James R. Marcus put forth on 7/1/2010 4:40 PM:
> Slightly off topic, but a user has observed that any email sent in plain text
> is bounced, any mail sent as HTML gets sent.
>
> Has anyone encountered such an issue? My environment hasn't really changed
> in months and I'm confused.
Roll Twilig
Asai put forth on 7/2/2010 3:41 PM:
> Greetings,
>
> For some reason, which I don't know how to figure out, our emails to
> this one specific email domain are being refused. Can anyone point me
> in the right direction? Here's an example of the log:
>
> Jul 2 09:33:10 triata amavis[1162]: (011
Sahil Tandon put forth on 7/2/2010 4:13 PM:
> On Fri, 2010-07-02 at 13:41:06 -0700, Asai wrote:
>
>> For some reason, which I don't know how to figure out, our emails to
>> this one specific email domain are being refused. Can anyone point
>> me in the right direction? Here's an example of the l
Morten P.D. Stevens put forth on 7/3/2010 2:40 PM:
> Hi,
>
> Does anyone know backported Postfix 2.6.x or 2.7.x RPM packages for RHEL5?
This binary rpm is for x86-64 only:
http://ftp.wl0.org/official/2.7/RPMS-rhel5-x86_64/postfix-2.7.1-1.rhel5.x86_64.rpm
You'll have to google more than I did to
junkyardma...@verizon.net put forth on 7/4/2010 9:53 PM:
> What is stupid is to be so opposed to anti spam tools that have no
> significant downside.
The problem is it has no significant upside either, which is why most sites
don't use it as an anti spam measure. Since spammers can simply create
Isaac Witmer put forth on 7/6/2010 9:27 AM:
> I'm doing a custom install, and one of the packages in the install is postfix.
> Each time, it prompts me to select "no configuration" "Local use" etc.
> just after the package has been downloaded and right before it has
> been installed. (similar to th
Jerry put forth on 7/7/2010 8:09 AM:
> Why are you setting configuration parameters to their default setting?
> It doesn't serve any purpose that I am aware of.
I've seen this quite a bit. It leads me to believe there are some Linux
distros that ship with this stuff in main.cf by default. IIRC
Ville Walveranta put forth on 7/8/2010 9:14 PM:
> sender_dependent_relayhost_maps works except that the other settings
> affecting the relay aren't conditionalized by the defined relayhost
> maps. In this case the relayhost for the externally relayed
> "business" domains requires TLS and authentic
Kammen van, Marco, Springer SBM NL put forth on 7/9/2010 6:00 AM:
> Not sure if its related to your issue.
> But there is a big spam/virus attack going on, where messages look like
> NDR's but they aren't.
> Various big anti spam vendors are having serious issues stopping this.
Some of my trap ad
Maybe putting them side-by-side will help.
Docs:
make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
You:
make makefiles CCARGS='-DDEF_COMMAND_DIR=\"/usr/local/sbin\"
> Let's see what I did wrong :
You spotted the leading squote but you missed the trailing squote.
--
Stan
Johan Vromans put forth on 7/13/2010 2:36 AM:
> The problem: although I have configured
>
> mydomain = squirrel.nl
> myorigin = squirrel.nl
>
> postfix stil uses the real, local hostname in the SMTP envelope:
What do you want the SMTP host name to be? squirrel.nl ? johan.squirrel.nl ?
/e
Joern Bredereck put forth on 7/14/2010 3:06 AM:
> Hi,
>
> how can I tell why the following mail has been rejected:
>
> Jul 14 08:48:58 zarafa-xen postfix/smtpd[26113]: NOQUEUE: reject: RCPT
> from ns.gbc.net[212.97.96.201]: 554 5.7.1 :
> Client host rejected: Access denied; from=
> to= proto=ESMT
Joern Bredereck put forth on 7/14/2010 3:50 AM:
>
> Am 14.07.10 10:45, schrieb Stan Hoeppner:
>
>> Do you have more than one access table/type? I have 7 access tables,
>> including hash, CIDR, regexp, and PCRE. I add comments to my regexp and PCRE
>> tables to make m
Ram put forth on 7/15/2010 1:29 AM:
> Now this is the problem of all invites, especially those invites that
> scrape my addressbook and invite everyone.
