Re: Question about service daemon man pages

On 2021-05-22 8:05 a.m., Wietse Venema wrote: J Doe: A section that is shared in all of the service daemon man pages is "CONFIGURATION PARAMETERS". In bounce(8) there are parameters under this section that relate to delivery status notifications. For instance: delay_notice_recipi

Re: STARTTLS abuse

On 2021-09-07 7:11 p.m., Bill Cole wrote: On 2021-09-07 at 14:42:33 UTC-0400 (Tue, 7 Sep 2021 19:42:33 +0100) Adam Weremczuk is rumored to have said: Hi all, It's postfix 3.1.6-0+deb9u1 on Debian 9. Since enabling STARTTLS on port 25 I'm getting lots of traffic looking like this (relay atte

Re: Problems emailing bell.net or sympatico.ca addresses

On 2021-09-17 5:48 p.m., Ian Evans wrote: Just curious if anyone on the list has ever had issues with their postfix server communicating with bell.net or their related sympatico.ca email addresses? I've been trying to send to a few but keep getting "421

Re: AW: Spam pass the filter

On 2021-09-18 6:10 p.m., Christian Schmitz wrote: On Saturday 18 September 2021 10:13:41 ludic...@gmail.com wrote: Hi, pcre header checks we use. Not all the time, depends on spam volume from these valuable enterprises. #/sjmedia.us/ REJECT A mass mail service abused by criminals #/bmsend.c

Re: Unexpected record type 'X'

On 2022-08-30 10:35, Viktor Dukhovni wrote: On Tue, Aug 30, 2022 at 02:25:20PM +, Frank Brendel wrote: So I can try to reproduce it by simply putting that file into the incoming queue? Within the same filesystem, yes. Our test system has FreeBSD 13.1 and Postfix 3.7.2 installed. I'd tr

Re: Unexpected record type 'X'

On 2022-09-06 23:18, Viktor Dukhovni wrote: On Tue, Sep 06, 2022 at 09:43:38PM -0400, J Doe wrote: Out of curiosity ... why do queue files require the execute bit ? That's how they're marked "complete". A partially written queue file is just read-write. When a queu

Re: Postfix -> Whatapp

On 2020-05-26 1:52 p.m., Phil Stracchino wrote: On 2020-05-26 13:42, Jos Chrispijn wrote: Is there a way of Postfix sending a Whatsapp message to a user when there came in email for her/him? Thanks, Jos No. That is utterly and totally not Postfix's, or any MTA's, job. Period. If you wanted

Postfix delay notifications

Hello, I have been experimenting with DSN's regarding delayed e-mails. My current config is: /etc/postfix/main.cf delay_notice_recipient = postmaster notify_classes = delay delay_warning_time = 15m confirm_delay_cleared = yes . . . ... and this

Re: Postfix delay notifications

On 2021-05-14 5:17 p.m., Wietse Venema wrote: > J Doe: >> Hello, >> >> I have been experimenting with DSN's regarding delayed e-mails. >> >> My current config is: >> >> /etc/postfix/main.cf >> delay_notice_recip

Submission and milter_macro_daemon_name parameter

Hello, I have a question regarding configuring submission with Postfix. I am dusting off a configuration for a server that has been functioning well for the past three years. When I set up submission, I used the example from Digital Ocean here: https://www.digitalocean.com/community/tutorial

Re: Submission and milter_macro_daemon_name parameter

On 2021-05-14 11:38 p.m., Bill Cole wrote: On 2021-05-14 at 22:30:18 UTC-0400 (Fri, 14 May 2021 22:30:18 -0400) J Doe is rumored to have said: My questions are:     1.  Why was the magic value of "ORIGINATING" used in the Digital Ocean example ? It's not 'magic'

Re: Submission and milter_macro_daemon_name parameter

On 2021-05-15 12:08 a.m., Benny Pedersen wrote: On 2021-05-15 04:30, J Doe wrote:     1.  Why was the magic value of "ORIGINATING" used in the Digital Ocean example ?     2.  Can I allow the default value of: milter_macro_daemon_name to be used _WITHOUT_ affecting OpenDKIM and Cla

