Re: Why does EHLO [X.X.X.X] always pass helo restrictions?

Am 13.09.2014 um 15:10 schrieb LuKreme: > On 12 Sep 2014, at 13:55 , li...@rhsoft.net wrote: >> Am 12.09.2014 um 21:49 schrieb Philip Prindeville: >>>> However, any time I connect via telnet to this server and specify >>>> *any* IP address in the form [X.X.

Re: Why does EHLO [X.X.X.X] always pass helo restrictions?

Am 13.09.2014 um 15:10 schrieb LuKreme: > On 12 Sep 2014, at 13:55 , li...@rhsoft.net wrote: >> Am 12.09.2014 um 21:49 schrieb Philip Prindeville: >>>> However, any time I connect via telnet to this server and specify >>>> *any* IP address in the form [X.X.

Re: Why does EHLO [X.X.X.X] always pass helo restrictions?

Am 13.09.2014 um 19:12 schrieb LuKreme: >> On 13 Sep 2014, at 07:35 , li...@rhsoft.net wrote: >> >> Am 13.09.2014 um 15:10 schrieb LuKreme: >>> On 12 Sep 2014, at 13:55 , li...@rhsoft.net wrote: >>>> Am 12.09.2014 um 21:49 schrieb Philip Prindeville: >&g

Re: Why does EHLO [X.X.X.X] always pass helo restrictions?

Am 13.09.2014 um 20:19 schrieb Wietse Venema: > li...@rhsoft.net: >>>> and only because people continue to tell it is reasonable instead block >>>> such connections >>> >>> It would be a burden on YOU to convince people (well Wietse) that it is not

Re: Why does EHLO [X.X.X.X] always pass helo restrictions?

Am 13.09.2014 um 22:42 schrieb LuKreme: > On 13 Sep 2014, at 11:48 , li...@rhsoft.net wrote: >> check_helo_access exists > > Exactly, so what is the problem? You seemed very unhappy the next time you respond to something read the thread i only commented the "reasonable" until you stepped in

Re: Why does EHLO [X.X.X.X] always pass helo restrictions?

Am 14.09.2014 um 01:54 schrieb Philip Prindeville: > On Sep 13, 2014, at 7:35 AM, li...@rhsoft.net wrote: >> Am 13.09.2014 um 15:10 schrieb LuKreme: >>> On 12 Sep 2014, at 13:55 , li...@rhsoft.net wrote: >>>> Am 12.09.2014 um 21:49 schrieb Philip Prindeville: >

Re: postscreen deep protocol tests and Amazon timeouts

Am 15.09.2014 um 18:19 schrieb Andrew J. Schorr: > Wietse Venema wrote: >> As long as the SMTP session still exists, the client may still make >> a mistake, and postscreen will not whitelist it. > > Thanks for the explanation. I am surprised that Amazon's mailservers are so > stupid. > >> Don't

Re: postscreen deep protocol tests and Amazon timeouts

Am 15.09.2014 um 22:31 schrieb Andrew J. Schorr: > li...@rhsoft.net wrote: >> what i recently implemented was >> * give thx MX a second IP >> * add it everywehere as backup-mx >> * disable postcreen WL on that IP > > I am doing the same thing here. It is hel

Re: Why is postfix talking to aspmx.google & spamexperts?

Am 15.09.2014 um 23:09 schrieb John Oliver: > Lots of logs of postfix trying to talk to spamexperts.com and > aspmx.X.google.com Only problem is, I'm not connected to the Internet, > so this is never going to work :-) I can't find anything relevant in > any of the postfix files, so... how do I t

Re: postscreen deep protocol tests and Amazon timeouts

Am 16.09.2014 um 13:41 schrieb Uwe Drießen: >> just not how email works for large senders. > > If my Server had a problem the big sender becomes the > same error like greylisting no, because he just tries later or another MX > If the big sender can not handle it they breaks the RFC not I. > T

FYI: blocking attachment extensions

(yes i know it's not 100% perfect in any case) but anybody using "mime_header_checks" by one of the similar howtos out there should review the configuration - without \" at the end of the regex this is prone to false positives two examples from real world (.scr and .com wrongly rejected) * name=

Re: FYI: blocking attachment extensions

Am 16.09.2014 um 20:34 schrieb Wietse Venema: > li...@rhsoft.net: >> (yes i know it's not 100% perfect in any case) >> >> but anybody using "mime_header_checks" by one of the similar howtos out >> there should review the configuration - without \" at

Re: FYI: blocking attachment extensions

Am 16.09.2014 um 21:00 schrieb Viktor Dukhovni: > On Tue, Sep 16, 2014 at 01:41:36PM -0500, Noel Jones wrote: > >> I've used the below for a few years with good results. It's better, >> but surely not perfect. >> >> # block windows executables PCRE >> /^\s*Content-(Disposition|Type).*name\s*=\s*

Re: Why does EHLO [X.X.X.X] always pass helo restrictions?

