Hi list,
I have a problem with delivering mail to a host and get this error:
host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterdam.nl
Error: timeout exceeded (in reply to end of DATA command)
This error only seems to occur with 'large' mails. Currently I have a mail
of ~600KB and
On Wed, 20 Jan 2010 10:56:39 +0100, Martijn de Munnik
mart...@youngguns.nl wrote:
Hi list,
I have a problem with delivering mail to a host and get this error:
host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterdam.nl
Error: timeout exceeded (in reply to end of DATA command)
On Wed, 20 Jan 2010 11:10:50 +0100, Martijn de Munnik
mart...@youngguns.nl wrote:
On Wed, 20 Jan 2010 10:56:39 +0100, Martijn de Munnik
mart...@youngguns.nl wrote:
Hi list,
I have a problem with delivering mail to a host and get this error:
host mx2.amsterdam.nl[145.222.14.10] said: 421
Hi,
I have a working postfix server from long time.
Now i found out that mails with a read receipt coming from one (and only
one) Exchange Server
are correctely delivered as well as thier read receipt.
However when such mails are sent the sender receive this mail, too.
/This is an
Hi Everyone,
I've been running a postfix mailserver for our small company for the last
couple of years. Until a couple of weeks ago we had no trouble at all. But
then suddenly I started seeing a huge number of rejected emails in the
deferred queue, with dodgy looking recipient addresses. I think
My question is, if I am right, how can I find out which account has been
compromised?
You can add this to main.cf:
smtpd_sasl_authenticated_header=true
This will add the SASL authenticated user to the received headers which
allows you to see who's account was used.
Kind regards,
Martijn
Hi,
I have a working postfix server from long time.
Now i found out that mails with a read receipt coming from one (and only
one) Exchange Server
are correctely delivered as well as thier read receipt.
However when such mails are sent the sender receive this mail, too.
/This is an
Hi,
Yes I know it is not a bug.
I would like to know if it is possible to configure postfix so that the
answers it gives to
the Exchange Server instruments it to avoid producing the email to the
sending user.
Robert Schetterer ha scritto:
Am 20.01.2010 11:55, schrieb luca:
Hi,
I have
Quoting luca luca.tagliafe...@gmail.com:
Hi,
Yes I know it is not a bug.
I would like to know if it is possible to configure postfix so that the
answers it gives to
the Exchange Server instruments it to avoid producing the email to the
sending user.
Well, I think that exchange is using
On 2010-01-20 Martijn de Munnik wrote:
I have a problem with delivering mail to a host and get this error:
host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterdam.nl
Error: timeout exceeded (in reply to end of DATA command)
This error only seems to occur with 'large' mails.
Martijn de Munnik:
Hi list,
I have a problem with delivering mail to a host and get this error:
host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterdam.nl
Error: timeout exceeded (in reply to end of DATA command)
This error only seems to occur with 'large' mails. Currently I
Hi,
I would like to ask you if is there any way to put different rejection
message for rejection if some host doesn't have reverse DNS entry ? I
need to include a link to the website which explains what is that and
what to do and why that message was rejected is there any easy way
to do it ?
* Jaroslaw Grzabel ja...@meil.me:
Hi,
I would like to ask you if is there any way to put different rejection
message for rejection if some host doesn't have reverse DNS entry?
Use an access(5) map on the client:
check_client_access hash:/etc/postfix/nice_reject
with:
unknown 550 5.1.2
Ralf Hildebrandt wrote:
Use an access(5) map on the client:
check_client_access hash:/etc/postfix/nice_reject
with:
unknown 550 5.1.2 Your reverse DNS entries are off
Thank you for that Ralf. Do you know if may I operate on any variables ?
I need to have a message like 550 Fix your
* Jaroslaw Grzabel ja...@meil.me:
Ralf Hildebrandt wrote:
Use an access(5) map on the client:
check_client_access hash:/etc/postfix/nice_reject
with:
unknown 550 5.1.2 Your reverse DNS entries are off
Thank you for that Ralf. Do you know if may I operate on any variables
Jaroslaw Grzabel wrote:
Ralf Hildebrandt wrote:
Use an access(5) map on the client:
check_client_access hash:/etc/postfix/nice_reject
with:
unknown 550 5.1.2 Your reverse DNS entries are off
And also, are you sure that unknown is OK ? I can see in logs that I've
got number of
* Jaroslaw Grzabel ja...@meil.me:
unknown 550 5.1.2 Your reverse DNS entries are off
And also, are you sure that unknown is OK ? I can see in logs that I've
got number of connections from unknown[IP_ADDRESS] but when I do
nslookup IP_ADDRESS they have PTR. So I don't want to
Ralf Hildebrandt wrote:
* Jaroslaw Grzabel ja...@meil.me:
unknown 550 5.1.2 Your reverse DNS entries are off
And also, are you sure that unknown is OK ? I can see in logs that I've
got number of connections from unknown[IP_ADDRESS] but when I do
nslookup IP_ADDRESS
Jaroslaw Grzabel:
Ralf Hildebrandt wrote:
Use an access(5) map on the client:
check_client_access hash:/etc/postfix/nice_reject
with:
unknown 550 5.1.2 Your reverse DNS entries are off
Thank you for that Ralf. Do you know if may I operate on any variables ?
