lists wrote:
FWIW my VPS only allows one reverse pointer. I host multiple domains so only
one reverse pointer will match. My mail does not get bounced for that.
And before someone posts you can have more than one reverse pointer per IP the
VPS (Digital Ocean) says it can't be done.
Multiple
Alex wrote:
Hi,
I have postfix-3.5.10 configured as a multi-instance along with
amavisd for spam filtering. Amavis is limited in its ability to create
different filtering policies for individual domains,
Unless a lot of functionality has been dropped since I last took a dive
in the Amavis
raf wrote:
Being flippant, it would protect against a
man-in-the-middle-attack where someone tricks you into
reading false online documentation. :-)
Why bother? Most of us can misread the docs perfectly well all on our
own...
-kgd
Jim wrote:
On Tue, Nov 16, 2021 at 11:41 (-0500), Kris Deugau wrote:
Jim wrote:
On Mon, Nov 15, 2021 at 12:25 (-0500), Wietse Venema wrote:
Instead, use Maildir format with one message per file,
I thought about that once, but I decided I have too many e-mail
messages for that. (I don't
Jim wrote:
On Mon, Nov 15, 2021 at 12:25 (-0500), Wietse Venema wrote:
Finally, if you want to keep lots of mail around, don't keep
everything in one huge mailbox file.
I actually have a bunch of huge mailbox files ;-)
(Yeah, way too much email.)
Instead, use Maildir format with one message
post...@ptld.com wrote:
> Please RTFM Postfix documentation. If it does not mention IP addresses
> then it does not use the IP addres,
I did read the manual which says:
"Reject the request when the HELO or EHLO hostname has no DNS A or MX
record."
Good. Does it mention IP addresses? No it
Turritopsis Dohrnii Teo En Ming wrote:
I have asked this question in iRedMail support forums but nobody knows
the answer.
I have sent an email to Cybonet Technical Support but received no replies.
My Postfix (+Amavisd) Linux mail server was installed and configured
automatically using iRedMail
Sven Schwedas wrote:
On 23.04.21 08:36, Nicky Thomassen wrote:
But there is no need for that on a read-only site like Postfix'. In my
opinion,
anyway.
It's only a read-only site as long as there's no man in the middle
attack injecting malicious code into the connection. There's too few
Marek Kozlowski wrote:
:-)
I know that clamav and spamassassin are out of scope of this list. But
my question is more postfix-related. Most systems and Linux distros have
tutorials on postfix, spamassassin and clamav. In most of I've read the
recommended way of connecting clamav is via
Christopher Walker wrote:
I'm really hoping to get messages
into a user's Junk folder without using IMAP sieve.
I'm curious why; on-delivery message sorting like this is pretty much
what sieve is *for*...
-kgd
Chris Green wrote:
While I'm about it why am I getting identical mail.log and mail.info
files created in /var/log on the Pi?
It's not inherently Pi-specific.
The root cause is some wise-guy upstream package maintainer who has
(mis?)configured (r)syslog to output multiple log files for
Jason Long wrote:
Thank you.
Can you tell me how can I setup my Postfix server with A record
You just add an A record with a suitable name for your server. There's
nothing Postfix-specific about this.
Or how can I change the DNS server two support two MX records?
I'm not aware of any
Bob Proulx wrote:
The problem is *other* sites. I am starting to get a trickle of
complaints from people who are not receiving password reset emails.
And the problem seems to be other sites that are requiring that
senders have MX records, and the rest of the associated incoming mail
server set
Bob Proulx wrote:
No matter what you do on your end there is no way to guarentee that
the large mailbox providers will accept the forwarded messages.
FTFY. :(
Because at any point in time any of those users might click "Spam" on
the message. And there is no way you can prevent this. It's
Xavier Belanger wrote:
Hi,
Leonardo Rodrigues wrote:
You nailed it, Viktor and Xavier, it was the default system-wide
setup on the CentOS 8 OS from file
/usr/share/crypto-policies/DEFAULT/opensslcnf.txt
setting MinProtocol to TLSv1 there did the trick.
Thank you guys!
micah anderson wrote:
Allen Coates writes:
The web page https://www.abuseat.org/faq.html (about half-way down the page)
has an honest - and fairly recent - appraisal of a number of DNSBLs.
