[pfx] Re: body_checks not catching all backscatter

* Peter via Postfix-users [2023-05-03 07:45]: > On 28/04/23 03:59, Sebastian Wiesinger via Postfix-users wrote: > > Hi everyone, > > > > I'm not sure if I'm missing something but I can't find out why my > > body_checks doesn't catch all the backscatter I'm gett

[pfx] Re: body_checks not catching all backscatter

* Sebastian Wiesinger [2023-04-27 17:59]: > root@alita:/etc/postfix# postmap -q - regexp:/etc/postfix/body_checks.pcre > Message-ID: > reject SPAM backscatter with forged domain name in Message-ID header And of course I ran into my own filter when I got the mail

[pfx] body_checks not catching all backscatter

Hi everyone, I'm not sure if I'm missing something but I can't find out why my body_checks doesn't catch all the backscatter I'm getting right now. I've it configured like this: root@alita:/etc/postfix# postconf -n body_checks body_checks = pcre:$config_directory/body_checks.pcre

Re: About messages bounced due name resolution issues using IPv6

* Matus UHLAR - fantomas [2020-12-04 15:08]: > > El vie, 4 dic 2020 a las 2:15, Viktor Dukhovni > > () escribió: > > > Is there a compelling reason to run a stripped-down (and typically not > > > adequately standards-conformant) DNS resolvers on a mail server? > > On 04.12.20 08:41, Sergio

Re: Postfix, Hotmail never arrive

* Sebastian Wiesinger <postfix-us...@ml.karotte.org> [2017-03-08 15:53]: > * Robert Schetterer <r...@sys4.de> [2017-03-05 21:00]: > > Microsofts info mail ( arrived fast today ) > > said that my hetzner Ip will whitelisted , but only for small > > amount of

Re: Postfix, Hotmail never arrive

* Robert Schetterer [2017-03-05 21:00]: > Microsofts info mail ( arrived fast today ) > said that my hetzner Ip will whitelisted , but only for small > amount of mail until it has a "good" score and it is not a general > antispam whitelisting. > > They recommend to get part of >

Re: Postfix ML Configuration for Sender Header

* Sebastian Wiesinger <sebast...@karotte.org> [2015-09-25 12:55]: > * Wietse Venema <wie...@porcupine.org> [2015-09-18 15:51]: > > Majordomo uses the following: Reply-To: (most preferred), From:, > > and Apparently-From: (least preferred). It does not use Sender:

Re: Postfix ML Configuration for Sender Header

* Wietse Venema <wie...@porcupine.org> [2015-09-10 15:00]: > Sebastian Wiesinger: > > Hello, > > > > a while ago I changed my mail configuration for mailinglists. I have > > individual mail addresses for every mailing list and the configuration > > now lo

Postfix ML Configuration for Sender Header

Hello, a while ago I changed my mail configuration for mailinglists. I have individual mail addresses for every mailing list and the configuration now looks like this: From: Sebastian Wiesinger <sebast...@karotte.org> Sender: postfix-us...@ml.karotte.org This has the advantage that of

Re: AntiSpam & AntiVirus Integration with Postfix: lots of tools, but which one's AREN'T 'dead'?

* joh...@fastmail.com [2015-09-09 03:03]: > Ken > > On Tue, Sep 8, 2015, at 05:49 PM, Ken Peng wrote: > > How about Spamassassin? we have been using it for a long time. > > And how are you integrating it into Postfix. That was my question > not whether to use Spamassassin.

Re: Define exception(s) from catchall domain

* Noel Jones njo...@megan.vbhcs.org [2014-10-24 00:36]: I tried to implement this by using a check_recipient_access pcre_table like this: /etc/postfix# cat recipient_access.pcre /^postfix-reject-address@.+$/ REJECT This must match the recipient address as sent by the client and

Define exception(s) from catchall domain

Hello, I have a few users that insist on using catch-all domains. Not surprising they get spam to some address. Now they're asking if they can reject mail for *some* of the addresses of the catch-all domain. They can create aliases themselves via postfixadmin and they want to do this the same

Re: Define exception(s) from catchall domain

* Sebastian Wiesinger postfix-us...@ml.karotte.org [2014-10-23 21:54]: Hello, I have a few users that insist on using catch-all domains. Not surprising they get spam to some address. Now they're asking if they can reject mail for *some* of the addresses of the catch-all domain. They can

How to do whitelisting with milter_header_checks?

