[pfx] Re: Feature Request: Adjustable Header Log Size Limit in INFO/WARN/REJECT Header_Check

> Viktor Dukhovni via Postfix-users : > > On Wed, Jan 24, 2024 at 08:27:53PM +0100, Matthias Schneider via > Postfix-users wrote: > >> Using a Milter is an option, but it often involves correlating >> information from both the milter process and the log for a >> comprehensive view. > >

[pfx] Re: IPv6 and Cloud server CPU

> Q2: > given the minuscule work-load, is there any preference/preclusion between > employing the 'usual' x86 processor or 2 Arm Ampere processors? Both offer > Linux. Cost is effectively same. You should check if the software you want to use is available for the desired platform.

[pfx] Re: postfix does not use the MX of the parent domain

> When sending a mail to some @helpdesk.inria.fr address, postfix tries > to connect to helpdesk.inria.fr (which does not have a MX): > > Nov 21 15:43:26 joooj postfix/smtp[748304]: D1A104A9: > to=<[...]@helpdesk.inria.fr>, relay=none, delay=76462, delays=76431/0.1/30/0, > dsn=4.4.1,

[pfx] Re: Redirecting mail with an mx record containing *.protection.outlook.com or *.prod.outlook.com to a different transport

>> Another option would be to use the DNS resolver (Bind, unbound, etc) >> support to manipulate zone lookups. > > But the OP wants a dedicated transport (for concurrency control and > scheduling), not a change of destination IP, though in a multi-stage MTA > setup that IP could point at a

[pfx] Re: Domain scoring

> Do you know any plugins for scoring a domain? > For example, new registered domain, free domain get the low scores. Postfix is not an antispam solution. Its job is to reliably deliver emails. Therefore it has some functions to avoid overload like query blocklists but to analyze emails use

[pfx] Re: Deny any sender address with subdomain

> question 1st : is it a good idea to reject any email which is not sent from a > domain (means sen...@domain.tld) any other like sen...@sub.domain.tld or > sub.sub.domain.tld is rejected ? Generally, no, because you will reject legitimate domains that just look like subdomains, e.g. *.co.uk,

[pfx] Re: forwarding questions

> I have a local real mailbox: u...@foo.com > When I setup this alias map in virtual_alias_maps file: > > u...@foo.com u...@gmail.com > > (then postmap this file). > The message sent to u...@foo.com won't reach into mailbox, but just forwarded > to gmail. > > How can I setup it to both reach

[pfx] Re: Sender address rejected, but domain is found?

>> ;; QUESTION SECTION: >> ;eurobank-direktna.rs .IN >> NS >> >> ;; ANSWER SECTION: >> eurobank-direktna.rs . 3600IN NS >> bgdit01edns01.eurobank.rs . >> >> This

[pfx] Re: Sender address rejected, but domain is found?

>; Delegation NS >eurobank-direktna.rs. IN NS ns1.eurobank.rs. ; AD=0 >eurobank-direktna.rs. IN NS ns2.eurobank.rs. ; AD=0 >eurobank-direktna.rs. IN NS ns3.eurobank.rs. ; AD=0 > >; Authoritative NS >eurobank-direktna.rs. IN NS bgdit01edns01.eurobank.rs. > > The latter

[pfx] Re: Postfix Amavis (Virus Checker) PHPList workaround

>> content_filter=smtp-amavis:[127.0.0.1]:10024 meta_directory = /etc/postfix >> >> smtp_tls_security_level = may >> smtpd_tls_security_level = may >> [...] > > 127.0.0.1:2510 inet n - n - - smtpd > -o syslog_name=postfix/submission > -o

[pfx] Re: Sender address rejected, but domain is found?

