for any ideas.
--
Simon Wilson
M: 0400 12 11 16
support.
YMMV.
Simon.
--
Simon Wilson
M: 0400 12 11 16
From: Ralph Seichter
Sent: Friday, 9 September 2022 10:55 pm
To: postfix-users@postfix.org
Subject: Re: Postfix.org website
* Simon Wilson:
> Noting that whilst some may consider that block excessive, it does
> appear that some 'authorities', including at least the Australian
> gov
- Message from Simon Wilson -
Date: Fri, 09 Sep 2022 17:26:09 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Postfix.org website
To: Postfix users
Yet I cannot open www.postfix.org (either over
http://www.postfix.org or https://www.postfix.org
direction happening?
I know there was chat on the mailing list about http/https on
www.postfix.org earlier in the year, but this seems odd.
Simon.
--
Simon Wilson
M: 0400 12 11 16
e-mta-sts-in-postfix-without-overriding-dane
--
Simon Wilson
M: 0400 12 11 16
) is to ask that it get
deleted off the interwebs.
Never mind horse bolted gate shutting... the gate hinges have rusted
and the gate has fallen over on this one.
It would be funny if it were not quite so disturbing.
--
Simon Wilson
M: 0400 12 11 16
- Message from John Stoffel -
Date: Sun, 28 Nov 2021 22:58:01 -0500
From: John Stoffel
Subject: Re: Logging silence
To: si...@simonandkate.net
Cc: John Stoffel , postfix-users@postfix.org
"Simon" == Simon Wilson writes:
Simon> - Message from
- Message from John Stoffel -
Date: Sun, 28 Nov 2021 21:37:12 -0500
From: John Stoffel
Subject: Re: Logging silence
To: si...@simonandkate.net
Cc: postfix-users@postfix.org
"Simon" == Simon Wilson writes:
Simon> I feel like I'm missing something r
d -- back to normality
...where as can be seen it was logging OK in January, then it stopped.
Permissions on the log file:
-rw--- 1 root root0 Nov 28 03:27 maillog
What am I missing??
--
Simon Wilson
local zone RPZ
overrides that I have.
Simon.
--
Simon Wilson
M: 0400 12 11 16
postfix/smtpd[817446]: disconnect from
scanner21.about.spyse.com[165.227.159.53] auth=0/1 commands=0/1
(RHEL 8)
--
Simon Wilson
M: 0400 12 11 16
- Message from Wietse Venema -
Date: Sat, 31 Jul 2021 09:45:00 -0400 (EDT)
From: Wietse Venema
Reply-To: Postfix users
Subject: Re: reject_sender_login_mismatch
To: Postfix users
Simon Wilson:
A quick query on?smtpd_sender_login_maps format.
I have this working
Am 31. Juli 2021 06:06:17 UTC schrieb Simon Wilson :
A quick query on smtpd_sender_login_maps format.
I have this working well on port 587 to ensure that specified
SASL-authenticated users only can send emails from their owned email
addresses.
So I have in a file 'controlled_envelope_senders
? Or does it need
to have *something* on the RHS?
Thanks
Simon
--
Simon Wilson
M: 0400 12 11 16
://git.centos.org/rpms/postfix/blob/aebf407fea0eeff2335e0d09c70514d7046e7cad/f/SOURCES/postfix.service
Standing by earlier comment - this was a change from C7 to C8, not a
change within C8.
Simon.
--
Simon Wilson
M: 0400 12 11 16
rvada - 2:3.5.8-1
- New version
Resolves: rhbz#1688389
When did you first see the change?
We are possibly straying a little from this mailing list's function...
Simon.
--
Simon Wilson
M: 0400 12 11 16
to the postfix service's private /tmp.
You *could* return it to the way it worked before by changing the
service definition file and removing privatetmp - assuming you were
comfortable with opening up postfix /tmp to be normal system /tmp -
others far smarter than I with Postfix would be better
;somealias: /home/simon/somefile" >> /etc/aliases
&& newaliases
[root@emp87 ~]# echo "test" | mail somealias@localhost
[root@emp87 ~]# cd /home/simon
[root@emp87 simon]# cat /home/simon/somefile
{content as expected}
Simon.
