There is a thread in the Dovecot mailing list discussing this subject,
but I think it best to ask here aswell:
My Dovecot 2.0 configuration contains these lines
auth_username_format = %Ln
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
user = postfix
:42 +0200
From: Ralph Seichter postfix...@seichter.de
To: postfix-users@postfix.org
There is a thread in the Dovecot mailing list discussing this subject,
but I think it best to ask here aswell:
My Dovecot 2.0 configuration contains these lines
auth_username_format = %Ln
service lmtp
On 27.08.10 17:58, Noel Jones wrote:
If you're using the postfix LMTP client, this might work:
http://www.postfix.org/postconf.5.html#lmtp_generic_maps
I've added
lmtp_generic_maps = hash:$config_directory/lmtp_generic
to main.cf. The file's content matches your example, but I don't see
On 27.08.10 18:22, Victor Duchovni wrote:
[...] LMTP servers are expected to correctly map domains to mailboxes.
It is best to no generate invalid LMTP, mangle the headers, ...
Good point. The data available for Dovecot's user/password DB lookups
does not yet contain domain information for
On 27.08.10 21:06, fakessh wrote:
What is the best solution to use dovecot lda for its use
or complicate the config using lmtp dovecot
whereas with a simple config we manage to walk amavisd
Sorry, I don't get your meaning. If you are asking about using the
dovecot-lda binary instead of LMTP
On 29.08.10 21:40, Noel Jones wrote:
Sorry, I forgot to specify the map type in my example. It must be
either regexp: or pcre:.
No need for you to apologize. I feel quite silly, because you obviously
specifed a regular expression in your example, and I read it as such. I
don't know what made
On 30.08.10 22:11, mouss wrote:
are you saying dovecot lmtp implementation has such a bug?
I think that Dovecot is a great piece of software and would not presume
to imply that it has a faulty LMTP implementation. More likely, I made
some mistake in configuring Dovecot. Currently, all my
I'm currently trying to figure out if it is possible to use different
header_checks for TCP ports 25 (mail from world) and 587 (mail submitted
by authenticated users). I tried the following without success:
# cat /etc/postfix/master.cf
smtp inet n - n - - smtpd
-o
On 05.09.10 20:55, Wietse Venema wrote:
As documented header_checks are not implemented in smtpd(8) but
in cleanup(8).
Yup, that's why I asked if I needed a second cleanup service.
If you are courageous you can implement different cleanup
services:
/etc/postfix/master.cf
submission . . .
On 05.09.10 22:07, Wietse Venema wrote:
Are you running header_checks BEFORE or AFTER the external content
filter, or both? See the receive_override_options discussion in
the Postfix FILTER_README documentation.
Sorry, I re-read the FILTER_README multiple times, but I am not sure how
to
On 06.09.10 00:25, mouss wrote:
add -o syslog_name=postsubmission to both your submission and
cleanup_submission and see if it appears in your logs.
I see postsubmission/smtpd in the mail log, but postsubmission/cleanup
is not logged. So, I guess my cleanup_submission service is not called?
On 06.09.10 01:27, Wietse Venema wrote:
There is an smtpd+cleanup server AFTER your content filter.
That is most likely a bad idea for my purposes. What I try to accomplish
is this:
A1: Have Postfix accept mail on port 587 from SASL-authenticated
clients only.
A2: Remove Received: headers
On 06.09.10 19:07, Jeroen Geilman wrote:
postconf(5) says cleanup_service_NAME - I suspect it will work once
he changes that :)
You're right, I did not spot this. ;-) When I use cleanup_service_name
instead of cleanup_service, it works. This is a feasible solution, as
long as the submission
On 06.09.10 23:13, mouss wrote:
you need to review your master.cf and main.cf for typos and
space/comment errors.
As Jeroen Geilman pointed out, it is cleanup_service_name instead of
cleanup_service.
