[pfx] Re: dmarc reports from Microsoft (possibly off topic)

Alan Munday: > As of the 22 Feb 2024 I have been seeing invalid MAIL FROM address from > Microsoft: > > In: MAIL FROM: XATTRDIRECT=Originating > XATTRORGID=xorgid:96f9e21d-a1c4-44a3-99e4-37191ac61848 Wietse: > When I send the above as one line into Postfix, the response is: > > 555 5.5

[pfx] Re: dmarc reports from Microsoft (possibly off topic)

Alan Munday via Postfix-users: > As of the 22 Feb 2024 I have been seeing invalid MAIL FROM address from > Microsoft: > > In: MAIL FROM: XATTRDIRECT=Originating > XATTRORGID=xorgid:96f9e21d-a1c4-44a3-99e4-37191ac61848 > > Clearly an issue with line termination, but one I have yet to find >

[pfx] Re: SOLVED: Escaping of braces {} in configuration (master(5))

Wietse Venema via Postfix-users: > The text should have said: > > Other command-line arguments > Specify "{" and "}" around command arguments that must start > with "{" or that must contain whitespace (Postfix 3.0 and > late

[pfx] SOLVED: Escaping of braces {} in configuration (master(5))

Wietse Venema via Postfix-users: > With this in master.cf: > > dkim-sign unix - n n - 0 spawn > user=_postfix_xlocal argv=/tmp/s-dkim-sign > --milter-macro-sign {daemon_name},sign > --key rsa-sha256,rsa,/tmp/pri-rsa.pem >

[pfx] Postfix stable release 3.8.6, and legacy releases 3.7.11, 3.6.15, 3.5.25

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.8.6.html] This is the first regular update after the SMTP smuggling episode. As the last regular update was early November, this update is larger than usual. Fixed with Postfix 3.8.6, 3.7

[pfx] Re: Escaping of braces {} in configuration (master(5))

With this in master.cf: dkim-sign unix - n n - 0 spawn user=_postfix_xlocal argv=/tmp/s-dkim-sign --milter-macro-sign {daemon_name},sign --key rsa-sha256,rsa,/tmp/pri-rsa.pem These are options to a non-Postfix peogram, so I need to investiga

[pfx] Re: Escaping of braces {} in configuration (master(5))

Steffen Nurpmeso via Postfix-users: > Steffen Nurpmeso wrote in > <20240305004501.fwAHTulV@steffen%sdaoden.eu>: > |Wietse Venema via Postfix-users wrote in > | <4tpc280nhvzj...@spike.porcupine.org>: > ||Steffen Nurpmeso via Postfix-users: > ||> Is it poss

[pfx] Re: Escaping of braces {} in configuration (master(5))

Steffen Nurpmeso via Postfix-users: > Hello. > > Is it possible to escape braces in resource files? > I am currently testing an hm early beta of my thing and did > > lb = { > rb = } > > in main.cf to be able to say > > dkim-sign unix - n n - - spawn > user=_postfix_xlocal argv=/tmp/s-

[pfx] Re: Escaping of braces {} in configuration (master(5))

Steffen Nurpmeso via Postfix-users: > Hello. > > Is it possible to escape braces in resource files? > I am currently testing an hm early beta of my thing and did > > lb = { > rb = } No, Don't do that. Wietse ___ Postfix-users mailing list

[pfx] Re: Implementing From: field heuristic when sending messages?

Paul Menzel via Postfix-users: > Dear Postfix users, > > > A user had their password guessed/leaked, and the account was used to > send spam/phishing messages - but only once an hour or so, so it wasn't > detected as abnormal traffic. One thing detectable thing would have > been, that the sent

[pfx] Re: A functional lightweight reverse alias?

Wietse Venema via Postfix-users: > Gerben Wierda via Postfix-users: > > Aliases are nice, to receive mail. But when you reply, the address behind > > the alias is exposed. > > > > To prevent that I need to create full mailboxes, which requires a lot of > > ad

[pfx] Re: A functional lightweight reverse alias?

