>
> *From:* Marius Gologan [mailto:marius.golo...@gmail.com]
> *Sent:* Tuesday, February 23, 2016 11:01 PM
> *To:* 'Robert Lopez'; 'Postfix users'
> *Subject:* RE: CVE-2015-7547
>
>
>
> Patches are available for most Linux distributions. You need to verify
> your ver
Does anyone have any knowledge of postfix being exploited via
CVE-2015-7547, glibc stack-based buffer overflow in getaddrinfo()? Any
concerns about the exploitability?
Discussion here about how fast we must patch glibc.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community
On Fri, Oct 10, 2014 at 10:56 PM, Viktor Dukhovni
postfix-us...@dukhovni.org wrote:
On Fri, Oct 10, 2014 at 03:35:09PM -0600, Robert Lopez wrote:
Please see:
http://www.postfix.org/DATABASE_README.html#safe_db
The question So these errors happen while the file is being rebuilt,
right
/postfix/virtualaliases
postfinger output:
http://pastebin.com/ZjSBT4cn
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
On Fri, Oct 10, 2014 at 2:09 PM, Noel Jones njo...@megan.vbhcs.org wrote:
On 10/10/2014 2:21 PM, Robert Lopez wrote:
Problem: Valid email addresses being rejected.
Problem appears to be intermittent; difficult to tell most rejections
are legitimate.
Not found in a hash named virtualaliases.db
trying the
wrong approach I would like to know.
What are the alternative that are successfully used? Especially in the
area of Spear Phishing?
--
Robert Lopez
After looking at past logs an seeing the errors only began after the
email gateway had been running for a few weeks, I deleted the
/var/lib/postfix/postscreen_cache.db.
Restarting postfix now has a happy postscreen+bdb again.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico
2.6.32-358.6.1.el6.x86_64 #1 SMP
Fri Mar 29 16:51:51 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
the problem become apparent and
only after over two weeks of production use.
Wietse, Thank you. At this point I must take your advice to my team
and management to discuss our options.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque
reject_non_fqdn_sender
reject_unknown_sender_domain
smtpd_use_tls = no
virtual_alias_maps = hash:/etc/postfix/virtualaliases
Is there a configuration change I must make to eliminate the three
types of concerning lines?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM
On Fri, Jun 14, 2013 at 3:09 PM, Wietse Venema wie...@porcupine.org wrote:
Robert Lopez:
I am trying to understand the cause/causes of these log lines:
1) postfix/postscreen[]: fatal: error [-30986] seeking
/var/lib/postfix/postscreen_cache.db: Success
Your Berkeley DB is screwed up
probably can't help people who think 2.1 == 2.10 ;)
Cheers,
Chris.
I agree with /dev/rob0, Chris, and the others who agree to leave it as is.
--
Robert Lopez
On Mon, May 6, 2013 at 3:10 PM, Wietse Venema wie...@porcupine.org wrote:
Robert Lopez:
Let me try again. I am assuming the link between a line in the
dndsbl_reply file and the main.cf file is only a label and it could be
anything.
Is that a wrong assumption?
Please describe what
/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtualaliases
--
Robert Lopez
Unix Systems Administrator
Central New Mexico
name with the key in it or the short reply name?
Does it matter what the short name returned is; that is could I use
zen.spamhaus.org just to keep it shorter?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
actually being used now as
opposed to being not used because of configuration?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtualaliases
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
for the target domain:
# host -t mx ors-cpa.com
ors-cpa.com mail is handled by 10 server50.appriver.com.
ors-cpa.com mail is handled by 20 server51.appriver.com.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
On Thu, Apr 11, 2013 at 2:23 PM, Noel Jones njo...@megan.vbhcs.org wrote:
On 4/11/2013 2:42 PM, Robert Lopez wrote:
That was a fast response Jan. Thanks. Is the overall situation
suggestive of any misconfiguration here?
[please don't top-post]
It appears you're generating a bounce
:
Robert Lopez:
For myself, my gpg stuff works well for what I use it (Google Apps) but
is
apparently broken for importing new keys:
$ gpg -v --import wietse.pgp
gpg: can't open `wietse.pgp': No such file or directory
Do you have the `wietse.pgp' file? I have a copy linked from
the Postfix
How do I get the md5sum for postfix-2.10.0.tar.gz out of the
postfix-2.10.0.tar.gz.sig file?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
not found
On Mon, Apr 1, 2013 at 2:18 PM, /dev/rob0 r...@gmx.co.uk wrote:
On Mon, Apr 01, 2013 at 02:11:53PM -0600, Robert Lopez wrote:
How do I get the md5sum for postfix-2.10.0.tar.gz out of the
postfix-2.10.0.tar.gz.sig file?
The sig file is a GPG signature. Get the public key and verify
to a filename rather than a hostname.
myhostname = /etc/hostname
and optional database drivers are installed as separate packages
and a related configuration file.
