On Wed, Apr 21, 2021 at 03:29:07PM -0400, Alex wrote:
> I should have made that more clear. The problem is that I'm trying to
> create an address to which amavisd should forward all mail unfiltered,
> but it only works if either all addresses are included in the policy
> or the unfiltered address
On Wed, Apr 21, 2021 at 11:17:19AM -0400, Alex wrote:
> I have postfix configured in a multi-instance setup in conjunction
> with amavisd. I'm using always_bcc to create a copy of each email sent
> or received.
This does not create a "copy", it adds a recipient to the message.
> The problem is
On Tue, Apr 20, 2021 at 10:51:29AM -0700, Stephen Satchell wrote:
> > # Bind submission to specific interfaces, like lo and/or LAN
> > # (add other options to taste)
> > #127.0.0.1:submission inet n - y - - smtpd
> > # -o syslog_name=postfix/submission
> >
On Tue, Apr 20, 2021 at 09:34:05AM +0200, Maurizio Caloro wrote:
> # mta-sts
> smtpd_policy_maps = socketmap:inet:127.0.0.1:8461:postfix
The smtpd(8) policy service filters incoming traffic, it has nothing to
do with outgoing TLS policy.
> /etc/ # postmap -q caloro.ch
On Sun, Apr 18, 2021 at 08:49:34PM -0400, Demi Marie Obenour wrote:
> >> Each system is issued a certificate for its own domain. Perhaps a
> >> better example would be email Subject Alternative Names.
> >
> > That's not an example (use-case), it is a certificate field. What
> > is the
On Sun, Apr 18, 2021 at 07:59:07PM -0400, Demi Marie Obenour wrote:
> >> Would it be possible to support trusting based on subject alt name?
> >> I would like a machine with a certificate for a.example.com to send
> >> mail from a.example.com domains.
This rather mixes end-to-end properties (the
On Fri, Apr 16, 2021 at 05:30:43PM -0400, Bill Cole wrote:
> No two current OS/distro 'families' of the 6 that I've checked have
> the same 465/tcp entry, and only Debian has 'submissions' as the
> primary name. None include it as an alias. All except MacOS have
> smtps as either the primary
On Fri, Apr 16, 2021 at 01:22:25PM -0400, post...@ptld.com wrote:
> On 04-16-2021 1:04 pm, Wietse Venema wrote:
> > As Viktor noted, each smtpd(8) process makes its own connection to
> > a policy service. Then, an smtpd(8) process will reuse its own
> > policy service connection, not a connection
On Fri, Apr 16, 2021 at 11:50:12AM -0400, post...@ptld.com wrote:
> master.cf:
>userpolicy unix - n n - 0 spawn user=mail
> argv=/usr/libexec/postfix/per-user-policy
This means one process per connection. So when there are multiple
smtpd(8) processes, each one will spawn a separate policy
On Wed, Apr 14, 2021 at 02:24:23PM -0400, Wietse Venema wrote:
> TL;DR: the idea is to change the smtpd_forbidden_commands default
> setting to something like:
>
> CONNECT GET POST pcre:{/^\x16/ Possible TLS handshake}
>
> Which would match current TLS protocols.
I guess subject to "#ifdef
On Mon, Apr 12, 2021 at 07:23:50PM +0200, richard lucassen wrote:
> mail.info: Apr 12 18:01:16 opendkim[13977]: 828FE7F581: s=202103 d=example.com
> SSL error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid
> padding;
> error: 04067072:rsa routines:rsa_ossl_public_decrypt:padding
On Sun, Apr 11, 2021 at 04:13:39AM +, Ricardo Barbosa wrote:
> Is it possible using accented characters in the subject type "ã" and "é"?
