15. Jun 2016 02:55 by wie...@porcupine.org:
> list...@tutanota.com> :
>> > As for greylisting, you could use postscreen's deep protocol tests
>> > instead - those tests require that clients disconnect and come back
>> > before they can send mail.
>>
>> I do not want to delay all the inbound
14. Jun 2016 22:49 by i...@markusbenning.de:
> may be mtpolicyd is an option for you:
>
> https://www.mtpolicyd.org
>
> It is a modular policyd and ships with a plugin for geoip.
> It works like this:
>
This looks like another option to milter-greylist.
I notice that it's different
14. Jun 2016 15:01 by njo...@megan.vbhcs.org:
>> Is there some way to integrate the GeoIP dbs with postscreen?
>
> No, at least not easily.
Ok. That would be a nice function to have, in my own opinion.
> Or for that case is the milter-greylist idea better?
> Yes, that will work fine
13. Jun 2016 17:54 by wie...@porcupine.org:
> list...@tutanota.com> :
>> But then I also read that that 'Policy delegation is now the preferred
>> method
>> for adding policies to Postfix.'
>
> Milter support was added later, because some things can't be done
> with policy servers.
Ok. I
I am considering the installation of Greylisting with Postfix.
I want it only for one condition, to greylist mail originating from certain
countries.
I use Postfix 3.1 with postscreen.
I am already using milters for dkim and dmarc and a policy server for spf.
So looking through the addons and
23. May 2016 18:48 by njo...@megan.vbhcs.org:
> Yes, exactly right idea, but your expressions could use some improvement
Thanks it helped!
>IF /^(To|From|Cc|Reply-To): /
Is the space between ": /" always needed? I think yes.
I noticed this email today about IF ... ENDIF.
I didnt know about it yet so I have been reading and looking at examples.
I can understand some but not all yet. The examples with matching on just an
IP or CIDR are easy to see.
But can IF ... ENDIF in Postfix be used to make this .pcre
23. May 2016 11:11 by wie...@porcupine.org:
> Mail submitted this way will appear to come from IP address 127.0.0.1.
> If you don't have that address in the list of OpenDKIM's local
> networks, then it won't sign.
I do have that local host already in the opendkim configuration.
So I
23. May 2016 10:50 by wie...@porcupine.org:
> To sign mail submitted with /usr/sbin/sendmail, you need to specify
> non_smtpd_milters in main.cf.
>
Yes I understood that instruction.
So now I have it in the main.cf and I verify it
postconf non_smtpd_milters
non_smtpd_milters =
I am testing dkim signing on my Postfix server. I am using the opendkim
milter.
For sending mail to other domains, external and not mine, the signing is
working okay.
But when I test it at the command line using 'sendmail' on the Postfix
server, where I am sending to my own domain
I think the question is a simple one.
Who has the 'problem' when 'they' do not receive 'your' email? 'Them' or
'you'?
For me I have decided that the admins should configure their servers
correctly. If they do not then that is their problem not mine. It the
receiving user want to receive
> Case in point: My own domain's outgoing mail flows are 100% DMARC
> compliant. Yet 94% of my endpoint mail *deliveries* fail DMARC, because
> they go through forwarders that are dropping DMARC, DKIM, SPF, or all
> three on the floor.
Then I think your DMARC policy would be incorrect,
With Postfix I of course have options to choose the order of checks.
For now I did not permanently choose any tool that limits that too much. I
think I'll try to pick and make the tools fit my policy.
So if I understand the comments more or less right, this is a good order, for
the policy it
In the general case of ordering preqeue filtering is it the recommendation to
send mail through DKIM & DMARC checks before, or after, checks for bad
extensions & viruses?
Is the recommendation for security? performance? or both?
>> Configure your policy service to reply with REJECT if you wish for
>> it to reject mail that fails SPF.
>>
I think that I have that correct already
[...]
HELO_reject = Fail
Mail_From_reject = Fail
PermError_reject = True
TempError_Defer = False
[...]
>>
I installed the policyd-spf milter with Postfix 3.1. It also has postscreen.
I want to reject email that does not pass the SPF check.
