"Date: Tue, 19 Jan 2016 16:51:02 +0300"
> non-RFC2822: "Date: Tue, 19 Jan 2016 16:51:02 +0300 (MSK)"
>
> I wonder if this problem is still present in a current version of Postfix.
It is a comment (CALLED CFWS in RFC 2822), and is permitted. Postfix
cannot be responsible for an oversealous admin who mis-interprets the RFCs.
Peter
> which is teh content formato of text file to create hash networks table?
This actually sounds like you're better off using SASL auth instead of
mynetworks:
http://www.postfix.org/SASL_README.html
Peter
ndeed be more strict than this as clueless server admins have a
tendency to over-react and put in tests that are too strict, therefore
if you want your mail to be accepted by as many servers as possible it
is best to comply with the strictest possible standards.
Peter
ates RFCs
* Doesn't work
* Isn't supported by postfix
...and you are asking for your crazy scheme to be supported by postfix
and work, but it simply does not and will not.
Use the methods that have been tested and are tried and true and stop
trying to re-invent this wheel to be some other shape than round.
Peter
ion server. It is not only not
required that the hostname of a submission server have an MX record, it
is actually unusual.
Your thinking here is flawed. Don't do this, you will only end up
rejecting lots of legitimate mail.
Peter
Hi folks,
I have SA injected into my postfix system the following way:
master.cf:
10.0.0.1:smtp inet n - n - - smtpd
-o content_filter=spamassassin
spamassassinunix - n n - - pipe
user=spamassassin
Thanks Wietse,
In the meantime I found another approach that worked for me:
http://serverfault.com/questions/33518/postfix-skip-spam-checks-for-authorized-smtp
Peter
On Thu, Dec 3, 2015, at 03:43 PM, Wietse Venema wrote:
> Peter:
> > I would like to exclude certain IP ranges from
ostfix binaries) and gone with the new
> default?
smtputf8 support is new in Postfix 3.0, so previous versions did not
have it, or the setting, at all. If you want smtputf8 support then you
need to compile it in, but you will not lack anything you had before by
simply turning it off.
Peter
ying to help you here. Note that you won't see "Bernard Teo" on
that list.
You have two people that arguably know more about Postfix than anyone
else in the entire world trying to help you here and you're arguing with
them trying to tell them that they're wrong?
Peter
just
add check_policy_service to the beginning of the override.
Peter
uot;-m" (and "-b")
> options.
Thanks, I didn't know about those options.
Peter
is performed.
1. Will this work at all?
2. Is it a supported use case?
3. Assuming the answer to 1 is "yes", will it continue to work in the
future or is it possible that the functionality could be changed or
removed in a way which will break this use case?
Thanks,
Peter
ot choke on general
> input, you can attempt to use any table type in a context that
> supports table lookups.
Thanks, that's what I thought, but I felt it was good to make sure
before I committed time to this strategy.
Peter
Hi lads (and girls),
Is there an easy way to set the auto-replies (or answers, not sure how
are they called) in postfix like greylist does "come back later", or
"try the next available MX gateway" when my queue size reaches a certain
amount? It often happens that my primary MX servers are busy
r" the teaser banner?
You're not supposed to respond to the teaser, it's a spam trap. You're
supposed to wait for the real banner and respond to that. If you wait a
few seconds postfix will issue the real banner and *then* you respond
with an EHLO command.
Peter
In DATABASE_README the table types are all in bold with the sole
exception of "inline" which has been left un-bolded.
Just a minor niggle but figured you'd want to know so you can correct it.
Peter
anks
On Thu, Oct 1, 2015, at 04:59 PM, Viktor Dukhovni wrote:
> On Thu, Oct 01, 2015 at 10:59:03AM +0200, Peter wrote:
>
> > smtpd_helo_restrictions =
> > permit_mynetworks,
> > check_client_access hash:/etc/postfix/helo_override,
> >
Hi guys,
I am having the following helo chain that stops a lot of SPAM emails:
smtpd_helo_restrictions =
permit_mynetworks,
check_client_access hash:/etc/postfix/helo_override,
check_helo_access hash:/etc/postfix/helo_access,
reject_unauth_pipelining,
reject_invalid_helo_hostname,
alias_domain WHERE alias_domain = '%d' AND active) AS a
WHERE (goto IN (SELECT username FROM mailbox WHERE active) OR
goto IN (SELECT address FROM alias WHERE active)))
Peter
> Michael Peter:
>> This makes me more confused..
