Re: question about envelop from.

2018-03-13 Thread Viktor Dukhovni
> On Mar 13, 2018, at 11:36 AM, LuKreme wrote: > > In general, or these specific exclusions? Mostly in general. Why do cleartext with clients that can't do strong ciphers, let them encrypt with their medium ciphers. > I've had > > smtpd_tls_exclude_ciphers = MD5, SEED,

Re: question about envelop from.

2018-03-13 Thread Viktor Dukhovni
> On Mar 13, 2018, at 12:00 PM, Matus UHLAR - fantomas > wrote: > > smtpd_tls_ciphers=high > smtpd_tls_mandatory_ciphers=high > smtpd_tls_exclude_ciphers=aNULL My recommendation is: smtpd_tls_ciphers = medium smtpd_tls_mandatory_ciphers = high There's not much need to

Re: Reducing logging

2018-03-13 Thread Christian Schmidt
Patrick Ben Koetter, 12.03.2018: > You'll probably have to use a (more modern) syslog service, e.g. rsyslogd, to > split log by content into multiple files. In addition, you could add the option "-o syslog_name=postfix-587" (or "25") to the corresponding entry in master.cf. This will make postfix

Re: Reducing logging

2018-03-13 Thread Matus UHLAR - fantomas
Patrick Ben Koetter, 12.03.2018: You'll probably have to use a (more modern) syslog service, e.g. rsyslogd, to split log by content into multiple files. On 13.03.18 09:35, Christian Schmidt wrote: In addition, you could add the option "-o syslog_name=postfix-587" (or "25") to the

RE: question about envelop from.

2018-03-13 Thread L . P . H . van Belle
Hai Matus, Thank you for the reply, most apriciated. No, but its a "government" server, so i need to be very sure.. ;-) Thanks, i was looking in the wrong rfc. Best regards, Louis > -Oorspronkelijk bericht- > Van: uh...@fantomas.sk > [mailto:owner-postfix-us...@postfix.org]

Re: Greylisting?

2018-03-13 Thread john
Thanks. On 2018-03-11 10:39 PM, john wrote: I  was just taking a look through my postfix configuration and noticed that I have a "check_policy_service" for postgrey a greylisting service. I greylisting still considered worthwhile or should I drop it? TIA John A

question about envelop from.

2018-03-13 Thread L . P . H . van Belle
Hai,   Im reading through rfc's but the following is still not clear for me.   E-mail is rejected base on the envelop-from adres from a mail-daemon with postfix + postfix-policyd-spf   I saw the following in the postfix logs. Feb  7 00:00:16 hostname postfix/smtpd[31726]: Untrusted TLS

Re: question about envelop from.

2018-03-13 Thread Matus UHLAR - fantomas
On 13.03.18 13:54, L.P.H. van Belle wrote: Im reading through rfc's but the following is still not clear for me.   E-mail is rejected base on the envelop-from adres from a mail-daemon with postfix + postfix-policyd-spf   I saw the following in the postfix logs. Feb  7 00:00:16 hostname

Re: question about envelop from.

2018-03-13 Thread LuKreme
On Mar 13, 2018, at 09:17, Viktor Dukhovni wrote: >> smtpd_tls_exclude_ciphers = eNULL, aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, >> DSS, ECDSA, CAMELLIA128, CAMELLIA256, 3DES > > This too is unwise. Remove this setting. In general, or these specific exclusions?

Re: question about envelop from.

2018-03-13 Thread Viktor Dukhovni
> On Mar 13, 2018, at 10:53 AM, L.P.H. van Belle wrote: > > Yes, i've set smtpd_tls_ask_ccert to yes. You almost certainly don't need this. > Hmmm, i now also noticed i dont have Trusted or Verified anymore, this must > be a miss on my side after the switch from 2.10 to 3.1

Re: Reducing logging

2018-03-13 Thread LuKreme
On Mar 13, 2018, at 02:35, Christian Schmidt wrote: > In addition, you could add the option "-o syslog_name=postfix-587" (or > "25") to the corresponding entry in master.cf. This will make postfix > "label" the logfile entries - and maybe enable your

Re: question about envelop from.

