Re: Gmail and spam, a request

this list from several different users. The one user is just an example of the issue. Peter

Re: Gmail and spam, a request

through more or different hoops to get messages through. At the end of the day all we can really do is fix the things we know about and hope for the best. Peter

Re: Gmail and spam, a request

do both, but if so then we probably should. There may be servers that verify DKIM but don't know about ARC. Switching list manager would be the better long-term option, but a hack could be useful to address some individual cases in the short term. Agreed. Peter

Re: Gmail and spam, a request

ter unless they can still pass. This may well be the end of the line for the majordomo-based list server. I do believe that there are ways of doing the mitigations from postfix and still retain mailman, but it may be a lot easier to simply switch to mailman. Peter

Re: gmail.com is Unsecure ssl cert ?

OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign ... Not After : May 19 20:43:24 2020 GMT ... X509v3 Subject Alternative Name: ...DNS:gmail-smtp-in.l.google.com,... ... Looks valid to me, unless I'm missing something, or is posttls-finger missing something? Peter

Re: postfix and systemctl

.noarch.rpm yum --enablerepo=gf-plus install postfix3 Also see http://ghettoforge.org/index.php/Postfix3 Peter

Re: postfix and systemctl

at GhettoForge certainly come with systemd unit files and work fine with the systemctl command. Peter

Re: Query

in alias_maps are bypassed so mailman will not work. Is this expected behavior and is there are way around this? Would really appreciate any assistance. You probably want to use relayhost or default_transport instead of transport_maps. Peter

Re: Using Postfix to send home server alerts

tools that are simpler to configure and better suited to that roll. I recommend msmtp: https://marlam.de/msmtp/ Peter

Query

Hi AllI am trying to figure out how to get this working. I run Mailman through Postfix. The Mailman aliases are in alias_maps. I find that when I set up a transport map in Postfix to have Postfix forward the emails through another email gateway, the aliases in alias_maps are bypassed so mailman

Re: postfix for IoT

, ssmtp or nullmailer. These are designed to connect to and push mail out to a submission server and have a much lighter weight footprint than postfix and as such are way better suited to usage on an embedded system. Peter

Broken Resource Links

/patrick.koetter/saslfinger/ https://web.archive.org/web/20190618125312/http://postfix.state-of-mind.de/patrick.koetter/smtpauth/ It might be useful if someone wants to copy those resources to a more permanent location, or at least update the links. Peter

Re: Virtual alias address class and no_address_mappings

s do show the message going straight into qmgr, so I'm really just baffled here. Peter

Re: Virtual alias address class and no_address_mappings

On 30/12/19 5:15 pm, Viktor Dukhovni wrote: On Mon, Dec 30, 2019 at 04:37:32PM +1300, Peter wrote: If someone uses virtual_address_domains and has "receive_override_options = no_address_mappings", then postfix will kick back an error of "User unknown in virtual alias table&quo

Virtual alias address class and no_address_mappings

no_address_mappings is set. Is this behavior intentional or just a side effect of how no_address_mappings is implemented? Peter

RE: Unverified Recipients

Hi AllI finally found some information and I admit I am wondering how to get all the features I want working. I saw a response that suggested that recipient_restrictions will only work when the email goes through the smtpd daemon since the reject_unverified_recipient setting is found in the

Re: postscreen with IP-ranges?

You can whitelist with dnswl.org. See: http://rob0.nodns4.us/postscreen.html Peter On 13/11/19 12:26 AM, Roland Freikamp wrote: Hi, I'm using postscreen on a mailserver. Unfortunately, this does not work with some bigger mail providers, since they send the mail from a random host

Re: How to avoid being classified as spam by Google?

On 9/10/19 11:02 PM, martin f krafft wrote: Quoting "Peter", who wrote on 2019-10-09 at 10:54 Uhr +1300: Does ambassador.madduck.net match the EHLO banner as well? Yes, of course. ;) % swaks -q EHLO -s ambassador.madduck.net === Trying ambassador.madduck.net:25... ===

Re: How to avoid being classified as spam by Google?

spf is not have a max ip in there rfc :( Don't be ridiculous. Peter

Re: How to avoid being classified as spam by Google?

h the EHLO banner as well? Peter

Re: How to avoid being classified as spam by Google?

