Re: Unexpected record type 'X'

On 2022-09-06 23:18, Viktor Dukhovni wrote: On Tue, Sep 06, 2022 at 09:43:38PM -0400, J Doe wrote: Out of curiosity ... why do queue files require the execute bit ? That's how they're marked "complete". A partially written queue file is just read-write. When a queue is

Re: Unexpected record type 'X'

On 2022-08-30 10:35, Viktor Dukhovni wrote: On Tue, Aug 30, 2022 at 02:25:20PM +, Frank Brendel wrote: So I can try to reproduce it by simply putting that file into the incoming queue? Within the same filesystem, yes. Our test system has FreeBSD 13.1 and Postfix 3.7.2 installed. I'd

Re: AW: Spam pass the filter

On 2021-09-18 6:10 p.m., Christian Schmitz wrote: On Saturday 18 September 2021 10:13:41 ludic...@gmail.com wrote: Hi, pcre header checks we use. Not all the time, depends on spam volume from these valuable enterprises. #/sjmedia.us/ REJECT A mass mail service abused by criminals

Re: Problems emailing bell.net or sympatico.ca addresses

On 2021-09-17 5:48 p.m., Ian Evans wrote: Just curious if anyone on the list has ever had issues with their postfix server communicating with bell.net or their related sympatico.ca email addresses? I've been trying to send to a few but keep getting "421

Re: STARTTLS abuse

On 2021-09-07 7:11 p.m., Bill Cole wrote: On 2021-09-07 at 14:42:33 UTC-0400 (Tue, 7 Sep 2021 19:42:33 +0100) Adam Weremczuk is rumored to have said: Hi all, It's postfix 3.1.6-0+deb9u1 on Debian 9. Since enabling STARTTLS on port 25 I'm getting lots of traffic looking like this (relay

Re: Question about service daemon man pages

On 2021-05-22 8:05 a.m., Wietse Venema wrote: J Doe: A section that is shared in all of the service daemon man pages is "CONFIGURATION PARAMETERS". In bounce(8) there are parameters under this section that relate to delivery status notifications. For instance: delay_notice

Re: Question about service daemon man pages

On 2021-05-21 7:34 p.m., Wietse Venema wrote: J Doe: Hello, I have a question about the man pages for the service daemons that are executed via master(8). A section that is shared in all of the service daemon man pages is "CONFIGURATION PARAMETERS". In bounce(8) there are parame

Question about service daemon man pages

Hello, I have a question about the man pages for the service daemons that are executed via master(8). A section that is shared in all of the service daemon man pages is "CONFIGURATION PARAMETERS". In bounce(8) there are parameters under this section that relate to delivery status

Re: Submission and milter_macro_daemon_name parameter

On 2021-05-15 12:08 a.m., Benny Pedersen wrote: On 2021-05-15 04:30, J Doe wrote:     1.  Why was the magic value of "ORIGINATING" used in the Digital Ocean example ?     2.  Can I allow the default value of: milter_macro_daemon_name to be used _WITHOUT_ affecting OpenDKIM

Re: Submission and milter_macro_daemon_name parameter

On 2021-05-14 11:38 p.m., Bill Cole wrote: On 2021-05-14 at 22:30:18 UTC-0400 (Fri, 14 May 2021 22:30:18 -0400) J Doe is rumored to have said: My questions are:     1.  Why was the magic value of "ORIGINATING" used in the Digital Ocean example ? It's not 'magic' but it is

Submission and milter_macro_daemon_name parameter

Hello, I have a question regarding configuring submission with Postfix. I am dusting off a configuration for a server that has been functioning well for the past three years. When I set up submission, I used the example from Digital Ocean here:

Re: Postfix delay notifications

On 2021-05-14 5:17 p.m., Wietse Venema wrote: > J Doe: >> Hello, >> >> I have been experimenting with DSN's regarding delayed e-mails. >> >> My current config is: >> >> /etc/postfix/main.cf >> delay_notice_recipient