Gerben Wierda via Postfix-users: > Aliases are nice, to receive mail. But when you reply, the address behind the > alias is exposed. > > To prevent that I need to create full mailboxes, which requires a lot of > administration in dovecot, postfix. > > Suppose > - I am m...@mydomain.tld > - At

[pfx] Re: postqueue fatal: output write error: Input/output error

Paul Lemmons: > I am getting the following message in my syslog exactly every 30 > seconds. Everything is working but words like "Fatal" and "Input/output > error" cause me an inordinate amount of angst. > > postfix/postqueue[]: fatal: output write error: Input/output error Wietse: > A write(2) o

[pfx] Re: postqueue fatal: output write error: Input/output error

Paul Lemmons via Postfix-users: > I am getting the following message in my syslog exactly every 30 > seconds. Everything is working but words like "Fatal" and "Input/output > error" cause me an inordinate amount of angst. > > postfix/postqueue[]: fatal: output write error: Input/output error A wr

[pfx] Re: Configuration Settings for TLS 1.2 and 1.3 with No Weak Ciphers

Scott Hollenbeck via Postfix-users: > Right, but that page says "You are strongly encouraged not to change this > setting". I'm also unsure why I'm not seeing any TLS 1.3 ciphers when > "smtpd_tls_protocols = >=TLSv1.2". Doesn't that setting include TLS 1.3? tls_high_cipherlist and tls_medium_cip

[pfx] Re: postfix check_sender_access and subdomain test

Scott Techlist via Postfix-users: > I need to allow a domain to bypass my RBL checks. I'm doing something wrong, > or I'm misunderstanding what I'm checking from my logs. I'd be grateful for > an assist to remedy. > Depending on whether omain is client or sender or ... ... reject_una

[pfx] Re: Configuration Settings for TLS 1.2 and 1.3 with No Weak Ciphers

h_cipherlist https://www.postfix.org/postconf.5.html#tls_medium_cipherlist Wietse > > Scott > > > -Original Message- > > From: Wietse Venema via Postfix-users > > Sent: Wednesday, February 28, 2024 2:18 PM > > To: Postfix users > > Subject: [p

[pfx] Re: Configuration Settings for TLS 1.2 and 1.3 with No Weak Ciphers

Scott Hollenbeck via Postfix-users: > Sorry, I should note that this is for postfix 3.6.4. > postconf -H | grep -E 'high|medium' Wietse > > > -Original Message- > > From: Scott Hollenbeck via Postfix-users > > Sent: Wednesday, February 28, 2024 8:55 AM > > To: postfix-users@pos

[pfx] Re: userid for file delivery ?

John Levine via Postfix-users: > Here's another question that might be answered in the documentation > but I can't find it. If I have a file delivery like this in > the /etc/aliases file > > foo: /a/b/somefile > > what userid writes to the file? postfix? nobody? > > I realize that for user mai

[pfx] Re: Postfix gmail relay SASL authentication failed invalid parameter supplied

Nuno Catarino via Postfix-users: > postfix/smtp[31278]: CFC982C034E: to=, > relay=smtp.gmail.com[64.233.167.109]:587, > delay=5.5, delays=0.05/0/5.4/0, dsn=4.7.0, status=deferred (SASL > authentication failed; cannot authenticate to server > smtp.gmail.com[64.233.167.109]: > invalid parameter suppl

[pfx] Re: postfix and smtpd_proxy_timeout

natan via Postfix-users: > for "us...@domain.ltd" > Feb 27 16:02:28 smtp1v postfix/cleanup[23476]: warning: > proxy:mysql:/etc/postfix/mysql_sender_bcc_maps_user.cf-new lookup error > for "us...@domain.ltd" > Feb 27 16:02:29 smtp1v postfix/cleanup[23476]: warning: > proxy:mysql:/etc/postfix/mysq

[pfx] Re: rbl bounces email that has both rbl_override and client_checks whitelisting

Wietse: > Your mistake: you are trying to match a SENDER ADDRESS with > check_CLIENT_access. lists--- via Postfix-users: > Well do I put the domain in sender_access or sender_checks? What do you want to not block: the sender email domain? Then use check_sender_access (note that is check_sender_

[pfx] Re: rbl bounces email that has both rbl_override and client_checks whitelisting

Your mistake: you are trying to match a SENDER ADDRESS with check_CLIENT_access. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: postfix and smtpd_proxy_timeout

natan via Postfix-users: > If i set smtpd_proxy_timeout=60s I "terminating" (timeout) all old > connections who get > "warning: proxy:mysql:/etc/postfix/mysql_sender_bcc_maps_user.cf-new > lookup error for u...@test.lt" > after 60s ? smtpd_proxy_timeout is a time limit for Postfix to talk to an