On 8/10/19 12:04 AM, Jaroslaw Rafa wrote: Dnia 7.10.2019 o godz. 23:54:41 Peter pisze: Also sign up for ESP-specific programs such as feedback loops, Google postmaster tools and Microsoft's SNDS. Check the individual postmaster pages for each ESP that you're having problems with to make sure

Re: How to avoid being classified as spam by Google?

for help. Peter

Re: Postfix as backup MX

almost non-existent nowadays. In short, just don't do it. Peter

Re: Change smtps to submissions in master.cf

wait until it fixes more distros than it breaks. Peter

Re: deal with google mailboxes

that they used to sign up with. Google may see multiple variants as equivalent but that does not mean that other servers need do the same. Peter

Re: Postfix MX resolving issue on a chrooted setup

in a directory and file and import it into systemd so it takes precedence over but does not overwrite the postfix service file that comes packaged with postfix. Let me know if you need any more help. Regards, Peter Ajamian

Re: Question getting Mail.app working with PostFix SMTP

obably due to similar security concerns. Peter

Re: Greylisting -- current recommendations?

, and it would pay to ask if the handful of messages getting through (that might be caught by another anti-spam solution later in your pipeline) is worth catching for the delay you are introducing with such a setting. Peter

Re: Gave up on my ISP, trying to get GMail to work but get - host smtp.gmail.com[64.233.168.108] said: 530-5.5.1 Authentication Required.

On 24/06/19 3:38 AM, Chris Pollock wrote: I still have some that are going to /var/spool/mail/nobody however. Headers below: And your logs show what exactly? Peter

Re: Greylisting -- current recommendations?

that postgrey defers does not mean it caught spam, it means it may be spam and it is delaying the message further to try to check. If postscreen is catching the vast majority of these then all you're seeing is unnecessary delay on legitimate mail. Peter

Re: Greylisting -- current recommendations?

ESPs such as google and the after-220 tests. Peter

Re: authenticate o365 users with postfix without smtp auth

. Peter

Re: Different SSL certificate per virtual domain

=cache:JmE1tzw6qqYJ:ghettoforge.org/index.php/Postfix3+=1=en=clnk=nz=firefox-b-e With this version you will have SNI support. Peter

RE: Increasing Internal security

rds SI From: Noel Jones Sent: Wednesday, May 15, 2019 12:26 PM To: postfix-users@postfix.org Subject: Re: Increasing Internal security On 5/15/2019 11:24 AM, Peter Fraser wrote: > Hi All > > We had an auditor to an internal pentest for our network. The result > for our Postfix

Increasing Internal security

Hi All We had an auditor to an internal pentest for our network. The result for our Postfix box was (My Words) Although your SMTP server prevents relay in some circumstances, it still allows email from an empty domain. I am aware that the empty domain <> is needed for bounce messages. Is there

Re: Big problem with this mailing list and Majordomo regarding DMARC

breaks the rules or doesn't get it, or can't actually control this stuff for their email. Peter

Re: Big problem with this mailing list and Majordomo regarding DMARC

in the appropriate standards documents, and when they don't it's their fault for actually following the standards? Ummm, ok. Peter

Re: Big problem with this mailing list and Majordomo regarding DMARC

On 20/04/19 3:15 PM, Peter wrote: I'm not disagreeing with any of this.  It simply boils down to that when a current RFC recommends a certain practice you shouldn't be surprised that people will follow that recommendation.  What then follows is that people who use google, microsoft or other

Re: Big problem with this mailing list and Majordomo regarding DMARC

compliant just as long as the DKIM signature doesn't include certain headers, some of which are actually recommended to be included by the relevant RFCs. When looked at in that light it becomes more clear that the DKIM compliance of the mailing list is spotty at best. Peter

Re: Big problem with this mailing list and Majordomo regarding DMARC

On 19/04/19 11:16 PM, Nick wrote: You might want to consider reducing the list of headers in your DKIM signatures. E.g. your signed-headers list includes 'sender' but the mailing list adds its own 'sender', which is enough to invalidate your signature. This is going to be an ongoing problem

Re: GF 3.3, unsupported dictionary type: mysql

--enablerepo=gf-plus reinstall postfix3 ...should fix it properly. Peter

Re: GF 3.3, unsupported dictionary type: mysql

tcp texthash unionmap unix That's missing ldap and pcre as well. Looks like a corrupted postfix3 install. This might fix it: yum --enablerepo=gf-plus reinstall postfix3 Peter