>
> Should not all invites carry some header or any other identification ,
> that list management software can automatically detect and /dev/nul
Steve put forth on 7/15/2010 4:16 PM:
> * if you feed wrong data to the Anti-Spam filter then the filter will make
> errors.
Content (header/body) filters have always been error prone and always will be.
The key to success is if the error rate is acceptable. For users to train
them, they have
Jack Raats put forth on 7/19/2010 1:39 AM:
> I'm using postgrey quite a long time but I think there are more efficient
> ways to block spam.
Totally agree.
> Running pflogsumm on maillog gives the following numbers
>
> Totally blocked 85
> Blocking countries (using client host name and helo): 7
Wietse Venema put forth on 7/21/2010 2:22 PM:
> Ram:
>> One server of ours just accepts the mails from clients and then relays
>> the mails to other servers.
>> Since there is almost no mail queued on the server , I think it is will
>> be good to mount /var/spool/postfix on a tmpfs partition.
>
Charles Marcus put forth on 7/21/2010 7:46 AM:
> Jonathan Tripathy wrote:
>>> Port 25 outgoing will be blocked by most ISPs
>
>> This may be the case in your country, but from where I'm from, I've
>> never had a problem sending out on port 25, even on home residental
>> ISPs :)
>
> Any ISP that d
Daniel V. Reinhardt put forth on 7/21/2010 2:06 PM:
> Your average joe doesn't need to be running servers, and if you want business
> class services and abilities then pay for it.
Class warfare and/or financial means arguments are invalid in this discussion.
> Bandwidth costs money. You can'
Patrick Ben Koetter put forth on 7/22/2010 2:11 AM:
> * Stan Hoeppner :
>> Wietse Venema put forth on 7/21/2010 2:22 PM:
>>> Ram:
>>>> One server of ours just accepts the mails from clients and then relays
>>>> the mails to other servers.
>>>&
Jesus Cea put forth on 7/23/2010 2:33 PM:
> The email filesize is around 300Kbytes. The mailing list rejects it.
>
> Should I send it to your personal email?. Send a ZIP file?
Put it on your httpd server, or upload it to pastebin.com, and publish the
appropriate link.
--
Stan
Jonathan Amiez put forth on 7/27/2010 8:26 AM:
> Le mardi 27 juillet 2010 15:15:24, Fons van der Beek a écrit :
>> domain.com smpt:sbsserver:25
>> Anyone an idea what is wrong
> Double-check your config, you wrote "smpt" instead of "smtp
Fons van der Beek put forth on 7/27/2010 10:53 AM:
> sorry...
> i just didn't see it.
> very stupid, but also gratefull
Don't sweat it. Laugh about it instead. Exercise a little self deprecating
humor. Whenever this kind of thing happens, _always_ say something like:
"That'll t
Mark Scholten put forth on 7/31/2010 11:00 AM:
> Any ideas if there are ready to use scripts for this part?
If you give us your exact requirement, instead of the vague "I want to get
certain information", one of us might be able to hack up a simple shell
script, or even a single bash line, to do
Mark Scholten put forth on 7/31/2010 6:53 PM:
> I want the following information (per day or per hour, it should be possible
> to exclude email addresses or to only get information for certain email
> addresses):
/usr/sbin/pflogsumm.pl --smtpd_stats /var/log/mail.log /var/log/mail.log.1
Grand To
Mark Scholten put forth on 8/1/2010 5:46 AM:
> Getting it in a single number is important for me, however looking at the
> http://logreporters.sourceforge.net/ link you did give I see that all but
> one thing is given the way I want it. This last option isn't given the way I
> like it, but that ca
Julio Cesar Covolato put forth on 8/7/2010 12:37 AM:
> Is there anyone using postfix in cloud, like Amazon ec2?
