trouble with ldaps in ldap lookup map

(apologies if i'm reposting this. i forget i hadn't resubscribed before sending initially) hi- i'm having some trouble using ldaps in a lookup map for virtual_mailbox_domains (among others). here's my lookup map: cat virtual_mailbox_domains.cf version = 3 tls_ca_cert_file =

Re: trouble with ldaps in ldap lookup map

Victor Duchovni wrote: On Fri, Jun 26, 2009 at 11:50:12AM -0400, btb wrote: cat virtual_mailbox_domains.cf version = 3 tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt server_host = ldaps://ldap.example.com bind_dn = cn=postfix,ou=services,ou=accounts,dc=example,dc=com bind_pw

Re: trouble with ldaps in ldap lookup map

Victor Duchovni wrote: On Fri, Jun 26, 2009 at 02:12:12PM -0400, btb wrote: testing with postmap returns: postmap -q 'example.com' ldap:./virtual_mailbox_domains.cf postmap: warning: dict_ldap_set_tls_options: Unable to allocate new TLS context -1: Can't contact LDAP server Have you tried

relocation of virtual_transport settings to master.cf service

i've been experimenting with delivery for the virtual domain class to dovecot via lmtp - e.g. postconf virtual_transport virtual_transport = lmtp:[localhost]:lmtp-deliver this works fine. out of curiosity, i wondered if the particulars could be somehow moved into a service definition in

Re: relocation of virtual_transport settings to master.cf service

On Mar 13, 2012, at 17.01, mouss wrote: Le 13/03/2012 19:07, b...@bitrate.net a écrit : i've been experimenting with delivery for the virtual domain class to dovecot via lmtp - e.g. postconf virtual_transport virtual_transport = lmtp:[localhost]:lmtp-deliver this works fine. out of

Re: relocation of virtual_transport settings to master.cf service

On 2012.03.19 02.34, mouss wrote: Le 14/03/2012 03:53, b...@bitrate.net a écrit : On Mar 13, 2012, at 17.01, mouss wrote: Le 13/03/2012 19:07, b...@bitrate.net a écrit : i've been experimenting with delivery for the virtual domain class to dovecot via lmtp - e.g. postconf virtual_transport

Re: Want to Install Postfix but Afraid of Breaking MySQL

On Apr 01, 2012, at 11.38, Robinson, Eric wrote: We only want to install postfix as a null client for sending alerts from our servers. When I try to install postfix, it wants to install mysql-libs-5.1.61-1.el6_2.1 as well. I'm afraid this will break our mysql servers, which are all running

Re: Want to Install Postfix but Afraid of Breaking MySQL

On Apr 01, 2012, at 11.58, Robinson, Eric wrote: you could always just not install postfix, since installing an entire mail server isn't at all necessary to simply send email. i would recommend null client specific software, such as msmtp, instead. among other things, it would likely

virtual_alias_domains/maps and address classes

hi- i recently started using lmtp to deliver to dovecot for filesystem delivery. previous to that change, i'd used virtual(8), and thus was using virtual_mailbox_domains/maps, and virtual_alias_maps as well. shortly after switching, it occurred to me that since postfix was no longer involved

Re: virtual_alias_domains/maps and address classes

On 2012.04.09 23.32, Viktor Dukhovni wrote: On Mon, Apr 09, 2012 at 10:21:05PM -0400, b...@bitrate.net wrote: Given my understanding of address classes, it seemed that in order to use virtual_alias_maps, those related domains would need to be listed in virtual_alias_domains. This assumption

Re: virtual_alias_domains/maps and address classes

On 2012.04.10 08.32, Wietse Venema wrote: so the relationship between virtual_alias_maps/virtual_alias_domains is not quite the same as the relationship between virtual_mailbox_maps/virtual_mailbox_domains or relay_recipients/relay_domains? This is documented in virtual(5). thanks for the

Re: virtual_alias_domains/maps and address classes

On Apr 10, 2012, at 10.44, /dev/rob0 wrote: + * Note: virtual_alias_maps will be used with other address classes unless +a given domain is listed in virtual_alias_domains. see the section on To me, this confuses things more. virtual_alias_maps will be consulted (and its results

