[pfx] Re: some questions about controlling postfix and meaning of data
19 ene 2024 1:44:02 Don Cohen via Postfix-users : > I see in maillog something like this: > > Jan 17 22:22:50 isis-20240117-1030 sendmail[120557]: 40HMMokm120557: to=don, > ctladdr=opc (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, > pri=30107, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, reply=554- , > stat=Service unavailable The above, > vs the old: > > Jan 19 00:20:10 losangelesyouthorchestra postfix/pickup[18701]: 988894075B: > uid=0 from= Plus this above line > > Also, can someone tell me that the (8.16.1/8.16.1/Submit) is all about? And, over all this last one... Makes me think you have managed to install sendmail 8.16.1 alongside postfix in you new system. -- Victoriano Giralt Sent from a hand held device signature.asc Description: PGP signature ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Troubleshooting mail loop issue
16 ago 2023 6:50:27 Bill Cole via Postfix-users : > "Should" they? Of course. They didn't. Whatever is broken in this case is > broken inside Microsoft. As usual... ;-) My excuses for the noise, but I couldn't resist :-D -- Victoriano Giralt Sent from a hand held device signature.asc Description: PGP signature ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Njal.la
On mar, 2023-05-02 at 07:14 -0400, pripercat--- via Postfix-users wrote: > Thanks, but it still doesn't work for me with those parameters. The > relayhost value is an email server of my hosting. And I don't have > that information. Then, your hosting has to provide you with the username and password information for their systems. > The njal.la admin refers me to this forum. :( This forum can help you with setting up Postfix but we cannot help you with finding out settings that your email provider needs to give you. Do you have an account with them (njal.la)? Most probaly that's the one you have to use in your postfix configuration with mx.njal.la on port 587. But this may be absolutely wrong ... > Cheers ¡ Cheers! -- Victoriano Giralt Innovation Director Digital Transformation Vicerectorate University of Malaga +34952131415 SPAIN == Note: signature.asc is the electronic signature of present message A: Yes. > Q: Are you sure ? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email ? signature.asc Description: This is a digitally signed message part ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Postfix is not using a specified interface
On mar, 2023-05-02 at 11:18 +0200, Kolusion K via Postfix-users wrote: > Hello hi, > I have specified Postfix to use a certain interface in 'main.cf': > > inet_interfaces = 192.168.2.2 > > > http://www.postfix.org/postconf.5.html#inet_interfaces > > The problem is, Postfix is not using this interface and is instead > using another interface to send e-mail. > > Is this a bug? No, it is that you *MUST* (RFC2119) do a thorough read of the documentation. Read just bellow what you have linked above and understand the effects of "intet_protocols = all" that you have also set in your main.cf email is a complex beast that requires good understanding of all the layers in the ISO networking stack and a whole bunch of Internet protocols. Reading The Book of Postfix by Ralf Hildebrandt and Patrick Koetter from cover to cover is an exercise I strongly recommend. Regards, ... -- Victoriano Giralt Innovation Director Digital Transformation Vicerectorate University of Malaga +34952131415 SPAIN == Note: signature.asc is the electronic signature of present message A: Yes. > Q: Are you sure ? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email ? signature.asc Description: This is a digitally signed message part ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: E-mail delivery problem
Good day, On mar, 2023-05-02 at 09:19 +0200, Kolusion K via Postfix-users wrote: > > Postfix seems to be unable to send e-mail to IPv4 addresses, but it > can send e-mail to IPv6 addresses. So, your machine running Postfix *has* a global IPv6 address. > This is odd because Postfix is configured to use an IPv4 interface > only, Wrong! The las line in your attachment (very uncomfortable way for sharing information that need quoting), states: inet_protocols = all You need to have a thorugh read of Postfix documentation. > and its even more odd that the interface is a PPTP VPN tunnel which > PPTP doesn't even support IPv6! You are reaching the IPv6 host *directly*. Many ISPs are now offering IPv6 because of the IPv4 exhaustion and all the problems associated with Carrier Grade NAT. > Here is an extract of my mail log, demonstrating what I mean: > > Apr 12 23:05:39 generalpurpose postfix/smtpd[3557]: warning: hostname > generalpurpose does not resolve to address 192.168.2.2 > Apr 12 23:05:39 generalpurpose postfix/smtpd[3557]: connect from > unknown[192.168.2.2] > Apr 12 23:05:39 generalpurpose postfix/smtpd[3557]: 2616D80098: > client=unknown[192.168.2.2] > Apr 12 23:05:39 generalpurpose postfix/cleanup[3568]: 2616D80098: > message-id=<13a7d177-u778-3a84-3egd-19283c859...@example.com> > Apr 12 23:05:39 generalpurpose postfix/qmgr[2241]: 2616D80098: > from=, size=1966, nrcpt=1 (queue active) > Apr 12 23:05:39 generalpurpose postfix/smtpd[3557]: disconnect from > unknown[192.168.2.2] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 > commands=7 > Apr 12 23:06:16 generalpurpose postfix/smtp[3569]: connect to > pechora1.icann.org[192.0.33.71]:25: Connection timed out > Apr 12 23:06:42 generalpurpose postfix/smtp[3569]: 2616D80098: > to=, > relay=pechora3.icann.org[2620:0:2830:201::1:73]:25, delay=64, > delays=0.04/0.04/62/1.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued > as 0463C7002623) > Apr 12 23:06:42 generalpurpose postfix/qmgr[2241]: 2616D80098: > removed This is clear proof that your exit route over IPv4 has port 25 blocked, at leas to pechora1.icann.org[192.0.33.71] > I have also attached my 'main.cf' configuration file. Why don't you simply cut and paste the text, like you have done with the log, reducing the time others have to spend helping you? Just show/check the output of "ip a" if you are on Linux, please, you will be surprised. Have a good day. -- Victoriano Giralt Innovation Director Digital Transformation Vicerectorate University of Malaga +34952131415 SPAIN == Note: signature.asc is the electronic signature of present message A: Yes. > Q: Are you sure ? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email ? signature.asc Description: This is a digitally signed message part ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
