:
disconnect from name[addr] unknown=0/1
Logfile analyzers can trigger on the presence of /. It indicates
that Postfix rejected at least one command.
++
-- Noel Jones
://www.postfix.org/DEBUG_README.html#sniffer
-- Noel Jones
to a few sites.
-- Noel Jones
\) with ESMTPSA/ IGNORE
the OP may need two expressions if some clients submit within
$mynetworks without using AUTH.
-- Noel Jones
On 11/28/2014 12:26 PM, Christen Rößner wrote:
Am 28.11.2014 um 18:05 schrieb Wietse Venema wie...@porcupine.org:
Christen R??ner:
When the relay server determines the MX for a recipient address, is there
any table that works like this:
MX host is foo bar, use transport
correctly.
-- Noel Jones
to examine the envelope sender,
and the mime headers.
-- Noel Jones
On 11/25/2014 1:34 PM, Viktor Dukhovni wrote:
On Tue, Nov 25, 2014 at 11:19:36AM -0600, Noel Jones wrote:
http://www.postfix.org/postconf.5.html#bounce_size_limit
You can set bounce_size_limit = 0 to return the message headers
only.
The minimum allowed value is 1. Therefore, to bounce
:
http://www.postfix.org/RESTRICTION_CLASS_README.html
-- Noel Jones
permit_sasl_authenticated. Also
check your master.cf if you've added a submission service there.
-- Noel Jones
always surprised. But it makes me feel
better to know it's always there, waiting to help some poor soul.
-- Noel Jones
is clean.
It seems you rejected their message. Look in your logs for further
info.
-- Noel Jones
ion...@akigroup.com mailto:ion...@akigroup.com
Your message wasn't delivered because of security policies.
Microsoft Exchange will not try to redeliver this message for you.
Please provide
- 0 cleanup
-o recipient_bcc_maps=hash:/path/to/recipient_bcc
further examples on the main.cf man page.
-- Noel Jones
/postconf.5.html#smtp_mx_session_limit
-- Noel Jones
On 11/17/2014 1:00 PM, Wietse Venema wrote:
Noel Jones:
[ Charset windows-1252 converted... ]
On 11/17/2014 11:34 AM, Wietse Venema wrote:
Ralf Hauser:
When I define a secondary smtpd in master.cf and give it the
-o=recipient_bcc_maps
this has no effect.
Take a look at:
http
], but in the context of a controlled environment [e.g.
after postfix has accepted the message, i'm willing to at least entertain the
possibility.
thanks-ben
This is exactly why greylisting was invented. Have you tried that?
-- Noel Jones
or pcre tables.
See the docs for access tables, pay attention to the various
ADDRESS PATTERNS sections.
http://www.postfix.org/access.5.html
-- Noel Jones
On 11/6/2014 4:37 PM, terrygalant.li...@fastest.cc wrote:
Noel
On Thu, Nov 6, 2014, at 02:25 PM, Noel Jones wrote:
...
The above deprecated syntax assumes check_sender_access
hash:/path/to/reject_senders Don't leave out the
check_sender_access part.
Yep. Bad cut and paste on my part
of the unwanted behavior.
-- Noel Jones
On 10/29/2014 7:04 AM, Den wrote:
How do I make the SMTP Greetings Banner to display the remote client's IP
and server's name in Postfix 2.9.6?
This is not supported in postfix.
Do you have some compelling need for this, or is this just cosmetic?
-- Noel Jones
is 5d (5 days).
http://www.postfix.org/postconf.5.html#bounce_queue_lifetime
-- Noel Jones
particular one for mydestination?
Do not put a virtual domain in mydestination.
mydestination can be set explicitly empty, or can be set to
localhost or eg. localhost.example.com
-- Noel Jones
recipient_delimiter = -
http://www.postfix.org/postconf.5.html#recipient_delimiter
http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.postfix.org/ADDRESS_REWRITING_README.html
http://www.postfix.org/documentation.html
-- Noel Jones
details, including log entries.