Re: virtual_alias_domains/maps and address classes

On Apr 11, 2012, at 07.06, Wietse Venema wrote: No. virtual_alias_maps is ALWAYS consulted, without any unless conditions. Wietser urg, yes, thank you for the patient reminder. i think my approach may have been backwards with respect to my goal. this patch hopefully better reflects

Re: virtual_alias_domains/maps and address classes

On Apr 14, 2012, at 13.19, Wietse Venema wrote: This proposes to add text under VIRTUAL ALIAS domains, that is important for people who are looking for documentation about LOCAL/VIRTUAL MAILBOX/RELAY domains. They will never find it. Wietse maybe as a note for address classes in

Re: virtual_alias_domains/maps and address classes

On Apr 14, 2012, at 15.55, Wietse Venema wrote: The alternatives that I see are a) Spam every address class description with text that virtual alias mappings are class-agnostic. Then we would also have to mention canonical_maps,and other class-agnostic mechanisms. on one hand, this might

postmap ldap lookups and case folding

postmap appears to fold to lowercase by default for ldap queries: postmap -vq '86:A5:5C:85:A3:98:2E:19:7A:54:57:99:76:9D:D5:A3:7E:46:85:C5' ldap:./ccert_access-test.cf postmap: name_mask: ipv4 [...] postmap: dict_ldap_lookup: ./ccert_access-test.cf: Searching with filter

Re: postmap ldap lookups and case folding

On Apr 26, 2012, at 18.47, Wietse Venema wrote: postmap appears to fold to lowercase by default for ldap queries: That is documented under the -f option. am i misunderstanding the last paragraph under input file format? the postmap documentation seems to state that case folding happens by

Re: postmap ldap lookups and case folding

On Apr 26, 2012, at 19.59, Wietse Venema wrote: When the table is provided via other means such as NIS, LDAP or SQL, the same lookups are done as for ordinary indexed files. ok, thanks for the clarification. the impetus for this question - i was setting up check_ccert_access to use

Re: postmap ldap lookups and case folding

On Apr 27, 2012, at 11.43, Viktor Dukhovni wrote: Your LDAP schema should specify certfingerprint as a case-insensitive attribute. This is a hexadecimal number (with some : characters thrown in for readability), and the case of A-F is insignificant. copied/pasted from my previous message-

temporarily suspending delivery

hi- i have an mx which then subsequently delivers incoming mail from the internet to another computer [ via relay_transport = relay-mda:[mda.example.com]:smtp-relay ] for further processing. while performing some maintenance on mda.example.com, i'd like to configure postfix on the mx to

Re: main.cf: How to remove mynetworks?

On Oct 28, 2012, at 12.47, thorso...@lavabit.com wrote: Hi, I don't want to send emails directly from my server. (I'm going to connect from a client.) I have the following settings in main.cf: mynetworks = 127.0.0.0/8 smtpd_recipient_restrictions =

Re: Sufficiently locked down?

On Jan 24, 2013, at 01.08, Stan Hoeppner wrote: On 1/23/2013 2:23 PM, Grant wrote: I thought my postfix setup was configured to send mail on port 587 and receive mail on port 25, so I was surprised to find that I could send mail from the local machine on port 25. Is my config OK? Postfix

Re: Sufficiently locked down?

On Jan 24, 2013, at 22.57, Stan Hoeppner wrote: commendably, he is at least making an attempt to properly use submission [which, btw, is far from useless and has nothing to do with the route a packet might take]. The primary features of the submission service are TLS encryption and

Re: Sufficiently locked down?