Postfix delay notifications

Hello, I have been experimenting with DSN's regarding delayed e-mails. My current config is: /etc/postfix/main.cf delay_notice_recipient = postmaster notify_classes = delay delay_warning_time = 15m confirm_delay_cleared = yes . . . ... and

Re: Postfix -> Whatapp

On 2020-05-26 1:52 p.m., Phil Stracchino wrote: On 2020-05-26 13:42, Jos Chrispijn wrote: Is there a way of Postfix sending a Whatsapp message to a user when there came in email for her/him? Thanks, Jos No. That is utterly and totally not Postfix's, or any MTA's, job. Period. If you wanted

Re: Unusual TLS setting logged by Postfix

> On Oct 22, 2019, at 9:08 PM, Viktor Dukhovni > wrote: > > You see them not used. Kx=RSA. See ciphers(1): Hi Viktor, Thank you for sending this - for some reason, I had it in my mind that key distribution was only via DH/DHE/ECDHE and I completely forgot about RSA (as well as a couple

Re: Unusual TLS setting logged by Postfix

> On Oct 22, 2019, at 1:18 AM, Viktor Dukhovni > wrote: > >$ openssl ciphers -stdname -s -tls1 -V AES256-SHA >0x00,0x35 - TLS_RSA_WITH_AES_256_CBC_SHA - AES256-SHA SSLv3 > Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 Hi Viktor, Ah, cool - I did not realize I could use

Unusual TLS setting logged by Postfix

Hello, I am aware that this is not an error on Postfix’s fault, but I found the following entry in one of mail server’s logs confusing. I am using Postfix 3.3.0: Oct 21 06:09:51 server postfix/smtpd[31405]: Anonymous TLS connection established from unknown[77.120.120.29]:33126: TLSv1 with

Re: EHLO restrictions and address literals

> On Sep 11, 2019, at 6:15 PM, Bill Cole > wrote: > > On 11 Sep 2019, at 17:05, J Doe wrote: > >> I glanced briefly to see if there were any other ways to restrict this but >> none seemed evident to me. > >> Is there a way to achieve this ? > >

Re: EHLO restrictions and address literals

> On Sep 11, 2019, at 5:25 PM, Viktor Dukhovni > wrote: > >> On Sep 11, 2019, at 5:05 PM, J Doe wrote: >> >> Is there a way to achieve this ? Alternatively, should I not be attempting >> to do this because legitimate server’s sometimes EHLO address litera

EHLO restrictions and address literals

Hi, I have a question regarding restrictions I can place on EHLO in the smtpd_helo_restrictions parameter. I have a Postfix server that is Internet facing. I periodically receive e-mail where the other MTA sends a EHLO of an address literal. I checked RFC 5321 (SMTP), and confirmed that

Re: Question regarding DNSBL behaviour

> On Sep 10, 2019, at 4:41 PM, Bill Cole > wrote: > >> Hello, >> >> I have a question regarding DNSBL usage with the main.cf >> smtpd_client_restrictions parameter. >> >> I have a server configured to check SpamHaus: >> >> main.cf >> . . . >> smtpd_client_restrictions =

Re: Question regarding DNSBL behaviour

>> Sep 7 16:13:08 server postfix/smtpd[28363]: warning: >> 188.50.102.94.zen.spamhaus.org: RBL lookup error: Host or domain name not >> found. Name service error for name=188.50.102.94.zen.spamhaus.org type=A: >> Host not found, try again >> >> I am wondering - in normal checks against

Re: Question regarding DNSBL behaviour

>> Hello, >> I have a question regarding DNSBL usage with the main.cf >> smtpd_client_restrictions parameter. >> I have a server configured to check SpamHaus: >> main.cf >> . . . >> smtpd_client_restrictions = reject_rbl_client >> zen.spamhaus.org=127.0.0.[2..11], >> . . . >> This

Question regarding DNSBL behaviour

Hello, I have a question regarding DNSBL usage with the main.cf smtpd_client_restrictions parameter. I have a server configured to check SpamHaus: main.cf . . . smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org=127.0.0.[2..11], . . . This has been working

