Same here, but I found some interesting facts about outlook spam, they have 4
common marks that can be used to catch them with Spamassassin.
The following rules block all outlook spam, but will also block some legitimate
emails that use "undisclosed recipients". Not a big deal for me and my
About Docker, you may want to do some research on it, because it may not be
desirable for production systems due to its monolithic design, it uses a single
Docker daemon, while competitors like podman use a daemonless architecture.
Look how "easy" it is to secure Docker:
it happens to me sometimes, I make changes to the postfix configuration and I
forget to restart postfix for it to take effect (systemctl restart postfix
opendkim opendmarc etc).
Could it be that simple?
On Tue, 14 Nov 2023 11:16:18 -0500 Dino Edwards via Postfix-users
wrote:
> Logs
You mention that you are using dovecot along with postfix, so in that case, the
most common theme is to use LMTP like this:
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains
then your /etc/postfix/virtual_mailbox_domains may look
we must be looking at different manuals/specifications because I don't see how
a SMFIC_ABORT is implied here.
but
I don't think it matters anyway, it should not make any difference, just extra
traffic between postfix and the milters :)
I'll adjust my milter to expect SMFIC_ABORT after
The specification does NOT state that after STARTTLS the MTA must send an
SMFIC_ABORT.
It only states that when SMFIC_ABORT is sent, between emails with the same
connection, to reset everything except the connection information (since its
the same I guess?)
At least that is how I interpret
(resending because the previous email failed to submit due to its size)
I'm sorry I did not provide enough information.
With "the next email" I mean the next SMTP SESSION, a different sender.
I should also mention that I'm using AlmaLinux (derivative of RHEL) which comes
with the following
Hello everyone,
While running my milter, I noticed an inconsistency filtering incoming mail by
their connection information and by inconsistency I mean complete lack of data.
Of course it could be a bug in my milter, but in case it is not, here is the
problem:
A normal (unencrypted)
thank you for the explanation, I'll adjust my code accordingly :)
On Tue, 17 Oct 2023 10:02:33 -0400 (EDT) Wietse Venema via Postfix-users
wrote:
> mailmary--- via Postfix-users:
> >
> > Hello everyone,
> >
> > I'm coding a milter and I noticed an issue
Hello everyone,
I'm coding a milter and I noticed an issue with postfix. Once postfix is done
communicating with the milters, instead of sending a SMFIC_QUIT, it sends
SMFIC_ABORT.
abort all milters
milter8_abort: abort milter inet:127.0.0.1:8891
milter8_abort: abort milter
In my case, libspf2 is a dependent package of OpenDMARC
(Alma Linux, Rocky Linux, Oracle Linux)
On Sat, 30 Sep 2023 16:47:30 -0400 Viktor Dukhovni via Postfix-users
wrote:
> Recent news of security issues in Exim appear to in part implicate
> libspf2.
>
> While Postfix does not directly
So in other words, read the manual ;)
On Fri, 8 Sep 2023 11:25:22 -0400 Viktor Dukhovni via Postfix-users
wrote:
> On Fri, Sep 08, 2023 at 05:15:45PM +0300, mailmary--- via Postfix-users wrote:
>
> > Two quick questions:
> >
> > 1) How do I force an email addres
Hello everyone,
Two quick questions:
1) How do I force an email address to NOT be able to send email, but still
receive.
2) How do I force an email address to NOT be able to receive, but still send.
Thank you.
___
Postfix-users mailing list --
maybe spamassassin is reading your vCard (.vcf) which has the following string:
URL:https://woodpeckersnest.space/
btw, yes .space is considered a "bad domain" frequently abused for spam. But I
think it was recently removed from spamassassin bad domains.
In all honesty, the current situation of logging the base64 string
"UGFzc3dvcmQ6" does not help us.
Maybe we could reconsider, and actually log the data (raw or base64-decoded)?
On Tue, 16 May 2023 09:30:44 -0400 (EDT) Wietse Venema via Postfix-users
wrote:
> mailmary--
I am talking about the authentication email, not MAIL FROM or RCPT TO.
hmm, when using the -v parameter, just above the "SASL LOGIN authentication
failed: UGFzc3dvcmQ6" log entry, I can clearly see the email/password
thus postfix knows the email address being authenticated BEFORE the error
Out of curiosity, why does postfix display the base64 encoded "Password:"
string on failed authentication, instead of the user/email that actually failed?
eg:
warning: unknown[59.2.250.144]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
warning: unknown[1.219.223.120]: SASL LOGIN
The postscreen feature for RBL checks allows us to use scoring!