[pfx] Re: cyrus_sasl_config_path is ignored

Christoph Zimmermann via Postfix-users: > The setting for cyrus_sasl_config_path is ignored. Apparently, ignored by the Cyrus SASL library. > Specifying this in main.cf doesn't have any effect as only the standard > locations are > searched for smtpd.conf as the following strace snippet shows:

[pfx] Re: dumb-ish question about submission rewriting

Wietse Venema via Postfix-users: > John Levine via Postfix-users: > > I am trying to tidy up a complicated and messy postfix config that has > > all the issues you'd expect in one that has been twiddled by many > > people over a decade to handle multiple sort of relat

[pfx] Re: dumb-ish question about submission rewriting

John Levine via Postfix-users: > I am trying to tidy up a complicated and messy postfix config that has > all the issues you'd expect in one that has been twiddled by many > people over a decade to handle multiple sort of related mail streams. Auch. > Today's issue is ensuring that we only do sub

[pfx] Re: smtpd_discard_ehlo_keyword_address_maps all but internal

Wietse Venema via Postfix-users: > Matus UHLAR - fantomas via Postfix-users: > > hello, > > > > as I maintain some mail gateways with postfix, I would like to discard the > > DSN ehlo keyword, from all hosts but internal network. > > > > I see that with

[pfx] Re: smtpd_discard_ehlo_keyword_address_maps all but internal

Matus UHLAR - fantomas via Postfix-users: > hello, > > as I maintain some mail gateways with postfix, I would like to discard the > DSN ehlo keyword, from all hosts but internal network. > > I see that with smtpd_discard_ehlo_keyword_address_maps > "Tables will be searched in the specified orde

[pfx] Re: Authentication question

michaelof--- via Postfix-users: > 2024-02-22T17:49:57.074140+01:00 vserver postfix/smtps/smtpd[165894]: connect > from > 2024-02-22T17:49:57.177663+01:00 vserver postfix/smtps/smtpd[165894]: > warning: : SASL LOGIN authentication failed: > Invalid authentication mechanism Your smtpd_sasl_secu

[pfx] Re: Authentication question

michaelof--- via Postfix-users: > 2024-02-22T13:56:15.715392+01:00 vserver postfix/submission/smtpd[150038]: > connect from > 2024-02-22T13:56:15.715607+01:00 vserver postfix/submission/smtpd[150038]: > improper command pipelining after CONNECT from sender-dns-name[IPv4]>: \026\003\001\001 > \

[pfx] Re: Potential bug in milter interface, can't change first header field

Taco de Wolff via Postfix-users: > Thanks Wietse and Steffen, I forgot to mention that I'm using Postfix > 3.5.8, but it appears the bug is thus still present in the latest version. > Looking forward to the fix :-) Another solution is to adopt Postfix 3.9 (the development release) where this was f

[pfx] Re: Potential bug in milter interface, can't change first header field

The Postfix Milter implementation is sometimes inconsistent about the "first" header so that it can sometimes not be updated. The fix below was in the queue for Postfix 3.5 - 3.8 a few days before the SMTP smuggling shitshow happened. The last SMTP smuggling patch was released on January 21. For

[pfx] Re: Postconf.5 smtp_tls_loglevel 2

Viktor Dukhovni via Postfix-users: > On Wed, Feb 21, 2024 at 08:32:49AM +, Rune Philosof via Postfix-users > wrote: > > It seems a bit unclearly phrased > > > 2 Also log levels during TLS negotiation. > > Indeed this is not very helpful. See the description of the "-L" option > in

[pfx] Re: Update: What features to deprecate

Peter via Postfix-users: > On 21/02/24 12:40, Wietse Venema via Postfix-users wrote: > > Peter via Postfix-users: > >>> A quick status update. > >>> > >>> First, several features have been logging warnings that they would > >>> be remo

[pfx] Re: Update: What features to deprecate

Peter via Postfix-users: > > A quick status update. > > > > First, several features have been logging warnings that they would > > be removed for 10 years or more, so we could delete them in good > > conscience (perhaps keeping the warning with the suggested alternative). > > This change has not y

[pfx] Re: removing Authentication-Results, how?