Its a little outdated...
For example:
Invaluement DNSBL
[Note: Commercial] ivmURI and ivmSIP
Bob Proulx wrote:
Jason Bailey wrote:
It is indeed being generated internally. The RCPT TO is there, but
because it lacks a MAIL FROM, we are seeing some email providers
drop the message, presumably because it looks like UCE/spam.
"some email providers"? That makes it sound like you are
side
to get misconfigurations fixed.
IMO this is naive. As Kris Deugau wrote in most cases nobody ever
looks at that noise, your users will just not receive their email.
A common answer to this is that the sender was supposed to get
error message. Since the message might be rejected anywhere
Bill Cole wrote:
Rejecting mail is a far better choice than delivering to a 'spam box'
since most users never bother looking there for anything. Rejections at
least stand some chance of making enough noise on the sender side to get
misconfigurations fixed.
IME exactly the opposite is true,
Kadlecsik József wrote:
Hello,
One of our users reported a rejected email with the error code and message
Remote-MTA: dns; artemis.gat.com
Diagnostic-Code: smtp; 550 Sender IP reverse lookup rejected
We handle several domains with different outgoing smtp settings at
multiple mail gateways:
#
Jan Ceuleers wrote:
On 10/08/2019 23:22, Wietse Venema wrote:
NOTE 1: The access map lookup key must be in canonical form: DO
NOT SPECIFY UNNECESSARY NULL CHARACTERS, and do not enclose net-
work address information with "[]" characters.
Emphasis
Viktor Dukhovni wrote:
Google and Microsoft deliver outbound mail for hundreds
of thousands of domains from a common pool of outbound
names. Nobody seems to mind.
Some of us do mind, but there's really nothing we can do about it
because any spam-control measures we might try would block far
On Thu, May 30, 2019 12:52 am, Benny Pedersen wrote:
li...@sbt.net.au skrev den 2019-05-29 06:09:
change /var/run to /var/tmp
if you reboot with your config you will loose data
/var/tmp must not be cleaned after boots, /tmp will be cleaned on boot
/tmp and /var/tmp may be emptied at any
@lbutlr wrote:
I've had the following in my fqrdns.pcre checks for quite awhile:
/^ec2(-[12]?[0-9]{1,2}){4}\.compute-[0-9]\.amazonaws\.com$/ REJECT Generic -
Please relay via ISP (amazonaws.com)
And I have noticed that I frequently get a series of 50 or more connection
attempts from some
Nick Howitt wrote:
OK. Let's assume I don't have an MX Backup. Then all 30k+ attempted spam
deliveries would have come straight to me. They would all have failed,
initially because of unknown recipient, then, when I added them to the
access list, because of an denied sender. What is the most
Poliman - Serwis wrote:
Hello. I have used G Suite MX checker available here
https://toolbox.googleapps.com/apps/checkmx/
This seems to be a Google-specific tester for domains hosted with
Google, so it's difficult to compare with random other domains.
and I have message: "The
address of
Laura Smith wrote:
Honestly, you are most likely wasting your time on that point because all that you are
likely to get back is a page of waffle saying "blah blah blah ... security
reasons... blah blah blah"
I know this because a sysadmin ex-colleague was having problems creating accounts
Dominic Raferd wrote:
Is there a method (regex?) for reliably identifying dynamic ip
addresses?
Short answer: No.
If you really insist on going down that rabbit hole, look up the
RDNS_DYNAMIC rule from Apache SpamAssassin. It's an aggregation of 25
provider-specific probably-dynamic rDNS
Dominic Raferd wrote:
Otherwise, the formatting of your DKIM record in DNS seems weird (try:
dig +short 201605sfinacom._domainkey.sfina.com TXT); even if technically
valid the intermediate quotes may be influencing 'SmartScreen'.
Strictly speaking that result does not in fact contain quotes
Viktor Dukhovni wrote:
There are two prerequisites for DANE verification to happen:
1. Your DNS resolver in /etc/resolv.conf needs to be a *validating*
DNS resolver and for any meaningful security must be either on
the loopback interface or reachable via a securely keyed IPsec
@lbutlr wrote:
Is there anything more you could do? Not really. If you really want the log
lines to go away you could put in a DENY in your hosts table, but if you do
that you're going to be doing it A LOT.
