log query

Hi all, As part of my mail system I am using postgrey. I am running Centos 5.2, MailScanner latest version with postfix and spamassassin When stuff is stopped at the gate (so to speek) i.e. it doesn't even get into the the system is there a log kept of this? I thought it might be in the

Re: log query

LuKreme wrote: On 26-May-2009, at 17:39, Lists wrote: As part of my mail system I am using postgrey. When stuff is stopped at the gate (so to speek) i.e. it doesn't even get into the the system is there a log kept of this? postgrey logs to the maillog. lines look like this: May 26 16:27:18

query re process of dealing with bounce

Hi all, Setup is: we have a server that does the spam checking running MailScanner / Spamassassin and of course postfix Mail is then delivered to a machine running MailEnable (where the boxes are held) We had a situation where the MailEnable machine went down *In the maillog of the server

Re: query re process of dealing with bounce

Wietse Venema wrote: Lists: Hi all, Setup is: we have a server that does the spam checking running MailScanner / Spamassassin and of course postfix Mail is then delivered to a machine running MailEnable (where the boxes are held) We had a situation where the MailEnable machine went

How to stop postfix sending emails

Hi All, We are doing an upgrade on the machine that holds the postboxes (mailenable) during the upgrade the server will need to be rebooted which renders the boxes unreachable. This causes a 550 error to be sent back to our spam catching server (running MailScanner spamassassin and postfix).

Re: How to stop postfix sending emails

Wietse Venema wrote: Lists: Hi All, We are doing an upgrade on the machine that holds the postboxes (mailenable) during the upgrade the server will need to be rebooted which renders the boxes unreachable. This causes a 550 error to be sent back to our spam catching server (running

Re: How to stop postfix sending emails

Eero Volotinen wrote: Lists wrote: Hi All, We are doing an upgrade on the machine that holds the postboxes (mailenable) during the upgrade the server will need to be rebooted which renders the boxes unreachable. This causes a 550 error to be sent back to our spam catching server (running

Re: Trouble setting up SASL authentication with postfix

Thanks for the suggestions, sounds like a good idea. Which method is the simplest to implement and get up and running? I am running MailScanner, Postfix, Spamassassin. Patrick Ben Koetter wrote: * Lists [EMAIL PROTECTED]: Hi Patrick, I want a single username and password to be used

Re: Trouble setting up SASL authentication with postfix

We connect the spam machine through to a MailEnable email program that handles both the pop and imap. I will have a go at using sasldb. Thanks for the explanation on the different methods it helps a lot. Cheers Kate Patrick Ben Koetter wrote: * Lists [EMAIL PROTECTED]: Thanks

Re: query re setup

Jones wrote: Lists wrote: I have spent the last couple of hours trying to get TLS working, sadly no luck. When I telnet and and do STARTTLS I get the error no server certs available TLS won't be enabled. I followed the instructions on the how to forge (the link I was given before was a tad over

Re: query re setup

Charles Marcus wrote: On 10/7/2008, Lists ([EMAIL PROTECTED]) wrote: I like the setup that allows the client to use pop details to authenticate - I even managed to get that working ;) If you're talking about pop-b4-smtp, then you should know that it is insecure and likely to cause

Re: query re setup

Noel Jones wrote: Please don't top-post. Put your answers below the text you refer to. Lists wrote: Will have a go at those instructions thanks. I don't want to make things difficult for our clients. I like the setup that allows the client to use pop details to authenticate - I even managed

How to know what i'm looking at in the log file

Hi all, Does anyone know where I could find information on the commonly seen messages in maillog so that I can begin to better understand the log file? Many thanks Kate

warn_if_reject ignored

Hi guys, Running Postfix 2.3.3-2.1.el5_2 (RHEL5.5), I have the following in main.cf: smtpd_helo_restrictions = warn_if_reject reject_invalid_hostname regexp:/etc/postfix/helo.regexp and in helo.regexp: /^[0-9.]+$/ 550 Your software is not RFC 2821 compliant

Re: Rev DNS not match SMTP Banner, will it bite me ?

Am 09.04.2011 08:44, schrieb Voytek Eymont: however you can set smtpd_banner = in main.cf Robert, thanks what I'm after is, should I set banner to match real host name; or, can I get away with using my own host name ; will it cause problems down the road ?

migrating to new server ?