Matus UHLAR - fantomas via Postfix-users: > I guess the inline code available since 3.7 supports this: > > header_checks = regexp:{ {/^Authentication-Results: $myhostname/ IGNORE} } > > This would only remove problem headers and exempt MX backups. > > >If it helps, header_checks happen before Mi

[pfx] Update: What features to deprecate

Viktor Dukhovni via Postfix-users: > On Tue, Feb 13, 2024 at 12:23:32PM -0500, Wietse Venema via Postfix-users > wrote: > > > Over 25 years, Postfix has accumulated some features that > > are essentially obsolete. A quick status update. First, several features have been

[pfx] Re: Verbose postfix logs cleartext password for SQL database

dimi--- via Postfix-users: > Dear fellow users, > > Unless my configuration isn't safe (not yet included), i may have found an > unwanted behavior in Postfix. > > When i set the -v flag in master.cf for smtpd, my logs mail.log contains > cleartext passwords for my SQL user database. This happens

[pfx] Re: [postfix] 3.4.23: SpamAssassin - Re-submission with sendmail - Append"receive_override_options = no_address_mappings"?

hawky--- via Postfix-users: > Is there a way to stop resolving a second time the alias table with the > after-queue approach? With "pickup -o receive_override_options=no_address_mappings...", but that disables virtual_alias_maps lookup for all submissions through the Postfix sendmail command. Co

[pfx] Re: dynamic user lookup

Andre Rodier via Postfix-users: > Hello, Postfix users. > > I am looking for a dynamic user mapping, if possible. > For instance, something like lua, python or perl, to return a user lookup. > What I need is something very simple and the language don't need to be > advanced. > > I'd like to give

[pfx] Re: sending not trying TLS?

Michael W. Lucas via Postfix-users: > Hi, > > Running 3.8 on FreeBSD 14, with postfixadmin 3.4. > > I'm trying to send a message and got this bounce message. > > : host mx.nixnet.email[5.161.67.119] said: 530 5.7.0 > Must issue a STARTTLS command first (in reply to MAIL FROM command) > > > The

[pfx] Re: Unexpected behavior of regexp table in check_sender_access directive

Jakob Cornell via Postfix-users: > Hi Wietse, > > > I can add a debug log that a specific table is skipped for a specific name. > > Ah yes, that's a better fix. That would take care of my confusion with the > logging. > > Do you have any thoughts on postconf(5) describing partial key > lookups

[pfx] Re: What features to deprecate

Viktor Dukhovni via Postfix-users: > On Tue, Feb 13, 2024 at 12:23:32PM -0500, Wietse Venema via Postfix-users > wrote: > > > Over 25 years, Postfix has accumulated some features that > > are essentially obsolete. > > > > - permit_mx_backup is fundamen

[pfx] Re: What features to deprecate

Geert Hendrickx via Postfix-users: > On Tue, Feb 13, 2024 at 12:23:32 -0500, Wietse Venema via Postfix-users wrote: > > - masquerade_domains complicates table-driven address validation. > > Log a deprecation warning with compatibility_levels>=3.9. > > >

[pfx] What features to deprecate

Over 25 years, Postfix has accumulated some features that are essentially obsolete. - permit_mx_backup is fundamentally incompatible with recipient address validation. There is no way to work around that with reject_unverified_recipient, because that requires that a domain is reachable, and in th

[pfx] Re: Forward mails if user unknown in local recipient table

Akshay Pushparaj via Postfix-users: > > > >> I would like to know if i can configure postfix to forward mails if user > >> not found in local recipient table. > > > > That is possible (with static: mapping) but not a good idea. > May i know why it's not a good idea? Forwarding ALL recipients no

[pfx] Re: Unexpected behavior of regexp table in check_sender_access directive

Jakob Cornell via Postfix-users: > If I understand right the non-indexed skip is implemented by the > 'continue' at global/maps.c:199, so a flag could be added to track > whether execution has passed line 199 and if not, the log statement > at 221 could be skipped. I can add a debug log that a spe

[pfx] Re: masquerade_domains does not work for relayed domain

Aleksandar Ivanisevic via Postfix-users: > > Is it true that masquerade_domains does not work for header From: in relayed > emails? I have a fairly generic setup: > > masquerade_classes = envelope_sender, header_sender, header_recipient > masquerade_domains = mydomain.com > > that does indeed r

[pfx] Re: How to forward submitted mails under the identity of an email alias to all other members of that alias?

