.
-- Noel Jones
instructions did you follow?
- what is being bounced?
- what address class (local, virtual-alias, virtual-mailbox, ...) is
bouncing?
- NON VERBOSE logs demonstrating the problem?
-- Noel Jones
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
:37:37 mail postfix/bounce[21056]: A887A1A084D7: sender
non-delivery notification: B87541A084D9
Oct 14 13:37:37 mail postfix/qmgr[21037]: A887A1A084D7: removed
-- Noel Jones
. There are better ways to catch spam.
There is no exposure. The presence of lack of an MX record neither
adds nor detracts from the reputation of a client.
-- Noel Jones
, you'll need to show us exactly what you've
configured and logs of the undesired behavior.
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
submitted via
SMTP. This message was submitted via the local sendmail(1) command
by user 48.
If this is a webmail system, perhaps you can change it to submit
mail via SMTP.
-- Noel Jones
Oct 8 23:38:22 posttestbox postfix/cleanup[32093]: 7C52E635C6:
message-id
regards,
mls
All you need to do is requeue those messages.
# postsuper -r QUEUEID
is sufficient for a handful of messages, or
# postsuper -r ALL
to requeue everything.
-- Noel Jones
you have
in main.cf will be inherited by your master.cf submission service.
Some people find it useful to explicitly set unused restrictions
empty to prevent surprises.
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_data_restrictions=
-- Noel Jones
I have some
before the mime_header_checks see the message.
http://www.postfix.org/MULTI_INSTANCE_README.html
Alternately, a custom perl or python milter should be able to do this.
http://www.postfix.org/MILTER_README.html
-- Noel Jones
in proxy_interfaces so
postfix knows which IPs should not be used for delivery.
http://www.postfix.org/postconf.5.html#proxy_interfaces
-- Noel Jones
syslog entries as follows:
postfix/smtpd 2013-09-30 10:45:23 NOQUEUE: reject: RCPT from
mail.xxx.yyy[222.222.222.222]: 450 4.1.1 u...@x1
actual $myhostname
variable from postfix config? Something like:
No, not supported. No config variables are available during lookups.
-- Noel Jones
= /bin/sleep 6
This shouldn't be necessary after you increase the recipient limit.
-o max_use=1
This shouldn't be necessary either.
-- Noel Jones
[TRANSPORT FILE]
yahoo.com smtpslow:[external.server.com]:25
yahoo.co.uk smtpslow:[external.server.com]:25
.
If this is for some other purpose, please explain your problem more
clearly.
[1] unless you've configured the optional smtp_header_checks,
smtp_body_checks, or smtp_generic_maps, in which case your only
choices are always_bcc or a network packet capture.
-- Noel Jones
to encrypt the queue files, but the queue
directory can reside on an encrypted drive or partition.
-- Noel Jones
to encrypt or maybe in some
cases verify.
http://www.postfix.org/TLS_README.html#client_tls
Hopefully widespread DANE adoption will take the pain out of this
in the future.
-- Noel Jones
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - http
for that connection. If you get these for every
query every time, you may be blocked; see www.dnswl.org/license
The test lookup for dnswl (and almost every RBL) is
# host 2.0.0.127.list.dnswl.org
which should respond
2.0.0.127.list.dnswl.org has address 127.0.10.0
-- Noel Jones
.
-- Noel Jones
if the unknown by itself will trigger the
SpamAssassin RDNS_NONE rule, but that seems a little strict to me.
-- Noel Jones
On 9/15/2013 9:47 PM, John Allen wrote:
I am getting the following error message in my mail log:
Sep 15 22:22:17 bilbo postfix/smtpd[2319]: warning: Illegal address
syntax from localhost.lan[127.0.0.1] in RCPT command:
postmaster@!change-mydomain-variable!.example.com
I think it is coming
mail form.
-- Noel Jones
smtpd_sender_restrictions =
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unlisted_sender
check_sender_mx_access cidr:/etc/postfix/bad_mx_access_check
check_sender_access
hash:/etc/postfix
using here):
Sep 12 04:57:06 nudin1 postfix/smtp[29110]: connect to
freenet.de[62.104.23.42]:25: Connection refused
connection refused is a network problem, probably a firewall block.
Perhaps your ISP doesn't allow you to run a mail server?
-- Noel Jones
Sep 12 04:57:06 nudin1 postfix/smtp
. If filtering is still happening, there is no
evidence shown that postfix is calling the filter.
Sorry, I can't help any more here.
-- Noel Jones
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
/SMTPD_POLICY_README.html
http://www.postfix.org/addon.html#policy
-- Noel Jones
smtpd_recipient_restrictions only work with mail received with SMTP.
Perhaps these messages arrived from the the postfix/pickup service.
-- Noel Jones
?
What could that be?
