On Thu, Dec 20, 2012 at 01:57:43PM +0100, Ignacio Vazquez wrote:
> I have a mailhost with most of the domain users delivered locally and
> some users (same domain) residing in other machines.
Instead of resolving an unmodified rfc822 address to a different
transport:nexthop, rewrite the rfc822 ad
On Thu, Dec 20, 2012 at 08:40:42AM -0500, Robert Moskowitz wrote:
> That is the only place in the documentation where I have found
> openssl command examples. Are there other place(s) that I have
> missed?
What would you like to see in the documentation? Instructions for
creating a self-signed s
On Thu, Dec 20, 2012 at 02:15:35PM +, Viktor Dukhovni wrote:
> People who want a more compact recipe for a self-signed cert on
> a single SMTP server can use my "one-liner" (for machines whose
> hostname is an FQDN):
>
> $ tmp=$(mktemp smtpd.pem.XX) &a
On Thu, Dec 20, 2012 at 10:02:19AM -0500, Wietse Venema wrote:
> Viktor Dukhovni:
> > > People who want a more compact recipe for a self-signed cert on
> > > a single SMTP server can use my "one-liner" (for machines whose
> > > hostname is an FQDN):
&g
On Thu, Dec 20, 2012 at 04:05:26PM +0100, Ignacio Vazquez wrote:
> 2012/12/20 Viktor Dukhovni :
>
> > Instead of resolving an unmodified rfc822 address to a different
> > transport:nexthop, rewrite the rfc822 address (via virtual_alias_maps)
> > to a domain which is route
On Thu, Dec 20, 2012 at 12:25:03PM -0500, Simon Brereton wrote:
> >> I did postmap the virtual_alias_maps. Is there something else I should I
> >> do?
> >
> > No, but you've likely misconfigured other elements of the system.
>
> I think this is ok. Output is:
> mail:/etc/postfix# postconf -h vi
On Thu, Dec 20, 2012 at 01:39:07PM -0500, Simon Brereton wrote:
> >> > To check that the result of the expansion of the user via
> >> > $virtual_alias_maps.
> >>
> >> Here I ran into problems.
> >> mail:/etc/postfix# postmap -fq newu...@example.org $maps
> >> postmap: fatal: usage
On Thu, Dec 20, 2012 at 10:58:01PM +0530, Sreenivas Reddy T wrote:
> I have set up the postfix server for catch-all email address.
> Whenever an email arrives, my script (Command Based Filter) will do headers
> parsing and store it in the database, But whenever some error occurs in
> the s
On Thu, Dec 20, 2012 at 08:52:05PM +, Jim Nalepa - US wrote:
> Would like to know if there is a way of modifying the ACTION in body_checks
>
> Currently have in main.cf
> body_checks = regexp:/etc/postfix/body_checks
Postfix does not support the BCC action via header_checks/body_
On Fri, Dec 21, 2012 at 02:55:39PM +0100, Ignacio Vazquez wrote:
> Just for the record I found a workaround that makes not mandatory
> specifying the remote users. It's a kind of a mixture local/virtual:
> transport_maps = hash:/etc/postfix/transport
> local_recipient_maps = $transport_maps, $vir
On Fri, Dec 21, 2012 at 04:12:11PM +, Sam Jones wrote:
> I've checked I have PCRE available, and that they work. I've set up
> everything as per http://www.postfix.org/VERP_README.html.
See: http://www.postfix.org/VERP_README.html#config
You likely forgot to set:
smtpd_authorized_ve
On Fri, Dec 21, 2012 at 08:07:00PM +0200, Hleb Valoshka wrote:
> I want to change addresses like login@host.domain to Name.Surname@domain.