Matthias Nagel via Postfix-users: > > > How do I forward submitted mails under the identity of an email alias > > > to all other members of that alias? Is that even possible with Postfix > > > only? > > > > Yes, with sender_bcc_maps, and with the proviso that the BCC will be to > > all the members

[pfx] Re: Understanding log entries

Small edit for clarity. Wietse Doug Hardie via Postfix-users: > Is there a way to configure postfix to drop the email if all the > providers MTAs return a 5xx response? We had a problem like that when some people wanted to make TLS mandatory. The solution was not to bounce mail when a s

[pfx] Re: Understanding log entries

Small edit for clarity. Wietse Doug Hardie via Postfix-users: > Is there a way to configure postfix to drop the email if all the > providers MTAs return a 5xx response? We had a problem like that when some people wanted to make TLS mandatory. The solution was not to bounce mail when a s

[pfx] Re: Understanding log entries

Doug Hardie via Postfix-users: > Is there a way to configure postfix to drop the email if all the > providers MTAs return a 5xx response? We had a problem like that when some people wanted to make TLS mandatory. The solution was not to bounce mail when a server did not offer working TLS, but inst

[pfx] Re: Understanding log entries

Wietse Venema via Postfix-users: > Doug Hardie via Postfix-users: > > I used Viktor's collate to trace a specific email handling. There were a > > number of these entries. However, I am only showing 2 of them: > > > > This is host mx01.t-online.de[194.25.134.

[pfx] Re: Understanding log entries

Doug Hardie via Postfix-users: > I used Viktor's collate to trace a specific email handling. There were a > number of these entries. However, I am only showing 2 of them: > This is host mx01.t-online.de[194.25.134.72]: > Feb 10 03:15:40 mail postfix/smtp[60428]: 4TWjVT5qz7z2gF8w: > to=, > ori

[pfx] Re: ARC or DKIM or SRS?

Doug Hardie via Postfix-users: > > On Feb 8, 2024, at 01:56, Matus UHLAR - fantomas via Postfix-users > > wrote: > > > > On 07.02.24 21:51, Christophe Kalt via Postfix-users wrote: > >> +1 on setting up SRS, it helps with Gmail and I believe ARC does too > >> (although I don't have hard data on

[pfx] Re: why tls library problem?

Maurizio Caloro via Postfix-users: > Please, i see often on log file See text after > Feb6 time P postfix/tlsproxy[300980]: warning: TLS library problem: > error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared > cipher:../ssl/statem/statem_srvr.c:2283: Wie

[pfx] Re: Forward mails if user unknown in local recipient table

Akshay Pushparaj via Postfix-users: > Hi, > I would like to know if i can configure postfix to forward mails if user > not found in local recipient table. That is possible (with static: mapping) but not a good idea. > Usecase: > > Users are split between LDAP in my server and a remote server fo

[pfx] Re: Bug in COMPATIBILITY_README

Rune Philosof via Postfix-users: > Mismatching between compatibility_level in overview and explanations for > http://www.postfix.org/COMPATIBILITY_README.html#relay_restrictions > and > http://www.postfix.org/COMPATIBILITY_README.html#smtputf8_enable > > The overview lists them as compatibility_le

[pfx] Re: postscreen segfault since 3.8.4

Christophe Kalt via Postfix-users: > Hi, > > I'm seeing regular postscreen segfaults on a test server with minimal > traffic. The patterns I noticed from the logs is that it seems to happen > when the server gets 2 ~simultaneous connections from the same host: > > 2024-02-04T14:33:31.876390 info

[pfx] Re: milter: how about a SMFIP_NOQUIT?

Looks like there is sufficient basis to make SMTPD_QUIT_NC rerquests thts from Postfix. Just need to figure out how to enable/disable this particular command based on the Postfix and Milter protocol versions. There is already some 'set' intersection code for doing such things on the Postfix side.

[pfx] Re: milter: how about a SMFIP_NOQUIT?

Steffen Nurpmeso via Postfix-users: > Wietse Venema via Postfix-users wrote in > <4tqc213rcwzj...@spike.porcupine.org>: > |So you're suggesting that as long as an MTA-to Milter connection > |is not in an error state, sending > | > |SMFIC_QUIT_N

[pfx] Re: milter: how about a SMFIP_NOQUIT?

So you're suggesting that as long as an MTA-to Milter connection is not in an error state, sending SMFIC_QUIT_NC and later sending SMTIC_CONNECT are sufficient to make a Milter fully forget a past SMTP session and to make it ready to handle events from a new SMTP session? I'd like to

[pfx] Re: milter: how about a SMFIP_NOQUIT?

