mxcluster postfix/qmgr[32622]: 5A4A520FADE: removed
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra
* Rafael Azevedo raf...@gmail.com:
Hi Ralf,
I've already tried that. I did disable dkim and the delay time almost
didnt change.
Well, I'm out of ideas, but it's not really a postfix problem when the
receiving side is being slow.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
= ...
but not to a sub second resolution(since syslog()) is being used.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra
* Rafael Azevedo raf...@gmail.com:
Ralf, you're the g-e-n-i-o-u-s
The problem is with DK-MILTER not DKIM.
Doesn't DK-Milter do DKIM?
I disable DK-MILTER from main.cf and its just very very very fast!
Thanks a lot you guys for the help!! Now things are back to normal!
\o/
--
Ralf
postscreen_dnsbl_sites = zen.spamhaus.org*2
bl.spamcop.net*1 b.barracudacentral.org*1 spamtrap.trblspam.com*1
That should add up to a maximum of 5 unless a client IP can be listed
multiple times in one dnsbl (?)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité
would like to thank the author of postscreen --- who was that?
Wietse?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
* Wietse Venema wie...@porcupine.org:
Ralf Hildebrandt:
$ host 197.251.232.190.zen.spamhaus.org
197.251.232.190.zen.spamhaus.org has address 127.0.0.11
197.251.232.190.zen.spamhaus.org has address 127.0.0.4
2*2 = 7?
Surely you have enough logs of your own that you can verify
* Wietse Venema wie...@porcupine.org:
Ralf Hildebrandt:
$ host 197.251.232.190.zen.spamhaus.org
197.251.232.190.zen.spamhaus.org has address 127.0.0.11
197.251.232.190.zen.spamhaus.org has address 127.0.0.4
2*2 = 7?
Surely you have enough logs of your own that you can verify
* Victor Duchovni victor.ducho...@morganstanley.com:
On Tue, Mar 08, 2011 at 04:27:20PM +0100, Ralf Hildebrandt wrote:
If I change the bounce_template_file, is a postfix reload for the
change to take (immediate) effect needed?
Yes, if you want the effect to be immediate.
Looking
* Michael mich...@thompsonmike.me.uk:
On Tue, 2011-03-08 at 21:13 +0100, Ralf Hildebrandt wrote:
You seem to have a content_filter setup. Could that be?
Yes, SpamAssassin is in the chain. I did'nt realise this may be the
issue.
Please show master.cf
--
Ralf Hildebrandt
inet n - - -- smtpd -o
receive_override_options=no_header_body_checks
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570
free shared buffers
Mem:6204048348136920 5916
Swap: 5242840 524284
Total: 58632448348 537976
Best regards,
Denis Shulyaka
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
* john j...@klam.ca:
What hardware are running openwrt on?
Sounds like a MIPS based OpenWRT system, e.g. a WRT54g (am I correct?)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
* mouss mo...@ml.netoyen.net:
seems promissing, but a fork like that requires a year or so to see
what gets out of it. so either the guys are very good and they'll get
out with a great success, or the project will die.
Yes. Promising, to say the least.
--
Ralf Hildebrandt
Geschäftsbereich
on this list).
I also think that the flavor option has some importance. If it
allows Postfix to be more widely used in a way that is comfortable to
IBM, then I think that is a good thing.
Agreed. I do know that some RedHat releases had no maptype mysql
(because of this?)
--
Ralf Hildebrandt
maptypes) has been PATCHED
into Postfix.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http
.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
instead of host-247-92.91-212.enter.it
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http
40s!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
* Ralf Hildebrandt ralf.hildebra...@charite.de:
* Richard Smits r.sm...@tudelft.nl:
Hello,
We have a problem in SMTP communication with some external
mailservers. I will explain.