Yes, provided they're encoded to quoted-printable (good for Latin-based
scripts, such as Portuguese) or base64 (for other scripts, e.g. Chinese)
see
gt; tls_preempt_cipherlist = yes
> tls_ssl_options = NO_COMPRESSION
> virtual_alias_maps =
> mysql:/etc/postfix/sql/aliases.cf,mysql:/etc/postfix/sql/email2email.cf
> virtual_mailbox_domains = mysql:/etc/postfix/sql/domains.cf
> virtual_mailbox_maps = mysql:/etc/postfix/
> On Apr 1, 2021, at 1:38 PM, DEPRÉ Gaëtan - NGServers.com
> wrote:
>
> I enabled port 465, but no chance. Still the same problem, only with
> android/outlook...
This would be far more productive if you also post configuration details.
$ postconf -Mf
$ postconf -nf
--
> On Apr 1, 2021, at 12:02 PM, Michael Grimm wrote:
>
>
> But it is good to know that smtp_address_preference might help me with other
> ISP blocking my IPv4.
For such cases I use the transport table:
master.cf:
smtp unix ... smtp
smtp4 unix ... smtp -o inet_protocols=ipv4
[ If your domain is DNSSEC signed and employs NSEC3 for authenticated
denial of existence, or you're considering deploying DNSSEC at some
point, read on... ]
RFC 5155 defined NSEC3 iterations to scale up with the RSA/DSA key size
up to perhaps as high as 2500 iterations for 4096-bit keys. In
> On Apr 1, 2021, at 8:40 AM, Michael Grimm wrote:
>
> Is inet_protocols 'order sensitive'?
No.
> What I mean is, does postfix follow the order of the following settings:
>
> inet_protocols = ipv4, ipv6
> inet_protocols = ipv6, ipv4
No.
> Would the latter definition tell postfix
On Wed, Mar 31, 2021 at 11:29:04PM +0200, gde...@ngservers.com wrote:
> I can't send emails while using my android smartphone + outlook.
Perhaps your phone is sending SMTP commands with non-ASCII data, but
your Postfix server is not configured to support SMTPUTF8. However,
more likely your
> On Mar 29, 2021, at 3:45 PM, Tomas Habarta wrote:
>
> 6663]: recvmsg(128, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0",
> iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CTRUNC}, 0) = 1
> [7141]: recvmsg(128, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0",
>
On Mon, Mar 29, 2021 at 06:36:10PM +0200, Tomas Habarta wrote:
> selinux enabled:
> transaction fails with:
>
> tlsproxy[23256]: warning: tlsp_get_fd_event: receive remote SMTP peer file
> descriptor: Success
> tlsproxy[23256]: TLS handshake failed for service=smtp peer=[10.25.41.35]:25
>
On Mon, Mar 29, 2021 at 08:23:40AM +0200, DEPRÉ Gaëtan - NGServers.com wrote:
> I modified the files master.cf & main.cf as you adviced.
>
> The command postmap -q y...@mydomain.dom "$(postconf -Phx
> smtps/inet/smtpd_sender_login_maps)"
> returns me the two users that are able to send email
On Sun, Mar 28, 2021 at 01:30:49PM -0700, Greg Sims wrote:
> The second group started at 01:00. The send rate changed from 500
> emails sent per minute to 15 emails per minute. We are still
> delivering this email as I type this.
Have you looked at the distribution of the "c/d" values in the
On Mon, Mar 29, 2021 at 12:35:39AM +0200, Gaëtan DEPRÉ wrote:
> I’d like x...@mydomain.dom being able to send mails from y...@mydomain.dom.
>
> The actual error is : 5.7.1 y...@domain.dom: Sender address rejected: not
> owned by user x...@domain.dom
Have you tested your unionmap? For a minimal
On Sun, Mar 28, 2021 at 01:08:44AM +0100, Francesc Peñalvez wrote:
> Right now dnssec is activated in the external manager zoneedit.com, in
> which I cannot modify the type of encryption or the length of the key.