Claus Assmann via Postfix-users: > > SMFIP_NOQUIT would > > be a good protocol extension in general > > "Use the source, Luke." > > You mean something like > SMFIC_QUIT_NC > ? And... Postfix 'knows' that constant since postfix-2.5.0, but there is no code to negotiate or send it. What would it

[pfx] Re: Are multiple white spaces allowed in a date in headers?

Jonas Vautherin via Postfix-users: > > Indeed, RFC 5322 recommends (i.e. should) single space. A safe change is to change the strftime() call in the Postfix mail_date() function, so that it uses %d (day-of-month as 01-31) instead of %e (which replaces the leading 0 with space). This is not only a

[pfx] Re: milter: how about a SMFIP_NOQUIT?

Postfix has to be compatible with libmilter, the reference implementation from Sendmail. It absolutely makes no sends for me to unilaterally add features. If you wish to propose libmilter API changes, such as claimng a code, then this mailing list is not the place to do that. Claus Assmann is on t

[pfx] Re: Are multiple white spaces allowed in a date in headers?

> RFC 5322 is clear that day is 1-2 digits, preceded by optional folding > whitespace. If present, the definition of folding whitespace allows it to be > 1 or more spaces, despite the fact that a single space is recommended. Indeed, RFC 5322 recommends (i.e. should) single space. Postfix date-tim

[pfx] Re: Problems with round-robin outbound emails

Israel britto via Postfix-users: > My server is configured with the helo -> xpto.com.br Presumably, you are talking about SENDING email. > Spamhaus is listing my IPs because it says that my HELO address > is not aligned with the rDNS of my IPs. Has anyone had this type > of problem and could help

[pfx] Re: Postfix and reproducible builds

Scott Kitterman via Postfix-users: > In case anyone is unfamiliar, you can read about reproducible builds here: > reproducible-builds.org > > It looks like Postfix as shipped is very close to being reproducible. We got > positive results on reproducibility with the patch below added. Is this

[pfx] Re: two 2822.From header with header_checks

Byung-Hee HWANG via Postfix-users: > Hellow Postfix heackers, > > I have some odd email [1]. That have two 2822.From headrs. I would like > to filer such style email. Is it possible to filter with header_checks? No. header_checks has no memory of past inputs. Use a Milter instead. I don't know if

[pfx] Re: different queue time based on the sender address

Aleksandar Ivanisevic via Postfix-users: > i would like to have maximal_queue_lifetime (and possibly some > other parameters) based on the sender address. So I did the following This request is unlikely to be implemented. It is one of those features that benefit a very small fraction of the pupula

[pfx] Re: Log/Capture outbound messages?

joe a via Postfix-users: > Postfix 3.5.9-5.9.2 > > Perhaps not a postfix question at all. Looking for a way to capture > outbound email, for troubleshooting purposes. > > Is "smtp-sink" the way to do this? That could be, if you are interested in outbund SMTP deliveries. smtp-sink has a crude

[pfx] Re: Feature Request: Adjustable Header Log Size Limit in INFO/WARN/REJECT Header_Check

Matthias Schneider via Postfix-users: > Hi Jaroslaw, > > In this context, it's not about the ability to recognize the > message, as unique IDs and postfix long queue IDs can handle that > effectively within the 200-character limit. The primary concern > is having the capability to log full header

[pfx] Re: Feature Request: Adjustable Header Log Size Limit in INFO/WARN/REJECT Header_Check

Claus Assmann via Postfix-users: > On Wed, Jan 24, 2024, Wietse Venema via Postfix-users wrote: > > 1) You can log full headers with a Milter. You will run into the > > length limit of the syslog() client (historically, 2 kBytes) before > > the Milter protocol limit (64 kByte

[pfx] Re: relay specific domain

Barbara M.: > On Tue, 23 Jan 2024, Wietse Venema via Postfix-users wrote: > > > Barbara M. via Postfix-users: > >> Jan 23 00:11:34 auth postfix/smtpd[188544]: NOQUEUE: reject: RCPT from > >> wp-host1.xyz.com[4.3.2.1]: 554 5.7.1 : Relay > >> access

[pfx] Re: Feature Request: Adjustable Header Log Size Limit in INFO/WARN/REJECT Header_Check