I'm migrating virtual mail domain/users to new Postfix server, new server setup and working, I'm altering MX to point to the new server; I want the 'old' server to forward any new traffic over to the new server, last time what I used was static entry in main.cf like: transport_maps =

ot: head office/branch office mailserver howto?

can anyone point me to any howtos if such exist: on setting up a head office/branch office mail servers (is that correct way to name it?) we have a mail server in Australia, the office is split up between AUS and Asia, most of the users are in Asia, so emails from physically adjacent users

Re: OT: dsbl.org queries return 'false positives'

'recommended' rbl lists that people use ? I have from long ago as below, perhaps I should revisit this: reject_rbl_client zen.spamhaus.org, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net

accepting rely emails from my dynamic ip server ?

I have a postfix mail server, 'server', all works fine the 'old' server that was formerly used has been 'decommissioned' and is on a NAT 192.x.x.x IP behind dynamic ADSL as a 'backup' the old server still has it's old fullyQ tld.au hostname in it's config in the backup server I've entered:

correcting incorrect to address in mailq ?

I have two email stuck in outbound queue, sender forgot to include '.au' and has domain.tld where it should be domain.tld.au, is there an approved way to edit/correct such errors on queued email, how ?

Re: correcting incorrect to address in mailq ?

On Fri, August 17, 2012 7:02 am, Ralf Hildebrandt wrote: Rewrite using virtual_alias_maps, then (after you edited virtual_alias_maps / postmapped it), requeue using postsuper -r ID Ralf, thanks I have it in mysql, so I would need to do like domain.tld to domain.tld.au entry ? as there is

Re: accepting rely emails from my dynamic ip server ?

On Fri, August 17, 2012 8:26 am, Noel Jones wrote: On 8/16/2012 3:43 PM, li...@sbt.net.au wrote: If just delivering mail for your own domain, it should still work. If you need to relay through the new server, you'll need to set up some sort of authentication -- either SASL or use private TLS

Re: correcting incorrect to address in mailq ?

On Fri, August 17, 2012 8:21 am, Noel Jones wrote: On 8/16/2012 4:12 PM, li...@sbt.net.au wrote: Your decision. Or you can add a transport entry to fail the bad domain and return it to the sender. # transport domain.tld error:5.1.2 try @domain.tld.au instead Noel, thanks, that was easy,

CAfile question: ca-bundle.trust.crt ?

I'm just setting up a new Postix server with TLS on Centos 6, I've generated self certified certificate, that all seems OK as follows: smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt smtpd_tls_key_file = /etc/pki/tls/certs/server.key but I'm 'missing' the CAfile part looking at where my

smtpd_tls_auth_only yes?

setting up new Postfix 2.6.6 server on Centos 6 with SMTP AUTH sending is only allowed with SMTP AUTH on 587 should I set smtpd_tls_auth_only = yes ? currently have 'no', is likely to bite me if I change to 'yes' ?

continous attempted connection/timeouts after ehlo

just noticed I have large increase in smtp connections, looking at logs I noticed a single ip continuous attempting connection, searching for that IP in maillog I see like; is this like a mail attack..? I blocked the IP for now, how to monitor and get warned when such incidents happen ? grep

Re: continous attempted connection/timeouts after ehlo

On Sat, August 25, 2012 7:37 pm, Reindl Harald wrote: Am 25.08.2012 07:09, schrieb li...@sbt.net.au: most likely an attack there is no need to get notified because you can rate-control anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limi = 50 Reindl, thanks how do I monitor to

Re: continous attempted connection/timeouts after ehlo

On Sat, August 25, 2012 7:37 pm, Reindl Harald wrote: Am 25.08.2012 07:09, schrieb li...@sbt.net.au: most likely an attack there is no need to get notified because you can rate-control anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limi = 50 Reindl, thanks how do I monitor to

Re: Interim NDR

On Sun, August 26, 2012 9:21 am, Wietse Venema wrote: Voytek: Yes, if you really want to. However I haven't used this code since it was written many years ago. Let me know if it still works. Wietse, thanks. hmmm, I think maybe it's not the best idea... perhaps I should try a cacti threshold

Re: continous attempted connection/timeouts after ehlo

On Sun, August 26, 2012 8:35 am, Reindl Harald wrote: is it a 'good idea' to firewall block such when they're from depends on your business i tend to do so at least for some days Reindl, so either of the two anvil/IP log lines indicates excess, yes ? Aug 27 06:00:03 postfix/anvil[4396]:

Re: continous attempted connection/timeouts after ehlo

On Mon, August 27, 2012 6:27 am, Reindl Harald wrote: Aug 27 06:00:03 postfix/anvil[4396]: statistics: max connection rate 15/1800s for (smtp:27.115.112.50) at Aug 27 05:59:14 Aug 27 06:00:03 postfix/anvil[4396]: statistics: max connection count 1 for (smtp:27.115.112.50) at Aug 27 05:50:26

mail accepted from non-resolving host config question

I've just received a 'open enclosed ZIP' email, looking at the header, it was sent from non-resolving host, which I thought my Postfix should refuse have I got something missing in my config, or am I misinterpreting logs again ? -- smtpd_recipient_restrictions =

Re: Interim NDR

On Sun, August 26, 2012 9:21 am, Wietse Venema wrote: Is there a way to warn postmaster/admin of such? at the moment, i go 'mailq' and check \queuegraph few times daily to watch for potential problems, what can one do get notified of such potential issues ? Yes, if you really want to.

Re: Interim NDR

On Sat, September 1, 2012 8:15 pm, Ralf Hildebrandt wrote: how can I create some 'test' deffered queue emails..? that will hang around till I don't want test anymore send mail to someb...@hotmial.com Ralf, thanks, but, got 250 OK: Sep 1 20:34:27 postfix/lmtp[4812]: 77471380B88:

Re: Interim NDR

On Sat, September 1, 2012 9:00 pm, Ralf Hildebrandt wrote: Oh wow, somebody got that domain :( Currently in my queue for ages: gm.de zfl.org bausch-lomb.de Ralf, thanks for your help! trigger worked, BUT, I was still missing notify enable, now all seems good, get email with cacti png, this

Re: ot: iPhone smtp setup

On Wed, October 24, 2012 8:55 am, Jeroen Geilman wrote: Jeroen, thanks SSL != STARTTLS, which is what postfix submission supports normally. Either you should choose TLS/STARTTLS here, or you need to provide an SMTPS (465) interface for the device to connect to. Postfix does not directly

Re: postfix and cacti (snmp ?)

I was lurking around for the best solution to graph postfix usage, the most detailed possible, in order to prevent and foresee problems. I'm finding sparse results, I'm not sure which one is the most current / complete. Do you have any suggestions ? have a look at Glen's cacti stuff

ot: bcc smtp-auth for a user? monitoring a user's mails?

we have a contractor given an email address for use in contacting clients, the boss would like to bcc all his outbound mails, is there a way to bcc all outbound emails for one user ? (I realize he can simply change his smtp to another smtp server to overcome this, but, that's what the boss

unable to resolve host name issue ?

I have postfix 2.6.6 on centos 6, in use about 1 year, no known issues couple of weeks ago struck a problem unable to deliver email to any user on domain pinewood.ie with A record/host not found (1): pinewood.ie mx are on cleanmail02.cdsoft.ie/cleanmail01.cdsoft.ie tried putting MX IP/hostname

Re: Forwarding from a particular email address

On Wed, 10 Apr 2013 14:06:44 +0300 Indiana Jones indian...@inbox.lv wrote: How can I forward all e-mail messages sent to a particular  address on my domain  to another address on another domain? What particular settings shall I add to Postfix? The easy way, you can use dot forward

Re: Postfix cannot scan mail

On Tue, 21 May 2013 02:30:54 -0700 (PDT) ton pratchaya...@ntt.co.th wrote: Hi all, I have some problem with amavis and postfix in my system Problem is sometime system can scan the attached file but sometime cannot ,But file type is same .lzh Example * Cannot scan * May 9 13:11:43

Re: Error: unsupported dictionary type: ldap

On Fri, 24 May 2013 15:57:46 +0700 Vit Dua vit...@gmail.com wrote: Have you compiled Postfix with LDAP support? I have built Postfix with: make CCARGS='-DNO_DB' make install Start and read from here: http://www.postfix.org/INSTALL.html

Re: sent mail to the mail list which contains myself

On Tue, 28 May 2013 16:04:09 +0800 Bu Xiaobing bushu...@gmail.com wrote: When I send mails to the mail list that contains myself, I will received the mail. Is there any way to discard there mails sent back to the original sender in the mail list? This not related to postfix. But if

Re: smtp restrictions

On Fri, 31 May 2013 00:43:51 -0400 James Zee jamesze...@gmail.com wrote: smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated check_policy_service unix:private/policy-spf reject_unauth_destination check_policy_service must be after

Re: /etc/passwd Centos + postfix

On Tue, 25 Jun 2013 13:22:46 +0200 Dejan Doder dode...@gmail.com wrote: Hi group , I use system users with passwords defined in /etc/passwd. How can users change their passwords ? use CLI passwd..

