Re: Question regarding smtpd and log of “Untrusted TLS connection”

> On Oct 20, 2017, at 4:54 PM, J Doe wrote: > > I currently have a Postfix 3.1.0 server with smtpd configured to use > opportunistic TLS encryption: > >/etc/postfix/main.cf >smtpd_tls_security_level = may This setting is for inbound mail from remote

Re: Question regarding smtpd and log of “Untrusted TLS connection”

On 10/20/2017 3:54 PM, J Doe wrote: > I am wondering two things: > > [1] Am I correct that the remote server has not been authenticated but has > used encryption ? > Correct. > [2] Is it not authenticated in this case because the remote server appears to > be a self-signed certificate ? >

Re: Virtual Domains/ Users

On 10/20/2017 12:42 PM, cac...@quantum-equities.com wrote: > Thanks Noel and Rob, I may be on the right track now.  Good to know > I can trust the docs to be current. > > So my three domains with 6 users are completely independent of one > another;  no aliasing.  Thus I used > *Non-Postfix

Question regarding smtpd and log of “Untrusted TLS connection”

Hello, I currently have a Postfix 3.1.0 server with smtpd configured to use opportunistic TLS encryption: /etc/postfix/main.cf smtpd_tls_security_level = may In the documentation I have noted that even if STARTTLS is enabled, mail delivery will not be stopped even if the

Re: How can I "reject_unverified_LOCAL_sender"?

Ah! >> I don't see how I can do this with Postfix, and it's not even simple in >> a policy due to the cyclic risk. What are others doing in this respect? > > /etc/postfix/main.cf > smtpd_reject_unlisted_sender = yes I mistook the documentation of this option to also work on external

Re: How can I "reject_unverified_LOCAL_sender"?

On 2017-10-20 21:28:29 (+0200), Rick van Rein wrote: On 2017-10-20 21:17:26 (+0200), Philip Paeps wrote: On 2017-10-20 19:51:07 (+0200), Rick van Rein wrote: Wouldn't it be a lot easier simply to reject those with SPF? If you're seeing mail from one of your domains coming in from a host you

Re: How can I "reject_unverified_LOCAL_sender"?

Rick van Rein: > Hello, > > I see a lot of spam entering that claims to have come from a local > domain, usually guessing a non-existent account. I've been looking for > a way to "reject_unverified_local_sender", by which I mean that the > sender address is verified iff it occurs in

Re: How can I "reject_unverified_LOCAL_sender"?

Hi Philip, > Wouldn't it be a lot easier simply to reject those with SPF? If > you're seeing mail from one of your domains coming in from a host you > know couldn't have legitimately sent it, you can reject it outright. That would block not just the spam, but also legitimate bypassing through

Re: How can I "reject_unverified_LOCAL_sender"?

On 2017-10-20 19:51:07 (+0200), Rick van Rein wrote: I see a lot of spam entering that claims to have come from a local domain, usually guessing a non-existent account. I've been looking for a way to "reject_unverified_local_sender", by which I mean that the sender address is verified iff it

Re: Block IP rcpt-to or block MX

Thanks for your help. El 20/10/17 a las 11:06, Dominic Raferd escribió: On 20 October 2017 at 14:50, Emanuel > wrote: Quota: *Obvs you need to hash the transport file and then reload postfix. This transport file can

Re: Block IP rcpt-to or block MX

On 20 Oct 2017, at 12:25 (-0400), Matus UHLAR - fantomas wrote: On 20 Oct 2017, at 9:38 (-0400), Matus UHLAR - fantomas wrote: unless you know that hotmial.com is an malicious site, don't block it. On 20.10.17 10:43, Bill Cole wrote: Go to http://hotmial.com with a JavaScript-enabled browser

How can I "reject_unverified_LOCAL_sender"?

Hello, I see a lot of spam entering that claims to have come from a local domain, usually guessing a non-existent account. I've been looking for a way to "reject_unverified_local_sender", by which I mean that the sender address is verified iff it occurs in virtual_alias_domains (and perhaps a

Re: Virtual Domains/ Users

Thanks Noel and Rob, I may be on the right track now.  Good to know I can trust the docs to be current. So my three domains with 6 users are completely independent of one another;  no aliasing.  Thus I used *Non-Postfix mailbox store: separate domains, non-UNIX accounts* In main.cf I set

Re: noobie configuration problem

I had glanced at the transport(5) man page previously but when I saw the "nexthop" notations, presumed I could only specify a single machine there. I see now I was wrong. Thanks and thanks also to Raimund Sacherer. On 10/18/2017 09:15 PM, Anvar Kuchkartaev wrote: > Take a look at: >

easy DKIM question, at least i think it is...