DKIM signing of bounce back messages

Hello, I have a question regarding DKIM signing on Postfix bounce back messages. I was tuning my Dovecot installation around quotas. I sent a test message from Hotmail to a test account on my server to test generation of a bounce back when a user exceeds their quota. The message was

Connections from "unknown"

Hello, I noticed something interesting in my logs today. I am running Postfix 3.3.1: Aug 24 21:09:25 server postfix/submission/smtpd[10256]: connect from unknown[unknown]:unknown Aug 24 21:09:25 server postfix/submission/smtpd[10256]: lost connection after CONNECT from

Re: Best place for DNSBL restrictions

> Hi Bill and Wietse, > > Thank you for your replies. > > Ah, thank you for the warning regarding SpamCop - and also for the note about > weighting being a postscreen only feature. > > I was wondering if perhaps one of the reasons why people tend to use SMTP > restrictions instead of

Re: Best place for DNSBL restrictions

> On Jun 24, 2018, at 9:37 AM, Wietse Venema wrote: > > J Doe: >> Hello, >> >> I manage a small mail server and have been using Spamcop as a DNSBL?s via >> postscreen: >> >>/etc/postfix/main.cf >>postscreen_dnsbl_sites = bl.s

Best place for DNSBL restrictions

Hello, I manage a small mail server and have been using Spamcop as a DNSBL’s via postscreen: /etc/postfix/main.cf postscreen_dnsbl_sites = bl.spamcop.net postscreen_dnsbl_action = drop After reading RFC 5782 “DNS Blacklists and Whitelists”, I decided to add some more

Re: Question regarding OpenDKIM milter with Postfix 3.1.0

Hi Andreas, > > yes, the OpenDKIM lists are unfortunately broken since a long time. I hope I > could push the list admin to fix that. > Ok, thank you for confirming that. I was wondering if it was just my attempts to post to the list > I never used caching in OpenDKIM and disable it where

Question regarding OpenDKIM milter with Postfix 3.1.0

Hi, I apologize for asking a question that is only tangentially related to Postfix, however the OpenDKIM mailing lists do not appear to be accessible. I am using Postfix 3.1.0 and OpenDKIM 2.10.3. Upon reboot of my server, I noticed “normal” stats regarding caching (which I have enabled in

Postfix, milters and quarantine actions

Hello, I had some questions regarding milters in general, with the questions initially focused on the OpenDKIM milter (version 2.10.3), on Postfix 3.1.0 In man 5 opendkim.conf, under the CaptureUnknownErrors parameter, it specifies: When set, and on systems where MTA quarantine is

Re: Removing trace records on submission MSA

Hi Viktor, > On Apr 7, 2018, at 1:32 PM, Viktor Dukhovni > wrote: > > It is now portable POSIX. For the record, in email the allowed whitespace is > more narrow than > is recognized by [[:space:]], you're not likely to run into any false > positives. The email >

Re: Removing trace records on submission MSA

Hi Viktor and Dominic, > On Apr 7, 2018, at 2:46 AM, Dominic Raferd <domi...@timedicer.co.uk> wrote: > > On 7 April 2018 at 07:39, J Doe <gene...@nativemethods.com > <mailto:gene...@nativemethods.com>> wrote: > Hi Viktor and Dominic, > > If

Re: Removing trace records on submission MSA

Hi Viktor and Dominic, If I do the following on Ubuntu 16.04 LTS: $ echo "1 2" | egrep '[[:digit:]]\s[[:digit:]]’ 1 2 … where “1 2” are highlighted in bash Am I correct that since this POSIX regex for the digits AND the \s is still being interpreted, my system must support the GNU

Re: Removing trace records on submission MSA

Hi Viktor, > On Apr 7, 2018, at 2:04 AM, Viktor Dukhovni > wrote: > > FreeBSD 11 (POSIX): > > $ echo "1 b" | egrep '\d\s\w' > $ > > MacOS High Sierra (POSIX with GNU or similar extensions): > > $ echo "1 b" | egrep '\d\s\w' > 1 b > $ > > Your Ubuntu system

