st pointing to an existance
proof that the mailman architecture is not fundamentally broken.
btw- I can't tell from headers whether they use sendmail.org sendmail
or postfix or something else, but amavisd-new is mentioned in the
headers. amsl.com runs most of the mailing lists.
Curtis
On 2/22/2016 3:03 PM, Viktor Dukhovni wrote:
On Mon, Feb 22, 2016 at 02:57:23PM -0500, Curtis Maurand wrote:
The problem was in the /etc/nsswitch.conf.
I changed the line
hosts: files dns
to
hosts:dns files
and that solved the trouble
In message <20160115235712.gn...@mournblade.imrryr.org>
Viktor Dukhovni writes:
>
> On Fri, Jan 15, 2016 at 06:47:38PM -0500, Curtis Villamizar wrote:
>
> > Viktor,
> >
> > If you are still interested below is a tcpdump.
> >
> > If not intere
In message <20160122041647.gh25...@mournblade.imrryr.org>
Viktor Dukhovni writes:
> On Thu, Jan 21, 2016 at 10:55:19PM -0500, Curtis Villamizar wrote:
>
> > It took a while to get a dumpfile. My tcpdump command only covered a
> > subset of comcast.net mailhosts.
> &
In message <20160122213312.gk25...@mournblade.imrryr.org>
Viktor Dukhovni writes:
> On Fri, Jan 22, 2016 at 03:14:22PM -0500, Curtis Villamizar wrote:
>
> > You might
> > also want to report that the keys they use are less than LOW security
> > but that mi
uld not have been
rejected for any kind of ip mismatch. Forward, reverse and helo all match.
Thanks,
Curtis
smtpd_sender_restrictions =
check_sender_access regexp:/etc/postfix/tag_as_originating.re
permit_mynetworks,
permit_sasl_authenticated,
check_recipient_access mysql:/etc/p
On 2/20/2016 11:12 AM, Christian Kivalo wrote:
On 2016-02-20 16:45, Curtis Maurand wrote:
Not sure if I found something or not. A client tried to send email
to one of my other addresses. The requisite portion of the main.cf
follows at the end of the message. The logs are telling me:
Feb
On 2/20/2016 11:26 AM, Curtis Maurand wrote:
On 2/20/2016 11:12 AM, Christian Kivalo wrote:
On 2016-02-20 16:45, Curtis Maurand wrote:
Not sure if I found something or not. A client tried to send email
to one of my other addresses. The requisite portion of the main.cf
follows at the end
On 2/20/2016 12:17 PM, Viktor Dukhovni wrote:
On Sat, Feb 20, 2016 at 11:40:09AM -0500, Curtis Maurand wrote:
i just sent myself a test message from the client's system. Here is what I
got. I immediately ran the lookups using dig. postfix can't seem to
resolve things properly. Running
On 2/20/2016 1:46 PM, Viktor Dukhovni wrote:
On Sat, Feb 20, 2016 at 01:37:39PM -0500, Curtis Maurand wrote:
Nothing is chrooted. resolv.conf is world readable. Wietse's program
returns a valid address. It might not match the reverse, but it did return
an address.
# ./getaddr
ing at the primary DNS which had gone =
> offline because of the fixed IP issue, and no one else seemed to notice =
> since the other DNS servers were working fine.
Are you saying they only looked at the primary NS record? Maybe I
misread a prior post but I thought you meant primary MX record. The
former, if true, would be even more broken.
Curtis
In message <3qnxhn426dzj...@spike.porcupine.org>
Wietse Venema writes:
>
> Curtis Villamizar:
> > Are you saying they only looked at the primary NS record? Maybe I
> > misread a prior post but I thought you meant primary MX record. The
> > former, if t
In message <612d47d4-9465-4031-9d48-e6a0c3a8a...@dukhovni.org>
Viktor Dukhovni writes:
>
> > On Mar 13, 2016, at 5:42 PM, Curtis Villamizar <cur...@orleans.occnc.com>
> > wrote:
> >
> > The NS RR are typically delivered in a fixed order, the order in the
&
tool set and a known set of include files and
library files. So I don't give it good odds on being a drop in and
compile solution. Mail is very simple and fairly self contained and
probably hasn't changed significantly in decades so it might drop in.