My configuration is based on this one here:
https://gitlab.com/noumenia/aetolos/-/blob/master/modules/el8/postfix/maincf.tpl
Take a look at lines 100 to 132.
For example:
postscreen_dnsbl_action = enforce (reject email with
I've said this in the past, certbot was badly coded, used too much memory and
lacked vision. But there are two great alternatives, written as bash scripts
(thats right.. bash scripts!)
https://github.com/acmesh-official/acme.sh
https://github.com/dehydrated-io/dehydrated
give them a try,
I'm using a PHP milter to reject languages by their charset.
For example, look for the charset "ks_c_5601-1987" under headers:
Subject:
Content-Type:
Thread-Topic:
etc...
An Base64-encoded subject would look like:
Subject: =?ks_c_5601-1987?B?...base64string...
or a mime content-type would
same here, it appears like someone is doing tests on their end, because these
errors first appeared today and only for a few hours.
On Fri, 17 Mar 2023 14:17:19 +0100 Benny Pedersen via Postfix-users
wrote:
> Mar 17 11:38:31 localhost postfix/smtpd[22150]: lost connection after
>
other account
domains, which is something supported by SELinux on enterprise linux distros
(Alma, Rocky, Oracle, etc).
no need for an SQL database.
On Mon, 13 Mar 2023 13:42:42 +0100 Antonino Di Mauro via Postfix-users
wrote:
> about 200 users...
>
>
> Il 13/03/23 13:33, mai
out of curiosity, why do you want to use an SQL database? Do you have more than
1,000,000 email accounts?
I don't really see any benefit by using SQL for small to medium sized systems.
On Mon, 13 Mar 2023 13:26:47 +0100 Antonino Di Mauro via Postfix-users
wrote:
> It seems i found the
Unfortunately, due to company policy, I can only work with RPM packages from
either the default repo or EPEL and nothing else. I know several other
companies that have the same rule. Its not something that I can change, so I
work with what I have.
On Fri, 10 Mar 2023 11:14:14 -0500 PGNet
The problem with dkimpy/dkimpy-milter, is that they don't exist in enterprise
distros (Alma, Rocky, Oracle) via EPEL.
The popularity of opendkim/opendmarc is due to their packages being available
via EPEL.
Looking at the opendkim/opendmarc right now, they appear dead over the past 2
years
Hello,
Are you using OpenDMARC? if you do, then its because OpenDMARC is broken and
crashes on some types of emails.
Look above those log lines for the actual crash, it looks like:
"can't read SMFIC_BODYEOB reply packet header"
unfortunately, OpenDMARC seems like a dead project so don't
Unfortunately I've seen this crash as well, its actually quite frequent in my
case and I'm using a newer version of OpenDMARC than you:
# opendmarc -V
opendmarc: OpenDMARC Filter v1.4.2
SMFI_VERSION 0x101
libmilter version 1.0.1
Active code options:
Ah I see, no problem.
I will try something with a policy daemon or an outgoing milter.
Thank you for the clarification.
On Mon, 6 Mar 2023 08:44:11 -0500 (EST) Wietse Venema
wrote:
> mailm...@ionos.gr:
> >
> > Hello everyone,
> >
> > My current postfix configuration allows an
Hello everyone,
My current postfix configuration allows an authenticated (SASL) user to send
emails with any From: address.
1) Is there a way to limit From: addresses to known/configured
(virtual_mailbox_domains) domains only?
2) Is there a way to limit From: to be exactly like the
It was added later, but by then I had already converted to regex.
On Wed, 08 Feb 2023 11:34:49 -0500 post...@ptld.com wrote:
> > Since I'm using AlmaLinux, a derivative of RHEL, it does not have PCRE
> > because Redhat decided to remove it entirely from RHEL.
