Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

On 10/28/20 2:38 PM, Wietse Venema wrote: One possible way out is to skip the Postfix sendmail command, and to use a "mini sendmail" program that submits mail via SMTP. adding an msmtp sender as the VirusAction script in clamav milter, though a bit of 'extra', certainly is the simplest. easy

Re: inet_interfaces and domain names

On Wed, Oct 28, 2020 at 08:45:30PM -0400, Alex wrote: > > > Would I have to have multiple instances of postfix running to be able > > > to control which IP is used for which domain? > > > > Give each instance its owninet_inteerfaces setting. > > > > This is covered in > >

Re: inet_interfaces and domain names

Hi, > > Would I have to have multiple instances of postfix running to be able > > to control which IP is used for which domain? > > Give each instance its owninet_inteerfaces setting. > > This is covered in > http://www.postfix.org/BASIC_CONFIGURATION_READNE.html Is there a document that

Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

On 10/28/20 2:38 PM, Wietse Venema wrote: One possible way out is to skip the Postfix sendmail command, and to use a "mini sendmail" program that submits mail via SMTP. i've typically got msmtp rattling around. Obviously that will fail when Postfix is down. noted. not ideal, but not

Re: inet_interfaces and domain names

Alex: > Hi, > > I'm using postfix-3.5.7 on fedora32 on a server with four IP addresses > (mail1, mail2, etc) on one interface. The problem is that all mail > goes out the IP associated with the actual interface, not the virtual > ones, which I believe is causing SPF to fail. > > Is this a Linux

Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

PGNet Dev: > my clamav-milter.conf includes > > VirusAction /usr/local/etc/clamav/scripts/virus-alert.sh > > where that script _does_ invoke sendmail. > > found this process > > ps ax | grep virus > 15670 ?S 0:00 /bin/bash >

inet_interfaces and domain names

Hi, I'm using postfix-3.5.7 on fedora32 on a server with four IP addresses (mail1, mail2, etc) on one interface. The problem is that all mail goes out the IP associated with the actual interface, not the virtual ones, which I believe is causing SPF to fail. Is this a Linux problem? Would I have

Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

On 10/28/20 11:36 AM, PGNet Dev wrote: On 10/28/20 11:30 AM, Viktor Dukhovni wrote: You might start with: # grep -r NoNewPrivileges /etc/systemd i couldn't find any direct, relevant postdrop/maildrop, or NoNewPrivileges, references i chased sendmail usage instances instead. i've

Re: Message got through CIDR table reject rule

On 10/28/2020 1:34 PM, Joey J wrote: To confirm, each table needs an entry like so: check_client_access  cidr:/etc/postfix/clientaccess check_client_access  cidr:/etc/postfix/sender_reject_ip Thank you Yes, each individual access table must be proceeded by a check_*_access statement to

Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

On 10/28/20 11:30 AM, Viktor Dukhovni wrote: You might start with: # grep -r NoNewPrivileges /etc/systemd and all other directories with systemd unit files. yup. already done. nothing --other than the now "=false" (need to double check if that's the same as _removing_ it ) in

Re: Message got through CIDR table reject rule

To confirm, each table needs an entry like so: check_client_access cidr:/etc/postfix/clientaccess check_client_access cidr:/etc/postfix/sender_reject_ip Thank you On Wed, Oct 28, 2020 at 12:38 PM Noel Jones wrote: > On 10/28/2020 11:22 AM, Joey J wrote: > > > I have the following config: > >

Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

On Wed, Oct 28, 2020 at 11:22:55AM -0700, PGNet Dev wrote: > On 10/28/20 10:32 AM, Viktor Dukhovni wrote: > > Indeed a process with "no_new_privs" will not be able to run sendmail(1) > > to submit new email. > > noted. > > that said, this _just_ reappeared here, > >postfix/postdrop[15673]:

Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

On 10/28/20 10:32 AM, Viktor Dukhovni wrote: Indeed a process with "no_new_privs" will not be able to run sendmail(1) to submit new email. noted. that said, this _just_ reappeared here, postfix/postdrop[15673]: warning: mail_queue_enter: create file maildrop/678088.15673: Permission

Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

On Wed, Oct 28, 2020 at 06:19:10PM +0100, Bastian Blank wrote: > > Barring interference from SELinux or AppArmour, ... this should not > > happen unless file permissions change. > > Maybe this was true ten years ago, but it is not longer. The OP even > mentioned something called "no new

Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

Hi Viktor On Wed, Oct 28, 2020 at 01:00:35PM -0400, Viktor Dukhovni wrote: > On Wed, Oct 28, 2020 at 09:01:38AM -0700, PGNet Dev wrote: > > Oct 28 15:02:40 svr019 postfix/postdrop[64624]: warning: > > mail_queue_enter: create file maildrop/553726.64624: Permission denied > > Oct 28

Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

On Wed, Oct 28, 2020 at 10:13:23AM -0700, PGNet Dev wrote: > > For reference, on my system: > > > > $ postconf setgid_group > > setgid_group = maildrop > > $ ls -ld /var/spool/postfix/maildrop > > drwx-wx--- 2 postfix maildrop 2 Oct 28 12:52 > >

Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

On 10/28/20 10:00 AM, Viktor Dukhovni wrote: On Wed, Oct 28, 2020 at 09:01:38AM -0700, PGNet Dev wrote: Oct 28 15:02:40 svr019 postfix/postdrop[64624]: warning: mail_queue_enter: create file maildrop/553726.64624: Permission denied Oct 28 15:02:45 svr019

Re: postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

On Wed, Oct 28, 2020 at 09:01:38AM -0700, PGNet Dev wrote: > Oct 28 15:02:40 svr019 postfix/postdrop[64624]: warning: > mail_queue_enter: create file maildrop/553726.64624: Permission denied > Oct 28 15:02:45 svr019 postfix/postdrop[32688]: warning: > mail_queue_enter: create file

Re: Fwd: Verify Proper method for sender restrictions

On Wed, Oct 28, 2020 at 12:09:38PM -0400, Joey J wrote: > Thank you, sometime I forget to RTFM. > > A 2 part question. > abc.com 550 Spam from ABC.com > > Will this match anything with abc.com, as an example if the message comes > from m...@test.abc.com will it get rejected? The same

Re: Message got through CIDR table reject rule

On 10/28/2020 11:22 AM, Joey J wrote: I have the following config: smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_non_fqdn_recipient check_recipient_access regexp:/etc/postfix/rcptaccess check_sender_access

Message got through CIDR table reject rule

Hello all, I'm trying to figure out if I'm doing this properly. Below is the mail header showing connection from 170.130.34.30 I have the following config: smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_non_fqdn_recipient

Re: Fwd: Verify Proper method for sender restrictions

Thank you, sometime I forget to RTFM. A 2 part question. abc.com 550 Spam from ABC.com Will this match anything with abc.com, as an example if the message comes from m...@test.abc.com will it get rejected? Additionally in the doc I see REJECT and below that 5xx, do I need to have REJECT 550 We

postfix queue perms' control for pflogsumm reporting? avoiding "warning: mail_queue_enter: create file maildrop/...: Permission denied"

on a new, from-distro-pkgs install of Postfix, i've noted an intermittent perms problem it'll run just fine for quite awhile, then I start seeing a steady stream of ... Oct 28 15:02:40 svr019 postfix/postdrop[64624]: warning: mail_queue_enter: create file

Re: Fwd: Verify Proper method for sender restrictions

On 28/10/2020 15:53, Allen Coates wrote: On 28/10/2020 15:24, Viktor Dukhovni wrote: On Wed, Oct 28, 2020 at 09:05:40AM +, Allen Coates wrote: Some time ago (5 years maybe) I discovered that "OK" was not being universally recognised in every access list; I cultivated the habit of

