ellations of network
infrastructure, is outside the scope of this list. There are lists for the
discussion of such issues, although in my experience the useful ones are
not public.
--
Fred Morris
then they run the risk of being perceived as
cesspools of spam and throwaway accounts.
--
Fred Morris
On Thu, 21 Nov 2019, Wesley Peng wrote:
[...]
I saw a trend that, every ESP has taken hard work on antispam policy.
[...]
Does this mean every country has taken the strictest antispam laws
One more thing...
On Thu, 21 Nov 2019, Fred Morris wrote:
Since I run my own mail servers I'm probably not a good person to ask. I
don't find it particularly hard work. I set account limits, provide some
tools and also disincentives to make safety and privacy the easier course and
at the end
On Fri, 22 Nov 2019, Merrick wrote:
On Fri, Nov 22, 2019, at 2:25 AM, Fred Morris wrote:
I'll hazard that the reputation of particular domains whether they're
TLDs or PseudoTLDs, registrars, or particular constellations of network
infrastructure, is outside the scope of this list
I run a copy of TruAlias naked exposed to the internet as a demo as well.
Theoretically I suspect you could lock up a core, but it hasn't happened;
I'd notice.
It's the system's fault...
--
Fred Morris
le by design as a matter of course.
What's the chief security concern with TCP tables, and does the
operational environment impact it? Is there an underlying vulnerability
in postfix itself, or is it a general allergy to running unencrypted
internet services even on loopback?
Respectfully...
--
Fred Morris
I'm working on something, I've seen Viktor on some relevant changes. I
would like to discuss TCP maps, security implications, etc. Viktor
should know I'm one of the 50 kooks who care from dns-ops.
Thanks in advance...
--
Fred Morris
t in local_recipient_maps?
The objective is to preserve the ability to reject recipients during the
SMTP conversation.
Thanks in advance...
--
Fred Morris
4/20 10:49 AM, Viktor Dukhovni wrote:
> On Fri, Jan 24, 2020 at 10:04:26AM -0800, Fred Morris wrote:
>
>> I want to call a milter as a "bump in the wire" before this check to
>> potentially alter local recipients prior to them ricocheting off of
founds the discussion about real issues.
Based on past reception I have no intention of continuing the discussion
here, if you have issues with the analysis you're welcome to open an
issue.
https://github.com/m3047/trualias/blob/master/install/table_security_analysis.md
--
Fred Morris
e equally
hackerish measure of disabling security checks and recompiling then I'd
love to hear about it.)
--
Fred Morris
haven't seen any abuse (a company bought or repurposed an address) except
for 1 specific incident.
Tom's experience is very different from mine or that of Andrew Lewman,
whose blog is referenced in the README.md for that project.
--
Fred Morris
r the vast majority of
cases. I think I've carved out a large enough exception for public use by
publishing this project, and I provided tests with the notion that someone
might want to reimplement in mind.
--
Fred Morris
On Fri, 10 Apr 2020, Wietse Venema wrote:
Fred Morris:
The "destination address" is extracted from which header? To: would be the
naive choice, but Delivered-To: is probably better.
If it isn't munged, the envelop address (RCPT) becomes the Delivered-To:
address does it not?
--
Fred
a lot of your mail to be undeliverable in practice.
--
Fred Morris
omain and they choose
to send your submission silently to /dev/null your message was
"successfully" delivered.
--
Fred Morris
specific questions which I assume
would be answered by the output from postconf -n, such as what ports
you are running SMTP auth on.)
--
Fred Morris
ng an SOA or
equivalently immediately below a zone cut".
--
Fred Morris
Hello. Real example of someone with this setup, and all records for the
FQDNs in question, or it didn't happen.
On Tue, 13 Oct 2020, @lbutlr wrote:
On 13 Oct 2020, at 12:03, Fred Morris wrote:
Notwithstanding, any "fully qualified domain name" (FQDN) can have
email sent to it; typi
On Tue, 13 Oct 2020, Bill Cole wrote:
On 13 Oct 2020, at 15:02, Fred Morris wrote:
Hello. Real example of someone with this setup, and all records for the
FQDNs in question, or it didn't happen.
Waving at Fred...
billmail.scconsult.com. 10800 IN MX 0 clues.scconsult.com
/trualias
Regards...
--
Fred Morris
...
--
Fred Morris
With postfix 3.3.1 it appears that mappings in virtual_alias_maps are
honored without the domains being listed in virtual_alias_domains. Just
want to confirm that this is correct and intended behavior going forward.
Thanks in advance...
--
Fred Morris
On Thu, 17 Sep 2020, Antonio Leding wrote:
TILT: MX records are not required for email to work — WOOT…
Not required for SPF either. You can list the IP address(es). Of course if
you have MX then for SPF it's simple "+mx".
--
Fred Morris
): dnsName
Port 110 are close, are running only with smtps and imaps.
--
Fred Morris
If DNSSEC isn't required for the domain(s) in question (or at least
postfix in this specific case) you might look at RPZ as a way of rewriting
just a single record in the zone: https://www.dnsrpz.info/
On Wed, 21 Oct 2020, IL Ka wrote:
I think you can install the DNS server locally (on the
including DNS, mail, web in
almost all cases and then whatever they care to add to differentiate
themselves.
Central rule of networks after #0: "the network is not reliable"... is "my
network my rules" and if stuff originates with their VPS then it
originates under their rules.