Hi, i have a small DKIM question. config files are at bottom of email. I got it working but don't understand why ? The one change i made to get it to work was add 137.99.0.0/16 to the TrustedHosts file. So tests with from of x...@appmail.uconn.edu and x...@uconn.edu are getting signed and I

Re: Block IP rcpt-to or block MX

On 20 Oct 2017, at 9:38 (-0400), Matus UHLAR - fantomas wrote: unless you know that hotmial.com is an malicious site, don't block it. On 20.10.17 10:43, Bill Cole wrote: Go to http://hotmial.com with a JavaScript-enabled browser and tell me what you think. Or, DON'T DO THAT! At least,

Re: disable receiving for particular email

On 20 Oct 2017, at 11:37 (-0400), Michael Orlitzky wrote: tl;dr use a real address That's the bottom line best practice for all use cases. ALL. If you can't think of a process to handle the asynchronous bounces and the intentional replies by innocent fools, you should not be sending the

Re: disable receiving for particular email

On 20.10.2017 17:37, Michael Orlitzky wrote: > [...] > tl;dr use a real address The reply address is "real", just not monitored. The people I work with who receive this type of message are smart enough to contact a human, so I can in good conscience use nore...@somedomain.tld as a generic sender

Re: disable receiving for particular email

On 10/20/2017 09:57 AM, Ralph Seichter wrote: > > Depending on the use case, discarding email can be as valid a method as > rejecting email. Messages sent by automation- or monitoring-services > (Jenkins, Icinga) come to mind. If somebody chooses to reply to these > machine-generated

Re: Block IP rcpt-to or block MX

On 20 Oct 2017, at 9:38 (-0400), Matus UHLAR - fantomas wrote: unless you know that hotmial.com is an malicious site, don't block it. Go to http://hotmial.com with a JavaScript-enabled browser and tell me what you think. Or, DON'T DO THAT! At least, don't do it on a weakly-defended

Re: Block IP rcpt-to or block MX

On Fri, Oct 20, 2017 at 03:06:32PM +0100, Dominic Raferd wrote: > On 20 October 2017 at 14:50, Emanuel > wrote: > > > Quota: *Obvs you need to hash the transport file and then reload > > postfix. This transport file can easily be extended to cover > > similar

Re: filter_readme nexthop lookup

Thanks for your answer Mr Venema. In the readme they define the service on the port 10025 directly in the master.cf using the spawn utility, maybe the smtp agent doesn't lookup a dns record if it finds the next host defined in the service column of master.cf. Unfortunately now I'm in the office

Re: Block IP rcpt-to or block MX

On 20 October 2017 at 14:50, Emanuel wrote: > Quota: *Obvs you need to hash the transport file and then reload postfix. > This transport file can easily be extended to cover similar cases.* > > how to make this? > ​ postmap /etc/postfix/transport postfix reload​

Re: disable receiving for particular email

On 20.10.2017 14:43, /dev/rob0 wrote: > On Fri, Oct 20, 2017 at 11:12:17AM +0200, Matus UHLAR - fantomas wrote: > > > I recommend using real, existent address and check its content once > > upon a time. You don't want to get blocked (see points 2. and 4.) > > Absolutely. This is better than the

Re: disable receiving for particular email

On Fri, Oct 20, 2017 at 03:29:02PM +0200, Poliman - Serwis wrote: > Do you have maybe other better options? I am open for all nice > suggestions. :) I already said what I think is best, so no. But maybe we don't fully know why you're wanting the "no reply" address? > 2017-10-20 14:43

Re: filter_readme nexthop lookup

fusillator: > Does FILTER_README suppose you have a dns record for localhost? > Is there a way to use /etc/hosts to resolve localhost? FILTER_README does none of that. It just describes how you use a Postfix SMTP client (or other Postfix delivery agent) to send mail into a filter, and how to get

Re: Block IP rcpt-to or block MX

On 20.10.17 10:21, Emanuel wrote: Is it possible to create a list where the IP of certain recipients can be blocked? IPs not, domains yes, use check_recipient_access http://www.postfix.org/SMTPD_ACCESS_README.html Our users incorrectly type the domain name of the recipient. *hotmial.com ==>