I need to
On 1/20/2010 5:05 AM, Daniel Howard wrote:
Hi Everyone,
I've been running a postfix mailserver for our small company for the last
couple of years. Until a couple of weeks ago we had no trouble at all. But
then suddenly I started seeing a huge number of rejected emails in the
deferred queue,
* Jaroslaw Grzabel ja...@meil.me:
smtpd_sender_restrictions = check_sender_access
regexp:/etc/postfix/access.regexp,
check_sender_access hash:/etc/postfix/access,
reject_unknown_sender_domain,
On Wed, Jan 20, 2010 at 01:05:01PM +, Jaroslaw Grzabel wrote:
Ralf Hildebrandt wrote:
Use an access(5) map on the client:
check_client_access hash:/etc/postfix/nice_reject
with:
unknown 550 5.1.2 Your reverse DNS entries are off
Thank you for that Ralf. Do you know
Ralf Hildebrandt wrote:
And where is the check that needs to have aa nice error message?
I forgot to paste this restriction for client:
smtpd_client_restrictions = reject_unknown_reverse_client_hostname
So there where it should be.
Regards,
Jarek
Henrik K wrote:
You don't really need that variable. The hostname/IP is already included in
the
rejection message going out, if you use check_client_access.
For example:
550 5.1.1 unknown[1.2.3.4] Client host rejected: Fix your reverse DNS...
OK, but the problem is at this moment that
Wietse Venema wrote:
Syntax of access tables is documented: man 5 access.
Wietse
Yes I know. But as I mention in the post sent a moment ago, the problem
is that I'm afraid I will reject unknown hosts with valid PTR. I don't
want to do this.
Regards,
Jarek
Jaroslaw Grzabel:
Wietse Venema wrote:
Syntax of access tables is documented: man 5 access.
Wietse
Yes I know. But as I mention in the post sent a moment ago, the problem
is that I'm afraid I will reject unknown hosts with valid PTR. I don't
want to do this.
See man 5
* Jaroslaw Grzabel ja...@meil.me:
Henrik K wrote:
You don't really need that variable. The hostname/IP is already included in
the
rejection message going out, if you use check_client_access.
For example:
550 5.1.1 unknown[1.2.3.4] Client host rejected: Fix your reverse DNS...
Wietse Venema wrote:
See man 5 postconf for the difference between:
reject_unknown_reverse_client_hostname
reject_unknown_client_hostname
Wietse
Sorry Wietse, but you completely lost me. How does it regard to my
problem ? I need to have custom message.
Jaroslaw Grzabel:
But as I mention in the post sent a moment ago, the problem
is that I'm afraid I will reject unknown hosts with valid PTR. I don't
want to do this.
Wietse Venema wrote:
See man 5 postconf for the difference between:
reject_unknown_reverse_client_hostname
Wietse Venema wrote:
If you are concerned that you reject mail from hosts with valid PTR,
then I recommend that you choose between:
1) reject_unknown_reverse_client_hostname. As documented, this
will accept any reverse name, without checking whether it resolves
to to the client IP
You can add this to main.cf:
smtpd_sasl_authenticated_header=true
This will add the SASL authenticated user to the received headers which
allows you to see who's account was used.
Kind regards,
Martijn Brinkers
Thanks Martijn, but if the SASL user gets put into the headers, then
Jaroslaw Grzabel:
I'm afraid I will reject unknown hosts with valid PTR. I don't
want to do this.
Wietse Venema:
If you are concerned that you reject mail from hosts with valid PTR,
then I recommend that you choose between:
1) reject_unknown_reverse_client_hostname. As documented, this
Today I downloaded Ralph Hildebrandt's Postfix example and used his
'check_helo_access' example in my configuration. I have not 'reloaded'
Postfix yet because I want to make sure that I did not add this in and
cause any redundant checks or worse, break something. Can you guys
please review my
* Carlos Williams carlosw...@gmail.com:
cause any redundant checks or worse, break something. Can you guys
why not use soft_bounce = yes :) ?
check_helo_access pcre:/etc/postfix/helo_checks.pcre,
And what is the content of the file?