Re: LDAP mail for external users
On lun, 2022-10-10 at 13:41 +0200, Tan Mientras wrote: > no one? Your question is too vague, you do not provide any configuration information for your Postix installation, forwarding is very broken nowadays, ... Have you read https://www.postfix.org/DEBUG_README.html? paying attention to the section at the bottom entitled "Reporting problems to postfix-users@postfix.org"? > On Fri, Oct 7, 2022 at 9:08 AM Tan Mientras > wrote: > > Hi > > > > Our LDAP has mail field set to user email address eg: > > "user...@ourdomain.com". > > Some LDAP users are "external" to our organization, so we want to > > setup email to "user...@gmail.com" > > > > However, due our configuration mails sent from ourdomain go to user > > maildir instead of forwarding them "externally" > > How could we configure postfix to enroute them out? -- Victoriano Giralt Innovation Director Digital Transformation Vicerectorate University of Malaga +34952131415 SPAIN == Note: signature.asc is the electronic signature of present message A: Yes. > Q: Are you sure ? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email ? signature.asc Description: This is a digitally signed message part
Re: The historical roots of our computer terms
El sáb, 06-06-2020 a las 13:43 -0500, Larry Stone escribió: > Code changes introduce risk (as I no doubt don’t need to tell Wietse). > I’m reminded from my days many, many years ago using VAX/VMS systems. In > looking at the files that made up that operating system, I noticed a file > name that seemed out of place (STARLET, IIRC) and didn’t fit the rest of > the apparent naming scheme. I would eventually find out it was the pre- > release “working name” of what would become VMS but by the time DEC > settled on the VMS name, the old name was too embedded in the code to > risk trying to change all the code. I’ve been away from VMS for 25 years > or so but it wouldn’t surprise me if that old name still lives on in the > current version. Just to bring you back in time :-) From a live four node Itanium cluster just now ;-) CUMA2I$ show system OpenVMS V8.3-1H1 on node CUMA2I7-JUN-2020 00:35:10.29 Uptime 11 12:35:30 CUMA2I$ dir sys$sysroot:[00...]starlet* Directory SYS$SYSROOT:[00.SYSCOMMON.SYSLIB] STARLET.INCLUDE;1 STARLET.MLB;1 STARLET.OLB;1 STARLET.R64;1 STARLET.REQ;1 STARLETPAS.TLB;1STARLETSD.TLB;1 STARLET_RECENT_ ADA_SUBSET.TLB;1 Total of 8 files. Directory SYS$COMMON:[00.SYSLIB] STARLET.INCLUDE;1 STARLET.MLB;1 STARLET.OLB;1 STARLET.R64;1 STARLET.REQ;1 STARLETPAS.TLB;1STARLETSD.TLB;1 STARLET_RECENT_ ADA_SUBSET.TLB;1 Total of 8 files. Grand total of 2 directories, 16 files. -- Victoriano Giralt Innovation Director Digital Transformation Vicerectorate University of Malaga +34952131415 SPAIN == Note: signature.asc is the electronic signature of present message A: Yes. > Q: Are you sure ? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email ? signature.asc Description: This is a digitally signed message part
Re: [OT] looking for a good mobile MUA
El dom, 29-03-2020 a las 11:15 +0900, 황병희 escribió: > Robert Schetterer writes: > > > ... > > https://alternativeto.net/software/k-9/?platform=iphone > > +1, k-9 was/is good for me(android user) ;;; I was a K-9 user and promoter since a do not remember when ... but I recently found a fork through F-Droid (the Android Opensource App repository) that, to me, is much more powerful, so much that I have supported the author buying the (not really needed) for-pay extras. It is called FairEmail, really powerful MUA (not as much as a desktop one) but almost there. For example, it needs a bit better "classical" reply editing (see this message), but it is bearable. And it can use both PGP and X.509 for signing and encrypting. https://github.com/M66B/FairEmail/blob/master/FAQ.md -- Victoriano Giralt Innovation Director Digital Transformation Vicerectorate University of Malaga +34952131415 SPAIN == Note: signature.asc is the electronic signature of present message A: Yes. > Q: Are you sure ? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email ? signature.asc Description: This is a digitally signed message part
Re: unable to send email to hotmail.com domain
On 26/10/17 13:14, Dominic Raferd wrote: > On 26 Oct 2017 6:34 am, "Poliman - Serwis" <ser...@poliman.pl >> I know that MS has own black list but why they block me. Domain >> which I use to send confirmation links is clear (checked in), ip >> address of my server also is clear. >> > > You could use a mail relaying service such as Sendgrid. Have a transport > file set to relay only emails to Microsoft domains through this service. And accept extortion for doing something that has an IETF sanctioned protocol that is not working because of the wrongdoings a a monopolistic entity. -- Victoriano Giralt CIO University of Malaga +34952131415 SPAIN == Note: signature.asc is the electronic signature of present message A: Yes. > Q: Are you sure ? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email ? signature.asc Description: OpenPGP digital signature
Re: Prevention of sending authentication via plaintext on port 25.