If there are no key size or algorithm settings in zoneedit.com, then
indeed you're
On Sat, Mar 27, 2021 at 01:59:56PM +0100, Francesc Peñalvez wrote:
> I have a connection of the domestic type, with 7 computers in an
> internal network, in which I do not have access to make any changes to
> the ip. I use external dns service to manage the bind9 service,
> although I have
On Sat, Mar 27, 2021 at 12:51:36PM +0100, Francesc Peñalvez wrote:
> I have the dns of the domain managed externally, configured with
> dnssec, and another host running postfix. How could I integrate that
> postfix use the dnssec configuration? Would it be enough to add the
> dns of the external
On Wed, Mar 24, 2021 at 09:47:26PM +, Paul Fowler wrote:
> I just got around to testing these parameters this evening.
> They work as you suggested but I'm concerned about the potential
> security implications. So I'll do some more research in this area and
> see whether this is still worth
On Tue, Mar 23, 2021 at 12:57:08PM -0500, Noel Jones wrote:
> To control how many levels are matched you'll need a regex or pcre
> table.
>
> for matching one level, maybe:
> /^[a-z0-9]+\.example\.com$/ transport:nexthop
With transport lookups in regex tables, the lookup key is
the full
On Tue, Mar 23, 2021 at 02:24:09PM +1000, Simon Wilson wrote:
> I have some user email addresses (in domains that are specified as
> virtual_alias_domain) listed in /etc/postfix/recipient_access and
> configured to return 550 Mailbox no longer in use.
If you just delete both the virtual(5)
On Tue, Mar 23, 2021 at 10:16:31AM +1000, Simon Wilson wrote:
> I run multiple local domains, and for the first time need to have the
> same username in two of them go to different local accounts.
>
> I.e. my son has a local (LDAP) account "dom". Mail sent to
> dom@his-personal-domain
> On Mar 22, 2021, at 12:53 AM, Phil Biggs wrote:
>
> Yes, I do have it configured as you say. I suspect that's a carry-over from
> an
> old pfSense package config I used as the basis for my first postfix server.
>
> As I don't have any known email problems at present, I'll wait
> for 3.6
On Mon, Mar 22, 2021 at 12:32:18PM +1000, Simon Wilson wrote:
> I have temporarily set it at 0 after reading
> http://www.postfix.org/COMPATIBILITY_README.html to ensure that I pick
> up in logging if/when backwards-compatibility is triggered by the
> legacy settings as follows (from
>
On Mon, Mar 22, 2021 at 01:35:12PM +1100, Phil Biggs wrote:
> Mar 21 14:50:35 postfix/postscreen[3804]: CONNECT from [18.205.72.90]:43471
> to [192.168.11.2]:25
> Mar 21 14:50:41 postfix/postscreen[3804]: PASS NEW [18.205.72.90]:43471
> Mar 21 14:50:43 postfix/smtpd[3806]: connect from
>
On Mon, Mar 22, 2021 at 10:17:16AM +1000, Simon Wilson wrote:
> I've removed mynetworks_style based on improved knowledge as noted
> above; commented out append_dot_mydomain and relay_domains, have set
> compatibility_level to 0, and will monitor for messages.
The right compatibility level
On Sun, Mar 21, 2021 at 07:25:31PM -0400, Demi Marie Obenour wrote:
> Another approach would be to create a “wrapped” MIME type that
> just wraps another message in base64. That has the advantage of
> working with multipart/signed et al. quoted-printable also has line
> continuations.
It is an
On Sun, Mar 21, 2021 at 05:14:39PM +0100, Jaroslaw Rafa wrote:
>
> /^examplelist.*@list\.maennerchor-kirchseeon\.de$/DUNNO
> /@list\.maennerchor-kirchseeon\.de$/550 5.1.1 User unknown in local
> recipient table
> /^examplelist/550 5.1.1 User unknown in local recipient table
There's
On Sun, Mar 21, 2021 at 04:22:06PM +0100, Jaroslaw Rafa wrote:
> If you want "maennerchor-kirchseeon.de" to be a local domain instead, you
> need to make "the-grue.de" a virtual domain,
This is not true. Multiple local domains are fine.
--
Viktor.