Dunno about Postfix specifically, but there are/were many spammers operating
out of the Amazon cloud as well as the Rackspace cloud. Even if they are
clean now, their reputation is sti
Jonathan Tripathy put forth on 8/7/2010 8:09 AM:
> Of course, VPS ISPs should always do checks to make sure
> that a person signing up is who they say they are -
Herein lies the problem. The low cost business model of cloud/VPS precludes
providers from doing any kind of meaningful customer vett
Mark Scholten put forth on 8/7/2010 8:19 AM:
> As long as it is with a reputable provider there should be no problem to use
> them for SMTP mail.
I estimate 90%+ of all the VPS providers are in the "disreputable" category
WRT SMTP spam, most due to negligence, not evil. There are are a few dozen
Charles Marcus put forth on 8/7/2010 11:54 AM:
> On 8/7/2010 11:32 AM, Mihira Fernando wrote:
>> This looks very interesting. I assume that SASL backend is also using
>> cyrus ?
>> Can I suggest/request you add options for Dovecot IMAP and SASL backend
>> as well ?
>
> +10
+100
Postfix/Dovecot i
Jonathan Tripathy put forth on 8/7/2010 4:03 PM:
> I guess my question is a little more general than this topic: do
> providers ever block *who* mail is sent to?
You probably need to be much more specific, detailed, with this question.
--
Stan
Jonathan Tripathy put forth on 8/7/2010 7:32 PM:
>
> On 08/08/10 01:33, Stan Hoeppner wrote:
>> Jonathan Tripathy put forth on 8/7/2010 4:03 PM:
>>
>>
>>> I guess my question is a little more general than this topic: do
>>> providers ever block *who*
ABPNI put forth on 8/8/2010 1:54 AM:
>
>
> On 8 Aug 2010, at 03:22, Stan Hoeppner wrote:
>
>> Jonathan Tripathy put forth on 8/7/2010 7:32 PM:
>>>
>>> On 08/08/10 01:33, Stan Hoeppner wrote:
>>>> Jonathan Tripathy put forth on 8/7/2010 4:03 PM:
Nicolas Michel put forth on 8/9/2010 9:29 AM:
> For example : a host with IP WWW.XXX.YYY.ZZZ try so send a mail to my
> domain (we'll call it mydomain.be) and claims that the sender is
> u...@otherdomain.com
Example of forging, typical of spammers:
Return-Path:
X-Original-To:
Delivered
michael.lar...@wellsfargo.com put forth on 8/9/2010 12:47 PM:
> I have a very simple postfix relay set up with client.access, sender.access
> and recipient.access rules. I need to set it up such that it will relay *all
> addresses* from a specific host, but keep the default rejection for all othe
Patrick Ben Koetter put forth on 8/10/2010 6:37 AM:
> * Bjorn Mork :
>> i have tried to answer your queris, (Please correct, if I am wrong in
>> understanding your question...)
>>
>> We do have multiple IBM Blade server with 2.4 Xeon + 16GB + NAS over iSCSI
>> protocol..
>>
>> How many blades w
Michael Orlitzky put forth on 8/10/2010 4:02 PM:
> I think he just wants to know which smtpd restrictions list contains the
> rule that caused the rejection.
This is relatively easy to accomplish with custom rejection messages. Simply
insert a unique symbol at the beginning of each rejection mes
Ralf Hildebrandt put forth on 8/11/2010 2:35 AM:
> * Stan Hoeppner :
>> Michael Orlitzky put forth on 8/10/2010 4:02 PM:
>>
>>> I think he just wants to know which smtpd restrictions list contains the
>>> rule that caused the rejection.
