Hi,
It seems my service provider's network has been blocked by Hotmail.
After many correspondences, I was mailed by Hotmail that the issue was
cleared for one IP, however I gave them wrong one. So, I edited main.cf
and replaced inet_interfaces = all with inet_interfaces = the.ip.I.gave,
and
On 02/27/2013 01:21 AM, Viktor Dukhovni wrote:
On Tue, Feb 26, 2013 at 08:57:51PM -0500, b...@bitrate.net wrote:
When Postfix support for DANE (RFC 6698) is introduced, there will
be a requirement to operate a local nameserver that is DNSSEC aware
on any machine that wants to take advantage
Viktor Dukhovni:
Perhaps postfix check could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perimeter.
Muzaffer Tolga ?zses:
Hi,
It seems my service provider's network has been blocked by Hotmail.
After many correspondences, I was mailed by Hotmail that the issue was
cleared for one IP, however I gave them wrong one. So, I edited main.cf
and replaced inet_interfaces = all with
On 02/27/2013 02:04 PM, Wietse Venema wrote:
egrep '(warning|error|fatal|panic):
Unfortunately, all I get was these and similar, and the most recent one
is from 2 days ago.
egrep '(warning|error|fatal|panic):' /var/log/mail.log | head
Feb 25 01:56:26 server postfix/smtpd[10324]: warning:
Am 27.02.2013 13:14, schrieb Muzaffer Tolga Özses:
On 02/27/2013 02:04 PM, Wietse Venema wrote:
egrep '(warning|error|fatal|panic):
Unfortunately, all I get was these and similar, and the most recent one is
from 2 days ago.
egrep '(warning|error|fatal|panic):' /var/log/mail.log |
On 27 February 2013 13:16, Reindl Harald h.rei...@thelounge.net wrote:
Am 27.02.2013 13:14, schrieb Muzaffer Tolga Özses:
On 02/27/2013 02:04 PM, Wietse Venema wrote:
egrep '(warning|error|fatal|panic):
Unfortunately, all I get was these and similar, and the most recent one is
from 2
i am using virtual users and domains, where i have 2 virtual domains
and few users in both. i would like getmail to fetch email via pop3
from our hosting servers and copy it directly to our Maildir Base,
here is the path of my virtual users mailbox base.
/maildb/vmail/$domain/$user/Maildir
is
Am 27.02.2013 13:51, schrieb Muhammad Yousuf Khan:
i am using virtual users and domains, where i have 2 virtual domains
and few users in both. i would like getmail to fetch email via pop3
from our hosting servers and copy it directly to our Maildir Base,
here is the path of my virtual users
Wietse Venema:
and restarted postfix. However, I'm now getting (connect to
127.0.0.1[127.0.0.1]:10024: Connection refused). I did a grep in the
logs and the output was Feb 27 09:48:17 server postfix/smtp[11674]:
3C361768793: to=to...@ozses.net, relay=127.0.0.1[127.0.0.1]:10024,
Hi,
The number of phishing or otherwise compromised accounts is needing
an automation to manage it. Last night the spammers waited until
the evening and simultaneously used 3 compromised accounts to send
spam over secure smtp. A nagios alert on number of messages
in the queue was our only
On 02/27/2013 04:04 PM, Wietse Venema wrote:
Wietse Venema:
and restarted postfix. However, I'm now getting (connect to
127.0.0.1[127.0.0.1]:10024: Connection refused). I did a grep in the
logs and the output was Feb 27 09:48:17 server postfix/smtp[11674]:
3C361768793: to=to...@ozses.net,
On Wed, Feb 27, 2013 at 10:11:08AM -0400, francis picabia wrote:
Hi,
The number of phishing or otherwise compromised accounts is needing
an automation to manage it. Last night the spammers waited until
the evening and simultaneously used 3 compromised accounts to send
spam over secure
Am 27.02.2013 15:11, schrieb francis picabia:
The size of the message you are trying to send exceeds a temporary size
limit of the server. The message was not sent; try to reduce the message size
or wait some time and try again. The server responded: 4.5.3 Error: too many
recipients.
Wietse:
You have a service on 127.0.0.1 port 10024 that isn't receiving
mail as it should. If that is not a Postfix service, then my
trouble shooting egrep pattern will not apply.