>
> It looks like job for sender_canonical_maps + masquerading, but it
> doesn't work like I want because masquerading is applied _after_
> canonical mappings
On Fri, Dec 21, 2012 at 03:10:11PM -0500, Wietse Venema wrote:
> Viktor Dukhovni:
> > I've not looked too closely at what it would take for "postconf"
> > to be able to perform fully recursive parameter expansion. It is
> > apparently a bit tricky (from
On Sat, Dec 22, 2012 at 01:17:20PM +0100, Juerg Reimann wrote:
> Hi everybody,
>
> I need to clear my body_checks in order tu run a script and afterwards
> reaload them again. What I currently do is:
>
> cp /etc/mail/body_checks /etc/mail/body_checks.tmp
> > /etc/mail/body_checks
> /usr/sbin/po
On Tue, Dec 25, 2012 at 09:36:52AM -0500, Wietse Venema wrote:
> Early on it I had to make a choice: release Postfix as a "complete"
> MTA, or release it as a work-in-progress. You also have a choice:
> wait until Postfix is "complete" or use what we have now.
I recall you did not see much benefi
On Fri, Dec 28, 2012 at 04:13:39AM -0800, Jay Kay wrote:
> What I am not sure about is the "mtaadmin address group" as it
> is called in the readme.
> Does the example assume "mtaad...@example.org" is a valid recipient
> at [mailhub.example.org] or is it assumed that "mtaadmin" is aliased
> to the
On Wed, Jan 02, 2013 at 05:40:41PM -0500, Michael Sloan wrote:
> Currently I have the following defined:
>
> myhostname = mail.dept.university.edu
> mydestination = $myhostname, localhost.$mydomain
> virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf
If your domain is a virt
On Thu, Jan 03, 2013 at 04:49:50AM +0100, Michael Blessenohl wrote:
> /var/log/mail.info:
> Jan 3 03:09:45 hostname postfix/smtpd[5781]: connect from
> mail-we0-f173.google.com[74.125.82.173]
> Jan 3 03:09:45 hostname postfix/smtpd[5781]: warning: Illegal
> address syntax from mail-we0-f173.goog
On Thu, Jan 03, 2013 at 11:05:42AM -0500, Robert Moskowitz wrote:
> An update on creating self-signed certs.
>
> On 12/20/2012 09:32 AM, Viktor Dukhovni wrote:
> >On Thu, Dec 20, 2012 at 02:15:35PM +, Viktor Dukhovni wrote:
> >
> >>People who want a more compact
On Thu, Jan 03, 2013 at 07:28:20PM +0100, Kristof Bajnok wrote:
> > from the alias form to the canonical form. This will also validate
> > the alias form as a valid address in RCPT TO commands.
>
> Unfortunately, I can not accomplish this with a single query.
Actually, you can:
domain =
On Fri, Jan 04, 2013 at 12:33:49AM +0100, Michael Blessenohl wrote:
> >Why are you so committed/determined to use special characters in the
> >local-part, especially after the experts explained you should not be
> >doing so? You obviously "need" to use '@' in local-part. Why do you
> >need to do
On Fri, Jan 04, 2013 at 12:57:00AM -0500, Robert Moskowitz wrote:
> >>I was noticing an error in /var/log/httpd/ssl_error_log about the
> >>cert having basicConstraints: CA=TRUE
> >
> >If some HTTP server does not like self-signed SSL certs with CA=TRUE,
> >that's its own problem. Postfix will no
On Fri, Jan 04, 2013 at 10:09:44AM +0100, Kristof Bajnok wrote:
> On 01/04/2013 04:13 AM, Viktor Dukhovni wrote:
> >>> from the alias form to the canonical form. This will also validate
> >>> > > the alias form as a valid address in RCPT TO commands.
> &
On Fri, Jan 04, 2013 at 12:30:50PM -0500, Robert Moskowitz wrote:
> >There is nothing wrong with "CA:true" in a self-signed SSL certificate.
>
> By some definitions of 'wrong' :)
>
> You may not have attended the same sort of PKI policy meetings that
> I lived through! But since this is in larg
On Mon, Jan 07, 2013 at 11:34:45AM -0200, Rafael Azevedo - IAGENTE wrote:
> This is what I'm trying to do:
>
> - I need to have only one process to this transport's queue.
mumble_destination_concurrency_limit = 1
> - This queue must respect the destination's policy, so I can't
> have mo
On Mon, Jan 07, 2013 at 02:37:03PM -0200, Rafael Azevedo - IAGENTE wrote:
> I've done something very similar.