El 03/12/16 a las 17:25, rich.gre...@hushmail.com escribió: > So I'm somewhat confused how to prevent/discourage users from sending > their authentication detail in the clear when there are secure methods > that exist (such as, $ openssl s_client -starttls smtp -connect > example.com:587) We would be much better equipped to help you if you shared the output of your postconf -n and, maybe, master.cf so we can see what your actual configuration looks like and tell you what you have to change to achieve what you need. -- Victoriano Giralt CIO University of Malaga +34952131415 SPAIN == Note: signature.asc is the electronic signature of present message A: Yes. > Q: Are you sure ? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email ? signature.asc Description: OpenPGP digital signature
Re: Goodbye IBM, Hello Google
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 24 March 2015 21:00:01 CET, wie...@porcupine.org wrote: After 18 years, including the best of my career, I decided that it was time to move on. I'll be working on security at Google NY. Congratulations, you will for sure bring some good things. Needless to say, I will continue to support Postfix. Big relief ;-) Thanks from a happy customer, me using your products since 1993. - -- Victoriano Giralt Enviado desde el movil / Sent from mobile -BEGIN PGP SIGNATURE- Version: APG v1.1.1 iG0EAREKAC0FAlUSWeEmHFZpY3Rvcmlhbm8gR2lyYWx0IDx2aWN0b3JpYW5vQHVt YS5lcz4ACgkQV6+mDjj1PTjHjACfZ6kne2RViIkyX2J68nCzmg/smycAoI4HO9Sh YO+H/UTRFPCHsgVbVedr =J8cp -END PGP SIGNATURE-
Re: Lots of Post Fix Issues
On 08/12/2014 08:08 AM, hagensieker wrote: Terribly confused at this point? Yes. I recommend that you get the excellent The Postfix book[1] by Ralf and Patrick before getting in the world of e-mail and Postfix. Once you read it cover to cover and understand the concepts, everything will become crystal clear to you. [1]http://www.postfix-book.com/ -- Victoriano Giralt Central ICT Services Systems Manager University of Malaga +34952131415 SPAIN == Note: signature.asc is the electronic signature of present message A: Yes. Q: Are you sure ? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email ? signature.asc Description: OpenPGP digital signature
Asking about heartbleed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'd like to 'hear' Wietse's and Victor's opinion on how could this nasty bug affect a TLS service like submission? I suppose that the answer would very well be that it depends on the availability of exploits, but ... Thanks for your time and support. - -- Victoriano Giralt Enviado desde el movil / Sent from mobile -BEGIN PGP SIGNATURE- Version: APG v1.0.9 iG0EAREIAC0FAlNFwZkmHFZpY3Rvcmlhbm8gR2lyYWx0IDx2aWN0b3JpYW5vQHVt YS5lcz4ACgkQV6+mDjj1PTisKgCgosBlf1jfoR0h5obHzmG2XHnEcVEAn1Igfm3B jlGI4MVR6DT2zVJKA79Q =c3UM -END PGP SIGNATURE-
Re: Asking about heartbleed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thanks! Victor Very much appreciated. - -- Victoriano Giralt Enviado desde el movil / Sent from mobile -BEGIN PGP SIGNATURE- Version: APG v1.0.9 iG0EAREIAC0FAlNF0pMmHFZpY3Rvcmlhbm8gR2lyYWx0IDx2aWN0b3JpYW5vQHVt YS5lcz4ACgkQV6+mDjj1PTgZTwCgiq2fc1ngTnGn8a+v8yqRW/WNjQYAn3SqLlE/ f2BCFcdHHmawKrZO3fwn =gM1y -END PGP SIGNATURE-
Re: OT: Spanish technical terms
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 21/6/12 0:59, Noel Jones wrote: Anybody know a reliable online resource for English/Spanish technical terms? The Spanglish mailing list (spangl...@uma.es)[1] is dedicated to English/Spanish technical translations and it has many knowledgeable people in the roster. [1] http://delfos.sci.uma.es/mailman/listinfo/spanglish - -- Victoriano Giralt Central ICT Services Systems ManagerUniversity of Malaga +34952131415 SPAIN === A: Yes. Q: Are you sure ? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFP4mVrV6+mDjj1PTgRA9DDAKDAuKtJRnQ3i5aD9FLVrfFOLMox4QCfRhyA EKpbCu7ecWeTzD61WlynQT4= =17vx -END PGP SIGNATURE-
Re: New default settings for submission service?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ulrich Zehl ulrich-post...@topfen.net wrote: For basic testing, I tend to use gnutls-cli --starttls, where it starts a plain text session, and only begins TLS negotiation when you send it EOF (or SIGALRM, but ^D has always been easy enough for me). As far as I know, it has no other special characters that trigger potentially unwanted behavior. And I have found that gnutls-climate is better for testing IPv6 servers. - -- Victoriano Giralt Enviado desde el movil / Sent from mobile -BEGIN PGP SIGNATURE- Version: APG v1.0.8 iHQEAREIADQFAk9huPktHFZpY3Rvcmlhbm8gR2lyYWx0IDx2aWN0b3JpYW5vLmdp cmFsdEB1bWEuZXM+AAoJEFevpg449T04uNUAn1vlWgE3OLVF0d755Rum5DHg6a0w AJ9C55okVQk5vI2opBiLGAy9O21uUA== =7oI7 -END PGP SIGNATURE-
Re: New default settings for submission service?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Victoriano Giralt victori...@uma.es wrote: And I have found that gnutls-climate is better for testing IPv6 servers. Stupid autocorrection, I meant gnutls-cli - -- Victoriano Giralt Enviado desde el movil / Sent from mobile -BEGIN PGP SIGNATURE- Version: APG v1.0.8 iHQEAREIADQFAk9hugAtHFZpY3Rvcmlhbm8gR2lyYWx0IDx2aWN0b3JpYW5vLmdp cmFsdEB1bWEuZXM+AAoJEFevpg449T04aH0An32MOaIsyfClhOpL+HOKtkm8cWVI AJ9zVuUrhd2ZFaJwi4+enKca4rZzaA== =HGcy -END PGP SIGNATURE-
OT Re: New default settings for submission service?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 SamLT s...@sltosis.org wrote: Sorry for the OT, but does s_client even works with IPv6? I've never found how? In my experience, limited to bare IPv6 addresses, it does not. - -- Victoriano Giralt Enviado desde el movil / Sent from mobile -BEGIN PGP SIGNATURE- Version: APG v1.0.8 iHQEAREIADQFAk9h50ItHFZpY3Rvcmlhbm8gR2lyYWx0IDx2aWN0b3JpYW5vLmdp cmFsdEB1bWEuZXM+AAoJEFevpg449T04+uYAoIlzptZ6j3D6WUTvOtJ02oByrrxq AJ4vxEAt34q5txTSMikvyv9zBbroWQ== =yFTS -END PGP SIGNATURE-
Re: New default settings for submission service?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 DTNX/NGMX Postmaster postmas...@dtnx.net wrote: I don't know about Android, but we have not seen any issues with the iPhone/iPad. Works fine with TLS 'encrypt' in our setups, as suggested above. In my experience, both the manufacturer provided and added mail clients I have tryed in Android have had no issues with TLS. - -- Victoriano Giralt Enviado desde el movil / Sent from mobile -BEGIN PGP SIGNATURE- Version: APG v1.0.8 iHQEAREIADQFAk9h6DAtHFZpY3Rvcmlhbm8gR2lyYWx0IDx2aWN0b3JpYW5vLmdp cmFsdEB1bWEuZXM+AAoJEFevpg449T04YjsAn1GSr8WPGOJlUZKrYBb0ybf5UAe5 AJsHYhU2z7vBycfR2uq/mOZ+/lo+dQ== =L+yZ -END PGP SIGNATURE-