If i do a telnet to port 25 on a remote server, I get no greeting
message, it just waits. I suppose
/postfix/smtpd_discard_ehlo_keyword.cidr
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http
* Linda Pagillo li...@lpdynamix.com:
Will Postfix always accept mail from null senders by default
Yes, to valid recipients.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
* Nikolaos Milas nmi...@noa.gr:
Wietse,
Would you have any plans to integrate in Postfix support for global
AND per user mailbox quotas supporting both Maildir and MBOX?
But why? dovecot (which has an LMTP server and a LDA) can do both.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
they have a poor setup
That's a very commonplace error.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra
smtp.academicjobseu.com.
smtp.academicjobseu.com has address 212.89.81.106
212.89.81.105 != 212.89.81.106
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax
domain name pointer smtp.academicjobseu.com.
# host 212.89.81.106
106.81.89.212.in-addr.arpa domain name pointer smtp.academicjobseu.com.
$ host smtp.academicjobseu.com
smtp.academicjobseu.com has address 212.89.81.106
106 != 105
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
in this?
basically I want to show that it's NOT lingering in the queue after
it has been scanned for viruses and reinjected into the queue
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel
* Wietse Venema wie...@porcupine.org:
Ralf Hildebrandt:
Is there a way of getting a log entry that documents when Postfix is
trying to actually deliver a mail?
The queue manager connects to the UNIX-domain socket for a particular
delivery agent such as smtp(8) or local(8), and waits
* Wietse Venema wie...@porcupine.org:
Ralf Hildebrandt:
This seems to be TLS related, since it happens whenever TLS is being
used.
Here is a patch. This part of the TLS library still needs to be
restructured. There is redundancy in the internal APIs: multiple
function arguments
that to a much lower value!!
or leave it higher, it does not harm if the servers don't object.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49
and I'm not sure how
smtp_connection_reuse_time_limit = 300s
could be lowered in such a way that busy destination MXes are not
keeping a lot of mail in the active queue...
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
-s hash:aliases
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
* Ralf Hildebrandt ralf.hildebra...@charite.de:
Goal:
=
Make mails go to a target server within 60s.
Target server is defined as either:
* the MX host of the destination domain
* my smtp_fallback_relay which keeps trying delivery
It's really fast and can take a lot of load...
So
either lower this value, or increase the limit on smtp
processes, or both.
--
J.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30
* lst_ho...@kwsoft.de lst_ho...@kwsoft.de:
virtual_alias_maps is used for domains listed in
virtual_alias_domains (= virtual alias domain class)
No, it's always applied!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin
is not correct)?
That's documented:
In all cases the result of table lookup must be either not found or
a list of SASL login names separated by comma and/or whitespace.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin
to
many SASL login usernames), it's just formatted differently.
Yes
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra
is
spam.
Is the ironport br0ken or why are you getting so much spam (I assum
you're getting spam, not sending it).
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30
* Reindl Harald h.rei...@thelounge.net:
Way to make your case.
sorry, but this was the only right answer for you can not
use dns-forwarder and blacklists
Well, you cannot use (for example) zen.spamhaus.org via 8.8.8.8 or
8.8.4.4
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
, it is
unlikely that postfix can natively support it.
If it uses the common query method, just add it to your list of DNSBLs.
Have you tried using it ?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
* Stan Hoeppner s...@hardwarefreak.com:
Ralf Hildebrandt put forth on 2/4/2011 2:18 AM:
* Jeroen Geilman jer...@adaptr.nl:
I think Ralph meant: do you have an example how one would query this DNSBL
?
Is there public documentation for using the SenderBase DNSBL?
Do you have me
server
With mysql backend
What exactly IS your performance problem? Sending? Receiving? Local
delivery? How are you measuring?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Out: 451 4.3.0daniela.mair@externaldomain: Temporary lookup failure
In: RSET
Out: 250 2.0.0 Ok
Please show the logs for exactly that error. Because the logs show
WHAT failed (DNS, or mysql lookups)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité
(latin1_swedish_ci,IMPLICIT) and
(utf8_general_ci,COERCIBLE) for
operation '='
Feb 4 00:00:58 localhost postfix/trivial-rewrite[2579]: warning:
transport_maps lookup failure
Feb 4 00:00:59 localhost postfix/trivial-rewrite[2579]: warning:
transport_maps lookup failure
--
Ralf Hildebrandt
* David Touzeau da...@touzeau.eu:
Did anyone have tips to integrate PostScreen with SenderBase DNSBL has
the Cisco IronMail blacklist ?