--
Ralf Hildebrandt
Geschäftsbereich IT |
On Wed, Jan 20, 2010 at 10:20 AM, Ralf Hildebrandt
ralf.hildebra...@charite.de wrote:
why not use soft_bounce = yes :) ?
I have never used it before. That sounds like a good idea.
check_helo_access pcre:/etc/postfix/helo_checks.pcre,
And what is the content of the file?
[r...@mail
Hi folks
How can I avoid smtp clients from my local network trying to relay mail
trough my server? I need to specify clients wich from address are not
mapped in the canonical or virtual table.
I need some ideas here.
Thanks
David
On 1/20/2010 8:43 AM, Jaroslaw Grzabel wrote:
Wietse Venema wrote:
If you are concerned that you reject mail from hosts with valid PTR,
then I recommend that you choose between:
1) reject_unknown_reverse_client_hostname. As documented, this
will accept any reverse name, without checking
On 2010-01-20 Davy Leon wrote:
How can I avoid smtp clients from my local network trying to relay mail
trough my server? I need to specify clients wich from address are not
mapped in the canonical or virtual table.
I'm not sure if I understood you correctly. Do you want to allow only
We are experimenting with spamass-milter to check mails and reject them
if a configured spamassassin score is reached. That part works, but the
milter is (of course) applied to all mails after our
smtpd_recipient_restrictions lookups return OK for the recipient, i.e.
also postmaster@various
On Wed, Jan 20, 2010 at 10:34 AM, Ralf Hildebrandt
ralf.hildebra...@charite.de wrote:
I would merge:
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks,
Please keep this discussion on-list. I'm not doing personal support for
free. And please don't top-post.
On 2010-01-20 Davy Leon wrote:
As I said authentication is not the solution. Some of my clients use
the server to access their real smtp server, and I just relay mail for
them.
I fail to
On Wed, 20 Jan 2010 07:20:01 -0500 (EST), wie...@porcupine.org (Wietse
Venema) wrote:
Martijn de Munnik:
Hi list,
I have a problem with delivering mail to a host and get this error:
host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterdam.nl
Error: timeout exceeded (in reply to
Thanks Martijn, but if the SASL user gets put into the headers, then
doesn't that just meant that the recipient will see who the message came
from, rather than the administrator - me?
Yes but you said:
...I started seeing a huge number of rejected emails in the deferred
queue...
If the SASL
Carlos Williams schrieb:
On Wed, Jan 20, 2010 at 10:34 AM, Ralf Hildebrandt
ralf.hildebra...@charite.de wrote:
I would merge:
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname
smtpd_recipient_restrictions
Sorry
When hitting reply button to the message, it just was routed to your
address, not to the list as should be. Just noticed that now.
Thanks for your answer anyway.
David
- Original Message -
From: Ansgar Wiechers li...@planetcobalt.net
To: postfix-users@postfix.org
Sent:
Am 20.01.2010 12:48, schrieb luca:
Hi,
Yes I know it is not a bug.
I would like to know if it is possible to configure postfix so that the
answers it gives to
the Exchange Server instruments it to avoid producing the email to the
sending user.
I am not sure but maybe
Martijn de Munnik:
On Wed, 20 Jan 2010 07:20:01 -0500 (EST), wie...@porcupine.org (Wietse
Venema) wrote:
Martijn de Munnik:
Hi list,
I have a problem with delivering mail to a host and get this error:
host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterdam.nl
Error:
Wolfgang Zeikat:
We are experimenting with spamass-milter to check mails and reject them
if a configured spamassassin score is reached. That part works, but the
milter is (of course) applied to all mails after our
smtpd_recipient_restrictions lookups return OK for the recipient, i.e.
also
On 1/20/2010 12:49 PM, Aaron Clausen wrote:
This is definitely more an Exchange question than a Postfix one, but
as I'm already using Postfix for greylisting and will probably be
using SpamAssassin fairly soon, I thought I'd ask it. Some anti-spam
software that works with Exchange can deliver
Wietse Venema wrote:
The following solution solves 99% of the problem:
- IF mail is from a local (or authenticated) client
That's the magic part right there. How do I accomplish this?