1) You can log full headers with a Milter. You will run into the length limit of the syslog() client (historically, 2 kBytes) before the Milter protocol limit (64 kBytes) which is less than the Postfix header_size_limit (default: 102400). 2) You can uniqely identify all Postfix transactions with a

[pfx] Re: Feature Request: Adjustable Header Log Size Limit in INFO/WARN/REJECT Header_Check

First, there are format string limits all over Postfix. As a matter of principle I would not make a special case for headers. Second, the existing 200 byte limit should be plenty sufficient to uniqiely identify every past, present, and future email message in this universe and in several other one

[pfx] Re: relay specific domain

Barbara M. via Postfix-users: > Jan 23 00:11:34 auth postfix/smtpd[188544]: NOQUEUE: reject: RCPT from > wp-host1.xyz.com[4.3.2.1]: 554 5.7.1 : Relay > access denied; from= to= > proto=ESMTP helo= It this is this an INTERNAL DESTINATION, add it to main.cf:relay_domains. relay_domains = dom

[pfx] Re: Feature Request: Adjustable Header Log Size Limit in INFO/WARN/REJECT Header_Check

ds, > > Matthias Schneider > > - Urspr?ngliche Mail - > Von: "Wietse Venema via Postfix-users" > An: "Postfix users" > Gesendet: Montag, 22. Januar 2024 16:14:03 > Betreff: [pfx] Re: Feature Request: Adjustable Header Log Size Limit in > INFO/WA

[pfx] Re: Feature Request: Adjustable Header Log Size Limit in INFO/WARN/REJECT Header_Check

Sorry, Postfix logging must not be used as if it is a reliable channel for message processing. Postfx goes through great effort to guarantee that message loss won't happen unless a file system is damaged or unless a message is forcibly deleted from the queue. There are no such guarantees for loggi

[pfx] Postfix stable release 3.8.5, 3.7.10, 3.6.14, 3.5.24

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.8.5.html] [Fixes for Postfix versions < 3.5 will be announced at https://www.postfix.org/smtp-smuggling.html] Postfix stable release 3.8.5, 3.7.10, 3.6.14, 3.5.24 Security: this release

[pfx] Re: some questions about controlling postfix and meaning of data

Don Cohen via Postfix-users: > I see in maillog something like this: > > Jan 17 22:22:50 isis-20240117-1030 sendmail[120557]: 40HMMokm120557: to=don, > ctladdr=opc (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, > pri=30107, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, reply=554- , > s

[pfx] Re: postfix 3.8.4, missing inet_protocols setting in main.cf, and postfix' post-install script

Michael Grimm via Postfix-users: > Hi, > > I am running postfix 3.8.4 on FreeBSD 14.0-STABLE and recompile postfix (and > all my other ports) on a regular basis (by poudriere). > > > Very recently I re-enabled IPv6 on my servers, and removed my > 'inet_protocols=ipv4' from main.cf and did *not

[pfx] Re: FW: send email as root

Allison, Derek [JRDUS NON-J&J] via Postfix-users: > > I can send email as any other user but root. Your logging says otherwise: > Jan 17 11:16:46 rndusljpp2 postfix/pickup[49364]: EE60E12A0913: uid=0 > from= > Jan 17 11:16:47 rndusljpp2 postfix/cleanup[49377]: EE60E12A0913: > message-id=202401

[pfx] SMTP smuggling update next week

After the initial SMTP smuggling fix that was published four weeks ago, the plan is to publish an improved version early next week. - Better compatibility: Postfix can prevent SMTP smuggling without rejecting bare newline characters. This avoids a mail delivery problem with Microsoft Exchange

[pfx] Re: relay_domains override for smtpd

Marc Dierksen via Postfix-users: > Salutations, > > I am running Postfix 3.5.23 on Debian 11 as an edge mailserver that > accepts mails on port 25 for a list of domains defined as relay_domains > in the main.cf. > > I am currently trying to setup a second smtpd process on port 587 that > accep

[pfx] Re: removing Authentication-Results, how?