>> Please advise your opinion..
> Please post your configration as requested in the welcome message.
> wietse
I have posted my configuration as per your request.. and i summarize my
questions again as follow
I ha
> On Fri, Sep 25, 2015 at 06:16:10PM +0300, Michael Peter wrote:
>
>> I have configured postfix to check CAfile which contains only Godaddy
>> root
>> certificate as follow for outgoing emails.
>>
>> smtp_tls_CAfile = /etc/certs/go-daddy-root-ca.crt
>
> Wh
> On Fri, Sep 25, 2015 at 07:21:32PM +0300, Michael Peter wrote:
>
>> > What version of Postfix are you using?
>>
>> postfix/master[7500]: reload -- version 2.6.6, configuration
>> /etc/postfix
>
> That's nearly seven years old. When you enable t
when
sending emails to them.
This makes me more confused..
Please advise your opinion..
Many thanks
Michael Peter
the email incase the receipt
certificate is untrusted or self signed?
Many thanks
Michael Peter
sage per minute and HOLD messages exceeding
> that limit). I appreciate if you reply with full configuration examples
> for these two cases.
You're going about this wrong, have a look at policyd
(http://wiki.policyd.org/).
Peter
add "foo" as an alias
to each one you want.
In theory this should work for any result returned by the resolver, so
if you run local dns you could that instead, or anything else you can
set on the hosts: line in /etc/nsswitch.conf.
Peter
s suggest that people get rid
of postgrey and just use postscreen in this case.
Peter
enuine reasons, but if you want to discuss them then join
#centos on irc.freenode.org and someone will be happy to explain it to you.
The packages in ghettoforge are mine, I highly recommend them as a much
better alternative to compiling your own.
Peter
On 08/29/2015 03:48 AM, Peter L. Berghold wrote:
> I know you can bind smptd to a specific address for outgoing email. Is
> it possible (or even feasible) to run multiple smtpd sessions, tying
> each one to a specific IP address and routing email based on domain
> name?
Yes, and exa
} -- smtpd instance 2
I'm having issues sending email to verizon.net destinations and my ISP
has offered me a third (!) IP address to use. Verizon keeps insisting I
have no rDNS records and my IP is dynamically allocated. Both
statements are false.
--
Peter L. Berghold pe...@berghold.net
question is how long the time that the stress behaviour continue to be
activated after current processes connections has decreased than the max
process connections limit
I have read he documentations and searched alot but i couldn't find an
answer...
Thank you.
Michael Peter
Yuppers, that was it!
It was doing my head in. Cheers very much!
On Thu, Jul 30, 2015, at 03:54 PM, wilfried.es...@essignetz.de wrote:
Hi Peter,
retry with grep -i name.surna...@domain.com.
Willi
Am 30.07.2015 um 15:44 schrieb Peter:
Hi guys,
I have stumbled upon
Hi guys,
I have stumbled upon this warning today while wanting to remove
duplicates from /etc/postfix/relay_recipients:
[root@mx ~]# postmap /etc/postfix/relay_recipients
postmap: warning: /etc/postfix/relay_recipients.db: duplicate entry:
name.surna...@domain.com
postmap: warning:
On 07/27/2015 11:06 PM, robert k Wild wrote:
I have created a dovecot and postfix email server
Now I want to have SMTP authentication for my users that use postfix
Use dovecot SASL AUTH:
http://www.postfix.org/SASL_README.html#server_dovecot
Peter
Thank you very much for your reply, please find my comments below.
Michael Peter:
[ Charset ISO-8859-1 converted... ]
Hi,
master.cf
smtp inet n - - - 100 smtpd
I understand that the default concurrent simultaneous incoming smtp
connections is 100
(rec...@example2.com) must be
included in the virtual access list of my server ? or the email will be
rejected.
Thank you
Peter Michael
, but there is
at least one gotcha in your planned upgrade that will bite you if you
don't run upgrade-configuration.
