Re: simple greylisting by geoip? milter or policy server?

15. Jun 2016 02:55 by wie...@porcupine.org: > list...@tutanota.com> : >> > As for greylisting, you could use postscreen's deep protocol tests >> > instead - those tests require that clients disconnect and come back >> > before they can send mail. >> >> I do not want to delay all the inbound

Re: simple greylisting by geoip? milter or policy server?

14. Jun 2016 22:49 by i...@markusbenning.de: > may be mtpolicyd is an option for you: > > https://www.mtpolicyd.org > > It is a modular policyd and ships with a plugin for geoip. > It works like this: > This looks like another option to milter-greylist. I notice that it's different

Re: simple greylisting by geoip? milter or policy server?

14. Jun 2016 15:01 by njo...@megan.vbhcs.org: >> Is there some way to integrate the GeoIP dbs with postscreen? > > No, at least not easily.   Ok.  That would be a nice function to have, in my own opinion. > Or for that case is the milter-greylist idea better? > Yes, that will work fine

Re: simple greylisting by geoip? milter or policy server?

13. Jun 2016 17:54 by wie...@porcupine.org: > list...@tutanota.com> : >> But then I also read that that 'Policy delegation is now the preferred >> method >> for adding policies to Postfix.' > > Milter support was added later, because some things can't be done > with policy servers. Ok.  I

simple greylisting by geoip? milter or policy server?

I am considering the installation of Greylisting with Postfix. I want it only for one condition, to greylist mail originating from certain countries. I use Postfix 3.1 with postscreen. I am already using milters for dkim and dmarc and a policy server for spf. So looking through the addons and

Re: check_client_access cidr - Performance concerns ?

23. May 2016 18:48 by njo...@megan.vbhcs.org: > Yes, exactly right idea, but your expressions could use some improvement Thanks it helped! >IF /^(To|From|Cc|Reply-To): / Is the space between ": /" always needed? I think yes.  

Re: check_client_access cidr - Performance concerns ?

I noticed this email today about IF ... ENDIF. I didnt know about it yet so I have been reading and looking at examples. I can understand some but not all yet.  The examples with matching on just an IP or CIDR are easy to see. But can IF ... ENDIF in Postfix be used to make this .pcre

Re: How to dkim-milter-signing email from myself, to myself?

23. May 2016 11:11 by wie...@porcupine.org: > Mail submitted this way will appear to come from IP address 127.0.0.1. > If you don't have that address in the list of OpenDKIM's local > networks, then it won't sign. I do have that local host already in the opendkim configuration. So I

Re: How to dkim-milter-signing email from myself, to myself?

23. May 2016 10:50 by wie...@porcupine.org: > To sign mail submitted with /usr/sbin/sendmail, you need to specify > non_smtpd_milters in main.cf. > Yes I understood that instruction. So now I have it in the main.cf and I verify it postconf non_smtpd_milters   non_smtpd_milters =

How to dkim-milter-signing email from myself, to myself?

I am testing dkim signing on my Postfix server.  I am using the opendkim milter. For sending mail to other domains, external and not mine, the signing is working okay. But when I test it at the command line using 'sendmail' on the Postfix server, where I am sending to my own domain    

Re: Ordering the preque filtering?

I think the question is a simple one. Who has the 'problem' when 'they' do not receive 'your' email?  'Them'  or 'you'? For me I have decided that the admins should configure their servers correctly.  If they do not then that is their problem not mine.  It the receiving user want to receive

Re: Ordering the preque filtering?

> Case in point: My own domain's outgoing mail flows are 100% DMARC > compliant. Yet 94% of my endpoint mail *deliveries* fail DMARC, because > they go through forwarders that are dropping DMARC, DKIM, SPF, or all > three on the floor. Then I think your DMARC policy would be incorrect,

Re: Ordering the preque filtering?

With Postfix I of course have options to choose the order of checks. For now I did not permanently choose any tool that limits that too much.  I think I'll try to pick and make the tools fit my policy. So if I understand the comments more or less right, this is a good order, for the policy it

Ordering the preque filtering?

In the general case of ordering preqeue filtering is it the recommendation to send mail through DKIM & DMARC checks before, or after, checks for bad extensions & viruses? Is the recommendation for security? performance? or both?

Re: Mail is not being rejected with check_policy_server when SPF fails?

>> Configure your policy service to reply with REJECT if you wish for >> it to reject mail that fails SPF. >> I think that I have that correct already     [...]     HELO_reject = Fail     Mail_From_reject = Fail     PermError_reject = True     TempError_Defer = False     [...] >>

Mail is not being rejected with check_policy_server when SPF fails?

I installed the policyd-spf milter with Postfix 3.1.  It also has postscreen. I want to reject email that does not pass the SPF check. In the main.cf configuration I added     smtpd_relay_restrictions =         [...]         reject_unauth_destination        

Re: More detail about which notify_classes is responsible for postmaster message?