- AND the sender has already passed reject_unlisted_sender
- THEN store the (sender, recipient) pair in
Here's the TCP initial handshake:
17:30:44.951789 IP 213.207.90.2.48147 145.222.14.10.25: S
50514820:50514820(0) win 49640 mss 1460,nop,wscale 0,nop,nop,sackOK
17:30:44.954496 IP 145.222.14.10.25 213.207.90.2.48147: S
4148480248:4148480248(0) ack 50514821 win 5840 mss 1380,nop,wscale 2
Daniel L. Miller:
Wietse Venema wrote:
The following solution solves 99% of the problem:
- IF mail is from a local (or authenticated) client
That's the magic part right there. How do I accomplish this?
The client IP address passed along in the policy protocol.
- AND the sender
Stan Hoeppner a écrit :
Well, there's one positive side to this thread Noel. Your reply to
undisclosed
recipients instead of the list address broke my postfix-users sort filter. I
just spent 20 minutes trying to figure it out. I tried received and
return-path and all kinds of header
On Wed, Jan 20, 2010 at 03:22:56PM -0500, Wietse Venema wrote:
The broken router then throws away the bytes with higher sequence
numbers than 14233.
Workaround: turn off window scaling support on the sender's kernel.
This problem is sufficiently common, that on Linux MTAs I always add:
* Carlos Williams carlosw...@gmail.com:
Thank you very much for your merge suggestion. I am reading your book
right now (page 70-72) and trying to understand the concept are the
merge suggestion. Would you mind explaining what benefit / performance
is attributed by merging all?
It makes it
* tobi tobs...@brain-force.ch:
@Ralf
would it not make more sense to place check_sender_access before the
check_policy_service? Otherwise you might greylist senders you don't
want (like maillists)
I was thinking about this as well... Up to you I guess :)
--
Ralf Hildebrandt
Ralf Hildebrandt a écrit :
* Jaroslaw Grzabel ja...@meil.me:
Ralf Hildebrandt wrote:
Use an access(5) map on the client:
check_client_access hash:/etc/postfix/nice_reject
with:
unknown 550 5.1.2 Your reverse DNS entries are off
Thank you for that Ralf. Do you know if may I
Wietse Venema wrote:
Is it possible to exclude mails from
smtpd_milters = unix:/var/run/spamass.sock?
There is no such option.
OK. Thank you for the bad news ;)
Would we have that option if we use an
smtpd_proxy_filter,
i.e. spampd?
Regards,
wolfgang
Ralf Hildebrandt a écrit :
* Carlos Williams carlosw...@gmail.com:
Thank you very much for your merge suggestion. I am reading your book
right now (page 70-72) and trying to understand the concept are the
merge suggestion. Would you mind explaining what benefit / performance
is attributed
Wolfgang Zeikat:
Wietse Venema wrote:
Is it possible to exclude mails from
smtpd_milters = unix:/var/run/spamass.sock?
There is no such option.
OK. Thank you for the bad news ;)
It is not a good idea to simply turn off Milters in the middle of
an SMTP session, because that would
On Jan 20, 2010, at 9:28 PM, Victor Duchovni wrote:
On Wed, Jan 20, 2010 at 03:22:56PM -0500, Wietse Venema wrote:
The broken router then throws away the bytes with higher sequence
numbers than 14233.
Workaround: turn off window scaling support on the sender's kernel.
This problem is
Martijn de Munnik:
On Jan 20, 2010, at 9:28 PM, Victor Duchovni wrote:
On Wed, Jan 20, 2010 at 03:22:56PM -0500, Wietse Venema wrote:
The broken router then throws away the bytes with higher sequence
numbers than 14233.
Workaround: turn off window scaling support on the sender's
Wietse Venema:
You can do
ndd /dev/tcp \?
to find out what parameters are supported. On my Solaris9 and
Solaris10 test boxes it is called tcp_wscale_always.
According to Solaris10 documentation:
When this parameter is enabled, which is the default setting
[since
Wietse Venema wrote:
The client IP address passed along in the policy protocol.
This goes back to my original question. How, using existing Postfix
syntax, can I call the policy daemon - after the IP address and/or
sender authentication has been performed by Postfix? Or would I have to
/dev/rob0 wrote:
snip
On Tue, Jan 19, 2010 at 11:34:13AM +0530, J. Bakshi wrote:
I am trying to drop outgoing emails having particular email-id in
its [TO] field. Say myn...@domain1.com and myna...@domain2.com,
hence any mail destined for myn...@domain1.com or
myna...@domain2.com will
mouss put forth on 1/20/2010 2:26 PM:
That's just plain silly.
Keep calm Stan!
I was calm. I had no exclamation point there. ;)
Consider this to be a good lesson: your filtering approach is
suboptimal. For most mailing lists, you can use one of:
It _was_ less than optimal.
List-Id
66 matches
Mail list logo
