Re: smtpd_policy_maps - Obsolted - Postfix 3.4.14

Was it smtp_tls_policy_maps perhaps? -- Rick King - On May 11, 2021, at 12:09 PM, Noel Jones njo...@megan.vbhcs.org wrote: On 5/11/2021 12:28 PM, Maurizio Caloro wrote: > Hello > > Mail_version = 3.4.14 > > postconf: warning: /etc/postfix/main.cf: u

Re: BCC action for header_checks + multiple recipients

Ahh! Makes sense Viktor, thank you very much! Best Regards, -- Rick King - On Feb 2, 2021, at 1:48 PM, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Tue, Feb 02, 2021 at 02:54:00PM -0500, Rick King wrote: > However, I haven't been able get BCC to multiple recipients to work;

Re: BCC action for header_checks + multiple recipients

Thank you very much Wietse! Best Regards, -- Rick King - On Feb 2, 2021, at 1:45 PM, Wietse Venema wie...@porcupine.org wrote: Rick King: > Postfix Version: 3.1.1 > > header_checks = pcre:/etc/postfix/conf/custom_header_checks > > Hello List! > > According

BCC action for header_checks + multiple recipients

ld>(.*)/ BCC us...@internaldomain.tld;us...@internaldomain.tld Has anyone used multiple recipients for the BCC action before? Any examples/guidance would be greatly appreciated. Thank you list! -- Rick King

Exception to login_mismatch with IP Whitelisting?

using FROM addresses, but it doesn't use IP's only MAIL FROM addresses. My questions is, is it possible to whitelist the IP's from Shopify with this config? The customer would prefer to use IP Whitelisting. Best Regards, -- Rick King

Possible header_check solution?

*\>/ REJECT#Sorry, we do not allow emails with multiple FROM senders Is it possible to use header_check feature to reject messages with carefully crafted displayName? Any suggestions welcome! Thank you! Best Regards, -- Rick King

Re: Basic kind of question

should make the host do > a dns query to find the mx record of example.com . > > Robert > On Wednesday, July 17, 2019, 2:24:46 PM EDT, Rick Zeman > wrote: > > > I inherited a pair of postfix servers configured by someone else and I > think I've been a manager too lo

Basic kind of question

I inherited a pair of postfix servers configured by someone else and I think I've been a manager too long as I can't figure this one out because I'm too rusty with postfix. Scenario: 2 identical postfix servers that only accept mail from mynetworks (other local servers in its /16) with various

Re: Cyrus SASL with httpform

to FireFox, based on the recently standardised notion of Native Messaging, https://github.com/arpa2/docker-demo/tree/master/demo-ffsasl Maybe that is (a direction for) a solution. HTML forms are not likely to support the any-number-of-back-and-forths that SASL requires, in general. Cheers, -Rick

Re: Conditional sender rewrite based on recipient address

ggling with this in the past, and ended up renaming everything upon entry and casting it back through the virtual table, but it felt like generic_maps would have been a better way, had it distinguished the things it would substitute. -Rick

Re: How can I "reject_unverified_LOCAL_sender"?

k on external senders! Thanks, -Rick

Re: How can I "reject_unverified_LOCAL_sender"?

s not even simple >> in a policy due to the cyclic risk. What are others doing in this >> respect? Thanks, for your input Phil! -Rick

How can I "reject_unverified_LOCAL_sender"?

namely an invocation of the virtual(8) server for addresses on the said lists. I don't see how I can do this with Postfix, and it's not even simple in a policy due to the cyclic risk. What are others doing in this respect? Thanks, -Rick

Feature Request: deduplication with multiple X-Original-To values

mentioned, making it less difficult to choose from for email administrators. I hope this is a useful suggestion :) Thanks, Rick van Rein InternetWide.org / ARPA2.net / OpenFortress.nl

Re: Lists and spam prevention / use of Reply-To:

ve the suspicion that it may be over-engineered, but I can't pin that down yet. -Rick