-- Noel Jones
Other than cryptic header checks and the guide at
http://www.backscatterer.org/?target=usage which appears to have
blocked legitimate mail when we implemented it, are there any
working configurations that successfully reject/drop backscatter
On 10/26/2014 8:54 PM, ferriswheel wrote:
On Mon, 27 Oct 2014 01:30:42 +
Viktor Dukhovni postfix-us...@dukhovni.org wrote:
On Mon, Oct 27, 2014 at 12:22:22PM +1100, ferriswheel wrote:
Currently using postifix version 2.5.1
How do I configure lmtp to keep a message queued when the
, postfix header_checks and body_checks process message
input one line at a time. Expressions cannot span multiple lines.
For full-body matching, you'll need to use a content filter or milter.
-- Noel Jones
...@testkund.domain.tld
mysql:/etc/postfix/mysql/relay-transport.cf
smtp:d748.dev-cust.domain.tld:
No brackets.
postmap -q [d748.dev-cust.domain.tld]:
hash:/etc/postfix/maps/tls_policy
[d748.dev-cust.domain.tld]: none
brackets.
The entries don't match.
-- Noel Jones
/The TLS
,
smtpd_proxy_filter, or milter. The policy service interface only
sees envelope information and cannot detect attachments.
-- Noel Jones
accidentally create an open relay.
http://www.postfix.org/SMTPD_ACCESS_README.html#danger
And telling them to add an alias to
postfix-reject-address@$THEIR_DOMAIN
This should not be necessary.
-- Noel Jones
On 10/22/2014 2:45 PM, steve wrote:
Hi,
This weekend a MySQL server which backends a couple of postfix servers went
down for a couple of hours without anyone noticing and I'm looking to setup
some monitoring so that it doesn't go unnoticed again in future.
There are really only two
#smtpd_reject_footer
-- Noel Jones
*is* the authentication. Postfix
must either accept or reject the mail based solely on the userID.
To use more robust username/password authentication, you must use
SMTP AUTH, which of course requires mail be submitted via SMTP
rather than sendmail(1).
-- Noel Jones
exactly what the
voicemail system sends.
This feature is available in postfix 2.7 and newer.
-- Noel Jones
.
The correct solution is to fix the broken client. When that's not
possible, the workaround is to use smtpd_command_filter.
-- Noel Jones
this up will be disruptive to current
customers.
Not fun. Good luck.
-- Noel Jones
has been reported the addresses are found in the file.
Questions:
Could the hash file be too large?
Is there a configuration error causing this problem?
So these errors happen while the file is being rebuilt, right?
Please see:
http://www.postfix.org/DATABASE_README.html#safe_db
-- Noel
be.
-- Noel Jones
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUNWqdAAoJEJGRUHb5Oh6gbrsH/jdTT6xwvfT+9Vj3CXt3wFYY
Jf/EQGWCXP1OJp8W3sULqueCacm4e8At0fn2nu4+f9LwL+8VeKHs9xpKSF0o9g35
BpXM5APhgrjl9t97+7Mo64dP8athK47qFRLP2rmPYeDFm0BXIi8YZpH/ZC9TUzp6
of with
smtpd_data_restrictions is the recipient list will be empty for
multirecipient mail, but that doesn't sound as if it's a problem for
your application since you appear to be only concerned with the sender.
-- Noel Jones
the log a warning part, but...
As I understand it, a Postfix policy server is supposed to be reading
incoming requests from stdin.
How exactly does one disconnect from stdin? I mean other than by
calling exit() ?
Exiting is sufficient.
-- Noel Jones
could become:
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
I think this feature is too new to change the safe default.
-- Noel Jones
' (plus some
extra *checks changes). Will it it work? Is it the recommended way of
doing such change? Are there any more proper solutions?
Best regards,
Marek
Yes, that's a common way of moving accounts between servers.
-- Noel Jones
would
expect the probe to fail before it tries the fallback.
-- Noel Jones
On 9/29/2014 7:40 AM, Robert Schetterer wrote:
Am 29.09.2014 um 13:45 schrieb Noel Jones:
On 9/29/2014 6:18 AM, Wietse Venema wrote:
Ralf Hildebrandt:
* Viktor Dukhovni postfix-users@postfix.org:
On Mon, Sep 29, 2014 at 12:00:04PM +0200, Ralf Hildebrandt wrote:
Currently I'm using
On 9/29/2014 9:06 AM, Wietse Venema wrote:
Robert Schetterer:
Am 29.09.2014 um 13:45 schrieb Noel Jones:
Is smtp_fallback_relay even used with a verification probe? I would
expect the probe to fail before it tries the fallback.
hm...