Muzaffer Tolga ?zses:
I had stopped amavis while trying to debug. I now started it again, and
now I am getting
On Feb 27, 2013, at 12:58, Wietse Venema wie...@porcupine.org wrote:
Viktor Dukhovni:
Perhaps postfix check could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would be entirely reasonable to
On 02/27/2013 06:58 AM, Wietse Venema wrote:
Viktor Dukhovni:
Perhaps postfix check could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would be entirely reasonable to share a DNS cache among
On 02/27/2013 09:25 AM, DTNX Postmaster wrote:
On Feb 27, 2013, at 12:58, Wietse Venema wie...@porcupine.org wrote:
Viktor Dukhovni:
Perhaps postfix check could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
On Wed, Feb 27, 2013 at 03:25:41PM +0100, DTNX Postmaster wrote:
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perimeter. One DNS server
per host in a farm of mail servers may not be practical.
A local cache on each,
DTNX Postmaster:
On Feb 27, 2013, at 12:58, Wietse Venema wie...@porcupine.org wrote:
Viktor Dukhovni:
Perhaps postfix check could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would be
* Piotr Rotter piotr.rot...@active24.pl:
I want to disallow this because is rarely (probably poor mail
clients) and make more difficult to automatic parsing amavis logs
like this
2013-02-25T04:29:47+01:00 kurier4 amavis[20204]: (20204-10) Passed
CLEAN, - u...@domain.tld, Hits: -2.56,
On Wed, Feb 27, 2013 at 10:11:08AM -0400, francis picabia wrote:
The number of phishing or otherwise compromised accounts is needing
an automation to manage it. Last night the spammers waited until
the evening and simultaneously used 3 compromised accounts to send
spam over secure smtp. A
On Wed, Feb 27, 2013 at 10:20:50AM -0500, Wietse Venema wrote:
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perimeter. One DNS server
per host in a farm of mail servers may not be practical.
A local cache on each,
On 02/27/2013 10:20 AM, Wietse Venema wrote:
DTNX Postmaster:
On Feb 27, 2013, at 12:58, Wietse Venema wie...@porcupine.org wrote:
Viktor Dukhovni:
Perhaps postfix check could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its
On Wed, Feb 27, 2013 at 10:53:58AM -0500, Robert Moskowitz wrote:
But to share a single DNS among a number of mail servers, say in a
mail farm that probably has lots of other types of servers running
with questionable content, I would want secure tunnels from the mail
server to the DNS server
On 02/27/2013 11:10 AM, Viktor Dukhovni wrote:
I think we've beaten this thread to death, I'm done for now.
And I thank you for all you have said.
Wietse Venema wietse at porcupine.org writes:
deliveries. Proper SMTP connection caching is not done by the SMTP
clients but by a separate process that is queried by SMTP clients.
If you don’t manage to do that with TLS, this statement is plainly wrong.
Connection caching is a matter of also
On 02/27/2013 10:43 AM, Viktor Dukhovni wrote:
On Wed, Feb 27, 2013 at 10:20:50AM -0500, Wietse Venema wrote:
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perimeter. One DNS server
per host in a farm of mail servers may not be
Am 27.02.2013 17:42, schrieb Robert Moskowitz:
On Centos 6.3 (bind 9.8.2 with security patches) I did:
yum install bind bind-chroot
In /etc/sysconfig/network-scripts/ifcfg-eth0 set:
DNS1=127.0.0.1
DNS2=::1
ifdown eth0; ifup eth0
Add to /var/named/chroot/etc/named.conf options
On Wed, Feb 27, 2013 at 01:45:04PM +, Thorsten Glaser wrote:
deliveries. Proper SMTP connection caching is not done by the SMTP
clients but by a separate process that is queried by SMTP clients.
If you don't manage to do that with TLS, this statement is plainly wrong.
If you don't
On 02/27/2013 11:47 AM, Reindl Harald wrote:
Am 27.02.2013 17:42, schrieb Robert Moskowitz:
On Centos 6.3 (bind 9.8.2 with security patches) I did:
yum install bind bind-chroot
In /etc/sysconfig/network-scripts/ifcfg-eth0 set:
DNS1=127.0.0.1
DNS2=::1
ifdown eth0; ifup eth0
Add to
On Wed, Feb 27, 2013 at 05:47:28PM +0100, Reindl Harald wrote:
... more DNS related suggestions ...
Perhaps Postfix could benefit from a DNS_README.html, with examples
tuning a local cache for MX overrides, RBLDNSD integration using
an internal RBL zone, DNSSEC support, and any other
On Feb 27, 2013, at 18:05, Robert Moskowitz r...@htt-consult.com wrote:
Another tidbit is you should firewall access to port 53. Your caching server
is only for you. It is listening only on localhost, but why open up a port
not needed.