Re: Header Checks question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/12/2012 09:26 AM, Ralf Hildebrandt wrote: Improve the header checks e.g. by requiring a word boundary- Although I agree, as encoded headers are becoming common place nowadays, decoding would be a nice enhancement to the header checking code. Question is, will the decoding libraries increase the attack surface? Is it worth? - -- Victoriano Giralt Central ICT Services Systems ManagerUniversity of Malaga +34952131415 SPAIN === A: Yes. Q: Are you sure ? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFPXbZqV6+mDjj1PTgRAiaEAJ92hiO29t3hPxDTHaECcmA7Cj1WNwCgis/y o1JygX1cbKKgz1IqK5TN43c= =z8i3 -END PGP SIGNATURE-
Re: move from mbox to Maildir?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stan Hoeppner wrote: | The solution to your problem is probably as simple as switching Postfix | to use dovecot-lda. This is very true. | Instructions for Dovecot 2.x are here: | http://wiki2.dovecot.org/LDA/Postfix I've found that, with Dovecot 2.x, it is even better using LMTP, as described on the bottom of this page. I'm very happy with the machines I have migrated to Dovecot 2. Which does not mean that I'm not happy with the ones I have still running 1.x | Another benefit of using dovecot-lda is access to the sieve plugin: | http://wiki.dovecot.org/LDA/Sieve | http://wiki2.dovecot.org/Pigeonhole?action=showredirect=LDA%2FSieve | | This enables mail sorting/filtering during delivery. Since this sorting | is done by Dovecot at delivery time, it negates the need for MUA side | rules, and thus cuts down on server load. Which is also great. But, anyhow, I've used version of mb2md[1], modified by my colleagues from the University of Cordoba (Spain) with great success in several installations. There is also a wrapper script that eases the transition, but it has no license attached so, as I know they are also around this list, I'll let them decide what to do with their code. mb2md is capable of doing the task at hand by itself with some SysAdmin intelligence, and it has a license that puts it in the public domain. [1] http://vgg.sci.uma.es/mb2md-3.20-UCO.pl - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN - - A: Yes. | Q: Are you sure ? | A: Because it reverses the logical flow of conversation. | Q: Why is top posting annoying in email ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFOtPXEV6+mDjj1PTgRAukGAJ0fJI6Xs9rvM2s/FgQeyXWiIGrfyQCgyEJb keqEUosTaU9Q9R/wrkqfn0k= =j4t7 -END PGP SIGNATURE-
Re: Mailing list application
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Selcuk Yazar wrote: | Hi Hi Selcuk | i want to install majordomo(or alternative) maillist manager on this | configuration , how can i do that. We have old majordomo lists can we | integrate list on this structure. (When we ad new Ldap mail account we | want this account subscribe automaticall specesific maillist.) I think that the final phrase in parenthesis is key to recommend you investigate Sympa (www.sympa.org), it deals really nicely with LDAP based queries to add subscribers to lists, and eve to mix self subscriptions with automatic ones in the same mailing list. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN - - A: Yes. | Q: Are you sure ? | A: Because it reverses the logical flow of conversation. | Q: Why is top posting annoying in email ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFOUTokV6+mDjj1PTgRAu5IAJ9EmGK7s/jga959TWbDy6HBxH/KygCgq+M8 o8VQxsVZKqxxjTeRRmvZcig= =8fUG -END PGP SIGNATURE-
Re: Large ISP which use Postfix
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | On 14/07/11 9:58 PM, Peter Tselios wrote: | Hallo, | I need to prepare a presentation for my company because we plan | to deploy a new mail system. I need to know the names of some medium | to large ISPs that uses Postfix as their SMTP server. Do you know | where I can find that information? Does a university with @100k mailboxes qualify as medium size? If so, we do run Postfix (several instances of it) as SMTP server. And I know of several similar sized others in Spain that also do. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN - - A: Yes. | Q: Are you sure ? | A: Because it reverses the logical flow of conversation. | Q: Why is top posting annoying in email ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFOHw72V6+mDjj1PTgRAhgvAKC6xP5S0k54aZBfOJoxUwqmkdiClQCdE8Bk aFzllPfL4RXmgkDdXKr8VFY= =TPe8 -END PGP SIGNATURE-
Big messages stuck in queue (semi-off topic)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We already know it is not Postix's fault, as the reason lies at the network level, but I'm writing to the list in the hope that someone might have seen this behaviour, as I have been thrashing over Google finding nothing useful. Symptom: Big (1736267 bytes) messages are stuck in the queue with this errors: Apr 13 16:06:04 rusadir postfix/smtp[3026]: 15EA5196117: to=x@x.x, relay=system.domain[ad.dr.es.s]:25, delay=15246, delays=15200/1.2/44/1.1, dsn=4.4.2, status=deferred (lost connection with system.domain[ad.dr.es.s] while sending message body) Analytical signs: Wireshark shows TCP window full several times while Postfix is dutifully trying to send the messages and finally the connection is reset at TCP level. System information: Linux CentOS 5.5 Kernel 2.6.18-238.5.1.el5 Postfix (just in case) mail_version = 2.3.3 plus mandatory postconf -n output, so I can be put to public shame :) address_verify_map = btree:/var/spool/postfix/verify address_verify_relayhost = address_verify_transport_maps = hash:/etc/postfix/address_verify_transport_maps alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = /usr/share/doc/postfix-2.2.3-documentation/html mail_owner = postfix mailbox_size_limit = 104857600 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man masquerade_domains = $mydomain masquerade_exceptions = root, postfix message_size_limit = 104857600 mydestination = $myhostname mydomain = melilla.es mynetworks = 127.0.0.0/8, 172.16.0.0/16, 10.0.0.0/8 newaliases_path = /usr/bin/newaliases.postfix parent_domain_matches_subdomains = queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.3-documentation/readme