>>
>> This
Stan Hoeppner put forth on 8/11/2010 3:31 AM:
> I was just looking at a Logwatch summary. The data the OP is requesting _is_
> in the Postfix logs somewhere, as Logwatch is tallying the disconnection
> phases:
>
>81 Connections lost (inbound)
>61 Afte
Noel Jones put forth on 8/11/2010 6:20 AM:
> This is logged when the client disconnected in the middle of the
> transaction -- postfix lost the connection -- NOT a reject.
>
> You won't find reject log entries for the lost connections after EHLO or
> CONNECT, although the ones for RCPT and DATA *
Alex put forth on 8/14/2010 7:34 PM:
> I'm running an older version of postfix and a 2.6.35 Linux kernel, and
> recently started seeing these messages:
>
> Aug 14 19:52:01 smtp01 postfix/postsuper[2634]: fatal: setuid(103):
> Resource temporarily unavailable
>
> How can I troubleshoot this?
Doe
Jack Knowlton put forth on 8/15/2010 4:53 PM:
> Is it possible to store a CIDR access table on a mysql database?
I'm pretty sure the answer is, NO.
The solution to your problem is sticking the Postfix access table files you
want shared across your MX farm on an NFS/CIFS server and mounting the s
Ram put forth on 8/16/2010 8:19 AM:
> But Enterprise quality SSD's are so expensive. I can get an additional
> server and still save money.
I call BS:
http://www.newegg.com/Product/Product.aspx?Item=N82E16820167023
$214 USD is _not_ expensive at all, and only a fraction of the cost of a
server
Noel Jones put forth on 8/16/2010 10:03 AM:
> On 8/16/2010 9:36 AM, Stan Hoeppner wrote:
>> Ram put forth on 8/16/2010 8:19 AM:
>>
>>> But Enterprise quality SSD's are so expensive. I can get an additional
>>> server and still save money.
>>
>&
Noel Jones put forth on 8/16/2010 4:46 PM:
> Move reject_unauth_destination to below your white/black lists.
Thanks for the quick advice for Michael, Noel.
I should have thought of this, however I didn't realize until asking Michael
to bring this thread back on list that he was dealing with all
Wietse Venema put forth on 8/16/2010 2:36 PM:
> Stan Hoeppner:
>> Google uses less than 1/10th of 1% "Enterprise grade" hardware, using the
>> typical definition of "Enterprise grade", in their operations. And Google is
>> the undisputed single largest op
Stan Hoeppner put forth on 8/16/2010 6:56 PM:
> Wietse Venema put forth on 8/16/2010 2:36 PM:
>> Stan Hoeppner:
>>> Google uses less than 1/10th of 1% "Enterprise grade" hardware, using the
>>> typical definition of "Enterprise grade", in their ope
Wietse Venema put forth on 8/17/2010 6:11 AM:
> Stan Hoeppner:
>> Wietse Venema put forth on 8/16/2010 2:36 PM:
>>> Stan Hoeppner:
>>>> Google uses less than 1/10th of 1% "Enterprise grade" hardware, using the
>>>> typical definition of "Ent
Robert Fournerat put forth on 8/19/2010 4:46 PM:
> Quoting Noel Jones :
>
>> Same here. reject_unknown_client_hostname is too strict, but
>> reject_unknown_reverse_client_hostname rejects lots of obvious spambots
>> without resorting to an RBL lookup. The false-positive rate is close
>> enough t
Erwan David put forth on 8/20/2010 4:23 AM:
> On Fri, Aug 20, 2010 at 10:39:48AM CEST, Stan Hoeppner
> said:
>> Robert Fournerat put forth on 8/19/2010 4:46 PM:
>>> Quoting Noel Jones :
>>>
>>>> Same here. reject_u
Klaus Engelmann put forth on 8/20/2010 11:25 AM:
> Hi list,
>
> I searched the forum looking for some ideas about the following error
> that is growing increasingly in my POSTFIX deployment:
>
> Aug 20 08:41:40 prometeu postfix/smtpd[16568]: lost connection after
> EHLO from mail2.netpoint.com.br
Klaus Engelmann put forth on 8/20/2010 2:32 PM:
> Stan, thanks for your answer.