Re: Lists and spam prevention / use of Reply-To:

modifications such as whitespace replacement and header field line rewrapping. [Section 3.4 of RFC6376 on DKIM Signatures] I didn't see any changes in whitespace in my postings to this list, but that may also be due to normalisation in the spam filter through which both outgoing and incoming messages pass. -Rick

Re: Lists and spam prevention / use of Reply-To:

he sender in Reply-To: and have the list address in From: so it matches the SPF domain and so even DKIM could be signed by the list would be considered a good or bad idea by admins running lists. Cheers, -Rick

Re: Lists and spam prevention / use of Reply-To:

Interestingly, This list is a modest exception -- DKIM should pass through it perfectly, mostly because it does not change the Subject: From: To: or body. But the question was about soundness of the general Reply-To: idea anyway. -Rick

Lists and spam prevention / use of Reply-To:

under the list bounce domain 3. setup SPF in the list bounce domain 4. this should pass on DMARC, because SPF passes and DKIM fails I'd like to learn if this approach is considered sound by the list. Cheers, Rick van Rein

Re: Simple mailing list: Possible for multiple domains?

t is a bed of nails... even when you do it really nicely, perhaps even still when you canonicalise remote users to local addresses as in http://internetwide.org/blog/2017/08/16/mail-route-filtering.html Cheers, -Rick

Re: Simple mailing list: Possible for multiple domains?

Tom indicated to need something really-really-quickly. -Rick

Re: Simple mailing list: Possible for multiple domains?

nvelope and header from addresses. https://www.libsrs2.org -Rick

Re: Simple mailing list: Possible for multiple domains?

Hi Tom, > For example: Incoming mail for for "need...@foo.com > " and "need...@bar.com > " are sent to separate subscriber lists. That will work if you create the lists in the virtual map. You probably should have an SRS setup to get through properly. -Rick

Re: Feature Request: lmtp --> content_filter --> lmtpd

g on passing feedback for individual recipients in a one-by-one fashion from lmtpd back to lmtp, but it is actually even nicer to do it per group -- so that a resend can be tried for the group and they get to see each other's addresses to share. Thanks! -Rick

Feature Request: lmtp --> content_filter --> lmtpd

r just a new idea? Thanks, Rick van Rein

Re: TLS warning

, so it is big. Cheers -- Rick On May 25, 2017 3:26:34 PM EDT, D'Arcy Cain <da...@vex.net> wrote: >On 2017-05-25 03:20 PM, li...@lazygranch.com wrote: >> Right from the Telus website : >> -- >> "Clear the Requires a secure connection (SSL) check box" >

Re: TLS warning

On 2017-05-25 02:31 AM, Philip Paeps wrote: On 2017-05-24 14:54:34 (+0200), Bastian Blank wrote: On Wed, May 24, 2017 at 02:41:01AM -0700, li...@lazygranch.com wrote: ‎You shouldn't be accepting sslv3 due to the poodle attack.

Re: TLS warning

'. Cheers --- Rick On May 24, 2017 12:26:32 PM EDT, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > >> On May 24, 2017, at 5:41 AM, li...@lazygranch.com wrote: >> >> ‎You shouldn't be accepting sslv3 due to the poodle attack. >> >> https://en.m.wikipedia

TLS warning

Hi All Should this TLS warning worry me? cheers -- Rick Warnings smtpd (total: 1) 1 TLS library problem: error:14094416:SSL routines:SSL3_READ_BYTE... mail.log: May 23 11:35:42 myHostName postfix/smtpd[6619]: connect from sonic310-27.consmr.mail.ne1.yahoo.com

Re: Fallback to IPV4 in case of IPV6 is not available

On Sat, Mar 25, 2017 at 2:48 PM, Paul C wrote: > I wish the world would use ipv6 enough for this to be worth doing, but > it's not going to have much benefit to you as there's almost no one > using it for smtp, from the last time I checked which was a few months > ago,