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
On 9/29/2014 9:28 AM, Wietse Venema wrote:
Noel Jones:
By default, Postfix sends address verification probe messages via the
same route as regular mail,
Yes, but it also says:
Probe messages are like normal mail, except that they are never
delivered, deferred or bounced
- and -
Postfix
/RESTRICTION_CLASS_README.html
- use smtpd_generic_maps to force *all* outbound mail to use a
specified sender domain. This will break forwarded mail.
http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
-- Noel Jones
for?
http://www.postfix.org/ADDRESS_REWRITING_README.html#generic
http://www.postfix.org/SOHO_README.html#fantasy
-- Noel Jones
to prevent unexpected behavior. This is
especially important if you intend to discard mail:
/@client[1-6]\.domain2\.com$/
/@yahoogroups\.com$/
-- Noel Jones
. See the
Problem Solving section of the docs for more ideas.
http://www.postfix.org/documentation.html
-- Noel Jones
Sep 23 11:29:42 vador postfix/smtp[4193]: 8824560692: to=x,
relay=xxx.com[xxx.xxx.xxx.xxx]:25, delay=62340,
delays=62334/0.45/5.1/0.36, dsn=2.0.0, status=sent (250 ok
://postfwd.org/
-- Noel Jones
been tested for us.
-- Noel Jones
unverified PTR on a different log line.
How do you suggest postfix log the unverified PTR in this case? The
unknown signifies the client failed FCrDNS and must not be changed.
-- Noel Jones
on, such as verified ptr
or IP address with check_client_access.
- use a policy server for an unsafe response. Not recommended.
- patch the source to remove the safety check. Not recommended.
-- Noel Jones
_
how can one skip
hash:/var/lib/postfix/verify to
remove the offending entry.
- postfix start
-- Noel Jones
-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema
Sent: Thursday, September 18, 2014 9:56 AM
To: Postfix users
|shb|shs|shm|swf|
vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh))(\?=)??\s*$/x
REJECT Attachment name $2 not allowed
-- Noel Jones
On 9/12/2014 9:17 AM, /dev/rob0 wrote:
On Thu, Sep 11, 2014 at 10:09:34PM -0400, D'Arcy J.M. Cain wrote:
On Thu, 11 Sep 2014 16:38:45 -0500
Noel Jones njo...@megan.vbhcs.org wrote:
Is it possible that mail arriving locally is bypassing the
milter?
postconf -n attached. I only removed
-n attached. I only removed the tls lines.
Does reviewing the docs answer your question?
http://www.postfix.org/MILTER_README.html#plumbing
-- Noel Jones
On 9/10/2014 1:24 AM, Michael Fox wrote:
Sorry if this is a bit simple, but I can’t seem to figure out how
the components fit together.
Given the following:
1) MX/Relay machine running postfix: relay.domain1.com
2) Client machine: client.domain2.com
I’d like to
/MULTI_INSTANCE_README.html
Don't be tempted to use the access map FILTER result to override the
filter destination based on recipient. This will unpredictably
mis-route mail addressed to multiple recipients.
-- Noel Jones
with very little extra
attention required. Maybe you're on a different feed.
-- Noel Jones
.
-- Noel Jones
access to the submission port 587.
Also consider using a policy service such as postfwd to rate-limit
your users. That will limit the damage when an account is compromised.
http://www.postfix.org/SMTPD_POLICY_README.html
http://postfwd.org/
-- Noel Jones
main.cf default parameter settings instead of actual
set-
tings. Specify -df to fold long lines for human
readability
(Postfix 2.9 and later).
-- Noel Jones
://www.postfix.org/ADDRESS_REWRITING_README.html
If you need more help, please see:
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
. To find errors
connecting to lower numbered MX hosts, search the maillog for prior
smtp connection warnings. Note the QUEUEID is not included on those
warnings, you must search for the smtp process.
