Hello,
I've to questions :
Can we re-send attachment with the bounce message trying to personnalize it?
Can we get the original subject and put it in the bounce message ?
Thanks a lot
Mick
Hi all,
It looks like there is a machine on the network that is infected with a bot
of some kind and it is sending spam through our smtp server. It passes all
the smtp restriction and checks so it doesn't bounce and is fillinh up our
queues. I can't seem to see in the maillog which IP address the
* mxc :
>
> Hi all,
>
> It looks like there is a machine on the network that is infected with a bot
> of some kind and it is sending spam through our smtp server. It passes all
> the smtp restriction and checks so it doesn't bounce and is fillinh up our
> queues. I can't seem to see in the maillo
... but then I didn't read the INSTALL document to see if something
changed fundamentally...
The error is:
[src/postmulti]
gcc -Wmissing-prototypes -Wformat -Wl,--as-needed -DUSE_TLS -DHAS_PCRE
-DHAS_CDB -DSNAPSHOT -DNONPROD -g -O -I. -I../../include -DLINUX2 -c postmulti.c
postmulti.c:426: err
* Ralf Hildebrandt :
> ... but then I didn't read the INSTALL document to see if something
> changed fundamentally...
Read it now. No :)
I also tried 20090222 and 20090223, to no avail
--
Ralf Hildebrandt (ralf.hildebra...@charite.de) snick...@charite.de
Postfix - Einrichtung, Betrieb u
Ralf Hildebrandt:
> ... but then I didn't read the INSTALL document to see if something
> changed fundamentally...
>
> The error is:
>
> [src/postmulti]
> gcc -Wmissing-prototypes -Wformat -Wl,--as-needed -DUSE_TLS -DHAS_PCRE
> -DHAS_CDB -DSNAPSHOT -DNONPROD -g -O -I. -I../../include -DLINUX2 -
* Wietse Venema :
> > gcc -Wmissing-prototypes -Wformat -Wl,--as-needed -DUSE_TLS -DHAS_PCRE
> > -DHAS_CDB -DSNAPSHOT -DNONPROD -g -O -I. -I../../include -DLINUX2 -c
> > postmulti.c
> Look at the lines in the code and remove the word "static".
Done. It works now.
> BTW, you are overriding t
Hi,
I'm afraid I don't understand what the directive smtp_tls_CAfile does
exactly. According to postconf(5),
> smtp_tls_CAfile (default: empty)
> The file with the certificate of the certification authority (CA) that
> issued the Postfix SMTP client certificate. This is needed only when
>
Manuel P?gouri?-Gonnard:
> Hi,
>
> I'm afraid I don't understand what the directive smtp_tls_CAfile does
> exactly. According to postconf(5),
>
> > smtp_tls_CAfile (default: empty)
> > The file with the certificate of the certification authority (CA) that
> > issued the Postfix SMTP client
At 04:51 PM 2/24/2009, mouss wrote:
when using a content filter, address rewrite should only be enabled in
one smtpd/cleanup in a chain. This is because if a rewite like:
joe -> joe, jim
is expanded twice, it would become:
joe -> joe, jim, jim
so jim gets the message twice.
I se
Thanks for the reply. Yes, I have successfully used this cert with
openldap programs - ldapsearch. I've tried both specifying a ca cert
directory and cert file. In fact, all programs I can test with work
except for the code around dict_ldap as far as I can tell. That
includes openDS and o
On Wed, Feb 25, 2009 at 02:14:40PM +0100, Manuel P?gouri?-Gonnard wrote:
> I'm afraid I don't understand what the directive smtp_tls_CAfile does
> exactly. According to postconf(5),
>
> > smtp_tls_CAfile (default: empty)
> > The file with the certificate of the certification authority (CA) tha
Michael JOLY wrote:
Hello,
I've to questions :
Can we re-send attachment with the bounce message trying to personnalize it?
Can we get the original subject and put it in the bounce message ?
Thanks a lot
Mick
To customize the bounce message, please see
http://www.postfix.org/bounce.5.html
ht
Thanks for the reply, Victor.
Responses below. Please let me know if any additional output is needed,
or if I did something foolish ;)
Note: I cut out most of dict_eval verbose output as the list bot
rejected my first attempt to send due to length. If there are specific
log lines needed I can
The list if valid recipients in those domains is specified in
relay_recipient_maps. Specify one or more map files listing the valid
recipients; all other recipients are rejected.
http://www.postfix.org/postconf.5.html#relay_recipient_maps
If this file is scp'ed as a plain text file, you wil
Victor Duchovni a écrit :
>> So this should not be used to verify a server's certificate. In
>> practice, if the file pointed to by smtp_tls_CAfile is a concatenation
>> of CA's certificates, then they are all used to verify the server's
>> certificate.