Question about service daemon man pages

Hello, I have a question about the man pages for the service daemons that are executed via master(8). A section that is shared in all of the service daemon man pages is "CONFIGURATION PARAMETERS". In bounce(8) there are parameters under this section that relate to delivery status notificati

Re: Question about service daemon man pages

On 2021-05-21 7:34 p.m., Wietse Venema wrote: J Doe: Hello, I have a question about the man pages for the service daemons that are executed via master(8). A section that is shared in all of the service daemon man pages is "CONFIGURATION PARAMETERS". In bounce(8) there are parame

Virtual domain hosting “catch all” e-mail address

Hi, I am currently configuring virtual domain hosting on Postfix 3.1.0 and have a question about the “Postfix Virtual Domain Hosting Howto” document [1]. Under “Postfix virtual ALIAS example: separate domains, UNIX system accounts” there is an example of the virtual file. On line 10 it states:

Re: Virtual domain hosting “catch all” e-mail address

> On Sep 21, 2017, at 2:00 PM, J Doe wrote: > > Hi, > > I am currently configuring virtual domain hosting on Postfix 3.1.0 and have a > question about the “Postfix Virtual Domain Hosting Howto” document [1]. > > Under “Postfix virtual ALIAS example: separate domai

Backscatter questions

Hello, I recently configured Postfix 3.1.0 on a low-volume, Internet facing server. Mail operations are normal, but I had two questions regarding backscatter. 1. From what I understand, “backscatter” refers to e-mails such as non-delivery reports being sent back to the originator of a spam mes

Re: Backscatter questions

> On Sep 27, 2017, at 2:08 PM, Benny Pedersen wrote: > > J Doe skrev den 2017-09-27 19:49: > >> I recently configured Postfix 3.1.0 on a low-volume, Internet facing >> server. Mail operations are normal, but I had two questions regarding >> backscatter.

Re: Backscatter questions

> On Sep 27, 2017, at 4:30 PM, Benny Pedersen wrote: > > J Doe skrev den 2017-09-27 22:20: > > [snip] >> Is there a way to achieve this or as you noted, are whitelists to be >> avoided ? If whitelists are to be avoided what is the best practice >> for handling

Questions about mynetworks_style parameter in main.cf

Hello, I have two questions regarding the “mynetworks_style” parameter in main.cf. In man I see that the “subnet” option for “mynetworks_style” is listed as being supported in Postfix < 3.0. Does this mean that post-Postfix 3.0 this option is deprecated ? I also note that the “subnet” option

Re: Questions about mynetworks_style parameter in main.cf

> On Oct 2, 2017, at 4:17 PM, Fazzina, Angelo wrote: > > Hi, > For this part : > > “On Linux, this works correctly only with interfaces specified with the > ifconfig command” > > I think they are saying you can find valid interface names using the ifconfig > command. > The new way in RHEL 7

Re: Questions about mynetworks_style parameter in main.cf

> On Oct 2, 2017, at 7:27 PM, Peter wrote: > >> On 03/10/17 09:09, J Doe wrote: >> In man I see that the “subnet” option for “mynetworks_style” is >> listed as being supported in Postfix < 3.0. Does this mean that >> post-Postfix 3.0 this option is deprecated

Re: Questions about mynetworks_style parameter in main.cf

> On Oct 2, 2017, at 11:31 PM, Viktor Dukhovni > wrote: > > >>> On Oct 2, 2017, at 7:27 PM, Peter wrote: >>> >>> With ifconfig being deprecated on Linux, does that mean that network >>> settings specified with newer commands that replace ifconfig will not >>> work ? >> >> I'm not entirely s

Syntax question for smtp mandatory TLS encryption

Hi, I have a syntax question regarding configuring mandatory TLS encryption for the smtp process as listed on: www.postfix.org/TLS_README.html#client_tls In the second example on the page, square brackets are used when specifying the policy for specific destinations in the tls_policy file: /et

Question regarding Postfix virtual domains and SPF

Hi, I have two questions regarding using SPF when I am using Postfix with virtual domain hosting. I currently have an SPF record in my DNS: example.comTXT“v=spf1 ip4:1.2.3.4/32 ip6:1:2:3::4/128 ?all” I virtually host a domain (in this example case, example.com), that is set to forward