-- Noel Jones
We planned of adding a transport_maps entry domain.com
smtp
another instance for occasional email sending or
other purpose.
Make as many instances as you need... the per-instance overhead is
fairly small.
-- Noel Jones
- Use one of the external postfix interfaces to do the checks in
some external software that has per user or per client controls.
Which method to use depends on your goals.
http://www.postfix.org/SMTPD_POLICY_README.html
http://www.postfix.org/CONTENT_INSPECTION_README.html
-- Noel Jones
I've
.
Whether that will work or not depends on your local setup.
-- Noel Jones
When there are mailboxes a...@example.net and x...@example.net and
no other valid mailboxes i would expect that an email to
1...@example.com was rejected, because 1...@example.com gets mapped
to 1...@example.net and 1
On 8/21/2014 5:33 PM, Ronald F. Guilmette wrote:
In message 53f664fe.1030...@megan.vbhcs.org,
Noel Jones njo...@megan.vbhcs.org wrote:
amavisd-new has a penpals feature that integrates nicely with
postfix as a pre-queue smtpd_proxy_filter, or a post-queue
content_filter. I don't use
for that. This would still be subject to
spoofing.
-- Noel Jones
.
Example:
# chmod 555 /usr/sbin/postqueue
# postfix check
postfix/postfix-script: warning: not set-gid or not owner+group+world
executable: /usr/sbin/postqueue
run postfix set-permissions to fix this installation error.
-- Noel Jones
Because postfix check doesn't set the exit
On 8/19/2014 8:53 AM, Sascha Hüdepohl wrote:
Hello!
* Noel Jones (njo...@megan.vbhcs.org) schrieb:
It sounds as if you're trying to monitor postfix health.
No, actually i wanted to check the installation. I'm learning docker and
am trying to create an image from a Dockerfile.
Thanks
On 8/14/2014 1:53 PM, li...@rhsoft.net wrote:
Am 08.08.2014 um 18:16 schrieb Noel Jones:
On 8/8/2014 11:06 AM, li...@rhsoft.net wrote:
Am 08.08.2014 um 16:19 schrieb Noel Jones:
On 8/8/2014 8:56 AM, li...@rhsoft.net wrote:
Am 08.08.2014 um 13:18 schrieb Noel Jones:
On 8/8/2014 4:58 AM
-- Noel Jones
should list any external IPs that *this* postfix is
connected to on the other side of a NAT. Any IPs that are not
local on this box that connect to postfix should be listed here.
HTH
-- Noel Jones
with mail
received via SMTP, and by default IPs listed in $mynetworks are
excluded.
-- Noel Jones
On 8/11/2014 11:19 AM, terrygalant.li...@fastest.cc wrote:
Hi Noel
On Mon, Aug 11, 2014, at 09:11 AM, Noel Jones wrote:
proxy_interfaces should list any external IPs that *this* postfix is
connected to on the other side of a NAT. Any IPs that are not
local on this box that connect
of time between when postfix sends the final
. and the messages is removed from the queue. Other than disk
corruption, a message should never be lost.
-- Noel Jones
On 8/11/2014 2:23 PM, Miles Fidelman wrote:
Noel Jones wrote:
On 8/11/2014 1:01 PM, Miles Fidelman wrote:
Hi Folks,
This is mostly a matter of curiosity - but not entirely (I'm
rethinking the high availability strategy for a small cluster):
If a machine crashes while postfix is processing
. That may be
what your user is referring to.
If you need to set up a wrappermode smtps channel to the antique
server, instructions can be found here:
http://www.postfix.org/TLS_README.html#client_smtps
but I'm not sure it's worth the trouble...
-- Noel Jones
information is known.
But some milters have their own settings per client/sender/recipient.
-- Noel Jones
** stop postfix before
maintenance.