If you need more help, please see:
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
by maildrop during delivery.
-- Noel Jones
On 9/6/2013 11:06 PM, Vishal Agarwal wrote:
Hi,
Kindly advise how I can set my SMTP port to 465 TLS instead of 25 ?
Is this what you're looking for?
http://www.postfix.org/TLS_README.html#client_smtps
If not, please be more specific of your needs.
-- Noel Jones
configuring a secure TLS channel, this isn't really
an error, doesn't affect delivery, and can be safely ignored. Newer
postfix versions automatically suppress this entry on opportunistic
TLS connections.
Are you having other issues still?
-- Noel Jones
for these particular certs.
And many folks intentionally do NOT use the bundle with SMTP, since
it's hard to know exactly what roots are trusted by the system bundle.
-- Noel Jones
, and it will always
be false. Other than using an insignificant amount of processing
time, there will be no other effect. Take it out if you're sure
you've covered in the master.cf/submission entry.
But it really doesn't make much difference.
-- Noel Jones
HELO to be consistent regardless of which IP is
used, use a separate hostname that points to both A records.
mail.example.com A A.A.A.A
mail.example.com A B.B.B.B
-- Noel Jones
delays for that destination.
Some reading, but a warning that ill-considered changes can make
things worse:
http://www.postfix.org/QSHAPE_README.html
http://www.postfix.org/TUNING_README.html
-- Noel Jones
the second line, postfix is done with this message; no further
processing takes place.
Sep 1 23:44:08 production postfix/smtpd[10454]: connect from
localhost[127.0.0.1]
SOME OTHER PROGRAM is now injecting mail into postfix. Don't blame
postfix.
-- Noel Jones
. If your DNS looks OK, you'll need to
contact their postmaster.
-- Noel Jones
On 9/1/2013 7:04 PM, LuKreme wrote:
On 01 Sep 2013, at 15:35 , Noel Jones njo...@megan.vbhcs.org wrote:
If you want your HELO to be consistent regardless of which IP is
used, use a separate hostname that points to both A records.
mail.example.com A A.A.A.A
mail.example.com A B.B.B.B
On 9/1/2013 7:28 PM, Warren H. Prince wrote:
On Sep 1, 2013, at 8:06 PM, Noel Jones njo...@megan.vbhcs.org wrote:
Sep 1 23:44:08 production postfix/smtpd[10454]: connect from
localhost[127.0.0.1]
SOME OTHER PROGRAM is now injecting mail into postfix. Don't blame
postfix.
I'm
smtpd_ANYTHING_restrictions=permit_sasl_authenticated,reject and
still meet the minimum requirements.
When you change your main.cf so that AUTH is not allowed on port 25,
then additional settings are required in master.cf/submission to
insure you don't reject AUTH users.
-- Noel Jones
like:
dnsblog unix - - n - 0 dnsblog
-- Noel Jones
to verify that everything is working properly?
Watch the logs for errors or unexpected behavior.
-- Noel Jones
currently have my setup set to use maildir and I use
procmail to do a lot of filtering. I do not want to add individual
user accounts per user,
This is all controlled by your IMAP software. Most IMAP software can
handle a mixture of both virtual and real users, dovecot is a
popular choice.
-- Noel
), and all it said was
port 587 -- the protocol isn't mentioned.
It's standard SMTP over tcp, typically with STARTTLS and AUTH. I
imagine the udp entry is a historical artifact.
-- Noel Jones
.
-- Noel Jones
Thanks,
Quanah
--
Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
#client_tls
-- Noel Jones
On 8/27/2013 11:36 AM, John Allen wrote:
On 8/26/2013 10:24 PM, John Allen wrote:
I based it something that Noel Jones wrote way back in 2008.
I doubt that Noel suggested anything like this.
2008 was a long time ago, possibly I've learned a thing or two since
then. Regardless, I think
is there a way to override the first machine's relayhost so its
recipient address verification is done to Internet with MX lookups?
thanks
Len
This might be what you're looking for:
http://www.postfix.org/postconf.5.html#address_verify_relay_transport
-- Noel Jones
to authenticate and won't be able to relay. This
usually isn't considered a problem, and changing it often causes
other issues.
-- Noel Jones
and recipient before the mail is
rejected.
Something like:
# main.cf
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_client_access hash:/etc/postfix/whitelist-blacklist
... other anti-spam checks ...
-- Noel Jones
-- Noel Jones
this restriction only on the submission port, not
the public smtp port.
Yes indeed.
-- Noel Jones
to change their settings can be a challenge...
-- Noel Jones
On 8/21/2013 9:58 AM, Roman Gelfand wrote:
For the outgoing emails, why is the configuration below not enough to:
1. Block +a...@domain.com
2. Allow all other emails
main.cf
smtpd_recipient_restrictions =
check_recipient_access pcre:/etc/postfix/recipient_access.pcre
, yahoo, comcast, etc.