Am 16.09.2014 um 21:48 schrieb Philip Prindeville: > On Sep 14, 2014, at 2:17 AM, li...@rhsoft.net wrote: > >> Am 14.09.2014 um 01:54 schrieb Philip Prindeville: >>> On Sep 13, 2014, at 7:35 AM, li...@rhsoft.net wrote: >>>> Am 13.09.2014 um 15:10 schrieb LuKrem

Re: FYI: blocking attachment extensions

Am 16.09.2014 um 21:42 schrieb Viktor Dukhovni: > On Tue, Sep 16, 2014 at 09:28:11PM +0200, li...@rhsoft.net wrote: > >>> # block windows executables PCRE >>> /^\s*Content-(?:Disposition|Type): # Header label >>> (?:.*?;)? \s*

Re: FYI: blocking attachment extensions

Am 16.09.2014 um 22:28 schrieb Viktor Dukhovni: > On Tue, Sep 16, 2014 at 10:15:03PM +0200, li...@rhsoft.net wrote: > >> I removed all comments AFAIK >> that are 3 single lines without any break not added by the mail-client > > I've copied the rule below in

Re: current best practice on the usage of the reject_unknown_hostname

Am 16.09.2014 um 23:24 schrieb AndreaML: > Is it also your experience? Has reject_unknown_hostname less and less use in > favour of other anti-spam methods? > > because in a server with 5000 mailbox and 80k-100k messages a day, that > setting free me of 20k-30k spam messages easily, but catch t

Re: FYI: blocking attachment extensions

e with postmap but not in real operations while it was made sure the config file is used adn all reloaded > On Sep 16, 2014, at 12:04 PM, li...@rhsoft.net wrote: > >> (yes i know it's not 100% perfect in any case) >> >> but anybody using "mime_header_checks"

Re: FYI: blocking attachment extensions

Am 17.09.2014 um 01:19 schrieb Viktor Dukhovni: > On Tue, Sep 16, 2014 at 07:14:51PM -0400, Wietse Venema wrote: > >> li...@rhsoft.net: >>>>>> Content-Type: application/octet-stream; >>>>>> name="test.exe" >> >> To test mult

Re: FYI: blocking attachment extensions

Am 17.09.2014 um 01:42 schrieb Viktor Dukhovni: > On Wed, Sep 17, 2014 at 01:24:27AM +0200, li...@rhsoft.net wrote: > >> I still don't understand why "postmap" has a result but with >> postfix Viktors rule don't catch the attachment and so finally >&g

Re: FYI: blocking attachment extensions

*argh* "regexp" versus "pcre" i only replaced the regex without realite the different map type that's why i posted "postconf -n" :-( however, works now, thank you! Am 17.09.2014 um 01:59 schrieb li...@rhsoft.net: > Am 17.09.2014 um 01:42 schrieb Viktor D

Re: FYI: blocking attachment extensions

Am 17.09.2014 um 11:28 schrieb Christian Rößner: > Am 17.09.2014 um 10:02 schrieb Christian Rößner > : > >> /x REJECT blocked filename ${1} > > Missing indention here. Got it. Thanks i attached once again my final (appearing to work) config file - may somebody review if there

Re: current best practice on the usage of the reject_unknown_hostname

Am 17.09.2014 um 11:37 schrieb AndreaML: > On Tuesday 16 September 2014 23:33:43 li...@rhsoft.net wrote: >> >> that still too much mail admins sadly don't care about 3 things >> >> * A record >> * PTR >> * HELO name >> >> and instead "r

Re: can check_helo_access go in smtpd_helo_restrictions?

