something like this to main.cf:
smtpd_client_restrictions =
permit_mynetworks
reject
You most likely won't need multi-instance support, but that may
depend on the details of your future spam filtering config.
-- Noel Jones
, was released in Feb 2013 -- it's
kind of a stretch to call it unsafe. Missing new features, yes.
Unsafe? No.
Hopefully the vendor has been more diligent with patching/updating
other software in the distribution.
-- Noel Jones
or dovecot
users list for implementation details.
You might consider adding clamav-milter to postfix, and using the
add-on sanesecurity anti-spam signatures. I've found the anti-spam
sigs to be safe and effective against some of the spam that gets
through other protections.
-- Noel Jones
no mechanism to record the port postfix sends
from when sending mail.
-- Noel Jones
to
smtpd_sender_restrictions where you can whitelist by sender or
client name.
-- Noel Jones
On 4/30/2015 9:27 AM, Rod K wrote:
On 4/30/2015 10:15 AM, Noel Jones wrote:
On 4/30/2015 8:59 AM, Rod K wrote:
Postscreen is successfully blocking a lot of spam for us. Our DNSBL
settings are doing a great job, however I'm having one false
positive. One of our customers does a bit
.
-- Noel Jones
domain name.
$ postmap -q $sender hash:/etc/postfix/sender_checks
The postmap test command does not implement the pattern search order
as defined in access(5). It's your testing that's broken, not the map.
-- Noel Jones
$
Should I consider using pcre or regex for this instead
On April 25, 2015 1:22:36 PM Robert Fitzpatrick rob...@webtent.org wrote:
I started getting notices that the root partition was filling up on one
of our mail gateways and find /tmp/maillog and /var/log/maillog both
being written to with the same logging information. I have checked that
these
to the user.
The milter will always see a success status regardless of the
address used, even if the address does not exist. No alias
expansion is returned to the milter.
It seems unlikely this is useful to spamass-milter.
-- Noel Jones
system isn't logged; it could be your
local dovecot or it could be a remote system.
Anyway, nothing here related to postfix nor dovecot.
-- Noel Jones
On 4/20/2015 6:39 PM, Simon wrote:
On Tue, Apr 21, 2015 at 11:34 AM, Simon grem...@gmail.com
mailto:grem...@gmail.com wrote:
On Mon, Apr 20, 2015 at 3:51 PM, Noel Jones
njo...@megan.vbhcs.org mailto:njo...@megan.vbhcs.org wrote:
On 4/19/2015 7:03 PM, Simon wrote
: and To: headers.
http://www.postfix.org/RESTRICTION_CLASS_README.html
If you must use the addresses listed in message headers, you will
need a content filter such as SpamAssassin.
-- Noel Jones
. Posting a readable postconf -n will
probably help.
To me is defenitly a dns issue
No, nothing to do with DNS.
i have commented out security restrictions in postfix that's
how i explain the relay access denied
Ah, and that's why you get relay access denied.
Regards
-- Noel Jones
. You'll
need an external log processing tool to combine the existing
information.
You may be better served by using multiple postfix instances. See:
http://www.postfix.org/MULTI_INSTANCE_README.html
-- Noel Jones
701 - 800 of 3787 matches
Mail list logo