On Jan 25, 2013, at 13.29, Stan Hoeppner wrote: On 1/25/2013 10:18 AM, b...@bitrate.net wrote: On Jan 24, 2013, at 22.57, Stan Hoeppner wrote: The primary features of the submission service are TLS encryption and authentication. the primary feature of the submission service is to

Re: Upgrade for Postfix Mailman

On Jan 25, 2013, at 15.07, Jeff Bernier wrote: Hello All, I am currently running Mailman (2.1.14) and Postfix (2.4.3) on an aging Mac OS X server (10.5.8). Mailman and Postfix on this system are Apple's implementation on their platform of course. Apple no longer supports the Xserve

Re: Dovecot LDA - Active Directory userbase

On Jan 30, 2013, at 09.34, Peter von Nostrand wrote: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient} i'd encourage you to consider delivering to dovecot via lmtp[1] rather than pipe, and thus to consider using the

Re: Testing out SMTPS

On 2013.02.04 13.27, Robert Moskowitz wrote: http://www.emailsecuritygrader.com as with most helpful websites like this, this one is perpetuating misinformation. smtps has long since been deprecated, having been superseded by starttls. it also would appear to perpetuate the behavior of

Re: Running namecache service on postfix server?

On Feb 26, 2013, at 11.51, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Tue, Feb 26, 2013 at 09:58:54AM -0500, Robert Moskowitz wrote: I have recently updated my DNS server and am observing the traffic from my mail server to constantly query for names. Some of these names are

Re: Setting up virtual domains correctly

On Apr 9, 2013, at 19.56, Quanah Gibson-Mount qua...@zimbra.com wrote: I'm trying to fix my virtual domain configuration with postfix, which as noted in a prior discussion was done incorrectly by some unknown to me person in the past. The main issue right now is that it has:

Re: Setting up secure submission for remote users

On Apr 11, 2013, at 20.11, LuKreme krem...@kreme.com wrote: Reindl Harald opined on Thursday 11-Apr-2013@16:58:28 mynetworks should be genrally used with care and only for specific address instead whole networks with sooner or later potentially infected clients which can be banned if using

Re: Setting up secure submission for remote users

On 2013.04.12 07.01, LuKreme wrote: In our previous episode (Thursday, 11-Apr-2013), b...@bitrate.net said: you can certainly upgrade without breaking everything. as with anything else, it just takes some care and consideration. as far as procmail goes, i'd consider losing procmail to be a

Re: SMTPS 465

On Apr 12, 2013, at 15.25, Joan Moreau j...@grosjo.net wrote: Hi, I am stuck with making my SSL SMTPS (port 465) works, while it was working fine since ever. others have helped with the specifics of your question, so i'll address the philosophical aspect of it :) . while it may take

Re: Another sanity check request

On Apr 13, 2013, at 15.33, Russell Jones russ...@jonesmail.me wrote: Hi all, Upgrading mail server from Postfix 2.9 to 2.10. Could I get a quick sanity check to ensure my (fairly simple) setup is sane with the new smtpd_relay_restrictions? Thanks :-) smtpd_relay_restrictions =

Re: Another sanity check request

On Apr 13, 2013, at 15.48, Reindl Harald h.rei...@thelounge.net wrote: Am 13.04.2013 21:42, schrieb b...@bitrate.net: On Apr 13, 2013, at 15.33, Russell Jones russ...@jonesmail.me wrote: Hi all, Upgrading mail server from Postfix 2.9 to 2.10. Could I get a quick sanity check to

Re: Another sanity check request

On Apr 13, 2013, at 16.03, Russell Jones russ...@jonesmail.me wrote: really, neither of permit_mynetworks nor permit_sasl_authenticated belong in any global restrictions. smtp auth [e.g sasl] is for submission clients, which should be using submission/587, and these days, This is

Re: Another sanity check request

On Apr 13, 2013, at 16.40, Reindl Harald h.rei...@thelounge.net wrote: that your discourage use of permit_mynetworks is far from reality as also do not use SASAL and submission on port 25 as well if someone asks for ANOTHER sanity check after upgrade to a new version? i'm not sure why it

Re: Another sanity check request

On Apr 13, 2013, at 17.10, Russell Jones russ...@jonesmail.me wrote: On 4/13/2013 3:44 PM, b...@bitrate.net wrote: you offer no service whatsoever on port 25? postfix is not listening on that port? if that's truly the case, then, to be pedantic, you're running an msa, not an mta, in

