Andrew Thompson wrote:
Noel Jones wrote:
This is not an effective anti-spam control if that's what you're
trying to use it for. You'll probably have better results with a
fairly low smtpd_hard_error_limit and working recipient validation
(clients are disconnected after
://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
3) possibly other things I haven't thought of yet
and I also want to drop any attempts to send millions of emails, in
case I screw up the by-address filters.
Generally, quotas require an external policy service, such as
policyd.
-- Noel
could be causing this warning?
The DNS for that client is not set correctly, therefore
postfix will label the client as unknown.
192.168.2.35 resolves to smtp.foo.com
smtp.foo.com resolves to some other IP.
If it's not your client, it's not your problem.
-- Noel Jones
in your own domain
that's not from mynetworks or sasl authenticated. See the
archives if you need an example.
-- Noel Jones
2.0.0 Bye
Connection closed by foreign host.
must test with
ehlo hostname
NOT
helo hostname
-- Noel Jones
Ralf Hildebrandt wrote:
* Noel Jones njo...@megan.vbhcs.org:
corona
Corona, St.George, what's it with the beer names?
Corona - outer atmosphere of a star
I can't help it if someone named a beer that too. Makes more
sense for our purpose, I'll give them a call.
I like sentry too
show postconf -n, modifications to master.cf, and
logging so we can see what's happening and maybe figure out
where it's gone wrong. Also please report any additional
software such as proxies, milters, etc. you have configured
with postfix.
-- Noel Jones
/RESTRICTION_CLASS_README.html#internal
-- Noel Jones
a postfix
instance, so the easiest way to control this is to use
separate postfix instances for internet incoming mail and user
submitted mail.
-- Noel Jones
...
greeting from postfix. If it gets that far, TLS is working
correctly.
-- Noel Jones
http://main.cf and
started from scratch again using the CentOS guide:
http://wiki.centos.org/HowTos/postfix_sasl
My wild guess is that your certificates are somehow broken.
The fix would be to start over and carefully follow:
http://www.postfix.org/TLS_README.html#quick-start
-- Noel Jones
message and I'm not sure that mysql will not crash like this
Yes, normal. Please see
http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains
Also see:
http://www.postfix.org/proxymap.8.html
-- Noel Jones
advantage
between storing a password in a config file and storing a
certificate with no password. Either way, security depends on
the OS file access permissions.
Or you can just use a self-signed certificate for postfix.
-- Noel Jones
Clunk Werclick wrote:
On Tue, 2009-07-21 at 10:39 -0500, Noel Jones wrote:
Clunk Werclick wrote:
Hello.
Postfix is new to me and I have spent many hours of reading and testing.
I do not have much experience to look at things and say they are normal or not.
...
Please may I ask someone
(and Linux) when you
add TLS support.
# postconf tls_random_source
tls_random_source = dev:/dev/urandom
# uname
FreeBSD
-- Noel Jones
these days. Consider
dropping it and using DKIM instead.
-- Noel Jones
. I'm pretty sure amavisd-new accepts bad headers by
default, but here are some settings you can look for.
# amavisd.conf
$final_bad_header_destiny = D_PASS;
@bypass_header_checks_maps = (1);
You could configure postfix to reject such mail, but then
you'll lose otherwise legit mail.
-- Noel
to a hash file for postfix to use.
-- Noel Jones
/RESTRICTION_CLASS_README.html#internal
-- Noel Jones
Stefan Förster wrote:
* Benny Pedersen m...@junc.org wrote:
On Wed, July 22, 2009 17:50, Noel Jones wrote:
You could configure postfix to reject such mail, but then
you'll lose otherwise legit mail.
yes legit problem also
This is probably a stupid question, but are those characters really
Benny Pedersen wrote:
On Wed, July 22, 2009 21:41, Noel Jones wrote:
At any rate, unless 8 bit characters in headers are causing
some specific problem, it's not worth blocking them.
back to my first question on how to
http://www.postfix.org/postconf.5.html#strict_7bit_headers
-- Noel
Benny Pedersen wrote:
On Wed, July 22, 2009 22:18, Wietse Venema wrote:
Sahil Tandon:
On Jul 22, 2009, at 4:06 PM, Benny Pedersen m...@junc.org wrote:
On Wed, July 22, 2009 22:00, Noel Jones wrote:
http://www.postfix.org/postconf.5.html#strict_7bit_headers
if postfix changed defaults to yes
, but not authentication.
The usual reason for a purchased certificate on a mail server
is so users don't get an error when submitting mail without
you providing them the certificate or telling them to ignore
the certificate error message.