In the main.cf configuration I added
smtpd_relay_restrictions =
[...]
reject_unauth_destination
24. Apr 2016 13:51 by krem...@kreme.com:
> I agree, in general, but it may be useful in some cases to notify someone
> about issues who does not otherwise have access to the mail server logs. A
> front line support person, for example.
That is what I mean by the comment
"Here the
24. Apr 2016 09:01 by wie...@porcupine.org:
> If someone has the time, they can propose a patch (considering that
> this code was written in 1997, I don't see it as an urgent problem).
> While they are at it, they might also enforce that the transcript
> is sent to the recipient that is
24. Apr 2016 07:09 by wie...@porcupine.org:
> You need to distinguish between the effect (the client dropped the
> connection) and the cause (Postfix rejected mail because it did not
> satisfy policy).
>
Okay I was a little confused because I thought 'reason' means 'cause'.
So I see in
I am experimenting with postfix notify_classes.
To start the config is
notify_classes = bounce, 2bounce, data, delay, policy, protocol,
resource, software
Now in my postmaster inbox I received a message,
Subject: Postfix SMTP server: errors from
22. Apr 2016 15:22 by njo...@megan.vbhcs.org:
> http://www.postfix.org/postconf.5.html#delay_warning_time
> http://www.postfix.org/postconf.5.html#notify_classes
>
That's working just about perfect. Thanks.
Its clock time not the 'Nth delivery attempt' that I looked for.
But I
22. Apr 2016 13:03 by wie...@porcupine.org:
> I made my recommendation based on limited information.
>
Okay since that's all the info that I have for now.
The pipelining map example is good anyway.
So sometimes things happen and you just don't know for sure because its on
the other
22. Apr 2016 12:22 by wie...@porcupine.org:
> They did not detect the . sequence at the end of the
>
>> message content.
>>
>> > When I test it with telnet, the message is accepted
>>
>> That's because you type one command at a time.
>>
Okay.
So what is the reason that it worked for
I am using Makefile to manage database updates.
I organize the source files like this
/etc/postfix
generic
access
aliases
canonical
common_parameters
relocated
transport
virtual
./my/
external_maps
I sent an email to a partner.
Apr 22 10:58:00 tanzer postfix/smtp[9205]: 3qs3FW6g3tz2wJq:
to=, relay=example.com[192.0.1.1]:25, delay=121,
delays=0/0.01/1/120, dsn=4.4.2, status=deferred (host example.com[192.0.1.1]
said: 451 4.4.2 Timeout (120 seconds): closing
> You appear to have copied the smtpd executable over the postscreen
> executable.
You are right I made the same sort of bad mistake in the set up. Thanks for
catching it.
I fixed it, and separated the smtpd for postscreen, and named it so I can
follow it.
So now I see in log
Apr 21
21. Apr 2016 12:56 by j...@rfc1035.com:
> You should really use dig for DNS troubleshooting. Accept no subsitutes.
> Well, apart from delv or drill if you’re troubleshooting Secure DNS errors.
dig I know and can use.
Those other ones are new tools to me. Ill look for them
> SMTP
Hola.
I added the postscreen function to my PostFix server.
I get emails now and lots of spams are blocked by it.
In the log is
Apr 21 12:33:19 tanzer postfix/postscreen[12944]: connect from
unknown[65.181.123.80]
And after the email continues to be delivered okay.
What is "unknown" in
21. Apr 2016 10:52 by wie...@porcupine.org:
>> TURN OFF unverified_recipient_reject_code and you will see why it is
>> reported as
>> a temporary error.
> That should be: turn off unverified_recipient_reject_reason.
>
Okay I read that unverified_recipient_reject_reason is good for privacy
21. Apr 2016 10:01 by wie...@porcupine.org:
> Postfix WILL NOT use unverified_recipient_reject_code if the
> verification result was a soft error.
Okay you have explained
> Can someone tell me what the diffrence is between these (as postfixsee's
> them).
Errors are permanent or temporary.
Hola.
I installed PostFix 3.1.
I added these to the main.cf configuration file:
unverified_recipient_reject_reason = bad address
unverified_recipient_defer_code = 450
unverified_recipient_reject_code = 550
So a unverified_recipient rejection I think should respond by a 550.
When I send the
31 matches
Mail list logo