Please rephrase and please do mention how one would query the
SenderBase DNSBL!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité
.
Any suggestions and comments are welcome.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http
zen.spamhaus.org
becomes:
smtpd_client_restrictions =
hash:/etc/postfix/client_restrictions
disable_vrfy_command = yes
smtpd_recipient_restrictions =
Is kept like it was
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin
* Ralf Hildebrandt ralf.hildebra...@charite.de:
The resulting set of restrictions after cleaning up:
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_client_restrictions =
hash:/etc/postfix/client_restrictions,
disable_vrfy_command = yes
smtpd_recipient_restrictions
* Aggelos marma...@freemail.gr:
smtpd_helo_restrictions should be empty?
Yes.
reject_rbl_client cbl.abuseat.org isn't needed?
It's included in zen
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm
,
reject_rhsbl_helo dbl.spamhaus.org,
permit
It looks OK to me
The check_backscatterer file setup is as suggested on
http://www.backscatterer.org/?target=usage, with the exception of
hash instead of dbm.
Have you tried cdb?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
the advantage
to doing so over just using hash: ? We don't get massive amounts of
incoming mail, so I'm not sure if there'd be a noticeable performance
improvement.
OK; in that case no need to recompile :) Memory footprint is smaller,
though.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
with
root privileges?
Yes.
Is it not a risk running master as root (the same reason for running
other processes as unprivileged) ?
It must bind to ports 1024 AND it must be able to spawn processes as
other, unprivileged users.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
prevent remote users from masquerading as local users to bypass policies
-- You can use smtpd_sender_login_maps and the restriction
reject_authenticated_sender_login_mismatch to prebent users from
faking sender addresses
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité
multiple instances for that.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
,
relay=none, delay=2.7, delays=2.7/0/0/0, dsn=5.0.0,
status=bounced(Local delivery is disabled.)
The more I think about it, the more I think it should have worked. I'll
try again once things slow down a bit (5pm).
postconf transport_maps
is showing what?
--
Ralf Hildebrandt
that for python.org and it took me 3
months (setting everything up, cleaning list, fixing settings) of my
spare time.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570
that OP
regarding that solution. In this case I'd say no negative feedback
means it's working.
Of course it's working. In fact it can be the first step towards the
optimal solution (from an artistic point of view -- it has to be
beautiful simple)
--
Ralf Hildebrandt
Geschäftsbereich
* JKL ju...@klunky.co.uk:
How many Postfix master daemons are running on your machine?
Meaning:
ps auxwww|grep master
Sent again, as I do not think this Email made it through.
It made it through, but it didn'T answer the question!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
* Stefano Mason stefano.ma...@t-systems.it:
Sometimes the postscreen process behaviour is:
( After postfix stop, another postscreen is started, look PID number! )
Yes, I've seen this once or twice, but assumed it was somehow my fault.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
* Wietse Venema wie...@porcupine.org:
The postscreen daemon creates a child and finishes work in the
background. The parent terminates immediately.
Meaning it's safe to igore and it will go away eventually. Fine.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité
. That rule reject_rbl_client bl.spamcop.net does not block
them. Any one can help and tell me where is my mistake ?
--
Regards,
Condor
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30
This server disallows weird address syntax.
/^postmaster\@/ OK
/^hostmaster\@/ OK
/^abuse\@/ OK
/^nobody\@/ REJECT
This is an open relay that allows relaying to
postmaster, hostmaster, abuse at any domain.
