Re: Port 587 users question

On 2016.11.27 20.43, li...@lazygranch.com wrote: > I should have mentioned the mail system is on a VPS and I'm the only > user. And yes, trouble makers are on the Internet. well, this simplifies things quite of bit, of course. > What lead me to this was I did bzgrep "max auth" and noticed both >

Consulting multiple ldap tables with envelope sender address authorization

Hello all, I am configurating envelope sender address authorization using ldap tables with Active Directory which has two possible attributes to authenticate users, the legacy and short name "samaccountname" and the long name "userprincipalname", so that I am trying is permit authenticate with

Re: Consulting multiple ldap tables with envelope sender address authorization

On 2016.11.28 06.53, mailing lists wrote: > Hello all, > > I am configurating envelope sender address authorization using ldap > tables with Active Directory which has two possible attributes to > authenticate users, the legacy and short name "samaccountname" and > the long name

SMTP Error with Thunderbird with remote Ubuntu Server 16.04

Hello, First, email has been working fine on this server for past several months while using the Squirrelmail web client located on the same server. I am needing an alternative method to access mail services and decided, on a whim, to try Thunderbird. Thunderbird interacted with the Dovecot

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

Okay, I accidentally sent this half-composed. But yes. I was able to send via SMTP, but only if my destination address was on my machine (which is probably good) Maybe since I sent this, I let people deliver their opinions on if this is an MX record issue first. Thanks Rick On 11/28/2016

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

On 11/28/2016 9:07 AM, rich.gre...@hushmail.com wrote: > Hello, > > First, email has been working fine on this server for past several months > while using the Squirrelmail web client located on the same server. I am > needing an alternative method to access mail services and decided, on a

Re: Port 587 users question

On Mon, 28 Nov 2016 09:01:41 -0500 btb wrote: > On 2016.11.27 20.43, li...@lazygranch.com wrote: > > I should have mentioned the mail system is on a VPS and I'm the only > > user. And yes, trouble makers are on the Internet. > > well, this simplifies things quite of bit, of

Re: Consulting multiple ldap tables with envelope sender address authorization

On Mon, Nov 28, 2016 at 11:53:31AM +, mailing lists wrote: > I am configurating envelope sender address authorization using ldap tables > with Active Directory which has two possible attributes to authenticate > users, the legacy and short name "samaccountname" and the long name >

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

On Mon, Nov 28, 2016 at 02:59:22PM -0600, rich.gre...@hushmail.com wrote: > >smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem > >> smtpd_tls_key_file=/etcletsencrypt/live/example.com/privkey.pem > > > >The key file setting seems to have a typo. > > > >> smtpd_use_tls=yes > > >

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

On 11/28/2016 at 1:28 PM, "Viktor Dukhovni" wrote: > >> On Nov 28, 2016, at 2:13 PM, rich.gre...@hushmail.com wrote: >> >> # TLS parameters >> smtpd_tls_loglevel = 1; > >If that ';' is really there, get rid of it. > Got rid of it. C habits are hard to break. Good

Re: Port 587 users question

On 28 Nov 2016, at 13:47, li...@lazygranch.com wrote: On Mon, 28 Nov 2016 09:01:41 -0500 btb wrote: On 2016.11.27 20.43, li...@lazygranch.com wrote: I should have mentioned the mail system is on a VPS and I'm the only user. And yes, trouble makers are on the Internet.