If you want help, please take some time to read and follow the
advice you receive completely and accurately. "Similar" is another
way of saying "incorrect".
> I created different named t
On Mon, Jan 07, 2013 at 03:06:42PM -0200, Rafael Azevedo - IAGENTE wrote:
> Anyway, I'll search how to use this "next hoop" feature and see
The term is "nexthop", this specifies the next system or systems
to which the message will be forwarded en-route to its destination
mailbox. With SMTP the ne
On Mon, Jan 07, 2013 at 03:29:53PM -0200, Rafael Azevedo - IAGENTE wrote:
> I believe I've activated the next hop feature in my transport table.
>
> If I understood it right, all I had to do is tell postfix that
> these domains belongs to my named transport specifying the domain.
>
> So this is
On Mon, Jan 07, 2013 at 03:19:39PM -0200, Rafael Azevedo - IAGENTE wrote:
> If I use mumble_destination_concurrency_limit = 1, the destination
> is a recipient not a domain.
This is wrong. The setting in question is the recipient_limit, not
the concurrency limit.
> default_destination_concurrenc
On Mon, Jan 07, 2013 at 04:24:20PM -0200, Rafael Azevedo - IAGENTE wrote:
> I've done exactally what you said and notice that the connection
> cache is not being used anymore.
You have enabled cache-on-demand behaviour. This happens when the active
queue contains a "backlog" of messages to the de
On Mon, Jan 07, 2013 at 04:02:36PM -0500, Wietse Venema wrote:
> > On Mon, Jan 07, 2013 at 04:24:20PM -0200, Rafael Azevedo - IAGENTE wrote:
> >
> > > I've done exactally what you said and notice that the connection
> > > cache is not being used anymore.
> >
> > You have enabled cache-on-demand
On Tue, Jan 08, 2013 at 10:47:08AM -0200, Rafael Azevedo - IAGENTE wrote:
> I've added this into my main.cf:
>
> slow_destination_concurrency_failed_cohort_limit = 5
This is fine, since you set the concurrency limit to 1, it is
intended to avoid shutting down deliveries after a single connection
On Tue, Jan 08, 2013 at 11:05:20AM +0100, Benny Pedersen wrote:
> Randy Ramsdell skrev den 2013-01-08 00:15:
> >What is the configuration forces postfix to honor what is found in
> >virtual_alias_maps ?
> >
> >e.g.
> >
> >support@$domain.com LocalAccount
>
> virtual_alias_maps doe
On Tue, Jan 08, 2013 at 01:59:14PM -0200, Rafael Azevedo - IAGENTE wrote:
> But Witse, would you agree with me that error 4XX is (in general
> cases) a temporary error?
It is a temporary error for *that* recipient. It is not a global
indication that the site is temporary unreachable. Nor is there
On Tue, Jan 08, 2013 at 01:08:21PM -0500, Wietse Venema wrote:
> I could add an option to treat this in the same manner as "failure
> to connect" errors (i.e. temporarily skip all further delivery to
> this site). However, this must not be the default strategy, because
> this would hurt the far ma
On Tue, Jan 08, 2013 at 02:39:17PM -0500, Wietse Venema wrote:
> Viktor Dukhovni:
> > On Tue, Jan 08, 2013 at 01:08:21PM -0500, Wietse Venema wrote:
> >
> > > I could add an option to treat this in the same manner as "failure
> > > to connect" errors
On Tue, Jan 08, 2013 at 10:02:31PM +0100, Reindl Harald wrote:
> Am 08.01.2013 21:40, schrieb Wietse Venema:
> > My conclusion is that Postfix can continue to provide basic policies
> > that avoid worst-case failure modes, but the choice of the settings
> > that control those policies is better le
On Tue, Jan 08, 2013 at 04:00:34PM -0500, Wietse Venema wrote:
>
> However, the syntax differs from "postconf -M" commands that can
> target multiple services, such as "postconf -M inet" or "postconf
> -Mu chroot=n inet". There, a service is better specified as
> service-type or service-type.ser
On Wed, Jan 09, 2013 at 03:06:58AM +0100, Reindl Harald wrote:
> > Suspending delivery and punting all messages from the active queue
> > for the designated nexthop is not a winning strategy. In this state
> > mail delivery to the destination is in most cases unlikely to
> > recover without manual
On Tue, Jan 08, 2013 at 07:58:38PM -0500, Wietse Venema wrote:
> > is there any way to set certificate / key file name depending on domain
> > name?
