Hello,
If I use the 'smtpd_helo_restrictions' option parameter
'reject_unknown_helo_hostname', will a hostname that is an address
literal be rejected?
Regards,
Nikolas Kallis
I've found the solution. In postfix nexthop destination domains not
enclosed in [] will be subject to MX lookups. So If I have domain.x, I
can configure the transport_maps like this::
domain.x smtp:domain.x:25
and postfix makes MX lookups automatically.
De: Arantza Serrano
Noel Jones opined on Sunday 05-May-2013@20:37:44
On 5/5/2013 3:39 AM, LuKreme wrote:
I have several domains on my postfix server, and I have one where the owner
wants the following behavior:
us...@domain.tld = real user account
us...@domain.tld = real user account
*@domain.tld = mail
I have postscreen running well after having it run in non-blocking mode for
awhile, but I continue to see ‘new’ google servers every day.
I’m not sure how many different mail servers google has (over 600 have appeared
in my logs), but it’s a large number, and each new one hits the postscreen
Am 2013-05-13 13:12, schrieb LuKreme:
Other than disabling postscreen which I’m not going to do, is there
anything I can do to whitelist all the google.com domains?
Google recommends their SPF entries:
http://support.google.com/a/bin/answer.py?hl=enhlrm=deanswer=60764
You could create an
Am 2013-05-13 13:25, schrieb Timo Röhling:
Am 2013-05-13 13:12, schrieb LuKreme:
Other than disabling postscreen which I’m not going to do, is there
anything I can do to whitelist all the google.com domains?
Google recommends their SPF entries:
On Mon, May 13, 2013 at 05:12:49AM -0600, LuKreme wrote:
I have postscreen running well after having it run in non-blocking
mode for awhile, but I continue to see ‘new’ google servers every
day.
My mailserver is very low volume, so I am afraid that this is a
problem that will never go
On Mon, May 13, 2013 at 04:30:51PM +1000, Nikolas Kallis wrote:
If I use the 'smtpd_helo_restrictions' option parameter
'reject_unknown_helo_hostname',
FWIW, you don't have to use it in smtpd_helo_restrictions; other
restriction stages can have HELO-based restrictions also. See
On Sun, May 12, 2013 at 08:11:14PM -0500, /dev/rob0 wrote:
On Sun, May 12, 2013 at 08:47:38PM -0400, Wietse Venema wrote:
A lightly-tested version is available as postfix-2.11-20130512.
Woohoo! Thanks!
I installed it, set postscreen_dnsbl_whitelist_threshold=-1
followed by a reload. Two
/dev/rob0:
I don't see any PASS OLD in there, so I guess the whitelist did the
trick? Would anything else be logged?
Hmm, I'm not sure what that was; maybe 66.220.144.151 was due for
retesting in some tests? Here are some from a bit later, which get
PASS NEW without any after-220 tests:
LuKreme:
I have postscreen running well after having it run in non-blocking
mode for awhile, but I continue to see ?new? google servers every
day.
I?m not sure how many different mail servers google has (over 600
have appeared in my logs), but it?s a large number, and each new
one hits the
On Mon, May 13, 2013 at 09:12:57AM -0400, Wietse Venema wrote:
/dev/rob0:
I don't see any PASS OLD in there, so I guess the whitelist
did the trick? Would anything else be logged?
Hmm, I'm not sure what that was; maybe 66.220.144.151 was due
for retesting in some tests? Here are some
Hi,
our latest external PCI scan found SSL-enabled Postfix SMTP servers
(2.7.0 running on Ubuntu 10.04 LTS) vulnerable to SSL CRIME attacks
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929.
I've ported Apache httpd patch
https://issues.apache.org/bugzilla/show_bug.cgi?id=53219 to
Andreas Schiermeier:
Hi,
our latest external PCI scan found SSL-enabled Postfix SMTP servers
(2.7.0 running on Ubuntu 10.04 LTS) vulnerable to SSL CRIME attacks
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929.
I've ported Apache httpd patch
/dev/rob0:
On Mon, May 13, 2013 at 09:12:57AM -0400, Wietse Venema wrote:
/dev/rob0:
I don't see any PASS OLD in there, so I guess the whitelist
did the trick? Would anything else be logged?
Hmm, I'm not sure what that was; maybe 66.220.144.151 was due
for retesting in some
Wietse Venema:
/dev/rob0:
On Mon, May 13, 2013 at 09:12:57AM -0400, Wietse Venema wrote:
/dev/rob0:
I don't see any PASS OLD in there, so I guess the whitelist
did the trick? Would anything else be logged?
Hmm, I'm not sure what that was; maybe 66.220.144.151 was due
We are seeing an intermittent issue in our Postfix logs where we see all
outbound threads (smtp) stop delivering email or logging anything while
the active queue continues to grow. This indicates to me that all
active smtp threads are hanging, since nothing from the smtp threads are
recorded
Curtis:
We are seeing an intermittent issue in our Postfix logs where we see all
outbound threads (smtp) stop delivering email or logging anything while
the active queue continues to grow.
There are many ways this can happen.
- One example is that all mail is sent to the deferred queue.
-
Wietse:
On 5/13/2013 1:28 PM, Wietse Venema wrote:
Curtis:
We are seeing an intermittent issue in our Postfix logs where we see all
outbound threads (smtp) stop delivering email or logging anything while
the active queue continues to grow.
There are many ways this can happen.
- One example
/dev/rob0:
On Sun, May 12, 2013 at 08:11:14PM -0500, /dev/rob0 wrote:
On Sun, May 12, 2013 at 08:47:38PM -0400, Wietse Venema wrote:
A lightly-tested version is available as postfix-2.11-20130512.