>
> Searching heavily the list I found that this problem was related to
> firewall issues, specially when the firewall does a sort of SMTP
> (layer 7) validation or check.
>
> I disabled some features on my H3C firewa
Magnus Bäck put forth on 8/22/2010 10:04 AM:
> On Sunday, August 22, 2010 at 16:01 CEST,
> p...@alt-ctrl-del.org wrote:
>
>> So I have,
>> smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,
>> check_helo_access regexp:/etc/postfix/heloaccess.cf
>>
>> If I put the following into heloacce
Wietse Venema put forth on 8/22/2010 11:13 AM:
> Stan Hoeppner:
>> That's not necessarily true. It depends on the order of his
>> smtpd_*_restrictions and whether he's using delayed evaluation. If he's
>> using the multiple section restrictions style with
Stan Hoeppner put forth on 8/22/2010 7:34 PM:
> So if we reverse the scenario and put the "REJECT" first, it's a final
> decision? If so, and if I've described the situation correctly, why do
> we have this opposite behavior between whitelisting and blacklisting?
Wietse Venema put forth on 8/23/2010 10:11 AM:
> Noel Jones:
> (Might be time to revisit DNS whitelists in
>> postfix.)
>
> Maybe someone can draft a strawman user interface:
>
> - what is the configuration syntax
>
> - what does that syntax mean
>
> - how to make it safe ( we don't want "ope
Noel Jones put forth on 8/24/2010 2:18 PM:
> - This is specific for dnswl.org. Postfix needs a general mechanism.
> Other whitelists are not required to follow dnswl.org's 127.0.x.y
> mechanism.
Yeah, I used this example as dnswl is, afaik, the most "established" of
the dns whitelists. I haven
Wietse Venema put forth on 8/24/2010 2:37 PM:
> With reject_rbl_client etc. Postfix can use different DNSXLs names
> in different access lists, and filter the result. For example, to
> select responses from some.example.com with value 127.0.0.4:
>
> smtpd_mumble_restrictions =
> ...
> r
Steve Linford put forth on 8/25/2010 8:27 AM:
> Just to add to the mix if Postfix is working on whitelist implementation...
> Spamhaus has assigned 127.0.2.0/24 for whitelist return codes. The new
> Spamhaus Whitelist ("SWL") due out very shortly will return 127.0.2.2 and
> 127.0.2.3 and Spamha
Would anyone happen to have an example guide showing the proper
master.cf and main.cf parameters for setting up daemonized spamassassin
to run super selectively via FILTER?
I've reached the point that I'm killing about 98% of my spam load but
I'm tired of the few phish/419 that make it into my inb
Noel Jones put forth on 8/25/2010 4:24 PM:
> FILTER is a poor choice for per-recipient filtering. FILTER is a
> per-message action, with only one FILTER action per message (if there
> are multiple FILTER actions triggered, only the last will be used). If
> there are multiple recipients for a mes
Wietse Venema put forth on 8/25/2010 4:27 PM:
> Noel Jones:
>> As I see it, there are two complementary paths we can take
>> with DNS whitelists, each with a slightly different purpose.
>> While these are both useful, neither depends on the other, so
>> postfix can implement either or both.
>
>
Noel Jones put forth on 8/25/2010 10:11 PM:
> In that case, don't use an access table with FILTER; use content_filter
> or smtpd_proxy_filter to filter all mail.
>
> (For wildcard access tables, use a regexp table. But for this
> application, use content_filter.)
Let me try to make this really
Noel Jones put forth on 8/27/2010 8:58 AM:
> Yes, this was rejected by reject_unknown_client_hostname.
>
> Yes, it appears the client's DNS is working correctly /now/.