Re: STARTTLS only to send ?

On Fri, 28 Jun 2013 09:40:05 +0200 Frank Bonnet frank.bon...@esiee.fr wrote: is it possible to setup one instance of postfix to 1 - use submission to let users send ( with STARTTLS ) 2 - receive emails with normal SMTP Yes, that possible. I'm using it on production server.

Re: anlyzing sudden spam flood, how?

On Wed, September 18, 2013 1:40 pm, Viktor Dukhovni wrote: Viktor, thanks hash:/etc/postfix/recipient_no_checks, Is your address subject to checks? ps... I OK'ed myself in there... reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, reject_non_fqdn_hostname,

Re: anlyzing sudden spam flood, how?

On Wed, September 18, 2013 2:54 pm, Stan Hoeppner wrote: On 9/17/2013 10:40 PM, Viktor Dukhovni wrote: reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, This should have blocked the example message, but did not. Why? He's using Postfix

Re: Temporarily block domain.tld from sending?

On Tue, October 8, 2013 11:31 am, Simon B wrote: On 8 Oct 2013 01:54, Voytek li...@sbt.net.au wrote: spam from many.na...@adomain.tld, how best to prevent any outbound mails from adomain.tld till I can look at this? Postfix stop Then post your postconf -n and a log snippet of an outgoing

Re: Temporarily block domain.tld from sending?

On Tue, October 8, 2013 3:02 pm, Stan Hoeppner wrote: On 10/7/2013 9:10 PM, li...@sbt.net.au wrote: Without the log entries Simon asked for we can't do anything more to help you, as we don't know how the spam is being injected. Please provide logging that demonstrates the problem. Stan,

Re: Temporarily block domain.tld from sending?

On Tue, October 8, 2013 4:44 pm, Stan Hoeppner wrote: On 10/7/2013 11:19 PM, li...@sbt.net.au wrote: there was a php script uploaded and called I've removed the script, I stopped ftp (it seems it was ftp'd) at the time I've posted, I was on a 4 mobile, and, I was looking for a stop gap

Re: Temporarily block domain.tld from sending?

On Wed, October 9, 2013 10:41 am, Stan Hoeppner wrote: On 10/8/2013 3:08 PM, li...@sbt.net.au wrote: Stan, Michael and other who responded, thanks Others responded with some good ideas here, mostly locking down PHP itself so it can't use the sendmail binary. But it sounds like this is a

Re: Temporarily block domain.tld from sending?

On Fri, October 11, 2013 4:56 am, Robert L Mathews wrote: On 10/8/13 5:15 PM, li...@sbt.net.au wrote: There are several Windows PC viruses, including the common Gumblar family, that steal saved FTP passwords from files on the computer. They simply have a list of file locations where various

Re: Temporarily block domain.tld from sending?

On Fri, October 11, 2013 10:49 am, li...@sbt.net.au wrote: On Fri, October 11, 2013 4:56 am, Robert L Mathews wrote: There are several Windows PC viruses, including the common Gumblar family, that steal saved FTP passwords from files on the computer. They thanks for explanation, that makes a

550-IMAP/POP3: understanding returns/bounces error mssg

I have a low usage 'workgroup' 'mini mail list' with a virtual alias that sends email to 8 or 10 addresses (on other servers), that works well. No changes have been made to target emails for several month, all's good. today I've received two Undelivered Mail Returned to Sender From: Mail

Re: 550-IMAP/POP3: understanding returns/bounces error mssg

On Fri, October 11, 2013 10:31 pm, Wietse Venema wrote: What is the real server name? What is the real IP address? Wietse, thanks, from the log entry: corporatechange.com.au 69.175.105.186 BUT, looking at recent log entries, mail seems now delivered, THOUGH, log now show different IP for

transferring a virtual domain to new server, get 550 5.1.1

I have Postfix/Dovecot/MySQL installation with several virtual domains, all is well. I need to transfer several virtual domains to a new server, I was given an out of the box Postfix/Dovecot/MySQL, similar release levels I've copied the sql database across, the new server seems OK (as far as I

relaying individual virtual domain to new postfix server ?