This problem is much harder for SMTP that HTTP, since the MTA does
not know with certainty which acceptable certificate a receiving
site is likely
On Wed, Jan 09, 2013 at 10:02:02AM -0200, Rafael Azevedo - IAGENTE wrote:
> > That's not what happens when a destination is throttled, all mail
> > there is deferred, and is retried some indefinite time later that
> > is at least 5 minutes but perhaps a lot longer, and at great I/O
> > cost, with
On Wed, Jan 09, 2013 at 01:29:06PM -0200, Rafael Azevedo - IAGENTE wrote:
> I was watching my log files now looking for deferred errors, and
> for my surprise, we got temporary blocked by Yahoo on some SMTPs
> (ips), as shown:
>
> Jan 9 13:20:52 mxcluster yahoo/smtp[8593]: 6731A13A2D956: host
>
On Wed, Jan 09, 2013 at 11:29:31AM -0500, Robert Moskowitz wrote:
> I DID say that I am going to use amavisd-new along with ClamAV and
> Spamassasin. Where is there a writeup of setting up pickup service
> for these?
When using advanced content filters with SMTP, the pickup(8) service
is not used
On Thu, Jan 10, 2013 at 04:01:13PM -0500, Wietse Venema wrote:
> With the option to edit master.cf will come new opportunities
> to destroy a configuration.
>
> Below is a first design for a "backup before edit" option. If no
> command is configured, then no backup will be made. If the backup
On Thu, Jan 10, 2013 at 07:23:36PM -0500, Wietse Venema wrote:
> The "backup before edit" feature does not work with revision control
> systems that error out when the current version is already checked
> in. For example, git and hg returns status 1 when a file has not
> changed since it was check
On Fri, Jan 11, 2013 at 03:47:41PM -0500, Wietse Venema wrote:
> If the concerns with '=' and '.' in service names can be overcome,
> then the mouss syntax would simplify the user interface to query
> or update a master.cf attribute.
Neither is actually a problem provided we use "strrchr" to find
k '~t postfix-users@postfix.org' my_hdr From: Viktor Dukhovni
send-hook '~t postfix-users@postfix.org' my_hdr Reply-To:
send-hook '~t postfix-users@postfix.org' my_hdr Fcc: ""
...
I often read/respond-to other mail to the underlying account via Mail.a
On Tue, Jan 15, 2013 at 09:48:32AM +0800, Fred Ho wrote:
> While other incoming mails are delivered, these incoming mails are slowly
> being spooled for hours and the file size are growing:
> [root@mailgate2 incoming]# ls -l
> total 106988
> -rw--- 1 postfix postfix 34369536 Jan 15 09:40 004
On Tue, Jan 15, 2013 at 11:35:14PM +0800, Fred Ho wrote:
> Hi Wietse,
> I have already asked the ISP, they said it's not the problem on
> their side. It's mailgate2 our receiving side that is slow.The
> postfix 2.5.6 running in mailgate2 does not turn on any header_check,
> body_check checking. Pl
On Tue, Jan 15, 2013 at 07:40:29AM -0800, blast wrote:
> i have a linux box (centos) with postifx working well with exchange, postfix
> just relay the mails to the server using sasl authentication.
>
> My problem is that i m not able to do it in a solaris 10 server.
