Thanks, Jeroen, for your critique of my master.cf file.
Per your suggestions, I'm removing the no_header_body_checks from my
smtp configuration. I'm also moving the smtpd_recipient_restrictions
into my main.cf, and making sure it's overridden as needed for all
other parts of my master.cf file.
D
> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Patrick Ben Koetter
> * Simon Brereton :
> > Probably not the best place for this, but hopefully someone will
> tell
> > me what I'm doing wrong anyway..
> >
> > I've gotten the TLS up and working. And
Sahil Tandon put forth on 4/12/2011 10:58 PM:
> On Tue, 2011-04-12 at 16:19:03 -0500, Stan Hoeppner wrote:
>
>> Mikael Bak put forth on 4/12/2011 7:31 AM:
>>> Stan Hoeppner wrote:
>>> [snip]
> Received: from [190.221.28.39] (unknown [190.221.28.39])
In this example, reject_unkno
* Simon Brereton :
> Probably not the best place for this, but hopefully someone will tell me
> what I'm doing wrong anyway..
>
> I've gotten the TLS up and working. And SASL auth seemed to be working. I
> installed saslfinger and everything was fine there. But when trying to
> locally inject m
On Tue, 2011-04-12 at 16:19:03 -0500, Stan Hoeppner wrote:
> Mikael Bak put forth on 4/12/2011 7:31 AM:
> > Stan Hoeppner wrote:
> > [snip]
> >>
> >>> Received: from [190.221.28.39] (unknown [190.221.28.39])
> >>
> >> In this example, reject_unknown_reverse_client_hostname would have
> >> generate
Noel Jones put forth on 4/12/2011 6:56 PM:
> On 4/12/2011 4:19 PM, Stan Hoeppner wrote:
>> Mikael Bak put forth on 4/12/2011 7:31 AM:
>>> Stan Hoeppner wrote:
>>> [snip]
> Received: from [190.221.28.39] (unknown [190.221.28.39])
In this example, reject_unknown_reverse_client_host
On 04/12/2011 08:59 PM, Rich Wales wrote:
Wietse wrote:
However, message_strip_characters has no effect when mail is received with
receive_override_options = no_header_body_checks ...
This is set either in master.cf or main.cf.
And indeed, I have no_header_body_checks specifie
On 4/12/2011 4:19 PM, Stan Hoeppner wrote:
Mikael Bak put forth on 4/12/2011 7:31 AM:
Stan Hoeppner wrote:
[snip]
Received: from [190.221.28.39] (unknown [190.221.28.39])
In this example, reject_unknown_reverse_client_hostname would have
generated a 450 rejection. You should always use
rej
Mikael Bak put forth on 4/12/2011 7:31 AM:
> Stan Hoeppner wrote:
> [snip]
>>
>>> Received: from [190.221.28.39] (unknown [190.221.28.39])
>>
>> In this example, reject_unknown_reverse_client_hostname would have
>> generated a 450 rejection. You should always use
>> reject_unknown_reverse_client_h
> From: Simon Brereton
> Probably not the best place for this, but hopefully someone will tell
> me what I'm doing wrong anyway..
>
> I've gotten the TLS up and working. And SASL auth seemed to be
> working. I installed saslfinger and everything was fine there. But
> when trying to locally inje
On 2011-04-12 mejaz wrote:
> Sorry may some lines were not copied properly in my previous Email. Here is
> the ouput of postconf -n and you will find mynetworks in second last line.
[...]
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
In the second last
* Eric Cunningham :
> Darek M wrote:
> >On Tue, Apr 12, 2011 at 3:21 PM, Eric Cunningham wrote:
> >>Yes, that's correct, but not intentionally nor explicitly. I've tried
> >>explicitly accepting the sender address in my smtpd_recipient_restrictions'
> >>final_sender_access file but that has no ef
On Tue, Apr 12, 2011 at 03:21:06PM -0400, Eric Cunningham wrote:
Wietse Venema wrote:
Eric Cunningham:
Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject:
RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1
: Sender address rejected: Access denied;
from= to= proto=ESMTP
h
On Tue, Apr 12, 2011 at 03:21:06PM -0400, Eric Cunningham wrote:
> Wietse Venema wrote:
> >Eric Cunningham:
> >>Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject:
> >>RCPT from hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1
> >>: Sender address rejected: Access denied;
> >>from=
Darek M wrote:
On Tue, Apr 12, 2011 at 3:21 PM, Eric Cunningham wrote:
Yes, that's correct, but not intentionally nor explicitly. I've tried
explicitly accepting the sender address in my smtpd_recipient_restrictions'
final_sender_access file but that has no effect.
