Re: Please evaluate my understanding wrt access files

On 10/31/2009 12:32 AM, Stan Hoeppner wrote: All these cidr maps are a great example of separate tables that should be combined into a single table with a Makefile. Interesting. I may take a look into Makefile some time. I was unaware of it until today. Just out of curiosity, how does puttin

Please evaluate my understanding wrt access files

Noel Jones put forth on 10/30/2009 11:50 PM: > On 10/30/2009 9:05 PM, Stan Hoeppner wrote: >> Robert Lopez put forth on 10/30/2009 6:57 PM: >> >>> It is not clear to me what the benefit of multiple files is beyond >>> this association. >> >> Organization and ease of management for one. For example

Re: Please evaluate my understanding wrt access files

On 10/30/2009 6:57 PM, Robert Lopez wrote: Postfix places no limit on how many maps you can use, but there is system overhead with each map. Rule of thumb is to combine maps wherever possible -- don't use two check_sender_access statements if you can do it with one. The smart way to do this is u

Re: Please evaluate my understanding wrt access files

On 10/30/2009 9:05 PM, Stan Hoeppner wrote: Robert Lopez put forth on 10/30/2009 6:57 PM: It is not clear to me what the benefit of multiple files is beyond this association. Organization and ease of management for one. For example: smtpd_client_restrictions = check_recipient_acces

Please evaluate my understanding wrt access files

Robert Lopez put forth on 10/30/2009 6:57 PM: > It is not clear to me what the benefit of multiple files is beyond > this association. Organization and ease of management for one. For example: smtpd_client_restrictions = check_recipient_access hash:/etc/postfix/access check_clie

Re: Backscatter email

Matt Richards さんは書きました: > Hello, > > I just want to check up on something ... > > I run my own mail servers, using postfix and a few years ago I use to > get quite a lot of backscatter due to spam messages being sent out with > forged from addresses. > > Today I still run my own mail server but

Re: Please evaluate my understanding wrt access files

On Fri, Oct 30, 2009 at 1:26 PM, Noel Jones wrote: > On 10/30/2009 12:55 PM, Robert Lopez wrote: >> >> I would like to confirm my understanding about access files. >> >> Please let me know if any of this is not correct... >> >> The man (5) access description describes a prototype file, where that

Re: smtpd_recipient_restrictions evaluation question

Larry Stone wrote: > On Fri, 30 Oct 2009, Mikael Bak wrote: > >> Simon Morvan wrote: >>> The last time I tried it, Zen included too many legitimate users behind >>> ADSL lines. The "Policy" behind PBL is a bit too restrictive. Maybe it >>> changed, I'll give it another try. >> >> Can you please te

Re: smtpd_recipient_restrictions evaluation question

On Fri, 30 Oct 2009, Mikael Bak wrote: Simon Morvan wrote: The last time I tried it, Zen included too many legitimate users behind ADSL lines. The "Policy" behind PBL is a bit too restrictive. Maybe it changed, I'll give it another try. Can you please tell me why an ADSL user would send legit

smtpd_recipient_restrictions evaluation question

Simon Morvan put forth on 10/30/2009 10:39 AM: > The last time I tried it, Zen included too many legitimate users behind > ADSL lines. The "Policy" behind PBL is a bit too restrictive. Maybe it > changed, I'll give it another try. Would you please elaborate a bit on this? Most of the listings in

Re: smtpd_recipient_restrictions evaluation question

On 10/30/2009 2:28 PM, Stan Hoeppner wrote: Stan Hoeppner put forth on 10/30/2009 2:23 PM: I don't have reject_unauth_destination. I guess which parameter one needs to implement depends on whether one uses local deliver? Should have proofread that... I meant I do not have reject_unlisted_re

Re: smtpd_recipient_restrictions evaluation question

Stan Hoeppner: > I only have reject_unauth_destination on my relay-only server, and > sending to an invalid recipient address returns: > > 550 5.1.1 : Recipient address rejected: User unknown > in relay recipient table > > I don't have reject_unauth_destination. I guess which parameter one > ne

smtpd_recipient_restrictions evaluation question

Stan Hoeppner put forth on 10/30/2009 2:23 PM: > I don't have reject_unauth_destination. I guess which parameter one > needs to implement depends on whether one uses local deliver? Should have proofread that... I meant I do not have reject_unlisted_recipient defined. However, the docs say it's