>
> in main.cf:
>
> relayho
On Tue, Jan 15, 2013 at 05:35:48PM +, carlos jorge wrote:
> > Make sure you have Berkeley DB support on Solaris, (not just
> > the obsolete DBM) and "hash" or "btree" instead.
> Sorry can you help on that?what do i need to install?
No, I have not use Solaris for a while now, sorry. You'll ne
On Tue, Jan 15, 2013 at 06:18:03PM +, carlos jorge wrote:
> but I found a difference:
> man postconf -A List the available SASL client plug-in types...
> on the working server:
> postconf -A
> cyrus
> on the solaris...
> bash-3.00#postconf -A
> bash-3.00#
The Solaris server has no (cyrus) S
On Fri, Jan 18, 2013 at 09:57:37AM +0100, Olivier Brousselle wrote:
> Each instance is marked as disable, there is a script to activate
> instances (postmulti -i postfix-mta -e enable ; postmulti -i
> postfix-mta -e start) for using with pacemaker.
That is:
# Turn it on for postmulti sta
On Fri, Jan 18, 2013 at 09:49:34AM -0800, Steve Jenkins wrote:
> Agreed - but Yahoo is really the only one we're having issues with (even
> after complying with all their guidelines here):
>
> http://help.yahoo.com/kb/index?page=content&y=PROD_MAIL_ML&locale=en_US&id=SLN3435
>
Yes, they are wil
On Fri, Jan 18, 2013 at 09:12:31PM +0100, Adri van Loopik wrote:
> I had first also to put smtp_host_lookup on 'native, dns' (I did the
> same for lmtp_host_lookup, not sure that was needed).
The real issue was that you failed to use the correct relayhost
syntax:
relayhost = [relay.exam
On Fri, Jan 18, 2013 at 07:46:45PM -0800, Steve Jenkins wrote:
> > At that point you may not even need rate delays, just set a modest
> > concurrency, and typical SMTP transaction latency of 0.2-0.5s (
> > with spam checks, RBL lookups, ...) will give you at most 2-5
> > messages per unit concurre
On Fri, Jan 18, 2013 at 05:51:06PM -0500, Amir A. wrote:
> Jan 17 11:49:02 zimbra postfix/smtpd[26986]: NOQUEUE:
> milter-reject: RCPT from mail-ie0-f175.google.com[209.85.223.175]:
> 550 5.1.1 User unknown; from=
> to=
> proto=ESMTP helo=
This milter rejects the recipient, don't use milters
On Sun, Jan 20, 2013 at 05:17:19PM -0500, Jon A. wrote:
> It appears that memcache may only be used for dynamic content (write) for
>
> - postscreen whitelist cache
> - address verification cache
> - TLS session key cache
I would not use memcache for TLS session state. This is pointless
unless yo
On Mon, Jan 21, 2013 at 09:05:33PM -0500, Eric McCorkle wrote:
> I am trying to set up an LDAP-based alias table, and I want postfix to
> authenticate to LDAP using a Kerberos service principal, or at least
> using the EXTERNAL method (SSL certificate authentication).
I would recommend GSSAPI (Ke
On Wed, Jan 23, 2013 at 12:33:01AM -0500, Eric McCorkle wrote:
> Which is due ultimately to there not being a kerberos principal
> available. However, if I add "start_tls = yes" (and set up the
> certificate files), then I get the same "unable to allocate TLS context"
> error.
>
> This seems to
On Sat, Jan 26, 2013 at 12:25:00PM -0500, Bob Cohen wrote:
> Follows are several maillog entries. I'm not clear on how to read them.
>
> warning: restriction `reject_rbl_client' after `permit' is ignored
>
> Does this mean, Postfix rejected an email based on the
> reject_rbl_client rule, which w
On Tue, Jan 29, 2013 at 08:43:31AM +0100, Markus Grunwald wrote:
> is it possible to use multiple certificates for my virtual mail domains?
http://archives.neohapsis.com/archives/postfix/2013-01/0174.html
For Postfix 2.11 (2.10 is almost out the door, so it is too late for
this year) I've layed
On Wed, Jan 30, 2013 at 11:34:13AM -0300, Peter von Nostrand wrote:
> The users data is on Active Directory.