--
Simon Wilson
M: 0400 12 11 16
7:
[root@emp75 ~]# echo "somealias: /tmp/somefile" >> /etc/aliases && newaliases
[root@emp75 ~]# echo "test" | mail somealias@localhost
[root@emp75 ~]# ls /tmp/somefile
/tmp/somefile (contents as expected)
Simon.
--
Simon Wilson
M: 0400 12 11 16
ogd[945534]: warning: ~ action is deprecated, consider using the
'stop' statement instead [v8.1911.0-7.el8 try
https://www.rsyslog.com/e/2307 ],
it will still work, just with the warnings. To remove the warnings use
'stop' instead.
:msg, contains, "whatever" stop
--
Simon Wilson
M: 0400 12 11 16
"incompatibilities". There is a
Bugzilla with the info, I'll see if I can find it again.
One of them is to set CHUNKING off by default, so unless you are
already explicitly setting smtpd_discard_ehlo_keywords in your config
the new default will be applied.
Simon Wilson
M: 04
d it again.
One of them is to set CHUNKING off by default, so unless you are
already explicitly setting smtpd_discard_ehlo_keywords in your config
the new default will be applied.
Simon Wilson
M: 0400 121 116
From: Viktor Dukhovni
Sent: Monday, 24 May 20
54.225.108.187
54.235.119.112
107.20.134.42
107.20.207.58
107.20.218.183
107.20.232.98
107.20.235.139
107.20.249.220
107.21.204.157
107.22.212.75
184.72.250.175
184.73.205.138
Thanks David, this was very useful.
Simon
--
Simon Wilson
M: 0400 12 11 16
oys at briteverify.
I'm assuming a 50% reduction in postscreen delay may have an unwanted
impact on inbound spam :(
I'll see how it goes.
Thanks again Bill.
Simon
--
Simon Wilson
M: 0400 12 11 16
Simon Wilson
is rumored to have said:
Question about one of those services that validates email addresses
on the fly when you fill in a form...
There is one (Briteverify) which seems to fail email addresses at
our postfix server for an unknown reason.
Let's start with 2 stipulations:
1
> May 22 17:17:54 emp87 postfix/smtpd[805371]: NOQUEUE: reject: RCPT
> from smtpout10.briteverify.com[107.20.235.139]: 550 5.1.1
> :
> Recipient address rejected: User unknown in virtual alias table;
> from=
> to=
> proto=SMTP
> helo=
Is that your email adrress?
Wietse
No. My
.
Simon.
--
Simon Wilson
M: 0400 12 11 16
- Message from Viktor Dukhovni -
Date: Wed, 19 May 2021 00:46:08 -0400
From: Viktor Dukhovni
Reply-To: postfix-users@postfix.org
Subject: Re: RHEL packaged postfix jump
To: postfix-users@postfix.org
On Wed, May 19, 2021 at 12:01:00PM +1000, Simon Wilson wrote
if needed, but if there are any obvious
gotchas will look at those first.
Thanks
Simon.
- End message from Simon Wilson -
--
Simon Wilson
M: 0400 12 11 16
obvious
gotchas will look at those first.
Thanks
Simon.
--
Simon Wilson
M: 0400 12 11 16
? (AFAIK each invocation of a policy server
can only return a single action?)
Hi Nick,
Those are two lines from two different emails - even my slow system
doesn't take 24 hours to process an email :-D
Unless I am misunderstanding your question?
Simon.
--
Simon Wilson
M: 0400 12 11 16
- Message from Wietse Venema -
Date: Thu, 22 Apr 2021 10:01:09 -0400 (EDT)
From: Wietse Venema
Subject: Re: Specific DNS server
To: si...@simonandkate.net
Cc: postfix-users@postfix.org
Simon Wilson:
Is there a way to make Postfix/postscreen use a specific DNS
the mail server... but my first question is whether postfix has or
could have ability to have a specific nameserver (as Spamassassin
does), or if this would be a Bad Idea (TM) for reasons unknown to me.
Simon.
--
Simon Wilson
M: 0400 12 11 16
s it.
I know it's a different setup to yours, but may provide an alternate route.
Simon.
--
Simon Wilson
M: 0400 12 11 16
which is why I think ***a DMARC processor that assumes any
reported
SPF result relates to the Mail From of the message is buggy***.