Re: Removing trace records on submission MSA

Hi Viktor, > On Apr 7, 2018, at 1:50 AM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > >> On Apr 7, 2018, at 1:34 AM, J Doe <gene...@nativemethods.com> wrote: >> >> mmm. I just sent a test message via submission to a Gmail account and >

Re: Removing trace records on submission MSA

Hi Viktor, > On Apr 7, 2018, at 1:26 AM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: >> On Apr 7, 2018, at 1:23 AM, J Doe <gene...@nativemethods.com> wrote: >> >> I did some Googling for doing PCRE to POSIX regular expressions and updated >

Re: Removing trace records on submission MSA

Hi Viktor, > On Apr 7, 2018, at 12:36 AM, Viktor Dukhovni > wrote: > > That's PCRE syntax. > >> Does anyone know what I’m doing wrong and/or is there a way to make Postfix >> provide more debug output for a regexp: operation ? > > You're using a "regexp" table,

Re: Removing trace records on submission MSA

Hi Karol, > I am using this: > > /^(Received:) from.*]\).*(.{2}by mail\.nimitz\.pl.*Postfix.*) (with > [E]{0,1}SMTP[S]{0,1}[A]{0,1}) (.*)/ REPLACE $1 from mail.nimitz.pl > (localhost [127.0.0.1])$2 with SMTP $4 > > Just change 'mail.nimitz.pl' with FQDN of your server. This expression > works

Re: Removing trace records on submission MSA

Hi Philip, >> Thank you for your reply. >> >> I currently use DKIM and as per the RFC for DKIM, I don’t include trace >> headers in the message hash that makes up the DKIM signature. I am under >> the impression that my DKIM signatures should be correct in this case if I >> use your solution

Re: Removing trace records on submission MSA

Hi Phillip, >> I have a question in regards to removing some trace records when providing >> submission on Postfix 3.1.x and later. >> >> While reading RFC 6409 (“Message Submission for Mail”), I note that the RFC >> observes that: >> >> "Even when submitted messages are complete, local

Re: domain email autoconfiguration

Hi David, > On Mar 31, 2018, at 8:52 PM, Wietse Venema wrote: > > David Mehler: >> Hello, >> >> If anyone has autoconfiguration going with their email domain please >> email me privately. I'd like to ask you some questions about your >> setup. What do you use? > >

Re: Forcing TLS 1.2 on submission

Hi Viktor > On Mar 29, 2018, at 3:15 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > > > >> On Mar 29, 2018, at 2:56 PM, J Doe <gene...@nativemethods.com> wrote: >> >> I am attempting to restrict the TLS protocol version used by

Forcing TLS 1.2 on submission

Hi, I am attempting to restrict the TLS protocol version used by my SMTP AUTH’d clients on the submission service. In master.cf I have added the following to the submission service: -o smtpd_tls_ciphers=high -o smtpd_tls_exclude_ciphers=EXPORT,MEDIUM -o

Question regarding 8BITMIME / BINARYMIME

Hi, I have a question regarding 8BITMIME. I know Postfix supports 8BITMIME and does not support BINARYMIME, but I am wondering why both 8BITMIME and BINARYMIME are ESMTP extensions. It would appear that 8BITMIME solves the same problem as BINARYMIME (allow 8-bit encoding of MIME), so why

Re: How to write a milter with access to carddav

Hi Andre, > On Mar 9, 2018, at 6:53 AM, André Rodier wrote: > > Hello, > > I would like to know if there is any milter for postfix that would let > me query a CardDav server? > > The idea is to add a custom header, for instance 'X-Address-Book: > Personal' if the from email

Removing trace records on submission MSA

Hi, I have a question in regards to removing some trace records when providing submission on Postfix 3.1.x and later. While reading RFC 6409 (“Message Submission for Mail”), I note that the RFC observes that: "Even when submitted messages are complete, local site policy may dictate that

Re: ETRN use and Postfix configuration

Hi LuKreme, > On Mar 4, 2018, at 8:44 AM, LuKreme wrote: > > Isn't ETRN a good thing? What's the benefit from disabling it? > -- > My main job is trying to come up with new and innovative and effective ways > to reject even more mail. I'm up to about 97% now. > It’s a

Re: postwhite? (why not?)