Hello, the documentation states: The milter_header_checks mechanism could also be used for whitelisting. For example it could be used to skip heavy content inspection for DKIM-signed mail from known friendly domains. I want to do that for mail that passes DMARC checks (with 2.11.2 DMARC became

PERMIT smtpd_client_restrictions

Hello, as I see/understand it, a check_client_access lookup that returns PERMIT will skip over the rest of smtpd_client_restrictions but WILL still run the checks in the other smtpd_*_restrictions classes, right? I can't find that information in the SMTPD_ACCESS_README or other documents. (I

Re: PERMIT smtpd_client_restrictions

* Wietse Venema wie...@porcupine.org [2014-10-01 19:03]: Sebastian Wiesinger: Hello, as I see/understand it, a check_client_access lookup that returns PERMIT will skip over the rest of smtpd_client_restrictions but WILL still run the checks in the other smtpd_*_restrictions classes

Re: Postfix SMTPUTF8 support (unicode email addresses)

* Wietse Venema wie...@porcupine.org [2014-07-15 19:33]: Proudly presenting Postfix SMTPUTF8 support! Below is text from the RELEASE_NOTES file for postfix-2.12-20140715, to be uploaded later today. Aaand Google has announced that it will support this for GMail:

Re: Test TLS DANE Records

* Viktor Dukhovni postfix-us...@dukhovni.org [2014-05-08 02:09]: On Thu, May 08, 2014 at 01:14:09AM +0200, Sebastian Wiesinger wrote: I published TLS DANE Records for my mailserver and now I am wondering if there is a way to verify that these records are okay/matching the cert

Wait if downstream MTA accepts mail - reject if not

Hello, I have some users that forward their mail to GMAIL. This is implemented with virtual alias maps. So postfix forwards: u...@example.com - example.u...@gmail.com The problem is when SPAM mails get through all the postfix defences and get forwarded to GMAIL. GMAIL does some body checks and

Re: Wait if downstream MTA accepts mail - reject if not

* Wietse Venema wie...@porcupine.org [2014-05-08 23:36]: Sebastian Wiesinger: Hello, I have some users that forward their mail to GMAIL. This is implemented with virtual alias maps. So postfix forwards: u...@example.com - example.u...@gmail.com The problem is when SPAM mails

Test TLS DANE Records

Hello, I published TLS DANE Records for my mailserver and now I am wondering if there is a way to verify that these records are okay/matching the cert. Is there a tool/site where I can test this? I suppose it would be possible with the right openssl s_client commands but I can't figure them out.

Current Postfix under Debian

Hello, currently I'm running the distributed postfix version under Debian Stable (currently 2.9.6-2). I would like to switch to the current 2.11 version to try out DANE and other new features. Has anyone got the current version packaged for Debian Stable (I was unable to find one online) or does

Re: Current Postfix under Debian

* Robert Schetterer r...@sys4.de [2014-01-16 12:42]: Am 16.01.2014 12:13, schrieb Sebastian Wiesinger: Hello, currently I'm running the distributed postfix version under Debian Stable (currently 2.9.6-2). I would like to switch to the current 2.11 version to try out DANE and other new

Re: Distant server to test SMTP TLS ?

* BONNET, Frank frank.bon...@esiee.fr [2013-10-24 17:54]: Hello Continuing on my secured email server graal I would like to test SMTP + TLS exchange of emails the volume will be very low for testing purpose only and I will be the only user when I will suceeded to setup my server :-) My

Re: TLS errors with GMX/web.de

* Viktor Dukhovni postfix-us...@dukhovni.org [2013-08-24 05:27]: I just did, here is the PCAP: http://www.karotte.org/smtp-gmx.pcap The client sends an internal error alert. It is not clear what problem it is encountering. The server elects: Cipher Suite:

Re: TLS errors with GMX/web.de

* Viktor Dukhovni postfix-us...@dukhovni.org [2013-08-20 16:51]: I found the problem... In addition to my normal certificate, I had an EC certificate. smtpd_tls_eccert_file=/etc/postfix/certs/cacert-karotte-ec.crt Though I think OpenSSL will generally detect attempts to configure a

TLS errors with GMX/web.de

Hello, GMX and web.de started an initiative for secure E-Mail made in Germany... they turned TLS on. But in addition to that bold move the did something else that causes the following errors when they try to send mail to my postfix: postfix/smtpd[28706]: connect from mout.web.de[212.227.15.14]

Re: TLS errors with GMX/web.de

* Heiko Wundram modeln...@modelnine.org [2013-08-20 12:09]: Still delivers fine for me (and my mail-server) running Postfix 2.10.1: Received: from mout.web.de (mout.web.de [212.227.15.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate

Re: TLS errors with GMX/web.de

* DTNX Postmaster postmas...@dtnx.net [2013-08-20 12:57]: Self-signed, 2048 bits certificate from our own root. Picks the same cipher and TLS version as in Heiko's example, it seems. Perhaps it's your certificate, perhaps your Postfix settings? No odd overrides for the defaults anywhere,

Re: Is it time for 2.x.y - x.y?