> Users has different email addresses to their username on AD and they have
> aliases on proxyaddress field.
>
> Here is the AD query:
>
> server_host = dc1.intranet.local
> search_base =
On Fri, Feb 01, 2013 at 10:39:31AM -0500, Asa Gage wrote:
> This was right on. Thanks Wietse.
>
> The rsyslogd service had rate limiting enabled by default and the log
> lines were getting dropped.
>
> I fixed it by adding the following line to /etc/rsyslog.conf
>
> $SystemLogRateLimitInterv
On Sat, Feb 02, 2013 at 03:34:30PM -0600, Stan Hoeppner wrote:
>check_client_access pcre:/etc/postfix/client_access
>...
>
> /etc/postfix/client_access:
> /.*facebook\.com$/permit
This is not robust for two reasons, the first is a simple oversight,
replace:
/
On Mon, Feb 04, 2013 at 12:05:09PM +1100, Mark Ashley wrote:
> I ran across a problem when installing postfix 2.9.5 on Solaris 10 and
> 11. If there is a pre-existing main.cf on the system then the "make
> install" step will re-use this, instead of using the settings
> contained in the new 2.9.5 c
On Mon, Feb 04, 2013 at 01:46:37PM -0500, Robert Moskowitz wrote:
> It seems from my limited testing that with the content_filter option of:
>
> content_filter=amavisfeed:[127.0.0.1]:10024
>
> I don't need an iptables rule for port 10024, as there is no
> firewall blocking of localhost connectio
On Mon, Feb 04, 2013 at 03:58:15PM -0500, Robert Moskowitz wrote:
> >So configure Amavis correctly, and the rest takes care of itself.
>
> Define correctly. It seems that a number of articles I have found
> recommend using 127.0.0.1. You seem to be recommending something
> else and I am interes
On Thu, Feb 07, 2013 at 06:22:40PM +0100, deconya wrote:
> smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
>
> relayhost = [smtp.puc.rediris.es]:25
Don't append :25 set:
relayhost = [smtp.puc.rediris.es]
> smtp_sasl_auth_enable = no
You've disabled SASL.
> smtp_sasl_password
On Thu, Feb 07, 2013 at 09:34:00PM +0100, deconya wrote:
> > > smtp_sasl_auth_enable = no
> >
> > You've disabled SASL.
>
> In main.cf appears
>
> smtpd_sasl_auth_enable = yes, why can appear no?
You're not paying attention:
"smtpd" != "smtp"
> > > smtp_sasl_password_maps = hash:/etc/p
On Thu, Feb 07, 2013 at 11:08:11PM +0100, deconya wrote:
> Well, thanks to advice me about the diference. But how I can change it?
When configuring the Postfix SMTP client set the parameters documented
to work with smtp(8) and not those documented to work with smtpd(8).
Don't confuse the two set
On Fri, Feb 08, 2013 at 10:51:02AM +0100, Fabio Sangiovanni wrote:
> Everything works fine, except when one client's IP is blacklisted by
> Spamhaus. In this case, we need to whitelist that IP - and that
> should be obtainable with the following:
>
> smtpd_recipient_restrictions =
> reject_no
On Fri, Feb 08, 2013 at 09:29:22AM +0100, Angel L. Mateo wrote:
> We are having problems with dns lookups to one domain. I know is
> not a postfix problem, but a dns configuration error in that domain.
> But it is affecting our servers.
The easiest work-around is to stop sending mail to the
On Sun, Feb 10, 2013 at 01:46:59PM +0100, deconya wrote:
> status=deferred (Server certificate not verified)
>
> I was looking all the information about it in howots, and seems that the
> problem is when my server exchanges credentials with smarthost. It seems
> that not recognizes the CA certifi
On Sun, Feb 10, 2013 at 09:22:34PM +0100, we...@zackbummfertig.de wrote:
> When I set in main.cf:
>
> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
>
> and in
>
> /etc/postfix/tls_policy:
>
> example.com encrypt
>
> Will then every mail leaving my server to example.com
On Mon, Feb 11, 2013 at 03:19:52PM +, Fabio Sangiovanni wrote:
> I have another question: what happens if a client is whitelisted AND it fails
> SASL authentication?