-Eric
And what's the cont
On Tue, Apr 12, 2011 at 02:09:11PM -0400, Eric Cunningham wrote:
> Hi, on occassion, I'm noting rejected emails without any specific
> reason logged. Without a reason, it's hard to pinpoint a fix to
> allow legit emails through. Here's an example from my mail log:
>
>
> Apr 12 13:15:10 postal2
On Tue, Apr 12, 2011 at 3:21 PM, Eric Cunningham wrote:
>
> Yes, that's correct, but not intentionally nor explicitly. I've tried
> explicitly accepting the sender address in my smtpd_recipient_restrictions'
> final_sender_access file but that has no effect.
>
> -Eric
And what's the content of /
> On 4/12/2011 2:17 AM, email builder wrote:
> >>> Am I correct to infer that both smtp(d)_tls_CAfile settings only serve
> >>> a purpose when you want to verify client/server certificates?
> >>> If that's the case, why does the example at the bottom of TLS_README
> >>> use both the CAfile
Wietse Venema wrote:
Eric Cunningham:
Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from
hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1
: Sender address rejected: Access denied;
from= to= proto=ESMTP
helo=
The recipient address is legit and working for other sen
Wietse wrote:
> However, message_strip_characters has no effect when mail is received with
>
> receive_override_options = no_header_body_checks ...
>
> This is set either in master.cf or main.cf.
And indeed, I have no_header_body_checks specified in my master.cf file --
for "smtp", and als
On 4/12/2011 11:30 AM, Fabien COMBERNOUS wrote:
http://www.postfix.org/TLS_README.html#client_tls_levels
# main.cf
smtp_tls_security_level = may
It is what i did :
smtp_tls_security_level = may
smtp_tls_session_cache_database =
btree:/var/spool/postfix/tls/smtp_session_cache
Now i get this mes
Eric Cunningham:
> Apr 12 13:15:10 postal2 postfix/smtpd[22543]: NOQUEUE: reject: RCPT from
> hsarelay1t.mail.mylife.com[216.52.223.210]: 554 5.7.1
> : Sender address rejected: Access denied;
> from= to= proto=ESMTP
> helo=
> The recipient address is legit and working for other senders.
You
On Tue, 12 Apr 2011 10:54:13 -0400
Kris Deugau articulated:
> Stan Hoeppner wrote:
> > Jerry put forth on 4/11/2011 4:39 PM:
> >> Stan Hoeppner articulated:
> >>> Why bother with this complex greylisting setup? Simply hammer
> >>> the big blocks with a CIDR entry and whitelist individual IPs in
Hi, on occassion, I'm noting rejected emails without any specific reason
logged. Without a reason, it's hard to pinpoint a fix to allow legit
emails through. Here's an example from my mail log:
Apr 12 13:15:10 postal2 postfix/smtpd[22543]: connect from
hsarelay1t.mail.mylife.com[216.52.223.
On Tue, Apr 12, 2011 at 04:24:47PM +0200, Fabien COMBERNOUS wrote:
> I started by getting certificates of the remote smtp service with the
> command :
> [...]
>
> Then i put the certificate in the file /etc/postfix/certs/googlesmtp.pem
> beginning by -BEGIN CERTIFICATE-, ending by -E
Hi,
>> Okay, I've even put the sender_access map first and it is still
>> rejected. Below is the output from postconf:
>
> NEVER put sender whitelists first in smtpd_recipient_restrictions,
> do put them after "reject_unauth_destination", but before any
> sender-specific restrictions that require
Rich sent me a couple files as requested. Of these, File mailnull.txt
(UNIX mailbox format) has a null byte at the end of the last line.
I send this into Postfix
$ tail +2 nullmail.txt | sendmail wietse@localhost
When I view my mailbox with less, the last line looks like:
--0022152d69ed
On 12/04/2011 17:50, Noel Jones wrote:
On 4/12/2011 10:31 AM, Fabien COMBERNOUS wrote:
Thank you for your answer.