- postfix stop
- postmap -d u...@example.com btree:/path/to/verify_cache
- postfix start
-- Noel Jones
On 8/8/2014 8:56 AM, li...@rhsoft.net wrote:
Am 08.08.2014 um 13:18 schrieb Noel Jones:
On 8/8/2014 4:58 AM, li...@rhsoft.net wrote:
dreamed about like below but dreams don't always become true :-)
smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket
permit_dnswl_client
On 8/8/2014 11:06 AM, li...@rhsoft.net wrote:
Am 08.08.2014 um 16:19 schrieb Noel Jones:
On 8/8/2014 8:56 AM, li...@rhsoft.net wrote:
Am 08.08.2014 um 13:18 schrieb Noel Jones:
On 8/8/2014 4:58 AM, li...@rhsoft.net wrote:
dreamed about like below but dreams don't always become true
smtp_helo_name=host.example.com
-o smtp_header_checks=regexp:/etc/postfix/smtp_header_checks
Use a transport_maps entry to direct the single user to the custom
transport.
-- Noel Jones
. Either there's some sort of
proxy interfering with SMTP, or this isn't connecting to the same
server. Maybe some security software or firewall on the oddball server?
-- Noel Jones
On 8/5/2014 12:53 PM, M. Rodrigo Monteiro wrote:
2014-08-05 14:47 GMT-03:00 Noel Jones njo...@megan.vbhcs.org:
On 8/5/2014 12:23 PM, M. Rodrigo Monteiro wrote:
Hi!
This postfix act as a Relay.
From all servers, but one, the message size is 20MB. For these one it's 10MB
# postconf
,
which is the only thing the end-user will eventually see. Verifying
the client can't fix that.
-- Noel Jones
On 7/31/2014 2:15 PM, Xie, Wei wrote:
Greetings,
In Postfix header_check, I would like to know how to fetch “From
address” from header via Postfix head_check. The rule “/^From: (.*)
/ PREPEND Resent-From: test...@yahoo.com “ seems not working.
yuck... horrible abuse of the
which service the client connects to. Add to each as appropriate:
-o syslog_name=postfix/submission
or
-o syslog_name=postfix/smtps
-- Noel Jones
On 7/24/2014 10:58 PM, Will Yardley wrote:
On Wed, Jul 23, 2014 at 10:51:41AM -0500, Noel Jones wrote:
and then have
recommended =
Yes, that should work as expected.
This seemed to work as expected in my tests on 2.6.x. However, on 2.3.3,
I get:
postfix/smtpd[5673]: fatal: restriction
, and are there any fatal flaws in my ordering?
-- Noel Jones
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/22/2014 2:11 AM, nobody73 wrote:
On 22/07/2014 02:23, Noel Jones wrote:
On 7/21/2014 5:32 PM, nobody73 wrote:
Sorry for the debug logs but i think the reason why of my
UNKNOWN issue is beacause connecting from abroad the
hosted smtpd server
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/22/2014 4:16 PM, nobody73 wrote:
On 22/07/2014 16:49, Noel Jones wrote:
The logs suggest there's an encryption mismatch between the
client and postfix. Make sure you're looking at the outgoing
server SMTP settings in thunderbird
,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_auth_destination,
And here you permit auth destinations. There's no mail left after
this; none of the rules below will ever fire.
It should be safe to remove it.
-- Noel Jones
permit_dnswl_client hostkarma.junkemailfilter.com
Debian Wheezy, Postfix version
2.9.6-2.
That can happen during a table rebuild. See:
http://www.postfix.org/DATABASE_README.html#safe_db
-- Noel Jones
#mynetworks
It might be easiest to use a flat file, which allows both names and
networks, rather than a hash: or cidr: table.
-- Noel Jones
misconfigured
client.
-- Noel Jones
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTza8UAAoJEJGRUHb5Oh6gdtQIAMHBwtBpM5bXMTfM9DyXzAt4
u0Nr3hbI00Q740tKf+pUHf+xCGMDK0d3CHtHCbTNhMckPtDIt+yDy2CavMs+GETc
use TLS
certificates. Not many mail clients support certificate
authentication, mostly this is used for MTA to MTA connections.
http://www.postfix.org/TLS_README.html
-- Noel Jones
I think postfix have proper configuration measures against
spam, saslauthd is not the only way to handle
/
-- Noel Jones
Thanks!
Andrea
901 - 1000 of 3787 matches
Mail list logo
