Re: DKIM signing for wildcard sub domains

2017-12-12 Thread Kent
Hi Anvar, > Yes and also it is recommended to setup different selector for each server > and different key per server. I'm not sure I fully understand what you are saying. So I should have created a separate 'default.private' for each server ? How would this work on my DNS server - would

Re: DKIM signing for wildcard sub domains

2017-12-12 Thread Maarten
So right now since it's set to only verify incoming mail signtures you are seeing the line "DKIM verification sucessful" You should see the signing happening in the logs: Dec 13 08:36:32 localhost opendkim[969]: ED6EDFB7: DKIM-Signature field added (s=default, d=feedmebits.nl) On

Re: DKIM signing for wildcard sub domains

2017-12-12 Thread Maarten
Check /etc/opendkim.conf. And the line that Says Mode. You probably have it set like this: Mode v Change it to: Mode sv sign verify On 2017-12-13 08:32, Kent wrote: Hi Maarten, Apologies - I missed this when I was copying my setup. I already have these lines in my /etc/postfix.main.cf

Re: DKIM signing for wildcard sub domains

2017-12-12 Thread Kent
Hi Maarten, Apologies - I missed this when I was copying my setup. I already have these lines in my /etc/postfix.main.cf file. When an e-mail comes in, I'm seeing these lines in the maillog: > Dec 13 20:24:45 mx01 opendkim[27470]: 81942208493E: mail-lf0-f51.google.com > [209.85.215.51] not

Re: DKIM signing for wildcard sub domains

2017-12-12 Thread Maarten
dkim runs on 8891: tcp0 0 127.0.0.1:8891 0.0.0.0:* LISTEN 969/opendkim This way it will sign the mails, that way you should see something like this: Dec 13 08:14:43 localhost postfix/smtpd[21935]: connect from supernova.feedmebits.nl[46.105.136.80]

Re: DKIM signing for wildcard sub domains

2017-12-12 Thread Anvar Kuchkartaev
Yes and also it is recommended to setup different selector for each server and different key per server. You can test DKIM signature using this website: ‎http://dkimvalidator.com/ Anvar Kuchkartaev  an...@anvartay.com   Original Message   From: Maarten Sent: miércoles, 13 de diciembre de 2017

Re: DKIM signing for wildcard sub domains

2017-12-12 Thread Maarten
Think you are missing something like this in main.cf milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept http://www.postfix.org/postconf.5.html#smtpd_milters On 2017-12-13 03:10, Kent wrote: Hi All, I'm trying to get

Re: Question regarding use of amavisd-new

2017-12-12 Thread J Doe
On Dec 12, 2017, at 11:12 AM, Matus UHLAR - fantomas wrote: >>> On 2017-12-12 10:55, J Doe wrote: >>> I was wondering if fellow Postfix users would still recommend using >>> amavisd-new when integrating AV (ClamAV), and spam filtering (SpamAssasin) ? > >> On 12.12.17 16:12,

DKIM signing for wildcard sub domains

2017-12-12 Thread Kent
Hi All, I'm trying to get DKIM signing working on our postfix mail server. We have a wildcard domain *.school.kiwi.We are providing a mail service for our clients - who each have their own sub-domain eg. abc.school.kiwi or cde.school.kiwi I have two servers, both are identical

Re: Robot attack testing

2017-12-12 Thread Bill Cole
On 12 Dec 2017, at 18:43 (-0500), Gary wrote: https://robotattack.org These tests appear to be aimed at website testing. Any ideas how to test a mail server for the robot attack? In addition to the fact that (non-antique) OpenSSL is not vulnerable to the attack, the way it works would be

Re: Robot attack testing

2017-12-12 Thread Gary
Well then that settles that. The press reports made a muddle of this. Thanks.   Original Message   From: postfix-us...@dukhovni.org Sent: December 12, 2017 3:54 PM To: postfix-users@postfix.org Reply-to: postfix-users@postfix.org Subject: Re: Robot attack testing > On Dec 12, 2017, at 6:43

Re: Robot attack testing

2017-12-12 Thread Viktor Dukhovni
> On Dec 12, 2017, at 6:43 PM, Gary wrote: > > https://robotattack.org > These tests appear to be aimed at website testing. Any ideas how to test a > mail server for the robot attack? Nothing at my fingertips. Note that Postfix TLS support is based on OpenSSL, and

Robot attack testing

2017-12-12 Thread Gary
https://robotattack.org These tests appear to be aimed at website testing. Any ideas how to test a mail server for the robot attack?