Re: Question regarding Postfix virtual domains and SPF

Hi Viktor, > On Oct 16, 2017, at 10:40 PM, Viktor Dukhovni > wrote: > >> 1. When using Postfix and virtual domain hosting in this fashion, is >> there any way to pass SPF when mail from a sending account is forwarded >> to another host (ie: Gmail) ? > > This requires SRS, and fairly effective

Re: Question regarding Postfix virtual domains and SPF

Hi /dev/rob0, > On Oct 17, 2017, at 10:26 AM, /dev/rob0 wrote: >> As an example case, if I send an e-mail from a Hotmail account to >> an address on my server it then forwards that mail to the user’s >> GMail e-mail address. > > Another example to consider is when spam gets through your lines

Re: Syntax question for smtp mandatory TLS encryption

Hi Wietse, > On Oct 11, 2017, at 7:11 PM, Wietse Venema wrote: > > J Doe: >> Hi, >> >> I have a syntax question regarding configuring mandatory TLS encryption for >> the smtp process as listed on: www.postfix.org/TLS_README.html#client_tls >> >&

Question regarding smtpd and log of “Untrusted TLS connection”

Hello, I currently have a Postfix 3.1.0 server with smtpd configured to use opportunistic TLS encryption: /etc/postfix/main.cf smtpd_tls_security_level = may In the documentation I have noted that even if STARTTLS is enabled, mail delivery will not be stopped even if the certificat

Re: Question regarding smtpd and log of “Untrusted TLS connection”

Hi Viktor, > On Oct 20, 2017, at 6:14 PM, Viktor Dukhovni > wrote: > >> In the documentation I have noted that even if STARTTLS is enabled, mail >> delivery will not be stopped even if the certificate at the other server >> is invalid or is a self-signed certificate. As such, TLS encryption is

Question about default_destination_concurrency_limit

Hi, I had a question regarding the main.cf parameter “default_destination_concurrency_limit”. The man page (man 5 postconf), states it is: “The default maximal number of parallel deliveries to the same destination.” and that this applies to the smtp(8) delivery agent. This got me wondering .

Re: Question about default_destination_concurrency_limit

Hi Viktor, > On Oct 30, 2017, at 12:11 AM, Viktor Dukhovni > wrote: > >> I had a question regarding the main.cf parameter >> “default_destination_concurrency_limit”. The man page (man 5 postconf), >> states it is: “The default maximal number of parallel deliveries to the same >> destination

Eliminating backscatter

Hi, One of my mail servers (Postfix 3.1.0), is configured to perform virtual domain hosting. It forwards mail to the virtual domain to mailboxes of users on Gmail. I can see in my mail log that spam with forged origin addresses sometimes comes into my server that is addressed to virtual domain

Re: Eliminating backscatter

Hi Noel, > On Oct 30, 2017, at 4:07 PM, Noel Jones wrote: > >> On 10/30/2017 2:52 PM, J Doe wrote: >> Hi, >> >> One of my mail servers (Postfix 3.1.0), is configured to perform virtual >> domain hosting. It forwards mail to the virtual domain to mailboxes

Re: Eliminating backscatter

Hi Noel, >> On Oct 30, 2017, at 6:42 PM, Noel Jones wrote: >> >> On 10/30/2017 5:07 PM, J Doe wrote: >> >> How do I stop backscatter generated from my server in response to the >> bounces from Gmail ? > > This is a very difficult problem to solve. Y

Question about relay_domains parameter

Hello, I currently have my server configured to perform virtual domain hosting. It forwards mail addressed to addresses for my virtual domain (ex: example.com), to Gmail accounts. Mail —> u...@example.com —> u...@gmail.com I was reading more about the relay_domains parameter in “man 5 pos

Removal or obfuscation of mail_name

Hello, I was reading about the mail_name parameter in main.cf. I was wondering (and I know the gains would be minor given that this falls into security through obscurity), is there anything to gain by either removing this or specifying something false ? Is there any third-party servers or tool

Re: Removal or obfuscation of mail_name

Hi Victor, >> I was wondering (and I know the gains would be minor given that this >> falls into security through obscurity), is there anything to gain by >> either removing this or specifying something false ? > > There is nothing to be gained by pretending your server is not running > Postfix.