I would like to transfer some virtual domains to a new postfix server, what is the proper way to do so, I've tried adding to /etc/main.cf like: relay_domains = dom.org.au transport_maps = hash:$config_directory/transport and /etc/transport dom.org.au smtp:[emu.sbt.net.au] that returned a

Re: Preventing mail from one address

On Mon, November 25, 2013 11:09 pm, Noel Jones wrote: That sounds like an abused web form, submitting mail through the sendmail(1) command. As a temporary measure, you can add the web user to main.cf authorized_submit_users http://www.postfix.org/postconf.5.html#authorized_submit_users #

adding rbl to smtpd restrictions

I have a new Postfix 2.6 server that came pre-configured, I'm trying to 'migrate' various anti UCE settings from the old server: order of some of the params is quite different on new server, hence I'm confused (as always) (so I'm trying to only make 1 or 2 changes at a time) is this correct

Re: adding rbl to smtpd restrictions

On Thu, December 12, 2013 2:11 am, Wietse Venema wrote: is this correct place for rbls, after 'unauth_dest' and before 'greylist' ? Generally, yes, because DNS lookups take time, and check_policy_service can be the most resource intensive, so they should be done after the quick rejects such

450 4.7.1 Client host rejected from unknown query

I have a new server, and, have been trying to 'migrate' main.cf over to new server, few lines at a time; suspect might have screwed something in the process ? just noticed eleven similar rejects for what seems like valid email: Dec 16 23:07:02 emu postfix/smtpd[27747]: NOQUEUE: reject: RCPT from

Re: 450 4.7.1 Client host rejected from unknown query

On Tue, December 17, 2013 3:24 pm, li...@sbt.net.au wrote: Dec 17 14:22:25 emu postfix/smtpd[29232]: NOQUEUE: reject: RCPT from unknown[67.195.87.182]: 450 4.7.1 Client host rejected: cannot find your hostname, [67.195.87.182]; from=christinex...@yahoo.com to=x...@sbt.net.au proto=ESMTP

Re: 450 4.7.1 Client host rejected from unknown query

On Tue, December 17, 2013 4:16 pm, li...@sbt.net.au wrote: (putting ' ' as I can't send this..?) before I put the ' ', I was getting: Dec 17 16:10:48 emu postfix/smtpd[2073]: 049C25E8ED: reject: DATA from localhost[127.0.0.1]: 503 5.5.0 DATA: Data command rejected: Improper use of SMTP

Re: 450 4.7.1 Client host rejected from unknown query

On Tue, December 17, 2013 10:49 pm, Wietse Venema wrote: Try turning off chroot operation in master.cf Inspect master.cf for any processes that have chroot operation not turned off. If you find any, save a copy of the master.cf file, and edit the entries in question. After executing the

Re: 450 4.7.1 Client host rejected from unknown query

Debian is AFAIk the only known distribution enabling this the upstream config has it configured with n this was pre-configed by an iRedMail installation, a 'ready to use' mail server setup I was given, (though, it seems not quite ready to use) I'll edit tomorrow morning and try, (meanwhile,

are these 'good and reliable' adls/dynamic pcre rejects?

my pre configured Postfix inluded these helo_access.pcre rejects; today, I noticed an expected email was bounced by one of the pre-configured rules as so: Jan 31 10:08:01 emu postfix/smtpd[11075]: NOQUEUE: reject: RCPT from unknown[59.167.231.218]: 554 5.7.1 eth6619.nsw.adsl.internode.on.net:

Re: different repo upgrade question 2.1/2.6 ?

because there is an 2.11 package in a repo you have enabled which is clearly newer then 2.6.x? what is your question about it? what should yum do are you thinking? so, 2.11 is newer version than 2.66, I see just looking on postfix.org, I can see: Postfix stable release 2.11.0 is

'aliasing' one domain to another?

I have Postfix 2.11.0 with virtual domains in mysql/postfixadmin, all working well, as per setup below user of the mydom.tld.au has also registered mydom.tld (to prevent cybersquating) sometimes they make mistakes and attempt to send emails to a_u...@mydom.tld RATHER THAN (correct email)

Re: 'aliasing' one domain to another?