>
> The mail was deferred with a 450 code. This implies that there was a
> temporary DNS error of some type. Just because dig
pf at alt-ctrl-del.org put forth on 8/27/2010 1:23 PM:
> Is there any known policy server or add-on, that will change the
> tempfail action after a couple of hours, for things like
> reject_unknown_client_hostname and reject_unknown_client_hostname?
>
> Sending a reject has problems. I don't want
Noel Jones put forth on 8/27/2010 2:28 PM:
> You'll need to show evidence of that claim. Hotmail passes
> reject_unknown_client_hostname here consistently. In fact I have a
> check_sender_access map that specifically does
> reject_unknown_client_hostname on any @hotmail sender address.
Unfortun
Is there a straightforward (i.e. relatively painless) way to check the
header from, reply-to, and message-id domains against dbl.spamhaus.org
and reject on a positive reply as with reject_r*bl_client?
Without having to write a content filter to be called in action
filter:nexthop in header_checks.p
Wietse Venema put forth on 8/30/2010 1:29 PM:
> Victor Duchovni:
>> On Mon, Aug 30, 2010 at 01:06:28PM -0500, Stan Hoeppner wrote:
>>
>>> Is there a straightforward (i.e. relatively painless) way to check the
>>> header from, reply-to, and message-id domains agains
Patrick Lists put forth on 8/30/2010 4:34 PM:
> Hi,
>
> I got a lot of spam lately from dynamic hosts so gradually I have been
> adding rules to block them with the help of the rules from
> http://gabacho.reto.jp/en/anti-spam/anti-spam-system.html
>
> Unfortunately this type keeps slipping throug
Patrick Lists put forth on 8/30/2010 6:00 PM:
> On 08/31/2010 12:40 AM, Stan Hoeppner wrote:
> [snip]
>>
>> /^[12]?[0-9]{1,2}(-[12]?[0-9]{1,2}){3}\.(customer|dsl|dial-up)\.telesp\.net\.br$/
>>
>> REJECTGeneric - Please relay via ISP (telesp.net.br)
>>
&
Charles Marcus put forth on 8/31/2010 6:48 AM:
> On 2010-08-30 6:40 PM, Stan Hoeppner wrote:
>> REJECT Generic - Please relay via ISP (telesp.net.br)
>
> Thanks for this Stan, but just to confirm, was that supposed to be a TAB
> between REJECT and Generic?
It doesn
Charles Marcus put forth on 8/31/2010 11:44 AM:
> What the following looked like to me:
>
> REJECTGeneric - Please relay via ISP (telesp.net.br)
>
> was that *everything* rejected by this regex would get the same reject
> message:
>
> Please relay via ISP (telesp.net.br)
>
> Apparently
mouss put forth on 9/1/2010 6:10 PM:
>> Over 1600 regex patterns matching generic dynamics and statics. Rejects
>> all generic dynamics, tags generic statics. Provided with no
>> warranties, use at your own risk, etc. Has worked well here.
>>
>> http://www.hardwarefreak.com/fqrdns.regexp
>>
>>
Noel Jones put forth on 9/2/2010 10:41 AM:
> On 9/2/2010 10:14 AM, Stan Hoeppner wrote:
>> mouss put forth on 9/1/2010 6:10 PM:
>>
>>>> Over 1600 regex patterns matching generic dynamics and statics.
>>>> Rejects
>>>> all generic dynamics, tags
Steffan A. Cline put forth on 9/2/2010 10:59 AM:
> I can't imagine needing to change them. They are AWESOME!
>
> They work great just as they are. Kills off 80% of the spam at the least.
>
> Thank you, Stan the ma
Given your MX and general system load Steffan, if you edit those three
lines and f
Noel Jones put forth on 9/2/2010 5:37 PM:
> And yes, it is common and acceptable practice to put all restrictions
> under smtpd_recipient_restrictions.