Re: Block IP rcpt-to or block MX

On 20 October 2017 at 14:21, Emanuel wrote: > Hello, > > Is it possible to create a list where the IP of certain recipients can be > blocked? > > Here and example: > > Oct 19 10:15:09 smtp01 postfix/smtpd[11048]: 5C28C20018459: > client=myserver[172.17.111.242] > Oct

Re: disable receiving for particular email

On Fri, Oct 20, 2017 at 11:12:17AM +0200, Matus UHLAR - fantomas wrote: > I recommend using real, existent address and check its content once > upon a time. You don't want to get blocked (see points 2. and 4.) 2017-10-20 14:43 GMT+02:00 /dev/rob0 : Absolutely. This is

Re: disable receiving for particular email

What are you really trying to accomplish? What is the problem you are trying to solve? Original Message > Date: Friday, October 20, 2017 15:29:02 +0200 > From: Poliman - Serwis > To: Postfix users > Subject: Re: disable

Re: Tailored filter

Hello, Thanks a lot Noel for this bird's-eye view of possible solutions. The most promising tool for my setting seems to be Postfwd, which I'll now explore. Sébastien. One of the casualties in the war on spam is mail forwarders. The built-in postfix way to control the sender/recipient

Re: disable receiving for particular email

Do you have maybe other better options? I am open for all nice suggestions. :) 2017-10-20 14:43 GMT+02:00 /dev/rob0 : > On Fri, Oct 20, 2017 at 11:12:17AM +0200, >Matus UHLAR - fantomas wrote: > > On 20.10.17 08:00, Poliman - Serwis wrote: > > > Hi all. I would like to create

Block IP rcpt-to or block MX

Hello, Is it possible to create a list where the IP of certain recipients can be blocked? Here and example: Oct 19 10:15:09 smtp01 postfix/smtpd[11048]: 5C28C20018459: client=myserver[172.17.111.242] Oct 19 10:15:09 smtp01 postfix/cleanup[6836]: 5C28C20018459:

Re: disable receiving for particular email

On Fri, Oct 20, 2017 at 11:12:17AM +0200, Matus UHLAR - fantomas wrote: > On 20.10.17 08:00, Poliman - Serwis wrote: > > Hi all. I would like to create "do not reply" email account. The > > simpliest way is create an email account and disable receiving. As was suggested upthread, the simplest

Re: bcc emails to two addresses

> > On 19.10.17 17:01, A. Schulze wrote: > >> it's simpler. >> you do not need a separate transport to enforce >> destination_recipient_limit=1 >> >> pcrefile: >> /(.+)@(.+)/ someuser+${1}_at_${2}@archive >> /(.*)/ someuser+${1}@archive >> >> main.cf: >> recipient_bcc_maps =

Re: disable receiving for particular email

On 20.10.17 08:00, Poliman - Serwis wrote: Hi all. I would like to create "do not reply" email account. The simpliest way is create an email account and disable receiving. Which option in Postfix permit disable receiving for particular email? you can disable receiving mail for such account

Re: disable receiving for particular email

On 20.10.2017 08:00, Poliman - Serwis wrote: > I would like to create "do not reply" email account. If by that you mean throwing away incoming email silently instead of generating rejection errors, a polite way to do it is using recipient restrictions. smtpd_recipient_restrictions = ...

Re: bcc emails to two addresses

A. Schulze: (braindump, I'll post an update tomorrow if I'm wrong...) pcrefile: /^(.+)\@(.+)$/ someuser+$1_at_$2@archive transport_maps: archivesmtp_to_archive: main.cf: recipient_bcc_maps = pcre:/path/to/pcrefile transport_maps = hash:/path/to/transport_maps

Re: disable receiving for particular email

Fri, 20 Oct 2017 08:00:35 +0200 skrev Poliman - Serwis : > Hi all. I would like to create "do not reply" email account. The simpliest > way is create an email account and disable receiving. Which option in > Postfix permit disable receiving for particular email? > Why not use

disable receiving for particular email

Hi all. I would like to create "do not reply" email account. The simpliest way is create an email account and disable receiving. Which option in Postfix permit disable receiving for particular email? -- *Pozdrawiam / Best Regards* *Piotr Bracha*