I recommend using
-o var=${main_cf_var}
where variables are defined in main.cf. This
header_checks depending on TCP port for
incoming mail
Date: Mon, 06 Sep 2010 11:29:28 +0200
From: Ralph Seichter postfix...@seichter.de
To: postfix-users@postfix.org
On 06.09.10 01:27, Wietse Venema wrote:
There is an smtpd+cleanup server AFTER your content filter.
That is most likely a bad idea
On 12.09.10 10:46, mouss wrote:
Received headers should not be included in the DKIM signature. so
removing them won't invalidate DKIM.
If you have a look at my message which you quoted, you'll see
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=seichter.de; h=
On 12.09.10 12:37, Stan Hoeppner wrote:
Ralph, do you restrict submission to only certain public subnets or
do you allow your users/customers to submit from any network?
Submission is allowed for SASL-authenticated users from any network.
Fortunately, the number of originating domains is not
On 12.09.10 16:16, mouss wrote:
$signed_header_fields{lc('Received')} = 0;
I've read the amavisd-new documentation on DKIM support a couple of
times, but I have overlooked this possibility. How frustrating. Had I
used this, things would have worked last week already, because all my
trouble was
On 12.09.10 18:49, mouss wrote:
$allowed_added_header_fields{lc('Received')} = 0;
I'm using amavisd-new 2.6.4 and $insert_received_line = 0; still works
in this version. However, it is indeed obsolete (although still present
in the amavisd-new sample config) and the release notes for V2.7.0
On 13.09.10 16:15, Mark Martinec wrote:
With the help of custom hooks this can be achieved by amavisd itself
Thank you for the sample code and for your detailed explanations regarding
the configuration options.
The reason the DKIM document suggests not to sign Received header
fields is for
On 22.01.11 12:12, Pascal Maes wrote:
postscreen_acces_list = cidr:/etc/postfix/rules/blacklist, permit_mynetworks
Use postscreen_access_list instead.
-Ralph
Hello list members,
Postfix keeps logging warnings like the following:
Sep 25 21:00:17 monthu postfix/smtpd[31253]: warning: hostname
monthu.horus-it.com does not resolve to address
2a01:4f8:150:54c1::b009:2bd8: No address associated with hostname
Name server queries appear to be
Wietse wrote:
What's in /var/spool/postfix/etc/resolv.conf?
The directory /var/spool/postfix/etc does not exist on the server.
Should I create it?
Any recent upgrades that failed to update (system library or config)
files under /var/spool/postfix?
I am not aware of any failures. I've
Wietse wrote:
Please run the attached test programs and verify that your system
library is not borked.
$ ./getaddrinfo monthu.horus-it.com
Hostname: monthu.horus-it.com
Addresses: 176.9.43.216
$ ./getnameinfo 176.9.43.216
Hostname: monthu.horus-it.com
Address:
Gentoo Linux's default /etc/nsswitch.conf contains hosts: files dns,
and the corresponding test program output looks like this:
$ ./getaddrinfo monthu.horus-it.com
Hostname: monthu.horus-it.com
Addresses: 176.9.43.216
When I change the setting to hosts: dns files, the output changes
Eray Aslan wrote:
For the record, Gentoo will default to multi on now unless your your
/etc/hosts file is huge.
One just has to love the F/OSS community. Thanks.
-Ralph
On 26.01.2016 16:54, Matt Bayliss wrote:
> I'm trying to find the correct/best practice method for setting up a
> black hole email address for such items as "noreply" addresses when
> sending alerts from monitoring devices etc.
While not necessarily "the best" solution, I use this:
#
On 29.07.2016 09:29, Roger Goh wrote:
> is there any chance that a whitelisted IP address [...] could have
> been spoofed?
Yes. Search for "IP address spoofing" in the search engine of your
choice and you will find what you are looking for.
-Ralph
On 29.07.16 15:50, Bill Cole wrote:
> > > is there any chance that a whitelisted IP address [...] could
> > > have been spoofed?
> >
> > Yes. Search for "IP address spoofing" in the search engine of your
> > choice and you will find what you are looking for.