> Hi, I realize this is probably one of the most frequently asked questions, > but I really can't figure out why this was rejected. > > Apr 25 12:06:01 petra postfix-226/smtpd[592344]: NOQUEUE: reject: RCPT from > mail.email.eurobank.rs [195.242.76.237]: 450 >

[pfx] Re: Use of PTR record

> Running mailservice with Postfix > PTR record is set to myserver.mydomain.com (1.2.3.4) Check if your PTR record is traceable: dig +trace -x 1.2.3.4 ptr If that works check your resolver in /etc/resolv.conf, e.g.: nameserver 127.0.0.1 dig @127.0.0.1 -x 1.2.3.4 ptr You have a dns problem,

[pfx] Re: Postfix Amavis (Virus Checker) PHPList workaround

> Applicable snippets from files are: > > My main.cf > > > content_filter=smtp-amavis:[127.0.0.1]:10024 meta_directory = /etc/postfix > > smtp_tls_security_level = may > smtpd_tls_security_level = may > > > > I did this to master.cf > > 127.0.0.1:2510 inet n - n -

[pfx] Re: Postfix Amavis (Virus Checker) PHPList workaround

> I run a postfix install which requires authentication and pipes all email > through Amavis (spam checking). > > My PHPList (broadcast only) goes through port 587, and since it sits on the > server, it doesn’t need authentication (I’m the only user). > > I just added Amavis Clamscan, which

[pfx] Re: temporary lookup error with utf8mb4 characters

> Wietse Venema via Postfix-users : > > And here is a more conservative patch for MySQL client retries. > > It closes the server connection after every error, and it delays > making a new server connection only after specific errors. > > Closing the connection eliminates the possibility that

[pfx] Re: temporary lookup error with utf8mb4 characters

>>> I've patched postfix 3.7.4 on a low volume server. >> >> Thank you! >> >>> "charset" has to be present and defined in all mysql configs, otherwise >>> startup fails: >>> (no backwards compatibility) >>> >>> postfix/proxymap[3996]: fatal: /etc/postfix/test.mysql.cf: bad string >>> length 0

[pfx] Re: temporary lookup error with utf8mb4 characters

> Wietse Venema via Postfix-users : > >>> My conclusion to hard-solve this issue on my system is transform all >>> tables to utf8mb4. >>> >>> But: > >>> - I don't see any option to change default charset on mysql_table >>> connector, maybe should be interesting add this option on

[pfx] Re: any web.de staff here?

> Wietse Venema via Postfix-users : > > Jaroslaw Rafa via Postfix-users: >> Dnia 16.04.2023 o godz. 16:32:41 Gerald Galster via Postfix-users pisze: >>> >>> Mails classified as spam or external forwards seemingly take another route >>> via mout-xfo

[pfx] Re: any web.de staff here?

> John Levine via Postfix-users : > [...] > If you are a customer, what happened when you contacted them through > their customer support channels and asekd for the support you are > paying for? Web.de is a german freemail provider like gmail. They might provide support for paid accounts only.

[pfx] Re: any web.de staff here?

> one of web.de's sender IPs is listed into zen.spamhaus.org as the following > info. > > 554 5.7.1 Service unavailable; Client host [82.165.159.35] blocked using z > en.spamhaus.org; https://www.spamhaus.org/sbl/query/SBL175032 Try to send your email via web.de (browser), which might use

[pfx] Re: MySQL error from not all the receiver

> unfortunately I don't know this topic, but I'm really willing to study. > Please do you have any documentation on this? Sorry, I can't recommend an up to date howto. Perhaps other list members can help. A lot of links at https://www.postfix.org/docs.html are outdated or do not exist

[pfx] Re: MySQL error from not all the receiver

> I have checked the commands you listed in your first email, but I do not find > any errors in the database, table, or MySQL service. Perhaps, as you say, > this is not the correct path for the configuration. Currently you are connecting via unix domain sockets. Mysql usually listens to

[pfx] Re: use object storage as message store

> Is it possible to use an object storage system (like aws's S3) to store > message files? if this can be implemented we may have a more persistent > storage for email. AFAIK aws's S3 has three replicas for each file in their > system by default. At that scale emails are usually delivered via

[pfx] Re: MySQL error from not all the receiver

> smtp_sasl_password_maps is configured with a connection parameter to db > connection and a simply select query. > [...] > if i use external smarthost, this mail is always sent regularly. I am also not sure what you want to achieve:

[pfx] Re: MySQL error from not all the receiver

> ok thanks. > > But what is the correct syntax for connect in db to set in sasl_password ? > how should i write it? > > now i try to follow your suggest of the first mail... Try to solve your problem step by step. Currently you are at "Can't connect to local MySQL server". In case your

[pfx] Re: MySQL error from not all the receiver

> i think the problem is "sasl-password" authentication file. No, your problem is related to mysql which is a database (daemon), that is accessed via sockets, not a file. > [...] > query = SELECT password FROM mailbox WHERE username = '%s' AND active = '1' > > and then "postmap" command. > >

[pfx] Re: MySQL error from not all the receiver

> - postfix/smtp[313760]: warning: connect to mysql server localhost: Can't > connect to local MySQL server through socket '/run/mysqld/mysqld.sock' (2) Have a look at your mysql logs (/var/log/mysql*, journalctl, /var/lib/mysql/*.err). MySQL may not be running, there may be corrupt tables

[pfx] Re: milter-reject: END-OF-MESSAGE

> 2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; proxy; > rspamd_task_write_log: id: , qid: <3129536A7A2>, ip: 165.72.200.209, > from: , (default: F (soft reject): [5.31/15.00] > [BAYES_HAM(-2.99){99.97%;},DCC_BULK(2.00){bulk Body=1 Fuz1=4 >

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

> * Patrick Ben Koetter via Postfix-users : > >> * Gerald Galster via Postfix-users > <mailto:list+post...@gcore.biz>>: >> I just wrote that because p@rick (sys4 AG) asked on the mailop mailinglist >> 2023-02-17 "Should mailing list messages be DK

[P-U] Re: New List Host and Reply-to Header

>>> This list uses Mailman configuration settings, not handcrafted code. >>> If people believe that it is worthwhile to change the Mailman >>> implementation or the DMARC spec, then I suggest that they work >>> with the people responsible for that. >> >> There is no need for changing

[P-U] Re: New List Host and Reply-to Header

> They add their own DKIM on top, aka "put an envelope" around "the > message", therefore the mail can be verified (to be from them). That's my point. I do not see a lot of benefit to verify a sender across a *discussion list*. Broken DKIM mails are usually rejected by mta before reaching

[P-U] Re: New List Host and Reply-to Header

> This list uses Mailman configuration settings, not handcrafted code. > If people believe that it is worthwhile to change the Mailman > implementation or the DMARC spec, then I suggest that they work > with the people responsible for that. There is no need for changing implementations, it's

[P-U] Re: New List Host and Reply-to Header

>> Is it the best idea to add a reply-to header to the author on mailing list >> emails? >> The problem I see is many people will hit reply in their email client which >> will create an email from them to the author, bypassing the mailing list. >> Unless they remember to manually alter the To:

[P-U] Re: Postfix lists are migrating to a new list server

Out of sheer curiosity ... Mailman 2 or 3? >>> >>> Mailman 3 with ARC support enabled. Additionally all listmail will be DKIM >>> signed. >> >> Do you plan to enable a public archive at >> https://list.sys4.de/hyperkitty/list/postfix-us...@de.postfix.org/ >> as an alternative to

[P-U] Re: Postfix lists are migrating to a new list server

>> Out of sheer curiosity ... Mailman 2 or 3? > > Mailman 3 with ARC support enabled. Additionally all listmail will be DKIM > signed. Do you plan to enable a public archive at https://list.sys4.de/hyperkitty/list/postfix-us...@de.postfix.org/ as an alternative to marc.info,

Re: [EXTERNAL] Mail queue took 3 hours to recover from a flood. Suggestions ?