However, I wonder why you don't have any dns blacklists such as
zen.spamhaus.org defined there. The ability of postscreen to reject
known bad sites without using precious smtpd processes is one of its
key features.
-- Noel Jones
for
postscreen_dnsbl_whitelist_threshold. Simple example:
# main.cf
postscreen_dnsbl_sites = zen.spamhaus.org list.dnswl.org*-1
postscreen_dnsbl_whitelist_threshold = -1
See the RELEASE_NOTES and POSTSCREEN_README for details.
-- Noel Jones
On 8/15/2013 8:58 AM, /dev/rob0 wrote:
On Wed, Aug 14, 2013 at 11:08:29PM -0500, Noel Jones wrote:
I'm pretty sure the examples in the postfix docs are for
dovecot 1, and not appropriate for dovecot 2.
Whilst the first part of this is true, I don't believe the second
part is. You should
).
Generally best to avoid autoresponders when possible, since they
also respond to spam with a forged sender address.
That said, if not much spam makes it to your mailbox you can look at
the vacation program included with many systems.
Best wishes,
-- Noel Jones
prejudice.
-- Noel Jones
/DEBUG_README.html#mail
-- Noel Jones
be multiple postfix delivery instances,
each sending 1 message per second, fed round-robin from the main
postfix. Working, but unappetizing.
But really, if 1 message per second is not sufficient, contact the
receiver for whitelisting.
-- Noel Jones
2.11 (currently in development snapshots) includes a
wonderful feature to bypass postscreen tests for clients listed in
dns whitelists, such as list.dnswl.org, greatly reducing unnecessary
tests.
-- Noel Jones
a
documentation update that covers all dovecot versions.
For dovecot 2.x, see the dovecot wiki.
-- Noel Jones
users. Has anyone done
this with both kinds?
Yes, you can configure dovecot to use both passwd and an SQL
database. This is solely under the control of dovecot, so I'll
refer you to the dovecot docs and dovecot users list.
-- Noel Jones
second.
Do you know if postfwd permits to have this behaviour ?
Not possible; postfwd limits input, not output.
-- Noel Jones
...
http://www.postfix.org/postconf.5.html#receive_override_options
-- Noel Jones
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSCmkXAAoJEJGRUHb5Oh6gpswH/iCKRrPj1w+xmlYuJqVjzBAB
Jp+GNCGzKltXrPZg/w51HNB
messages have HTML content that outlook is confused
about?
-- Noel Jones
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 8/13/2013 12:30 PM, Thomas Spuhler wrote:
On Tuesday, August 13, 2013 12:12:55 PM Noel Jones wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 8/13/2013 11:58 AM, Thomas Spuhler wrote:
I have installed my brand new Kolab-3 mail server
in place to do this for you. This may require
some modifications to your server config.
https://en.wikipedia.org/wiki/Dkim
http://opendkim.org/
of if you already use amavisd-new:
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
-- Noel Jones
workaround for that.
-- Noel Jones
On 8/4/2013 10:13 PM, Ronald F. Guilmette wrote:
In message 51ff13eb.8090...@megan.vbhcs.org,
Noel Jones njo...@megan.vbhcs.org wrote:
On 8/4/2013 8:06 PM, Ronald F. Guilmette wrote:
Does reject_non_fqdn_helo_hostname, when placed in the
smtpd_helo_restrictions, permit clients to HELO/EHLO
to check these are
with a milter or content_filter.
This used to catch some extra spam, but hasn't been very effective
for me lately due to changing spammer tactics. YMMV.
-- Noel Jones
effective filtering
services even if they aren't postfix experts.
-- Noel Jones
On 8/5/2013 9:09 AM, Charles Marcus wrote:
On 2013-08-05 9:21 AM, Noel Jones njo...@megan.vbhcs.org wrote:
Set those three limits to 100 or higher. Those controls are
intended to prevent random clients from wasting your time. Since
you don't allow connections from random clients, it's safe
On 8/5/2013 10:30 AM, Charles Marcus wrote:
On 2013-08-05 10:53 AM, Noel Jones njo...@megan.vbhcs.org wrote:
I don't suppose an open idle connection from an somewhat authorized
client will bother anything, so just go with it.
Ok - and by 'go with it', you mean just adjust the settings per
On 8/5/2013 12:54 PM, Ronald F. Guilmette wrote:
In message 51ff9e18.9050...@megan.vbhcs.org,
Noel Jones njo...@megan.vbhcs.org wrote:
I use a pcre table to reject any HELO that starts with a bracket or
looks like an IP. Legit hosts that use this form are very rare here
-- maybe one every
it, and that the
reject_non_fqdn_helo_hostname verb actually did what it's name
intutively implies, and what the documentation says it does.