On Sun, Mar 21, 2021 at 03:44:06PM +0100, Markus Grunwald wrote:
> I've set up postfix to serve mail for the local domain the-grue.de
> and for the virtual domains maennerchor-kirchseeon.de and
> goldschmiede-grunwald.de
>
> Now I'd like to run a mailman mailing list for
>
On Sun, Mar 21, 2021 at 10:21:54AM -0400, Wietse Venema wrote:
> > When using Postfix "smtpd_tls_security_level = encrypt" in main.cf
> > is it possible to make an exception for an incoming mail server
> > connection that does not support encryption?
>
> Use "smtpd_tls_security_level = may" and
On Sun, Mar 21, 2021 at 04:38:56PM -0400, Wietse Venema wrote:
> With non-uniform input, or with input from a smaller alphabet, I
> expect that YMMV (the expansion can be less or more than 2%). For
> example 1000 null bytes expand into 2000 (100%), and when content
> requires no escaping, 998
On Sat, Mar 20, 2021 at 08:23:20PM -0400, Wietse Venema wrote:
> David Mehler:
> > I don't want to blanket disable reject_unknown_helo_hostname is there
> > a way I can set a helo exception for this one host/sender?
>
> Yes you can.
>
> smtpd_recipient_restrictions =
> ...
>
On Fri, Mar 19, 2021 at 04:14:30PM -0500, LoneStarKen wrote:
> # postconf -d | grep smtpd_discard
> smtpd_discard_ehlo_keywords = chunking
That's the only value needed. Whoever built your package decided to
disable the ESMTP CHUNKING extension (aka BDAT). If you want/need
BDAT, you'll need to
> On Mar 19, 2021, at 3:56 PM, LoneStarKen wrote:
>
> Maybe so. Here is output from postconf containing "discard_ehlo_keywords":
>
> # postconf | grep discard_ehlo_keywords
> postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
> smtp_discard_ehlo_keywords =
>
On Fri, Mar 19, 2021 at 01:48:53PM -0500, LoneStarKen wrote:
> Thank you for the response. Those entries don't seem to exist in my main.cf
> or master.cf.
>
> I grepped (case insensitive) main.cf for ehlo, keywords, and discard and none
> of those words exist.
Are you running a modified
On Fri, Mar 19, 2021 at 07:53:09PM +0100, Matus UHLAR - fantomas wrote:
> I mean, aNULL on port 25 is fine.
>
> aNULL on port 465 and 587 is not fine, is it?
Of course it is fine, if you're not asking for client certs, and the
client is willing to do aNULL (i.e. ignore your certificates), then
On Fri, Mar 19, 2021 at 11:02:09AM -0500, LoneStarKen wrote:
> Mar 19 10:51:58 mail postfix/smtpd[XX]: discarding EHLO keywords: CHUNKING
Presumably you have a non-default setting of
smtp_discard_ehlo_keywords
possibly via master.cf overrides?
--
Viktor.
On Fri, Mar 19, 2021 at 11:18:27AM -0400, Jaroslav Skarvada wrote:
> 14. postfix-3.5.8/src/util/dict_inline.c:124: uninit_use_in_call: Using
> uninitialized value "value" when calling "dict_file_to_b64".
> 17. postfix-3.5.8/src/util/dict_inline.c:125: overwrite_var: Overwriting
> "err" in "err
On Tue, Mar 16, 2021 at 05:51:07PM +0100, Matus UHLAR - fantomas wrote:
> >When the Postfix TLS security level requires authentication (mandatory
> >TLS stronger than just "encrypt"), Postfix automatically disables the
> >aNULL ciphers internally. You never need to do explicitly, except to
>
On Fri, Mar 19, 2021 at 12:20:10AM -0400, Bill Cole wrote:
> > * If so, does this apply to **(a)** the entire set of restrictions;
> > **(b)** just the restriction list where cfg’d; **(c)** only the
> > restriction that immediately follows **warn_if_reject**?
>
> As I read the postconf(5) man
On Thu, Mar 18, 2021 at 05:17:58PM -0700, David Koski wrote:
> Postfix is only mapping email addresses and not FQDNs. Mapping works
> for u...@mydomain.com but not mydomain.com, .mydomain.com or @mydomain.com.