Re: Fwd: Verify Proper method for sender restrictions

On 28/10/2020 15:24, Viktor Dukhovni wrote: > On Wed, Oct 28, 2020 at 09:05:40AM +, Allen Coates wrote: > >> Some time ago (5 years maybe) I discovered that "OK" was not being >> universally >> recognised in every access list; I cultivated the habit of using the words >> "ACCEPT" and

Re: Fwd: Verify Proper method for sender restrictions

On Wed, Oct 28, 2020 at 11:34:35AM -0400, Joey J wrote: > Since you are looking within the code, on a reject we used to put > @abc.com 550 and custom reject message There's no need to consult the code. The lookup keys for access(5) tables are documented. They DO NOT include "@domain". To

Re: Accessing the sending user from a canonical(5) table

Dnia 27.10.2020 o godz. 21:42:24 John Stoffel pisze: > Could someone have an email address of "uid:j...@some.place.home" down > the line? Localpart of the email address may be unquoted or may be enclosed in quotation marks. If unquoted, it may use any of these ASCII characters: * uppercase

Re: Accessing the sending user from a canonical(5) table

On Wed, Oct 28, 2020 at 11:23:42AM -0400, Wietse Venema wrote: > > The lookup key is a login name, given the syntax of the passwd(5) > > file, no ":" characters can appear in a login name. > > However, one goal was to also expose this functionality in the smtps > and submission services, where

Re: Accessing the sending user from a canonical(5) table

On 28/10/2020 16:23, Wietse Venema wrote: > Viktor Dukhovni: >>> On Oct 27, 2020, at 11:42 PM, John Stoffel wrote: >>> >>> Could someone have an email address of "uid:j...@some.place.home" down >>> the line? >> >> The lookup key is a login name, given the syntax of the passwd(5) >> file, no ":"

Re: Fwd: Verify Proper method for sender restrictions

Viktor, Since you are looking within the code, on a reject we used to put @abc.com 550 and custom reject message is that still valid? Will @abc.com REJECT 550 and custom reject message work? Thank you! On Wed, Oct 28, 2020 at 11:25 AM Viktor Dukhovni wrote: > On Wed, Oct 28, 2020 at

Re: Fwd: Verify Proper method for sender restrictions

On Wed, Oct 28, 2020 at 09:05:40AM +, Allen Coates wrote: > Some time ago (5 years maybe) I discovered that "OK" was not being universally > recognised in every access list; I cultivated the habit of using the words > "ACCEPT" and REJECT" - and have had no problems since. That's odd,

Re: Accessing the sending user from a canonical(5) table

Viktor Dukhovni: > > On Oct 27, 2020, at 11:42 PM, John Stoffel wrote: > > > > Could someone have an email address of "uid:j...@some.place.home" down > > the line? > > The lookup key is a login name, given the syntax of the passwd(5) > file, no ":" characters can appear in a login name.

Re: Accessing the sending user from a canonical(5) table

> "Viktor" == Viktor Dukhovni writes: >> On Oct 27, 2020, at 11:42 PM, John Stoffel wrote: >> >> Could someone have an email address of "uid:j...@some.place.home" down >> the line? Viktor> The lookup key is a login name, given the syntax of the passwd(5) Viktor> file, no ":" characters

Re: Fwd: Verify Proper method for sender restrictions

On 26/10/2020 20:44, Joey J wrote: > And within that file have both white & blacklist like so: > youareok.com    OK > youarebad.com   REJCT > 1.2.3.4  550 Block-I dont like you > 1.5.6.0/24 550 Block I dont like any of you. > Some

Re: Verify the proper configuration for blocking/whitelisting a sender.

Wietse Venema skrev den 2020-10-27 20:58: > smtpd_recipient_restrictions= >check_sender_access hash:some-file >check_sender_access cidr:other-file On Tue, Oct 27, 2020 at 4:15 PM Benny Pedersen wrote: would it not be check_client_access for the cidr map ? On 27.10.20 16:27, Joey J