*nod* If there's only one persistent host, it may be worth blocking at
some higher
robg...@nospammail.net wrote:
I have a milter set up to REJECT on some body content.
It works like it should and REJECTS with the message
Jul 25 14:41:13 mariner postfix/handoff/smtpd[56542]: proxy-reject: END-OF-MESSAGE: 554
5.7.1 id=12969-07 - Rejected by next-hop MTA on relaying,
Wietse Venema wrote:
Below are the SMTP commands/responses, and the test-milter output
showing that the second "DATA" event is reported with the correct
queue ID.
OK, thanks! I'll take it up further with the milter authors.
-kgd
Wietse Venema wrote:
Kris Deugau:
I came across a bit of an information-passing glitch on a system that
uses a milter (MIMEDefang) to glue together complex filter policies.
MIMEDefang is configured to log sender, first recipient, Message-ID (if
any), and the queue ID, along with some filter
I came across a bit of an information-passing glitch on a system that
uses a milter (MIMEDefang) to glue together complex filter policies.
MIMEDefang is configured to log sender, first recipient, Message-ID (if
any), and the queue ID, along with some filter result data, for each
message.
Maurizio Caloro wrote:
If sending any Mail to GMX or WEB.de, i have here this error, Please view
Mail.log
last two lines. i undestond that GMX will check the Resolver-Name, "dynamic IP
Ranges"
Yes true i'am running now with dynamic IP Address "DSL Connection" but also
running
a service like
Noel Jones wrote:
> On 11/9/2016 8:58 AM, Kris Deugau wrote:
>> I'm in the process of migrating my personal domain to a new server, and
>> in the process I'm switching from sendmail to Postfix.
>>
>> One feature I haven't been able to quite figure out is part of
&
I'm in the process of migrating my personal domain to a new server, and
in the process I'm switching from sendmail to Postfix.
One feature I haven't been able to quite figure out is part of
sendmail's "virtusertable" - *most* of this is equivalent to
virtual_alias_maps, but it also allows you to
Chip wrote:
> My mistake NOT "bounces-to" rather "return-path"
Return-path is a header added by the receiving MTA (usually on final
delivery) that contains the envelope sender (MAIL FROM) used by the
sending system.
> as in the following
> snippet of campaign emails from Home Depot, Martha
li...@lazygranch.com wrote:
>
> Peter wrote:
> > As a relatively simple example, I use amavisd-new and Spamassassin to
> > flag mail with a spam header. Then Dovecot LMTP with sieve looks for
> > this header and if it is present it delivers to the user's "Spam" folder.
>
> Well this is
James B. Byrne wrote:
> 3. If there is nothing that involves Postfix then something like what
> you propose must be the case. Or someone has gone to some lengths to
> scan for these addresses using our domain name as a search term.
Every now and then I have seen indications in the mail logs of
Sebastian Nielsen wrote:
> Another way, that is the preferred RFC way to do it, is to encapsulate the
> mail in a new message/rfc822 container, and adding Fwd: to the original
> subject of the outside container.
> (This is how most mail clients "forward" a message)
I can't speak to most of the
joh...@fastmail.com wrote:
> I'm now at the phase of looking into Anti-Virus and Anti-Spam. Looks like
> ClamAV and Spamassassin are the main options here.
You'll probably want to look into third-party signatures for ClamAV;
its detection rate is a bit low otherwise IME.
> Both of those
Jithesh AP wrote:
This does not work - telnet ml.w8timez.com 465
This works - openssl s_client -connect ml.w8timez.com:465
Unless you've redefined the behaviour, this is exactly correct; port
465 expects an SSL handshake before any other traffic. Plain telnet
won't do you much good unless
Richard Damon wrote:
Minor nit, SPAM filters really don't determine compliance to the
standards, they determine the likelihood of a message being
undesirable. If being 100% compliant to the RFCs made a message immune
to being detected as spam, then there would suddenly be a LOT of 100%
motty cruz wrote:
Hello, recently I am getting loads of spam, more than usual. I have the
following RBLs.
