On 4/15/2015 1:11 PM, Noel Jones wrote:
On 4/15/2015 12:50 PM, Michel Blancard wrote:
Hi all,
I've spent a lot of time trying to configure virtual aliases.
Command 'postmap -q whate...@i.try /etc/postfix/virtual always
returns the first result after just one aliasing, even if a second
alias
:
The postmap test tool does not implement recursive lookups as used
by eg. virtual alises, nor does it implement subkey lookup as used
by eg. access maps.
-- Noel Jones
they appear
under.
-- Noel Jones
/postconf.5.html#virtual_alias_maps
The details of these differ somewhat. You might want to read up on
them in the ADDRESS_REWRITING_README.
http://www.postfix.org/ADDRESS_REWRITING_README.html
-- Noel Jones
, with transport_maps being the
highest precedence.
-- Noel Jones
reject_unverified_recipient to let postfix
decide for itself.
Sending bounces for unknown users will clog your queue with
undeliverable mail, and will get your server blacklisted as a
backscatter source.
-- Noel Jones
in the dnswl whitelist, and fewer disconnects than most
greylist services.
http://www.postfix.org/POSTSCREEN_README.html#after_220
-- Noel Jones
to normal but my problem is on port 25 my client
can connect and even sand email which i dont want i want my clients
to force submission on port 587 only.
To enforce encryption for your users even when using port 25, set in
main.cf:
smtpd_tls_auth_only = yes
-- Noel Jones
and require all your
clients to use it, at least in your published documents. You may
consider also enabling port 465 wrappermode, but no need to publish
that information.
-- Noel Jones
during this time frame, then it
was likely something related to their DNS servers, but it's
impossible to debug reliably after the fact.
To avoid delays with mail, you can whitelist trusted servers from
your normal anti-spam checks.
-- Noel Jones
logging
unless/until specifically requested. For help with mail routing
issues, you must not obfuscate the hostnames and IPs used.
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
/postconf.5.html#soft_bounce
** remove the safety net once you've verified proper operation **
-- Noel Jones
Thanks,
Hank
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
, and sometimes
even preferred. Use whichever works best for you.
-- Noel Jones
I'm not exactly expecting that lmtp should attempt a dns resolution
and ignore /etc/hosts, given the following note in master.cf
http://master.cf
?) is messing with
your DNS responses (multiple bad domains)
- your resolver is broken (multiple bad domains)
-- Noel Jones
.
http://www.postfix.org/postconf.5.html#enable_long_queue_ids
and then wipe out any files in the spool older than 30 days?
Only files in the defer directory, not any files in the spool.
-- Noel Jones
an alert if the MX points somewhere else.
-- Noel Jones
Not possible with header_checks. A milter /should/ be able to do
this, but you'll have to do some research to find one. Maybe
milter_regex is a possibility.
-- Noel Jones
On 3/23/2015 2:03 PM, Sebastian Nielsen wrote:
Can it be done without a policy service or milter? Eg with some
by your system and cannot be forged.
If you want to add some extra header with that same IP, you'll need
to use a policy service with the PREPEND action.
http://www.postfix.org/SMTPD_POLICY_README.html
-- Noel Jones
not override a reject from another section.
That said, without your current postconf -n output, further
discussion is useless.
-- Noel Jones
I have tried:
/etc/postfix/rbl_override:
intuit.comok
.intuit.comok
*.intuit.comok
Without your postconf -n
But none
to be duplicated or forwarded.
This is correct operation.
The solution is to never let the original recipient get over quota.
-- Noel Jones
and the rest of that document.
-- Noel Jones
any relevant information:
Delivery notices may provide inaccurate or incomplete information.
Please show the full unaltered postfix log of the failed message.
You can change any local address parts, but please don't change IPs
or server names.
-- Noel Jones
. Thunderbird) and just drag stuff between
folders on the different systems.
-- Noel Jones
apply and issue can control
Is there any method / parameter in postfix config by which I can
control this situation ?
Regards
Jayesh Shinde
You'll need to use the traffic shaping features of your firewall.
Postfix does not do this by itself.
-- Noel Jones
On 3/12/2015 7:31 AM, Krinninger, Reinhold wrote:
Hello,
i'm trying to stop some spammails with a header_check. The
header_check looks for the hostname of our smtp-server in the
From:-Line in the headers of incoming mail. I want to reject all
Mails with this or similar From: Lines:
transport.