Re: "Chunk exceeds message size limit"

ut add in a warning that fires on startup if this setting is 0 to try to encourage people to change it? Peter

Re: pishing from ME

On 24/03/19 05:49, Alice Wonder wrote: I have gotten then where they displayed throwaway passwords I used only once for one site (and thus I know that site doesn't hash passwords and never use it again) This is not necessarily true. A hashed password can be brute-forced. Peter

Re: Semi-OT: Getting blacklisted by hotmail/Google again and again

says not to enforce any DMARC policies, it satisfies ESPs recommendation for setting DMARC but otherwise does nothing. Also you should sign up for dnswl.org which is free to do and has been known to help sometimes. Peter

Re: Postfix stable release 3.4.3

3.4 to date I will be delaying moving it from gf-testing to gf-plus until I feel that the latest release is relatively stable. Peter

Re: 'Linux 5' support in Postfix Stable Release 3.4.1 ?

environment. You will probably also have to install some -devel packages and possibly others, standard stuff for most linux distros. Peter

Re: Postfix stable release 3.4.0

On 28/02/19 14:57, Peter wrote: On 28/02/19 14:21, Wietse Venema wrote:    * Postfix 3.4 drops support for OpenSSL 1.0.1 (end-of-life was December 31, 2016) and all earlier releases. Postfix 3.3 and earlier still support older OpenSSL APIs. Any possibility I can get you

Re: Postfix stable release 3.4.0

to continue to build for CentOS 6. Peter

Re: how to use (open)dmarc when already doing before-queue content filtering?

-topic form your original question, but since you mention it... If you're running any of the after-220 tests in postscreen then you are now delaying mail twice by also greylisting. If you're not running after-220 tests then you're limiting postscreen's effectiveness. Peter

Re: Support for "Linux 5"

On 18/02/19 04:41, Wietse Venema wrote: What distribution runs Linux 5 kernels? I would like to do a smoke test for due diligence (does it build and run). Fedora Rawhide is on 5.0.0 Peter

Re: Click tracker removal ideas?

t or break entirely. None of this is to even mention the DKIM issues previously brought up, or the multipart formatting issues. Really this is an idea best left alone. Peter

Re: Click tracker removal ideas?

it is formatted. It is impossible for the former case and very difficult for the latter case to strip the link. Peter

Re: SMTP_HELO_NAME can cause Blacklist triggers

to be a FQDN in this context. https://en.wikipedia.org/wiki/Hostname RFC952 Peter

Re: Postfix is wrongly marking CA certificate expired

expired to me. Peter

Re: How do I get 'mail' working again

ix and *does* look for the postfix config. Peter

Make upgrade doesn't copy new binaries

stop as root prior to the make upgrade command. The binaries are not replaced, and in the maillog postfix logs 3.3.0 when I start using postfix start. Any pointers on where to start looking? Thanks, Peter -- Peter Lindgren, Kazoku IT AB, Vasagatan 43A, 411 37 Göteborg +46-703 39 39 40 peter.lindg

Re: postfix flush, postqueue -f, postsuper -h ALL

es with a recipient of mydomain.com on hold as soon as postfix accepts them. BTW, it can be shortened to: smtpd_recipient_restrictions = check_recipient_access inline:{example.com=HOLD} ...or if you really want to put ALL inbound mail on hold: smtpd_recipient_restrictions = check_recipient_access static:HOLD Peter

Re: Are sha1 & TLSv1 fully deprecated wrt mail, and time to block them?

order to send out SPAM? Good Luck, Peter

Re: Spammer rejected, but resends every 10 minutes. Any way to prevent this

specifically means that you're telling the remote server to try again. Spam or not the remote server is doing what you're telling it to do. Peter

Re: Suggestion: make compilation fail if m4 is not installed

over all error cases without bailing on commands that return non-zero but aren't errors, therefore it has all sorts of crazy rules about what is and isn't an error and much of the time will not do what you think it does. The safe way is to use || exit 1 as Wietse said above. See: http://mywiki.wooledge.org/BashFAQ/105 Peter

Re: FWIW, port 465 gets standards-track blessing from RFC8314

ore dangerous, imo because it would not become apparent to the user that anything is wrong when this happens or when the MITM goes away, it would all appear to just work normally the entire time. Peter

Re: FWIW, port 465 gets standards-track blessing from RFC8314

o setting an older client to require encryption would mitigate it as well. This, I believe would be the strongest reason to prefer SMTPS connections, but it only applies to older clients that are not well configured. Peter