relay_domains = some.domain sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_client_restrictions = reject_unauth_pipelining check_client_access hash:/etc/postfix/cliacc reject_rbl_client cbl.abuseat.org reject_rbl_client zen.spamhaus.org reject_rbl_client zombie.dnsbl.sorbs.net permit smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks check_client_access hash:/etc/postfix/heloacc reject_non_fqdn_hostname reject_invalid_hostname permit smtpd_recipient_restrictions = reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_pipelining, hash:/etc/postfix/check_rec_address permit_mynetworks, reject_unauth_destination smtpd_sender_restrictions = permit_mynetworks, check_sender_access, hash:/etc/postfix/access, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unauth_pipelining, permit strict_rfc821_envelopes = yes transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 450 unverified_recipient_reject_code = 550 Thanks all - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN - - A: Yes. Q: Are you sure ? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iD8DBQFNpbNyV6+mDjj1PTgRAo0UAKCDtkKIcVB9F5nHyNgyl1dw2pqvgQCfcvAu JmxyI+YX78t7DTGezD1EIzU= =lCVw -END PGP SIGNATURE-
Re: Big messages stuck in queue (semi-off topic)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/04/11 16:40, Kenneth Marshall wrote: This system does not exist. This looks fabricated. Post the actual Sure it does not exist. It is the only part of the log entry that has been purposefully altered to protect information that is considered private and is not relevant to the case, which has been considered accepted practice for a long time. If you so prefer, we can write it as: Apr 13 16:06:04 rusadir postfix/smtp[3026]: 15EA5196117: to=x...@example.com,relay=mta.example.com[10.10.10.10]:25, delay=15246,delays=15200/1.2/44/1.1, dsn=4.4.2, status=deferred (lost connection with mta.example.com[10.10.10.10] while sending message body) Cheers, Vic - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN - - A: Yes. Q: Are you sure ? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iD8DBQFNpbnKV6+mDjj1PTgRAl0YAKCdZBktkmUXJvjnTSQAjEbUK1oCHgCdHzeq 85A6ewncVtNssRt7P2sWpsI= =T9eP -END PGP SIGNATURE-
Re: Big messages stuck in queue (semi-off topic)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/04/11 17:16, Wietse Venema wrote: Victoriano Giralt: Wireshark shows TCP window full several times while Postfix is dutifully trying to send the messages and finally the connection is reset at TCP level. This may be the infamous window scaling problem. See below for workaround. Thank you Wietse. No joy :( I've upgraded to 2.8.2 and set tcp_windowsize following Postfix documentation. I've fully stopped Postfix, verified by a process list, and started again. The symptoms persist :( Anyhow, I'll pass the information on to the networking team in case there have been any recent changes on the routers. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN - - A: Yes. Q: Are you sure ? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iD8DBQFNpdHhV6+mDjj1PTgRAtO4AJ4oDplwOW58CQSPSFefjfSpSd0FcACfVeD3 SOUyEef/1BcW+ta+X7Pt7oQ= =3HAK -END PGP SIGNATURE-
Re: Distribution lists with Postfix
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 13/12/10 15:24, Michael Grimm wrote: Is there maybe an even more simple approach to this using standard postfix functionality? The distribution lists are very static and do not require adjustments very often. You can use a lookup table (hash, sql, ldap ...) that return the list member addresses - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFNBi2zV6+mDjj1PTgRA+MeAKDH7wG5RrupLdWEt2ANRNuTP9ubyACeJqm7 PvHrRAqQkpAedyPycb/A0R0= =9FNN -END PGP SIGNATURE-
Re: robin-robin distribution list
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wietse Venema wrote: | If you must deliver i...@example.com to info1 or info2 etc., then you | need a virtual alias table that replies with a random name. Perhaps | there is such functionality in MySQL. 8-8 | | On the other hand, it sounds like you are trying to solve a different | problem that may have a better solution than random delivery, but | we don't know what that problem is. I totally agree with Wietse that it is difficult to give answers if we do not know the real question, but, you might get some ideas from the ACL policy daemon: http://www.apolicy.org/cgi-bin/moin.cgi, I remember reading about some functionality slightly similar to what you describe in its documentation. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN - - A: Yes. | Q: Are you sure ? | A: Because it reverses the logical flow of conversation. | Q: Why is top posting annoying in email ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFNAhbaV6+mDjj1PTgRAgD1AKCX+A4iwWSWDXcjU9FqtdD2PAU5pQCgp4jm E1lg+SEkcrMKp3dbKZDbauc= =zIks -END PGP SIGNATURE-
Re: [OFF-TOPIC] Does 2.7 RPM Work on RHEL 6?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 mouss wrote: | anyone know that level of difficultly involved from turning SRPM's | into a RPM file I can use / distribute to others? I have the time and | dedication but lack the experience and knowledge. | | | | http://perso.b2b2c.ca/sarrazip/dev/rpm-building-crash-course.html | | http://wiki.centos.org/HowTos/RebuildSRPM and, finally, Simon's SRPMS have almost all information required to build them inside the .spec file. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN - - A: Yes. | Q: Are you sure ? | A: Because it reverses the logical flow of conversation. | Q: Why is top posting annoying in email ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFM3E0gV6+mDjj1PTgRAi09AJ4928tpQ5C/86KSUHqm5cGq5qw/KgCbBDng AirJuHE3lL7gD+Ptr59ZXJs= =d5I5 -END PGP SIGNATURE-
Re: Aggregating/rate-limiting emails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wietse Venema wrote: | Yang Zhang: | Are there any extensions to Postfix that can aggregate multiple | outgoing emails into a single email within some time window? 8-8 | aggregating messages together into a periodic digest that is emitted | at most once per minute. Any other (low-effort) solution ideas would | be appreciated as well. | | Aggregate at the SOURCE: append all alerts to a file. Use a | once-per-minute cron job to rename the file and send out the alerts. | | Wietse Another idea: use a mailing list daemon with the ability to send digest messages based on volume (i.e.: send the digest message when there have been N messages received by the list) like Mailman or Sympa. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN - - A: Yes. | Q: Are you sure ? | A: Because it reverses the logical flow of conversation. | Q: Why is top posting annoying in email ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFMh3KlV6+mDjj1PTgRAjakAKDJh4A90QQhVJGbzT61bO0nJtzfCgCfcfhv pKmXUCnX4HUk3SvyAV1j64I= =uz1K -END PGP SIGNATURE-