Re: Odd trivial-rewrite complaint with postfix 2.10

On 2013.04.22 13.35, Quanah Gibson-Mount wrote: This started showing up sporadically in our logs after upgrading to postfix 2.10: Apr 22 14:42:50 zqa-061 postfix/trivial-rewrite[30487]: warning: do not list domain zqa-061.eng.vmware.com in BOTH mydestination and virtual_mailbox_domains

http://www.postfix.org/

the postfix website seems to be acting unexpectedly. http://www.postfix.org/ appears to have been replaced with what was previously http://www.postfix.org/documentation.html [and an old version?] rather than what [iirc] it used to be - http://www.postfix.org/start.html i thought i'd mention

Re: question about auth, smtpd and roundcube

On 2013.06.20 04.51, Felix Rubio Dalmau wrote: Hi all, I have set up a postfix+dovecot+roundcube installation. Currently, I have set up these smtpd parameters: smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_discard_ehlo_keyword_address_maps =

Re: question about auth, smtpd and roundcube

On Jun 21, 2013, at 03.50, Felix Rubio Dalmau felixrubiodal...@gmail.com wrote: Sorry for disturbing you, Ben Thank you for your answer, but there is one point I don't fully get: If I set up an smtp [25] to offer encryption without auth, a submission [587] to require encryption

Re: postfix+ejabberd

On Jul 3, 2013, at 16.31, Dejan Doder dode...@gmail.com wrote: Hi group , sorry because I have general question Did anyone have experience with integration posfix and ejabberd ? integration how? what is your goal?

Re: smtpd optional authentication and relay

On Jul 4, 2013, at 20.44, W T Riker wtriker@gmail.com wrote: On 7/4/2013 8:36 PM, Wietse Venema wrote: W T Riker: On 7/4/2013 8:01 PM, Wietse Venema wrote: gw1500: It is not clear from the documentation if this is possible or how to do it but I want to make authentication optional but

Re: Send email for users from any location

On 2013.07.08 08.25, Dotan Cohen wrote: Form googling I found this solution online but it does not work as I expected. instead of googling, simply use the postfix documentation that came with the software. your goal is accomplished by implementing smtp auth, which postfix offers by way of

Re: Backup mx on cable

On Jul 9, 2013, at 21.56, Fred Zinsli fred.zin...@shooter.co.nz wrote: This is something I hadn't considered at all. In order for me to better understand the consequences of my actions are you able to explain to me why that is the case, and what situation would need to arise for that to

Re: dovecot: imap-login: Aborted login

On Jul 21, 2013, at 21.55, Adnane m...@adnane.me wrote: Hello every one first I'am new to mail servers, I have followed this tutorial -- https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql?format=print to set up an Ubuntu 12.04 Dovecot postfix mail box for a

Re: Advice on Debian/postscreen and optimization

On 2013.08.06 15.34, John Allen wrote: Is there a more up to date guide that I could reference as I review my existing setup. it's unlikely you'll get much endorsement here of arbitrary howtos or guides. instead, i'd encourage you to simply share your config [postconf -nf; postconf -Mf],

Re: Setting up SPF in Postfix for sending

On Aug 16, 2013, at 01.56, Rob Tanner rtan...@linfield.edu wrote: What is it, besides adding the correct the DNS TXT records as there is a formal dns rr type for spf defined in rfc4408, you'll of course want to include that as well. -ben

Re: Setting up SPF in Postfix for sending

On Aug 16, 2013, at 15.06, Scott Kitterman post...@kitterman.com wrote: I wouldn't bother. It has only very limited deployment and is proposed for removal in the revision to RFC 4408 that is about to enter IETF last call. interesting. thank you for calling attention to this. -ben

Re: postfix.org down?

On 2013.08.20 10.23, Charles Marcus wrote: for me at least... http://www.downforeveryoneorjustme.com/www.postfix.org

Re: Disabling user submission on port 25

On 2013.08.27 00.32, LuKreme wrote: That seem like a bit much. I allow the web-server (which hosts the webmail) in mynetworks, since users mailing from there are already authenticated. I can see there are situations where it would be a good idea. web mail users should perform proper smtp

Re: Is there a way to apply policy only to outgoing mail?