The whitelist only applies to authenticated users. Unauthenticated users
are treated like everyone else.
> I suppose that the
On Mon, Feb 11, 2013 at 11:58:07PM +0100, we...@zackbummfertig.de wrote:
> on my backup relay server i find these lines in the logs.
> i rebuild openssl and postfix.
> i am on gentoo linux.
>
> openssl 1.0.1c
Gentoo builds software from source, are you sure you built OpenSSL
1.0.1c and not the t
On Tue, Feb 12, 2013 at 01:36:15AM +0100, deconya wrote:
> Thanks for you answers
>
> I continue with the problem and I don't know where I can check more. At
> now the situation is
>
> -Sends mails deferred
>
> -In logs appears:
>
> Feb 12 01:20:50 mailserver postfix/smtpd[16653]: warning:
> s
On Tue, Feb 12, 2013 at 09:22:55AM +0100, we...@zackbummfertig.de wrote:
> I checked the certificate with:
>
> $ openssl x509 -in cert.pem -text -noout
>
> and voila, 512 bit like you said.
Do you know how you accidentally ended-up with a 512-bit RSA key?
[ Did you use the snake-oil key-pa
On Mon, Feb 11, 2013 at 10:29:38PM +, Fabii Sangiovanni wrote:
> Viktor Dukhovni dukhovni.org> writes:
>
> > You're working too hard, the suggested settings should work just fine.
>
> Would you be so kind to point me to some readings on the matter?
You don'
On Thu, Feb 14, 2013 at 03:03:23PM +, James Day wrote:
> A customer of mine is using a smart host provided by their ISP
> through which all outbound mail is delivered smtp.enta.net (which
> is running postfix).
This ISP's outbound relay is a submission service that is *only* suitable
for rela
On Thu, Feb 14, 2013 at 03:36:11PM +, James Day wrote:
> > > Is there a sensible way to configure postfix to allow these messages
> > > with null sender addresses to be relayed without opening the smart
> > > host up to exploitation?
> >
> > Sending bounces is not "exploitation", but the "sma
On Thu, Feb 14, 2013 at 04:14:06PM +, James Day wrote:
> > Not in this case, sending NDRs with a non-null envelope sender address is a
> > fundamental violation of the robustness requirements of SMTP. This goes
> > beyond working-around misconfiguration to flagrant violation of a basic
> > des
On Fri, Feb 15, 2013 at 03:14:44PM +0100, Tom Loewen wrote:
> We have two WAN connections. One has the RDNS entry mx0.example.com the
> other has mx1.example.com. Is there a way to setup postfix so that he
> will reply with the correct hostname? I know that you can do this in
> master.cf but the s
On Sat, Feb 16, 2013 at 09:51:53AM +, Nuno Fernandes wrote:
> I would like to have different bounce_template_files per domain. Is that
> possible?
Postfix has no support for sender-domain (recipient of bounce domain)
specific bounce templates.
Nor do domains map very well to the preferred l
On Tue, Feb 19, 2013 at 12:21:35PM +0100, Titanus Eramius wrote:
> I've tried with relay_domains, but it matches on domain-level which is
> too much. I then applied relay_recipient_maps, but it don't seem to
> have any effect, which means that addresses is still matched on domain
> basis.
>
> Eve
On Thu, Feb 21, 2013 at 05:46:26PM +0100, Erik Slagter wrote:
> Another variation I tried ("pass" and "postscreen" the other way
> around). This works, but gives the original problem, the smtpd
> options are not honoured (especially banner and starttls="may"),
> even though I set both:
Take a DEE
On Fri, Feb 22, 2013 at 08:48:31AM -0500, Wietse Venema wrote:
> > We are trying to establish enforced TLS with a partner that hosts about
> > 2000 recipient domains. All of these point to the same four MX records:
> >
> > host[1-4].example.com
> >
> > As I did not want to specify all of the
initial
investment of time pays off quickly in easier to manage configurations
and operational support (e.g. separate queues make it easier to
see which flow is having problems).