Re: Virtualdomains and LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/24/2010 02:52 PM, Pavel Dimow wrote: Hi Victoriano, Hi Pavel. are those searches in LDAP slower? I have made no measures but LDAP indexes are made so the translate attribute values into DNs, so, if you index your DIT properly, speed differences should be negligible if at all existant. For example, is it much slower when you start search at dc=acmecorp instead of ou=people,o=somedomain.com,dc=acmecorp ? Should not. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Remi - http://enigmail.mozdev.org/ iD8DBQFMTX5jV6+mDjj1PTgRAkyHAJ45kA/tbg6ito6HKwqw5wd3DlJKOACgngLY eoJw6V59dB/JLlFZt18Tjao= =bAMI -END PGP SIGNATURE-
Re: Virtualdomains and LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 24/7/10 9:27, Pavel Dimow wrote: someone here can help me. I have a postfix with one primary domain and dozen virtual domains. The problem is that users from primary domain use only their username (without domain part) for SASL authentication and all other users (from virtual domains) are using usern...@somedomain as username. Now my DIT is organized something like ou=people,o=somedomain.com,dc=acmecorp ou=people,o=virtualdomain.com,dc=acmecorp The question is how can I perform a search for a primary domain when I don't have a domain part? Is there anyway that I can append a default domain when %d is empty or I can make some sophisticated filter_search? If you have an attribute in your schema like mailAlternateAddress (from NS schema in the 389 server) for every entry in your DIT and uid at least for your primary domain users, then you can base the search at dc=acmecorp and use a subtree scope, the filter could look like this: (|(uid=%u)(mailAlternateAddress=%u)) Assuming %u represent the whole user identification, as per Dovecot SASL implementation that I'm familiar with. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFMSq87V6+mDjj1PTgRA4ddAJ9bhxmCUiDrrPQzwN2m600o8l2SKQCfakhk eWb/LX5/6bq18jtq0F+BjHo= =8OGx -END PGP SIGNATURE-
Re: OT: ldap schema
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/06/2010 11:22 PM, Fran Garcia wrote: Postfix has no preferred LDAP schemas, it operates at a higher level of abstraction, i.e. virtual_alias_maps, transport_maps, ... which can be implemented via LDAP if you so choose. The mapping between an actual LDAP dataset and the conceptual Postfix key/value table is up to you. Thanks for the links :-) . I already came across the postfix adapts to any ldap schema but, since I'm starting with ldap and not very familiar with all the concepts, I wanted to get some reall ife examples of actual schemas people are using. I can suggest the Spanish schema it has provisions for mail routing and is in use in several Universities and Higher Ed institutions: http://www.rediris.es/ldap/schema/iris.schema You can read use cases and some other information (in Spanish) here: http://wiki.rediris.es/gtschema/Portada - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iD8DBQFMNF62V6+mDjj1PTgRAsZ6AKC7Dt7H8T3rMH7eEkn3D54KdIxcBwCfQo5M wpUBksmO5zDSIIxK8V6XC68= =ZhKy -END PGP SIGNATURE-
Re: OT: ldap schema
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/07/2010 01:24 PM, Fran Garcia wrote: http://wiki.rediris.es/gtschema/Portada I'm getting a Mediawiki internal error there, does it work for you? Works for me right now (Wed Jul 7 13:29:29 CEST 2010) - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iD8DBQFMNGUoV6+mDjj1PTgRAgJSAJ9MGu+SGZ60FPngL4QhUTryhCK2fgCfezh+ WrdMX4iPbd4ZHQyZX9lvuyo= =J/3n -END PGP SIGNATURE-
Re: how to protect against directory attack?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 22/6/10 0:01, mouss wrote: motty.cruz a écrit : Hello all, What is the best way to protect against directory attack? [snip] how about: don't care? # postlog.pl Recipient unknown..: 58.35 % ... it's been so since a long time and the world didn't collapse here. If you manage to cut them before they hit any real address you avoid crud entering your user's mailboxes. We have a testing list with a funny familiar Spanish name (that is in dictionaries for sure) but it is not published anywhere and sends nothing to the outside world, and we are getting spam in the moderation queue of the thing! - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFMIFXIV6+mDjj1PTgRAxAWAKDIHRH5xP//ggjgPOm3E2+To84G3QCgqZYS zpelRamPnD7mQCSYlQC79W4= =wS31 -END PGP SIGNATURE-
Re: how to protect against directory attack?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 22/6/10 12:54, Charles Marcus wrote: On 2010-06-22 2:18 AM, Victoriano Giralt wrote: If you manage to cut them before they hit any real address you avoid crud entering your user's mailboxes. It's called recipient validation, and if you aren't doing it, you're doing it wrong. We DO recipient validation. I'm talking about cutting off the client before they hit a good one. The point I was making is that if you use something like fail2ban that detect an IP address that is doing a dictionary attack, and block the connection you reduce the probability of finding a recipient that will get validated. So add a spam filter. Just because an address isn't published anywhere doesn't mean it won't be targeted. I know that, been doing email since '85. We are not allowed to filter mail (except viruses) by policy. So we need other anti spam meassures, once we accept mail we MUST deliver it (except for viruses). - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFMILDEV6+mDjj1PTgRA7z+AJ9im1gf2OjB8QAc04d1E75KeYy81gCfQYK4 bcEK8CuxTp5Vn2tVMIEHvPg= =Ueyp -END PGP SIGNATURE-