-- Noel Jones
Benny Pedersen wrote:
On Wed, July 22, 2009 23:14, Noel Jones wrote:
be strict in what you send, liberal in what you accept
ok
i try
postconf -e 'message_strip_charters = \346'
still amavisd give this
Non-encoded 8-bit data (char E6 hex): Subject: \346
why does postfix not use my strip
it.
If you're losing mail due to bad/duplicated headers, put
amavisd-new back at the default to pass bad headers.
Followups on the amavis-users mail list please. This isn't a
postfix issue.
-- Noel Jones
on that.
-- Noel Jones
when
smtpd_tls_security_level = encrypt.
-- Noel Jones
/postconf.5.html#sender_dependent_relayhost_maps
and maybe also
http://www.postfix.org/SOHO_README.html#client_sasl_sender
-- Noel Jones
, comment out the
smtp ... smtpd service in master.cf.
-- Noel Jones
. Or after you
upgrade and something ... unexpected happens.
postconf -n
...
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
These should point to $data_directory. See RELEASE_NOTES.
-- Noel Jones
After these things, then you can look at implementing fail2ban
or similar. But do the basics first.
-- Noel Jones
or not...
That said, recipient verification only makes sense for domains
you relay and don't have a valid recipient list for.
-- Noel Jones
Roman Gelfand wrote:
This is excellent. If you have other non-content spam filtering
suggestion, I would greatly appreciate it.
You post in HTML, and you top-post. Please observe list
etiquette if you want further answers.
As someone else already pointed out, the client also used a
for
answers.
Jeff
Welcome to postfix!
-- Noel Jones
Clunk Werclick wrote:
On Thu, 2009-07-30 at 22:45 -0500, Noel Jones wrote:
Jeff Grossman wrote:
have seen articles about exporting the Exchange users via LDAP and putting
them in an access map file on the Postfix server, but I am not a big fan of
that. I would prefer to just query
since 1.0 anyway, and
probably before that) will automatically recognize changes to
hash: type files.
Other file types may require a postfix reload or may be
picked up eventually. See the docs for that specific file type.
http://www.postfix.org/postfix-manuals.html
-- Noel Jones
of deferred attempts.
Beware! tuning queue parameters often results in poorer
performance than the carefully-chosen defaults.
-- Noel Jones
Thanks!
Tim Tyler
Network Engineer
Beloit College
records pointing to the other hosts.
-- Noel Jones
smtpd_restriction_classes.
smtpd_recipient_restrictions =
...
check_recipient_access hash:/etc/postfix/restrictions
...
# /etc/postfix/restrictions
u...@example.com reject_non_fqdn_hostname, reject_rbl_clie...
example.com permit_auth_destination
...
-- Noel Jones
reject_unverified_sender restriction. Notice the
deliverable tag.
As a general rule it's a bad idea to verify all senders since
some mail admins see this as abuse and will blacklist you.
Best use with caution.
-- Noel Jones
they do.
and besides, I'll bet they don't catch much spam that won't be
rejected by zen.spamhaus.org.
-- Noel Jones
bl.spamcop.net
rfc-ignorant.org is generally better used in a scoring system
rather than for outright rejects.
Why do you have some RBLs in smtpd_sender_restrictions and
some in smtpd_recipient_restrictions? pick one or the other.
-- Noel Jones
Jason Hirsh wrote:
On Aug 4, 2009, at 3:59 PM, Noel Jones wrote:
Jason Hirsh wrote:
On Aug 4, 2009, at 3:01 PM, Noel Jones wrote:
Jason Hirsh wrote:
I raise this question here because it appears the basic postgrey
daemon is running
I have a FReebsd 7.0 server with Postfix, amavisd-new
don't have a suggestion for what you should use, but I know
anvil just isn't suitable.
-- Noel Jones
= if the address can't be verified, accept it anyway. Not
recommended.
-- Noel Jones
to configure SASL, then add that user to the SASL
authentication database (this is outside of postfix). Get
started here:
http://www.postfix.org/SASL_README.html
-- Noel Jones
separate instances of postfix.
All postfix versions support multiple instances, but is
greatly simplified in postfix 2.6 and newer.
http://www.postfix.org/MULTI_INSTANCE_README.html
-- Noel Jones
service running?
Postfix will always defer mail if the policy service (or any
defined map) in unavailable. This is not configurable.
-- Noel Jones
:
http://www.postfix.org/SASL_README.html#server_test
Mutt info:
http://mutt.kublai.com/
-- Noel Jones
I'm attaching postconf -n. Is there brain fade in here?