> On 21-02-13 20:07, Viktor Dukhovni wrote:
>
> > [ ... ] (lot of patronising text removed)
Text that
On Fri, Feb 22, 2013 at 11:33:53AM -0500, Wietse Venema wrote:
> Viktor Dukhovni:
> > On Fri, Feb 22, 2013 at 08:48:31AM -0500, Wietse Venema wrote:
> >
> > > > We are trying to establish enforced TLS with a partner that hosts about
> > > > 2000 recipient
On Fri, Feb 22, 2013 at 03:13:27PM -0500, Deeztek.com Support wrote:
> >b...@example.com smtp:[1.1.1.1]
> >m...@example.com smtp:[2.2.2.2]
> >example.com smtp:somewhere.else
>
> Sorry about the top-posting. Okay this is a little bit closer. So,
> I'm assuming if I use the domain in conjuc
On Sat, Feb 23, 2013 at 06:53:02PM -0500, Fabian von Romberg wrote:
> Im trying to compile Postfix 2.10. Actually I can compile it,
> the only problem is that whatever I define as install prefix, all
> binaries and config files go to unexpected folders. Please see my
> compiling steps:
>
> make
On Mon, Feb 25, 2013 at 10:33:09AM +0100, marcos gonzalez wrote:
> Im preparing a server with postfix 2.7.1 and now Im with the process
> to certificate de connection. I have two domains and normally using
> multipli domains certificate ou can join this, but the propierty of
> domains is different
On Mon, Feb 25, 2013 at 11:59:40AM +0100, Dominique wrote:
> The latter one with my ISP smtp server info for for my conflictive
> domainin the following format:
>
> domain.comsmtp:smtp.isp.com
Since ISP SMTP relays are generally provisioned for MSAs that don't
do MX lookups, you should proba
On Mon, Feb 25, 2013 at 10:30:41AM +, Peter S?rensen wrote:
> Currently we have a lot of attacks on Our gateway system serving
> up to 200 smtpd On each server. We have 3 servers which add up to
> max 600 concurrent smtpd processes.
>
> I would like to reserve let's say 50 smtpd on each serve
On Tue, Feb 26, 2013 at 01:50:34AM +0100, Piotr Rotter wrote:
> Can I set postfix to reject empty sender address for authenticated users.
>
> I want to disallow this:
>
> 235 2.7.0 Authentication successful
> MAIL FROM: <>
> 250 2.1.0 Ok
This breaks your service for all users who want to operat
On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote:
> I have recently updated my DNS server and am observing the traffic
> from my mail server to constantly query for names. Some of these
> names are frequent requests, for example: zen.spamhaus.org. So I
> was thinking that I could
On Tue, Feb 26, 2013 at 05:43:45PM +0100, Bastian Blank wrote:
> On Tue, Feb 26, 2013 at 01:50:34AM +0100, Piotr Rotter wrote:
> > Can I set postfix to reject empty sender address for authenticated users.
>
> Null-sender must be accepted. There are several occasions where a MUA
> may send them, f
On Tue, Feb 26, 2013 at 02:08:34PM +0200, Radwa Hamed wrote:
> there is an error in mail log file when sending mail to some
> hotmail accounts
>
> ... relay=none, delay=0.65, delays=0.45/0.14/0/0.06, dsn=4.4.2,
> status=deferred (delivery temporarily suspended: lost connection
> with mx2.hotmail.c
On Tue, Feb 26, 2013 at 08:57:51PM -0500, b...@bitrate.net wrote:
> > When Postfix support for DANE (RFC 6698) is introduced, there will
> > be a requirement to operate a local nameserver that is DNSSEC aware
> > on any machine that wants to take advantage of peer certificate details
> > published
301 - 400 of 6751 matches
Mail list logo