Hi Wietse, > On Mar 2, 2018, at 1:49 PM, Wietse Venema wrote: > > Postscreen blocks sites based on: > > - Their reputation that hey don't send legitimate mail. > zen.spamhaus.org and bl.spamcop.net are examples of that. > > - Their behavior. The postscreen pregreet test

Re: postwhite? (why not?)

Hi Wietse, > On Mar 2, 2018, at 10:15 AM, Wietse Venema wrote: > > Perhaps it is time to repeat what postscreen is and is not. > > Don't use postscreen to block spam. Use postscreen to block spambots. > Those who misunderstand the difference will be disappointed. > > In

Re: postscreen_dnsbl_whitelist_threshold and SORBS and Google

Hi, > On Mar 1, 2018, at 4:17 PM, MRob wrote: > Good suggestions thank you everyone. Over the last 24hours I saw clients > SORBS listed: > > ** a few that were listed by other RBLs > ** many that were senders I can't block or delay: facebook, google, etc > ** one or two

ESMTP CHUNKING

Hi, I have been reading about the ESMTP CHUNKING extension (RFC 3030), after noticing that both Hotmail and Gmail advertise it on EHLO. I checked the Postfix man pages (man 5 postconf), as well as the Postfix documentation at postfix.org [1] and can’t see any documentation related to it.

Re: Question regarding VRFY

Hi John, > On Feb 27, 2018, at 3:25 PM, John Fawcett wrote: > I can't think of a compelling reason either to enable VRFY or to disable > it. Disabling it stops people abusing it, but then they can just use > RCPT TO to get the same information in most cases. I disabled it

Re: ETRN use and Postfix configuration

Hi Noel, > On Feb 27, 2018, at 10:18 PM, Noel Jones wrote: >> ** Is Postfix logging that ETRN is disabled on the first, unencrypted SMTP >> session and then logging this again for the encrypted session (ie: Postfix >> is just logging I disabled this and Google is not

ETRN use and Postfix configuration

Hello, I read the “Postfix ETRN Howto” [1] as well as man 5 postconf with regards to: postscreen_discard_ehlo_keywords smtpd_discard_ehlo_keywords ... and disabled the announcement of ETRN via: postscreen_discard_ehlo_keywords = ETRN smtpd_discard_ehlo_keywords = ETRN I then

Question regarding VRFY

Hi, I read in both the Postfix man file (man 5 postconf), and the SMTP RFC (5321), that VRFY can be disabled on a site-by-site basis. I disabled this on my server for port 25 but am wondering if I should leave this enabled on my Postfix instance that provides submission (587) ? I have

General websites on e-mail administration that also cover Postfix ?

Hi, I was looking for some websites that covered e-mail administration in general and that also mentioned Postfix. I checked the Postfix homepage [1] and on the link “Howtos and FAQs” there are two links at the bottom under the heading “General E-mail/System Administration”. Unfortunately

IP ACL’s for smtpd port 25 and not submission

Hi, I currently use postscreen on my Postfix version 3.1.0 mail server. I implement IP ACL’s via it to ban malicious connections (generally from xDSL IP blocks), against smtpd running on port 25. I have recently configured and turned on submission with SASL. With submission available, I

Diffing man 5 postconf changes between releases

Hi, I currently use Postfix version 3.1.0. I know that there are announcements of feature changes between each release of Postfix via e-mail and I read these, but I was wondering if there was an easy way to see the changes to the main.cf configuration parameters between versions ? For

Question regarding smtpd DNS resolution

Hello, I had a question about Postfix’s smtpd DNS resolution. In my logs (generally from spam sources), I see the following: Feb 4 15:05:46 server postfix/smptd[718]: warning: hostname 1-2-3-4.dyn.isp.net does not resolve to address 1.2.3.4: Name or service not known Does this mean that: 1.