Peter
HI guys,
Till today I was always using one the following method to hold emails in
order to investigate issues with them:
smtpd_sender_restrictions = static:HOLD
smtp_helo_restrictions = static:HOLD
smtp_data_restrictions = static:HOLD
Today, I also wanted to hold some emails that are being sent
connections (not outgoing) ?
Thanks
Peter Michael
?
On Fri, Jul 24, 2015, at 02:03 PM, Koko Wijatmoko wrote:
On Fri, 24 Jul 2015 13:08:42 +0200
Peter uncle_p...@fastmail.com wrote:
which is okay, but when PHP mailer sends an email from localhost I
get:
Jul 24 12:49:38 server postfix/pickup[16749]: B435A614EF: uid=48
from=apache
Hi guys,
I have recently switched from relayhost and smtp_fallback_relay to
hash:/etc/postfix/transport method where I have a domain
(mx-relay.internal) declared with multiple MX records which have
different weights (mx10, mx11, mx12 and mx13). These servers do not have
IN A record, but IN MX.
go through content filter, then go through transport
maps ? or in this case the email will go through content filter and ignore
transport maps ?
Thank you
Michael Peter
is any setting is there for the same if yes then how it can be.
Have a look at policyd:
http://wiki.policyd.org/
Peter
On Thu, Jul 9, 2015, at 12:37 PM, Wietse Venema wrote:
Peter:
Here comes the postfix part. I am still having a couple of emails that
have not been delivered because postfix remembers the old DNS resolution
and I end up with deffered emails like this one here:
Postfix does not remember
Hi folks,
I have just now stumbled upon a DNS item that I can not crack by myself
and your help would be immensely appreciated.
I have been forwarding my emails using postfix transport_maps to a
couple MX weight-based receivers. Since the IPs of these servers have
changed I updated my DNS
Peter
for SPAM.
Peter
source with the same changes to make it
build under kernel 4.0.
Peter
On 06/29/2015 03:15 PM, John Gateley wrote:
I will patch if needed, or run the un-stable source, but I would prefer
not to.
With no pressure, is there an approximate release date for 3.1?
Based solely on previous releases and not on any official date, probably
sometime in early 2016.
Peter
Hi,
How can force postfix to reject emails from mail servers which doesn't
have a reverse dns entry ?
and is this correct thing to do according to the standards?
Thank you.
Michael Peter
On 6/16/2015 11:53 AM, Michael Peter wrote:
On 6/16/2015 10:21 AM, Michael Peter wrote:
Hi,
I have question about postfix logfile (/var/log/maillog), Does The log
mention the from email header or the return-path email header in
the
log file ?
Jun 16 16:17:43 mailhost postfix/qmgr[12095
emails during receiving of emails, so how
come bounces and failed delivered notices are received from other email
servers ?
The reason i am asking for that in order to block some spam attacks on our
email mail server that using empty email senders
Thank you
Peter Michael
: send...@domain.com
From: send...@domain.com
Because it seems that some times the from address mentioned in the log
file is different that the from header which is actually in the email
itself.
Thank you.
Peter Michael
the
primary server was down) ? or still the secondary server can send the
pending emails to the primary server even if permit_mynetworks in not
written in the smtpd_recipient_restrictions?
Thanks
Michael Peter
On 6/16/2015 10:16 AM, Michael Peter wrote:
Hi,
I have couple of questions regarding the permit_mynetworks option.
It's generally better to control the scope of mynetworks rather than
removing permit_mynetworks. Rather than the entire network, just
list localhost and maybe trusted
On 6/16/2015 10:21 AM, Michael Peter wrote:
Hi,
I have question about postfix logfile (/var/log/maillog), Does The log
mention the from email header or the return-path email header in the
log file ?
Jun 16 16:17:43 mailhost postfix/qmgr[12095]: CB992123F1B1:
from=send...@domain.com, size
Hi Mike,
~all denotes soft fail. In other words that means that if you forget
to add an IP address of your new server to SPF it is not going to be a
total failure :) Soft fail allows to undertake other steps in case it
happens (say i.e. you could perform other checks to determine if the
email
domain.com is bcc to manger but
all emails comes from subdomain ie (sub.domain.com) is not forwarded to
manager
how can we configure postix to sender_bcc emails from domain and its
subdomain as well ?
Any ideas?