Admittedly that's not a lot of recipients, but still!
--
Ralf Hildebrandt
-BOF-6958.pdf
und dies hier in Deutsch:
http://www.weblearn.hs-bremen.de/risse/papers/IIAkolloq080115/elliptic.pdf
Short: The 2007 PDF says that the best known attacks against ECC are
worse than for RSA, DSA, DH.
Thus one can use shorter key lenghts giving the same level of security.
--
Ralf
* Ralf Hildebrandt ralf.hildebra...@charite.de:
I can recommend this PDF:
http://blogs.sun.com/jyrivirkki/resource/ECC-TLS-BOF-6958.pdf
und dies hier in Deutsch:
http://www.weblearn.hs-bremen.de/risse/papers/IIAkolloq080115/elliptic.pdf
Short: The 2007 PDF says that the best known attacks
* Ralf Hildebrandt ralf.hildebra...@charite.de:
Incidentially, I recompiled Postfix against opensssl-1.0 yesterday :)
I still have to find out if the DFN-PKI-CA (which we're using) is
issuing certs on ECC keys
I could just try that :)
Like... now :)
Doesn't work. It triggers an error
* Condor con...@stz-bg.com:
smtpd_helo_restriction =
smtpd_helo_restriction**S**
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450
not possible.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
, 2011 at 4:59 PM, Ralf Hildebrandt
ralf.hildebra...@charite.de wrote:
* Joe Wong joewon...@gmail.com:
Hello,
I would like to know if there is possible to configure postfix not to
bounce a message if it contain certain header in the message? I tried
adding
-o header_checks option
* J4 ju...@klunky.co.uk:
Hi there,
I set-up Postfix to enforce quotas using this in the main.cf:
This is a patched, unsupported postfix.
Whose patch is it?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
* J4 ju...@klunky.co.uk:
On 01/19/2011 02:04 PM, Ralf Hildebrandt wrote:
* J4 ju...@klunky.co.uk:
Hi there,
I set-up Postfix to enforce quotas using this in the main.cf:
This is a patched, unsupported postfix.
Whose patch is it?
Hi Ralf,
This explains everything. I read
in the Debian repos. At least I can keep this stable. I can live
with a Postfix patch for the timebeing. I shall move to Dovecot 2 when
it is in the Debian squeeze repositories.
It won't be (as far as I know)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin
* /dev/rob0 r...@gmx.co.uk:
On Tue, Jan 11, 2011 at 09:46:42PM +0100, Ralf Hildebrandt wrote:
smtpd_reject_footer = Contact postmaster at charite.de for assistance
caused a SIGNIFICANT increase in postmaster tickets :|
Are these issues that you're able to help them with?
Strictly speaking
* Ralf Hildebrandt ralf.hildebra...@charite.de:
mail.charite.de (on the other hand) was running postfix-2.8-20110109.
Still no proof of anything, but maybe there's something.
I upgraded mail.python.org to postfix-2.8-20110109 as well (now).
Let's see what happens.
It was probably nothing
* Ralf Hildebrandt ralf.hildebra...@charite.de:
# awk '/postfix\/postscreen.*COMMAND PIPELINING.*after QUIT/ {print $9}'
/var/log/mail.log | awk -F: '{print $1}'| sort | uniq -c | sort -n
7 [200.124.146.99]
7 [209.172.40.211]
10 [216.46.18.41]
10 [216.46.18.53
).
Which it is, in my case :)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
which is exactly what I'm using.
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
seems to work, though
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
The POSTSCREEN_README mentions:
See the postscreen_access_list manpage documentation for more details.
./man/man8/postscreen.8 is the only man page with postscreen as part
of the name - it does mention postscreen_access_list.
man 5 postconf is also not listing postscreen_access_list
--
Ralf
/postconf.5.gz
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
it's home directory.