>
> By that standard, we are ruled by
I'm definitely not on a crusade in this matter. Risk assessment will
vary with each individual organization's requirements. As Postfix offers
excellent means of using both encryption and authentication, I have not
yet come across a situation where relying on IP addresses alone was the
sole option
On 04.07.2016 11:25, Martin Bley wrote:
> Any hints, where to screw would be appreciated.
You'll find that this literal translation of a German expression does
not mean what apparently think it does in English... ;-)
As for helping with your problem at hand: samples of the incoming
e-mails and
On 12.02.2017 08:39, Kiss Gabor (Bitman) wrote:
> Maybe DKIM verification should ignore list tags in the subject
> if the first attempt was unsuccesful.
> I.e. I could imagine a smarter canonicalization.
There can be no "interpretation" of what the signing party distributes.
I deliberately use
On 12.02.17 19:06, Wietse Venema wrote:
> Last month it was 20 years ago that I started writing Postfix code.
Kudos, and thank you for freeing me (and consequently my customers) of
Exim and Sendmail. ;-) Postfix is one of the most useful software systems
I have the pleasure of working with, and
On 02.03.17 13:38, an...@isac.gov.in wrote:
> When the user sends a mail to a mailing list manager like majordomo,
> being a member of the list, the sender will receive back the mail posted
> to a mailing list. But, due to SPF policy set for sender domain, mail is
> rejected.
Please show logs to
On 08.09.16 16:24, /dev/rob0 wrote:
> I am not in any hurry to move my email into IPv6 land. For now I am
> satisfied to have IPv4-only MX records for my domains. My server is
> IPv4-only, for that matter.
I hope you, and other people, will reconsider. It believe that the more
people adopt IPv6,
On 30.09.2016 12:26, Postfix User wrote:
> 13822:Sep 30 02:00:40 scorpio postfix/smtpd[83056]:
> connect from unknown[118.71.251.67]
You can use reject_unknown_reverse_client_hostname, but I recommend you
don't. Many legitimate mail sources have not configured reverse DNS
entries.
-Ralph
On 25.08.2016 21:36, Michael J Wise wrote:
> This fails badly for many security and privacy reasons if you are doing
> anything other than running a personal, vanity domain.
Is it really necessary to present a purely personal opinion of yours as
a fact? Based on the needs of my customers and
On 28.09.2016 12:03, KSB wrote:
> probably they will go down to 30 days as most admins learn to do
> automation.
I have read various LE posts regarding certificate lifetime, and while I
agree that LE apparently favours automation, I don't think the matter
has been decided yet. My personal (!)
On 28.09.2016 10:55, li...@lazygranch.com wrote:
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to
> your server. It bugs me.
Let's Encrypt does not upload anything to your server. You download an
updated certificate, if and when you choose to. That process can be
invoked
On 30.09.16 15:14, /dev/rob0 wrote:
> I think it's reasonable now to expect a legitimate SMTP client to
> have a PTR record, and perhaps in the not-too-distant future to
> expect PTR/A matching.
Based on personal experience, I stand by my recommendation to not reject
e-mail based on the absence
On 27.10.2016 14:18, linuxc128 wrote:
> Is there any other option in my configuration which might be
> responsible for making postfix append "@myserver.com" instead
> of looking up the alias?
http://www.postfix.org/ADDRESS_REWRITING_README.html should get you
started.
> Why did it work with my
On 20.10.16 19:00, David Byrne wrote:
> It matters in what order you put the entries within
> smtpd_recipient_restrictions
You seem surprised? The documentation states "Restrictions are applied
in the order as specified; the first restriction that matches wins."
On 25.10.2016 10:25, Julian Kippels wrote:
> I would like to have the possibility for my users to opt out of their
> incomming mail being scanned by a spam filter. Is there a way I could
> achieve this using ldap tables? Maybe with smtpd_*_restrictions?
