Re: Command line simulation of postfix ip-matching syntax
Dominic Raferd: > Is there a command-line tool that can simulate postfix's ip-matching syntax > with semicolons and double dots? > > # echo "127.0.0.3"|grepcidr "127.0.0.[1;3;5]" > grepcidr: Not a valid pattern: 127.0.0.[1;3;5] > # echo "127.0.0.3"|grepcidr "127.0.0.[1..5]" > grepcidr: Not a valid pattern: 127.0.0.[1..5] I think that the syntax is used only for DNS[BW]L lookup results. There is a postmap CLI for table lookups, but no equivalent CLI for DNS[BW]L. Long ago I tried to use DNS as a lookup table, but that idea never worked out. Wietse
Re: combining ldap and smtp-lookahead for recipient validation
Jonathan Engbrecht:
> I route mail for a number of relay_domains - recipient addresses are
> validated using verify via address_verify_transport
>
> For *one* of these domains, I'd like to validate addresses using an ldap
> map configured with relay_recipient_maps rather than smtp lookahead.
>
> I have the ldap connection working based on postmap -q ..., but I'm not
> sure how to configure to make some domains work using the lookahead, and
> one to work using relay_recipient_maps.
This should be easier, but 1) relay_recipient_maps is global, so you
have to leave that 'empty' and use check_recipient_access instead
(*); and 2) restriction_classes is needed for a nested table lookup.
Untested example!
restriction_classes = verify_with_lookup
verify_with_lookup =
check_recipient_access ldap:/some/file static:{reject 5.1.1 user unknown}
# Where the LDAP returns 'permit' or 'ok' for a user that exists.
smtpd_recipient_restrictions =
...
reject_unauth_destination
...
# Needs to go last, because verify_with_lookup returns permit or reject.
check_recipient_access pcre:/etc/postfix/rcpt_access
/etc/postfix/rcpt_access:
/@example\.com$/ verify_with_lookup
/./ reject_unverified_recipient
More at http://www.postfix.org/RESTRICTION_CLASS_README.html
(*) relay_recipient_maps can be changed to be not global,
but doing that would complicate other things.
Wietse
Command line simulation of postfix ip-matching syntax
Is there a command-line tool that can simulate postfix's ip-matching syntax with semicolons and double dots? # echo "127.0.0.3"|grepcidr "127.0.0.[1;3;5]" grepcidr: Not a valid pattern: 127.0.0.[1;3;5] # echo "127.0.0.3"|grepcidr "127.0.0.[1..5]" grepcidr: Not a valid pattern: 127.0.0.[1..5]
combining ldap and smtp-lookahead for recipient validation
I route mail for a number of relay_domains - recipient addresses are validated using verify via address_verify_transport For *one* of these domains, I'd like to validate addresses using an ldap map configured with relay_recipient_maps rather than smtp lookahead. I have the ldap connection working based on postmap -q ..., but I'm not sure how to configure to make some domains work using the lookahead, and one to work using relay_recipient_maps. help?/thanks Jonathan
Re: Preferred/maintained greylisting options?
See POSTSCREEN_README for logging examples and explanation, also on-line at http://www.postfix.org/POSTSCREEN_README.html. That includes PASS NEW, PASS OLD, and if some example is missing. please let me know. Wietse
Re: are rsa certs/keys still needed/recommended for use in postfix? or can just ecc be relied on?
On Mo, Jun 01, 2020 at 20:28:12 -0700, PGNet Dev wrote: for websites it seems that, for all practical purposes, ecc ssl certs are all that's needed anymore does the same hold true for smtp(d)? That depends. The AVM Fritzbox for example can only use RSA, so if your Fritzbox should send mail reports via submission and STARTTLS, it will break without RSA keys/certs on the postfix server. Shade and sweet water! Stephan -- |If your life was a horse, you'd have to shoot it.|