>
> # postmap -q localhost mysql:/etc/postfix/mysql_transport_maps.cf
>
> # postmap
On Fri, Mar 19, 2021 at 12:44:52AM +0530, Durga Prasad Malyala wrote:
> > It should work, given a correct PCRE table, however, as mentioned above,
> > a better solution is not use PCRE at all:
> >
> > # Postfix 3.0 and later have an "inline" table type:
> > #
> >
On Thu, Mar 18, 2021 at 11:30:56PM +0530, Durga Prasad Malyala wrote:
> > If you want usable help, you'll need to be willing to post the actual
> > domain name, not an obfuscated version.
>
> the domain is ucc-bsnl.co.in
Thanks, yes the domain "ucc-bsnl.co.in" has neither MX records, nor any
A
On Thu, Mar 18, 2021 at 10:21:02PM +0530, Durga Prasad Malyala wrote:
> I am getting the error "Sender address rejected: Domain not found exception"
> in my mail server.
Are you sure the word "exception" is there? Postfix does not generate
messages, but it does generate "Domain not found" when
On Tue, Mar 16, 2021 at 11:07:54AM +0100, Jens Hoffrichter wrote:
> We have a central, internal mail dispatching system, after all the
> content filtering etc. which processes inbound and outbound emails.
It seems that this is the system you're trying to configure. Do you
have any influence on
On Mon, Mar 15, 2021 at 03:24:19PM +0100, Jens Hoffrichter wrote:
> I can see in the log file that the trivial rewrite resolves the next
> hop correctly from the extra transport map, and sends that back to the
> smtpd, but the information is ignored when it comes to the smtp
> process.
Transport
On Mon, Mar 15, 2021 at 09:07:43AM -0700, Stephen Satchell wrote:
> Problem: someone is probing my Ubuntu 20.04 LTS based mail server.
> Along with SSH attacks (now mitigated) I had a number of log messages
> saying auth failures in Dovecot. When I traced packets generating these
> messages,
On Thu, Mar 11, 2021 at 11:01:19AM +, Vincent Pelletier wrote:
> On Wed, 10 Mar 2021 09:49:13 -0500 (EST), Wietse Venema
> wrote:
> > FYI, All Postfix implementations have the same xxx_get_passwd()
> > implementation, since this code was contributed in 1999:
>
> Thanks, I wanted to check
On Wed, Mar 10, 2021 at 04:45:29PM +0100, Markus E. wrote:
> Sorry, I meant it's empty in my config. I know that defaults to
> "permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination".
>
> But, you gave me a good hint here. I'll try to set
> smtpd_relay_restrictions to
> On Mar 10, 2021, at 1:08 PM, Wietse Venema wrote:
>
>> For machine-readable output, try "postqueue -j", which reports dates in
>> epoch time. For example:
>>
>>$ postqueue -j |
>> jq -r '[.queue_id, (.arrival_time | tostring), .sender] | join(" ")'
>
> I used this:
>
>jq -r
On Tue, Mar 09, 2021 at 11:13:37PM -0700, Bob Proulx wrote:
> The time reported by mailq seems confusing. Sometimes it seems to be
> reporting in system time and sometimes UTC time?
Set your timezone consistently. When running as a non-root user, setgid
programs such as "postqueue" ignore
On Tue, Mar 09, 2021 at 09:35:35AM -0800, Greg Sims wrote:
> Mar 09 08:12:15 mail01.raystedman.org postfix/smtpd[13431]:
> warning: hostname mail01.raystedman.org
> does not resolve to address 192.168.122.12
An SMTP client at IP address 192.168.122.12 connected to your SMTP
server. That IP
On Fri, Mar 05, 2021 at 04:25:38AM -0500, Viktor Dukhovni wrote:
> There are only two common ways a message without duplicated recipients
> gets delivered to the same mailbox twice:
>
>1. Address rewriting (including BCC maps) duplicates a recipient,
> and "enabl
On Fri, Mar 05, 2021 at 03:41:06AM -0500, Steve Dondley wrote:
> Here are postfix config file: https://pastebin.com/bZxjHF5y
I don't usually go chasing pastebin URLs...