Re: submission configuration in master.cf

Hi Noel, > On Jan 23, 2018, at 4:39 PM, Noel Jones wrote: > >> I was wondering about a configuration parameter listed with the default >> submission configuration in master.cf. >> >> One of the parameters that overrides the settings in main.cf >>

submission configuration in master.cf

Hi, I was wondering about a configuration parameter listed with the default submission configuration in master.cf. One of the parameters that overrides the settings in main.cf “milter_macro_daemon_name” is set to “ORIGINATING” instead of the default value in main.cf. Why is this done ?

Re: Request for feedback on SMTPD restrictions

Hi, > On Jan 22, 2018, at 8:43 AM, Matus UHLAR - fantomas wrote: > >> smtpd_helo_required = yes >> smtpd_helo_restrictions = permit_mynetworks, >>reject_unauth_pipelining, >> reject_invalid_helo_hostname, >>reject_non_fqdn_helo_hostname, >>check_helo_access

Re: Request for feedback on SMTPD restrictions

Hi Noel, > On Jan 21, 2018, at 3:35 PM, Noel Jones >> smtpd_client_restrictions = permit_mynetworks, >>reject_unauth_pipelining, >>check_client_access hash:/etc/postfix/client_acl, >>reject_unknown_client_hostname, >>permit > >

Request for feedback on SMTPD restrictions

Hi, I have a basic SMTP server set up with what I believe to be good smtpd_*_ restrictions, but I was wondering if anyone could provide any insight on how to improve them or if I have been redundant in the restrictions. Even with reading the man pages, I find some of the restrictions tricky.

Question regarding SASL auth only over TLS in SMTP server

Hi, I have a question about enabling SASL authentication in the Postfix SMTP server *ONLY* over TLS. In the documentation [1] under the “Encrypted SMTP session (TLS)” heading, it lists recommended configurations for SASL auth that restrict the SASL mechanisms to noanonymous and noplaintext:

Cyrus vs Dovecot for SASL AUTH and IMAP

Hi, I am looking to use either Cyrus or Dovecot for both SASL authentication and IMAP. While Postfix 3.1.0 supports both, I was wondering which to prefer if security is my most important deciding factor ? Does one have a better track record than the other ? Thanks, - J

Questions about auto replying in VIRTUAL_README

Hi, I have two questions about the “Autoreplies” section in the VIRTUAL_README [1]. If I was setting up auto replies for the virtually hosted domain of “example.com”, would the correct configuration be: /etc/postfix/main.cf virtual_alias_maps = hash:/etc/postfix/virtual

Questions about mailing list managers in VIRTUAL_README

Hi, I have a question about the “Mailing List” section in the VIRTUAL_README [1]. The third paragraph states: “This example assumes that in main.cf, $myorigin is listed under the mydestination parameter setting...” Because the mailing list is being set up with virtual hosting, doesn’t

Questions regarding ecliptic curve support

Hi, I had two short questions regarding Postfix’s elliptic curve support for the SMTP server. 1. Under the man documentation for: tls_eecdh_strong_curve the documentation states “...approximately 128-bit security...”. Is that saying that it is equivalent to 128-bits RSA or it provides an

Re: Minor grammar mistake in man 5 postconf

> On Jan 8, 2018, at 8:55 PM, Wietse Venema <wie...@porcupine.org> wrote: > > J Doe: >> This should be changed to: >> >>?When this constraint is violated, or any of the digest records are >> malformed, >>digest algorithm agility will *BE*

Minor grammar mistake in man 5 postconf

Hi, I noticed a very small grammatical error under: man 5 postconf Under the configuration parameter: tls_dane_digest_agility under the “maybe” option, the second last sentence states: “When this constraint is violated, or any of the digest records are malformed, digest algorithm

TLS session tickets versus TLS session cache

Hi, I have noticed in the Postfix documentation (man 5 postconf), that the smtpd_tls_session_cache_database parameter notes: “As of Postfix 2.11 the preferred mechanism for session resumption is RFC 5077 TLS session tickets...for Postfix >= 2.11 this parameter should generally be left empty”

Question regarding smtpd_recipient_restrictions

Hi, I have a basic question regarding the smtpd_recipient_restrictions parameter. From what I understand, these are restrictions applied to the SMTP RCP TO command. In the case of a server that receives mail for a domain and also allows clients to send mail through it (via AUTH’d clients),

Re: Distinction between next-hop and nexthop ?