For help with Debian, ask on a Debian-specific list.
--
Viktor.
--
Robert Lopez
Unix Systems Administrator
Central
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtualaliases
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
On Wed, May 26, 2010 at 11:10 AM, Wietse Venema wie...@porcupine.org wrote:
Robert Lopez:
This college has a contract with Rave Messaging to deliver high volume
(ex campus emergency) communications via many vectors including email.
In their requirements document, in the portion on email
. If you are interested, please drop me a note.
I have a lot to learn! There are terms and concepts in you response
that are new to me.
Thanks for the direction tips.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico
documentation and
testing ideas on a virtual system but I have thus far not created a
working solution.
What's the best way to accomplish the goal in this environment?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtualaliases
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
On Tue, Apr 6, 2010 at 10:52 AM, Noel Jones njo...@megan.vbhcs.org wrote:
On 4/6/2010 11:39 AM, Robert Lopez wrote:
For some time I have been tracking changes to the access table with RCS.
Each time a change is made the ci access results in the removal of
the access file from /etc/postfix
On Tue, Apr 6, 2010 at 12:23 PM, Wietse Venema wie...@porcupine.org wrote:
Robert Lopez:
Now that you mention the documentation:
SYNOPSIS
postmap -q string cidr:/etc/postfix/filename
postmap -q - cidr:/etc/postfix/filename inputfile
DESCRIPTION
...
To test lookup
On Tue, Apr 6, 2010 at 12:33 PM, /dev/rob0 r...@gmx.co.uk wrote:
On Tue, Apr 06, 2010 at 11:57:00AM -0600, Robert Lopez wrote:
On Tue, Apr 6, 2010 at 10:52 AM, Noel Jones njo...@megan.vbhcs.org
wrote:
On 4/6/2010 11:39 AM, Robert Lopez wrote:
Why does postfix not like the source file being
On Tue, Apr 6, 2010 at 12:48 PM, Noel Jones njo...@megan.vbhcs.org wrote:
On 4/6/2010 1:42 PM, Robert Lopez wrote:
The Postfix mail system uses optional lookup tables as described in
the DATABASE_README document. Lists of IP addresses can be specified
in CIDR (Classless Inter-Domain Routing
I replied to Charles thinking I was replying to the list...
On Tue, Apr 6, 2010 at 12:40 PM, Charles Marcus
cmar...@media-brokers.com wrote:
On 2010-04-06 2:35 PM, Robert Lopez wrote:
If I remove the .db ile (As Noel points out not necessary) then I get
an error because postmap seems to only
192.168.1.0/24 DUNNO
192.168.2.3 REJECT blah
192.168.2.0/24 DUNNO
192.168.0.0/16 FILTER somefilter
in short, create client based policies, not result based policies.
The icing of the cake of two very helpful responses. Thanks both.
Robert Lopez
Unix Systems Administrator
Central New
list part; where each of those two
parts would first list all the exact IP and then list all the CIDR
patterns?
Or is it sufficient to have first the white list then the black list
with no further concern for the order within each part?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico
-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtualaliases
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College
/postfix/virtualaliases
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
On Fri, Oct 30, 2009 at 1:26 PM, Noel Jones njo...@megan.vbhcs.org wrote:
On 10/30/2009 12:55 PM, Robert Lopez wrote:
I would like to confirm my understanding about access files.
Please let me know if any of this is not correct...
The man (5) access description describes a prototype file
use.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
are doing the right things.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
On Thu, Oct 1, 2009 at 11:02 AM, Brian Evans - Postfix List
grkni...@scent-team.com wrote:
Robert Lopez wrote:
snip
check_client_access=hash:/etc/postfix/access
smtpd_client_restrictions =
permit_mynetworks
hash:/etc/postfix/whitelist
This is depreciated syntax equivalent
the queues to empty?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
-t inet -u
Are there configuration parameters that cause the addition of the -c
-o stress?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
email.
Which postfix list would be best used for such a block? Could it be
sender_access?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
to also join the no to bouncer and I
agree with all the reasons others have stated.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
${nexthop} ${user}
-- end of postfinger output --
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
this OK if found in smtp_client_restrictions trump REJECT if found by
smtpd_sender_restrictions against tld.com and allow the message to queue?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
- n n - - pipe
flags=Rq user=filter argv=/u01/gluescript/filter.sh -f ${sender} --
${recipient}
-- end of postfinger output --
tcpdump shows no problem.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque
: Aaron Wolfe [EMAIL PROTECTED]
Date: Mon, Oct 6, 2008 at 12:55 PM
Subject: Re: outgoing SPAM
To: postfix-users@postfix.org
On Mon, Oct 6, 2008 at 2:33 PM, Robert Lopez [EMAIL PROTECTED] wrote:
In the past months there have been instances where pfishing was used to
get
account credentials
49 matches
Mail list logo