Intuitively, I'd say this should be taken
On 21.10.16 17:41, Paweł Grzesik wrote:
> So here we have DATA where I can type From:, To: and Subject: then
> message and e-mail will go from the "From:" instead of the one from
> the header "MAIL FROM:".
No. Postfix - the MTA - uses the envelope sender address (which you can
verify on the
On 21.10.16 14:23, flemingp wrote:
> host mx1.krystal.co.uk[77.72.0.30] said: 550 Access denied - Invalid
> HELO name (See RFC5321 4.1.1.1) (in reply to RCPT TO command)
> [...]
> myhostname = raspberrypi
The server mx1.krystal.co.uk rejects your HELO. Use a fully qualified
name in 'myhostname'.
On 15.11.2016 14:09, Volker Cordes wrote:
> I was wondering if it is possible to [...] implement blocking using
> geoip-services (99% of our customers are based in germany).
Will any of the users be travelling and/or utilizing anonymity networks
like Tor (see https://www.torproject.org/)? Tor
On 21.10.2016 08:50, Paweł Grzesik wrote:
> [user@mailtest ~]# telnet localhost 25
> [...]
> mynetworks_style = host
You're conducting your test from the machine Postfix is running on,
which is a member of 'mynetworks'...
> smtpd_recipient_restrictions =
On 03.11.2016 04:45, vod vos wrote:
> HOW can we just receive just such as .jpg .png .mp4 and reject all
> other attachment in a short regexp to do the job?
That's not something that can be handled with a "short regexp".
I suggest you look into amavisd-new or other content filters
which work in
On 12.10.16 02:11, @lbutlr wrote:
> No idea if this will be of interest to anyone, but my users are
> finding it useful so I’m sharing.
Thank you for sharing. Personally, I also find pflogsumm.pl very useful:
https://jimsun.linxnet.com/postfix_contrib.html
I use Cron to run "pflogsumm.pl -d
On 10.10.16 07:18, vod vos wrote:
> how to reject incoming email that contains no dkim record in the
> header?
Are you sure you want to do this? Many legitimate mail senders do not
use DKIM, which is a completely optional mechanic. Also, are you aware
that your own use of DKIM does not imply
On 17.12.2016 12:33, Mark Constable wrote:
> I want to supply separate Letsencrypt certificates for each virtual domain
> and seeing that SNI does not work I need to allocate separate IPs. Could
> anyone give some pointers, or keywords to search for, on...
>
> a) how to make postfix listen for
On 15.08.2017 19:12, Viktor Dukhovni wrote:
> The supported digest names/algorithms are a feature of the underlying
> OpenSSL library, Postfix just passes the specified name to
> EVP_get_digestbyname(3).
Fair enough. It might be worth mentioning this in the Postfix docs.
> In the absence of any
On 15.08.2017 18:27, Viktor Dukhovni wrote:
> Don't forget to add:
> -o smtpd_tls_ask_ccert=yes
> -o smtpd_tls_fingerprint_digest=sha256
Quite so, I had trimmed down my example configuration snippet too much.
Interestingly,
http://www.postfix.org/postconf.5.html#smtpd_tls_fingerprint_digest
On 15.08.2017 19:47, Viktor Dukhovni wrote:
> The hardest part is making sure you still have a copy of all the
> authorized public keys or certificates, so that you can compute a
> new digest.
I am dealing with approximately a dozen certificates, most of them for
server-to-server communication.
On 15.08.2017 14:55, Tom Browder wrote:
> I want to: (1) use TLS for an encrypted SMTP connections from
> authorized relay clients, (2) use TLS client certs for the
> authentication of the relay clients, and (3) avoid use of
> SASL entirely.
In your master.cf, you can use something along these
On 15.08.2017 14:13, Tom Browder wrote:
> For secure comm between my null client to my smtp server, do I need
> SASL if I use TLS for authentication also?
That's rather unspecific re what you are trying to accomplish and how
you have configured Postfix. http://www.postfix.org/TLS_README.html
On 18.08.2017 12:57, Tom Browder wrote:
> I can't find whether the postfix commands should be executed as root
> or the postfix user.