Re: removing postgrey - reconfigring postix

On 24/01/18 19:32, john wrote: > Is there a write up of how to setup up postscreen for maximum spam control. Of course there's the official docs, POSTSCREEN_README and postscreen(8). I also recommend this: http://rob0.nodns4.us/postscreen.html Peter

Re: Cyrus vs Dovecot for SASL AUTH and IMAP

y from Cyrus for the client SASL support. Peter

Re: Microsoft silently discarding emails after recepit

On 08/01/18 19:56, Yuval Levy wrote: > On 2018-01-07 04:32 AM, Peter wrote: >> So to put it simply, they're basically saying that their black box >> thinks that your IP(s) are sending SPAM. > > That's not how I read my conversation with them. My understanding based &g

Re: Microsoft silently discarding emails after recepit

t you personally. > I am still thinking how to react. For now I will advise my clients that > I cannot communicate by email if they are using Microsoft services. I would suggest, as others have, that if you cannot resolve this directly then you use a relayhost for messages that go out to Microsoft clients, then you should at least be able to get your mail through. Good Luck, Peter

Re: Microsoft silently discarding emails after recepit

On 07/01/18 11:42, Yuval Levy wrote: > On 2018-01-06 02:19 AM, Peter <pe...@pajamian.dhs.org> wrote: >> It's not the first time I've seen MS accused of dropping mail. > > Mine (first post in thread) were not accusations. They were > corroborated test results. I unders

Re: Microsoft silently discarding emails after recepit

eputation with Microsoft, if it's blocked you can contact support and they should remove the block. Good Luck, Peter

Re: Postfix RPMs

dependencies. Mock is available from both the CentOS extras repo and epel. The sources are also freely available from GhettoForge if you want to look them over. Peter

Re: always_bcc on outgoing mail

ess_mappings in submission_overrides is preventing always_bcc from working ^^^^^. Peter

Re: Compromised email server

stead of bounces. That is how you avoid becoming a source of backscatter. Peter

Re: Compromised email server

e your server becomes a source of backscatter which is almost as bad as being an open relay as spammers will take advantage of it. Peter

Re: Questions about mynetworks_style parameter in main.cf

h a separate logical > interface. So it would seem that the reference to ifconfig should be ignored at this point and probably removed from the docs? Peter

Re: Questions about mynetworks_style parameter in main.cf

cannot say for certain how this affects IPv6 addresses, they do seem to be returned correctly with ifconfig, but you'd have to check on your own system(s) to be certain. If you need this then you may very well be better off just dumping the list of IPs to a file and loading them into the mynetworks setting instead. Peter

Resolve before transport

Hi guys, I send my emails via different gateways based on my transport file. Many domains, however, use the same email providers, such as outlook or gmail. Is there a way to check the MX records before the email is sent and transport it using a specific gateway? Cheers, Peter

Re: no response from postfix on submission port (or 465)

rt 587 is STARTTLS. Peter

Re: Should I be root or postfix user to execute postfix commands?

states what the requirements are for running it. Peter

SV: SV: Double Mails delivered with aliases.

Realized that my usage of "local" for my users, is wrong terminology, they are all virtual users. [...] > You haven't posted whole master nor whole xMTPDeliver (pastebin, please). > Both can contain something that causes multiple deliveries. Pastebin coming up  main.cf :

SV: Double Mails delivered with aliases.

(and now to the list instead of directly, apologies 'bout that) > >I have Local users and users with forwards. > how do they forward? Using virtual_alias_maps - Lookup into a database, that returns the field alias as destination (alias due to a backend expecting that particular fieldname). If

SV: Double Mails delivered with aliases.

> Short version: > If you have a delivery address aliasing scheme set up that results in > mail being delivered to duplicate email addresses for the same user, it > is not Postfix's responsibility to de-duplicate those emails. That's on > you. Yeah, I'm aware of this. Also, So far it is doing

Double Mails delivered with aliases.

Hiya, I'm having sort of a strange problem with my postfix installation. I have Local users and users with forwards. Some can have more than one forward, say we have Original-Recipient a...@a.test that forwards to local b...@a.test and remote

Re: migrating 2.1 to 3.x ?