Re: Please evaluate my understanding wrt access files

On 10/30/2009 12:55 PM, Robert Lopez wrote: I would like to confirm my understanding about access files. Please let me know if any of this is not correct... The man (5) access description describes a prototype file, where that file could be a single file describing any host names, network addre

smtpd_recipient_restrictions evaluation question

Markus Schönhaber put forth on 10/30/2009 10:05 AM: > Simon Morvan: > >> I notice that event if the recipient address doesn't exists, the >> check_policy_service (greylist) got evaluated, causing higher load than >> needed. Isn't reject_unauth_destination there to block inexistent >> recipients

Re: smtpd_recipient_restrictions evaluation question

Simon Morvan wrote: >> Consider Zen here. It also incorporates the (not-quite-so) new PBL, >> which has been very effective here. >> > The last time I tried it, Zen included too many legitimate users behind > ADSL lines. The "Policy" behind PBL is a bit too restrictive. Maybe it > changed, I'll

Re: smtpd compile problem (tls)

On Fri, Oct 30, 2009 at 07:15:11PM +0100, Carnac wrote: > If I compile with TLS Support I get following errror, ssl.h is in > /usr/local/openssl and libsslo/libcyrpto.o are in /usr/lib. That's "libcrypto.a", not "libcyrto.o" of course. And if you find headers in /usr/local/openssl but librar

smtpd compile problem (tls)

Hi, If I compile with TLS Support I get following errror, ssl.h is in /usr/local/openssl and libsslo/libcyrpto.o are in /usr/lib. compile options are: SYSTYPE = LINUX2 AR = ar ARFL= rv RANLIB = ranlib SYSLIBS = -lldap -llber -lpcre -lsasl2 -lssl -lcrypto -ldb -lnsl -lresolv -ldb

Please evaluate my understanding wrt access files

I would like to confirm my understanding about access files. Please let me know if any of this is not correct... The man (5) access description describes a prototype file, where that file could be a single file describing any host names, network addresses, envelope senders or recipient addresses.

Re: SMTP-AUTH *without* SASL/PAM?

Barney Desmond wrote: > 2009/10/30 Seth Mattinen : >> Keith Palmer wrote: >>> OK, thanks... but that doesn't answer my question. >>> > Is it possible to configure Postfix for SMTP-AUTH *without* using > SASL/PAM? >>> I'd like to *not run SASL at all* rather than have it do the lookups. >>>

Re: Postfix and clamav-milter stopped working after update to clamav-0.95.3

On Fri, 30 Oct 2009 17:12:40 +0100 Erwan David replied: [snip] >Mine is > >srwxr-xr-x 1 postfix clamav - 0 Oct 30 15:15 >/var/run/clamav/clmilter.sock > > >In the port this is controlled by >clamav_milter_socket_user="postfix" I changed the permissions on mine to: 0777. I figured it was easi

Re: Postfix and clamav-milter stopped working after update to clamav-0.95.3

Jerry wrote: > On Fri, 30 Oct 2009 16:26:10 +0100 > Erwan David replied: > >> Jerry a écrit : >>> System: FreeBSD-7.2 >>> >>> I just updated to clamav-0.95.3 on my system. I then realized that >>> clamav-milter and Postfix were no longer connecting. >>> >>> >>> # Enable clamav-milter >>> milter_

Re: Postfix and clamav-milter stopped working after update to clamav-0.95.3

On Fri, 30 Oct 2009 16:26:10 +0100 Erwan David replied: >Jerry a écrit : >> System: FreeBSD-7.2 >> >> I just updated to clamav-0.95.3 on my system. I then realized that >> clamav-milter and Postfix were no longer connecting. >> >> >> # Enable clamav-milter >> milter_default_action = accept >>

Re: smtpd_recipient_restrictions evaluation question

Le 30/10/2009 16:05, /dev/rob0 a écrit : On Friday 30 October 2009 09:52:44 Simon Morvan wrote: Hello folks, I've got some checks setup like that : smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown

Re: Postfix and clamav-milter stopped working after update to clamav-0.95.3

Jerry a écrit : > System: FreeBSD-7.2 > > I just updated to clamav-0.95.3 on my system. I then realized that > clamav-milter and Postfix were no longer connecting. > > > # Enable clamav-milter > milter_default_action = accept > smtpd_milters = unix:/var/run/clamav/clmilter.sock > > > srwxr-xr-

Postfix and clamav-milter stopped working after update to clamav-0.95.3

System: FreeBSD-7.2 I just updated to clamav-0.95.3 on my system. I then realized that clamav-milter and Postfix were no longer connecting. # Enable clamav-milter milter_default_action = accept smtpd_milters = unix:/var/run/clamav/clmilter.sock srwxr-xr-x 1 clamav wheel 0B Oct 30 10:22

Re: Postfix-SASL-GSSAPI question

Viktor, Hi Thanks for your guidance. Would please keep an eye on this thread? I am going to test the configuration using a properly configured GSSAPI client. Possibly, there will be much more questions to ask ;) Thank you so much. Kind Regards Ali Majdzadeh Kohbanani 2009/10/29 Victor Duchovni

Re: smtpd_recipient_restrictions evaluation question

On Friday 30 October 2009 09:52:44 Simon Morvan wrote: > Hello folks, > > I've got some checks setup like that : > > smtpd_recipient_restrictions = >reject_non_fqdn_sender, >reject_unknown_sender_domain, >reject_non_fqdn_recipient, >reject_unknown_recipient_domain, >permit_mynet

Re: smtpd_recipient_restrictions evaluation question

Simon Morvan: > I notice that event if the recipient address doesn't exists, the > check_policy_service (greylist) got evaluated, causing higher load than > needed. Isn't reject_unauth_destination there to block inexistent > recipients ? No, that's what reject_unlisted_recipient is for. -- R

smtpd_recipient_restrictions evaluation question

Hello folks, I've got some checks setup like that : smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_invalid_helo_hostname, reject_

Re: Reverse DNS Rejection Problem

Thanks. I owe you one. That seems to have fixed it. On Oct 29, 2009, at 2:41 PM, Victor Duchovni wrote: On Thu, Oct 29, 2009 at 02:35:56PM -0400, Dennis Putnam wrote: That is a relief when I get to the new version. In the mean time I am still having trouble with the workaround. My config

Re: Charset error

Jacopo Cappelli: > IE-Version: 1.0 > > > NAE OPEN_ODE > - -- What is that? > The mail start from a AIX server and send to relay with telnet on > the smtp port. But the mail arrive with wrong character. The > problem is of the script or of the postfix s

Re: Backscatter email

On Fri, Oct 30, 2009 at 08:51:08AM +, Matt Richards wrote: > Does anybody know what happened? Have servers just been > reconfigured to not send backscatter from spam? Here in the YMMV department ... My little server hosts a few small Free Software community projects, one of which is a small (

Charset error

ÿóÿýIÿóÿýE-Version: 1.0 NAÿóÿýE OPEN_ÿóÿýODE - -- The mail start from a AIX server and send to relay with telnet on the smtp port. But the mail arrive with wrong character. The problem is of the script or of the postfix server? Thanks, Jacopo -- Linux, Windows Xp ed MS

Re: Backscatter email

Zitat von Wietse Venema : Matt Richards: Hello, I just want to check up on something ... I run my own mail servers, using postfix and a few years ago I use to get quite a lot of backscatter due to spam messages being sent out with forged from addresses. Today I still run my own mail server b

Re: Backscatter email

Matt Richards: > Hello, > > I just want to check up on something ... > > I run my own mail servers, using postfix and a few years ago I use to > get quite a lot of backscatter due to spam messages being sent out with > forged from addresses. > > Today I still run my own mail server but I don't s

Backscatter email

Hello, I just want to check up on something ... I run my own mail servers, using postfix and a few years ago I use to get quite a lot of backscatter due to spam messages being sent out with forged from addresses. Today I still run my own mail server but I don't see any of this backscatter anymor