Scott K" (***emphasis added***)
Simon
--
Simon Wilson
M: 0400 12 11 16
- Message from Dan Mahoney -
Date: Thu, 1 Apr 2021 16:19:05 -0700
From: Dan Mahoney
Subject: Re: Milters and policy
To: si...@simonandkate.net
Cc: postfix-users@postfix.org
On Mar 31, 2021, at 18:23, Simon Wilson wrote:
...if multiple milters are called
Thanks again Benny. I have policyd-spf set to insert an AR header, and
OpenDMARC set to trust the Authserv-Id added in Authentication-Results
headers by policyd-spf and OpenDKIM. All working nicely and good to
understand the sequence.
Simon.
--
Simon Wilson
M: 0400 12 11 16
pd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8893
I.e. in the example above if OpenDMARC is to see and trust an
already-run OpenDKIM Authentication-Results header is the order of
specifying the milters important?
Simon
--
Simon Wilson
M: 0400 12 11 16
- Message from Benny Pedersen -
Date: Thu, 01 Apr 2021 01:50:15 +0200
From: Benny Pedersen
Subject: Re: Milters and policy
To: postfix-users@postfix.org
On 2021-04-01 01:43, Simon Wilson wrote:
Quick question please:
Which does Postfix run first - a milter specified
check_policy_service unix:private/policyd-spf
permit
Thanks.
--
Simon Wilson
M: 0400 12 11 16
- Message from Simon Wilson -
Date: Wed, 24 Mar 2021 09:57:37 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Re: Setting up virtual alias domains and maps - failing to deliver
To: postfix-users@postfix.org
- Message from Noel Jones
- Message from Noel Jones -
Date: Tue, 23 Mar 2021 12:46:29 -0500
From: Noel Jones
Reply-To: njo...@megan.vbhcs.org
Subject: Re: Setting up virtual alias domains and maps - failing to deliver
To: postfix-users@postfix.org
On 3/23/2021 6:31 AM, Simon Wilson wrote
- Message from Simon Wilson -
Date: Tue, 23 Mar 2021 21:31:29 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Re: Setting up virtual alias domains and maps - failing to deliver
To: postfix-users@postfix.org
- Message from Simon Wilson
- Message from Matus UHLAR - fantomas -
Date: Tue, 23 Mar 2021 12:15:03 +0100
From: Matus UHLAR - fantomas
Subject: Re: Sequence of checks for virtual alias
To: postfix-users@postfix.org
On 23.03.21 14:24, Simon Wilson wrote:
I have some user email addresses
- Message from Simon Wilson -
Date: Tue, 23 Mar 2021 17:45:56 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Setting up virtual alias domains and maps - failing to deliver
To: postfix-users@postfix.org
Following recommendation from Viktor
.net, chiarina.net, benjwilson.net,
millikens.net, howiesue.net, tlchomeandyard.com.au, facetbd.net.au,
facetbd.com.au, facetbuildingdesign.net.au, facetbuildingdesign.com.au
virtual_alias_maps = hash:/etc/postfix/virtual
--
Simon Wilson
M: 0400 12 11 16
,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org, check_policy_service
unix:private/policyd-spf permit
--
Simon Wilson
M: 0400 12 11 16
- Message from Simon Wilson -
Date: Tue, 23 Mar 2021 11:23:58 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Re: Rewrite user xxx in a specific local domain
To: postfix-users@postfix.org
- Message from Viktor Dukhovni -
Date: Mon
this entry, mail is rejected with
"relay access denied", or bounces with "mail loops back to myself".
...yet this requirement for "virtual-alias.domainanything
(right-hand content does not matter)" is not stated in
http://www.postfix.org/VIRTUAL_README.
fine already
dom@his-business-domain:dom.w # this is the bit I want to add
How do I achieve this with rewriting or aliasing, i.e. without having
to move to virtual domains?