On 12/04/2011 17:06, Noel Jones wrote:
[...]
Port 465 is the deprecated "SSL wrapper mode" smtps. The
postfix smtp client doesn't support wrapper mode.
Use the submission port 587
Noel Jones wrote:
On 4/12/2011 10:41 AM, Randy Ramsdell wrote:
Noel Jones wrote:
Sorry, this is simply related to file format it appears.
Ah! A question!
Well, not really.
main.cf
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
protected_lists
@s
On 4/12/2011 10:41 AM, Randy Ramsdell wrote:
Noel Jones wrote:
Sorry, this is simply related to file format it appears.
Ah! A question!
main.cf
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
protected_lists
@someinvaliddomainname.com reject
This w
Zhou, Yan wrote:
Hi There,
How do you gather statistics for messages delivered and processed via
Postfix (both inbound and outbound)? For instance, to show on a daily
basis, how many messages we have received from each domain, how many
messages we have delivered to each domain, etc.
I have see
On 4/12/2011 10:31 AM, Fabien COMBERNOUS wrote:
Thank you for your answer.
On 12/04/2011 17:06, Noel Jones wrote:
[...]
Port 465 is the deprecated "SSL wrapper mode" smtps. The
postfix smtp client doesn't support wrapper mode.
Use the submission port 587 instead, or if you must use 465
see htt
Hello Wietse, thanks for the reply. The mail.log is all I have:
Apr 12 15:38:05 myotherhost postfix/smtpd[24105]: NOQUEUE: reject: RCPT from
unknown[www.xxx.yyy.zzz]: 550 5.1.1 : Recipient address
rejected: User unknown in local recipient table; from=
to= proto=SMTP helo=
I can send mail to local
Noel Jones wrote:
On 4/12/2011 10:12 AM, Randy Ramsdell wrote:
Noel Jones wrote:
On 4/12/2011 8:28 AM, Randy Ramsdell wrote:
Hi,
I am trying to block all mail going to a certain domain. We
use
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
and it coun
Hi There,
How do you gather statistics for messages delivered and processed via
Postfix (both inbound and outbound)? For instance, to show on a daily
basis, how many messages we have received from each domain, how many
messages we have delivered to each domain, etc.
I have seen some options rely
Thank you for your answer.
On 12/04/2011 17:06, Noel Jones wrote:
[...]
Port 465 is the deprecated "SSL wrapper mode" smtps. The postfix smtp
client doesn't support wrapper mode.
Use the submission port 587 instead, or if you must use 465 see
http://www.postfix.org/TLS_README.html#client_smtp
On 4/12/2011 10:12 AM, Randy Ramsdell wrote:
Noel Jones wrote:
On 4/12/2011 8:28 AM, Randy Ramsdell wrote:
Hi,
I am trying to block all mail going to a certain domain. We
use
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
and it counterpart:
smtpd_res
Noel Jones wrote:
On 4/12/2011 8:28 AM, Randy Ramsdell wrote:
Hi,
I am trying to block all mail going to a certain domain. We use
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
and it counterpart:
smtpd_restriction_classes = list_blocks
list_blocks = c
On 4/12/2011 9:24 AM, Fabien COMBERNOUS wrote:
Thank you for URL pointers.
On 12/04/2011 13:53, Noel Jones wrote:
[...]
Yes, TLS and authentication are set up separately in postfix
and can be (and frequently are) used together.
http://www.postfix.org/SASL_README.html#client_sasl_enable
Auth
On Apr 12, 2011, at 10:56 AM, James Seymour wrote:
> On Tue, 12 Apr 2011 17:06:22 +0300
> Tolga wrote:
>
>> Hello,
>>
>> Is it possible to have pflogsumm detail the report by domain? eg.
>>
>> 291 messages received by example.com
>> 354 messages received by example.net
>> xxx messages receive
On Tue, 12 Apr 2011 17:06:22 +0300
Tolga wrote:
> Hello,
>
> Is it possible to have pflogsumm detail the report by domain? eg.
>
> 291 messages received by example.com
> 354 messages received by example.net
> xxx messages received by example.org
[snip]
No.