Michael Peter
Yes mate, bingo!
You saved another day that I'd probably spend on troubleshooting this.
http://www.postfix.org/postconf.5.html#masquerade_domains
This is the answer
P.
On Mon, Jun 8, 2015, at 11:31 AM, Peter wrote:
On 06/08/2015 08:58 PM, Peter wrote:
I use sendmail -f nore
On 06/08/2015 08:58 PM, Peter wrote:
I use sendmail -f nore...@mail.example.com to send emails
I hope you actually have some sort of program, script or human
monitoring that address to handle bounces.
I see that the from address is already altered in the
postfix log file to nore
I have been changing my mailing addresses from example.com to sub
domains - say mail.example.com to configure no-reply addresses there.
I use sendmail -f nore...@mail.example.com to send emails to make sure
the Return-Path is correct. My mail delivery chain looks as follows:
SENDING SERVER --
may be in
a foreign language. Different servers will have slightly different
responses but they should all give a 250 code if they've accepted the
message.
Peter
then this requirement will be
satisfied. Please note that this has absolutely nothing to do with the
domain name part of the envelope sender address.
Peter
on CentOS 6 (off topic for here, but...):
yum shell
remove postfix
install exim
run
...
quit
...beyond that you need to get help from exim support channels.
Peter
for that. The only exception to his solution is that it
doesn't work for DSNs, but a properly configured postfix should be
sending out a minimal amount (if any) of those anyways.
Peter
. There are
others on the list who can help you with this better than I can.
Peter
that I fault your choice of Postfix over Exim, but your reasoning
for this is misguided.
Peter
-conceptions
or just plain wrong. I recommend you use the official docs and if you
have any questions or need clarification feel free to ask on the mailing
list or in #postfix on freenode IRC.
Peter
multiple email
instances of postfix?
http://www.postfix.org/MULTI_INSTANCE_README.html
Peter
On 04/13/2015 04:30 AM, Wietse Venema wrote:
Peter:
$ telnet 131.211.32.146 80
Trying 131.211.32.146...
Connected to 131.211.32.146.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.postfix.org
HTTP/1.1 404 Not Found
Seems to be OK now.
Broken again, this time 131.211.32.146
it to
be out of date either, though, without further evidence to that end.
Peter
On 05/08/2015 04:43 AM, Rod K wrote:
check_client_restrictions =
There is no such setting, you probably want smtpd_client_restrictions.
Peter
, it seems counter-intuitive because it works different with
alias_maps and those two settings definitely are related.
Peter
, specify a bare username, an @domain.tld
wild-card, or specify a complete u...@domain.tld address.
As I just finished showing in detail, bare username is not working for
pcre tables.
Peter
then fixing it could
actually raise backwards compatibility issues which may necessitate
something more complicated than a simple straightforward fix.
Peter
Hello,
I am in the process of decommissioning my own personal email server which
is running on an antiquated version of CentOS and an old version of Postfix
(2.3.3) to a Debian 7 server running Postfix 2.9.6.
I've got a tool for copying the IMAP mailboxes from the old server to the
new server.
I've added some RBL client entries in my main.cf such that:
--- excerpt
reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl.dronebl.org,
reject_rbl_client bl.spamcop.net ,
reject_rbl_client dnsbl.sorbs.net
end of excerpt
No the other reason is the age of the host and the fact I have beefier hardware
to move to.
Sent from my android device.
-Original Message-
From: Steve Jenkins st...@stevejenkins.com
To: Peter Berghold salty.cowd...@gmail.com
Cc: postfix-users@postfix.org postfix-users@postfix.org
Sent
/1.1
Host: www.postfix.org
HTTP/1.1 200 OK
...
$ telnet 131.211.32.146 80
Trying 131.211.32.146...
Connected to 131.211.32.146.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.postfix.org
HTTP/1.1 404 Not Found
...
Peter
On 04/06/2015 08:05 PM, Muhammad Yousuf Khan wrote:
By Peter
-
What you should be, at the very least, encouraging is STARTTLS over port
587. Whether you want to support some very old Outlook clients and
offer TLS wrappermode over 465 is up to you but it is unlikely
but it is unlikely you will
find anyone who still needs this old and deprecated form of submission.