2018-03-13 Thread Matus UHLAR - fantomas
On 13.03.18 09:36, LuKreme wrote: On Mar 13, 2018, at 09:17, Viktor Dukhovni wrote: smtpd_tls_exclude_ciphers = eNULL, aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, CAMELLIA256, 3DES This too is unwise. Remove this setting. In general, or

Re: question about envelop from.

2018-03-13 Thread Viktor Dukhovni
> On Mar 13, 2018, at 8:54 AM, L.P.H. van Belle wrote: > > Feb 7 00:00:16 hostname postfix/smtpd[31726]: NOQUEUE: reject: RCPT from > smtp1..nl[x.xx.xxx.xx]]: 450 4.1.8 : > Sender address rejected: Domain not found; >

RE: question about envelop from.

2018-03-13 Thread L . P . H . van Belle
Hello Victor, > -Oorspronkelijk bericht- > Van: postfix-us...@dukhovni.org > [mailto:owner-postfix-us...@postfix.org] Namens Viktor Dukhovni > Verzonden: dinsdag 13 maart 2018 15:27 > Aan: Postfix users > Onderwerp: Re: question about envelop from. > > > > > On Mar 13, 2018, at 8:54

Re: Spammer rejected, but resends every 10 minutes. Any way to prevent this

2018-03-13 Thread Peter
On 14/03/18 15:51, li...@lazygranch.com wrote: > I'm getting hit every 10 minutes from this spammer. As you can see I am > rejecting the message. I wonder if the offending email server doesn't > know the message is being rejected? > > Mar 13 23:28:58 centos-1gb-sfo1-01 postfix/smtpd[22153]:

Re: Spammer rejected, but resends every 10 minutes. Any way to prevent this

2018-03-13 Thread Benny Pedersen
Kevin A. McGrail skrev den 2018-03-14 03:55: On 3/13/2018 10:51 PM, li...@lazygranch.com wrote: I'm getting hit every 10 minutes from this spammer. As you can see I am rejecting the message. I wonder if the offending email server doesn't know the message is being rejected? Mar 13 23:28:58

Re: Spammer rejected, but resends every 10 minutes. Any way to prevent this

2018-03-13 Thread Kevin A. McGrail
On 3/13/2018 10:51 PM, li...@lazygranch.com wrote: > I'm getting hit every 10 minutes from this spammer. As you can see I am > rejecting the message. I wonder if the offending email server doesn't > know the message is being rejected? > > Mar 13 23:28:58 centos-1gb-sfo1-01 postfix/smtpd[22153]:

Re: Spammer rejected, but resends every 10 minutes. Any way to prevent this

2018-03-13 Thread Bill Cole
On 13 Mar 2018, at 22:51 (-0400), li...@lazygranch.com wrote: I'm getting hit every 10 minutes from this spammer. As you can see I am rejecting the message. I wonder if the offending email server doesn't know the message is being rejected? It's not being rejected, it's being deferred. Mar

Spammer rejected, but resends every 10 minutes. Any way to prevent this

2018-03-13 Thread li...@lazygranch.com
I'm getting hit every 10 minutes from this spammer. As you can see I am rejecting the message. I wonder if the offending email server doesn't know the message is being rejected? Mar 13 23:28:58 centos-1gb-sfo1-01 postfix/smtpd[22153]: NOQUEUE: reject: RCPT from unknown[113.247.6.67]: 450 4.7.1

Re: Spammer rejected, but resends every 10 minutes. Any way to prevent this

2018-03-13 Thread Bill Cole
On 13 Mar 2018, at 23:35 (-0400), Bill Cole wrote: OR: if you don't get any legitimate mail from Hunan, Chongqing, or Hong Kong you can probably safely block 113.240.0.0/12 from talking at all to your SMTP port (or just the /13 to limit it to Hunan.) OR: Use the Spamhaus ZEN DNSBL, which has

Re: Spammer rejected, but resends every 10 minutes. Any way to prevent this

2018-03-13 Thread li...@lazygranch.com
On Tue, 13 Mar 2018 23:35:01 -0400 "Bill Cole" wrote: > On 13 Mar 2018, at 22:51 (-0400), li...@lazygranch.com wrote: > > > I'm getting hit every 10 minutes from this spammer. As you can see > > I am > > rejecting the message. I wonder if the