Am 17.09.2014 um 12:17 schrieb LuKreme: > Subject kind of says it all, can you put check_helo_access in the > smtpd_helo_restrictions block or does it need to be in > smtp_recipient_restrictions? yes, it's indicated by the name but anyways: http://www.postfix.org/postconf.5.html#smtpd_delay_rej

Re: FYI: blocking attachment extensions

Am 17.09.2014 um 13:20 schrieb Wietse Venema: > li...@rhsoft.net: >> /^Content-(?:Disposition|Type):stuff/x REJECT 554 Attachment Blocked "$1" > > - What is $1 supposed to contain? in fact the attachment name in the log as well as in the REJET response (Thunderbird

Re: Is it possible rewrite like this?

Am 18.09.2014 um 09:05 schrieb Philip Rhoades: > I've had a look at the rewrite stuff but I can't see that it is possible to > do what I want: > > For outgoing mail for users with names like: > > info_dom1@* > info_dom2@* > info_dom3@* > > I want their from/reply-to addresses to be rewri

warning: use DUNNO instead of OK if you want to make an exception

postfix/smtpd[29991]: warning: restriction check_reverse_client_hostname_access returns OK postfix/smtpd[29991]: warning: this is not allowed for security reasons postfix/smtpd[29991]: warning: use DUNNO instead of OK if you want to make an exception __

Re: warning: use DUNNO instead of OK if you want to make an exception

oxy:regexp:/etc/postfix/blacklist_helo.cf Am 18.09.2014 um 13:02 schrieb li...@rhsoft.net: > postfix/smtpd[29991]: warning: restriction > check_reverse_client_hostname_access returns OK > postfix/smtpd[29991]: warning: this is not allowed for security reasons > postfix/smtpd[29991]

Re: Add X-header to postfix/smtp line

Am 18.09.2014 um 14:36 schrieb James Bailey: > I have postfix logging certain X-headers but they are entered as a separate > line under postfix/cleanup. Is it possible to log X-header info to > the postfix/smtp lines? smtp_header_checks = outgoing = smtpd header_checks = incoming = cleanup you

Re: FYI: blocking attachment extensions

Am 18.09.2014 um 15:45 schrieb terrygalant.li...@fastest.cc: > I've been reading the discussion here and the various approaches to blocking > extensions > > I'd gotten this from a friend awhile ago, and have been using it > > With > > postfix_header_checks = pcre:/path/to/custom_header_c

Re: Add X-header to postfix/smtp line

Am 18.09.2014 um 15:23 schrieb James Bailey: > On 2014-09-18 13:42, li...@rhsoft.net wrote: >> Am 18.09.2014 um 14:36 schrieb James Bailey: >>> I have postfix logging certain X-headers but they are entered as a separate >>> line under postfix/cleanup. Is it possi

Re: Add X-header to postfix/smtp line

Am 18.09.2014 um 16:18 schrieb James Bailey: > On 2014-09-18 14:52, li...@rhsoft.net wrote: >> Am 18.09.2014 um 15:23 schrieb James Bailey: >>> On 2014-09-18 13:42, li...@rhsoft.net wrote: >>>> Am 18.09.2014 um 14:36 schrieb James Bailey: >>>>> I ha

check_reverse_client_hostname_access: "unknown" in logs

why does postfix log sometimes "unknown[xx.xx.xx.xx]" when in fact the reason for the reject is the PTR itself? sadly it's also missing in the response in such cases and in case it would have been a legit human person the only relevant debug information is missing (disclaimer: there are 139 DUNNO

Re: check_reverse_client_hostname_access: "unknown" in logs

Am 19.09.2014 um 13:28 schrieb Wietse Venema: > li...@rhsoft.net: >> why does postfix log sometimes "unknown[xx.xx.xx.xx]" when in fact the >> reason for the reject is the PTR itself? sadly it's also missing in >> the response in such cases and in case it wou

Re: check_reverse_client_hostname_access: "unknown" in logs

Am 19.09.2014 um 15:55 schrieb Noel Jones: > On 9/19/2014 3:37 AM, li...@rhsoft.net wrote: >> why does postfix log sometimes "unknown[xx.xx.xx.xx]" when in fact the >> reason for the reject is the PTR itself? sadly it's also missing in >> the response in such

Re: PATCH: check_reverse_client_hostname_access: "unknown" in logs

thank you - looka promising! could you attach this as unified diff-file? that makes it easy to include it in rpmbuild for test/feedback copy&paste usually damages something in patches Am 21.09.2014 um 02:08 schrieb Wietse Venema: > Does the following address the problem? This fixes the responses