-- Noel Jones
On 3/12/2015 5:50 PM, Rod K wrote:
On 3/12/2015 6:35 PM, Noel Jones wrote:
On 3/12/2015 5:28 PM, Rod K wrote:
I'm currently configuring a new server using Postfix/Dovecot. My
previous experience is with Courier and I've been using Postfix's
virtual lda. I want to start using dovecot-lda
On 3/12/2015 6:03 PM, Noel Jones wrote:
On 3/12/2015 5:50 PM, Rod K wrote:
On 3/12/2015 6:35 PM, Noel Jones wrote:
On 3/12/2015 5:28 PM, Rod K wrote:
I'm currently configuring a new server using Postfix/Dovecot. My
previous experience is with Courier and I've been using Postfix's
virtual
much, but it probably won't break anything.
-- Noel Jones
On 3/9/2015 10:46 AM, Earl Killian wrote:
On 2015/3/9 08:12, Noel Jones wrote:
You have misunderstood the purpose of smtpd_relay_restrictions.
Your mail is rejected by the final reject you placed.
*ALL* mail is evaluated by smtpd_relay_restrictions, and unless you
have very unusual relay
* mail is evaluated by smtpd_relay_restrictions, and unless you
have very unusual relay requirements, you should either set it
empty, or use the suggested safety net:
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
-- Noel Jones
of the smtpd_*_restrictions.
-- Noel Jones
a policy to restrict the domain used in outgoing
mail, but that policy does not belong in smtpd_relay_restrictions.
The whole purpose of smtpd_relay_restrictions is to avoid the
historically user-error-prone lookup tables and make the simplest
possible yes/no relay decision.
-- Noel Jones
On 3
On 3/5/2015 4:13 PM, Rich Shepard wrote:
On Thu, 5 Mar 2015, Noel Jones wrote:
But since you state the origin is a mail list manager, it's likely
the
message is stuck in the list manager software and not in postfix.
Noel,
And the MLM will likely keep sending it for a few days. I've
:
http://www.postfix.org/RESTRICTION_CLASS_README.html
I can make the
service return 'DUNNO' if the evaluation corresponds to the domain
that doesn't need to, as a workaround.
That would work too.
-- Noel Jones
.
The one suggestion I have is to use the amavisd-new built-in SPF
tools instead of a separate program.
-- Noel Jones
On 3/5/2015 4:55 PM, b...@todoo.biz wrote:
I am quite surprised that no one has anything to say about this…
;-?
G.B.
Le 5 mars 2015 à 19:17, b...@todoo.biz
if this is even
doable. Some postfix settings are configurable per recipient
domain, others are not.
Hosting another domain may be as easy as adding another domain to
virtual_mailbox_domains and adding the recipients to
virtual_mailbox_maps.
-- Noel Jones
On 3/5/2015 12:10 PM, Rich Shepard wrote:
On Thu, 5 Mar 2015, Noel Jones wrote:
Please send all of the log entries for this message, unedited
except for
the recipient name.
Noel,
I was the intended recipient; the sender was a mail list manager:
Mar 2 11:14:37 salmo postfix
for this message, unedited except
for the recipient name.
-- Noel Jones
QUEUEID generation is fairly time-consuming, and not
practical to use in postscreen.
-- Noel Jones
If you need more help, please see
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
AUTH without TLS? How did you test?
smtpd_tls_loglevel = 2
Not related to your problem, but this should be 0 or 1.
-- Noel Jones
this is to use a virtual_alias_maps entry to
rewrite the address to some domain listed in mydestination. Simple
example:
mydestination = localhost
# virtual_alias_maps
upd...@virtual.example.com update@localhost
use localhost as shown above, or make up your own local name.
-- Noel Jones
On 3/3/2015 9:47 AM, LuKreme wrote:
On Mar 3, 2015, at 08:30, Noel Jones njo...@megan.vbhcs.org wrote:
To manually test a message, use something like:
postcat -bhq QUEUEID | spamassassin
I was surprised that postcat requires a full path to the file, but thanks for
the info in the From
maybe with additional options to SA.
-- Noel Jones
giving their own explanation of the extended status
code, possibly in the local user's language.
If it's more convenient to use an access table with REJECT, you can
use REJECT 5.1.6 The user has moved to send the proper extended
status code.
-- Noel Jones
(NOT virtual_alias_domains).
http://www.postfix.org/ADDRESS_REWRITING_README.html#virtual
-- Noel Jones
clients so obviously I have no configured the mail client
right.. Do I need an SSL certificate for each TLS client???
Thanks for any insight
This is correct operation. Nothing to fix.
-- Noel Jones
to block a particular message if the client or content
violates some local policy of yours, but the null sender MUST NOT be
used as blocking criteria.
-- Noel Jones
and again, turning a single rejection into
hundreds. Get enough senders doing this and you effectively DOS
yourself.