Matus UHLAR - fantomas via Postfix-users: > Hello, > > RFC 8601 section 5. requires deleting Authentication-Results headers from > incoming messages. This should be done at trusted border, so when receiving > message via SMTP from clients or the world, except MX gateways or possibly > backup

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Viktor Dukhovni via Postfix-users: > On Mon, Jan 15, 2024 at 08:14:13AM +0100, Gerd Hoerst via Postfix-users wrote: > > > I added > > > > masquerade_domains > > = hoerst.net > > > > to main.cf and mail sent via mailx is sent asu...@d

[pfx] Re: improper command pipelining

Admin Beckspaced via Postfix-users: > dear postfix users, > > since the recent SMTP smuggling issue I applied the short term > workaround by setting smtpd_forbid_unauth_pipelining = yes > > I also do a daily scan on journalctl with some keywords, e.g. 'pipelining' > > the following showed up th

[pfx] Re: schleuder and postfix virtual domains

roughnecks via Postfix-users: Checking application/pgp-signature: FAILURE -- Start of PGP signed section. > Il 14/01/2024 15:56, roughnecks via Postfix-users ha scritto: > > Il 14/01/2024 15:52, Wietse Venema via Postfix-users ha scritto: > >> To receive receive list mail fo

[pfx] Re: schleuder and postfix virtual domains

Wietse Venema via Postfix-users: > Looking at this difference: > > "success" for decentralizeit-send...@wood...nest.space: > > 2024-01-14T14:21:12.542417+01:00 pandora postfix/pipe[10541]: > 087F09251A9: to=, > relay=schleuder, delay=2.5, de

[pfx] Re: schleuder and postfix virtual domains

roughnecks via Postfix-users: Checking application/pgp-signature: FAILURE -- Start of PGP signed section. > Il 14/01/2024 14:07, Wietse Venema via Postfix-users ha scritto: > > > If there are any schleuder users on this list, maybe someone knows > > what you are talking about

[pfx] Re: schleuder and postfix virtual domains

roughnecks via Postfix-users: Checking application/pgp-signature: FAILURE -- Start of PGP signed section. > Hello, > > sorry for the little OT, but I asked schleuder team and they weren't > able to assist me. > > My postfix conf has a virtual domain set up. > At first I only had one domain and

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Viktor Dukhovni via Postfix-users: > On Fri, Jan 12, 2024 at 11:10:52PM +0100, Gerd Hoerst via Postfix-users wrote: > > Hi ! > > > > In my main.cf > > > > non_smtpd_milters = $smtpd_milters > > > > is already configured... > > > > Where else can I check ? > > The milter configuration, and Post

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Gerd Hoerst via Postfix-users: > Hi ! > > in my main.cf > > non_smtpd_milters = $smtpd_milters > > is already configured... > > Whereelse can i check ? non_smtpd_milters emulates an SMTP client. It pretends that mail arrives from localhost/127.0.0.1 via ESMTP. Your Milter needs to be willing

[pfx] Re: Strange dnsblog lookup errors

Phil Biggs via Postfix-users: > postfix/dnsblog 17448 - - warning: dnsblog_query: lookup error for DNS query > 137.52.152.104.list.dnswl.org: Host or domain name not found. Name service > error for name=137.52.152.104.list.dnswl.org type=A: Host not found, try > again > > As later lookups retur

[pfx] Re: Strange dnsblog lookup errors

Phil Biggs via Postfix-users: > > Back in June of 2023 I added list.dnswl.org to postscreen. > > Over time I've noticed that I get the occasional lookup error like this: > > postfix/dnsblog 17448 - - warning: dnsblog_query: lookup error for DNS query > 137.52.152.104.list.dnswl.org: Host or doma

[pfx] Re: postfix repo

Viktor Dukhovni via Postfix-users: > On Thu, Jan 11, 2024 at 03:53:35PM +0100, natan via Postfix-users wrote: > > Hi Wietse Have you thought about postfix repo for Debian, just like dovecot > > has for his relase ? > > > > What is a "Postfix repo for Debian"? Do you mean binary release > package

[pfx] Re: postfix repo

natan via Postfix-users: > Hi Wietse Have you thought about postfix repo for Debian, just like > dovecot has for his relase ? > > I'm asking by the way Yes. It will happen some time. Wietse ___ Postfix-users mailing list -- postfix-users@postf

[pfx] Re: [ext] Logging of SMTP smuggling mitigation

Ralf Hildebrandt via Postfix-users: > > Would it be possible to log at least the queue-id as well? Also sender > > and/or recipient would be nice ;-) Or is it for security that no more > > information is logged? > > 20240104 > > Cleanup: when the Postfix SMTP server rejects bare , > log the helo,

<    1   2   3   4   5   6   7   8   9   10   >