On Thu, July 31, 2014 8:55 pm, Charles Marcus wrote: You have to have a 1-1 mapping for each valid user. Postfixadmin (sql based administrative tool for managing email user accounts for postfix) supports domain aliases out of the box (does the 1-1 user mapping with SQL magic)... Charles,

Re: Killing user's session

On Mon, August 25, 2014 2:06 am, Viktor Dukhovni wrote: If your relay restrictions look like: main.cf: indexed = ${default_database_type}:${config_directory}/ smtpd_relay_restrictions = check_sasl_access ${indexed}sasl-access, permit_sasl_authenticated, permit_mynetworks,

ot: monitoring for 'spam breaches' ? cleanup woes?

I have Postfix server that runs pretty well, today a user got reject, our server got listed on lashback and one other list as 'spam sender'; looking through logs it seems a sasl user is/was hacked few days ago: # grep username /var/log/maillog | wc 4382 59184 765780 # grep username

blocking bounces from spam advice

I have a small Postfix installation with virtual domains that runs well, however, a user is complaining of being hit with flood of rejects from spam sent out from elsewhere as though from him, the rejects are coming back to him the user in question has been, by his former request, exempted from

Re: OT: dnsbl.sorbs.net - help explaining to Mozilla list maintainers why outright blocking is bad

getting listed by SORBS. The only reason I know this is because apparently the Mozilla list maintainers have configured all of the Mozilla discussion lists to outright BLOCK based on being listed by dnsbl.sorbs.net. After querying where/how to request this be changed through the proper channels, I

Re: DKIM/SPF failure to folder, not return to sender and other tricks

That was my conclusion, but I figured to wait for a guru to comment.  My understanding is there is a plugin for Thunderbird that checks DKIM and/or SPF. I no longer run Thunderbird, so I didn't pursue this. But it seems to me this is better handled at the client. If someone comes up with a way

Re: DKIM/SPF failure to folder, not return to sender and other tricks

‎Well maybe. If your client supports extra folders per each mailbox and you can access those folders, then yes. Most clients do have such folders, but the are designed to be used with "filters" built in the client. The filters probably aren't sophisticated enough to check DKIM or SPF, which is

Re: DKIM/SPF failure to folder, not return to sender and other tricks

‎I'd say you are onto something. 

Re: DKIM/SPF failure to folder, not return to sender and other tricks

‎It does look like SpamAssassin has a SPF hook. 

Re: DKIM/SPF failure to folder, not return to sender and other tricks

I think that is in the Claws email client. To do this filtering in postfix, you would need a "parallel" mailbox to place the suspect messages. Then your client would just read both the good mailbox and the bad

Re: DKIM/SPF failure to folder, not return to sender and other tricks

Well the detection and rewrite is the hard part. ;-) But now I'm convinced it is the only solution at the server side, and really the best solution. Postfix has so many places to hook that I bet it could be done.

Re: DKIM/SPF failure to folder, not return to sender and other tricks

"As a relatively simple example, I use amavisd-new and Spamassassin to flag mail with a spam header. Then Dovecot LMTP with sieve looks for this header and if it is present it delivers to the user's "Spam" folder." Well this is interesting. I have a similar setup for postfix. With my desktop

Re: DKIM/SPF failure to folder, not return to sender and other tricks

But you need Dovecot or something similar and eventually an email client, so I don't quite follow you here. You have a client, they have filters, so just use that filter. Now if you want to set up a system where

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

‎No. The report says everything is kosher.    Original Message   From: Curtis Villamizar Sent: Tuesday, April 12, 2016 10:57 AM To: li...@lazygranch.com; postfix-users@postfix.org Subject: Re: reality-check on 2016 practical advice re: requiring inbound TLS? Not an expert on DMARC, but ... On

Special method required for Gmail dkim/spf verification

Google sent me a "fail" on my DMARC.  Everyone else seems happy. It turns out much like Google not accepting robots.txt for some search engines controls, they expect special fields in their DNS. https://support.google.com/mail/answer/6227174‎ Why? Because we're Google and we can.