Question about message_drop_headers and DKIM

Hi, I have a question regarding the message_drop_headers main.cf configuration parameter. The man page states that it: “[specifies] names of message headers that the cleanup(8) daemon will remove after applying header_checks(5) and *BEFORE* invoking Milter applications...” Checki

Question about postscreen_cache.db

Hello, I have an admittedly basic question, but I have been trying to troubleshoot this for a while with no success. I have enabled postscreen(8) on Postfix 3.1 and receive a warning in mail.log: “close database /var/spool/postfix/var/lib/postscreen_cache.db: No such file or directory (possib

Re: Question about postscreen_cache.db

Hi, > On Nov 11, 2017, at 3:06 AM, J Doe wrote: > > Hello, > > I have an admittedly basic question, but I have been trying to troubleshoot > this for a while with no success. > > I have enabled postscreen(8) on Postfix 3.1 and receive a warning in > mail.log:

Re: Question about postscreen_cache.db

Hi Wietse, > On Nov 11, 2017, at 8:37 AM, Wietse Venema wrote: > > J Doe: >> Is this really the only way to fix this, though ? This feels a bit like a >> workaround as opposed to the ?correct? solution (assuming that there is a >> ?more correct? solution). > &

Re: Question about postscreen_cache.db

Hi, > On Nov 11, 2017, at 7:24 PM, Wietse Venema wrote: > > Or you can use 'lmdb:' instead 'btree:'. LMDB support was added in Postfix > 2.11. > It's a totally different implementation. That’s a great idea - that will side-step any Berkeley DB specific bugs. Thanks, - J

Question regarding smtp_per_record_deadlne parameter

Hello, I currently have a server that is configured as a mail forwarding domain [1]. Using example.com as an example: /etc/postfix/main.cf virtual_alias_domains = example.com virtual_alias_maps = hash:/etc/postfix/virtual /etc/postfix/virtual u...@example.com us

Re: Question regarding smtp_per_record_deadlne parameter

something like this. If anyone’s interested, I can always report back to the list about it. - J > On Dec 4, 2017, at 7:39 PM, Wietse Venema wrote: > > Noel Jones: >>> On 12/4/2017 3:35 PM, J Doe wrote: >>> Hello, >>> >>> I currently have a server that is c

Re: Question regarding smtp_per_record_deadlne parameter

> On Dec 5, 2017, at 1:46 PM, Noel Jones wrote: > > If you're only connecting to google over a decent internet link, I > doubt you'll see any effect whatsoever. Kinda like me using polar > bear bait in Tennessee. > > -- Noel Jones Hi Noel, That actually reminded me of something that crossed

Re: Question regarding smtp_per_record_deadlne parameter

Hi Wietse, > On Dec 6, 2017, at 8:00 AM, Wietse Venema wrote: > > Viktor Dukhovni: > > With TLS turned on, the deadline is enforced per TLS message, which > can be up to 16kbytes. 16kbytes in 10s would be difficult with a > dialup or low-tech cellular network. > >Wietse > >Wietse I a

Question about CA’s for the smtp client

Hi, I have a question regarding specifying where the list of trusted CA’s are in regards to the smtp client. In man 5 postconf, I can see there are two configuration parameters regarding this: smtp_tls_CAfile smtp_tls_CApath The documentation (as I understand it), notes that: 1. smtp

Re: Question about CA’s for the smtp client

Hi Victor, > On Dec 11, 2017, at 6:13 PM, Viktor Dukhovni > wrote: > >> On Dec 11, 2017, at 5:40 PM, J Doe wrote: >> >> I have a question regarding specifying where the list of trusted CA’s are in >> regards to the smtp client. > > The recommended

Question regarding use of amavisd-new

Hi, I was wondering if fellow Postfix users would still recommend using amavisd-new when integrating AV (ClamAV), and spam filtering (SpamAssasin) ? The site I have this in mind for receives a moderate amount of e-mail per day. This appears to be the most mentioned configuration via web searche

Re: Question regarding use of amavisd-new

On Dec 12, 2017, at 11:12 AM, Matus UHLAR - fantomas wrote: >>> On 2017-12-12 10:55, J Doe wrote: >>> I was wondering if fellow Postfix users would still recommend using >>> amavisd-new when integrating AV (ClamAV), and spam filtering (SpamAssasin) ? > >&

Distinction between next-hop and nexthop ?