> “replace Amavis with something faster” > > Any suggestions ? Add the following to amavisd.conf and restart: $log_level = 2; $log_templ = $log_verbose_templ; That way amavisd should log info about timing and rules which you can use to calculate how long it takes to process your average

Re: A little help/clarification on what SPF does please

>> What I'm not clear about is what happens when the mail is sent onwards >> by the 'smarthost' at Gandi. Does it change the envelope sender to > > Send an email to yourself and have a look at the headers. > Some MTAs add received headers like "received by for ". I meant Return-Path or look

Re: A little help/clarification on what SPF does please

>> Given an email from ch...@isbd.co.uk, originating at zbmc.eu and sent >> via mail.gandi.net (authenticated smtp submission) to b...@server.com: >> >> - server.com sees the ip address of mail.gandi.net (incoming connection) >> - server.com querys DNS for ch...@isbd.co.uk (host -t txt

Re: A little help/clarification on what SPF does please

> However most of the time I use my hosting at gandi.net to send my > E-Mail, so mail from ch...@isbd.co.uk originates on zbmc.eu, is > transferred by authenticated SMTP to mail.gandi.net and is sent on > from there to whatever its destination is. > > As I understand it the SPF records for

Re: Replacing initial "Received:" line on submission?

>>> 192.0.2.1:submission inet n - n - - smtpd >>> -o syslog_name=vpnsubmission >>> -o smtpd_sasl_auth_enable=no >>> -o >>> smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination >> -o header_checks=pcre:/etc/postfix/vpn_header_checks > > header_checks

Re: Replacing initial "Received:" line on submission?

> It definetely does not work. It only works for smtp not smtpd. > Also message_drop_headers+=. I now have disabled relay from the > outside completely and spawn a in-VPN-only-submission > > 192.0.2.1:submission inet n - n - - smtpd > -o syslog_name=vpnsubmission >

Re: none SRS issues

> Do you know why many providers even those big ones didn't implement SRS when > forwarding email to other ESP? > > for instance, outlook.com, mail.ru, and even google domains who has > specificed email forwarding feature for their domain users, don't have SRS > enabled in their forwarded

Re: letsencrypt and SSL alert number 80

> I'm seeing periodic entries like this in my maillog: > > Dec 12 13:12:47 xavier postfix-116/smtpd[1683671]: warning: TLS library > problem: error:0A000438:SSL routines::tlsv1 alert internal > error:ssl/record/rec_layer_s3.c:1584:SSL alert number 80: [...] >

Re: how to deal with t-online's blocking

> Those are obligations for web sites. But what about a mail sending domain > without web site ? As far as I'm aware there is no obligation (by law) to provide a website with legal info for e-mail only domains. Companies in Germany are required to include that information inside *every*

Re: how to deal with t-online's blocking

> Dnia 30.11.2022 o godz. 23:41:53 Nikolai Lusan pisze: >> >> My question is: How do they deal with non-european entities who do not >> have such legal impediments in their jurisdiction? > > While it is actually a legal requirement *in Germany* (not in whole Europe!) > and for *German*

Re: Outlook TLS errors after Microsoft Windows Update

>>> just wanted to let you know that Outlook users might run into problems >>> submitting mails after Microsoft's latest Windows update. >>> >>> Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: connect from >>> Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: SSL_accept error from >>> :

Re: Outlook TLS errors after Microsoft Windows Update

> just wanted to let you know that Outlook users might run into problems > submitting mails after Microsoft's latest Windows update. > > Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: connect from > Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: SSL_accept error from > : lost

Re: Outlook TLS errors after Microsoft Windows Update

>> Can you check the certificates' serial numbers? >> The working one begins with 03 and the problematic one with 04. >> >> There are 37 archived certificates for this hostname, 29 begin >> with "03" and only 8 with "04". >> >> Certificates starting with "04" occur since autumn 2019. >> After

Re: Outlook TLS errors after Microsoft Windows Update

>> This is very strange and I can confirm it. > > Can you test the other (working) certificate again? In Outlook set the > hostname as per certificate and in local hosts file in Windows force > IP of the destination server for this hostname. This way Outlook > should not complain about mismatched

Re: Outlook TLS errors after Microsoft Windows Update

>> The two certificate chains are structurally identical, differing only in >> minor details, such as: dates, keys, hostnames and signatures. > > There is another user (hopefully the URL below won't be blocked by the > list) with the same observation - only 1 of his servers affected and >