I'd exhaust other options first.
Curtis
t FreeBSD has
used over time.
Yes there still is a lot of similarity, but recycled version ... No -
just a quick path to get closer to posix in the utilities with least
restrictive licensing.
Curtis
In message
In message <56dfcd11.5010...@spectralmud.org>
Richard James Salts writes:
> On 09/03/16 06:44, Viktor Dukhovni wrote:
> >> On Mar 8, 2016, at 2:31 PM, Curtis Villamizar <cur...@orleans.occnc.com>
> >> wrote:
> >>
> >> With HTTP the
In message <56e0ccb4.6010...@spectralmud.org>
Richard James Salts writes:
>
> On 10/03/16 09:32, Curtis Villamizar wrote:
> > In message <56dfcd11.5010...@spectralmud.org>
> > Richard James Salts writes:
> >
> >> On 09/03/16 06:44, Viktor Dukhovni wro
n_helo_hostname
>... any other stuff...
On http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions
permit_sasl_authenticated is not listed.
Which makes some sense since the HELO occurs before AUTH. HELO checks
seem to be all IP and hostname related.
> -- Noel Jones
Am I missing something?
C
In message
t;.
That doesn't solve base64 encoding.
Disclaimer: I haven't tried this.
Curtis
On 04/06/16 22:02, Laz C. Peterson wrote:
This is great information.
It's very odd ... Apple has been responsible for the foundation of quite a few
RFC's but in our experience has actually made it difficult for our s
On 04/12/16 06:25, Wietse Venema wrote:
Curtis Villamizar:
I recently had a problem with mail where an ESP was in three blacklists
plus SPF failed and spamassassin tossed some mail. That ESP is down to
one blacklist now. A sender got to me out-of-band and I dug up the
maillog from a few days
ng reports from anyone else, that is a good thing.
I don't think there is any requirement to send empty reports or that
those reports would serve any purpose (except maybe create "I got your
report and here is your" loops).
Curtis
egards
MfG Robert Schetterer
Curtis
On 04/12/16 14:26, Noel Jones wrote:
On 4/12/2016 11:38 AM, Curtis Villamizar wrote:
On 04/12/16 06:25, Wietse Venema wrote:
Curtis Villamizar:
I recently had a problem with mail where an ESP was in three
blacklists
plus SPF failed and spamassassin tossed some mail. That ESP is
down to
one
informed them about how good their
ESP was serving them. btw- If I had been using postscreen back then, I
could not have found this in the logs based on sender email.
Curtis
ps - works for google, though dmarc says "accept and report". Google and
Yahoo are allegedly enforcing o
ectory/postscreen_reject
postscreen_access:
# google mail servers
2607:f8b0:4002:c00::/60 permit
[... other google server blocks ...]
This is a workaround that shouldn't be needed.
Any idea what the cause of this is? So far no legit mail except gmail
gets caught here.
Curtis
In message <20160410024851.gu26...@mournblade.imrryr.org>
Viktor Dukhovni writes:
> On Sat, Apr 09, 2016 at 09:31:48PM -0400, Curtis Villamizar wrote:
>
> > > 1) It looks to me that starttls really only protects the path to the
> > >first server. Classic
In message <5709c8c8.1050...@megan.vbhcs.org>
Noel Jones writes:
> On 4/9/2016 10:00 PM, Curtis Villamizar wrote:
> > Since I enabled postscreen (with soft_bounce=yes in master.cf) I was
> > getting logs of this form:
> >
> > Apr 9 01:08:12 mta1 postfix/postscr
hanks for the links. I emailed one of the authors asking why so
little was said about DNSSEC and nothing at all about DANE.
Curtis
peed of light is limited and geographic delays come into
play. I've been involved in testing and some simulation of this type
but on routers and various switchy-thingies rather than mailservers.
Curtis
> On 04/07/2016 06:19 PM, Wietse Venema wrote:
> > See:
> > http://www.postfix.org/postc
Of course to encrypt using pgp or s/mime both ends must support pgp or
s/mime which has been a problem. People within various communities of
interest use pgp or s/mime (for example, the security community) but
use is very sparse.