>
> Yes, smtp_tls_CAfile is used to verify s
Santiago Romero:
> Now I have a nice hash file with all the valid accounts, but ...
>
> How do I deal in a relay_recipient_maps file with qmail's mailing list
> addresses?
How does qmail know that an address is valid or not? If a Postfix
maptype can be invented that reads that type of file, th
We're still taking documentation fixes for Postfix 2.6...
Wietse
Now I have a nice hash file with all the valid accounts, but ...
How do I deal in a relay_recipient_maps file with qmail's mailing list
addresses?
How does qmail know that an address is valid or not? If a Postfix
maptype can be invented that reads that type of file, then it could
be q
On Wed, Feb 25, 2009 at 05:19:48PM +0100, Manuel P?gouri?-Gonnard wrote:
> >> OTOH, server certificate verification should be done against
> >> certificates in the directory indicated by smtp_tls_CApath. For some
> >> reason, I didn't manage to get it working (and yes, I ran c_rehash on
> >> this
Santiago Romero wrote:
Now I have a nice hash file with all the valid accounts, but ...
How do I deal in a relay_recipient_maps file with qmail's mailing
list addresses?
How does qmail know that an address is valid or not? If a Postfix
maptype can be invented that reads that type of
On Wed, Feb 25, 2009 at 11:28:10AM -0500, Wietse Venema wrote:
> We're still taking documentation fixes for Postfix 2.6...
Index: proto/TLS_README.html
*** proto/TLS_README.html 25 Feb 2009 04:38:56 - 1.1.1.4.42.1
--- proto/TLS_README.html 25 Feb 2009 17:33:17 -
*
Just curious if anyone looked over my last email (with replies to
Victor's questions). I forgot to add a few answers. I'm running
postfix 2.5.6, openldap 2.3.43 (libraries on postfix server) and openssl
0.9.8g. On the ldap server I'm running openDS 1.2.
Also, I turned up debugging in the ma
--On Wednesday, February 25, 2009 11:59 AM -0600 Nick Geron
wrote:
Just curious if anyone looked over my last email (with replies to
Victor's questions). I forgot to add a few answers. I'm running postfix
2.5.6, openldap 2.3.43 (libraries on postfix server) and openssl 0.9.8g.
On the ldap se
On Wed, Feb 25, 2009 at 11:59:43AM -0600, Nick Geron wrote:
>
> Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: TLS trace:
> SSL_connect:SSLv3 read server hello A
> Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: TLS
> certificate verification: depth: 0, err: 18
On Wed, Feb 25, 2009 at 09:36:08AM -0600, Nick Geron wrote:
>> You only show a test running as root, not "postfix". What versions of
>> Postfix and OpenLDAP are these?
This question seemed pretty clear. The answer is relevant to the
discussion.
> There was TLS API creep in OpenLDAP
>> between 2.
Victor Duchovni a écrit :
> --- 8873,8892
>The best way to use the default settings is to comment out the above
> parameters in main.cf if present.
>
> ! In order for remote SMTP servers to verify the Postfix SMTP client
> ! certificate, the issuing CA certificate must be made avail
Victor Duchovni a écrit :
>> I don't think it is. I would otherwise not be able to find the file
>> indicated by smtp_tls_CAfile.
>
> No, this file is loaded into memory before smtp(8) enters the chroot
> jail, while smtp_tls_CApath is accessed post-jail.
>
Ok, I didn't know. I can see you made i
Well,
I try a simple hash file with only one address on it and the postfix ignored
the file and deliver the e-mail.
virtual_alias_maps = hash:/etc/postfix/alias-virtual
alias-virtual:
supo...@.com.br supor...@.com.br
postmap -q supo...@.com.br hash:/etc/postfix/alias-virtual
supor...
Victor Duchovni wrote:
On Wed, Feb 25, 2009 at 09:36:08AM -0600, Nick Geron wrote:
You only show a test running as root, not "postfix". What versions of
Postfix and OpenLDAP are these?
This question seemed pretty clear. The answer is relevant to the
discussion.