Woohoo! Thanks!
I installed it, set postscreen_dnsbl_whitelist_threshold=-1
Curtis:
Ok, we have confirmed that the postfix/smtp threads are not just
hanging... after several minutes of logging nothing, each thread exits
with a log entries that looks like this (real host names/IPs masked with
---):
May 9 13:36:50 --- postfix/smtp[1114]: 3b3cyK07Bzz41vV6:
On 5/13/2013 4:04 PM, Wietse Venema wrote:
/dev/rob0:
On Sun, May 12, 2013 at 08:11:14PM -0500, /dev/rob0 wrote:
On Sun, May 12, 2013 at 08:47:38PM -0400, Wietse Venema wrote:
A lightly-tested version is available as postfix-2.11-20130512.
Woohoo! Thanks!
I installed it, set
Noel Jones:
May 13 16:12:13 mgate3 postfix/postscreen[9711]: PREGREET 42 after
0.72 from [186.83.226.229]:1480: HELO
Dynamic-IP-18683226229.cable.net.co\r\n
May 13 16:12:13 mgate3 postfix/postscreen[9711]: panic:
psc_dnsbl_retrieve: no blocklist score for 186.83.226.229
Thanks for finding
Wietse:
On 5/13/2013 3:10 PM, Wietse Venema wrote:
Your outbound SMTP connections are timing out, because the receiving
end runs a PIX/ASA security firewall. These devices have a long
history of breaking SMTP and that is why Postfix turns on PIX
workarounds as logged above.
Yes, I'm
On 5/13/2013 4:55 PM, Wietse Venema wrote:
Noel Jones:
May 13 16:12:13 mgate3 postfix/postscreen[9711]: PREGREET 42 after
0.72 from [186.83.226.229]:1480: HELO
Dynamic-IP-18683226229.cable.net.co\r\n
May 13 16:12:13 mgate3 postfix/postscreen[9711]: panic:
psc_dnsbl_retrieve: no blocklist
On Mon, May 13, 2013 at 12:57:06PM -0600, Curtis wrote:
We are seeing an intermittent issue in our Postfix logs where we see
all outbound threads (smtp) stop delivering email or logging
anything while the active queue continues to grow.
Just to make the language less jarring, Postfix is not
Noel Jones:
Works, thanks. The botherder/spammer conveniently sent me another
run just after patching; no more errors.
Also uploaded as snapshot 20130513.
Wietse
Curtis:
So, if qmgr is still running, then my question remains the same... since
the active queue is growing what are possible reasons why new smtp
threads would not be spawning until every last active thread gives up on
this non-responsive mail server?
See the first example in my first
On Wed, May 1, 2013 at 5:14 AM, /dev/rob0 r...@gmx.co.uk wrote:
Here are my current entries:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
I don't put these permit_* in global restrictions; I only apply them
to submission via -o
Thank you for your reply. I am really stymied as to what is going on. Yes,
the message is being delivered to the mailman 'post test7' command, but
then takes many hours to actually post. Can someone clarify what is
actually happening in the following line. I read that it means the message
is
On Mon, May 13, 2013 at 02:46:04PM -0600, Curtis wrote:
Ok, we have confirmed that the postfix/smtp threads are not just
hanging... after several minutes of logging nothing, each thread
exits with a log entries that looks like this (real host names/IPs
masked with ---):
May 9 13:36:50 ---
Christopher Adams:
Thank you for your reply. I am really stymied as to what is going on. Yes,
the message is being delivered to the mailman 'post test7' command, but
then takes many hours to actually post.
When Postfix logs status=sent, the mailman process has taken
responsibility for further
Ok, thanks. So, once the message leaves the postfix queue, mailman takes
over delivery. I can focus on why mailman is being finicky.
On May 13, 2013 4:49 PM, Wietse Venema wie...@porcupine.org wrote:
Christopher Adams:
Thank you for your reply. I am really stymied as to what is going on.
Wietse:
On 5/13/2013 5:29 PM, Wietse Venema wrote:
Yes, at the time of each incident, there are a few threads that
eventually time out and throw a few emails into the deferred queue. That
does not concern me. What concerns me is that while Postfix is waiting
for these few threads to time out,
the postfix website seems to be acting unexpectedly. http://www.postfix.org/
appears to have been replaced with what was previously
http://www.postfix.org/documentation.html [and an old version?] rather than
what [iirc] it used to be - http://www.postfix.org/start.html
i thought i'd mention
b...@bitrate.net:
the postfix website seems to be acting unexpectedly.
http://www.postfix.org/ appears to have been replaced with what
was previously http://www.postfix.org/documentation.html [and an
old version?] rather than what [iirc] it used to be -
http://www.postfix.org/start.html
Yup,
On 5/13/2013 6:34 PM, Steve Jenkins wrote:
On Wed, May 1, 2013 at 5:14 AM, /dev/rob0 r...@gmx.co.uk
mailto:r...@gmx.co.uk wrote:
Here are my current entries:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
On 5/13/2013 8:42 PM, Noel Jones wrote:
On 5/13/2013 6:34 PM, Steve Jenkins wrote:
On Wed, May 1, 2013 at 5:14 AM, /dev/rob0 r...@gmx.co.uk
mailto:r...@gmx.co.uk wrote:
Here are my current entries:
smtpd_recipient_restrictions =
permit_mynetworks,
On Mon, May 13, 2013 at 05:53:09PM +0200, Andreas Schiermeier wrote:
our latest external PCI scan found SSL-enabled Postfix SMTP servers
(2.7.0 running on Ubuntu 10.04 LTS) vulnerable to SSL CRIME attacks
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929.
Don't listen to brainless
39 matches
Mail list logo