Re: PATCH: check_reverse_client_hostname_access: "unknown" in logs

Am 21.09.2014 um 02:30 schrieb Wietse Venema: > li...@rhsoft.net: >> thank you - looks promising! >> >> could you attach this as unified diff-file? > > The patch is unified diff format. It just does not have some of the > garbage that some version control systems ad

Re: PATCH: check_reverse_client_hostname_access: "unknown" in logs

Am 21.09.2014 um 02:43 schrieb Wietse Venema: > li...@rhsoft.net: >> >> Am 21.09.2014 um 02:30 schrieb Wietse Venema: >>> li...@rhsoft.net: >>>> thank you - looks promising! >>>> >>>> could you attach this as unified diff-file? >>

Re: PATCH: check_reverse_client_hostname_access: "unknown" in logs

Am 21.09.2014 um 03:08 schrieb Wietse Venema: > li...@rhsoft.net: >>>> rpmbuild refuses :-( >>> >>> You need a different patch for 2.11 and earlier. See >>> earlier follow-up >> >> thanks - after change the patch it get applied >> &g

Re: localhost.com

Am 21.09.2014 um 07:07 schrieb Ruben Safir: > On Sat, Sep 20, 2014 at 03:13:51AM -0600, LuKreme wrote: >> On 19 Sep 2014, at 20:58 , Ruben Safir wrote: >>> I used fetchmail to retreive email from the university and it hands off >>> the local system which cause the mail to try to be forward to >>>

do *NOT* send the GTUBE in mails

http://marc.info/?l=postfix-users&m=141128851606167&w=2 what do people imagine happens if they send the GTUB per mail? it will be rejcted and may lead up in accout suspend for the innocent RCPT - don#t do that, call it by name - period http://spamassassin.apache.org/gtube/ Sep 21 10:35:19 localh

Re: header checks not working

Am 12.09.2014 um 11:29 schrieb Den: >> run the spamfilter after queue >> http://www.postfix.org/MILTER_README.html > > Thanks. Will double-check on that. Chances also are that I missed something > too or I might as well have to try to switch to these milters as running SA > daemonized doesn't wor

Re: PATCH: check_reverse_client_hostname_access: "unknown" in logs

Am 21.09.2014 um 03:12 schrieb li...@rhsoft.net: > Am 21.09.2014 um 03:08 schrieb Wietse Venema: >> li...@rhsoft.net: >>>>> rpmbuild refuses :-( >>>> >>>> You need a different patch for 2.11 and earlier. See >>>> earlier foll

Re: disable tls compression on postfix 2.9

Am 22.09.2014 um 13:32 schrieb Jose J: > I have postfix 2.9 installed and i want to disable the tls > compression, in postfix 2.11 i have to add a line with > "tls_ssl_options = no_compression" but what about postfix 2.9? > > Anyone know how to disable tls compression in postfix 2.9? first: the

Re: Please comment: append_dot_mydomain change

Am 22.09.2014 um 16:56 schrieb Viktor Dukhovni: > I was asking what the plan is for systems that *do* run > > # postfix upgrade-configuration > > As for Debian, perhaps we can persuade LaMont to fix the Debian package > so that: > > # postfix set-permissions > > works, and > >

Re: postfix not able to send email

Am 22.09.2014 um 21:54 schrieb Subin K S: > I've compiled and installed postfix 2.11 on Debian7, from source. Now when I > try to send an email using to an > extrernal address from teh command line it errs out as follows: > > Sep 22 15:44:57 server1 postfix/qmgr[3894]: 0610827808C6: from=, > si

copy a message by subject to a different address

i try to explain the setup first: * inbound-only gateway * spamassassin as milter * different target servers as smtp-transports all, is working perect so far if a message is detected as spam and don't have the score for reject SA adds [SPAM] as subject prefix well, i would like to deliver that

Re: copy a message by subject to a different address

Am 23.09.2014 um 23:24 schrieb Wietse Venema: > li...@rhsoft.net: >> if a message is detected as spam and don't have the score >> for reject SA adds [SPAM] as subject prefix >> well, i would like to deliver that messages unchanged but send a >> copy to a spe

Re: copy a message by subject to a different address

Am 24.09.2014 um 02:42 schrieb Peter: > On 09/24/2014 08:12 AM, li...@rhsoft.net wrote: >> if a message is detected as spam and don't have the score >> for reject SA adds [SPAM] as subject prefix >> >> well, i would like to deliver that messages unchanged but s

Re: Rate limiting users?