Re: Outlook TLS errors after Microsoft Windows Update

> We have witnessed the same issue on one of our mailservers. Both > servers are the same (postfix/debian), with the same config, both have > letsencrypt certificates. I'm just curious, which openssl version are you using? > However we got customer complaints only for 1 server. Renewing the >

Re: Outlook TLS errors after Microsoft Windows Update

>> For the time being I'll disable session tickets (at least) for submission. >> The performance impact is negligible in my case. >> >> Thanks for having a look! > > You're welcome. If you have a Microsoft support contract, you should > ideally file a bug report and refer to: > >

Re: Outlook TLS errors after Microsoft Windows Update

Any chance you could provide (off-list if you prefer) a PCAP recording of a good and a problem TLS session? >>> >>> I'll send it off-list. >> >> Thanks. I hope that'll shed more light on what's going on. > > The diff between the "good" and "bad" handshakes is below. The main >

Re: Outlook TLS errors after Microsoft Windows Update

This server does not support TLS 1.3 yet and TLS 1.2 is the only version currently allowed for submission. > > That sounds like a rather old (EOL) version of OpenSSL. TLS 1.3 > support was added in OpenSSL 1.1.1 [11 Sep 2018]. Are you using > OpenSSL 1.1.0 or the even older 1.0.2?

Re: Outlook TLS errors after Microsoft Windows Update

>> With session tickets disabled it logs: >> >>Anonymous TLS connection established from : TLSv1.2 with >>cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) >> >> This server does not support TLS 1.3 yet and TLS 1.2 is the only >> version currently allowed for submission. > > Do you have

Re: Outlook TLS errors after Microsoft Windows Update

>> Just wanted to let you know that Outlook users might run into problems >> submitting mails after Microsoft's latest Windows update. >> >> Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: connect from >> Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: SSL_accept error from >> : lost

Outlook TLS errors after Microsoft Windows Update

Hi, just wanted to let you know that Outlook users might run into problems submitting mails after Microsoft's latest Windows update. Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: connect from Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: SSL_accept error from : lost connection

Re: Mail and mail traces lost (?)

>> Or simply set in /etc/systemd/journald.conf: >> >> [Journal] >> Storage=none >> ForwardToSyslog=yes > > That does not fully solve the problem, since IIRC rate limits and > performance limitations still apply, perhaps somewhat improved for the > latter. I've set RateLimitInterval=0 and

Re: ESMTP banner duplicate

> I've been doing some tests of my postfix server and sometimes when I > connect, I get *two* ESMTP banners, one that has a hyphen (-) after the > 220, and one that doesn't. Other connections, I only get one banner: > > $ nc -v server.example.net 25 > Connection to server.example.net (10.0.0.1)

Re: any staff from the provider 5x2.de?

> So I am thinking 5x2.de should improve this for a better > forwarding solution. Why don't you contact them directly? ip registration (ripe): inetnum:136.243.126.128 - 136.243.126.159 netname:VIWA-INVEST-GMBH country:DE ... remarks:

Re: Untrusted TLS connection when sending emails to Google

>>> Sure, but the forensic value of the signal is rather weak, since you >>> learn nothing about the names in the certificate, and anyone can get >>> a certificate from Let's Encrypt. So your connection was to some >>> server that had some certificate, ... now what? >> >> You'll get the

Re: Untrusted TLS connection when sending emails to Google

>>> I am curious why with opportunistic TLS (security level may), you're >>> bothering to take any action to tweak the entirely cosmetic certificate >>> path validation status? >> >> What about parsing the maillog and adding those trusted servers to a table >> in order to enforce a higher tls

Re: Untrusted TLS connection when sending emails to Google

>> Thank you for the answers. I'm reading the documentation and we need to >> adjust the smtp_tls_CAfile indeed. I will adjust this as soon as >> possible and I will report the result here. > > I am curious why with opportunistic TLS (security level may), you're > bothering to take any action to

Re: Untrusted TLS connection when sending emails to Google

> I'm sorry if this is a frequent question, but we have deployed a new Postfix > server and we have enabled Opportunistic TLS. We have noticed that even with > a valid certificate when connecting to gmail servers the Untrusted TLS > connection is being displayed. > > I have updated the

Re: are mail isps dumb when seeing atest mail sent to your own server ?