On 2013.09.04 09.29, Przemysław Orzechowski wrote: Hi Im trying to get cbpolicyd to be applied only to outgoing mail (Postfix vresion 2.7.0) you don't apply it to outgoing mail. you apply it to incoming mail [this is why the terms incoming and outgoing are typically best avoided] I'm

Re: Quick question on mynetworks

On Oct 3, 2013, at 06.30, Mark Goodge m...@good-stuff.co.uk wrote: I know I could solve the problem by using authentication, but a lot of the outbound email is generated by cron scripts on a server inside the network, and rewriting all of them to authenticate when sending mail is likely to

Re: rewrite sender address when recipient is non local

On 2013.10.21 17.54, Noel Jones wrote: On 10/21/2013 3:53 PM, btb wrote: i have a scenario in which certain email is sent using envelope senders that contain host names that are known only on the local lan/network, and unknown on the internet. most mail expressing that characteristic stays

possible alternative methods for exclusion to transport_maps entry

this stems from another discussion [http://archives.neohapsis.com/archives/postfix/2013-10/0454.html]. i'm currently doing: transport_maps = hash:$table_directory/transports cat transports example.com example-internal: foo.example.com smtp: .example.com

Re: rewrite sender address when recipient is non local

On 2013.10.22 09.56, Noel Jones wrote: On 10/22/2013 8:41 AM, btb wrote: On 2013.10.21 17.54, Noel Jones wrote: On 10/21/2013 3:53 PM, btb wrote: i have a scenario in which certain email is sent using envelope senders that contain host names that are known only on the local lan/network

Re: Find which port a user connected to?

On 2014.01.22 11.41, Chris Richards wrote: Basically, I need to find out which users are connecting to port 25 instead of 587. man 5 postconf. see syslog_name. also see the sample config which comes with the software. this includes a submission config which uses syslog_name -ben

Re: Email disappearing into a black hole...

On Feb 15, 2014, at 23.14, SH Development listacco...@starionline.com wrote: Feb 15 21:12:36 mail postfix/pipe[23969]: 931AF2F4F36: to=aaa...@mail.starionhost.net, orig_to=aaa...@stariontech.com, relay=cyrus, delay=0, status=sent you’ve configured postfix to pass mail to

Re: Email disappearing into a black hole...

On Feb 15, 2014, at 23.14, SH Development listacco...@starionline.com wrote: Feb 15 21:12:36 mail postfix/pipe[23969]: 931AF2F4F36: to=aaa...@mail.starionhost.net, orig_to=aaa...@stariontech.com, relay=cyrus, delay=0, status=sent you’ve configured postfix to pass mail to

logging when message_size_limit is exceeded

hi- when message_size_limit is exceeded, i see the following logs: Jun 24 11:20:21 mta postfix/postscreen[5758]: CONNECT from [173.201.193.182]:45771 to [10.3.70.5]:25 Jun 24 11:20:21 mta postfix/postscreen[5758]: PASS OLD [173.201.193.182]:45771 Jun 24 11:20:21 mta postfix/smtpd[7066]: connect

Re: logging when message_size_limit is exceeded

On Jun 24, 2014, at 19.35, Wietse Venema wie...@porcupine.org wrote: btb: Jun 24 11:20:21 mta postfix/postscreen[5758]: CONNECT from [173.201.193.182]:45771 to [10.3.70.5]:25 Jun 24 11:20:21 mta postfix/postscreen[5758]: PASS OLD [173.201.193.182]:45771 Jun 24 11:20:21 mta postfix/smtpd

address verification: Address verification in progress

we use recipient address verification amongst some of our own domains. on occasion, i see the following log entries: Jul 6 08:26:22 msa-aux postfix/smsp/smtpd[2545]: connect from client.example.com[10.48.40.102] Jul 6 08:26:22 msa-aux postfix/smsp/smtpd[2545]: Anonymous TLS connection