Answer below
Th
Thanks for the replay Quanah. I agree. Unfortunately the root problem
I see is that proxymap is not reading the CA I'm trying to provide via
the tls_ca_cert_file (or dir) configuration in my alias map. Strace
demonstrates that postmap loads the CA and performs lookups over tls
fine, but prox
--On Wednesday, February 25, 2009 2:23 PM -0600 Nick Geron
wrote:
Thanks for the replay Quanah. I agree. Unfortunately the root problem I
see is that proxymap is not reading the CA I'm trying to provide via the
tls_ca_cert_file (or dir) configuration in my alias map. Strace
demonstrates tha
How many Postfix installs have you had on the machine? Perhaps
different parts (proxymap, postmap) come from different versions.
Some maintainers have software installed in /usr/sbin etc., some
under /usr/local/sbin or even under /opt, and they all expect to
have main.cf in different placess.
If
On Wed, Feb 25, 2009 at 02:13:03PM -0600, Nick Geron wrote:
> The crt file may as well be named ldap13.pem If you're looking for the raw
> contents:
>
> smtp11 mail # su - postfix post...@smtp11 ~ $ ls -la
> /etc/postfix/ssl/
> total 20
> drwxr-xr-x 2 root root 4096 Feb 25 12:01 .
> drwxr
Well, I have found my problem. I probably should have mentioned earlier
(how many times has than appeared on this list?) that ldap is used on
this system for local user authentication, meaning pam/nss are tied into
ldap. I noticed in traces that the system configs and certificates were
being
Thanks again for the reply. I sent off my last post before reading this
one, and it looks like we came to the same conclusion that it was my
nsswitch/system ldap settings getting in the way.
I would be inclined to agree that the problem is in libldap or other
parts of openldap (there's a reas
--On Tuesday, February 24, 2009 9:26 AM -0500 Wietse Venema
wrote:
Further investigation tracks this down to something failing with DNS
resolution after a while. Don't know why, but it does seem to be a
problem with OS X and catastrophic failure.
Since I don't maintain copies of every Post
I have a sort of Frankenstein (Franken-STEEN :) setup where I have
shell users access their mail via uw-imap (unsecured) and everyone
else via Courier IMAP (secure only). I want to move to a 100% Courier
setup and ensure that all mail is delivered to maildir folders instead
of mbox files.
Hi First question, i have a mail server with postfix, dovecot, mailscanner and fetchmail now one user has bought a certified email account on an external internet provider.He want to use internal server to sent email through his certified account, is it possible?How can i set my server to use the
gianluca...@interfree.it a écrit :
> Hi
>
> First question, i have a mail server with postfix, dovecot, mailscanner
> and fetchmail now one user has bought a certified email account on an
> external internet provider.
> He want to use internal server to sent email through his certified
> account,
Realized my error in logic there. smtpd worked regardless because it's
suppling to a client, not trying to verify anything like proxymap.
-Nick
However, the fact that smtpd never experienced the same clobbering as
proxymap still seems a bit odd. Any ideas why?
-Nick
http://office.microsoft.com/it-it/outlook/HA011510941040.aspx
maybe ??
;:)
Le mercredi 25 février 2009 à 23:29 +0100, mouss a écrit :
> gianluca...@interfree.it a écrit :
> > Hi
> >
> > First question, i have a mail server with postfix, dovecot, mailscanner
> > and fetchmail now one user has bo
On Wed, Feb 25, 2009 at 03:30:51PM -0600, Nick Geron wrote:
> Well, I have found my problem. I probably should have mentioned earlier
> (how many times has than appeared on this list?) that ldap is used on this
> system for local user authentication, meaning pam/nss are tied into ldap.
> I no
I have a header check meant to discard '.com' executables as follows [1]:
however, undesired operation was just reported[2]:
is there a way to 'improve' the expression to only block file names ending
in .com, how ?
or is there a better solution ?
[1]# grep hc2 *
header_checks:/^Content-(Disposi
> Hi> > First question, i have a mail server with postfix, dovecot, mailscanner> and fetchmail now one user has bought a certified email account on an> external internet provider.> He want to use internal server to sent mail through his certified> account, is it possible?> How can i set my server
On 25-Feb-2009, at 15:59, Voytek Eymont wrote:
[1]# grep hc2 *
header_checks:/^Content-(Disposition|Type):\s+.+?(file)?name="?.+?