* Wietse Venema wie...@porcupine.org [2013-05-31 22:57]: After the confusion that Postfix 2.10 is not Postfix 2.1, maybe it is time to change the release numbering scheme. Okay, perhaps this is a European view, but I never confused Postfix 2.1 with 2.10. Perhaps because here it would be 2,1 and

Re: Best way to protect backup-mx?

* tobi tobs...@brain-force.ch [2012-08-07 18:46]: Hi list, Sorry list, hi Tobi: I wanted to tell you that your DNSSEC for brain-force.ch is broken so resolvers which validate DNSSEC will not be able to resolve your domain (and so I can't send you mails directly). You might want to fix this.

Re: no route to host

* Stan Hoeppner s...@hardwarefreak.com [2012-07-30 14:35]: On 7/29/2012 6:57 PM, Engin qwert wrote: Actually it is not router. It is only BPL modem. After Static IP hiring the ISP send me an email how to configure the server with this IP addresses information. The 10.138.9.201 internal

Re: defer mail for unknown recipients for one domain only

* Wietse Venema wie...@porcupine.org [2012-04-04 01:22]: To soft-reject unknown recipients in selected domains, in mail from clients outside the local network, request defer_if_reject at the end of smtpd_recipient_restrictions: /etc/postfix/main.cf: smtpd_recipient_restrictions =

defer mail for unknown recipients for one domain only

Hello, I have a setup with handles a few virtual domains. For one domain only I want mails not to be rejected with an 5xx error code but be deferred with a 4xx error code. Is that possible? Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you

See which port a user connects to?

Hi, is there a way (in the logs) to see which port a client connects to? I can't find that information at the moment. I'm interested to know if a client is using the smtp, ssmtp or submission port to connect. Thanks Sebastian -- New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2

Re: See which port a user connects to?

* Wietse Venema wie...@porcupine.org [2011-12-14 17:34]: Sebastian Wiesinger: Hi, is there a way (in the logs) to see which port a client connects to? I can't find that information at the moment. Give each SMTP server its own syslog_name option in master.cf: submission inet n

Re: See which port a user connects to?

* /dev/rob0 r...@gmx.co.uk [2011-12-14 17:58]: I use postfix-587 (and postfix-465) because it's shorter and contains the postfix string which helps to isolate Postfix logging from other mail facility logs. grep postfix maillog, et c. More correct, and still meeting that need, would be

Re: SMTP hangs when MySQL is down

* Wietse Venema wie...@porcupine.org [2011-12-09 13:47]: A quick search shows that trivial-rewrite server has no fatal errors - it reports all errors that it can detect to the client (in this case smtpd(8)). However there is one low-level library module (match_ops) that exits the program

Re: SMTP hangs when MySQL is down

* Wietse Venema wie...@porcupine.org [2011-12-07 17:20]: Yes it was. I point the attention to the RIGHT problem, which is fixing the suboptimal configuration that does domain queries from SQL. Hi, with all due respect but for me the important thing at the moment would be to understand why it

Re: SMTP hangs when MySQL is down

* Wietse Venema wie...@porcupine.org [2011-12-08 13:09]: Sebastian Wiesinger: I really would like to know if it is not possible to have a temporary error when trivial-rewrite fails to access the MySQL database. I don't see any apparent reason for it. If there is one I would like to know

Re: SMTP hangs when MySQL is down

* lst_ho...@kwsoft.de lst_ho...@kwsoft.de [2011-12-08 14:46]: And I had hoped that perhaps this would be an improvement to postfix. Sadly it seems it was some kind of blasphemy to question the way postfix does handle this stuff. No, it means until now no one needs this so important to step

Re: SMTP hangs when MySQL is down

* Wietse Venema wie...@porcupine.org [2011-12-09 01:01]: And that is where I disagree. IMHO a mailsystem should respond with a temporary error if it is experiencing a temporary error (like a lookup table not being availabe) not simply hang there and do.. nothing. We know that. What are

Re: SMTP hangs when MySQL is down

* Sahil Tandon sahil+post...@tandon.net [2011-12-06 01:54]: that's not really an option for me, I need these lists in MySQL. It seems I have to live with it and make MySQL as stable as possible. Is your list of virtual mailbox domains that large or dynamic that it must be only in SQL?

Re: SMTP hangs when MySQL is down

* Sahil Tandon sahil+post...@tandon.net [2011-12-05 03:24]: I'm using Postfix with MySQL via proxy:mysql maps. The documentation states that mails should get deferred if no mysql server is reachable. However when I shut down MySQL, SMTP transaction freeze after I enter the MAIL FROM:...

SMTP hangs when MySQL is down

Hi, I'm using Postfix with MySQL via proxy:mysql maps. The documentation states that mails should get deferred if no mysql server is reachable. However when I shut down MySQL, SMTP transaction freeze after I enter the MAIL FROM:... statement. Any ideas how I can change that? There seems to be