Peter
On 04/06/2015 11:33 AM, Peter wrote:
Thunderbird, for example, calls TLS wrappermode TLS
Correction: Thunderbird calls TLS wrappermode SSL/TLS.
Peter
On 03/22/2015 08:19 PM, Steve Matzura wrote:
Thanks Peter. Very instructive. I'm on Red Hat Fedora 21, which came
out this week, which, now that you tell me Postfix version 3 is out,
surprises me that the upgrade didn't take that into account and give
it to me. The Fedora project
, not 2.10 which is already two years old.
Peter
what it means
exactly.
In addition to what Viktor said I'll just point out that most, if not
all of those services have man pages which fully document them, eg:
pipe(8), smtpd(8), pickup(8), etc.
Peter
On 02/24/2015 01:18 AM, Wietse Venema wrote:
Peter:
You're right, I must've been seeing things. Anyways, it builds in
CentOS 7 without patching and while I haven't tested the binary yet, it
appears to have built with EAI support. The issue the entire time was
simply that ICU in CentOS 5
On 02/23/2015 11:45 AM, Peter wrote:
On 02/23/2015 11:23 AM, Viktor Dukhovni wrote:
On Mon, Feb 23, 2015 at 11:17:49AM +1300, Peter wrote:
The build errors out on me. I've simplified the make makefiles down to
this and it still errors out:
make makefiles 'CCARGS=-I/usr/include/unicode
The build errors out on me. I've simplified the make makefiles down to
this and it still errors out:
make makefiles 'CCARGS=-I/usr/include/unicode'
Output from the build is at:
http://paste.fedoraproject.org/189029/42464330
Thanks,
Peter
as well, or maybe allow some variable to
passed in with /usr/lib64 to override /usr/lib?
Peter
On 02/23/2015 11:23 AM, Viktor Dukhovni wrote:
On Mon, Feb 23, 2015 at 11:17:49AM +1300, Peter wrote:
The build errors out on me. I've simplified the make makefiles down to
this and it still errors out:
make makefiles 'CCARGS=-I/usr/include/unicode'
Don't add -I/usr/include/unicode
On 02/23/2015 12:29 PM, Peter wrote:
Looking at makedefs I can see this is true, it is hard-coded to check in
/usr/lib. I can patch this myself but it would be nice to have this
modified to check /usr/lib64 as well, or maybe allow some variable to
passed in with /usr/lib64 to override /usr
lack the supporting libs to build SMTPUTF8 support and leave it
at that, I just didn't realize that was actually the case until just now.
Peter
On 02/12/2015 11:20 PM, li...@rhsoft.net wrote:
has somebody an idea for the chicken egg problem that postfix-install
in the %installof a RPM-spec can't load the shared libraries which are
built but not installed at that moment?
I changed it to make non-interactive-package and it works just
-source repo.
Peter
scripts have full root access to
your system. They can install backdoors and other malware, mess with
security contexts, and do all sorts of other mean and nasty things. I
don't do that sort of thing with my packages, but again, it's up to you
whether you trust my word in this.
Thanks,
Peter
On 02/08/2015 06:18 PM, LuKreme wrote:
# openssl s_client -connect 127.0.0.1:993
Port 993 is IMAPS which is not provided by postfix.
Peter
, no protectable libc functions used
Read-only relocations: yes
Immediate binding: no, not found!
I must look into how to turn some of those other items into yes as well.
If it is really that simple, then we might put PIE support into
Postfix 3.0.
That would be great.
Peter
bleeding-edge toolchain.
This is more along the lines of, I'm building 3rd-party postfix packages
for CentOS, the current stable postfix packages (sourced from Fedora)
have -pie enabled and so I'd like to keep it enabled if at all possible.
Peter
On 02/04/2015 05:36 PM, Viktor Dukhovni wrote:
However, if my quick hack works, let us know, at least we'll know
what needs to be done to support this at some point later.
It works, hardening check shows all the executables to be position
independent.
Peter
On 02/04/2015 06:15 PM, Viktor Dukhovni wrote:
And they still work I hope, ... If you can, please also check that
dynamic maps still load.
I would hope so but I haven't actually run them yet. I will be pushing
them out to my testing repo soon and get some people to test.
Peter
401 - 500 of 799 matches
Mail list logo