Review the examples given again, please. Why would
On 02/27/2013 12:26 PM, DTNX Postmaster wrote:
On Feb 27, 2013, at 18:05, Robert Moskowitz r...@htt-consult.com wrote:
Another tidbit is you should firewall access to port 53. Your caching server
is only for you. It is listening only on localhost, but why open up a port not
needed.
Thorsten Glaser:
Wietse Venema wietse at porcupine.org writes:
deliveries. Proper SMTP connection caching is not done by the SMTP
clients but by a separate process that is queried by SMTP clients.
If you don?t manage to do that with TLS, this statement is plainly wrong.
Well, how does
On Tue, Feb 26, 2013 at 05:16:20PM +0200, Jamie wrote:
I unblocked the IP and the problem came back.
In another mail you said you'd used tcpdump. Why don't you set
tcpdump to record everything from that IP address, unblock the
IP address, wait faor a few spams to go through, block the
IP
If you would send postfix logs and current postconf -n to the list
as requested several times, we could likely clear this all up pretty
quickly.
On 2/27/2013 1:43 PM, Jamie wrote:
Thanks Lorens. I'll consider that.
On 2013/02/27 9:29 PM, Lorens Kockum wrote:
On Tue, Feb 26, 2013 at
Hello,
I have been building el6 (CentOS 6, RHEL 6) RPMs using J. Mudd's SRPMs
(http://ftp.wl0.org/official/2.9/SRPMS/).
Does anyone have experience on building v2.10.x RPMs using the same
SRPMs? Are these safe, or has anyone adjusted the above v2.9.x SRPMs
properly so that they can be used
Noel
On 2013/02/27 9:48 PM, Noel Jones wrote:
If you would send postfix logs and current postconf -n to the list
as requested several times, we could likely clear this all up pretty
quickly.
If you look back earlier in the thread, you will see that I had posted
it already.
On 2/27/2013 2:01 PM, Jamie wrote:
Noel
On 2013/02/27 9:48 PM, Noel Jones wrote:
If you would send postfix logs and current postconf -n to the list
as requested several times, we could likely clear this all up pretty
quickly.
If you look back earlier in the thread, you will see that I had
On Wed, Feb 27, 2013 at 10:01:27PM +0200, Jamie wrote:
On 2013/02/27 9:48 PM, Noel Jones wrote:
If you would send postfix logs and current postconf -n to the
list as requested several times, we could likely clear this all
up pretty quickly.
If you look back earlier in the thread, you will
On 27/02/2013 21:54, Nikolaos Milas wrote:
Hello,
I have been building el6 (CentOS 6, RHEL 6) RPMs using J. Mudd's SRPMs
(http://ftp.wl0.org/official/2.9/SRPMS/).
Does anyone have experience on building v2.10.x RPMs using the same
SRPMs? Are these safe, or has anyone adjusted the above
On Wed, Feb 27, 2013 at 10:11 AM, francis picabia fpica...@gmail.comwrote:
Hi,
The number of phishing or otherwise compromised accounts is needing
an automation to manage it. Last night the spammers waited until
the evening and simultaneously used 3 compromised accounts to send
spam over
Am 27.02.2013 21:45, schrieb francis picabia:
I had a set of cascading iptables rules to rate limit new connections,
but they circumvented this as well. Based on the IP, there were 5 connections
per minute and 15 connections per 5 minutes. If those were exceeded, iptables
would block that
Lesson here about how open you make a new server while under
construction. Fortunately for me, my first step before starting postfix
was to apply my 'recipe' of postconf commands? Anyway the system is
publicly addressed, but on a different subnet than the production box it
will replace. I
On 2/27/2013 2:33 PM, /dev/rob0 wrote:
I only saw main.cf and some largely irrelevant logs.
I was trying to be polite. That's all I saw too.
Do note that your system is ipso facto compromised. We know this
because it is being used by a spammer to send spam. Stop saying
you're not
On Mon, Feb 25, 2013 at 04:59:37PM +, Viktor Dukhovni wrote:
I see negligible benefit from an SNI implementation for Postfix.
Is it time to add an anti-SNI rationale section to TLS_README? This
would set a bad precedent, there is no limit to the number of
non-features we could document.
Am 27.02.2013 22:11, schrieb אנטולי קרסנר:
But I couldn't find a replacement to mailbox hosting.
Hi Anatoly,
I am quite sure there are a ton of professional email services that use
only free (libre) software.