\.com(\.\S{2,4})?(\?=)?"?(;|$)/
REJECT hc2 ".com" file attachment types not allowed
First off, i think you want mime_header_checks
main.cf:
mime_header_chec
Victor Duchovni wrote:
On Wed, Feb 25, 2009 at 03:30:51PM -0600, Nick Geron wrote:
Well, I have found my problem. I probably should have mentioned earlier
(how many times has than appeared on this list?) that ldap is used on this
system for local user authentication, meaning pam/nss are ti
On 25-Feb-2009, at 16:25, gianluca...@interfree.it wrote:
ok, i have configured postfix to sent mail trhough the smtp of my
internet service provider. Now one user have a certified email
account and he wants to sent mail by my server trhough the smtps.
I have seen that with postfix is possib
On 25-Feb-2009, at 16:31, LuKreme wrote:
/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*\.(ade|adp|bas|bat|
chm|cmd|com|cpl|crt|dll|exe|hlp|hta|inf|ins|isp|js|jse|lnk|mdb|mde|
mdt|mdw|msc|msi|msp|mst|nws|ops|pcd|pif|prf|reg|scf|scr\??|sct|shb|
shs|shm|swf|vb[esx]?|vxd|wsc|wsf|wsh))(\?=)?"?\s*
> ok, i have configured postfix to sent mail trhough the smtp of my > internet service provider. Now one user have a certified email > account and he wants to sent mail by my server trhough the smtps.> I have seen that with postfix is possible to use two different smtp > but is possible to use
On Wed, Feb 25, 2009 at 05:34:26PM -0600, Nick Geron wrote:
>> This is an OpenLDAP API design issue. The OpenLDAP library (at least up
>> to version 2.3) has a single global SSL_CTX object, that is initialized
>> just once by the first call that creates an SSL-protected LDAP connection.
>> All req
On Thu, February 26, 2009 10:31 am, LuKreme wrote:
> First off, i think you want mime_header_checks
> main.cf:
> mime_header_checks = pcre:$config_directory/mime_headers.pcre
LuKreme, thanks.
ahem, what else might be worthwile to put into mime header check ?
single rule mime header check seem
Voytek Eymont schrieb:
ahem, what else might be worthwile to put into mime header check ?
single rule mime header check seems lonely...
http://en.wikipedia.org/wiki/KISS_principle
We're seeing an odd problem with postfix TLS only when talking to an
ironport device. We configured smtp_tls_security_level = none and used
smtp_tls_policy_maps to set per site tls policy, rather than doing tls
by default.
This had worked perfectly for over months and many thousands of smtp
sessio
On Wed, Feb 25, 2009 at 04:50:49PM -0800, J Sloan wrote:
> We have just started doing business with a firm that uses an ironport
> device, and discovered that postfix will not issue a STARTTLS to that
> host, whether it's listed in tls_policy_maps with "may"
> or "encrypt protocols=TLSv1"
The pol
Victor Duchovni wrote:
> On Wed, Feb 25, 2009 at 04:50:49PM -0800, J Sloan wrote:
>
>
>> We have just started doing business with a firm that uses an ironport
>> device, and discovered that postfix will not issue a STARTTLS to that
>> host, whether it's listed in tls_policy_maps with "may"
>> or
On Wed, Feb 25, 2009 at 05:50:07PM -0800, J Sloan wrote:
> Victor Duchovni wrote:
> > On Wed, Feb 25, 2009 at 04:50:49PM -0800, J Sloan wrote:
> >
> >
> >> We have just started doing business with a firm that uses an ironport
> >> device, and discovered that postfix will not issue a STARTTLS to
Victor Duchovni wrote:
>
>>> The policy table lookup key does not match the destination nexthop, or
>>>
>
>
>
> That's exactly the problem.
>
>
> I think you should be able to figure this out, even without reading the
> below, but if you are in a hurry try the documentation:
>
> ht
Hi, I'm new in this mailing list,
I have setup a test server (localhost) with POSTFIX (of
course!)+DOVECOT+SASL+UBUNTU 8.10 with Virtual Mailboxes.
I'm testing the SMTP authorization system and it seems to work fine:
In order to send an email from a test account, I'm using the "Username and
Passwo
> But, (THIS IS THE IMPORTANT PART):
> If I uncheck the "Username and Password" option, the mail is sent
> successfully...
> What I want is to block anonymous requests... In other words, ONLY send
> those mails when the user is SASL authenticated.
> It is possible? Am I missing something in the smt
Hello,
I'm running a mailing list (using GNU
Mailman) and occasionally the
list receives mail having headers with
email addresses that have no @domain part.
(I don't know why, and it's out of my
hands in any case.)
When the list software resends the mail
to the list Postfix re-writes the email
ad
61 matches
Mail list logo