Hi, I was reading the documentation for the smtp_tls_verify_cert_match parameter in man 5 postconf and noted under the “nexthop” strategy that both next-hop and nexthop are specified. Example: “Match against the next-hop domain...” “When MX lookups are not suppressed, this is the orig

Re: Distinction between next-hop and nexthop ?

> On Dec 15, 2017, at 5:38 PM, Viktor Dukhovni > wrote: > >> On Dec 15, 2017, at 5:37 PM, J Doe wrote: >> >> Example: >> >> “Match against the next-hop domain...” >> >> “When MX lookups are not suppressed, this is the original nexth

Question regarding smtpd_recipient_restrictions

Hi, I have a basic question regarding the smtpd_recipient_restrictions parameter. From what I understand, these are restrictions applied to the SMTP RCP TO command. In the case of a server that receives mail for a domain and also allows clients to send mail through it (via AUTH’d clients), do

TLS session tickets versus TLS session cache

Hi, I have noticed in the Postfix documentation (man 5 postconf), that the smtpd_tls_session_cache_database parameter notes: “As of Postfix 2.11 the preferred mechanism for session resumption is RFC 5077 TLS session tickets...for Postfix >= 2.11 this parameter should generally be left empty”

Re: TLS session tickets versus TLS session cache

>> On Dec 29, 2017, at 1:54 PM, J Doe wrote: >> >> I have noticed in the Postfix documentation (man 5 postconf), that the >> smtpd_tls_session_cache_database parameter notes: >> >> “As of Postfix 2.11 the preferred mechanism for session resumption is RF

Minor grammar mistake in man 5 postconf

Hi, I noticed a very small grammatical error under: man 5 postconf Under the configuration parameter: tls_dane_digest_agility under the “maybe” option, the second last sentence states: “When this constraint is violated, or any of the digest records are malformed, digest algorithm agili

Re: Minor grammar mistake in man 5 postconf

> On Jan 8, 2018, at 8:55 PM, Wietse Venema wrote: > > J Doe: >> This should be changed to: >> >>?When this constraint is violated, or any of the digest records are >> malformed, >>digest algorithm agility will *BE* disabled? > > Fixed i

Questions regarding ecliptic curve support

Hi, I had two short questions regarding Postfix’s elliptic curve support for the SMTP server. 1. Under the man documentation for: tls_eecdh_strong_curve the documentation states “...approximately 128-bit security...”. Is that saying that it is equivalent to 128-bits RSA or it provides an ell

Questions about mailing list managers in VIRTUAL_README

Hi, I have a question about the “Mailing List” section in the VIRTUAL_README [1]. The third paragraph states: “This example assumes that in main.cf, $myorigin is listed under the mydestination parameter setting...” Because the mailing list is being set up with virtual hosting, doesn’t t

Questions about auto replying in VIRTUAL_README

Hi, I have two questions about the “Autoreplies” section in the VIRTUAL_README [1]. If I was setting up auto replies for the virtually hosted domain of “example.com”, would the correct configuration be: /etc/postfix/main.cf virtual_alias_maps = hash:/etc/postfix/virtual tran

Cyrus vs Dovecot for SASL AUTH and IMAP

Hi, I am looking to use either Cyrus or Dovecot for both SASL authentication and IMAP. While Postfix 3.1.0 supports both, I was wondering which to prefer if security is my most important deciding factor ? Does one have a better track record than the other ? Thanks, - J

Question regarding SASL auth only over TLS in SMTP server

Hi, I have a question about enabling SASL authentication in the Postfix SMTP server *ONLY* over TLS. In the documentation [1] under the “Encrypted SMTP session (TLS)” heading, it lists recommended configurations for SASL auth that restrict the SASL mechanisms to noanonymous and noplaintext:

Request for feedback on SMTPD restrictions

Hi, I have a basic SMTP server set up with what I believe to be good smtpd_*_ restrictions, but I was wondering if anyone could provide any insight on how to improve them or if I have been redundant in the restrictions. Even with reading the man pages, I find some of the restrictions tricky.