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
seen some legit idiots that include
localhost in their MX list.
-- Noel Jones
#server_test
-- Noel Jones
.
And be sure to press the gmail plain text button when you
send that information, else it will be unreadable.
-- Noel Jones
Robert Schetterer wrote:
i...@lynet.de schrieb:
Noel Jones schrieb:
Robert Schetterer wrote:
[...]
You can reject such clients with a check_reverse_client_hostname
access table. Make sure this is after permit_mynetworks so you don't
reject the real localhost.
http://www.postfix.org/postconf
?
Sincerely,
Postfix has no support for IDENT.
-- Noel Jones
-Info-Messageid: l6oL1rHPRUyklkQzdkW3kg from
client.example.com[192.168.1.123]; from=u...@example.com
to=recipi...@example.org proto=ESMTP helo=[192.168.1.123]
-- Noel Jones
Thomas Gelf wrote:
Noel Jones wrote:
To log an existing header, use the header_checks WARN action.
http://www.postfix.org/header_checks.5.html
Thank you!
The log entry would look something like:
Aug 12 10:29:59 mgate2 postfix/cleanup[29258]: 7C773797ADF: warning:
header X-Info-Messageid
to examine the source code for details of what
verbose logging means. Verbose logging is rarely needed for
debugging postfix problems, and is not formally documented.
-- Noel Jones
DEFER_IF_PERMIT. See the docs for your policy service
for details of how to do this.
Most greylisters use DEFER_IF_PERMIT to prevent deferring mail
that would be rejected by a later restriction. That way the
sending server knows to not try back later.
-- Noel Jones
regular expressions,
then test your expression with
postmap -q input string regexp:/path/header_checks
For testing with postmap, input string should not have any
line feeds.
Google has a wealth of information on constructing regular
expressions.
-- Noel Jones
postfix 2.6 or newer and
use the postmap -h flag, or 2) manually fold multi-line
headers into a single line before testing.
http://www.postfix.org/postmap.1.html
-- Noel Jones
a strange option
“--force-for-bad-html”
Avoid options you don't understand. No, I don't know what
this option does either, but it looks like a likely candidate
for the problem.
-- Noel Jones
of a
multi-recipient message.
-- Noel Jones
Dan Farrell wrote:
hi all,
sorry to ask this simple question. I couldn't find the solution
online.
I am hoping to relay mail for a friend's home server, which can't use
external port 25. I was hoping to define a hash somewhere for relay
recipients something like:
relay-domain.com
and can use other means to
contact you.
-- Noel Jones
, but this behavior can be affected by
which smtpd_*_restrictions section the REJECT appears in, and
the setting of smtpd_delay_reject.
See the archives and postfix docs for further details.
-- Noel Jones
.
-- Noel Jones
-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Sahil Tandon
Sent: Sunday, August 16, 2009 5:02 PM
To: postfix-users@postfix.org
Subject: Re: postfix not rejecting single nonexistent user
On Sun, 16 Aug
://www.policyd.org/ can both do this
Built-in postfix per-user stuff is described in
http://www.postfix.org/RESTRICTION_CLASS_README.html
However, an external policy server may give you more
flexibility, and may be more scalable, than the postfix
built-in controls.
-- Noel Jones
, but can be modified by postfix.
Postfix address rewriting controls are described in
http://www.postfix.org/ADDRESS_REWRITING_README.html
For further help, please see:
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
Eugene Vilensky wrote:
According to your problem report, the trading application sends:
MAIL FROM:'usern...@example.com'
The correct SMTP protocol syntax is:
MAIL FROM:usern...@example.com
Not even Sendmail accepts the incorrect syntax.
You can easily view the command by logging the
Richard Wurman wrote:
I support a couple postfix servers that do a high volume of sending
mail (not direct marketing :) for billing, invoicing and account
update confirmations). On one machine, when the mailq is over 5000,
things seem to get stuck where I need to restart postfix. If I
don't,
seem to have any, so $1 is undefined.
/^Subject: (.*)$/ REPLACE Subject: PRE $1
-- Noel Jones
and there's just enough wiggle room
here that it's possible some clients will behave badly. But
it's probably fine.
-- Noel Jones
LuKreme wrote:
On 18-Aug-2009, at 10:42, Noel Jones wrote:
The STRESS_README was written before postfix supported 521 as a hangup
action, so yes, it's reasonable to disconnect after any RBL hit during
stress.