Curtis
> > Original Message
> > From: Viktor Duk
In message <3qjz5d5s15zj...@spike.porcupine.org>
Wietse Venema writes:
>
> Curtis Villamizar:
> > Since I enabled postscreen (with soft_bounce=yes in master.cf) I was
> > getting logs of this form:
> >
> > Apr 9 01:08:12 mta1 postfix/postscreen[18326]:
&g
In message <570a341b.9000...@pajamian.dhs.org>
Peter writes:
>
> On 10/04/16 15:00, Curtis Villamizar wrote:
> > This is a workaround that shouldn't be needed.
> >
> > Any idea what the cause of this is? So far no legit mail except gmail
> > gets ca
ce than inet with loopback IMO, reducing the chance
of leverage. Loopback is like a socket or fifo with ugo+rw perms.
Curtis
illog.0.bz2 | cat - /var/log/maillog | ...").
It gets rid of lots of PREGREET or HANGUP in under 1 sec. The
threshhold of 5 is quite low but I don't think it will catch any legit
mail servers. Still playing with this.
Note that the big space before reject is three tabs.
Curtis
echo &
In message <b1132232-5b45-4a7b-8fb8-f240cea1f...@kreme.com>
"@lbutlr" writes:
>
> On Apr 10, 2016, at 10:24 AM, Curtis Villamizar =
> <cur...@orleans.occnc.com> wrote:
> > postscreen_dnsbl_sites =3D
> > list.dnswl.org*-5
> > #
o add DMARC. By publishing those records,
you just avoid having someone forge mail as you (including to you, but
there are plenty of simpler ways to protect against that). I was also
planning to reject based on opendmarc at some point in the
not-so-distant future.
Curtis
client certs can be a
headache to keep track of and hard to get into user's client MUAs.
Filters limiting access to port 587 can then be applied a lot more
strickly than filters on port 25 could be.
Curtis
Tom,
I've been following this thread and also not clear on your
objectives. See inline.
In message
nd add DKIM and SPF DNS records (maybe DMARC, though I
don't do that but might in the near future). DKIM and SPF pass can
only help, even if just a little, and DKIM+SPF+DMARC can make sure
that forgery doesn't penalize your domain.
Maybe someone that actually knows what they are talking about wil
? And no IPv6!
Hello Bill. What's up?
Curtis
ps - sorry - I'd send direct to Bill ... but can't. Maybe the list is
getting through.
the digital stone ages. BSD dropped X.25 a
decade ago but Linux still has code (marked experimental and does not
seem to be supported). The ITU has pull in a lot of places so X.25 is
mandated for packet radio in a lot of places.
That said I'm no expert on this (or much of anything :)
Curtis
that particular type of host. I have to
"cd install_certs; gmake REMOTE_HOST=fqdn install" to add TLS key,
cert, and CA cert files for some hosts.
I don't know if this helps since I can't at this time share the tools.
But the point is it can be done and can be improved o
a resource hog
as it is.
Cheers,
Curtis
--
Best Regards Curtis Maurand
mailto:cur...@maurand.com
layers.
DNS has become very ugly as Google and Cloudflare attempt to monopolize it.
--
Best Regards
Curtis Maurand
mailto:cur...@maurand.com
possible, I would like to avoid writing a list of all my user
mailbox @ all domain names neither in virtual, nor in relay_recipients
file.
Thanks a lot for your help.
Samuel
--
Best Regards Curtis Maurand
mailto:cur...@maurand.com
Wouldn't procmail do something like this? I haven't used procmail for quite
some time, but iirc it can handle passing to a filter program, then the filter
can hand it to the lmtp (dovecot for instance).
Just a thought. I now return to the lurkers lair.
--Curtis
On February 15, 2019 6:58:00
-response-to-ehlo-helo?forum=exchangesvradmin
Cheers,
Curtis
On 7/1/19 1:24 AM, subscription1 wrote:
I'd appreciate you help with the following:
I'm looking after two server on 2 differents domains. During testing I
found the following issue.
On the sending server I get the following
Jul 1 14:18
Not competitors. Oligarchs. Colluders market fixers. Competition killers.
