On Wed, Apr 24, 2024, Kim Sindalsen via Postfix-users wrote:
> https://man.archlinux.org/man/nss-resolve.8.en seems to say that the order
> should be:
> mymachines resolve [!UNAVAIL=return] files myhostname
Might be bad advice - we found this problem:
If /etc/nsswitch.conf uses myhostname for
On Wed, Mar 06, 2024, Wietse Venema via Postfix-users wrote:
> > Again, Postfix does not store line terminators, not when email comes
> > from UNIX tool with \n, via SMTP with \r\n, or encapsulated as
> > netstrings which uses neither.
> In headers that Postfix sends to a milter. I may want to
FYI: the libmilter interface is an internal communication protocol.
It is NOT publically documented on purpose (hence complaining about
missing documentation is somehow annoying).
--
Please don't Cc: me, use only the list for replies.
___
Postfix-users
> SMFIP_NOQUIT would
> be a good protocol extension in general
"Use the source, Luke."
You mean something like
SMFIC_QUIT_NC
?
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On Wed, Jan 24, 2024, Wietse Venema via Postfix-users wrote:
> 1) You can log full headers with a Milter. You will run into the
> length limit of the syslog() client (historically, 2 kBytes) before
> the Milter protocol limit (64 kBytes) which is less than the Postfix
Just FYI: That limit can be
On Fri, Dec 29, 2023, Joachim Lindenberg via Postfix-users wrote:
> What I am really missing is clear statements like SMTP-DANE, SPF,
> DKIM, DMARC are mandatory unless you don't use SMTP at all.
Wow... you really want that?
Then subscribe to emailcore and suggest it over there...
To:
Hi,
Any workarounds in Thunderbird to override this behavior?
here it's working as expected and I did not change anything (Thunderbird
102.8.0 (64-Bit) on Debian).
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy
FYI: the OP replied to me directly (not sure why) - indicating that
Google "silently dropped" the e-mail even though the log shows it was
accepted (and it wasn't delivered to the "spam folder" either).
On Fri, Sep 16, 2022, Stephen Satchell wrote:
> By doing some testing, I found that Google was silently rejecting mail from
What does "silently rejecting" mean?
Do you mean "accepting the mail but not delivering to the recipient"
(not even to the infamous "spam folder")?
On Thu, Aug 11, 2022, Dominik George wrote:
> only that these have a very limited set of tables available, and
Have you taken a look at socketmap_table(5)?
Maybe that can be used to solve your problem.
Hi Viktor,
thanks for clarification. I'll modify my setup here accordingly.
Groetjes
Claus
Am 21.06.22 um 23:13 schrieb Viktor Dukhovni:
On Tue, Jun 21, 2022 at 10:42:33PM +0200, Claus R. Wickinghoff wrote:
> smtpd_tls_cert_file=/etc/letsencrypt/live/mydomain.net/fullchain.
uld
be default behavior in Debian.
master.cf is also the right place to enable submission, i.e. bind to
port 587.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
On Fri, May 27, 2022, James Feeney wrote:
> The "more information" that would be helpful is an example of a
> literal text string transmission, from Postfix, to a milter, and
> then from the milter to Postfix,
"What's the problem you are trying to solve?"
Are you trying to write a replacement
You might want to take a look at the original milter documentation
which comes with sendmail - it should hopefully answer (most of)
your questions.
"order": as specfified in the configuration file.
"reject": equivalent to an SMTP reply code 4xy or 5xy.
"override": if "reject" is used by a milter,
Hi,
do you know how to stop passwords from being brute-forced for a
mailserver? do you have any practical guide?
fail2ban is a proper solution on Linux machines against brute force
login attempts.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still
the actual setup with the provider) it's still ok and
working and safe.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
Mojn,
Today I find only a directory listing at www.postfix.org or www.postfix.com
With http it's working.
With https I get a certificate warning (issued for
archive.science.uu.nl) and a directory listing.
So might be a regional problem?
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl
tead of checking postfix.
A quick hack solution could be to put an entry for smtp.gmail.com in
your /etc/hosts file. But be aware that this hack breaks the day when
gmail moves their server to another ip address.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
so no malware can
forward internet traffic through a vpn into a company network.
I propose to investigate further into this direction.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
On Tue, Aug 03, 2021, John Levine wrote:
> Just wondering, did you add the anti-http stuff because of ALPACA or was it
> already there?
As a simple look at the source code of older releases shows
it was already there.
The ALPACA paper (table 2+3)/website explain that postfix is not
vulnerable to this problem - postfix drops the connection immediately
on common HTTP commands.
--
Please don't Cc: me, use only the list for replies.
by asking any backend for verification.
I think this can be achieved with reject_unverified_recipient to query
dovecot via lmtp but I've no practical experience with this. Probably
you've to do some googling...
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still
are in an ldap you can query that to check if the
recipient address is valid or not.