"The postfix commands" is ambiguous. While launching Postfix needs to
be done as root, other functions can be performed by other users. For
example,
On 15.09.2017 17:00, "George" wrote:
> I have a mail server running postfix that sends a lot of emails and
> gets back a lot of bounces. These bounces a filling up my server and
> causing additional load.
>
> Is there any way on a postfix level to reject/not accept any type of
> bounce that gets
On 14.09.2017 18:59, Msd wrote:
> I don't realy want to create a "normal user" whitelist or a "system
> user" blacklist because the list will probably change if I install a
> new software or I create a new user.
Well, that's the nature of things, given that you wrote you don't want
to accept
On 11.09.2017 11:21, Dominic Raferd wrote:
> Does anyone know a way to detect if the certificate currently being
> used by Postfix and/or Dovecot is nearing expiry (esp. in case they
> haven't picked up the updated letsencrypt certificate)?
See https://www.monitoring-plugins.org/ -- The plugins
On 28.08.17 15:06, Tom Browder wrote:
> I can put my main.cf, master.cf in a github gist if there is any
> interest. My mail logs are not interesting at all, at least to me,
> but I am happy to put one or more of them on github, too.
Please study http://www.postfix.org/DEBUG_README.html for
On 28.08.17 17:42, Rick van Rein wrote:
> I've been studying SPF, DKIM, DMARC and a bit of ARC. And I've been
> wondering if a list [including this one] could be more friendly by
> using Reply-To: to hold the message sender.
The Postfix mailing list is "friendly" already. It does not break DKIM
On 29.08.2017 09:21, Rick van Rein wrote:
> [...] DKIM, SPF and DMARC are of interest to any mail flow.
They sure are. If you browse through mailing list archives of years gone
by, you can find my own messages about list X or Y breaking DKIM, SPF or
both. Also, people have been passionate about
On 01.09.2017 15:48, Daniel Ryšlink wrote:
> I would like to know if there is a way to customize this reply in
> Postfix [...]
See 'smtpd_banner' and 'postscreen_greet_banner'.
-Ralph
On 30.08.2017 03:24, Richard Damon wrote:
> I suggest you then talk the the legislators in the jurisdictions that
> MANDATE that many mailing list have clearly visible {munged, see P.S.}
> instructions.
Electronic mailing lists with a global reach which folks like myself
have been using since
On 29.08.2017 13:42, @lbutlr wrote:
> There are very good reasons for footers on many lists, and DKIM should
> be smart enough to figure this out.
I disagree about "very good reasons for footers on many lists". Meta
information belongs into the message headers, not the body. DKIM-signed
messages
On 29.08.2017 15:43, Norton Allen wrote:
> The problem with sticking all the list meta-information in the headers
> is that most users have no idea how to access email headers or parse
> them for the salient information.
I see it as a MUA's task to present meta information in a palatable way,
On 31.08.2017 19:15, @lbutlr wrote:
> > Meta information belongs into the message headers, not the body.
>
> Not on a general list that is not used by computer nerds it does not.
I still firmly believe it does, because the body (content) is written by
list members while the header (meta) is
On 07.10.17 09:50, elearn2014 wrote:
> Why can't receive Mail Delivery Status in root Maildir?
I don't understand your question. What exactly seems to be your problem?
Also, please see http://www.postfix.org/DEBUG_README.html#mail
-Ralph
On 17.10.17 19:07, Gary wrote:
> https://cyber.dhs.gov/
> Binding Operational Directive 18-01 enforces some basic email
> security, notably with DMARC set to reject.
Interesting choice of words there.
DMARC [...] tells a recipient what the domain owner would like done
with the message.
On 09.11.2017 03:04, Michael B Allen wrote:
> From a spam perspective, it doesn't really matter if the message is
> protocol correct.
I don't know what you mean by "protocol correct" re trace information.