Not only common, but as I discovered the hard way, it's very difficult,
nearly impossible, to manage some white listing scenarios if you don't
pu
After replacing pflogsumm with logwatch, I've noticed in each summary a
"resent" stat I wasn't noticing before. What is the significance of
"resent-message-id"? Log snippet:
Sep 3 11:24:38 greer postfix/smtpd[28881]: 07D976C317:
client=liszt.debian.org[82.195.75.100]
Sep 3 11:24:38 greer postf
Considering that spam accounts for the bulk of all client connections to
an MX these days, it might be beneficial if we had log data showing
total time per session, not just for queued mail, so an OP can see how
long it's taking to reject at the smtpd stage, as well as time elapsed
when rejecting m
Victor Duchovni put forth on 9/4/2010 7:33 AM:
> What do you mean by "filters"?
Spam filters in the form of table lookups and dnsbl queries. I'm
currently processing
12,581 CIDRs
1,568 regular expressions (PCRE)
5 dnsbl lookups
per each inbound connection (assuming no hits). Obvious
pf at alt-ctrl-del.org put forth on 9/7/2010 11:02 PM:
> Am I missing something obvious?
>
> With many ISPs providing generic PTR,
> reject_unknown_reverse_client_hostname is too gentle.
>
> I'd really like to implement reject_unknown_client_hostname, but I've
> seen too many cases where address-
Diego Lima put forth on 9/8/2010 2:46 PM:
> I considered creating a
> shellscript that checks the directory for new files and then sends
> them using sendmail -t, but that isn't really good performance-wise.
Performance-wise? How many emails are you sending per minute? Unless
you have others pr
Diego Lima put forth on 9/8/2010 3:33 PM:
> Hi Stan,
>
> This is actually a server for a mail marketing company, so I can
> expect several thousands of messages per minute being sent from the
> system. That's why I was wondering if there was any way to get postfix
> to pick up the messages automat
Nick Edwards put forth on 9/10/2010 2:32 AM:
> Before the fans cry foul of why not Dovecot. we have followed the list
> thread of what may be a problem with Dovecot its author has identified but
> decided is a "tuff luck" case, he indicates serious corruption risks with
> index and caches using mu
post...@corwyn.net put forth on 9/10/2010 10:28 AM:
>
>
> Hi!
>
> what I'd like to do is block all emails from individual contries based
> on sender email address (.au, .jp, etc)
>
> In reading the docs, it looks like I can block particular domains with
> check_client_access and check_sender_a
Is there a way to have locally submitted mail (my_networks) bypass
header_checks when using a single master.cf smtpd instance?
Since implementing Sahil's fine checkdbl.pl tcp server in header_checks,
I've noticed a 1-3 second delay when submitting from my workstation MUA.
Prior to this submission
mouss put forth on 9/10/2010 5:54 PM:
> for header_checks, the option is no_header_body_checks:
> http://www.postfix.org/postconf.5.html#receive_override_options
Got it, I think.
> for smtpd restrictions:
> -o smtpd_foo_restrictions=blahblah
>
> if you want per smtpd header checks,
No. I
Sahil Tandon put forth on 9/11/2010 1:15 AM:
> Stan Hoeppner wrote:
>> Sep 10 22:30:14 greer postfix/smtpd[12354]: before input_transp_cleanup:
>> cleanup flags = enable_header_body_filter enable_automatic_bcc
>> enable_address_mapping enable_milters
>> Sep 10 22:30:1
Ralph Seichter put forth on 9/11/2010 4:12 AM:
> There were no recommendations so far, and I wonder if that means I do
> have to write a before-queue content filter myself? Has nobody else yet
> tried to remove headers from submitted e-mail before DKIM signatures are
> added?