Re: Request for feedback on SMTPD restrictions

Hi Noel, > On Jan 21, 2018, at 3:35 PM, Noel Jones >> smtpd_client_restrictions = permit_mynetworks, >>reject_unauth_pipelining, >>check_client_access hash:/etc/postfix/client_acl, >>reject_unknown_client_hostname, >>permit > > reject_unknown_client_hostname is likely to rej

Re: Request for feedback on SMTPD restrictions

Hi, > On Jan 22, 2018, at 8:43 AM, Matus UHLAR - fantomas wrote: > >> smtpd_helo_required = yes >> smtpd_helo_restrictions = permit_mynetworks, >>reject_unauth_pipelining, >> reject_invalid_helo_hostname, >>reject_non_fqdn_helo_hostname, >>check_helo_access hash:/etc/postfix/he

submission configuration in master.cf

Hi, I was wondering about a configuration parameter listed with the default submission configuration in master.cf. One of the parameters that overrides the settings in main.cf “milter_macro_daemon_name” is set to “ORIGINATING” instead of the default value in main.cf. Why is this done ? Thank

Re: submission configuration in master.cf

Hi Noel, > On Jan 23, 2018, at 4:39 PM, Noel Jones wrote: > >> I was wondering about a configuration parameter listed with the default >> submission configuration in master.cf. >> >> One of the parameters that overrides the settings in main.cf >> “milter_macro_daemon_name” is set to “ORIGINAT

Question regarding smtpd DNS resolution

Hello, I had a question about Postfix’s smtpd DNS resolution. In my logs (generally from spam sources), I see the following: Feb 4 15:05:46 server postfix/smptd[718]: warning: hostname 1-2-3-4.dyn.isp.net does not resolve to address 1.2.3.4: Name or service not known Does this mean that: 1. s

Diffing man 5 postconf changes between releases

Hi, I currently use Postfix version 3.1.0. I know that there are announcements of feature changes between each release of Postfix via e-mail and I read these, but I was wondering if there was an easy way to see the changes to the main.cf configuration parameters between versions ? For example

IP ACL’s for smtpd port 25 and not submission

Hi, I currently use postscreen on my Postfix version 3.1.0 mail server. I implement IP ACL’s via it to ban malicious connections (generally from xDSL IP blocks), against smtpd running on port 25. I have recently configured and turned on submission with SASL. With submission available, I don’

General websites on e-mail administration that also cover Postfix ?

Hi, I was looking for some websites that covered e-mail administration in general and that also mentioned Postfix. I checked the Postfix homepage [1] and on the link “Howtos and FAQs” there are two links at the bottom under the heading “General E-mail/System Administration”. Unfortunately the

Question regarding VRFY

Hi, I read in both the Postfix man file (man 5 postconf), and the SMTP RFC (5321), that VRFY can be disabled on a site-by-site basis. I disabled this on my server for port 25 but am wondering if I should leave this enabled on my Postfix instance that provides submission (587) ? I have confirm

ETRN use and Postfix configuration

Hello, I read the “Postfix ETRN Howto” [1] as well as man 5 postconf with regards to: postscreen_discard_ehlo_keywords smtpd_discard_ehlo_keywords ... and disabled the announcement of ETRN via: postscreen_discard_ehlo_keywords = ETRN smtpd_discard_ehlo_keywords = ETRN I then re

Re: ETRN use and Postfix configuration

Hi Noel, > On Feb 27, 2018, at 10:18 PM, Noel Jones wrote: >> ** Is Postfix logging that ETRN is disabled on the first, unencrypted SMTP >> session and then logging this again for the encrypted session (ie: Postfix >> is just logging I disabled this and Google is not attempting to issue ETRN >

Re: Question regarding VRFY

Hi John, > On Feb 27, 2018, at 3:25 PM, John Fawcett wrote: > I can't think of a compelling reason either to enable VRFY or to disable > it. Disabling it stops people abusing it, but then they can just use > RCPT TO to get the same information in most cases. I disabled it since I > can't see any

ESMTP CHUNKING

Hi, I have been reading about the ESMTP CHUNKING extension (RFC 3030), after noticing that both Hotmail and Gmail advertise it on EHLO. I checked the Postfix man pages (man 5 postconf), as well as the Postfix documentation at postfix.org [1] and can’t see any documentation related to it. Som

Re: postscreen_dnsbl_whitelist_threshold and SORBS and Google

Hi, > On Mar 1, 2018, at 4:17 PM, MRob wrote: > Good suggestions thank you everyone. Over the last 24hours I saw clients > SORBS listed: > > ** a few that were listed by other RBLs > ** many that were senders I can't block or delay: facebook, google, etc > ** one or two that looked like they co

Re: postwhite? (why not?)