Re: Controlling submission recipients

2017-12-12 Thread Andreas Schamanek
On Tue, 12 Dec 2017, at 16:27, Alex wrote: I don't have enough perl knowledge to join or associate then parse multiple lines. Did you have a look at auxiliary/collate from Postfix's source? -- -- Andreas :-)

Re: Controlling submission recipients

2017-12-12 Thread Alex
Hi, On Tue, Dec 12, 2017 at 3:12 PM, Andreas Schamanek wrote: > > On Tue, 12 Dec 2017, at 14:16, Alex wrote: > >>> http://postfwd.org/ >> >> >> I've downloaded postfwd and have read through the manual and sample >> config. >> >> Can you help me develop a rule that will

Re: Controlling submission recipients

2017-12-12 Thread Andreas Schamanek
On Tue, 12 Dec 2017, at 14:16, Alex wrote: http://postfwd.org/ I've downloaded postfwd and have read through the manual and sample config. Can you help me develop a rule that will just log all requests for the submission service that includes the IP, time/date and sasl username? This is

Re: Controlling submission recipients

2017-12-12 Thread Noel Jones
On 12/12/2017 1:16 PM, Alex wrote: > Hi, > >>> On a related question, how can we limit the number of recipients >>> addressed in any one inbound email? What does the sender receive when >>> that limit is reached? Will this cause problems with legitimate mail? >>> >>> The problem we're trying to

Re: Controlling submission recipients

2017-12-12 Thread Alex
Hi, >> On a related question, how can we limit the number of recipients >> addressed in any one inbound email? What does the sender receive when >> that limit is reached? Will this cause problems with legitimate mail? >> >> The problem we're trying to solve is primarily disgruntled employees >>

Re: Controlling submission recipients

2017-12-12 Thread Noel Jones
On 12/12/2017 10:56 AM, Alex wrote: > Hi, > > Following up with my own email, I'd also like to generate a list of > all accounts that have sent an email with greater than ten recipients, > but this information doesn't appear to be available in one line: > > Dec 11 23:59:17 mail

Re: Controlling submission recipients

2017-12-12 Thread Noel Jones
On 12/12/2017 10:29 AM, Alex wrote: > Hi, > > We have postfix-3.1.4 set up on fedora25 to use submission for > outbound mail. How can I control the number of recipients that can be > addressed in any one email? > > Below is my submission config from master.cf. Perhaps it would just be > setting

Re: Controlling submission recipients

2017-12-12 Thread Alex
Hi, Following up with my own email, I'd also like to generate a list of all accounts that have sent an email with greater than ten recipients, but this information doesn't appear to be available in one line: Dec 11 23:59:17 mail postfix/submission/smtpd[13636]: connect from unknown[13.82.28.69]

Controlling submission recipients

2017-12-12 Thread Alex
Hi, We have postfix-3.1.4 set up on fedora25 to use submission for outbound mail. How can I control the number of recipients that can be addressed in any one email? Below is my submission config from master.cf. Perhaps it would just be setting smtpd_recipient_limit specifically for submission?

Re: Question regarding use of amavisd-new

2017-12-12 Thread Matus UHLAR - fantomas
On 2017-12-12 10:55, J Doe wrote: I was wondering if fellow Postfix users would still recommend using amavisd-new when integrating AV (ClamAV), and spam filtering (SpamAssasin) ? On 12.12.17 16:12, Sven Schwedas wrote: There's nothing wrong with Amavis. The only decent alternative I know of

Re: Question regarding use of amavisd-new

2017-12-12 Thread John Stoffel
> "Sven" == Sven Schwedas writes: Sven> On 2017-12-12 10:55, J Doe wrote: >> Hi, >> >> I was wondering if fellow Postfix users would still recommend using >> amavisd-new when integrating AV (ClamAV), and spam filtering (SpamAssasin) ? Sven> There's nothing wrong with

Re: Question regarding use of amavisd-new

2017-12-12 Thread Sven Schwedas
On 2017-12-12 10:55, J Doe wrote: > Hi, > > I was wondering if fellow Postfix users would still recommend using > amavisd-new when integrating AV (ClamAV), and spam filtering (SpamAssasin) ? There's nothing wrong with Amavis. The only decent alternative I know of is Rspamd. > The site I have

Re: Question regarding use of amavisd-new

2017-12-12 Thread Noel Jones
On 12/12/2017 3:55 AM, J Doe wrote: > Hi, > > I was wondering if fellow Postfix users would still recommend using > amavisd-new when integrating AV (ClamAV), and spam filtering (SpamAssasin) ? > > The site I have this in mind for receives a moderate amount of e-mail per day. > > This appears

Question regarding use of amavisd-new

2017-12-12 Thread J Doe
Hi, I was wondering if fellow Postfix users would still recommend using amavisd-new when integrating AV (ClamAV), and spam filtering (SpamAssasin) ? The site I have this in mind for receives a moderate amount of e-mail per day. This appears to be the most mentioned configuration via web

Re: Blocking TLD (one component access list queries)

2017-12-12 Thread Anvar Kuchkartaev
If IP address and domain names continuously changes they are probably fake domain names and emails sent by randomly exploited servers. Following additions to configuration might help: smtpd_sender_restrictions = [...], reject_invalid_hostname, reject_unauth_pipelining,