In any case, https://tools.ietf.org/html/rfc5321#section-4.4 states:
When an SMTP server
On 09.11.17 18:44, Michael B Allen wrote:
> Spam filters (and specifically appliances like Barracuda) are
> /exploiting/ that trace information to exclude messages.
Sure. I never mentioned this, thinking it is already clear.
> So why are you quoting RFCs? I will fake timestamps, change headers
On 08.11.17 23:45, Michael B Allen wrote:
> many folks are apparently removing this header entirely. That seems
> sloppy to me but if you think otherwise, please tell me about it.
'Received' headers are used for diagnostic purposes. If one chooses to
discard these headers for authenticated email
On 06.11.2017 10:26, wodel youchi wrote:
> We need to bloc some incoming emails from certain domains.
> How to write rules to bloc a domain with all its variant of tld?
Access tables can support regexp or pcre, if your Postfix has been
compiled that way. The postconf -m command will show you
On 20.10.2017 08:00, Poliman - Serwis wrote:
> I would like to create "do not reply" email account.
If by that you mean throwing away incoming email silently instead of
generating rejection errors, a polite way to do it is using recipient
restrictions.
smtpd_recipient_restrictions = ...
On 20.10.2017 14:43, /dev/rob0 wrote:
> On Fri, Oct 20, 2017 at 11:12:17AM +0200, Matus UHLAR - fantomas wrote:
>
> > I recommend using real, existent address and check its content once
> > upon a time. You don't want to get blocked (see points 2. and 4.)
>
> Absolutely. This is better than the
On 20.10.2017 17:37, Michael Orlitzky wrote:
> [...]
> tl;dr use a real address
The reply address is "real", just not monitored. The people I work with
who receive this type of message are smart enough to contact a human, so
I can in good conscience use nore...@somedomain.tld as a generic sender
On 26.10.17 23:29, cac...@quantum-equities.com wrote:
> it appears to me that Postfix has evolved organically (Read:
> disorganized) as have many legacy applications like Apache used to be.
> The documentation you refer to is there alright, but it's all about
> bit-twiddling, nothing about
On 25.12.2017 11:14, Black Sheep wrote:
> Is there a simple way to temporarily stop postfix delivering mail into
> the /var/vmail mail boxes [...]
The following method works (I'm not certain if reloading is even
required):
#!/bin/bash
# Temporarily disable local delivery
postconf -e
On 19.01.18 19:45, Grant Edwards wrote:
> Let's not worry about how the command-line MTA works. It has the same
> usage as /usr/bin/sendmail and it works. What I am asking for is an
> SMTP relay server that will relay incoming my by invoking it.
"Relaying" implies passing mail to another server
On 19.01.18 20:20, Viktor Dukhovni wrote:
> A pipe(8) transport is the more sensible approach.
Given the additional information posted by the OP in the meantime,
I agree.
-Ralph
On 12.02.2018 16:06, j.emerlik wrote:
> I would like have policy service that will be able to write do data
> base some information eg. when exactly message was sent, message ID,
> DSN if soemthing goes wrong. That means it should be working with
> Postfix queue.
That's not really a specific
On 12.02.2018 16:44, j.emerlik wrote:
> I would like have database and there information : Message ID, Sent
> Date (or last date of send trying), DSN, number of send attempts,
> Mail_From, RCPT_TO.
That type of information should be extracted from the Postfix logs,
as existing tools like
On 20.02.2018 10:35, Karol Augustin wrote:
> On 2018-02-19 23:13, @lbutlr wrote:
>
> > For example, most people have many email addresses, and rather than
> > try to manage many different servers, they will pick their "best"
> > server to send their email through.
>
> Any modern email client uses
On 20.02.2018 12:26, Karol Augustin wrote:
> Ok, so I think I misunderstood you.
I only just joined the conversation, quoting both you and @lbutlr, so I
hope I did not cause confusion.
> I agree that multiple identities are useful and should be used. I use
> them myself. I just don't agree that
On 01.04.2018 02:39, David Mehler wrote:
> If anyone has autoconfiguration going with their email domain please
> email me privately.