Hi Wietse, > On Mar 2, 2018, at 10:15 AM, Wietse Venema wrote: > > Perhaps it is time to repeat what postscreen is and is not. > > Don't use postscreen to block spam. Use postscreen to block spambots. > Those who misunderstand the difference will be disappointed. > > In particular, hotmail is

Re: postwhite? (why not?)

Hi Wietse, > On Mar 2, 2018, at 1:49 PM, Wietse Venema wrote: > > Postscreen blocks sites based on: > > - Their reputation that hey don't send legitimate mail. > zen.spamhaus.org and bl.spamcop.net are examples of that. > > - Their behavior. The postscreen pregreet test is an example of that.

Re: ETRN use and Postfix configuration

Hi LuKreme, > On Mar 4, 2018, at 8:44 AM, LuKreme wrote: > > Isn't ETRN a good thing? What's the benefit from disabling it? > -- > My main job is trying to come up with new and innovative and effective ways > to reject even more mail. I'm up to about 97% now. > It’s a good thing in that it i

Removing trace records on submission MSA

Hi, I have a question in regards to removing some trace records when providing submission on Postfix 3.1.x and later. While reading RFC 6409 (“Message Submission for Mail”), I note that the RFC observes that: "Even when submitted messages are complete, local site policy may dictate that t

Re: How to write a milter with access to carddav

Hi Andre, > On Mar 9, 2018, at 6:53 AM, André Rodier wrote: > > Hello, > > I would like to know if there is any milter for postfix that would let > me query a CardDav server? > > The idea is to add a custom header, for instance 'X-Address-Book: > Personal' if the from email address is referenc

Question regarding 8BITMIME / BINARYMIME

Hi, I have a question regarding 8BITMIME. I know Postfix supports 8BITMIME and does not support BINARYMIME, but I am wondering why both 8BITMIME and BINARYMIME are ESMTP extensions. It would appear that 8BITMIME solves the same problem as BINARYMIME (allow 8-bit encoding of MIME), so why wasn

Forcing TLS 1.2 on submission

Hi, I am attempting to restrict the TLS protocol version used by my SMTP AUTH’d clients on the submission service. In master.cf I have added the following to the submission service: -o smtpd_tls_ciphers=high -o smtpd_tls_exclude_ciphers=EXPORT,MEDIUM -o smtpd_tls_protocols=!SSLv2,!S

Re: Forcing TLS 1.2 on submission

Hi Viktor > On Mar 29, 2018, at 3:15 PM, Viktor Dukhovni > wrote: > > > >> On Mar 29, 2018, at 2:56 PM, J Doe wrote: >> >> I am attempting to restrict the TLS protocol version used by my SMTP AUTH’d >> clients on the submission service. >>

Re: domain email autoconfiguration

Hi David, > On Mar 31, 2018, at 8:52 PM, Wietse Venema wrote: > > David Mehler: >> Hello, >> >> If anyone has autoconfiguration going with their email domain please >> email me privately. I'd like to ask you some questions about your >> setup. What do you use? > > Perhaps you can explain what

Re: Removing trace records on submission MSA

Hi Phillip, >> I have a question in regards to removing some trace records when providing >> submission on Postfix 3.1.x and later. >> >> While reading RFC 6409 (“Message Submission for Mail”), I note that the RFC >> observes that: >> >> "Even when submitted messages are complete, local site

Re: Removing trace records on submission MSA

Hi Philip, >> Thank you for your reply. >> >> I currently use DKIM and as per the RFC for DKIM, I don’t include trace >> headers in the message hash that makes up the DKIM signature. I am under >> the impression that my DKIM signatures should be correct in this case if I >> use your solution