First hit on Google:
mouss put forth on 9/12/2010 3:46 AM:
> === header_checks_submission.pcre:
> /^Received:\s*from\s+\S+\s+\(\S+\s+\[192\.168\.1\.\d+\]\)\s+by\s+your\.server\.example\s+\(Postfix\)/
>
> IGNORE
Isn't this a bit heavy mouss? All he really needs to match is the
RFC1918 address, yes? Something li
Stan Hoeppner put forth on 9/12/2010 5:08 AM:
> mouss put forth on 9/12/2010 3:46 AM:
>
>> === header_checks_submission.pcre:
>> /^Received:\s*from\s+\S+\s+\(\S+\s+\[192\.168\.1\.\d+\]\)\s+by\s+your\.server\.example\s+\(Postfix\)/
>>
>> IGNORE
>
> Isn'
Ralph Seichter put forth on 9/12/2010 6:44 AM:
> On 12.09.10 12:37, Stan Hoeppner wrote:
>
>> Ralph, do you restrict submission to only certain public subnets or
>> do you allow your users/customers to submit from any network?
>
> Submission is allowed for SASL-auth
Sahil Tandon put forth on 9/13/2010 8:31 PM:
> On Mon, 2010-09-13 at 19:20:05 -0400, Matt Hayes wrote:
>> I've not had to use anything involving a DNSBL and a password before
>> so just curious what I'm missing.
>
> That is probably because you do not pay for a DNSBL datafeed. :) In such
> cases,
Jeroen Geilman put forth on 9/14/2010 5:56 PM:
> On 09/14/2010 04:42 PM, Christian Rößner wrote:
>> Sep 11 10:34:36 mx0 postfix/lmtp[29594]: 40FC3520A6:
>> to=, relay=127.0.0.1[127.0.0.1]:24,
>> delay=0.39, delays=0.19/0.06/0.01/0.13, dsn=5.1.1, status=bounced
>> (host 127.0.0.1[127.0.0.1]
>
> Who
Vernon A. Fort put forth on 9/16/2010 6:16 PM:
> I've read but its not clear (to me) if one can (or should) use rhsbl
> sites in postscreen. Well, actually, i did configure but then removed.
http://www.postfix.org/postconf.5.html#postscreen_dnsbl_sites
postscreen_dnsbl_sites (default: empty)
Op
Jos Chrispijn put forth on 9/19/2010 11:11 AM:
> I have this email client that takes care of distrubition of email to
> different mail folders.
> As I now started to read my email with a mobile phone, there is a load
> of messages that aren't sorted, as my 'home client' hasn't taken care of
> that
bper put forth on 9/20/2010 3:29 PM:
>
> Hello,
>
> I have set up a postfix-dovecot server with smtp-auth using sasl by
> following this link:
> https://help.ubuntu.com/10.04/serverguide/C/postfix.html
>
> It seems to be working OK. The only thing is that when I view my logs, I see
> a lot of 'r
Yang Zhang put forth on 9/20/2010 3:46 PM:
> On Mon, Sep 20, 2010 at 12:33 PM, Wietse Venema wrote:
>> Yang Zhang:
>>> Can you pinpoint the exact RFC & section you're referring to? Thanks.
>>
>> I will give you as home work to study the following documents:
>>
>> RFC 821
>> RFC 2821
>> RFC 5321
>>
Victor Duchovni put forth on 9/20/2010 6:01 PM:
> On Tue, Sep 21, 2010 at 12:56:14AM +0200, Jeroen Geilman wrote:
>
>>> Yes, when traffic to the destination is light (message deliveries
>>> are spaced multiple seconds or more apart) or is very heavy (message
>>> deliveries are many in each interva
Wietse Venema put forth on 9/21/2010 10:12 AM:
> Michael Weissenbacher:
>> Hi Wietse!
>>
>>> Michael Weissenbacher:
Sep 21 15:04:58 smtp1 postfix/smtpd[14679]: warning: unknown smtpd
restriction: "med"
>>>
>>> That is also a configuration error.
>>>
>> This error was really HARD to track.
bper put forth on 9/21/2010 2:26 PM:
> Point taken. I have, and still am, investigating AV scanning. What are your
> thoughts on the best solution/fit with postfix?
Someone else will need to answer. I don't do A/V scanning in Postfix.
I simply reject any emails, using mime_header_checks, that co
201 - 300 of 1297 matches
Mail list logo