Re: how to protect against directory attack?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 22/6/10 16:47, Charles Marcus wrote: We DO recipient validation. I'm talking about cutting off the client before they hit a good one. The point I was making is that if you use something like fail2ban that detect an IP address that is doing a dictionary attack, and block the connection you reduce the probability of finding a recipient that will get validated. Ahh... you are attempting to hide your valid recipients. Security through obscurity is a waste of time and resources imo. No. I think I'm not making the point through. It is cler we are in the same boat, I also despise security by obscrity. I use fail2ban, but only to block hack attempts... I don't care much about someone finding out who the valid recipients are, I'm much more concerned with someone trying to crack a password... Sure! But, once we have fail2ban in place, and watching over the logs, it cost nothing to stop someone running a list trying to deliver some crud. I compare this to the SSH attacks: nowadays is not safe to have passwords for SSH authentication, but that does not preclude cutting access of list attackers with the likes of fail2ban so they do not lock resources like TCP sockets or CPU cycles, or generate too much noise in the logs. That's what I meant - add an after-queue filter and TAG+Deliver it. Use sieve to deliver it to a Spam folder if desired. Agreed. Deciding on content should be on the hands of users, but, please, do not start a flame over this. It will depart from the OP question. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFMINCWV6+mDjj1PTgRAy8ZAJ4iV4chx6byB5BUd8ieho/yIBTLPACcDuu6 8YZzJL71nzV1A1WfFmlCaGE= =kTnF -END PGP SIGNATURE-
Re: alternatative to Mailman
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 19/3/10 16:17, Martin Schütte wrote: Mauro Faccenda wrote: Does anyone can recommend any good alternative to Mailman as a Mailing Lists Manager that plugs well with Postfix? I heard some praise for http://www.sympa.org/ But I never used it myself. I've been in the Mailman acknowledgments page for some time, and I sort of pushed the internatiolaisation of Mailman, which I'm really proud of. I'm also a declared Pythonist. But circumstances and organizational needs have made me to use Sympa and get ready for transitioning to it. Only thing I can say is that it is a wonderful performant tool, with a lot of excellent capabilities and extensions. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFLo5g0V6+mDjj1PTgRA951AJ9yYZh3XIMgjPgv194Hq63bwBXBhACgzMiZ Nxn2ROJ7DGAaryI/vaiZR1c= =ltCp -END PGP SIGNATURE-
Re: How to accept incoming emails only to the users listed in my application's mysql database
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 22/10/09 12:49, Arora, Sumit wrote: I was wondering if I can accept only those emails addressed to the users listed in a table of my application database. It depends on your application database :) ;) and if it can be used as a map. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFK4HdkV6+mDjj1PTgRA+tOAKCUMV93iqgeqpyv/uz/FzgIDWInqACfVnVI VXryWi6lXbZP1EZhF4tAkAM= =Fn5W -END PGP SIGNATURE-
Re: Accept null HELO/EHLO
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 21/10/09 15:07, Wietse Venema wrote: 1) A baseball bat, and a strong WHACK over the idiot's head. I like te concept. Would you consider stop working on SBTP[1] and do SBBBWTP[2]? ;) 2) Changes to Postfix source code so that it accepts bad command syntax. I would be willing to consider a change that runs every inbound SMTP command through a regexp table so that you can specify a PCRE expression like this: /^HELO\s*$/ HELO helo.invalid The replacement HELO command still contains useful information. This mapping would also solve problems that some people have with clients that send incorrect MAIL FROM or RCPT TO addresses syntax. Similar mappings may solve problems with REMOTE SMTP server responses, or with SMTP client or server outputs by Postfix itself. Maybe you could use a similar approach (even include that in) as the one you took with the recent postscreen daemon, just a simple daemon that read from port 25 socket, processes and writes to the real SMTPs server. Might be not. [1] Simple Beer Transfer Protocol (if I recall right you started worknig on that in the tcpwrappers days). [2] Simple BaseBall Bat Whack Delivery Protocol. So we can even send them overseas ;) :) - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFK3wpGV6+mDjj1PTgRA1EdAJ414LWiUvBGl0v7Y1du6s0+w3dPZACgrTuo KaIEBw+SPn2+MYwVajrvjQI= =/mx0 -END PGP SIGNATURE-
Re: config smtp-cli postfix to send CLI mail to internet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stan Hoeppner wrote: | Go ahead and give that RPM a go, see if it works. If not we'll search | for another version of libsasl that will work. You might need libsasl2 | instead. If the OP needs SASL just for SMTP-auth in Postfix, I'd suggest to give Docecot a go. It has excellent SASL capabilities, is quite easy to configure and integrate with Postfix and has a lot of powerful and useful features for authenticating users. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFK0DxNV6+mDjj1PTgRAmxtAKCfTNirl/3bnxu2ckC4LDQit5CfBwCeI9pr tcPQx/hSznQMmWwiGt9gpsQ= =wzaL -END PGP SIGNATURE-
Re: config smtp-cli postfix to send CLI mail to internet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 mouss wrote: | OP needs client side SASL (he needs to authenticate to his | ISP/whatever relay). dovecot auth only applies to server side SASL I apologise for the noise. I could not find the original post, and I was too fast on the send button. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFK0K+FV6+mDjj1PTgRAhmsAKCW4mPn/KgtADnTwitEAh9W0noUFQCeLwH8 JZSV/88Wa9hYGLpppZQYBEQ= =WSwG -END PGP SIGNATURE-
Re: Xserve running Mac OS X
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Doctor escribió: | Right I have the following colocated box with | the following configuration: 8-8 removed extra info 8-8 | mydomain = vstudios.ca | mydomain_fallback = localhost | myhostname = mail.vstudios.ca 8-8 more noise 8-8 | The DNS are pointing to this box as MX and when I do a local | test, no log nor delivery is | taking place. | | What do I need to fix? | Probably the connection to the machine: ;; QUESTION SECTION: ;visionaryentertainment.ca. IN MX ;; ANSWER SECTION: visionaryentertainment.ca. 3600 IN MX 5 mail.vstudios.ca. visionaryentertainment.ca. 3600 IN MX 10 doctor.nl2k.ab.ca. ;; AUTHORITY SECTION: visionaryentertainment.ca. 3600 IN NS ns2.nl2k.ab.ca. visionaryentertainment.ca. 3600 IN NS doctor.nl2k.ab.ca. Then: [...@atila ~]$ telnet mail.vstudios.ca 25 Trying 69.42.58.100... Connected to mail.vstudios.ca (69.42.58.100). Escape character is '^]'. 220-hp10.hostpapa.com ESMTP Exim 4.69 #1 Wed, 19 Aug 2009 18:53:44 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. quit 221 hp10.hostpapa.com closing connection Connection closed by foreign host. That is clearly not Postfix, or it is very well disguised :) - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFKjINSV6+mDjj1PTgRAjqKAJsFf/vCYDB82EwU52mXvoAQCEqEnwCfco/O EiQ7gOCql0nYRlEJ6IHbP1I= =1tX3 -END PGP SIGNATURE-