Please see http://geoserver.org/comm/userlist-guidelines.html section
"Start discussions on the mailing list, keep it on the mailing list".
That's not a GeoServer
On 02.04.2018 19:55, John Allen wrote:
> what is the attraction of docker? What does it do that I might need?
You might need it because a Docker container is the recommended method
to deploy Discourse, which I am doing right now... SCNR. ;-)
-Ralph
On 03.04.2018 02:37, John Stoffel wrote:
> But... isn't discourse running in it's own container, so you'd be
> spinning up postfix it another container...
John Allen asked "what is the attraction of docker", and I was just
mucking about with a new Discourse installation, so I mentioned this as
On 25.10.18 00:44, @lbutlr wrote:
> TLSv1.2 has been out for a decade and there is no reason to be running
> v1 or v1.1. At all.
Please don't try to spread your personal misjudgement as gospel,
there's a good chap.
-Ralph
On 25.10.18 17:23, Viktor Dukhovni wrote:
> I think there's probably a more appropriate way to disagree.
Possibly, but *I* think that I've about had it with people stating their
personal beliefs as facts, especially when my own experience shows that
things are quite different where I am
On 25.10.18 18:55, Viktor Dukhovni wrote:
> Best to let it go, and just comment that the conclusions or advice are
> not universally applicable.
I could, and usually do, but in this instance I deliberately chose not
to. Best to let it go. ;-)
-Ralph
Richard James Salts writes:
> This is still leading to the postfix mailing list failing DKIM once
> it's added a Sender header for owner-postfix-us...@postfix.org. Should
> I stop oversigning the Sender header?
Signing the following headers works for me and does not break DKIM:
Autocrypt, From,
On 19.10.18 05:39, Stefan Bauer wrote:
> Is it best practice to use amavis in between postfix and
> clamd/spamasassin?
It is certainly a well proven approach to use amavis as the glue that
binds Postfix, Spam- and Virus-Checkers together. Even DKIM-signing and
-verification are supported. I like
On 02.10.18 21:17, Stefan Bauer wrote:
> Is this a good idea to check if envelope from and from matches and if
> so, howto do it in postfix?
Seriously? A "howto" has been posted on this very mailing list a few
hours ago. Mailing list archives are so useful...
-Ralph
On 02.10.2018 12:48, Johannes Bauer wrote:
> Once authenticated with m...@foo.com, the envelope sender ("MAIL
> FROM") is restricted to only the permissible variants. [...]
>
> How can I ensure in the future that the same checks are applied to the
> Header "From" field that are also applied to
On 11.10.18 11:01, Ignacio Garcia wrote:
> Sorry I could not read that message posted by Viktor. Probably I was
> not subscribed yet.
The Postfix mailing list archives (http://www.postfix.org/lists.html)
are a treasure trove of information.
-Ralph
On 01.10.18 12:48, jcdole wrote:
> So how to reject mail with bad sender addresses that postfix accept.
A PCRE-based access restriction "/[@!%].*[@!%]/ REJECT" should do it
(untested).
-Ralph
* Matt Zagrabelny:
> Where is the ".localdomain" coming from?
It might be read from a file, or it might be set at compile time? The
person packaging Postfix for Debian should know. In any case, the Wiki
article https://wiki.debian.org/Postfix states that you should set the
'myhostname' and
* lists:
> I'm trying to understand why this is happening and how to prevent
> it. I have a relay where if an email is sent to it with just a name in
> the Header From, then the server's hostname is added to the end of it.
See http://www.postfix.org/postconf.5.html#append_at_myorigin
-Ralph
* Bill Cole:
> One solution would be to not break DKIM signatures. However, this is
> harder than it seems.
Not modifying messages' bodies or any signed headers seems to do the
trick. :-) With that in mind, I have recently filed an issue for Mailman
3, asking for configuration mechanics to
1 - 100 of 273 matches
Mail list logo