It's generally safe to hang up on spambots. There's already support
for that in postscreen and the rbl reject codes.
-- Noel Jones
On 2/22/2015 2:04 AM, ga...@fly2net.it wrote:
Il 19/02/2015 21:04 Noel Jones ha scritto:
On 2/19/2015 1:37 PM, ab wrote:
Thanks for the link
I have a few questions about it.
Would i have to a list of all alias and then specify who can send
to them or
can i do it for just one alias
On 2/21/2015 8:07 AM, Stéphane MERLE wrote:
Hi,
Le 21/02/2015 00:38, Noel Jones a écrit :
On 2/20/2015 5:12 PM, Stéphane MERLE wrote:
Hi,
I am using a postfix as relay for email sent from an hoster that
close the port 25, so I send the mail to the relayer through the
10025 port
header.
This must be done on the relayer server, which is where that header
is added.
Make your header_checks rule as specific as possible so you don't
unintentionally remove other headers.
-- Noel Jones
need to switch to a
policy service.
-- Noel Jones
On 2/19/2015 1:23 PM, ab wrote:
Hi All
I am looking for a way to block access to an alias ( i.e stuff@domain )
apart from a selected few users
Is this doable?
Thanks
Adam
The general idea is outlined here:
http://www.postfix.org/RESTRICTION_CLASS_README.html#internal
-- Noel
) :
Cool.
I would suggest using a log scraper to trigger your scripts. That
will give you maximum flexibility with minimal postfix impact.
I think fail2ban would be a great tool to use for this.
-- Noel Jones
a certain score.
See the spamass-milter man page for further info.
-- Noel Jones
and was fixed
years ago. The wildcard rewrite also had the unfortunate side
effect of making all recipients valid, turning you into a
backscatter source.
Much better to fix this in cyrus.
-- Noel Jones
On 2/12/2015 4:56 PM, LuKreme wrote:
On 12 Feb 2015, at 13:42 , Noel Jones njo...@megan.vbhcs.org wrote:
spamass-milter uses the standard spamassassin spamc/spamd interface.
I believe you can enable additional spamass-milter logging on its
startup command line.
There are startup flags you
MTAs don't use
Delivered-To: and ignore it eg. Exchange.
We don't know the motive of the sender. We do know this isn't really
a loop and it looks like spam to me.
-- Noel Jones
than header_checks.
-- Noel Jones
service.
-- Noel Jones
a mail server and less like a bot.
Make sure you have an SPF record including your IP. If you use the
same IP for sending and receiving, just include the spf mx key.
(looks as if you have that already... good)
-- Noel Jones
for valid SPF or dnswl.
-- Noel Jones
that the OP should register his domain and IP on
dnswl.org (free and easy).
-- Noel Jones
On 2/4/2015 2:09 PM, System Support wrote:
The PREPEND action can add a single header to outgoing mail. Is there a way
to add multiple
headers?
...don
support (at) microtechniques.com
Use the PREPEND action multiple times.
-- Noel Jones
built in. Be aware that
altermime does not seem to be an active project, the last program
update was several years ago.
Alternately, there are numerous perl MIME modules available that can
be cobbled together if you can do some programming.
-- Noel Jones
, mail4OA.4office.com, does not exist. You can
tell from the helo command rejected: host not found in the log.
-- Noel Jones
smtp_destination_rate_delay to limit the delivery to
each remote recipient destination, which is usually what is really
needed.
# main.cf
smtp_destination_rate_delay = 2s
http://www.postfix.org/postconf.5.html#default_destination_rate_delay
-- Noel Jones
your incoming mail.
-- Noel Jones
On 1/30/2015 1:27 AM, Орхан Ибад-оглы Гасымов wrote:
When looking into Postfix messages in /var/log/maillog, I noticed
that for every mail that I send between 2 mailboxes on my local
server, Posfix creates messages.
When I send a mail from outer server
The fix I provided is correct. If it doesn't work, then either you
are editing the wrong postfix config or you have some additional
problem.
-- Noel Jones
On 1/29/2015 10:19 AM, Орхан Ибад-оглы Гасымов wrote:
That string does nothing when uncommented. Previously it was
uncommented
No. Only whole numbers in the range given in the docs. In the case
of maximal_queue_lifetime, the unit can also be specified with h m
or s, so 2.5 days could be specified as 60h
Is there some specific value you need to adjust, or you just fishing?
-- Noel Jones
logging and config.
-- Noel Jones
the #, but be sure to leave some spaces
before the -o then restart postfix.
-- Noel Jones
system can answer why some specific mail was marked as
spam, all we can do is guess.