Simon
--
Simon Wilson
M: 0400 12 11 16
ki/tls/certs/hub.simonandkate.net-chain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/hub.simonandkate.net-cert.pem
smtpd_tls_key_file = /etc/pki/tls/private/hub.simonandkate.net-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
--
Simon Wilson
M: 0400 12 11 16
- Message from Phil Biggs -
Date: Mon, 22 Mar 2021 14:34:44 +1100
From: Phil Biggs
Subject: Re: Double-bounce to ISP's server
To: postfix-users@postfix.org
Monday, March 22, 2021, 1:49:53 PM, Simon Wilson wrote:
Your IP address resolves back to aussiebb:
You need
- Message from Simon Wilson -
Date: Mon, 22 Mar 2021 12:49:53 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Re: Double-bounce to ISP's server
To: postfix-users@postfix.org
- Message from Phil Biggs -
Date: Mon, 22 Mar 2021 13:35
Non-authoritative answer:
Name: mail.simonandkate.net
Address: 119.18.34.29
[root@emp87 ~]# nslookup 119.18.34.29
29.34.18.119.IN-ADDR.ARPA name = mail.simonandkate.net.
Simon
--
Simon Wilson
M: 0400 12 11 16
ubnet
**Using backwards-compatible default setting relay_domains=$mydestination**
Using backwards-compatible default setting smtputf8_enable=no
With the items I need to watch for (emphasis added ** **) that means I
need it to be less than 1. Once I am confident of the outcome I'll set
to 2.
n
If I do those should I explicitly set compatibility_level, or
would it not be needed because I have addressed the compatibility
issues?
And are there any other 'gotchas' to be aware of with this upgrade?
On 21.03.21 21:57, Simon Wilson wrote:
Ok, I migrated the config from the 2.10 server, and
- Message from Simon Wilson -
Date: Fri, 19 Mar 2021 13:40:11 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: upgrade 2.10 - 3.3 config compatibility
To: postfix-users@postfix.org
I have a well established 2.10 Postfix instance on 2.10 (CentOS7
- Message from Simon Wilson -
Date: Sat, 20 Mar 2021 19:19:49 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: _time_limit
To: postfix-users@postfix.org
According to Postfix SMTP Access Policy Delegation[1] "_time_limit"
takes
parameter:
policyd-spf_time_limit=3600
This is on Postfix 3.3 on RHEL8
What am I doing wrong here, or is this just because the name is a
transportname_parameter construct?
Simon
Links:
--
[1] http://www.postfix.org/SMTPD_POLICY_README.html
--
Simon Wilson
M: 0400 12 11 16
/8, 192.168.1.0/24")
3. explicitly set relay_domains=$mydestination
If I do those should I explicitly set compatibility_level, or would it
not be needed because I have addressed the compatibility issues?
And are there any other 'gotchas' to be aware of with this upgrade?
Thank you kindly.
Simon
--
Simon Wilson
M: 0400 12 11 16
On Apr 27, 2017, at 12:45 PM, Simon Wilson <si...@simonandkate.net> wrote:
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/client_checks,
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/sender_access,
That
straight
through postfix to delivery?
Ideally I want something along the lines of
IF((source IP = 192.168.1.0/24) AND (destination =
(root,si...@simonandkate.net,whatever_other_internal)) THEN: send
through aliases and to delivery transport.
Simon.
--
Simon Wilson
M: 0400 12 11 16
Viktor Dukhovni:
> On May 1, 2017, at 8:17 AM, Simon Wilson <si...@simonandkate.net> wrote:
>
> ostscreen is using (threshold 3):
>
>zen.spamhaus.org*3
>bl.mailspike.net*2
>b.barracudacentral.org*2
>bl.spameatingmonk
Simon Wilson:
On my new Postfix 2.10 system incoming mail is slow to process (about
15 seconds end to end), and I think it is mainly because DNS queries
are slowing things down.
The server runs local caching DNS BIND, so it's as quick as I can get
it on the slow Internet connection we
rmit
you to reduce the network dependency.
Worth a try.
Marco
Thanks Marco, I'll investigate that. :)
Simon
--
Simon Wilson
M: 0400 12 11 16
- Message from Simon Wilson <si...@simonandkate.net> -
Date: Mon, 01 May 2017 18:43:41 +1000
From: Simon Wilson <si...@simonandkate.net>
Reply-To: si...@simonandkate.net
Subject: Optimising new system and postscreen questions
To: Postfix users <postfix-us
. Is it worth running postscreen in more detailed (verbose?) mode to
see what it is doing?