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

Okay, I am really curious how this works then. Good catch on the 'www' test. I winged it without reading the manpage. I've never known a good starting point for learning DNS, so that is definitely a weak point. So, now that the DNS is out of the way. I'm going to dig deeper here. When I

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

On Mon, Nov 28, 2016 at 12:18:09PM -0600, rich.gre...@hushmail.com wrote: > Okay, I am already using letsencrypt.org for my port 443 traffic. So once > I have it extended to also cover SMTP on port 587, would it be acceptable > to disable port 25, or is port 25 still needed (perhaps to suggest to

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

> On Nov 28, 2016, at 2:13 PM, rich.gre...@hushmail.com wrote: > > # TLS parameters > smtpd_tls_loglevel = 1; If that ';' is really there, get rid of it. > smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem > smtpd_tls_key_file=/etcletsencrypt/live/example.com/privkey.pem The

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

Am 28.11.2016 um 18:57 schrieb rich.gre...@hushmail.com: Hello, it looks Thunderbird can't validate the certificate the mailserver is using. The dialogue you refer to is normal. What I recommend to my folks when using my servers is to simply "accept it" and get done with it (happens every 6

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

I should make clear in the post that u...@example.com is the IMAP mailbox name and that m...@example.com is a virtual alias. This machine hosts about 8 domains and has, I think, three mailboxes. I am the sole user of the email system. On 11/28/2016 at 11:58 AM, rich.gre...@hushmail.com wrote:

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

Okay, Victor, thanks for the stats in the second email! That is quite interesting to read. I have only recently (this summer) heard of LetsEncrypt.org. Up until that point, I had expected that I was condemned by powers-that-be to buy a key annually forever. Oh yeah, I love the "smoke and

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

Am 28.11.2016 um 19:18 schrieb rich.gre...@hushmail.com: > Okay, I am already using letsencrypt.org for my port 443 traffic. So > once I have it extended to also cover SMPT on port 587, would it be > acceptable to disable port 25, or is port 25 still needed (perhaps to > suggest to clients that

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

On Mon, Nov 28, 2016 at 07:29:15PM +0100, Florian Piekert wrote: > I use the same certificate for postfix, apache, dovecot, proftpd, etc... > (from cacert.org). The cacert.org root CA's MD5 self-signature tends to trigger inteoperability problems. You're typically better off with some other

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

On Mon, Nov 28, 2016 at 11:57:44AM -0600, rich.gre...@hushmail.com wrote: > Nov 28 18:35:14 example postfix/smtpd[1293]: connect from > 69-179-xxx-yyy.dyn.centurytel.net[69.179.xxx.yyy] > Nov 28 18:35:16 example postfix/smtpd[1293]: warning: TLS library problem: > error:14094418:SSL

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

Okay, I am already using letsencrypt.org for my port 443 traffic. So once I have it extended to also cover SMPT on port 587, would it be acceptable to disable port 25, or is port 25 still needed (perhaps to suggest to clients that it isn't accepting any traffic except 587) I have to admit, I

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

On 11/28/2016 at 3:25 PM, "Viktor Dukhovni" wrote: > >On Mon, Nov 28, 2016 at 02:59:22PM -0600, rich.gre...@hushmail.com >wrote: > >> >>smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pe >m >> >>

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

On 28 Nov 2016, at 17:29, rich.gre...@hushmail.com wrote: I changed it. When I compose and send to an outside domain now, I get an error that hints towards port 25 being strongly preferred over 587. Sending of the message failed. The message could not be sent because connecting to Outgoing

Re: short circuit content_filters

> Fix it in spamassassin. Use whitelist_from or better whitelist_from_dkim. > See "perldoc Mail::SpamAssassin::Conf" for config instructions. Seems legit. How do I configure SpamAssassin to look up the domain in MySQL? Michael Munger, dCAP, MCPS, MCNPS, MBSS High Powered Help, Inc. Microsoft

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

On Mon, Nov 28, 2016 at 04:29:58PM -0600, rich.gre...@hushmail.com wrote: > >Did you also fix the key_file setting? > > Yes, I did. Good, at this point STARTTLS is working on port 25. > >You have received headers and logs that should indicate how the > >mail it sent entered your mailbox. You

short circuit content_filters

TLDR: How do I configure Postfix to NOT use spamassassin to scan the email if it is coming from a domain that is whitelisted via check_sender_access? DETAILS: We maintain a white-list of company domains that are aggregated from all our employee's address books. We want all email that

Re: short circuit content_filters

* Michael Munger : > TLDR: > > How do I configure Postfix to NOT use spamassassin to scan the email if > it is coming from a domain that is whitelisted via check_sender_access? Fix it in spamassassin. Use whitelist_from or better whitelist_from_dkim. See "perldoc

Re: short circuit content_filters

* Michael Munger : > > > Fix it in spamassassin. Use whitelist_from or better whitelist_from_dkim. > > See "perldoc Mail::SpamAssassin::Conf" for config instructions. > > Seems legit. How do I configure SpamAssassin to look up the domain in MySQL? There may be a way

HAPROXY protocol version?