Re: Removing trace records on submission MSA

Hi Karol, > I am using this: > > /^(Received:) from.*]\).*(.{2}by mail\.nimitz\.pl.*Postfix.*) (with > [E]{0,1}SMTP[S]{0,1}[A]{0,1}) (.*)/ REPLACE $1 from mail.nimitz.pl > (localhost [127.0.0.1])$2 with SMTP $4 > > Just change 'mail.nimitz.pl' with FQDN of your server. This expression > works fo

Re: Removing trace records on submission MSA

Hi Viktor, > On Apr 7, 2018, at 12:36 AM, Viktor Dukhovni > wrote: > > That's PCRE syntax. > >> Does anyone know what I’m doing wrong and/or is there a way to make Postfix >> provide more debug output for a regexp: operation ? > > You're using a "regexp" table, those don't support PCRE. Tha

Re: Removing trace records on submission MSA

Hi Viktor, > On Apr 7, 2018, at 1:26 AM, Viktor Dukhovni > wrote: >> On Apr 7, 2018, at 1:23 AM, J Doe wrote: >> >> I did some Googling for doing PCRE to POSIX regular expressions and updated >> the string: >> >> >> /^(Received:\sfrom)[^;]+

Re: Removing trace records on submission MSA

Hi Viktor, > On Apr 7, 2018, at 1:50 AM, Viktor Dukhovni > wrote: > >> On Apr 7, 2018, at 1:34 AM, J Doe wrote: >> >> mmm. I just sent a test message via submission to a Gmail account and >> checked the headers and the replacement works. >> >>

Re: Removing trace records on submission MSA

Hi Viktor, > On Apr 7, 2018, at 2:04 AM, Viktor Dukhovni > wrote: > > FreeBSD 11 (POSIX): > > $ echo "1 b" | egrep '\d\s\w' > $ > > MacOS High Sierra (POSIX with GNU or similar extensions): > > $ echo "1 b" | egrep '\d\s\w' > 1 b > $ > > Your Ubuntu system most likely will match the Ma

Re: Removing trace records on submission MSA

Hi Viktor and Dominic, If I do the following on Ubuntu 16.04 LTS: $ echo "1 2" | egrep '[[:digit:]]\s[[:digit:]]’ 1 2 … where “1 2” are highlighted in bash Am I correct that since this POSIX regex for the digits AND the \s is still being interpreted, my system must support the GNU rege

Re: Removing trace records on submission MSA

Hi Viktor and Dominic, > On Apr 7, 2018, at 2:46 AM, Dominic Raferd wrote: > > On 7 April 2018 at 07:39, J Doe <mailto:gene...@nativemethods.com>> wrote: > Hi Viktor and Dominic, > > If I do the following on Ubuntu 16.04 LTS: > > $ echo "1 2" |

Re: Removing trace records on submission MSA

Hi Viktor, > On Apr 7, 2018, at 1:32 PM, Viktor Dukhovni > wrote: > > It is now portable POSIX. For the record, in email the allowed whitespace is > more narrow than > is recognized by [[:space:]], you're not likely to run into any false > positives. The email > header whitespace consists o

Postfix, milters and quarantine actions

Hello, I had some questions regarding milters in general, with the questions initially focused on the OpenDKIM milter (version 2.10.3), on Postfix 3.1.0 In man 5 opendkim.conf, under the CaptureUnknownErrors parameter, it specifies: When set, and on systems where MTA quarantine is available

Re: Postfix, milters and quarantine actions

Hi Viktor, >> On Apr 20, 2018, at 5:40 PM, J Doe wrote: >> I had some questions regarding milters in general, with the questions >> initially focused on the OpenDKIM milter (version 2.10.3), on Postfix 3.1.0 > > Look for the word "quarantine" in http://

Question regarding OpenDKIM milter with Postfix 3.1.0

Hi, I apologize for asking a question that is only tangentially related to Postfix, however the OpenDKIM mailing lists do not appear to be accessible. I am using Postfix 3.1.0 and OpenDKIM 2.10.3. Upon reboot of my server, I noticed “normal” stats regarding caching (which I have enabled in op

  1   2   >