> Hopefully something jumps out at you.
There are only two common ways a message without duplicated recipients
gets delivered
On Thu, Mar 04, 2021 at 01:24:59PM -0500, Steve Dondley wrote:
> After staring at these logs some more and piecing together the advice
> here, here's my understanding of what's happening:
>
> * Mail comes in via smtpd as user sends mail. It's going to 3
> recipients. I'm not sure who those might
> On Mar 3, 2021, at 10:24 AM, Marek Kozlowski
> wrote:
>
> One more question just for sure: 'a client' means 'an IP address' for the
> setting mentioned in the previous mail? If so - postfix must store them
> somewhere. Isn't there a risk of too much memory allocated for that purpose?
> How
On Mon, Mar 01, 2021 at 11:14:57AM +0100, Jaap Gordijn wrote:
> relayhost = aaa.bbb.ccc:25
> virtual_mailbox_domains = xxx.yyy.zzz
> virtual_transport = lmtp:unix:private/dovecot-lmtp
>
> I would like to achieve the following
> - mail of all subnets in my LAN is relayed if nesessary (so not for
On Mon, Mar 01, 2021 at 01:24:01PM +0800, Thomas wrote:
> Postfix can't send email to gsuite's MTA via IPV6 interface.
I'll take that as a premise (for your particular system).
> But if I change this item to:
> inet_protocols = ipv4
>
> It works.
And this as your work-around.
> Can you help
On Sun, Feb 28, 2021 at 01:35:40AM -0500, JF Mezei wrote:
> Situation: OS-X Snow Leopard server, with Postfix that came built by Apple.
> According to postconf -d , Mail version: Postfix 2.5.14
Is that still your target platform, or are you now building for a newer
Apple machine?
> do postconf
On Thu, Feb 25, 2021 at 11:39:19PM +, Allen Coates wrote:
> It is an *ANCIENT* reference, but the but the O'Reilly book "Building Internet
> Firewalls" describes a simple program called smap.
>
> It runs without root privileges and ONLY accepts incoming SMTP connections,
> dropping messages
> On Feb 25, 2021, at 1:53 PM, Wietse Venema wrote:
>
> Also, fixed-unprivileged mode can make Postfix LESS secure: root
> privileges are used by none of the Postfix programs in your forwarding
> path as they handle email. In fixed-unprivileged mode, a compromised
> Postfix daemon process can
On Wed, Feb 24, 2021 at 08:31:25PM +0100, Michael Grimm wrote:
> mail> postfix reload
> /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf:
> unused parameter: respectful_logging=no
> postfix/postfix-script: refreshing the Postfix mail system
That appears to be
On Wed, Feb 24, 2021 at 07:29:18PM +0100, Jaroslaw Rafa wrote:
> > Postfix version 3.6 deprecates terminology that implies white is
> > better than black.
>
> -1
FWIW, I also would not have made these changes, and personally think
they do more harm than good. That said, the best thing at this
On Tue, Feb 23, 2021 at 01:19:24PM -0500, Wietse Venema wrote:
> > > Yes, it does, but the way it ?deals? with it is to throw an error
> > if one connection tried to read while another is writing. The net
>
> Bleh, it does not retry the operation?
Only if you specify a retry timeout. SQLite is
On Mon, Feb 22, 2021 at 02:32:59PM -0700, Bob Proulx wrote:
> Viktor Dukhovni wrote:
> > If it is not an emergency, and it was working fine before the change,
> > generally
> > best to let the change take place incrementally. You can reduce the latency
> > b
> On Feb 22, 2021, at 2:07 PM, Pedro David Marco wrote:
>
> postfix restart means 'postfix stop ; postfix start'
>
> maybe it would be a good idea to introduce some delay between stop and start?