> Well, I've tried to test my server setup (postfix++Spamassassin++) with an > official Gtube test mail and got rejected at sending (!) by all the isps I've > tried... can't test my own server because of that... how dumb they are! > > they aren't smart enough to recognize a test email

Re: multiple ip addresses for submission -- My Google Fu is lacking

> when a user clicks "send", the email client has to make some tcp-connection > to some ip address. > what if the hostname configured at the email client resolves to multiple ip > addresses? There are several hops that could randomize ips: - authoritative dns server - dns resolver at your

Re: I have successfully configured SSL/TLS for Postfix SMTP outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed

> Add the following firewall rules to /etc/sysconfig/iptables. This is > to open ports for services/daemons listening on TCP ports 25, 465, and > 587. /etc/sysconfig/iptables sounds like RHEL/CentOS, on Debian it might be /etc/iptables/rules.v4 or rules.v6 > -A INPUT ! -i lo -p tcp -m state

Re: Hostname DNS error

> Could it be a transient DNS/network problem? If it only You can check which nameservers are responsible: 1) with dns (/etc/resolv.conf) [user@server ~]$ dig +short radio-z.net ns robotns3.second-ns.com. ns1.first-ns.de. robotns2.second-ns.de. 2) with dns (tracing from dns root, asking every

Re: Hostname DNS error

> Aug 21 10:22:59 stretch postfix/smtpd[8394]: warning: hostname > mail.radio-z.net does not resolve to address 136.243.54.124 > Aug 21 10:22:59 stretch postfix/smtpd[8394]: connect from > unknown[136.243.54.124] > Aug 21 10:22:59 stretch postfix/smtpd[8394]: 18D3F6A40A2B: >

Re: Can send but not receive

> I had not removed the vhost on the VPS for keiththewebguy.com, so when I sent > email from the VPS to my home server, it saw the same email on the local > server (VPS) and routed it to the inbox. > > I am very surprised this occurred. I would have thought the sending server > (VPS) would

Re: Can send but not receive

> I am running Ubuntu 20.04lts / Apache / MySql (or a clone) / PHP / > BIND9 / Postfix / Dovecot > > Web server works. I have configred a lot of LAMP virtual host servers. > I am new to BIND9 / Postfix / Dovecot. > > FQDN is soho.keiththewebguy.com > > MX record is

Re: Training and/or Consluting ?

>> smtpd_use_tls = yes > > This is obsolete. The non-obsolete syntax is: Thanks for the hint, this seems to have survived some old configs of mine. I appreciate that postfix does not try to break configuration throughout the years. >> smtpd_tls_CAfile =

Re: Training and/or Consluting ?

> The links under "Training" on http://www.postfix.org/docs.html > are either dead links or are not in the United States (my current work/home > location) > > The problems with the available documentation: > * There seems to be no consensus about how to configure servers and services > Example:

Re: Specific DNS server

>> Is there a way to make Postfix/postscreen use a specific DNS server? > > Edit /etc/resolv.conf. > > No kidding - Postfix uses the SYSTEM LIBRARY for DNS lookups, and > the SYSTEM LIBRARY uses the resolv.conf file. Theree are no plans > to re-implement this part of the SYSTEM LIBRARY in

Re: bl.spamcop.net false positives

>> That aside, IMHO, this is a huge screw-up for SC - not even in the >> realm of acceptable… > > On the other hand, why did the domain registrar put a blanket entry for > *.spamcop.net pointing to their server's IP when the domain expired instead of > just returning NXDOMAIN? Because you can't

Re: bl.spamcop.net false positives

>> Given the ip 1.2.3.4 - if postfix is configured to query the spamcop >> blacklist then a dns query like this is issued: >> >> [gerry@noc ~]$ dig 4.3.2.1.bl.spamcop.net >> [...] >> ;; ANSWER SECTION: >> 4.3.2.1.bl.spamcop.net. 300 IN A 91.195.240.87 > > But isn't this a