reject_rbl_client b.barracudacentral.org
http://b.barracudacentral.org,
reject_rbl_client zen.spamhaus.org http://zen.spamhaus.org,
reject_rbl_client bl.spamcop.net
Mauricio Tavares wrote:
On Wed, Apr 16, 2014 at 8:40 AM, Joy pj.netfil...@gmail.com wrote:
Dear Expert,
I have configured my postfix to lookup against LDAP
server which hosts multiple domain all working fine but in case any domain
moves from my mail server to another
pgala wrote:
Hi,
I want edit default bounced message witch is bounced by Mail Delivered
System. I edit and configure bounce.cf but to my text automatically is
adding smtp transcritpion. Below example:
My text.
us...@test.com: host 127.0.0.1[127.0.0.1] said: 553 5.7.1
us...@test.com:
jeffrey j donovan wrote:
Greetings,
Can someone explain this error to me, I have never seen this one before. I
tested my spf records and they seem fine.
someu...@ncem-pa.org: host mail.ncem-pa.org[204.186.202.37] said: 554
5.7.1 someu...@ncem-pa.org: Recipient address rejected:
E.B. wrote:
Hello,
My understanding was clients for whom you see this in the logs:
connect from unknown[1.2.3.4]
Do not have a PTR/rDNS set up for themselves.
For Postfix to include the rDNS in the log and Received: header, the PTR
name must then resolve back to that same IP as well.
HL wrote:
On 13/11/2013 12:52 μμ, Paul C wrote:
From what I see from the spam scoring, you have a -100 from the domain
being whitelisted,
But there seem to be a zillion mail servers out there that do not comply
with the RFC,
most of the times DNS and Reverse DNS and IP ADDRESSES and HELO
azurIt wrote:
I don't believe in rejecting e-mails based on spam checks - there are and
always be false positives. I will rather accept 100 spams than reject single
legitimate e-mail message.
Spam volume these days is such that accepting, processing, and storing
**all** mail is becoming
Mark Goodge wrote:
It might help if you explained why you want to do this. What particular
problem is being caused by your internal users getting an error message
instead of a bounce?
Some idiot mail clients (*cough*ManyversionsofOutlook*cough*) don't
actually display the SMTP error response
Craig R. Skinner wrote:
No Apache, PHP or webmail. HTTP was designed to transfer hyperlinked
text files, not do dynmaic stuff with root access to the whole box.
Beware!
IMAP (Thunderbird, Elm, KMail) is the way to go.
grarpamp wrote:
I've done - (qmail) to + (postfix) hurriedly in the past to avoid a
meta issue. Other users migration or dual uses aside, with that
one I wanted to but did not have benefit to research whether
+ or - had better merits. Such as which is in more common use now,
which is trending
Jerry wrote:
Personally, I have no idea why anyone uses procmail. For relatively
fine grain sorting of mail upon delivery, I use Dovecot and Sieve. From
what I can ascertain, procmail hasn't even been maintained in over a
decade.
Sieve can't call outside programs (eg SpamAssassin) by design.
Reindl Harald wrote:
Am 14.03.2013 17:07, schrieb Kris Deugau:
Sieve can't call outside programs (eg SpamAssassin) by design. IMO the
inability to call any external filtering programs (even from a
restricted whitelist) makes overall mail filtering significantly harder
By harder I mean
Reindl Harald wrote:
sieve is your friend for this crap :-)
That class of filtering gets **really** tiresome to maintain though. :/
Personally, I've found that running SpamAssassin with a threshold of 8
instead of 5 works quite well; legitimate abuse reports (even with
complete attached
Ben Rosengart wrote:
What is the best Perl interface for milters? I found several:
Sendmail::Milter is way old, and demands -Dusethreads -- my perl is
built with -Duseithreads.
Sendmail::Pmilter is recent, but lacks a maintainer. No traffic on
its mailing list since 2009.
Stan Hoeppner wrote:
On 3/12/2012 2:28 AM, Michael Maymann wrote:
Hi,
Stan: My question is not how I setup the solution, but how I *BEST* (best
practice) setup the loadshared/failover postfix solution I described
earlier.