Re: sieve instead procmail?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/23/09 16:33, Michael Monnerie wrote: Ah, this was s close. What a pity. Maybe there's another way? What about a postfix milter? I just need a sieve that can call an external program to deliver mails. Is that really not existing? Why don't you just call the external program for the delivery as you call sieve. In my systems we call dovecot's deliver like this: dovecot unix - n n - - pipe flags=DRhu user=v:v argv=/usr/libexec/dovecot/deliver -d ${recipient} That means the using dovecot as the virtual delivery transport will pass the mesage to the piped program (deliver in this case) through it's standard input, with the parameters passed on the command line, in this case using ${recipient} as substitute parameter for the real message recipient. I can't see the need for going through hoops into sieve for just calling a program with the message piped into it when it can just be done over the pipe mechanism. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Remi - http://enigmail.mozdev.org/ iD8DBQFKaH5fV6+mDjj1PTgRAsv+AJ9mWB7ARa8ZgjtxYxFjMXGIg7RzNgCfU+JF PFtSzDj8B1s4sUy3ygOWemw= =wJnq -END PGP SIGNATURE-
Re: postscreen test
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/16/09 16:19, Terry Carmen wrote: prefix? It fixes things before they become a problem... Great name! I like it! +1 - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Remi - http://enigmail.mozdev.org/ iD8DBQFKYDjYV6+mDjj1PTgRAq3CAJoCIDs2nNzccgdUXjt/A8zd06r92ACeLIEz vmInQK7KHjWXF3XUfcND6yQ= =llzT -END PGP SIGNATURE-
Re: Postfix SMTP Auth and OpenLDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry L. Inzauro wrote: | can you elaborate a little more on the postfix - dovecot - ldap setup? | is there a specifc reason why dovecot was used? can | courier imap be used? The reason for Dovecot is that is has a very nice and clean SASL implementation, that can be used even without the IMAP/POP server part. I'm afraid courier cannot be used for that purpose, as it just a (good) mailbox server. Then, Dovecot has an excellent management of stacked user databases, it is worth a look. We also have it like that in our environment with close to 100k mailboxes. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFKU4f5V6+mDjj1PTgRAgqLAKCUkGjRJCVsuR0Nlk072uH15d248QCgoXQT f8/+oen94X6CF7r/e0xQH8M= =tfr1 -END PGP SIGNATURE-
Re: RFC 1918 -v- Postfix
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Steve wrote: I'll have to live with the waste of bandwidth looking up local clients has on the network. It's a small cost value, but an unnecessary one and it really should be more configurable than on or off. There needs to be a way to make sane exemptions. Well... Postfix supposes a properly configured network underneath, and for years on end I have been teaching that the best oil for any IP network is a properly configured name resolution, be it /etc/hosts (difficult to scale) or DNS. If you have a network of a few hosts your problem is easily solved by a few lines in /etc/hosts. If it is a big one, your are only asking for trouble refusing to configure local DNS service. To me that is easier thn giving newbees another opportunity to shoot themselves on their feet. - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKEoqvV6+mDjj1PTgRA+tmAJ0di7qbF78tw3zavJLPkQglFbWWqgCgpRTF 2WZIM/bh2779Sr8P4ldcmMI= =v4b8 -END PGP SIGNATURE-
Re: Postfix - Blackberry [OT]
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Leonardo Rodrigues Magalhães wrote: as far as i know, blackberry platform works only with MS Exchange. And it requires you to install some software with will be the Blackberry-MS Exchange gateway . i dont know if blackberry gateway works with another platform . Similar service on many telephones that connects to several groupware/calendaring/... servers with OpenSource version: http://funambol.com/ (This was intended for the list, but, as usual, I clicked the wrong button, I wish someone implements reply-to-list in TB) - -- Victoriano Giralt Systems Manager Central Computing Facility University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJetdfV6+mDjj1PTgRA64HAKCTXvTdGGsaDRPJY+sF+ZIXs0ZrCgCeNx4v sNaDWbIchPQtQB1S2Drb6sk= =rsjl -END PGP SIGNATURE-
Re: Question about reject_unauthenticated_sender_login_mismatch
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 jeff_homeip wrote: If I send to another unrelated address, it works fine, so this is clearly caused by the fact that the address to which I'm sending is also listed in smtpd_sender_login_maps. I'm not following the thread too deeply, but ... This points more and more to a map problem. I didn't expect this behavior, but I'm guessing it's what postfix is supposed to do. Can you explain why this happens? and do you have any suggestions to avoid it? Have you already shown your map SQL query? If not, doing so might help. - -- Victoriano Giralt Systems Manager Central Computing Facility University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJbt6xV6+mDjj1PTgRAzOWAJ0XjHCQbCh6g/8fa4k+O6hWEzHP1ACdGrDF hhRV6Dvixd7L1P05eeifyyk= =hqgE -END PGP SIGNATURE-
Re: Maildrop user unknown. Command output: Invalid user specified
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 tôba wrote: tsaida:~#ls /var/vmail/domaintest.net/toba/new/ total 8 drwx-- 2 root root 4096 2009-01-05 03:47 . drwx-- 5 root root 4096 2009-01-02 06:51 .. - ---^ - ^ maildrop unix - n n - - pipe flags=uR user=vmail argv=/usr/bin/maildrop -d $recipient -w 90 - ---^ This strongly suggests that your permissions are not very much in shape ;) - -- Victoriano Giralt Systems Manager Central Computing Facility University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Remi - http://enigmail.mozdev.org iD8DBQFJYcypV6+mDjj1PTgRAhLTAJ4+pEh728/InHSyaSZR66a6KJSxdACbBn9X tsk9zcwRK4TiE5b9Y3yqUmk= =SrDY -END PGP SIGNATURE-