Re: New SASL generic failure

On Sat, Jul 9, 2016 at 9:57 AM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > >> On Jul 8, 2016, at 10:09 PM, Rick Zeman <rze...@gmail.com> wrote: >> >> How might 'filtering out that mechanism" be done, Viktor? Doesn't >> sound (or look like, ba

Re: New SASL generic failure

On Fri, Jul 8, 2016 at 9:17 PM, Viktor Dukhovni wrote: > >> On Jul 8, 2016, at 9:15 PM, Wietse Venema wrote: >> >> Your SASL library cannot authenticate with PLAIN or LOGIN. > > Another possibility is that it supports and prefers XOAUTH2, but

New SASL generic failure

Working system that suddenly started crapping out on SASL-authenticated connections to its relay. Nothing's changed for this 2.11.0 Apple-supplied postfix, and the username/password authenticates fine to smtp.comcast.com (relay). I'm not see what's wrong (must be what "generic" means lol).

Re: One more post-rebuild weirdness

On Tue, Mar 22, 2016 at 11:25 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: > On 3/22/2016 10:03 PM, Rick Zeman wrote: >> Oops, knew I forgot something, Noel. This is a (soft) bounce f >> recipient that does exist on the destination system, but not on the >> postf

Re: One more post-rebuild weirdness

25 miniserv postfix/qmgr[68145]: 48C83278ED96: removed On Tue, Mar 22, 2016 at 10:17 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: > On 3/22/2016 8:54 PM, Rick Zeman wrote: >> OS X Postfix system rebuilt as a relay with no local mailboxes, but >> we're not passing inbound mail to

One more post-rebuild weirdness

OS X Postfix system rebuilt as a relay with no local mailboxes, but we're not passing inbound mail to the final destination except for the few people who have local accounts on the postfix server. Soft bounce is onluckily (great safety net, Wietse). I have something that's negating

TLS question on OS X

Howdy, Upgrading Apple server to Apple's postfix 2.11.0 and seeing this in the logs: Mar 20 12:12:53 miniserv postfix/smtpd[43174]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown

Re: Why is postfix talking to aspmx.google spamexperts?

On Mon, Sep 15, 2014 at 5:42 PM, Marius Gologan marius.golo...@gmail.com wrote: Extract the queue-ids from the logs and hold those messages for later delivery: postsuper -h queue-id (or postsuper -h ALL to hold everything in the queue) to un-hold: postqueue -H queue-id (or postsuper -H ALL to

Re: Request help with SASL issue and postfix

On Sat, Aug 16, 2014 at 5:18 PM, Viktor Dukhovni postfix-us...@dukhovni.org wrote: [...] inet_protocols = all Set this to ipv4, you don't have ipv6 connectivity. I wouldn't be so hasty, Viktor. It looks like he is routing IPv6, as does Comcast (I know that from personal experience): Aug 16

/etc/postfix dependency?

Wietse: Begin quote from Postfix sendmail manpage -C config_file -C config_dir The path name of the Postfix main.cf file, or of its parent directory. This information is ignored with Postfix versions before 2.3. With

Re: /etc/postfix dependency?

On Tue, Jun 3, 2014 at 11:18 AM, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Tue, Jun 03, 2014 at 10:31:34AM -0500, Rick Zeman wrote: I'm using the Apple-compiled Postfix 2.9.4 that comes with Mac Mavericks server. One thing that made setup much harder than it needed to be for me

Re: /etc/postfix dependency?

On Tue, Jun 3, 2014 at 12:04 PM, Wietse Venema wie...@porcupine.org wrote: Rick Zeman: I'm using the Apple-compiled Postfix 2.9.4 that comes with Mac Mavericks server. One thing that made setup much harder than it needed to be for me is that Apple puts their postfix config files

Re: TLS issues (postfix says: UNTRUSTED but it is not)

On Tue, May 13, 2014 at 9:31 AM, Viktor Dukhovni postfix-us...@dukhovni.org wrote: The logging is misleading, it should say Anonymous rather than untrusted. This is fixed in 2.11.1 and 2.12 snapshots. I'm glad of that. That confused the heck out of me, too.