Regards,
Jim
--
Note: My mail serve
Stan Hoeppner wrote:
Jerry put forth on 4/11/2011 4:39 PM:
Stan Hoeppner articulated:
Why bother with this complex greylisting setup? Simply hammer the big
blocks with a CIDR entry and whitelist individual IPs in the range
from which you need legit mail. If such IPs are used to send both
sno
On 4/12/2011 8:28 AM, Randy Ramsdell wrote:
Hi,
I am trying to block all mail going to a certain domain. We use
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
and it counterpart:
smtpd_restriction_classes = list_blocks
list_blocks = check_sender_access
Thank you for URL pointers.
On 12/04/2011 13:53, Noel Jones wrote:
[...]
Yes, TLS and authentication are set up separately in postfix and can
be (and frequently are) used together.
http://www.postfix.org/SASL_README.html#client_sasl_enable
Authentication with a remote smtp without SSL/TLS (
Hello,
Is it possible to have pflogsumm detail the report by domain? eg.
291 messages received by example.com
354 messages received by example.net
xxx messages received by example.org
and so on...
Regards,
Hi,
I am trying to block all mail going to a certain domain. We use
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_lists
and it counterpart:
smtpd_restriction_classes = list_blocks
list_blocks = check_sender_access hash:/etc/postfix/list_members,reject
The
Stan Hoeppner wrote:
[snip]
>
>> Received: from [190.221.28.39] (unknown [190.221.28.39])
>
> In this example, reject_unknown_reverse_client_hostname would have
> generated a 450 rejection. You should always use
> reject_unknown_reverse_client_hostname at minimum, or the more
> restrictive rejec
On 4/12/2011 2:17 AM, email builder wrote:
Am I correct to infer that both smtp(d)_tls_CAfile settings only serve
a purpose when you want to verify client/server certificates?
If that's the case, why does the example at the bottom of TLS_README
use both the CAfile settings with only opportuni
Wietse Venema:
> > I added "message_strip_characters = \0" to my Postfix's main.cf and did
> > a reload of Postfix, but this doesn't seem to have had any effect on the
> > problem. I did a Google search and found various complaints over the
> > years from people claiming "message_strip_characters
On 4/12/2011 4:12 AM, Fabien COMBERNOUS wrote:
Hi there,
Is it possible to ask postfix to relay mail to an
authenticated smtp service ? This remote smtp service is using
ssl or tls. I know it is possible to relay mail to an
authenticated smtp service but without ssl/tls.
Any peace of informati
On 4/12/2011 3:19 AM, Bernhard Rohrer wrote:
My first port of call here would be to enable features like
- DKIM
- SPF
- reverse DNS lookup for the connecting host, where several things can be done:
Nope. This class of spammers carefully follow the RFCs and
use SPF and DKIM.
- match con
Rich Wales:
> I'm running Postfix 2.8.1 and Cyrus 2.3.16 on an Ubuntu 10.04 (Lucid)
> server.
>
> I'm having trouble with incoming mail from Google's Postini help forum.
> The messages I'm getting contain null characters in the body, so Cyrus
> is saying "554 5.6.0 Message contains NUL characters
http://www.dslreports.com/faq/6456
-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Fabien COMBERNOUS
Sent: Tuesday, April 12, 2011 12:12 PM
To: postfix-users@postfix.org
Subject: authenticated smtp relay and ssl/tls
Hi ther
Hi there,
Is it possible to ask postfix to relay mail to an authenticated smtp
service ? This remote smtp service is using ssl or tls. I know it is
possible to relay mail to an authenticated smtp service but without ssl/tls.
Any peace of information or howto about this is welcome.
Best rega
My first port of call here would be to enable features like
- DKIM
- SPF
- reverse DNS lookup for the connecting host, where several things can be done:
- match connecting IP to hostname in helo or mail from
- match connecting ip to claimed sending domain in helo or mail from (check MX
and A)
> > I'm wondering about the usefulness of smtp(d)_tls_CAfile(path) when using
> > opportunistic encryption in both incoming and outgoing connections. The
> > TLS_README suggests that certificate and key files be left empty for
> > opportunistic smtp processes, but it doesn't talk specifical
pf at alt-ctrl-del.org put forth on 4/11/2011 7:32 PM:
> Just because most of the emails are spam, doesn't mean that most of
> their customers are spammers. After all, the spammers are sending a lot
> more mail than legit sites do.
>
> If the ISP has multiple /15's and /16's, I think that blockin
57 matches
Mail list logo