Hope this helps ;-)
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
> From the times I was using sendmail, I remember that in case when
> forward/reverse DNS didn't match, sendmail logged something like
> unknown (reverse.dns.hostname) [ip.ad.dr.ess]
Log?
relay=hedefserver.com [2.56.152.122] (may be forged)
Or are you talking about the Received: header?
On Thu, Apr 22, 2021, John Levine wrote:
> Nope, vanilla install on MacOS.
Not sure what your "vanilla install" is...
Firefox 88.0 on MacOS:
www.postfix.org
and
http://www.postfix.org/
show the web page just fine without a problem.
It would be nice if the people who write browsers don't try to
On some OS the following code works - I use that for regression
testing when I need fake DNS data:
void
dns_setns(struct in_addr *ns, unsigned int port)
{
if ((_res.options & RES_INIT) == 0)
(void) res_init();
_res.nsaddr_list[0].sin_family = AF_INET;
On Sat, Apr 17, 2021, Wietse Venema wrote:
> Francesc Pe?alvez:
> > Is it possible to identify which password smtp is trying to use? if so I
> > would like to know how
This seems to be a common request hence several people submitted
patches for sendmail to identify at least the account:
On Wed, Mar 10, 2021, Dan Mahoney (Gushi) wrote:
> Yes, and I am asking if there is a postfix knob that says "I know what the
> milter says, but I want something different, because postfix doesn't know
...
Why don't you "fix" the milter instead? Then it would work the way
you want it for every
This is "kind of funny" because a similar (same?) problem
annoyed me enough for sendmail that I changed it:
Log name of a milter making changes (this was missing for
some functions).
the
aliases, makes the routing decisions and can probably filter if needed.
The central server is the only one to receive and send to the outside
world. Another bonus here: Only one place with a logfile to search for
lost communication.
Groetjes
Claus
--
--
Claus R. Wickinghoff, Dipl.-Ing.
using
can easily install and maintain all filter
stuff (anti-virus, anti-spam, e-mail-archive) at the central system, as
any e-mail has to pass by here.
I hope you'll get the idea :-) Otherwise please feel free to ask.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994
Just kill all messages from
Organization: Omicron Theta BBS
it seems to reinject mails.
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
s are pretty
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
international.
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
Please use an address for which you can receive at least non delivery
status information.
Otherwise, why do you expect the recipient to handle your non-replyable
address in any other way than you do, e.g., also rejecting it with
an error?
And if you really don't care: just alias the address to
Hi,
Is there easy way to forward all root mail to devnull?
In /etc/alias:
root: /dev/null
(and afterwards on Debian you have to run newaliases. Might be similar
on other distros)
Groetjes
Claus
--
Claus R. Wickinghoff, Dipl.-Ing.
using Linux since 1994 and still happy... :-)
and this box answers,
that it is unwillingto accept the e-mail because of its SPF setup.
As you're sending from @amazonses.com, I looked up the spf records:
claus@tiger:~$ dig amazonses.com txt
; <<>> DiG 9.11.5-P4-5.1-Debian <<>> amazonses.com txt
[...]
amazonses.com.
spam you can get rid off just on smtp level.
Groetjes
Claus
On Mon, Dec 16, 2019, PGNet Dev wrote:
> The Sendmail 'Usenet'/Google Group is a bit of a sewer; cc'ing Claus to see
> if there's any newer comment/clarity as to why Sendmail's still not
> standards-compliant in this.
Please do NOT use my private e-mail address on a public mailing li
On Mon, Mar 04, 2019, Bill Cole wrote:
> Again, I have not tested this but I know that chgheader CAN return an error
> and would expect it to do so when passed an out-of-range index.
Did you check the documentation?
> Return values exist for good reasons. One of them is to help novice coders
>
On Mon, Nov 26, 2018, Stefan Bauer wrote:
> ehlo test
> 250-mx0.esb.de
> 250-8BITMIME
> 250-SIZE 52428800
> 250 STARTTLS
> But the minus "-" is missing in STARTTLS correct?
No: it's the last line, hence no "-".
> Is there a known workaround available?
Looks like it should work... seems you
On Mon, Jul 31, 2017, Viktor Dukhovni wrote:
> I don't know what milters expect to find in "{cert_issuer}" and
> "{cert_subject}". The CN or the full DN (and if so in what
> encoding). We provide CNs, but perhaps Sendmail provides
> DNs?
It's in the fine documentation (op.*)
On Fri, Jun 23, 2017, Viktor Dukhovni wrote:
> Some MTAs (say Sendmail) don't downgrade to cleartext at all when
> the peer purports to support STARTTLS. Postfix gives the remote
Just FYI: in sendmail 8.16 it's an option:
To automatically handle TLS interoperability problems for
On Wed, Feb 25, 2015, Sebastian Nielsen wrote:
Why are you against fixing mail that are not fully RFC-compliant to
RFC-compliant mail at MTA level?