Am 24.09.2014 um 18:45 schrieb LuKreme: > Not sure if this is even a postfix question, but let's say for the sake of > argument I want to set the following limits for user accounts: > > 1) maximum 100 mails in x minutes not per user but per client IP anvil_rate_time_unit = 1800s smtpd_client_c

Re: Sending root's mail out?

Am 24.09.2014 um 19:55 schrieb leam hall: > I'm trying to send root's mail on a linux box to my regular host. In > /etc/aliases I have: > > root:my.m...@example.com > > If I manually send to my.m...@example.com I get the mail. With the > alias above if I "mail root" it does not make it. > >

Re: Sending root's mail out?

Am 24.09.2014 um 21:07 schrieb leam hall: > As I said, the "to" field in the mail relay was "root@myserver", not > my.n...@example.com. > > What, exactly, are you looking for? damned if somebody would know what happens he would not ask for the logs and if you would understand what happens you w

Re: Sending root's mail out?

Am 24.09.2014 um 21:21 schrieb leam hall: > On Wed, Sep 24, 2014 at 3:14 PM, li...@rhsoft.net wrote: > >> what is so hard about *post every line* of the log >> related to a specific message instead waste everybodys >> time? > > Am I the only person who has ever wo

Re: hide target server address in bounce messages

Am 24.09.2014 um 21:46 schrieb Michael McCallister: > I currently use relay_domains and relay_transport as a means to relay email > on to another mail server which hands > off to the MDA. Everything works well. Occasionally there may be a delivery > problem when talking to the > relay_transpor

Re: Sending root's mail out?

Am 24.09.2014 um 21:50 schrieb leam hall: > On Wed, Sep 24, 2014 at 3:42 PM, li...@rhsoft.net wrote: > >> no, but you are the only person even not trying to anonymize >> them in a consistent way and not mention that from the very >> first begin instead ignore

Re: Dynamic recipient addresses

Am 26.09.2014 um 11:50 schrieb Mike Cardwell: > I have some Exim configuration which allows me to have automatically > expiring email addresses. It accepts mail for any addresses matching > the format: > > -mm...@tmp.grepular.com > > But only if the -MM-DD matches a date which is today o

Re: possible Berkeley DB bug

Am 26.09.2014 um 16:22 schrieb shm...@riseup.net: > when i receive mail from some MTA's (there seems to be no pattern as to > which ones) and this msg is logged, no STARTTLS is established and i > receive the mail in the clear donät get me wrong but that is a useless post starting with a wrong su

Re: Add --version option to postfix

Am 27.09.2014 um 16:32 schrieb Wietse Venema: > b...@bitrate.net: >> On Sep 27, 2014, at 07.48, Wietse Venema wrote: >> >>> Use "postconf -d", not "postconf -n". -n is for settings in the >>> configuration file, -d is for the built-in settings which include >>> the version, release date, and so o

Re: Add --version option to postfix

Am 27.09.2014 um 16:42 schrieb Wietse Venema: > li...@rhsoft.net: >> Am 27.09.2014 um 16:32 schrieb Wietse Venema: >>> b...@bitrate.net: >>>> On Sep 27, 2014, at 07.48, Wietse Venema wrote: >>>> >>>>> Use "postconf -d", not "

Re: How to disable Unix users?

Am 29.09.2014 um 20:43 schrieb Marek Kozlowski: > On 09/29/2014 08:39 PM, Wietse Venema wrote: >> Marek Kozlowski: >> [ Charset ISO-8859-2 converted... ] >>> On 09/29/2014 08:30 PM, Wietse Venema wrote: Marek Kozlowski: > Maybe a stupid question... > I'd like to allow incoming (or loc

Re: collection of methods for bypassing/whitelisting of header_checks rules

Am 30.09.2014 um 16:53 schrieb Mai Ling: > What do you folks use to workaround such limitations while (ab)using > cleanup's > header_checks as a spam filter to whitelist the business needs? just not use it for that or only in cases without any "but" or "if" as combination with other filters th