Re: postfix setup: machine with live ip forwarding traffic to home machine

On Mon, May 5, 2014 at 3:36 AM, hiren panchasara hiren.panchas...@gmail.com wrote: This is how it should work, afaik: Sending: Initiates from my home box and go out via VM. Receiving: VM receives it and forwards to home box. (I've also tried sending through my home machine on port 587 but

Heartbleed via smtpd?

I'm guessing since I've received a bunch of these over the past few days that these are Heartbleed scrape attempts, especially since these IPs belongs to our friends in the former Soviet Union. Agreed? (It's an Apple server so it uses its own goto fail TLS library, and only has an older version

Re: value of zero not documented for message_size_limit

On Fri, Apr 11, 2014 at 7:14 AM, Wietse Venema wie...@porcupine.org wrote: Markus Sch?nhaber: Hi, while the documentation for mailbox_size_limit http://www.postfix.org/postconf.5.html#mailbox_size_limit explicitly states [...] or zero (no limit)., the doc for message_size_limit

IPv6 to IPv4 fallback

Howdy, I now have IPv6 routing working along with inet_protocols = all in my main.cf (Postfix 2.9.4). I've noticed that using my outbound relay (which is load balanced across many machines) will connect with either protocol with no discernible pattern even to the same destination. Going by the

Re: Using transport only if local user exists

On Sat, Mar 15, 2014 at 11:34 PM, Noel Jones njo...@megan.vbhcs.org wrote: On 3/15/2014 5:08 PM, Rick Zeman wrote: I've started working on my bastard Mac postfix relay. For delivery to the local domain, it will only relay to the internal mail server defined in transport if the user exists

Re: Using transport only if local user exists

On Sun, Mar 16, 2014 at 9:43 AM, Noel Jones njo...@megan.vbhcs.org wrote: On 3/16/2014 8:31 AM, Rick Zeman wrote: On Sat, Mar 15, 2014 at 11:34 PM, Noel Jones njo...@megan.vbhcs.org wrote: On 3/15/2014 5:08 PM, Rick Zeman wrote: I've started working on my bastard Mac postfix relay

Using transport only if local user exists

I've started working on my bastard Mac postfix relay. For delivery to the local domain, it will only relay to the internal mail server defined in transport if the user exists locally on the postfix box...and I can't figure out why (luckily, the 450 safety net is there!). I could see how it would

Re: Mac Postfix gateway local delivering.

I On Sat, Mar 1, 2014 at 8:46 PM, Wietse Venema wie...@porcupine.org wrote: What is in this file? I've got delivery to the relay host working, and delivery to the local mail destination; however it only works from the server's command line Connections for mail coming outside of

Re: Mac Postfix gateway local delivering.

is in this file? Rick Zeman: pointyears.net smtp:[192.168.1.5]:587 Based on the configuration details that you have given in earlier .email, Postfix cannot invoke the local delivery agent. Therefore, what you have shown is not the configuration that Postfix uses. Yes, thanks. Apple has postfix

Mac Postfix gateway local delivering.

[getpwnam_ext]: no record for user rick Mar 1 18:58:58 miniserv.private postfix/pipe[17007]: 4D42BA00A2: to= r...@pointyears.net, relay=dovecot, delay=0.1, delays=0/0.01/0/0.09, dsn=5.1.1, status=bounced (user unknown) Mar 1 18:58:58 miniserv.private postfix/cleanup[16758]: 659D6A00A7: message-id

Re: Mac Postfix gateway local delivering.

On Sat, Mar 1, 2014 at 7:50 PM, li...@rhsoft.net li...@rhsoft.net wrote: Am 02.03.2014 01:08, schrieb Rick Zeman: Howdy, I'm trying to set up a Mac version of postfix (2.9.4) as a mail gateway. It's been many years since I've set up a postfix instance, and being extremely rusty I've

Re: Mac Postfix gateway local delivering.