Simon.
--
Simon Wilson
M: 0400 12 11 16
oint Horde to the new IMAP server, and set
new postfix to deliver to local cyrus-imapd socket again.
All sound reasonable?
The big test will be inbound SMTP, but that will have to wait until I
can get on to my router and change port forward rules.
--
Simon Wilson
M: 0400 12 11 16
,
reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org,
check_policy_service unix:private/policy-spf
permit
--
Simon Wilson
M: 0400 12 11 16
fix users <postfix-users@postfix.org>
On Apr 27, 2017, at 12:45 PM, Simon Wilson <si...@simonandkate.net> wrote:
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/client_checks,
permit_mynetworks,
permit_sasl_authenticated,
check_s
On Thu, Apr 27, 2017 at 11:51:06PM +1000, Simon Wilson wrote:
1. At the moment when a bot knocks on the postfix server I see
postfix/smtpd[pid] etc. in maillog: can that message show if the knock is on
port 25 or 587?
Sufficiently new versions of the stock Postfix master.cf file have:
#sub
fix users <postfix-users@postfix.org>
On Apr 27, 2017, at 11:54 AM, Simon Wilson <si...@simonandkate.net> wrote:
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictio
of main.cf, the idea being
they can be appended to here?
Simon.
___
Simon Wilson
M: 0400 12 11 16
On Thu, Apr 27, 2017 at 11:51:06PM +1000, Simon Wilson wrote:
1. At the moment when a bot knocks on the postfix server I see
postfix/smtpd[pid] etc. in maillog: can that message show if the knock is on
port 25 or 587?
Sufficiently new versions of the stock Postfix master.cf file have:
#sub
ut = 3600s
- End message from Noel Jones <njo...@megan.vbhcs.org> -----
--
Simon Wilson
M: 0400 12 11 16
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
--
Simon Wilson
M: 0400 12 11 16
- thanks Jan - yes you are allowed... :) It's now working
using TLS and LOGIN mech.
Thanks again guys - kudos to you all for helping me out.
--
Simon Wilson
www.simonandkate.net
/transport
unknown_local_recipient_reject_code = 550
--
Simon Wilson
www.simonandkate.net
Links:
--
[1] http://mail.simonandkate.net
Quoting LuKreme krem...@kreme.com:
On 14-Sep-2009, at 08:59, Victor Duchovni wrote:
On Mon, Sep 14, 2009 at 11:52:27PM +1000, Simon Wilson wrote:
And it never succeeds. If I set smtpd_tls_auth_only to no and
disable Use SSL on the iPhone it auths over SMTP (insecurely) and
sends fine
Quoting Paul Beard paulbe...@gmail.com:
On Sep 14, 2009, at 6:04 PM, Simon Wilson wrote:
Originally I had only port 25 open on the router, and it used to
work fine, with the iPhone specifically told to use port 25 and SSL.
Then something changed (on the iPhone I suspect). Only then did I
%
[score: 0.2655]
0.0 HTML_MESSAGE BODY: HTML included in message
2.2 TVD_SPACE_RATIOBODY: TVD_SPACE_RATIO
Is my TXT record OK? Do I need the IP4 entry?
Thanks.
--
Simon Wilson
www.simonandkate.net
Quoting Mathias Meinelt m...@thinkingmachines.de:
Simon Wilson wrote:
TXT v=spf1 a mx ip4:59.167.212.191 ~all
Your setup of the SPF record is ok, however you should leave out
the
a and mx directive as they have no use here unless you want to
send mail over mail.bluetie.com as well
) saying
Status: Host or domain name not found. Name service error for
name=talktalk.com type=MX: Host not found, try again
So my question is why did I get a message that one was wring and not
the other? Do I need to change config somehow?
Thank you.
--
Simon Wilson
www.simonandkate.net
Quoting Sahil Tandon sa...@tandon.net:
On Mon, 27 Apr 2009, Simon Wilson wrote:
So my question is why did I get a message that one was wring and
not the
other? Do I need to change config somehow?
You use reject_unknown_recipient_domain, which results in a
deferral and
re-retry of mail
85 matches
Mail list logo