The company I work for provides email services (among other things)
which are based
On 2/27/2013 2:45 PM, francis picabia wrote:
Over 390 unique IPs simultaneously sent email at a gradual rate
using 3 sets of
compromised credentials.
Use postfwd or similar policy service to rate-limit the total
recipients per account over some period of time.
Am 27.02.2013 22:08, schrieb Robert Moskowitz:
Lesson here about how open you make a new server while under construction.
Fortunately for me, my first step
before starting postfix was to apply my 'recipe' of postconf commands?
Anyway the system is publicly addressed,
but on a different
On Wed, Feb 27, 2013 at 03:10:38PM -0600, Noel Jones wrote:
On 2/27/2013 2:33 PM, /dev/rob0 wrote:
I only saw main.cf and some largely irrelevant logs.
I was trying to be polite. That's all I saw too.
I tried to be polite also, but perhaps putting a little less effort
into it than you
On Wed, Feb 27, 2013 at 05:51:08PM +0500, Muhammad Yousuf Khan wrote:
i am using virtual users and domains, where i have 2 virtual domains
and few users in both. i would like getmail to fetch email via pop3
First, I'll note that this is mostly off topic. Postfix has little to
do with this,
I have the need to pipe commands for a few virtual domains. I understand
that the /etc/aliases is usually used for this but the problem I will be
running into is needing more than one local user with the same name.
Example requirement:
supp...@domain1.com
support: |
On Wed, Feb 27, 2013 at 03:42:36PM -0700, Joshua Hopkins wrote:
I have the need to pipe commands for a few virtual domains. I
understand that the /etc/aliases is usually used for this but the
problem I will be running into is needing more than one local user
with the same name.
Example
Am 22.02.2013 17:06, schrieb Viktor Dukhovni:
On Fri, Feb 22, 2013 at 08:48:31AM -0500, Wietse Venema wrote:
We are trying to establish enforced TLS with a partner that hosts about
2000 recipient domains. All of these point to the same four MX records:
host[1-4].example.com
As I did
The operational cost is non-zero. Besides hardware, which must include
backups, and enough physical diversity to offer availability, an email
server is an attractive nuisance; spammers and other criminals constantly
attempt sabotage and burglary, and it takes ongoing manpower to attempt to
hold
On Thu, Feb 28, 2013 at 12:25:53AM +0100, Jan P. Kessler wrote:
Am 22.02.2013 17:06, schrieb Viktor Dukhovni:
Surely, the policy table is indexed by MX hostname as well as
recipient domain.
No, it is not. Only the nexthop domain is used since the MX host
is derived from
On Wed, Feb 27, 2013 at 4:52 PM, Reindl Harald h.rei...@thelounge.netwrote:
Am 27.02.2013 21:45, schrieb francis picabia:
I had a set of cascading iptables rules to rate limit new connections,
but they circumvented this as well. Based on the IP, there were 5
connections
per minute and
On Wed, Feb 27, 2013 at 5:22 PM, Noel Jones njo...@megan.vbhcs.org wrote:
On 2/27/2013 2:45 PM, francis picabia wrote:
Over 390 unique IPs simultaneously sent email at a gradual rate
using 3 sets of
compromised credentials.
Use postfwd or similar policy service to rate-limit the total
The output of postconf -n was submitted in an earlier post (on Tuesday).
it is archived here
http://archives.neohapsis.com/archives/postfix/2013-02/0523.html.
Its difficult to obtain more information now, since the spamming has
stopped after I blocked the offenders IP's. Re-enabling the IP's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/27/2013 8:37 PM, Jamie wrote:
The output of postconf -n was submitted in an earlier post (on
Tuesday). it is archived here
http://archives.neohapsis.com/archives/postfix/2013-02/0523.html.
The
useful information gained from your postconf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/27/2013 8:37 PM, Jamie wrote:
The
useful information gained from your postconf is:
a) It's very unlikely postfix is an open relay
b) you're using a content_filter, so that may explain the connect
from [127.0.0.1] log snippit.
I was hoping
Hi John and all recipients,
I agree offering such a service without charging for it is impossible
without funding. But free means free like in freedom, not free
beer. The idea is to respect user freedom, and it has nothing to do
with money. I personally will not mind paying for a hosted mailbox.
I've written a response to someone else, explaining some issues you
mention here.
A little note on UI: we don't need web UI. It's a good addition but
unnecessary for the beginning. There are many free-software desktop mail
clients. Some are big and complicated, but some are very simple and very
64 matches
Mail list logo