I'm sure everyone else knows this, but OS X keeps has two complete sets of postfix config files. Guess who, based on linux experience, was using /etc/postfix? On Sat, Mar 1, 2014 at 8:10 PM, Rick Zeman rze...@gmail.com wrote: On Sat, Mar 1, 2014 at 7:50 PM, li...@rhsoft.net li...@rhsoft.net

Re: Mac Postfix gateway local delivering.

On Sat, Mar 1, 2014 at 8:46 PM, Wietse Venema wie...@porcupine.org wrote: Rick Zeman: mydestination = local_transport = error:local mail delivery is disabled Nevertheless, you have some mail going to the local delivery agent. transport_maps = hash:/etc/postfix/transport What

Post upgrade problem(?)

Just upgraded to 3.93 from 3.62 from source (amazingly smooth make upgrade after skipping 3 years of interim versions. Easier than using an rpm!). I fixed the TLS database location warnings that cropped up in the logs, but I'm also seeing: Jul 8 21:51:51 tux postfix/verify[28749]: close

bounce problem

or advice would be appreciated. Rick Hazey

Re: bounce problem

hostname. This was intentional since incoming (via Kerio) and outgoing (via Postfix) are on the same IP and my goal was for the hostname to match forward and reverse DNS. Is there no workaround? Or is my configuration flawed and to be avoided? On Dec 6, 2011, at 2:31 PM, Wietse Venema wrote: Rick

Re: bounce problem

I had configured inet_interfaces = localhost but did not realize Postfix required a different hostname for each MTA. My lack of understanding is the problem, not Postfix. Thanks for the explanation. On Dec 6, 2011, at 4:04 PM, Wietse Venema wrote: As a matter of sanity, Postfix requires that

Re: Postfix on Virtual Guest Cannot send mail

Thanks That was the clue I was needing. I had to explicitly set mynetworks on the guest OS. seemed to fix it. RIck On Nov 6, 2011, at 11:17 AM, Wietse Venema wrote: Blair, Rick: [root@guestServer init.d]# telnet fileserver 25 Trying 192.168.1.31... Connected to fileserver. Escape

Postfix on Virtual Guest Cannot send mail

) As I said before IPTables for both ipv4 and ipv6 are not running. I have tried configuring for just ipv4 same results. All posts suggest looking at firewall, but iptables is not running. Many thanks in advance. Rick -- Tìoraidh! Rick Blair smime.p7s Description: S/MIME cryptographic

Lower-case for incoming mail

rather not change that to +spam when it enters dovecot). Is there a way to change the email address to LC in postfix before it goes through amavis? thanks rick

quick and dirty SASL

Howdy, I have sasl installed and postfix uses it for its outbound relay just fine. I need now for a smart phone or two to use postfix to send mail. Am I correct that there's no mechanism like smtp_sasl_password_maps = hash:/etc/postfix/sasl_password for smtpd? Just need a quick and dirty one

Re: quick and dirty SASL

On Wed, Nov 11, 2009 at 11:06 AM, Eero Volotinen eero.voloti...@iki.fi wrote: Rick Zeman wrote: Howdy, I have sasl installed and postfix uses it for its outbound relay just fine.  I need now for a smart phone or two to use postfix to send mail.  Am I correct that there's no mechanism like

Re: Case sensitive oddity when mail delivered.

have any suggestions on where to look for what could be making the behaviour different for that email address? Rick alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases bounce_queue_lifetime = 2d bounce_size_limit = 5 bounce_template_file = /etc/postfix/bounce.cf command_directory

Re: adding secondary MX

? If the answer is, your exchange server config is broken well, perhaps, but I didnt' set up (or own) that box. Setting up postfix as a secondary won't break anything any worse than it already is, right? rick Rick

Re: Max Size Not Working Correctly?