I dunno if there is a BCP covering smtp submission/relay server load
David Southwell wrote:
But still got the following errors when the lines in main.cf were unchecked:
[snip]
Nov 4 07:37:50 dns1 postfix/smtpd[26676]: warning: connect to
private/policyd-spf: Connection refused
You need to find out why your policy server isn't responding to Postfix.
Since
Daniele Nicolodi wrote:
Hello Kris, thank you for your comments.
On 18/10/11 17:03, Kris Deugau wrote:
Since you're happy to deliver the spam somewhere, rather than trying to
reject it during the SMTP conversation, you're probably best off calling
spamc early in your local-delivery rules
Daniele Nicolodi wrote:
Hello,
on the web there are several recipes to integrate Spamassassin with
Postfix, but no one seems to me to be the definitive recipe. I think
that this configuration is quite common (for low volume smtp servers)
and would deserve a small space in Postfix official
Jeetu wrote:
im trying to use mimedefang milter to append footer based on
Authenticated sender address
MIMEDefang provides all sorts of useful info from the MTA in various
global variables.
The one you're looking for is $SendmailMacros{auth_authen}, and should
be available without any
Murray S. Kucherawy wrote:
X-Originating-IP: isn't standard, so I'm not surprised postfix isn't adding it
by default. And I wouldn't trust it anyway; how do you know it contains a true
value?
Not to mention, at least in my experience it's the IP that introduced
the message to the Internet
Stan Hoeppner wrote:
Jerry put forth on 4/11/2011 4:39 PM:
Stan Hoeppners...@hardwarefreak.com articulated:
Why bother with this complex greylisting setup? Simply hammer the big
blocks with a CIDR entry and whitelist individual IPs in the range
from which you need legit mail. If such IPs
Gary Smith wrote:
Anyway, the question is, how does the community as a whole deal with
big ISP's losing email? It seems that some companies (like ATT) seem
to have less and less access to tools necessary for communicating with
them on things like this. Is there any know lists of
Jerrale G wrote:
sorry for not including. Centos automatically puts 127.0.0.1 as
$hostname in /etc/hosts.
could you not fix /etc/hosts? (So far as I'm concerned, the only
hostname legitimately associated with 127.0.0.1 is localhost. Anything
else is broken by definition. Others may
Benny Pedersen wrote:
someone else wrote:
Yes, it's spamhaus but due to the amount of trafic we have our own
server
(data feed).
make it a forward zone in bind so zone name is still same, that way no
magic configs does not use local rbldnsd
Spamhaus actually recommends a non-public local
Stan Hoeppner wrote:
ahmad riza h nst put forth on 11/8/2010 3:05 AM:
our hardware is hp dl180 g6 (a xeon quad core + raid 1 + 4G ram)
Ok, that answers one of my previous questions. This system isn't nearly
strong enough for thousands of users.
IBTD.
I had PII/450 with ~768M of RAM, and a
Stan Hoeppner wrote:
For example: http://www.spamhaus.org/datafeed/
The Spamhaus DNSBL Datafeed is a service for users with professional
DNSBL query requirements, such as corporate networks and ISPs. It offers
both a Query service and an Rsync service (you can choose).
The paid Query service
James wrote:
I have my own domain (on a dynamic IP) and run my own mail server but I
use relay host to send mail through my ISP.
I recently got this bounce:
(reason: 554 Service unavailable; Client host
[my_isp's_mail_server_host_name] blocked using Barracuda Reputation;
mouss wrote:
Victor Duchovni a écrit :
On Thu, Jun 24, 2010 at 12:20:23AM +0200, mouss wrote:
This mail is coming from postini. if you use postini, there's nothing
you can do with the envelope (and even if you do content filtering, you
shouldn't reject mail. it's too late).
Postini implement
Victor Duchovni wrote:
On Tue, May 25, 2010 at 09:09:09AM -0400, Phil Howard wrote:
On Mon, May 24, 2010 at 18:14, mouss mo...@ml.netoyen.net wrote:
As far as I know, it was never standardised.
Good enough reason for me to not use it.
This is the de-facto standard port for the service.
Danny wrote:
HI ,
I am well aware that postfix plays no part in the process I describe below,
... but then you say:
I
merely wanted to know if the mailbox_command would play a part in it.
?
mailbox_command is a Postfix *configuration directive*, not a binary,
script, or other
75 matches
Mail list logo