, or you can reach me at the #postfix or #ghettoforge Freenode IRC channels. Peter

Re: Migrating 2.11 to 3.2

of the startup problem I > faced. I can't say for sure, but it looks to be permissions-related to me. It might have to do with the way you built and subsequently installed postfix, or it might be an selinux issue that simply isn't present in the GhettoForge packages (assuming you haven't disabled selinux). Peter

Re: Migrating 2.11 to 3.2

On 28/07/17 01:51, Nikolaos Milas wrote: > On 27/7/2017 1:50 μμ, Peter wrote: > >>> http://ghettoforge.org/index.php/Packages >> Right, that one is highly recommended, much better than attempting to >> install from source. > > OK, I followed your advi

Change gateway on bounce

server so it's sent out from there? Cheers, Peter

Re: Migrating 2.11 to 3.2

om, I get the feeling he installed it from source directly. Peter

Re: Migrating 2.11 to 3.2

On 27/07/17 21:54, Nikolaos Milas wrote: > Hello, > > We are moving to a new (virtual) server (from CentOS 5 with Postfix > 2.11.6 to CentOS 7 with Postfix 3.2.2). Where did you get Postfix 3.2 from? Peter

Re: Forward to gmail and DMARC

from POP3 but not from IMAP. You pretty much need to do it with POP3. Peter

Re: upgrade/compile options

ates from Ghettoforge without having to worry about rebuilding yourself every time a new version comes out with bug or security fixes, plus you won't have to worry about when 2.11 goes EOL sometime early next year. Here's the link again for you: http://ghettoforge.org/index.php/Postfix3 Peter

Re: upgrade/compile options

http://ghettoforge.org/index.php/Postfix3 Peter

Re: postfix + selinux - does it make sense ?

xts you have to customize depend largely on your exact setup, and how people set up postfix can vary widely. I can say that I have yet to run across a setup where I had to resort to disabling selinux entirely. Peter

Re: Proper Forwarding Procedure?

And from Google’s point of view, this spam-fighting service to the public might even have the terrible consequence that Gmail be forced to accommodate even more users. An awful result for Google. Peter > On 11 Jun 2017, at 6:35 pm, Peter <pe...@pajamian.dhs.org> wrote: > > On

Re: Proper Forwarding Procedure?

quot;delete" button! So at the end of the day, it doesn't matter how aggressive you are, there is at least some chance that google will flag your server as a source of SPAM. Peter

Re: telnet hangs when I enable sasl

On 06/06/17 05:08, Wietse Venema wrote: > It says: "yum install cyrus-sasl-plain". Nowadays one would use "dnf". CentOS 7 (being several years old now) still uses yum. Peter

Re: Header_Checks & empty Return-Path expression

> If i change the s**$ to what a coleague tells me :-) --> s*$ then no > warning, but both lines are not triggered. If i check for REGEXP it should > be indeed s*$ I guess. But then it fails to trigger… If the lines are not triggered with the corrected regexp, then the regexp is not ma

Re: Is there any documentation on the binary format of the mail files under /var/spool/postfix/ ?

On 30/05/17 19:40, Geert Stappers wrote: > On Mon, May 29, 2017 at 05:02:36PM +1200, Peter wrote: >> On 29/05/17 16:57, Peter wrote: >>> find "$(postconf -h queue_directory)/deferred/)" -type f -exec postcat >>> -e {} + | your_program | postsuper -d - >>

Re: Is there any documentation on the binary format of the mail files under /var/spool/postfix/ ?

On 29/05/17 16:00, Hubro wrote: > The problem with that is that you're passing all the mail file paths right in > the command line. No, he's not, go look up the xargs man page and see what it does. It's basically a variation on the find solution I just gave you. Peter

Re: Is there any documentation on the binary format of the mail files under /var/spool/postfix/ ?

On 29/05/17 16:57, Peter wrote: > find "$(postconf -h queue_directory)/deferred/)" -type f -exec postcat > -e {} + | your_program | postsuper -d - Oops, typo there, should be: find "$(postconf -h queue_directory)/deferred/" -type f -exec postcat -e {} + | your_program | postsuper -d - Peter

Re: Is there any documentation on the binary format of the mail files under /var/spool/postfix/ ?

difference, so in your case it would run postcat 2 or 3 times to get all the file paths passed, then the output of the whole thing would go to your program and the output of that to postsuper. So running find once, postcat 2 or 3 times, your program once, postconf once and postsuper once ... not too bad. Peter

<    1   2   3   4   5   6   7   8   >