Sent from my iPhone
> On Sep 17, 2019, at 4:44 AM, Wesley Peng wrote:
>
> Hello,
>
> though this is a little OT, but I was curious since verizon has bought yahoo
> for long days, why ATT still host its customer email
you could set up the mail aliases in transport maps to pass them to mailman
Sent from my iPhone
> On Feb 14, 2020, at 10:43 AM, Peter Fraser wrote:
>
>
> Hi All
> I am trying to figure out how to get this working. I run Mailman through
> Postfix. The Mailman aliases are in alias_maps. I
it should be. use ldap. active directory is nothing but a glorified ldap
server and listens on port 389.
Sent from my iPhone
> On Feb 9, 2020, at 7:04 AM, John Regan wrote:
>
>
> Hi,
>
> Is it possible for postfix to directly access the email addresses or userlist
> from an Exchange
On 2/9/20 12:39 PM, Gerard E. Seibert wrote:
On Sun, 9 Feb 2020 07:56:53 -0500, Curtis Maurand stated:
it should be. use ldap. active directory is nothing but a glorified
ldap server and listens on port 389.
If it were ldap over ssl the port is 636 I believe.
I stand corrected.
In message
"michae...@rocketmail.com" writes:
> THANKS to a all who answered!!!
>
> A lot of shared experience, learned a lot, cool. It's always very
> interesting how threads are meandering, somehow, adding new aspects to
> unasked but also relevant questions. Crowd as it's best :-)
mple.com if you can only get one IPv4 address.
Hope this helps.
Curtis
> - EOM for impatient readers :-) ---
>
> Hi patient readers :-)
>
> reason for my question:
>
> I'm running my own small postfix/dovecot etc. environment on a
> VPS. Running fine for years
> On Aug 9, 2020, at 8:09 PM, Viktor Dukhovni
> wrote:
>
> - Mail to managed lists with an owner-alias
>- Mail to pipes
>- Mail to :include:/some/file lists.
this can be put into the transports table and you can skip the /etc/aliases
altogether.
easier than that. use linux heartbeat on the two postfix service. the
failover happens within seconds. use the unison file system to keep the
spool folders and other necessary folders needed to pick up on the
failover machine and when the primary fails, whatever services that need
to be
It's part of the config in main.cf You can specify "myhostname"
myhostname = host.domain.tld
Cheers, Curtis
On 6/30/20 4:55 PM, Istvan Prosinger wrote:
On 6/30/20 10:34 PM, Wietse Venema wrote:
Istvan Prosinger:
On 6/30/20 9:49 PM, Wietse Venema wrote:
Istvan Prosinger:
sets both the
external address AND Postfix settings.
Wietse
Wietse's solution is better. what he said.
--Curtis
How about a general sieve rule in your dovecot server or a filter in your
delivery agent?
Sent from my iPhone
> On Dec 1, 2020, at 5:11 PM, lists wrote:
>
> About 70% of my spam these days contains links to Google Forms. I've been
> googling for tips on how to reject such email but Google
Sent from my iPhone
> On Jan 20, 2021, at 10:27 AM, Jaroslaw Rafa wrote:
>
> Dnia 20.01.2021 o godz. 15:48:29 Ganael Laplanche pisze:
>>> So just try to create some simple "proxy" to your LDAP server that does only
>>> one thing: if LDAP is available, just return the response from LDAP; if
apabilities. stop the ldap server,
restore the database from the snapshot, start the server. that can also be
automated and have it happen in seconds.
—Curtis
Sent from my iPhone
for the blackhole lists, etc. take a look ar mxtoolbox.com
postfix should be passing sasl requests to dovecot’s imap process. I use a
tool called ispconfig which sets all of this up along with other tools such as
clamav, rspamd or amavisd along with per user policies.
my $0.02. I like its
-Curtis
Sent from my iPhone
> On Feb 2, 2021, at 10:31 AM, Bill Cole
> wrote:
>
> On 2 Feb 2021, at 9:49, Leo Bicknell wrote:
>
>> Perhaps Postfix does not support returning to clear text from a STARTTLS
>> session and doing futher protocol operations. I have not
y the policy says all incoming mail
from x.tld should come from spf.protection.outlook.com not the ip address that
google owns from which the message originated.