Actually, to expedite the visibility configuration changes, it is generally
sufficient to do a
On Sun, Feb 21, 2021 at 10:09:43PM -0700, Gary Aitken wrote:
> What is the relationship between the -v args in master.cf and
> debug_peer_level and debug_peer_list in main.cf?
Each -v flag raises the verbosity level by 1 globally. The
debug_peer_list parameter set the verbosity to
On Sun, Feb 21, 2021 at 05:22:56PM -0700, Gary Aitken wrote:
> If someone can point me at an explanation of log entries it would be much
> appreciated.
Verbose logging is ad-hoc and not documented. Your log level is too
high.
> Whenever a new entry arrives for processing, I see what looks like
On Fri, Feb 19, 2021 at 11:13:57PM +, Antonio Leding wrote:
> I wanted to ask about the expected behavior if there are multiple
> entries in an SQL table for the same lookup (IP address, network,
> domain, etc.) which specify either the same or different actions
> (REJECT, OK, etc.).
As
On Thu, Feb 18, 2021 at 09:02:26PM +, Matthew Selsky wrote:
> Our transport table has:
> domain1.invalid affiliate:[external1.invalid]
>
> And master.cf has:
> affiliate unix - - n - - smtp
> -o smtp_generic_maps=${ldap}generic-ldap.cf
>
>
On Thu, Feb 18, 2021 at 11:53:56AM -0500, Wietse Venema wrote:
> Viktor Dukhovni:
> > Bottom line, use the transport(5) table for routing, and access(5) for
> > access control.
>
> These are queried at different points in time. Is this race-condition
> safe, i.e. can LD
On Thu, Feb 18, 2021 at 10:56:24AM -0500, Viktor Dukhovni wrote:
> > Let me modify the pseudocode to describe my goal in more detail:
> >
> > x = ldap_lookup_recipient_record(envelope_to_address)
> > if x.has_attribute(alpha)
> > reject_with_code_4xx(me
On Thu, Feb 18, 2021 at 02:00:11PM +0100, Ralph Seichter wrote:
> > I strongly do not recommend using LDAP for per-user transport lookups.
>
> Shame that it does not scale, because it works. I have tried using a
> combination of LDAP-based virtual_alias_maps and hashed transport_maps
> as per
On Thu, Feb 18, 2021 at 07:52:07AM +0100, Ralph Seichter wrote:
> In a new server setup, I use two consecutive transport lookups:
>
> transport_maps = ldap:/etc/postfix/foo.cf ldap:/etc/postfix/bar.cf
I strongly do not recommend using LDAP for per-user transport lookups.
Instead:
- Use
On Wed, Feb 17, 2021 at 07:04:54PM +0100, Jeff Abrahamson wrote:
> But the man page makes a good argument for setting this to medium.
> I'd originally set smtpd_tls_mandatory_ciphers = high, I've switched
> it to medium.
You can set it back to "high". Perhaps that should even be the new
> On Feb 16, 2021, at 3:57 PM, Dominic Raferd wrote:
>
>> In what way does that improve your security over the default, which
>> allows 1.0 and 1.1?
> As stated this is for auth clients i.e. our own people, using SMTPS or
> STARTTLS. There is no problem for us in enforcing it for them, they
> On Feb 15, 2021, at 9:57 PM, Wietse Venema wrote:
>
> I just verified that TLS works when running "sendmail -bs" as user
> 'postfix' from inetd. But I agree that this mode of operation is
> suitable only for extraordinary cases.
How was the SMTP server able to load the certificate chain? The
> On Feb 15, 2021, at 8:51 PM, Eugene Podshivalov wrote:
>
> Generic approach to system administration and access control reconfiguration
> at runtime (without service reload).
If your max_idle and max_use are not too high, Postfix does
not need to be "reloaded" to detect changes in main.cf.
> On Feb 15, 2021, at 9:03 PM, Wietse Venema wrote:
>
>> Is it by chance possible that tcp wrappers will be supported in future at
>> least as an optionally compiled feature?
>
> If you must, you can run "/usr/sbin/sendmail -bs" as user "postfix"
> under TCP Wrappers from inetd.