--
Fred Morris
m3...@m3047.net
ts of infrastructure hints are generally
suggestive, nothing of this sort is a reliable positive, or negative, test
for spam. I've got stuff in the email processing chain to account for it,
but I'm not expecting Postfix to do it.
--
Fred Morris
.
... in Docker is root on your machine. Trust me on that... or don't.
There is currently some interest in microkernels for VMs, I'm kind of in
the "wait and see" phase.
--
Fred Morris
;-)
(I'm sure you've double and triple-checked that you're not leaving
something unread or unwritten, and flushing all output buffers if that's
what it takes.)
--
Fred Morris
->
bobs.b...@bosses.com <mailto:bobs.b...@bosses.com>
[...]
This would be given that both email accounts are set up as virtual_users in
MySql.
It looks like that would be always_bcc, can you elaborate?
--
Fred Morris
http://www.postfix.org/MYSQL_README.html
On Mon, 13 Dec 2021, post...@aecperformance.com wrote:
I'm trying to set up a mysql table for: recipient_bcc_maps
I've read this, repeatedly:
http://www.postfix.org/postconf.5.html recipient_bcc_maps
It doesn't really help me.
Let's all take a deep breath and recall that the origins of the PSL are in
web browsing, and directly tied to that invention so necessary to our
collective privacy: the cookie.
It was a list, originally maintained by Mozilla, of domains (or stems)
that you can't set cookies for.
--
Fred
If you've got a static IP and there's no games being played, it should
work as long as the connection is "always on" and accepts connections
(SYN) on port 25 from the outside world. -- FWM
On Thu, 13 Jan 2022, Yamadaえりな wrote:
I have got a DSL from the ISP, having a static IP.
Can I run
the
default; but as the internet has become more centralized, is it truly
still the default?
The real issue is control.
--
Fred Morris, internet plumber
--
[0] I can't speak to the legal requirements in different jurisdictions. I
can say that on my network it's my rules, and I pay my upstreams to ship
coded electrons not process the data.
aildir" mailbox; this is your "corpus".
You might consider doing this upstream, e.g. in aliases.
* Find something to process that corpus back into individual messages for
reprocessing, e.g. formail.
* Build a proper test suite. ;-)
* Test, test, test!
--
Fred Morris, internet plumber
On Fri, Jan 14, 2022 at 06:56:40PM -0500, Wietse Venema wrote:
With Postfix aliases(5), if mail is sent to an alias 'foo', and
there also is an alias 'owner-foo', then the enveloope sender address
will be set to owner-foo. This behavior already existed in Sendmail.
Good to know!
--
Fred
is a practice and a fabric, not a
shiny end state.)
--
Fred Morris, internet plumber
On Sat, 21 May 2022, Viktor Dukhovni wrote:
You don't have to accept such mail [...]
Don't forward mail that for which the input MTA is expected to be the
final destination.
Maybe I'm misunderstanding, but my interpretation is that the question is
"why are you accepting that mail?" and
Hi.
On Thu, 19 May 2022, Jeremy Hansen wrote:
When a prober tries sending email to
Is the prober a hostile or friendly actor?
@, the mail tries to bounce back
About that "bounce back" thing... maybe they shouldn't be able to send
that mail? Is your MTA an MX for that domain?
ion of
that environment is not discussed here.
--
Fred Morris, internet plumber
a
condition occurs. You need to be able to identify prior conditions to
inform subsequent actions or even to claim that their occurrence is
related to anything. I believe the phrase "logs or it didn't happen" arose
subsequently to the invention of punch cards, but it's a good one.
--
Fred Morris, internet plumber
://news.ycombinator.com/item?id=31067059
--
Fred Morris, internet plumber
statistical
monitoring of DNS traffic is a useful practice.
--
Fred Morris, internet plumber
my opinion.
--
Fred Morris, internet plumber
the TTL as sent.)
--
Fred Morris
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On Sun, 10 Sep 2023, Erwan David via Postfix-users wrote:
On Sun, 10 Sep 2023, postfix--- via Postfix-users wrote:
Try a telnet connection to those host (gmail/mail-tester) on 25 and see
who actually answers.
1) Send SYNs with varying TTLs to determine the number of hops to alleged
of scope for a mailing list devoted to an
MTA. It appears that traffic improbably ends up at 192.168.20.20. That's
probably good enough, digging into the /why/ could become a hobby.
(I helped build a malware detonation sandbox in another life.)
--
Fred Morris, internet plumber
Let's step out of the echo chamber or petri dish or whatever.
On Sun, 5 Nov 2023, Jaroslaw Rafa via Postfix-users wrote:
Dnia 5.11.2023 o godz. 13:53:46 Noel Butler via Postfix-users pisze:
If correctly forwarded it does not break SPF, since correctly
forwarding rewrites the sender
It's a
a
service.
Sometimes checks for whether "home" translates to a service are done at
the application level, but oftentimes it's left to all of that
directory service machinery. Don't assume that it happens the same
everywhere, all the time.
--
Fred Morris
_
Here are a couple more jails + filters. Be aware that email can wrap
things. The first failregex is three lines, the second one is one line
(the lines end in "\b")
--
Fred Morris, internet plumber
--
::
jail.d/pf-connect.local
::
[pf-connect]
enabled = tru
51 matches
Mail list logo