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

Per the DROWN mitigation, I stopped allowing sslv2 and sslv3, so I made it a point to read the headers and look for encryption issues. My conclusion is there is always "that one guy" that doesn't use encryption. In my case, literally one guy. Not being able to get his "regular" email to work,

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

Just a quickie here on DMARC. I set one domain to "quarantine" and set up the rua to email me a report. Thus far, only MS Hotmail sends me anything, even though I have emailed yahoo accounts.   The MS Hotmail report is in XML, which I can read in vim or whatever. I'm not sure what they

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

I'm going to set the DMARC to  quarantine ‎and see what happens. I suppose I can always undo the DMARC to none. Regarding dnssec, my registrar is Hover. Their faq is mighty convoluted since they provide a DNS server, though I use the one provided by Digital Ocean. Best to just get in a chat

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

One interesting take away is that the corporate email servers were less likely to have SPF and DKIM in use. On the weekends, more email was sent from home users who tended to use Google, Hotmail, etc., which did use SPF and DKIM.  I will admit my original intent on getting SPF and DKIM was to

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

Would  a guru comment on my "interpretation" of these documents? 1) It looks ‎to me that starttls really only protects the path to the first server. Classic case being sending email over the non-secure coffee shop wifi.  2) Mail between Google/yahoo servers will enforce TLS, but other transit

Re: reality-check on 2016 practical advice re: requiring inbound TLS?

Then again, the customer service department for an item I ordered has no DKIM. The company is using netsuite.com as a portal.  I suppose I can try to contact their IT... I found another legit emailer with SPF but no DKIM. A corporate user that is using a barracuda service of some sort.  I've

Re: bad.psky.me RBL?

because they don't return NXDOMAIN for *ANY* query. Evidence of DNS incompetence, not what you want in a DNSBL operator. 6. Use of providers (NameCheap & Digital Ocean) that are notable as recently preferred providers of professional snowshoe spammers. This doesn't mean that their data is bad

Postfix penetration test

Any suggestions on a penetration test program that will trigger sshguard or fail2ban from the maillog?

Re: Postfix penetration test

Apologies on the html mail. I wish I could make plain email the default on my phone. Also apologies on the blank message I just sent. I have nerve damage and the phone slipped enough to slide into send.

Re: Postfix penetration test

  Original Message   From: Patrick Ben Koetter Sent: Wednesday, May 18, 2016 8:07 AM To: postfix-users@postfix.org Reply To: postfix-users@postfix.org Subject: Re: Postfix penetration test * li...@lazygranch.com : > body { font-family: "Calibri","Slate >

Re: No logs between Apr 25 - 27. What happened?

‎My maillog doesn't rotate. Is this an option in postfix? Trawling the interwebs, I find maillog rotation handled outside postfix with custom scripts.

Policyd-spf and RBL white listing

>From what I can tell, if you whitelist a domain, the policyd-spf check is skipped. Now I white listed domains to stop the RBL from blocking them, but it would be nice to see if SPF passes. Am I right about the SPF being skipped? While I'm at it, can you whitelist specific users at a domain, that

Re: Policyd-spf and RBL white listing

On the other hand, it looks like the restrictions can be used as another way to whitelist, and in this case a specific user at a specific domain. ‎Or am I reading this incorrectly.  ‎ /etc/postfix/recipient_access:     joe@my.domain       permissive     jane@my.domain      restrictive  

Re: Special method required for Gmail dkim/spf verification

Yesterday's Google report had me passing. Could be related to adding the Google term to DNS.   Original Message   From: Tom Hendrikx Sent: Wednesday, April 13, 2016 12:38 AM To: postfix-users@postfix.org Subject: Re: Special method required for Gmail dkim/spf verification On 13-04-16 01:54,

Re: This ought to be simple to stop. Am I missing something?

‎Hopefully this won't be interpreted as thread hijacking, but can you elaborate of this? --- reject_rbl_client zen.spamhaus.org=127.0.0.2, reject_rbl_client zen.spamhaus.org=127.0.0.3, reject_rbl_client zen.spamhaus.org=127.0.0.4, reject_rbl_client zen.spamhaus.org=127.0.0.10,

Re: Spamrl.com RBL problem

"reject_unverified_sender" not used. The VPS is 13 months old and I never ran rkhunter on it. Very lame in my part. However, no rootkit found. It did find some symbolic links that went nowhere regarding perl, which I deleted once I verified the problem was common. I also ran rkhunter on all

  1   2   3   4   5   >