> > Thus, I had to convert all
Here is how I do it:
check_sender_access regexp:/etc/postfix/sender_domain_checks
here are the (partial) contents of /etc/postfix/sender_domain_checks:
/\.top$/ REJECT
/\.xyz$/ REJECT
/\.cam$/ REJECT
/\.fun$/ REJECT
/\.buzz$/ REJECT
/\.club$/ REJECT
/\.link$/ REJECT
/\.hinet\.net$/ REJECT
isn't opendkim a dead project? I think their last commit was two years ago...
last time I checked, the EPEL package maintainer had to apply patches manually
because the opendkim owners had stopped working on their project.
On Mon, 26 Dec 2022 20:22:19 +1100 raf wrote:
> That issue hasn't
I've run a similar setup for my hosting needs, while not related to Docker
containers, you may find my configuration helpful and copy some parts.
More experienced postfix'ers can comment on my mistakes :)
https://gitlab.com/noumenia/aetolos/-/blob/master/modules/el8/postfix/maincf.tpl
In my case, I reject invalid HELO names with:
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
I've run postfix like this for about 10 years now without any problems. I don't
expect others to use such restrictions but it works for me.
On Fri, 23 Dec 2022 09:51:48 +0400 Samer
sorry to have to burst your bubble, but postfix does not have documentation
at least not in the way we call documentation these days
maybe you'd call them "notes" or a "reference guide" but not real documentation
it is helpful to people who already know everything, but not helpful to people
If possible, could you please explain how to limit port 25 to receive only?
I use port 587 (submission) for sending mail.
thank you.
On Wed, 21 Dec 2022 11:47:16 -0500 Demi Marie Obenour
wrote:
> An alternative, which I prefer, is to require all submission to be on port
> 465 (over TLS)
haproxy in HTTP mode can add the necessary X-Forwarded-For header and backends
like Apache can use the mod_remoteip.so module with the RemoteIPHeader
parameter to handle the new header.
haproxy in TCP mode can't do that[1], thus haproxy has written a "proxy
protocol v2"[2] that does that,
The most common issue when using a proxy/load balancer like haproxy, is that
the remote/foreign connections are being forwarded with the IP address of the
haproxy machine. Thus, they all appear as "local", which makes postfix think
they are "mynetworks" and as a result, postfix becomes a open
now that is funny, I didn't know postfix replied to HTTP requests hahaha!
$ telnet mail.server 25
Trying 192.168.1.184...
Connected to mail.server.
Escape character is '^]'.
220-mail.server.erebor.lan ESMTP
GET / HTTP/1.0
521 5.7.0 Error: I can break rules, too. Goodbye.
Connection closed by
Thank you, I'll take a look!
On Wed, 14 Dec 2022 11:29:05 -0500 (EST) Wietse Venema
wrote:
> mailm...@ionos.gr:
> >
> > The milter-8.c file you mention has a lot of information that I was
> > missing, thank you for that!
> >
> > One important part is missing, milter response codes are
The milter-8.c file you mention has a lot of information that I was missing,
thank you for that!
One important part is missing, milter response codes are categorised as:
- "modification"
- "accept/reject"
- "asynchronous"
But these 3 codes are not mentioned anywhere:
SMFIR_CONN_FAIL
I used the "milter-protocol.txt" file that I found everywhere. It is for
protocol version 2 only. So I based my implementation on that.
Later on, I used archive.org to download a copy of libmilter-docs.tar.gz. I
expected the documentation to explain the differences between versions (eg
going
Thank you for those links, I'll take a look.
On Tue, 13 Dec 2022 15:44:26 -0500 (EST) Wietse Venema
wrote:
> Wietse Venema:
> > When I implemented Postfix Milter protocol support, I followed the
> > file milter-protocol.txt (for protocol verion 2).
> >
> > For newer protocol versions I
I try to match my coding style to PSR12, so I used PSR12 as a base with 5-6
modifications.
There are some things that I haven't tested as much as I want to, for example I
haven't found a way to simulate pipelining from postfix.
It is sad that there is no real milter documentation, I did find
Hey everyone,
I wrote a milter library for PHP, because I wanted to create a bunch of
different milter filters in PHP. I thought maybe others would be interested as
well, so I published the library here:
https://gitlab.com/noumenia/libmilterphp
It supports all of milter protocol version 2.
Docker containers don't log like normal linux distos do with
syslog/rsyslog/syslog-ng/etc. They expect the main process to output all
logging to STDOUT, this is recorded as "log" output by the docker daemon.
You may need to set the "maillog_file" postfix config option to "/dev/stdout",
thus
46 matches
Mail list logo