I am somewhat hesitant to recommend using 521 as your standard RBL
reject code
make it more complicated than it needs to be.
-- Noel Jones
.
-- Noel Jones
a wild guess.
-- Noel Jones
as an example; your mail client says it's
from me, but the envelope sender is
owner-postfix-us...@postfix.org
-- Noel Jones
the smtp ... smtpd service in your master.cf. Do
NOT use smtpd_tls_wrappermode or any of those other options;
they don't belong here.
-- Noel Jones
Paul Hutchings wrote:
Thanks for the reply.
Can I do this with Postfix and if so, how please?
Control From: header and envelope sender from whatever
software submits the mail to postfix.
-- Noel Jones
I did read the address-rewriting help but frankly am struggling to find the
exact
only clients known to support certificates,
don't bother with them.
-- Noel Jones
,
the connection would be labeled Untrusted.
-- Noel Jones
Victor Duchovni wrote:
On Fri, Aug 21, 2009 at 06:09:52AM -0500, Noel Jones wrote:
Ralf Hildebrandt wrote:
Aug 20 22:49:01 server postfix/smtpd[7724]: connect from
unknown[XXX.YYY.ZZZ.KKK]
Aug 20 22:49:02 server postfix/smtpd[7724]: setting up TLS connection
from unknown[XXX.YYY.ZZZ.KKK]
Aug
http://mail.exmaple.com
help appreciated
http://www.postfix.org/postconf.5.html#inet_interfaces
-- Noel Jones
server.
Postfix must be compiled with SASL support; if you install
from a vendor-supplied package you may already have SASL or
can get it by installing a different package.
Get started here:
http://www.postfix.org/SASL_README.html
-- Noel Jones
a TLS connection. Try using
smtpd_tls_loglevel = 1
for a clear indication of when TLS is in use without the noise.
-- Noel Jones
Julien Vehent wrote:
That message does not indicate a TLS connection. Try using
smtpd_tls_loglevel = 1
for a clear indication of when TLS is in use without the noise.
-- Noel Jones
OK, I did. I will look more closely at the logs to check that again.
But, what does this message indicates
are configured with a
similar MX record.
Is this now the intended behavior of the
reject_unknown_helo_hostname restriction? It seems like it
would be correct to reject if there were *only* a bogus MX and
no A record, but since there is an A record it's not really
unknown.
-- Noel Jones
the same change, it
appears to me that the helo checks are now incorrectly
requiring a valid MX record.
-- Noel Jones
msg-headers+body
The sendmail command is a pipe.
If you describe what original problem you're trying to solve
maybe you can get some better pointers.
-- Noel Jones
On 8/31/2009 6:09 PM, none none wrote:
If you describe what original problem you're trying to solve maybe you can
get some better pointers.
-- Noel Jones
Done Noel!
;)
Your problem report is a mess.
I don't believe I can help you any further.
Since you don't seem to have understood my
service such as postfwd.
http://www.postfix.org/RESTRICTION_CLASS_README.html
http://www.postfix.org/SMTPD_POLICY_README.html
http://postfwd.org/
-- Noel Jones
relay_domains =
ie. set it empty.
-- Noel Jones
recipient.
Please share more details of how your system is configured,
including postconf -n, and the errors logged by postfix.
-- Noel Jones
doesn't complain about the helo anywhere here, and
nothing obviously wrong with the helo the client used.
-- Noel Jones
://www.postfix.org/aliases.5.html
http://www.postfix.org/local.8.html
http://www.postfix.org/OVERVIEW.html
and the list archives.
-- Noel Jones
in
relay_recipient_maps.
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
-- Noel Jones
Is it possible to force postfix to accept the mail and then resend an
error message ?
Thanks
This user did not authenticate. Maybe you also need to move
permit_mynetworks above reject_unlisted_recipient.
-- Noel Jones
On 9/7/2009 11:58 AM, Alessandro wrote:
I how can I send a single dot line with sendmail?
man sendmail, look for the -i option.
http://www.postfix.org/sendmail.1.html
-- Noel Jones
On 9/7/2009 2:17 PM, Pascal Maes wrote:
Le 7 sept. 2009 à 18:10, Noel Jones a écrit :
On 9/7/2009 7:07 AM, Pascal Maes wrote:
Hello
Sometimes, our users are sending message to a lot of people (from our
domain) without using a mailing list.
As the SMTP server is the same to send and receive
. Showing unaltered postconf -n and
unaltered normal logging should help solve the mystery.
-- Noel Jones
301 - 400 of 3787 matches
Mail list logo