On Thu, Apr 23, 2009 at 11:35 AM, Victor Duchovni victor.ducho...@morganstanley.com wrote: There you are message delivered to procmail, and procmail returned a success (0) exit code. What happened after procmail is outside the scope of Postfix. Ok, fair enough but can procmail issue the

Re: Max Size Not Working Correctly?

line in it but a postconf -d showed virtual_mailbox_limit = 5120 postconf -n shows the same. Anyone know why this email would be getting rejected based on size? Are there other settings I'm missing? Rick

Re: Max Size Not Working Correctly?

Yes, I have thanks but as I said, the config already is set to well above the 14Mb limit that was rejected, it's currently set to 20M (message_size_limit = 2048) That is 20 Megs right? I'm not missing a zero I don't think. So why else could it possibly be rejected? On Wed, Apr 22, 2009 at

Re: Max Size Not Working Correctly?

check the POSTFIX log. check postconf -n output  -- Noel Jones Done and done, see my original post. Here's the log of the email in question.. Apr 22 13:52:54 vps04 postfix/smtpd[16215]: connect from unknown[74.51.38.172] Apr 22 13:52:54 vps04 postfix/smtpd[16215]: B3E982010001:

Re: Max Size Not Working Correctly?

It is 2 kilobytes, which is not quite 20480 kilobytes, but probably close enough. Post the output of postconf -n and Postfix server logs showing the rejection of the message. --        Viktor. [r...@vps04 log]# postconf -n alias_database = hash:/etc/aliases alias_maps =

Re: Max Size Not Working Correctly?

Yes. postconf -d | grep size_limit    body_checks_size_limit = 51200    bounce_size_limit = 5    header_size_limit = 102400    mailbox_size_limit = 5120    message_size_limit = 1024 Of these the last two are the most pertinent. --        Viktor. [r...@vps04 log]#

Re: Max Size Not Working Correctly?

[r...@vps04 log]# postconf -n | grep size_limit message_size_limit = 2048 OK, so you are potentially configured to accept 20,000 KB messages. Where are the logs? --        Viktor. SOrry, I did send it in an earlier post, here it is again. Apr 22 13:52:54 vps04 postfix/smtpd[16215]:

Re: Max Size Not Working Correctly?

This message was accepted and delivered.   -- Noel Jones Problem is that it wasn't delivered (it was coming to me and I never rcvd it) and a reject mesage was sent as seen in the Exim logs. This is what is confusing. As you can see we're talking about the same message, the exact same # of

Re: Max Size Not Working Correctly?

The easy explanation is that it's not the same message. You'll have to provide better proof that it really is. It definitely is the same message. It's the only one that the guy sent me with a 14m attachment. I've searched the log for emails from that user and it's the only one that has a large

Re: Max Size Not Working Correctly?

postfix/cleanup[19991]: C2B232010001: message-id=31.b1.33545.74b5f...@pb1.pair.com Apr 22 14:02:09 vps04 postfix/qmgr[28236]: C2B232010001: from=php-general-return-291823-rick=duvals...@lists.php.net, size=5675, nrcpt=1 (queue active) Apr 22 14:02:09 vps04 postfix/smtpd[19988]: disconnect from unknown

Max Size Not Working Correctly?

. Anyone know why this email would be getting rejected based on size? Are there other settings I'm missing? Rick

Re: Interesting tumgreyspf/postfix/gmail problem

On Tue, Oct 14, 2008 at 11:41 PM, Henrik K [EMAIL PROTECTED] wrote: On Tue, Oct 14, 2008 at 05:32:56PM -0400, Rick Zeman wrote: Just discovered that gmail is now retrying greylisted email from not only multiple servers, but from multiple servers located within different subnets...which totally

Interesting tumgreyspf/postfix/gmail problem

Just discovered that gmail is now retrying greylisted email from not only multiple servers, but from multiple servers located within different subnets...which totally breaks breaks tumgreyspf greylisting implementation. I kind of like it cuz it uses the filesystem to store its data. However,