Re: PERMIT smtpd_client_restrictions

Am 01.10.2014 um 18:46 schrieb Sebastian Wiesinger: > as I see/understand it, a check_client_access lookup that returns > PERMIT will skip over the rest of smtpd_client_restrictions but WILL > still run the checks in the other smtpd_*_restrictions classes, right? i would say PERMIT is uncondition

Re: Blacklist failure response

Am 01.10.2014 um 19:04 schrieb Ronald F. Guilmette: > I have been thinking of maybe putting up an experimental > anti-spam blocklist server. As far as the client interface, > this would operate in the usual way, i.e. via DNS, just as > all of the current well-known blacklists do. > > Due to the

Re: Blacklist failure response

Am 01.10.2014 um 21:40 schrieb Ronald F. Guilmette: > In message <542c35a7.3050...@rhsoft.net>, > "li...@rhsoft.net" wrote: > >> Am 01.10.2014 um 19:04 schrieb Ronald F. Guilmette: >>> What would happen in such a case? Would inbound e-mail start to >

Re: header_checks is checked before sender_access

Am 02.10.2014 um 13:16 schrieb Charles Marcus: > On 10/2/2014 4:37 AM, Alberto Lepe wrote: >> On Thu, Oct 2, 2014 at 5:27 PM, Alberto Lepe > > wrote: >> >> There is a customer that is sending mails from excel using a banned >> client in the server "header_checks" >>

Re: Possible SHA-256 SSL cert problems?

Am 02.10.2014 um 13:48 schrieb Per Thorsheim: > Mozilla and others have reported on old web clients that doesn't support > the use of new SHA-256 signed SSL certificates on websites. In a recent > thread at Mozilla > https://bugzilla.mozilla.org/show_bug.cgi?id=1064387#c6, there's a > reference to

Re: Forwarding mail to hotmail.com

Am 02.10.2014 um 16:10 schrieb Daniele Nicolodi: > I have a system with a few local users where some of them are configured > for forwarding all incoming messages to external addresses via the use > of .forward. > > One of those users forwards mail to an hotmail.com address. > > When mail is del

Re: Forwarding mail to hotmail.com

Am 02.10.2014 um 16:16 schrieb li...@rhsoft.net: > Am 02.10.2014 um 16:10 schrieb Daniele Nicolodi: >> I have a system with a few local users where some of them are configured >> for forwarding all incoming messages to external addresses via the use >> of .forward. >

Re: Forwarding mail to hotmail.com

Am 02.10.2014 um 16:27 schrieb Daniele Nicolodi: > On 02/10/14 16:22, li...@rhsoft.net wrote: >> Am 02.10.2014 um 16:16 schrieb li...@rhsoft.net: >>> Am 02.10.2014 um 16:10 schrieb Daniele Nicolodi: >>>> I have a system with a few local users where some of them are

Re: FYI: blocking attachment extensions

Am 03.10.2014 um 19:13 schrieb Philip Prindeville: > I don’t necessarily trust just the extension of the filename. > > I’d also look at the file’s magic (same as the OS does) as well as the > content-type. > Can’t be too thorough that topic is not a matter of trusting it's a matter of put diff

smtpd_client_restrictions = sleep 1

Hi can this setting to slow down spambots make it through postscreen server made conditional to sleep 0 like as example "smtp_connect_timeout"? smtpd_client_restrictions = sleep 1 smtp_connect_timeout = ${stress?15}${stress:45}s

Re: smtpd_client_restrictions = sleep 1

Am 04.10.2014 um 16:04 schrieb li...@rhsoft.net: can this setting to slow down spambots make it through postscreen server made conditional to sleep 0 like as example "smtp_connect_timeout"? smtpd_client_restrictions = sleep 1 smtp_connect_timeout = ${stress?15}${stress:45}s neverm

Re: Internationalized Domain Names (?)

Am 04.10.2014 um 22:49 schrieb Ronald F. Guilmette: These days, whenever one builds any kind of tool that does anything with e-mail, it is necessary to think about this new-fangled phenomenon of Internationalized Domain Names, so... In what (if any) mail headers generated by Postfix might one r

Re: Internationalized Domain Names (?)