Re: address verification: Address verification in progress

On 2014.07.07 12.25, btb wrote: we use recipient address verification amongst some of our own domains. on occasion, i see the following log entries: Jul 6 08:26:22 msa-aux postfix/smsp/smtpd[2545]: connect from client.example.com[10.48.40.102] Jul 6 08:26:22 msa-aux postfix/smsp/smtpd[2545

Re: address verification: Address verification in progress

On 2014.07.07 12.39, Wietse Venema wrote: Find out why it takes 6.2 seconds to connect over TCP and to complete the SMTP handshake with the remote SMTP server. given postscreen_greet_wait, it's a coincidence that the remote server's postscreen logs show that same delay ~6 second delay, but

understanding address_verify_poll_delay

with respect to my previous question about address verification, i think i'm not understanding address_verify_poll_delay correctly. while working on troubleshooting the 6.2 second delay during the smtp handshake, i'd set address_verify_poll_delay to 15 seconds, expecting that postfix would

Re: understanding address_verify_poll_delay

On Jul 9, 2014, at 18.48, Wietse Venema wie...@porcupine.org wrote: btb: with respect to my previous question about address verification, i think i'm not understanding address_verify_poll_delay correctly. while working on troubleshooting the 6.2 second delay during the smtp handshake

Re: understanding address_verify_poll_delay

On Jul 9, 2014, at 19.35, Wietse Venema wie...@porcupine.org wrote: address_verify_poll_delay (default: 3s) The DELAY BETWEEN QUERIES for the completion of an address verification request in progress. This specifies the delay betweem the $address_verify_poll_count queries for one

understanding documentation for always_add_missing_headers, local_header_rewrite_clients and cleanup(8)

hi- if i'm interpreting correctly, the documentation for cleanup(8) says that (Resent-) From:, To:, Message-Id:, and Date: headers are always inserted: The cleanup(8) daemon always performs the following transformations: · Insert missing message headers: (Resent-) From:, To:, Message-Id:,

Re: understanding documentation for always_add_missing_headers, local_header_rewrite_clients and cleanup(8)

On Aug 27, 2014, at 19.36, Wietse Venema wie...@porcupine.org wrote: btb: hi- if i'm interpreting correctly, the documentation for cleanup(8) says that (Resent-) From:, To:, Message-Id:, and Date: headers are always inserted: This is enabled with to local_header_rewrite_clients

different transport for all mail introduced via sendmail(1)

hi- i have a mail submission server [submission/587 only] [msa.example.com] for our users [config below]. in that context, it's working as desired. we also have another, separate, msa [msa.systems.example.com], which servers and other infrastructure devices use for submitting mail. how

Re: different transport for all mail introduced via sendmail(1)

On 2014.09.10 14.02, wie...@porcupine.org (Wietse Venema) wrote: btb: hi- i have a mail submission server [submission/587 only] [msa.example.com] for our users [config below]. in that context, it's working as desired. we also have another, separate, msa [msa.systems.example.com], which

add header for canonical recipients

hi- i'm not quite certain the subject is an accurate synopsis. apologies if it's misleading. we have a proprietary system which delivers voicemail messages as email attachments. it submits mail via submission to postfix, which looks like this: Sep 18 16:03:33 msa

Re: add header for canonical recipients

On Sep 18, 2014, at 20.17, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Thu, Sep 18, 2014 at 07:51:53PM -0400, btb wrote: From: postmas...@phonesrv.example.com To: VOICE/1nnn5551212@phonesrv.example.com Is that the address or the display name? What is the content of the complete

Re: Input requested: append_dot_mydomain default change

On Sep 22, 2014, at 11.41, Wietse Venema wie...@porcupine.org wrote: This time PLEASE refrain from sidetracking the discussion. I want to know what will break when the default changes, if that is not too much to ask for. Summary: Until now, Postfix has a default setting

Re: Add --version option to postfix

On Sep 27, 2014, at 07.48, Wietse Venema wie...@porcupine.org wrote: Use postconf -d, not postconf -n. -n is for settings in the configuration file, -d is for the built-in settings which include the version, release date, and so on. this reminds me - some time long ago, i happened to notice