That's ok
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http
a Postfix instance trigger postscreen of another instance?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de
* Ralf Hildebrandt ralf.hildebra...@charite.de:
Today I found this in my log:
Jan 12 22:39:39 mail postfix/postscreen[17030]: COMMAND PIPELINING from
[216.46.18.51]:58366 after QUIT
So I wondered -- after QUIT? and had a look at the client:
mail:~# host 216.46.18.51
51.18.46.216
to postfix-2.8-20110109 as well (now).
Let's see what happens.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra
smtpd_reject_footer = Contact postmaster at charite.de for assistance
caused a SIGNIFICANT increase in postmaster tickets :|
So users do read.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D
* John Adams mailingli...@belfin.ch:
drop the technical gibberish and suddenly people understand you :)
Hey, I didn't drop that, I just added one line :)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
it, but I'm
relatively inexperienced with postfix and so may well be missing something.
egrep (error|warning|fatal): /var/log/mail.log
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203
/smtpd[3268]: warning: No server certs
available. TLS won't be enabled
Jan 10 13:08:28 gilded-bat postfix/smtpd[3362]: warning: No server certs
available. TLS won't be enabled
ookay. Maybe install some x.509 certificates!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
* Noel Jones njo...@megan.vbhcs.org:
On 1/6/2011 3:31 PM, Ralf Hildebrandt wrote:
* Bob Proulxb...@proulx.com:
I am helping a school and they have told me they need to keep an
archive of all email through the site for a short period of time.
They also need to delete email after a period
* Ralf Hildebrandt ralf.hildebra...@charite.de:
* Noel Jones njo...@megan.vbhcs.org:
On 1/6/2011 3:31 PM, Ralf Hildebrandt wrote:
* Bob Proulxb...@proulx.com:
I am helping a school and they have told me they need to keep an
archive of all email through the site for a short period of time
How can I check correct the permissions (especially on
$queue_dir/maildrop and $queue_dir/public) using postmulti?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30
persons. (In practice actually doing this is *extremely* rare.)
Could the kind souls here point me in the right direction? They
http://www.arschkrebs.de/postfix/postfix_archive.shtml
but you would use always_bcc_maps
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité
* Wietse Venema wie...@porcupine.org:
421-4.4.2 host.example.com Error: timeout exceeded
421 4.4.2 For assistance, contact the helpdesk at 800-555-0101
I wonder how many calls you would actually get for that.
Almost none, because users cannot read.
--
Ralf Hildebrandt
* John Adams mailingli...@belfin.ch:
Almost none, because users cannot read.
well, actually they can. They just don't read the automated gibberish
that comes from us admins.
:)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus
of a remote domain was complaining they couldn't
send mail to us, because ONE of our THREE MX hosts was not accepting
connections. The other two were.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D
something in the spamfilter to pass the error code back
to the original client?
On the other hand I'm wondering what that invalid 8-bit character
might be, since it LOOKS like a space in the bounce I got from pje.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité
* Ralf Hildebrandt ralf.hildebra...@charite.de:
On the other hand I'm wondering what that invalid 8-bit character
might be, since it LOOKS like a space in the bounce I got from pje.
It was a strange hyphen.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité
.*)/ IGNORE
/^Received from.*\[192\.168\.12\.7\]/ IGNORE
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
question is, how do I begin to
plug this hole?
stop apache
look further
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
* Victor Duchovni victor.ducho...@morganstanley.com:
- Remove non-working addresses promptly from your lists.
This step alon considerably improves reputation AND delivery time.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus
heavy load. however, there're likely 140,000 mails congesting
after several days' running. So I tried qshape to analyse the queue, and
found that almost all mails are congesting in incoming queue, while
active queue reaches it's limit of 20,000 mails.
Please show the qshape output
--
Ralf
* Victor Duchovni victor.ducho...@morganstanley.com:
It takes mail many days to get through the content filter. Fix your content
filter.
Or circumvent it for this type of mail! If your KNOW what you're
sending out, why scan for viruses?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
601 - 700 of 1365 matches
Mail list logo