Greetings, I'm trying to find out which version (1,2) of the haproxy protocol Postfix supports. I couldn't find any reference in the documentaton nor in the src files. Is there any and I missed it? Thanks, p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße

Re: short circuit content_filters

On 28 Nov 2016, at 17:37, Michael Munger wrote: TLDR: How do I configure Postfix to NOT use spamassassin to scan the email if it is coming from a domain that is whitelisted via check_sender_access? You *COULD* do this inside SA, but for that you'd be better off asking in the SA mailing

Re: HAPROXY protocol version?

Patrick Ben Koetter: > Greetings, > > I'm trying to find out which version (1,2) of the haproxy protocol Postfix > supports. I couldn't find any reference in the documentaton nor in the src > files. Is there any and I missed it? http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt says:

Re: SMTP Error with Thunderbird with remote Ubuntu Server 16.04

Texto em portugues: Pelo que eu entendi você está com problemas para enviar e-mails partindo do thunderbird; não sei se compreendi o motivo do teste de DNS mas me parece que você quer confirmar o MX. Em geral a porta segura do SMTP é a 465, o gmail utiliza a 587. Utilizando a lógica seu dominio

Re: short circuit content_filters

On 11/28/2016 8:14 PM, Michael Munger wrote: ... > we simply changed the action > from "OK" to "FILTER relay:192.168.10.81". This means that inbound > mail, once it is discovered to be on a whitelist, is immediately > relayed to our Exchange server. No, the mail is not immediately relayed. It

Re: short circuit content_filters

> >> How do I configure Postfix to NOT use spamassassin to scan the email if >> it is coming from one of these whitelisted domains? > > Make the check_sender_access queries return a FILTER result > (specifying a suitable transport, likely 'local:$myhostname') which > will override your

Re: short circuit content_filters

Good timing. I was just trying to figure out why a domain on the whitelist was still caught by an rbl when you sent this. Thank you. To fix the issue, I have added an additional check_sender_access smtpd_client_restrictions = check_sender_access mysql:/etc/postfix/whitelist.cf,

Re: Port 587 users question

On 2016.11.28 13.47, li...@lazygranch.com wrote: > On Mon, 28 Nov 2016 09:01:41 -0500 btb wrote: > >> On 2016.11.27 20.43, li...@lazygranch.com wrote: >>> I should have mentioned the mail system is on a VPS and I'm the >>> only user. And yes, trouble makers are on the Internet.

Re: short circuit content_filters

Don't forget to put your shortcircuit.cf in smtpd_{helo, sender, recipient, data}_restrictions. Or even better, to prevent any unintentional open relay have your shortcircuit.cf return "permit_auth_destination" rather than simply OK. -- Noel Jones On 11/28/2016 9:22 PM, Michael Munger

Re: short circuit content_filters

As you have suggested, so I have done. For each of these, I have added the whitelist.cf and shortcircuit.cf files via check_sender_access as the /first thing/ these checks do so that domains on the whitelist are shortcircuited and routed without prejudice. smtpd_helo_restrictions =

Re: noob question on filtering and sending mail to bdd or rest request

Thanks ! just perfect ... Stéphane Le 26/11/2016 à 16:13, Wietse Venema a écrit : St?phane MERLE: Hi, Hi, I found this and it looks just perfect for this ! http://serverfault.com/questions/322657/how-can-i-route-some-emails-to-a-script-in-postfix one more question, if my script die and