Re: Add --version option to postfix

On Sep 27, 2014, at 10.42, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Sat, Sep 27, 2014 at 10:24:13AM -0400, b...@bitrate.net wrote: On Sep 27, 2014, at 07.48, Wietse Venema wie...@porcupine.org wrote: Use postconf -d, not postconf -n. -n is for settings in the configuration

Re: Add --version option to postfix

On Sep 27, 2014, at 10.32, Wietse Venema wie...@porcupine.org wrote: b...@bitrate.net: On Sep 27, 2014, at 07.48, Wietse Venema wie...@porcupine.org wrote: Use postconf -d, not postconf -n. -n is for settings in the configuration file, -d is for the built-in settings which include the

Re: Add --version option to postfix

On Sep 27, 2014, at 11.20, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Sat, Sep 27, 2014 at 10:42:27AM -0400, Wietse Venema wrote: [root@mail-gw:~]$ postconf -n | grep config_directory config_directory = /etc/postfix You're welcome to fix that. I'm now working on other things,

delaying mail before passing to next hop

hi- short version: i have an mx which, after doing the initial handling [postscreen, etc] of messages arriving from the internet, relays mail to another computer for content filtering [amavis/spamassassin]: relay_transport = lmtp-filter:[mfa.example.com]:lmtp-filter-external after a message

Re: delaying mail before passing to next hop

On Nov 13, 2014, at 15.02, Noel Jones njo...@megan.vbhcs.org wrote: On 11/13/2014 11:14 AM, b...@bitrate.net wrote: hi- short version: i have an mx which, after doing the initial handling [postscreen, etc] of messages arriving from the internet, relays mail to another computer for

Re: delaying mail before passing to next hop

On Nov 13, 2014, at 13.00, Robert Schetterer r...@sys4.de wrote: Am 13.11.2014 um 18:14 schrieb b...@bitrate.net: hi- short version: i have an mx which, after doing the initial handling [postscreen, etc] of messages arriving from the internet, relays mail to another computer for

Re: Configuring MSA in postfix

On Nov 14, 2014, at 14.47, Wietse Venema wie...@porcupine.org wrote: Alamgir Shamim: Hello, Can you please tell me how to configure MSA with postfix. I want to create all local user in MSA. local user's mail will be delivered in MSA and out going mail will be forwarded to another mail

cidr:/ lookup using network map [e.g. mysql]

hi- i currently have: postscreen_access_list = cidr:$table_directory/postscreen_access_list.cidr with various sized netblocks rejected therein. this all works fine. i have more than one mx, and would like to store this data in a centralized location and query over the network instead of

Re: cidr:/ lookup using network map [e.g. mysql]

On Dec 15, 2014, at 17.47, Wietse Venema wrote: btb: hi- i currently have: postscreen_access_list = cidr:$table_directory/postscreen_access_list.cidr with various sized netblocks rejected therein. this all works fine. i have more than one mx, and would like to store this data

Re: cidr:/ lookup using network map [e.g. mysql]

On 2014.12.15 23.51, Peter wrote: On 12/16/2014 07:22 AM, btb wrote: with various sized netblocks rejected therein. this all works fine. i have more than one mx, and would like to store this data in a centralized location and query over the network instead of duplicating the files on each mx

Re: Postfix configuration postconf

On Feb 08, 2015, at 05.55, John j...@klam.ca wrote: Is there a way of checking for unnecessary entries in the Postfix main or master config files. I was looking through the mailing list and noticed the point that Victor made about smtpd_tls_session_cache_database being mostly

Re: postscreen stopped working today for a few hours

On 2015.01.15 22.21, Viktor Dukhovni wrote: On Thu, Jan 15, 2015 at 09:57:53PM -0500, b...@bitrate.net wrote: i happened to notice that on one of our two mxes, no postscreen activity was logged between 06:25:09 and 11:54:42: Jan 15 06:25:09 mta2 postfix/postscreen[22371]: DISCONNECT

Re: postscreen stopped working today for a few hours

On 2015.01.16 09.43, wie...@porcupine.org (Wietse Venema) wrote: btb: postconf -Mf smtp inet n - - - 1 postscreen Yep, it's chrooted. You need to configure syslog to add a log socket to the jail, or turn off chroot. during this period, postfix activity

Re: numerical score result for postscreen_access_list?