Am 04.10.2014 um 23:38 schrieb Ronald F. Guilmette: I thank you for your response, but unfortunately it does not address any of my questions. I myself have only plain old 7-bit ASCII domain names, and will only have such, for the indefinite forseeable future. Other people however have been kno

Re: Postfix MySQL Map (check_sender_access and check_recipient_access)

Am 05.10.2014 um 02:23 schrieb Reto Rayen: Does anyone of you thought to implement in the postfix mysql map the ability to query for recipient and sender and not just sender or reciient for check_recipient_access and check_sender_access sadly not possible that way the mysql lookups are doing

Re: Suppress specific restriction in reject message

Am 05.10.2014 um 14:40 schrieb Henrik Larsson: On 05-10-2014 13:27, Wietse Venema wrote: Can you show quantitative evidence that this would actually make a measurable difference in the volume of unwanted email, or is this just about warm fuzzy feelings? There are better ways to achieve the latt

Re: test

try again with a subject matching the topic

Re: opendkim and opendmarc failure for yahoo.com

Am 05.10.2014 um 18:47 schrieb Wietse Venema: Inteq Solution - Dep. tehnic: No security appliance in front of Postifix. I use SpamAssassin that tags with X-Spam. I have disabled AV scanning. No luck I have disabled dkim-milter. No luck Weird thing is that from other dmarc enabled domains, the

Re: Deleting disclaimer text from message body

Am 06.10.2014 um 20:30 schrieb Francisco Leon: Hello everyone. We are using postfix to deliver mail sent from users in a Windows domain through Exchange, using Exchange's Smart host feature to relay all mail sent to "acco...@linux.domain.com". The email then gets fed to Request Tracker, a po

Re: Postfix SASL auth - client alway sent e-mail even password change until I run again client app

Am 08.10.2014 um 14:55 schrieb Charles Marcus: On 10/8/2014 7:54 AM, Tomasz Kopczyński wrote: I have the same problem with imap (dovecot). Even if I change password for user I can read email in thunderbird until I close it. You didn't say, but since you mentioned dovecot, are you using dovec

Re: Another policy server question...

Am 09.10.2014 um 19:07 schrieb Ronald F. Guilmette: I wonder how many Postfix policy servers have been written to be invoked other than via spawn(8). I have trouble imagining that any have been, since just allowing them to be invoked by spawn(8)... which automagically handles hooking up stdin t

Re: valid email addresses being rejected

Am 10.10.2014 um 23:35 schrieb Robert Lopez: On Fri, Oct 10, 2014 at 2:09 PM, Noel Jones wrote: Please see: http://www.postfix.org/DATABASE_README.html#safe_db The question "So these errors happen while the file is being rebuilt, right?" is a very good question but it is difficult for me to

Re: valid email addresses being rejected

Am 12.10.2014 um 01:35 schrieb Benny Pedersen: On October 10, 2014 11:35:09 PM Robert Lopez wrote: I looked at the "Please see". Thanks! I will try this out. postfix stop && postmap hash:/etc/postfix/hashfile && postfix start Loosy workaround that is *not* a workaround, that is a joke,

Re: valid email addresses being rejected

Am 12.10.2014 um 02:59 schrieb Viktor Dukhovni: On Sun, Oct 12, 2014 at 01:43:19AM +0200, li...@rhsoft.net wrote: just generate your map file in a temp folder, map it there and move both files to /etc/postfix, you can easily do that for a lot of map files and only if the result have changed

Re: many domains fail dkim sig check

Am 12.10.2014 um 15:12 schrieb Robert Schetterer: the operator of had-pilot believes and is is confident their dkim sigs are correct double check your dmarc milter setup, it s very tricky with postfix, make sure mail is not altered on its way (which might brake dkim) DKIM seems to have a pro

Re: postfix-2.12 BC-warnings: confusing linenumbers

Am 12.10.2014 um 20:43 schrieb A. Schulze: I just installed 2.12-20140911 and got multiple BC warnings. The linenumbers are confusing... $ head -n 3 /etc/postfix/master.cf relay unix - - - - - smtp -o smtp_fallback_relay= # line with comment flush

Re: many domains fail dkim sig check

Am 12.10.2014 um 22:01 schrieb Wietse Venema: Viktor Dukhovni: On Sun, Oct 12, 2014 at 03:55:21PM -0400, Wietse Venema wrote: Do you want to have the PREPEND headers AFTER the Received: header? It is certainly more consistent with any downstream milter processing. Otherwise we'd have to cou