> On Dec 15, 2017, at 5:38 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > >> On Dec 15, 2017, at 5:37 PM, J Doe <gene...@nativemethods.com> wrote: >> >> Example: >> >> “Match against the next-hop domain...” >> >&

Distinction between next-hop and nexthop ?

Hi, I was reading the documentation for the smtp_tls_verify_cert_match parameter in man 5 postconf and noted under the “nexthop” strategy that both next-hop and nexthop are specified. Example: “Match against the next-hop domain...” “When MX lookups are not suppressed, this is the

Re: Question regarding use of amavisd-new

On Dec 12, 2017, at 11:12 AM, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: >>> On 2017-12-12 10:55, J Doe wrote: >>> I was wondering if fellow Postfix users would still recommend using >>> amavisd-new when integrating AV (ClamAV), and spam filtering (SpamA

Question regarding use of amavisd-new

Hi, I was wondering if fellow Postfix users would still recommend using amavisd-new when integrating AV (ClamAV), and spam filtering (SpamAssasin) ? The site I have this in mind for receives a moderate amount of e-mail per day. This appears to be the most mentioned configuration via web

Re: Question about CA’s for the smtp client

Hi Victor, > On Dec 11, 2017, at 6:13 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > >> On Dec 11, 2017, at 5:40 PM, J Doe <gene...@nativemethods.com> wrote: >> >> I have a question regarding specifying where the list of trusted CA’

Question about CA’s for the smtp client

Hi, I have a question regarding specifying where the list of trusted CA’s are in regards to the smtp client. In man 5 postconf, I can see there are two configuration parameters regarding this: smtp_tls_CAfile smtp_tls_CApath The documentation (as I understand it), notes that: 1.

Re: Question regarding smtp_per_record_deadlne parameter

Hi Wietse, > On Dec 6, 2017, at 8:00 AM, Wietse Venema wrote: > > Viktor Dukhovni: > > With TLS turned on, the deadline is enforced per TLS message, which > can be up to 16kbytes. 16kbytes in 10s would be difficult with a > dialup or low-tech cellular network. > >

Re: Question regarding smtp_per_record_deadlne parameter

> On Dec 5, 2017, at 1:46 PM, Noel Jones wrote: > > If you're only connecting to google over a decent internet link, I > doubt you'll see any effect whatsoever. Kinda like me using polar > bear bait in Tennessee. > > -- Noel Jones Hi Noel, That actually reminded me

Re: Question regarding smtp_per_record_deadlne parameter

something like this. If anyone’s interested, I can always report back to the list about it. - J > On Dec 4, 2017, at 7:39 PM, Wietse Venema <wie...@porcupine.org> wrote: > > Noel Jones: >>> On 12/4/2017 3:35 PM, J Doe wrote: >>> Hello, >>> >>> I c

Question regarding smtp_per_record_deadlne parameter

Hello, I currently have a server that is configured as a mail forwarding domain [1]. Using example.com as an example: /etc/postfix/main.cf virtual_alias_domains = example.com virtual_alias_maps = hash:/etc/postfix/virtual /etc/postfix/virtual u...@example.com

Re: Question about postscreen_cache.db

Hi, > On Nov 11, 2017, at 7:24 PM, Wietse Venema wrote: > > Or you can use 'lmdb:' instead 'btree:'. LMDB support was added in Postfix > 2.11. > It's a totally different implementation. That’s a great idea - that will side-step any Berkeley DB specific bugs. Thanks, -

Re: Question about postscreen_cache.db

Hi Wietse, > On Nov 11, 2017, at 8:37 AM, Wietse Venema <wie...@porcupine.org> wrote: > > J Doe: >> Is this really the only way to fix this, though ? This feels a bit like a >> workaround as opposed to the ?correct? solution (assuming that there is a >> ?