Re: bl.spamcop.net false positives

Good news, the nameservers have changed again: [gerry@noc ~]$ whois spamcop.net Domain Name: SPAMCOP.NET Registry Domain ID: 3340109_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: http://www.enom.com Updated Date: 2021-01-31T16:04:06Z Creation Date:

Re: bl.spamcop.net false positives

Hello Ludi, > But if spamcop.net is still intact, how can someone grab bl.spamcop.net? it does not matter if spamcop servers are up and running, the problem is that the responsible dns-servers do not answer with the spamcop servers' ips anymore. Now the ip of a website belonging to a domain

Re: postfix with mysql - too many connections

>>> In my postfix proxymap may not be working very well: >>> warning: virtual_mailbox_domains: proxy:mysql:/etc/postfix/map.sql: table >>> lookup problem >>> warning: memcache:/etc/postfix/memcache_recipient_whitelist_cache.cf: table >>> lookup problem >>> >>> because in mysql i see many

Re: postfix with mysql - too many connections

> In my postfix proxymap may not be working very well: > warning: virtual_mailbox_domains: proxy:mysql:/etc/postfix/map.sql: table > lookup problem > warning: memcache:/etc/postfix/memcache_recipient_whitelist_cache.cf: table > lookup problem > > because in mysql i see many hanging processes

Re: postfix with mysql - too many connections

>> I gave you hint's on this very list two days ago ... >> >> Best regards >> Gerald >> >> > Yes but I have proxy_read_maps in main.cf: > > proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps > $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps

Re: postfix with mysql - too many connections

> I use postfix-3.1.15 and mysql (domain mp, policyd, whitelist) - this is > vary have high-volume server > > I read e-mail from this group near "Feb 07, 2016; 5:44pmRe: postfix with > mysql - too many connections" about changing proxy:mysql to sharing > connections >

Re: Adding route to Gateway server

> You can just add it to the transport file > Ex add this to the transport file: > 1...@1234test.com smtp:1.2.3.4 for ip addresses [] are required: 1...@1234test.com smtp:[1.2.3.4] The syntax of a nexthop destination is transport dependent. With SMTP, specify a

Re: Adding route to Gateway server

> I currently have 2 postfix servers as our gateway servers hosting our domain. > It is currently configure to receive internet email bound for our domain and > then send it to our ProofPoint servers for hygiene scrubbing. This is all > working great right now, but our Cyber team wanted us to

Re: too many connections

> check_recipient_access mysql:/etc/postfix/mysql_whitelist_recipient.cf > ... > "Dec 2 13:51:09 mail4 postfix/smtpd[21777]: warning: connect to mysql > server 127.0.0.1: Too many connections try http://www.postfix.org/proxymap.8.html check_recipient_access

Re: smtpd_recipient_restrictions Failure?

>>> Thanks, Gerald. I also have this in my main.cf configuration file: >>> smtpd_sender_restrictions = >>> permit_mynetworks, >>> reject_non_fqdn_sender, >>> reject_unknown_sender_domain, >>> check_client_access cidr:/etc/postfix/blacklist_cidr, >>> permit >>>

Re: smtpd_recipient_restrictions Failure?

> Thanks, Gerald. I also have this in my main.cf configuration file: > > smtpd_sender_restrictions = >permit_mynetworks, >reject_non_fqdn_sender, >reject_unknown_sender_domain, >check_client_access cidr:/etc/postfix/blacklist_cidr, >permit > > Shouldn't

Re: smtpd_recipient_restrictions Failure?

> Lately I've been getting email sent from one persistent spammer that's > somehow getting through my smtpd_recipient_restrictions filters. Here are > the message headers: > > Return-Path: [...] > From:=?UTF-8?B?RGVybWFDb3JyZWN0?= [...] > smtpd_recipient_restrictions = >

Re: antispam system powered by machine learning

>> Would you please suggest the antispam system which is powered by machine >> learning model/policy? >> I am working on ML/DL research filed and would like to know this industry >> system. > > I am not sure if this fits the requirement. I use rspamd.com. Works great for > me. > > They do

Re: Get MUA from Logs?