24. Apr 2016 13:51 by krem...@kreme.com: > I agree, in general, but it may be useful in some cases to notify someone > about issues who does not otherwise have access to the mail server logs. A > front line support person, for example. That is what I mean by the comment "Here the

Re: More detail about which notify_classes is responsible for postmaster message?

24. Apr 2016 09:01 by wie...@porcupine.org: > If someone has the time, they can propose a patch (considering that > this code was written in 1997, I don't see it as an urgent problem). > While they are at it, they might also enforce that the transcript > is sent to the recipient that is

Re: More detail about which notify_classes is responsible for postmaster message?

24. Apr 2016 07:09 by wie...@porcupine.org: > You need to distinguish between the effect (the client dropped the > connection) and the cause (Postfix rejected mail because it did not > satisfy policy). > Okay I was a little confused because I thought 'reason' means 'cause'. So I see in

More detail about which notify_classes is responsible for postmaster message?

I am experimenting with postfix notify_classes. To start the config is     notify_classes = bounce, 2bounce, data, delay, policy, protocol, resource, software Now in my postmaster inbox I received a message,     Subject: Postfix SMTP server: errors from

Re: mail sticks in the queue, retries but cannot be sent. Telnet works. Delete then resend works. Why?

22. Apr 2016 15:22 by njo...@megan.vbhcs.org: > http://www.postfix.org/postconf.5.html#delay_warning_time > http://www.postfix.org/postconf.5.html#notify_classes > That's working just about perfect.  Thanks. Its clock time not the 'Nth delivery attempt' that I looked for. But I

Re: mail sticks in the queue, retries but cannot be sent. Telnet works. Delete then resend works. Why?

22. Apr 2016 13:03 by wie...@porcupine.org: > I made my recommendation based on limited information. > Okay since that's all the info that I have for now. The pipelining map example is good anyway. So sometimes things happen and you just don't know for sure because its on the other

Re: mail sticks in the queue, retries but cannot be sent. Telnet works. Delete then resend works. Why?

22. Apr 2016 12:22 by wie...@porcupine.org: > They did not detect the . sequence at the end of the > >> message content. >> >> > When I test it with telnet, the message is accepted >> >> That's because you type one command at a time. >>   Okay. So what is the reason that it worked for

change the organization of the Makefile to send postmap results to different subdirectory?

I am using Makefile to manage database updates. I organize the source files like this     /etc/postfix     generic     access     aliases     canonical     common_parameters     relocated     transport     virtual     ./my/     external_maps    

mail sticks in the queue, retries but cannot be sent. Telnet works. Delete then resend works. Why?

I sent an email to a partner.     Apr 22 10:58:00 tanzer postfix/smtp[9205]: 3qs3FW6g3tz2wJq: to=, relay=example.com[192.0.1.1]:25, delay=121, delays=0/0.01/1/120, dsn=4.4.2, status=deferred (host example.com[192.0.1.1] said: 451 4.4.2 Timeout (120 seconds): closing

Re: Is the reason for this "connect from unknown[65.181.123.80]" from NXDOMAIN? Is it safe to reject it always?

> You appear to have copied the smtpd executable over the postscreen > executable. You are right I made the same sort of bad mistake in the set up.  Thanks for catching it. I fixed it, and separated the smtpd for postscreen, and named it so I can follow it. So now I see in log     Apr 21

Re: Is the reason for this "connect from unknown[65.181.123.80]" from NXDOMAIN? Is it safe to reject it always?

21. Apr 2016 12:56 by j...@rfc1035.com: > You should really use dig for DNS troubleshooting. Accept no subsitutes. > Well, apart from delv or drill if you’re troubleshooting Secure DNS errors. dig I know and can use. Those other ones are new tools to me.  Ill look for them > SMTP

Is the reason for this "connect from unknown[65.181.123.80]" from NXDOMAIN? Is it safe to reject it always?

Hola. I added the postscreen function to my PostFix server. I get emails now and lots of spams are blocked by it. In the log is     Apr 21 12:33:19 tanzer postfix/postscreen[12944]: connect from unknown[65.181.123.80] And after the email continues to be delivered okay. What is "unknown" in

Re: unverified_recipient_reject_code is not used to reject

21. Apr 2016 10:52 by wie...@porcupine.org: >> TURN OFF unverified_recipient_reject_code and you will see why it is >> reported as >> a temporary error. > That should be: turn off unverified_recipient_reject_reason. > Okay I read that unverified_recipient_reject_reason is good for privacy

Re: unverified_recipient_reject_code is not used to reject

21. Apr 2016 10:01 by wie...@porcupine.org: > Postfix WILL NOT use unverified_recipient_reject_code if the > verification result was a soft error. Okay you have explained > Can someone tell me what the diffrence is between these (as postfixsee's > them).    Errors are permanent or temporary.

unverified_recipient_reject_code is not used to reject

Hola. I installed PostFix 3.1. I added these to the main.cf configuration file: unverified_recipient_reject_reason = bad address unverified_recipient_defer_code = 450 unverified_recipient_reject_code = 550 So a unverified_recipient rejection I think should respond by a 550. When I send the