Re: Validating email address

Am 13.10.2014 um 11:45 schrieb Mike Cardwell: Is there any way of asking Postfix if it thinks it is capable of delivering a message to a particular email address, in real time? With Exim installed, I could just do a "sendmail -bv some.addr...@example.com" and check the exit code. With Postfix i

Re: Validating email address

Am 13.10.2014 um 12:12 schrieb Mike Cardwell: * on the Mon, Oct 13, 2014 at 11:51:04AM +0200, li...@rhsoft.net wrote: Is there any way of asking Postfix if it thinks it is capable of delivering a message to a particular email address, in real time? With Exim installed, I could just do a

typo in announcements (2.11.1 vs. 2.11.2)

http://www.postfix.org/announcements.html * link correct http://www.postfix.org/announcements/postfix-2.11.2.html * 2.11.1 in the text should be 2.11.2 October 13, 2014: Postfix stable release 2.11.1 and legacy releases 2.10.4, 2.9.10, and 2.8.18. May 7, 2014: Postfix stable release 2.11.1.

Re: Bare HELO/EHLO

Am 14.10.2014 um 22:32 schrieb superstator .: I have a poorly behaved voicemail system that I am trying to funnel through a postfix relay, and I haven't been able to get past the issue of the voicemail wanting to send a bare EHLO (no hostname supplied at all) at the beginning of every transacti

Re: SSL v3

Am 15.10.2014 um 17:53 schrieb Luigi Rosa: Just to be on the safe side, is it worth to disable SSL v3 on STARTTLS-enabled Postfix configurations? If yes, what is the proper way to do it? if you don't need to support really old clients smtpd_tls_protocols = !SSLv2 !SSLv3

Re: SSL v3

Am 15.10.2014 um 19:18 schrieb Luigi Rosa: Mike Cardwell wrote on 15/10/2014 19:08: I'd be interested to hear figures regarding how much traffic would change from being encrypted to plain text if SSLv3 was dropped for SMTP... My humble opinion about the delta: zero. I prefer to disable SSLv

Re: SSL v3

Am 15.10.2014 um 19:36 schrieb Robert Schetterer: Am 15.10.2014 um 19:23 schrieb li...@rhsoft.net: anybody expierience if Outlook 2003 at least unter Win7 speaks TLS1.0 out of the box that should be an exotic combi, but wait and see i disabled today , perhaps sombody will want support well

Re: SSL v3

Am 15.10.2014 um 20:04 schrieb Luigi Rosa: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Viktor Dukhovni wrote on 15/10/2014 19:58: This might break support for older versions of Outlook/Outlook Express (Windows XP?). That leads to another issue, probably a bit offtopic: is better a good b

Re: POODLE: smtpd_tls_mandatory_protocols question

Am 15.10.2014 um 23:06 schrieb Robert Schetterer: Am 15.10.2014 um 22:44 schrieb A. Schulze: Viktor Dukhovni: POODLE is not an SMTP attack. No need to panic. Disabling SSL 3.0 may feel good, but the net effect is slightly negative, since you'll now use cleartext with SSLv3-only SMTP peers.

Re: HTML bounces

Am 17.10.2014 um 07:49 schrieb Andre Rodier: I have a few users who don't understand bounced messages, and consider them as an error from our system. I won't even try to educate them. I would like to know if there is a way to use HTML messages to send "beautiful" bounces messages (internally) b

Re: Lost connection

Am 18.10.2014 um 15:36 schrieb jason hirsh: I am having trouble sending email to a specific server I got the following error "lost connection with mx.example.org [xx.xx.xx.xxx] while receiving the initial servergreeting” The operator says its my issue yet i have no problems with any other ser

Re: Lost connection

issue is with that server but was just looking for expert input try "net.ipv4.tcp_window_scaling = 0" in sysctl.conf and "sysctl -p", maybe they have some crap device in front of their server! https://www.google.at/#q=smtp+tcp+window+scaling+problems On Oct 18,

Re: Centos - are the avaialable versions up to date/secure?

Am 19.10.2014 um 21:40 schrieb Rafał Radecki: I am wondering about one thing... on page http://mirrors-ru.go-parts.com/postfix/source/index.html I see that at the moment versions 2.8 - 2.11 are stable and supported. So for them if for example a security problem will be spotted it will be solved

<    1   2   3   4   5   6   7   8   9   >