-- Noel Jones
the recipient address).
http://www.postfix.org/MULTI_INSTANCE_README.html
-- Noel Jones
only single recipient
messages but I could not make this happen. This would be the ideal
solution.
I got these from Noel Jones and Victor Dukhovni:
Noel Jones wrote:
On 1/23/2015 10:41 AM, Viktor Dukhovni wrote:
For custom per-user routing that depends on policy-based factors
force
like either of these choices. If it's OK
to send big mail directly, why not just send it all directly.
-- Noel Jones
On 1/23/2015 2:33 PM, rogt3...@proinbox.com wrote:
Hi Noel
On Fri, Jan 23, 2015, at 12:21 PM, Noel Jones wrote:
On 1/23/2015 1:50 PM, rogt3...@proinbox.com wrote:
On Wed, Jan 21, 2015, at 08:40 AM, rogt3...@proinbox.com wrote:
On Wed, Jan 21, 2015, at 08:32 AM, Noel Jones wrote
On 1/23/2015 1:50 PM, rogt3...@proinbox.com wrote:
On Wed, Jan 21, 2015, at 08:40 AM, rogt3...@proinbox.com wrote:
On Wed, Jan 21, 2015, at 08:32 AM, Noel Jones wrote:
Of course, automatic address verification depends on the target
server correctly responding to unknown recipients.
I'm
On 1/23/2015 2:54 PM, rogt3...@proinbox.com wrote:
Noel
On Fri, Jan 23, 2015, at 12:43 PM, Noel Jones wrote:
Unless you're currently planning on using an after-queue content
inspection system,
I will be quite soon ... like I said I'll be replacing those servers. That
includes
are to either deliver all mail
directly or live with the smaller limit.
Maybe postfix isn't the right tool. Some other MTA may offer the
detailed delivery controls you're looking for. I don't know; you'll
need to research that yourself.
-- Noel Jones
:
# main.cf
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
# smtp_header_checks
# might need to adjust the 2000, I just made that number up.
/^(To|CC): .{2000}/ REPLACE $1: Undisclosed recipients:;
-- Noel Jones
for that).
-- Noel Jones
is -- can I do this? SHOULD I do it
this way?
This is a good first step that should be relatively easy to implement.
-- Noel Jones
on the weekend and there
is a delay in contacting the sysadmin to shut it down.
Pull their network cable? I suppose they could consider that impolite.
-- Noel Jones
.
-- Noel Jones
for?
Before changing to 550, check logs for unexpected 450 rejects.
-- Noel Jones
? Are there
some overrides listed in master.cf?
-- Noel Jones
Yes, I **know** it is surely something trivial, but right now I am
obviously unable to see it. I have done several postfix
configurations in the past, but this time I seem back to square one...
What am I missing
it is easier and actually
Sounds like you're trying to recreate deep inspection in postfix.
Use SpamAssassin instead.
-- Noel Jones
more powerful simply to expose the ‘fired’ restrictions to the
policy daemon and let it decide how to handle stuff.
I imagine a syntax like this may be possible
On 1/11/2015 10:07 AM, Benny Pedersen wrote:
Danny skrev den 2015-01-11 14:02:
An MX record is needed ONLY if there are other mail servers on the
local network.
For a single server, simply listing the domain in main.cf:
mydestination is sufficient.
-- Noel Jones
Thank You
following
/STANDARD_CONFIGURATION_README.html
-- Noel Jones
. Be
generous in your limits so you don't lock out legit users who have a
config problem.
-- Noel Jones
, but that's the
reason for the suggestion in the docs. Feel free to try it for
yourself.
-- Noel Jones
), but
also imagine a sacred name, or an evil name, or just a noob's
confusion if an ID contains some random dictionary word.
-- Noel Jones
. The OP
will need to use check_sender_access or check_client_access.
-- Noel Jones
about making this per-domain configurable eg.
smtp_address_verify_target_maps?
-- Noel Jones
your disk subsystem.
-- Noel Jones
On 12/13/2014 1:51 PM, li...@rhsoft.net wrote:
Am 12.12.2014 um 15:48 schrieb Noel Jones:
On 12/12/2014 8:24 AM, Isaac Grover wrote:
Good morning,
We have users on a domain who are convinced they are losing emails
due to our spam filtering (postscreen, amavis, spamassassin). We
have shown
,
even before the hostname lookup. The only postscreen whitelisting
possible is by client IP. This is by design.
Your choices are:
- use a different IP for their MX without postscreen enabled. This
can be on the same host.
- turn off postscreen for everyone.
-- Noel Jones
801 - 900 of 3787 matches
Mail list logo