Please don't
On Mon, Feb 15, 2021 at 06:34:31AM +, Koga Hayashi wrote:
> > Googling the error message suggests earthlink has blocked your IP
> > and suggests what you can do about it. I don't speak for earthlink,
> > but generally IP blocks can be from previous or ongoing spam from
> > that IP, or a
On Sun, Feb 14, 2021 at 10:49:52AM -0500, John Levine wrote:
> # virtual addresses
> 回声@xn--zbs01c.xn--5nqx41au4nqohsp3axcg.xn--fiqs8s echo
> 回声@声.电子邮件测试.中国echo
>
> Feb 14 10:26:16 eaicheck postfix/smtpd[48778]: DED2E89340:
> client=localhost[127.0.0.1]
> Feb 14 10:26:16 eaicheck
On Sat, Feb 13, 2021 at 09:56:52PM +0100, Dan wrote:
> It looks like that postfix don't know to handle other users.
No, rather you have a syntax error in your main.cf file.
> Okay how to solve this?
Fix the syntax error.
> Here the logs attached.
> If I send a mail from gmail:
>
> Feb 13
On Sat, Feb 13, 2021 at 08:49:56PM +0100, Dan wrote:
> /etc/postfix/main.cf:
> smtpd_recipient_restrictions =
> ...
> check_recipient_access hash:/etc/postfix/protected_destinations
> ...the usual stuff...
>
> smtpd_restriction_classes = insiders_only
>
On Fri, Feb 12, 2021 at 06:35:50PM +, Chris Green wrote:
> The Debian patch sets myorigin:-
>
> # Debian GNU/Linux specific: Specifying a file name will cause the
> # first line of that file to be used as the name. The Debian default
> # is /etc/mailname.
> #
>
On Fri, Feb 12, 2021 at 09:13:58PM +1000, Mark Constable wrote:
> The reason for wanting this setup is that I've started using delta.chat
> with a few friends and I want to maximize the speed between our mailservers
> and also try to minimize the size of the messages to sometimes <1500 bytes.
On Fri, Feb 12, 2021 at 11:14:24AM +, Dominic Raferd wrote:
> On 12/01/2021 01:21, Viktor Dukhovni wrote:
> > On Tue, Jan 12, 2021 at 01:00:26AM +, JL (Postfix Readers A/c) wrote:
> >
> >> Can someone point me at the right place in the docs, or offer advice
>
On Fri, Feb 12, 2021 at 12:06:02PM -0500, Matt Shields wrote:
> 1. Rewrite the FROM address in each message
> a. host1.lan has a process that sets the FROM as t...@mycompany.com, this
> is okay to let relay
> b. host2.lan has a script that sends as r...@host2.lan, rewrite FROM as
>
> On Feb 12, 2021, at 12:29 PM, Eugene Podshivalov wrote:
>
> Another somewhat related question is: in order to probe the smtpd needs to
> resolve all virtual etc. mappings which is also done by the cleanup. Is this
> resolution done twice in this case?
The smtpd(8) process does not perform
> On Feb 12, 2021, at 2:43 PM, Wietse Venema wrote:
>
> sendmail -G -i -f "sender" -- recipient... < file
>
> The -G will prevent Postfix from rewriting/adding message headers.
> It will still prepend a Received: header, but if that breaks DKIM,
> then the sender is at fault.
>
> However,
On Fri, Feb 12, 2021 at 02:54:29PM +1000, Mark Constable wrote:
> Hi, I have a fairly typical postfix install with port 465 requiring
> authentication. I'd like to allow one sender (email address or IP) to
> inject email on port 465 without providing login/password authentication.
Permitting
On Fri, Feb 12, 2021 at 05:11:32PM +1300, Nick Tait wrote:
> On 12/02/2021 7:09 am, Jos Chrispijn wrote:
> > Hi team, can it be that responses in this mailinglist are also send by
> > cloud9.net instead of only postfix.org?
> > Just asking to prevent contermination by importing parallel
1501 - 1600 of 6491 matches
Mail list logo