Because it
- let's lazy programmers/users off the hook.
- adds code (complexity, failures, maintenance).
- introduces incompatibilities.
- hides
On Wed, Nov 19, 2014, Arrigo Marchiori wrote:
MAIL FROM:two@localhost,users@localhost
501 5.1.7 Bad sender address syntax
MAIL FROM:reverse-path [SP mail-parameters ] CRLF
The use of source routes is deprecated; while servers MUST be
From the above, I understand that the e-mail is
On Fri, Nov 14, 2014, A. Schulze wrote:
Android-4.4.2 Mail
If you have a chance, can you contact the developers and ask
them to fix it?
unknown[192.0.2.25]: MAIL FROM: sender@local.
unknown[192.0.2.25]: RCPT TO: receiver@external.*
RFC 5321 explicitly lists this error (for those who
On Wed, Nov 12, 2014, Wietse Venema wrote:
A. Schulze:
the regex above don't match on 'RCPT TO: u...@example.org' ( SPACE
That is invalid syntax. What software (other than home-grown
scripts) sends commands like that?
Last time I looked: at least cashedge.com, used by several US
On Tue, Oct 14, 2014, John wrote:
recipient address hidden host MX.cogeco.ca[216.221.81.26] said: 451
Postmaster
Code 5 - #4.1.8 Domain of sender addressj...@klam.ca does not
resolve.
Try again, it's just a temporary error.
BTW: cool error message with those 8 bit chars in it:
On Sun, Oct 12, 2014, Wietse Venema wrote:
As for the claim that Milters are supposed to see the on-the-wire
message, do you have a pointer to support that?
sendmail:
libmilter/docs/smfi_insheader.html
* A filter will receive only headers that have been sent by
the SMTP client and those
On Mon, Oct 06, 2014, Ricardo Signes wrote:
Note, too, that From and Subject appear in there twice, even though both
headers only appear once in the message. Again, this is permissible and can
be
verified properly, but... what?
It's used to prevent someone adding another set of those
For Sendmail compatibility, Postfix does not show the first header
line. I suggest that you put new content further down in the message.
Does the first header line refer to the (locally added) Received:
header? If so, sendmail doesn't provide that to a milter as it is
not sent by the client.
Hello Wietse!
Hi Claus. Yes, Postfix does not send its own Received: header to
the Milter (or whatever the first line is after Milters have modified
the message).
So the second part is the problem here; thanks for the clarification.
For MeTA1 I added a flag to the pmilter API so a milter can
On Mon, Jan 21, 2013, Jim Reid wrote:
There were/are mailing lists but Sendmail (the company) doesn't seem
There never was a mailing list for sendmail user discussion; the
USENET group seems like a perfectly fine place for that purpose.
There are still mail addresses to contact sendmail.org
address. It always send MAIL FROM: @168.1.150
Which also has a command syntax error: space after colon is invalid.
This is explicitly listed in RFC 5321, pg.20:
Since it has been a common source of errors, it is worth noting that
spaces are not permitted on either side of the colon
On Tue, Nov 22, 2011, Wietse Venema wrote:
It's a shame http://tools.ietf.org/id/draft-hall-prdr-00.txt or
something like it never went anywhere.
It is surprising, considering that there is experience with
per-recipient data replies in LMTP, and that it is straightforward
to implement
On Wed, Nov 23, 2011, Viktor Dukhovni wrote:
On Tue, Nov 22, 2011 at 08:30:49PM -0500, Wietse Venema wrote:
I just stubled across this thread:
http://www.gossamer-threads.com/lists/exim/users/90005
We could take a bold step and do it in two main stream MTAs,
damn the torpedoes.
your postfix might complain about the number or recipients
see smtpd_recipient_limit default_destination_recipient_limit and such
if you run into this
regards
claus
/sender_access,
permit_sasl_authenticated
*
You may want to try to put permit_sasl_authenticated before the
reject_unknown_sender_domain
Depending on your client_access file maybe even before this one.
Regards,
Claus
for sending enabled in the clients MUA?
Regards,
Claus
On Thu, Sep 30, 2010, Victor Duchovni wrote:
Do you have a tcpdump capture? From the above it sounds like HELO is
sent before the 220 banner. That's a protocol error.
Is it?
4.3.1 Sequencing Overview
...
One important reply is the connection greeting. Normally, a receiver
will send a
On Fri, Sep 24, 2010, Wietse Venema wrote:
Fredrik S?derblom:
Why does postfix (2.6.1, 2.7.0) force NOTIFY=NEVER when i change
a RCPT TO: from a milter?
I haven't seen any no documentation on what the recipient attributes
of addrcpt should be. In the absence of that, Postfix maintains
. Either accept them or block them.
When you reject emails then this error code 5xx is what you want/get.
Regards,
Claus
78 matches
Mail list logo