Re: Question about postscreen_cache.db

Hi, > On Nov 11, 2017, at 3:06 AM, J Doe <gene...@nativemethods.com> wrote: > > Hello, > > I have an admittedly basic question, but I have been trying to troubleshoot > this for a while with no success. > > I have enabled postscreen(8) on Postfix 3.1 and re

Question about postscreen_cache.db

Hello, I have an admittedly basic question, but I have been trying to troubleshoot this for a while with no success. I have enabled postscreen(8) on Postfix 3.1 and receive a warning in mail.log: “close database /var/spool/postfix/var/lib/postscreen_cache.db: No such file or directory

Question about message_drop_headers and DKIM

Hi, I have a question regarding the message_drop_headers main.cf configuration parameter. The man page states that it: “[specifies] names of message headers that the cleanup(8) daemon will remove after applying header_checks(5) and *BEFORE* invoking Milter applications...”

Re: Removal or obfuscation of mail_name

Hi Victor, >> I was wondering (and I know the gains would be minor given that this >> falls into security through obscurity), is there anything to gain by >> either removing this or specifying something false ? > > There is nothing to be gained by pretending your server is not running >

Removal or obfuscation of mail_name

Hello, I was reading about the mail_name parameter in main.cf. I was wondering (and I know the gains would be minor given that this falls into security through obscurity), is there anything to gain by either removing this or specifying something false ? Is there any third-party servers or

Question about relay_domains parameter

Hello, I currently have my server configured to perform virtual domain hosting. It forwards mail addressed to addresses for my virtual domain (ex: example.com), to Gmail accounts. Mail —> u...@example.com —> u...@gmail.com I was reading more about the relay_domains parameter in “man 5

Re: Eliminating backscatter

Hi Noel, >> On Oct 30, 2017, at 6:42 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: >> >> On 10/30/2017 5:07 PM, J Doe wrote: >> >> How do I stop backscatter generated from my server in response to the >> bounces from Gmail ? > > This is

Re: Eliminating backscatter

Hi Noel, > On Oct 30, 2017, at 4:07 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: > >> On 10/30/2017 2:52 PM, J Doe wrote: >> Hi, >> >> One of my mail servers (Postfix 3.1.0), is configured to perform virtual >> domain hosting. It forwards mail to th

Eliminating backscatter

Hi, One of my mail servers (Postfix 3.1.0), is configured to perform virtual domain hosting. It forwards mail to the virtual domain to mailboxes of users on Gmail. I can see in my mail log that spam with forged origin addresses sometimes comes into my server that is addressed to virtual

Re: Question about default_destination_concurrency_limit

Hi Viktor, > On Oct 30, 2017, at 12:11 AM, Viktor Dukhovni > wrote: > >> I had a question regarding the main.cf parameter >> “default_destination_concurrency_limit”. The man page (man 5 postconf), >> states it is: “The default maximal number of parallel

Question about default_destination_concurrency_limit

Hi, I had a question regarding the main.cf parameter “default_destination_concurrency_limit”. The man page (man 5 postconf), states it is: “The default maximal number of parallel deliveries to the same destination.” and that this applies to the smtp(8) delivery agent. This got me wondering .

Re: Question regarding smtpd and log of “Untrusted TLS connection”

Hi Viktor, > On Oct 20, 2017, at 6:14 PM, Viktor Dukhovni > wrote: > >> In the documentation I have noted that even if STARTTLS is enabled, mail >> delivery will not be stopped even if the certificate at the other server >> is invalid or is a self-signed

Question regarding smtpd and log of “Untrusted TLS connection”

Hello, I currently have a Postfix 3.1.0 server with smtpd configured to use opportunistic TLS encryption: /etc/postfix/main.cf smtpd_tls_security_level = may In the documentation I have noted that even if STARTTLS is enabled, mail delivery will not be stopped even if the

  1   2   >