Cheers,
Curtis
your a record and fqdn, your helo/ehlo hostname and the ptr record all need to
match.
Sent from my iPhone
> On Mar 9, 2021, at 12:36 PM, Greg Sims wrote:
>
>
> We are receiving the following in our email logs:
>
> Mar 09 08:12:15 mail01.raystedman.org postfix/smtpd[13431]: warning:
I totally agree with this and I am going to work to scrub the prior terminology
from my system.
Thank you, Wietse
—Curtis
Sent from my iPhone
> On Feb 24, 2021, at 12:12 PM, Wietse Venema wrote:
>
> The following is from the postfix-3.6-20210221 release notes.
>
>Wiet
would be a compelling choice of an an SMTP
server for students new to network protocols looking for verbose error
messages.
I did a search and found this about custom bounce messages.
https://www.howtoforge.com/configure-custom-postfix-bounce-messages
Cheers,
--Curtis
using syslog-ng within the container.
> Em sáb., 6 de nov. de 2021 às 09:56, Curtis Maurand <
> cur...@maurand.com> escreveu:
> > On Fri, 2021-11-05 at 13:34 -0300, Rafael Azevedo wrote:
> > > One last thing, is it possible to change the date format of the
> > > out
On Fri, 2021-11-05 at 13:34 -0300, Rafael Azevedo wrote:
> One last thing, is it possible to change the date format of the
> output?
> Current format:
> Nov 05 13:20:06 smtp21 postfix/smtp[136]: 9D86C60BBE
>
> I'd like to use ISO format:
> 2021-10-29T19:37:52.017684-03:00 smtp21 postfix/smtp
>
>
able systemd-resolvd and dnsmasq. speeds things up dramatically.
Makes things much more reliable. I have much harsher opinions about
systemd, but that's not for this list.
--Curtis
--
Curtis
https://curtis.maurand.com
I might also suggest pdns-recursor. very fast.
Sent from my iPhone
> On Aug 8, 2022, at 4:18 PM, Demi Marie Obenour wrote:
>
> On 8/7/22 09:50, Linkcheck wrote:
>>> On 07/08/2022 1:12 pm, Rob McGee wrote:
>>> dig 2.0.0.127.zen.spamhaus.org. any
>>
>> ANY has to be after DIG, not at the end,
Sadly MS is as fallible as the rest of us.
Sent from my iPhone
> On Nov 2, 2022, at 4:56 AM, Linkcheck wrote:
>
> Thanks, Viktor. That's interesting. You'd think someone like MS could get it
> right. :(
>
where do I find smtp-amavis connect timeout ?
Tweaking the timeouts won't help in this case, the real issue is Amavis
performance. Disable the content inspection features that make it slow,
or replace Amavis with something faster.
--
Viktor.
--
Curtis
https://curtis.maurand.com
Running a Postfix 2.2 server...
The server won't accept u...@somewhereelse.com@ourserver.com
But, it is accepting @somewhereelse.com:u...@ourserver.com
We will be upgrading Postfix soon, but in the meantime, how do I best
block this ?
we have permit_sasl_authenticated, permit_mynetworks, and
Wietse Venema wrote:
Curtis H. Wilbar Jr.:
Running a Postfix 2.2 server...
The server won't accept u...@somewhereelse.com@ourserver.com
But, it is accepting @somewhereelse.com:u...@ourserver.com
This is historical syntax, and is deprecated.
For compatibility, Postfix accepts
SPF, DKIM, and DMARC all pass at gmail.
Thanks,
Curtis
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
been running rspamd for nearly a year and I've been very happy with
it. It's a huge improvement over amavis/spamassassin. It is very fast.
--Curtis
--
Curtis
https://curtis.maurand.com
___
Postfix-users mailing list -- postfix-users@postfix.org
that it's documentation is cryptic and not for the faint of
heart. They surely don't stick to the KISS method.
--
Curtis
https://curtis.maurand.com
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix
a long list of banned ip addresses in my system. I've also
changed the length of time addresses get banned for from hours to months.
--Curtis
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le
101 - 180 of 180 matches
Mail list logo