[A.B.C.D] is distinctly _not_ an FQDN.
I can see where one might get confused. I'll submit a one-line doc
patch rather than argue the point.
-- Noel Jones
smtpd_helo_required = yes, a client can simply skip
reject_non_fqdn_helo_hostname by not sending HELO or EHLO). br
-- Noel Jones
of the subsequent reject_rbl_client
filters. What could I be doing wrong?
Doing RBL client checks in postscreen?
-- Noel Jones
...@flintfam.org): user
unknown
Any idea why?
Not enough information to reveal your mistake.
Please see
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
Sam
- 0 tlsproxy
cranking up the logging on qmgr I see this:
debug logging is rarely useful with postfix. 99%+ of the time
normal logging is sufficient to solve whatever problem you're
having. As in this case.
-- Noel Jones
...@cde.com is one of the recipient in the a...@cde.com mail group.
The general docs for protecting mail lists are found in
http://www.postfix.org/RESTRICTION_CLASS_README.html
Without a clear description of your goals and current config, that's
about the best we can do for you.
-- Noel Jones
.com10.10REJECT
t...@example2.com10.20REJECT
Use a policy service.
-- Noel Jones
= mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = static:5000
-- Noel Jones
majority of sites.
Note that local recipients means domains listed in mydestination,
not virtual alias or virtual mailbox domains.
-- Noel Jones
a typo in
your main.cf.
Please show your postconf -n output for further help.
-- Noel Jones
for:
http://www.postfix.org/postconf.5.html#recipient_bcc_maps
a quick example:
# main.cf
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
# recipient_bcc
@example.com catch...@offsite.example.com
-- Noel Jones
hurt anything.)
-- Noel Jones
-text only please -- the HTML makes
tables and logs impossible to read.
Doesn't look as if postfix is listening at all. How are you testing
postfix?
Check the postfix log for errors.
http://www.postfix.org/DEBUG_README.html
http://www.postfix.org/DEBUG_README.html#logging
-- Noel Jones
On 7/19/2013 4:53 PM, Sam Flint wrote:
Still nothing
On Fri, Jul 19, 2013 at 4:46 PM, Noel Jones njo...@megan.vbhcs.org
mailto:njo...@megan.vbhcs.org wrote:
relay_domains = .com .org .net .info $mydestination
The above is very bad, change it to empty:
relay_domains
didn't mention what
kind of connection you have.
Also, master.cf contents, and netstat or lsof output showing what's
listening on port 25 might be helpful.
-- Noel Jones
-restrictions-Best-Practices-td10171.html
Simon,
You're solving the wrong problem. The OP's postfix is not
accessible from outside. This has nothing to do with with
smtpd_recipient_restrictions.
-- Noel Jones
- n - - smtpd
and take out the 127.0.0.1: part so the line starts with smtp inet
smtp inet n - n - - smtpd
Then do a postfix stop ; postfix start
-- Noel Jones
postconf -n:
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir
more help, see
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
(and if that works, for every other
service). http://www.postfix.org/DEBUG_README.html#no_chroot
-- Noel Jones
From main.cf http://main.cf here are my smtpd rules:
-
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
, but for this purpose I find the
relocated table easier.
You can also add the former recipient to the transport map pointing
to the error: transport, but I find the relocated table easier for
this purpose.
-- Noel Jones
your postconf -n output and
related postfix logging demonstrating the problem.
-- Noel Jones
smtpd_sender_restrictions sections defined in
main.cf and you want to combine them?
Please show your postconf -n output and the main.cf rule that seem
to be missing.
-- Noel Jones
this:
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_reject_addr_check,
check_client_access cidr:/etc/postfix/enforce_ip_match_domain
-- Noel Jones
On 7/8/2013 2:55 PM, J Gao wrote:
Hi, All,
When my postfix+courier received/sent an email, it will have a file
which name like this:
1373311807.V805I31d1928M179657.zeta.veecall.com,S=1456:2,ST
Can someone explain to me how to understand this name? I mean for
example like the above one,
(since permit_sasl_authenticated is specified later).
Nonsense. reject_unlisted_recipient does not reject mail offsite.
http://www.postfix.org/postconf.5.html#reject_unlisted_recipient
-- Noel Jones
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG
by this configuration. For a definite answer, we would
need to see your postconf -n settings.
-- Noel Jones
On 7/1/2013 1:09 PM, Daniel L. Miller wrote:
On 6/28/2013 4:34 PM, Noel Jones wrote:
On 6/28/2013 5:39 PM, Daniel L. Miller wrote:
Does anyone know of a tool that will let me modify the subject line
of all emails that pass through it? I would call it via a transport
map.
My application
1201 - 1300 of 3787 matches
Mail list logo