> Is it possible to determine the Mail User Agents in use via logging in > Postfix and / or Dovecot? Assert you're using header-checks with pcre in main.cf: header_checks = pcre:/etc/postfix/header_checks Then add the following to /etc/postfix/header_checks and reload postfix:

Re: smtpd_milters fallback/round robin via dns

>> I was wondering what will happen when a milter is defined using >> a hostname that returns multiple ips via dns: >> >> smtpd_milters = inet:ha.filter.com:12345 > > This will call inet_connect() (in util/inet_connect.c). This calls > the getaddrinfo() system library function to look up the

smtpd_milters fallback/round robin via dns

Hello, I was wondering what will happen when a milter is defined using a hostname that returns multiple ips via dns: smtpd_milters = inet:ha.filter.com:12345 ha.filter.com. IN A 10.0.1.1 ha.filter.com. IN A 10.0.2.2 Will postfix connect to 10.0.2.2 if 10.0.1.1 is not available or vice

Re: Postfix "IPv6-only" - experience/recommendation question

> What is a valid rDNS? How is it set? when you open an address in your browser a (forward) dns lookup will be initiated to get the server's ip address. A reverse lookup (rDNS) is the opposite. You query an ip address and get a fully qualified domainname back. Mailservers must have a matching

Re: Postfix "IPv6-only" - experience/recommendation question

Hi, > I've a generic question to all more experienced than me postfix users here: > Is it nowadays (reasonable) possible to run postfix with IPv6 only? E.g > "mail.example.com" and "smtp.example.com" with only ipv6 records in the > DNS, no A / ipv4 anymore? I would not yet advise to run

Re: Is it necessary to declare "alias_maps" in the main.cf? t.s.

> With all the problems that I'm having with my Postfix setup, I am taking a > deeper dive into the meaning of each parameter declaration. > Is it necessary to declare "alias_maps" in the main.cf or does it have a > default file path that it looks to or does it just not look at alias_maps if >

Re: dnsblog_query: lookup error for DNS query x.x.x.x.zen.spamhaus.org: Host or domain name not found.

>> Does the 'test' address work? See >> https://www.spamhaus.org/faq/section/DNSBL%20Usage#366 >> >> $ dig +short 2.0.0.127.zen.spamhaus.org @DNS.server >> >> for relevant values of 'DNS.server' including 127.0.0.1. > > dig @127.0.0.1 1.0.0.127.zen.spamhaus.org +short > ; <<>> DiG 9.14.8 <<>>

Re: BCC on local delivery agent?

Hi, > The quota warning email is send via Dovecot LDA (https://wiki.dovecot.org/LDA) > > This is the command in the shell script: > > /usr/lib/dovecot/dovecot-lda -f nore...@beckspaced.com -d $USER -o > "plugin/quota=dict:User quota::noenforcing:proxy::quota" as you said the dovecot quota

Re: easiest way to reject/process emails based on Return Path

>> Below is the PCRE that I came up with to catch the offending messages, >> without blocking other correspondence (the contacts and their >> organizations are likely to use Google's SMTP for their regular >> emails): >> >> /^Return-Path:(.+)(calendar-server.bounces.google.com)(.*)/ REJECT No

Re: Warning about non-existent MX for destination domain

> Gerald and Bill, you have both of you right, delay_warning_time it's the > parameter I was looking for. > Anyway, after setting up delay_warning_time=5m I noticed some warnings in > logs: > > Mar 10 17:52:02 mail postfix/bounce[7326]: warning: [built-in]: zero result > in delay template

Re: Warning about non-existent MX for destination domain

> On 10/03/2020 17:16, Wietse Venema wrote: >> This is a problem with your DNS resolver WHICH IS NOT PART OF >> POSTFIX. You need to use a better DNS resolver. >> >> With a properly functioning resolver: >> >> $ host -t mx www.postfix.org >> www.postfix.org

  1   2   >