On 2015.01.22 10.35, wie...@porcupine.org (Wietse Venema) wrote: btb: we have a small local blacklist, mostly used for clients which aren't listed in dnsbls. postscreen_access_list = cidr:$table_directory/postscreen_access_list-rejects.cidr sometimes when a larger netblock gets listed

numerical score result for postscreen_access_list?

we have a small local blacklist, mostly used for clients which aren't listed in dnsbls. postscreen_access_list = cidr:$table_directory/postscreen_access_list-rejects.cidr sometimes when a larger netblock gets listed, it can have the unintended consequences of blocking well behaved clients

Re: numerical score result for postscreen_access_list?

is not a bot. btb: right. we do that now. taking advantage of whitelist negative scoring to reduce some of the administrative burden would be nice though, and also avoid the fix it after finding out it's broken scenario. Instead of postscreen_access_list, you could use rbldnsd (or equivalent) to mix

Re: Next Dumb question - mynetworks

On Feb 14, 2015, at 16.14, John j...@klam.ca wrote: Does mynetworks have to contain anything other than 127.0.0.1/8 and ::1/128. for whatever it's worth, my personal preference is to, as a rule, always set mynetworks to empty. i make an effort to not allow relaying based on source ip

Re: session id for postscreen

On Mar 05, 2015, at 12.51, Wietse Venema wie...@porcupine.org wrote: btb: when reviewing postscreen entries in logs, it's difficult to quickly grep for entries relevant to a particular session, since the only unique value in the entry is the pid, which is quite long lived and spans many

session id for postscreen

when reviewing postscreen entries in logs, it's difficult to quickly grep for entries relevant to a particular session, since the only unique value in the entry is the pid, which is quite long lived and spans many sessions. i wondered how practical it might be to include a unique id along

TLS_README and computing fingerprint values

hi- in TLS_README it's instructed to use the following command to compute an sha-1 public key fingerprint: openssl x509 -in foo.example.com-cert.pem -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -sha1 -c (stdin)= 7e:8b:82:2e:c8:9a:bc:f9:ae:1a:de:e6:9a:6c:b3:3b:b3:34:21:7a

Re: TLS_README and computing fingerprint values

On Jun 14, 2015, at 18.21, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Sun, Jun 14, 2015 at 02:28:31PM -0400, b...@bitrate.net wrote: In TLS_README it's instructed to use the following command to compute an sha-1 public key fingerprint: $ openssl x509 -in

Re: order of actions in postfix

> On Nov 16, 2015, at 02.53, Vicki Brown wrote: > > [...] discards email to non-existent recipient addresses [...] on a side note, don't accept mail and then discard it. instead, reject it. -ben

Re: postscreen: DNSBL rank not seen in logs for some ip addresses

On 2015.12.16 11.35, Wietse Venema wrote: The client was not listed at some DNSBL this explains it, thanks. i don't know why, but i was expecting postscreen to tell me that the client was not listed. i now see in the docs that it's only logged if postscreen_dnsbl_threshold is met. -ben

postscreen: DNSBL rank not seen in logs for some ip addresses

hi- i've become accustomed to seeing log passages like this: >grep -iF '[142.4.19.85]:52366' mail.log Dec 16 09:41:09 mta1 postfix/postscreen[27678]: CONNECT from [142.4.19.85]:52366 to [10.3.70.6]:25 Dec 16 09:41:15 mta1 postfix/postscreen[27678]: DNSBL rank 5 for [142.4.19.85]:52366 Dec 16

Re: Adding a noreply address

On 2016.01.26 10.54, Matt Bayliss wrote: I'm trying to find the correct/best practice method for setting up a black hole email address for such items as "noreply" addresses when sending alerts from monitoring devices etc. if you intend no mail to be sent to this address anyway, and will just

  1   2   >