Re: sieve instead procmail?

2009-07-23 Thread Mikael Bak
. As I said. I may have misunderstood your purpose completely :-) HTH, Mikael Bak

Re: Postfix HELO FQDN requirement

2009-08-04 Thread Mikael Bak
Robin Smidsrød wrote: I've had at least one client leave because he absolutely needs to have every email, because every single email he receives could be really important. So dealing with spam is something he just has to do. On the other hand I have users that don't really care one way or

Re: Question about address verification in MX2 when primary MX is down...

2009-08-04 Thread Mikael Bak
Santiago Romero wrote: Really, reject_unverified_recipient feature is very nice, but rejecting all mail when primary MX doesn't answers breaks it for us :( Any idea? :? Hi, Quoting the documentation[1]: The unverified_recipient_defer_code parameter (default 450) specifies the numerical

Re: Question about address verification in MX2 when primary MX is down...

2009-08-04 Thread Mikael Bak
Brian Evans - Postfix List wrote: Mikael Bak wrote: Santiago Romero wrote: Really, reject_unverified_recipient feature is very nice, but rejecting all mail when primary MX doesn't answers breaks it for us :( Any idea? :? Hi, Quoting the documentation[1

Re: Question about address verification in MX2 when primary MX is down...

2009-08-04 Thread Mikael Bak
Brian Evans - Postfix List wrote: Mikael Bak wrote: Brian Evans - Postfix List wrote: Mikael Bak wrote: Santiago Romero wrote: Really, reject_unverified_recipient feature is very nice, but rejecting all mail when primary MX doesn't answers breaks it for us :( Any idea

Re: Question about address verification in MX2 when primary MX is down...

2009-08-05 Thread Mikael Bak
Santiago Romero wrote: Hi, Quoting the documentation[1]: The unverified_recipient_defer_code parameter (default 450) specifies the numerical Postfix SMTP server reply code when a recipient address probe fails with some temporary error. Some sites insist on changing this into 250. NOTE:

Re: Question about address verification in MX2 when primary MX is down...

2009-08-05 Thread Mikael Bak
Charles Marcus wrote: On 8/5/2009, Mikael Bak (mik...@t-online.hu) wrote: So, do you mean that changing this parameter to 250 would make postfix to accept the email? No. Actually, the answer to his question is yes. You should leave this parameter in its default value. Correct

Re: smtpd -o stress

2009-08-05 Thread Mikael Bak
Robert Lopez wrote: On one mail gateway running postfix I see about 24 lines that look like this: postfix 7579 32735 0 10:00 ?00:00:00 smtpd -n smtp -t inet -u -c -o stress On all the other gateways I normally see lines that look like this: postfix 9243 3682 0 08:52 ?

Re: confused about authentication/SASL

2009-08-06 Thread Mikael Bak
Jay G. Scott wrote: [snip] mynetworks_style = host [snip] smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination [snip] Hi, Are you running mutt on the postfix host? In that case perhaps that is why you can send email without AUTH.

Re: filtering mail from outside with dynamic address

2009-08-12 Thread Mikael Bak
Hi, Florin Andrei wrote: Running Postfix 2.5.5 on Linux. The system is multihomed, connected to several private networks, and to the Internet with a dynamic DNS hostname. Is it really recommended to run a mail server that accepts email from outside with non static IP address? I would not do

Re: Looking for opinions on FreeBSD OS for Postfix

2009-08-18 Thread Mikael Bak
Stefan Förster wrote: The documentation at http://www.postfix.org/INSTALL.html#4 mentions that earlier versions of Postfix were supported on FreeBSD 2.x to 5.x. I think it's very likely that you can run recent Postfix versions on newer FreeBSD releases, too. Ack, I have FreeBSD 7.1

Re: Country IP block list

2009-08-22 Thread Mikael Bak
Security Admin (NetSec) wrote: Could someone provide links to sites where IP addresses are grouped by country? ASNs would work too but would prefer IP lists that I could put in a file that my postfix mail gateway could read. Obvious countries like China and Brazil I would like to block

Re: Building milter in PHP

2009-08-23 Thread Mikael Bak
rank1see...@gmail.com wrote: It did, but not anymore. It is now depreciated.(php-milter) I use PHP 5.3 and already have working filter. To finalise it, I just need a list and description of milter commands. Those milter commands works for any type of coding language Up to now I've

Re: Mail Box

2009-08-24 Thread Mikael Bak
Hi, Roman Gelfand wrote: Can somebody recommend a mail box server software that would be worthy of postfix? dovecot Also, if anyone knows of a cool web client. roundcube

Re: Country IP block list

2009-08-24 Thread Mikael Bak
Daniel L'Hommedieu wrote: The spam I see pretty much all originates in China Brazil, with some originating in Korea US. It also pretty much all originates on dynamic IP addresses, so if there's a way to block email from dynamic address ranges, I would very much be interested in that.

Re: Simple filter via pipe

2009-09-01 Thread Mikael Bak
rank1see...@gmail.com wrote: Thanks. On FreeBSD that is section 2 http://www.freebsd.org/cgi/man.cgi?query=pipesektion=2apropos=0manpath=FreeBSD+7.2-RELEASE I've read it and still have no logical clue. # uname -r 7.2-RELEASE-p2 # man 8 pipe Formatting page, please wait...Done. PIPE(8)

Re: relay_domains vs virtual_mailbox_domains

2009-09-08 Thread Mikael Bak
Steve Heaven wrote: On Mon, 2009-09-07 at 11:50 -0400, Sahil Tandon wrote: You should not accept mail for invalid recipients. Use existing functionality to build a cache/database of valid recipients on the fly. See: http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient We

Re: relay_domains vs virtual_mailbox_domains

2009-09-09 Thread Mikael Bak
Steve Heaven wrote: On Wed, 2009-09-09 at 08:11 +0100, Clunk Werclick wrote: Are you saying that it is not possible to configure it to reject users that don't exist at the SMTP level? Are you *sure*? So if you telnet in to it and send mail for anyoldrubb...@domain.co.uk it accepts it? I

Re: Force smtpauth for all mails including myhostname bound mails

2009-09-09 Thread Mikael Bak
ram wrote: I have a very basic ( and old) postfix installation and I want to accept mails only after smtpauth The rule works fine except when the recipient belongs to $myhostname [snip] mydestination = mumbai.nstest.com [snip] Hi Ram, $mydestination is probably why the email gets

Re: Writing an after-queue content filter in php

2009-09-11 Thread Mikael Bak
Mathias Tausig wrote: I just tried to replace the \n with \r\l, but to no avail. The same problem remains. I can be wrong here, but shouldn't that be \r\n ? HTH, Mikael

Re: postfix 2.3.x vs postfix 2.6 stable

2009-10-13 Thread Mikael Bak
Zhang Huangbin wrote: On Oct 10, 2009, at 2:55 AM, Eero Volotinen wrote: I am currently using postfix 2.3.x on RHEL for mail proxy and mailserver. Is there any good reason to update to 2.6 ? and if is, is there any good and stable rpm repositories for RHEL 5 on web ? As i know,

Re: question about fiters

2009-10-16 Thread Mikael Bak
Cottalorda Sébastien wrote: Sorry, I've courier-imap, and I use roundcubemail as webmail. I also add to roundcube the vacation plugin that allow my users to program themselves theirs vacations. Everything is good, the link between the mysql database and the plugin, but now I want to connect

Re: Postfix Hangs if relaying this virus

2009-10-25 Thread Mikael Bak
Jacqui Caren-home wrote: Same here - stock RH (actually CentOS) install. [r...@gate ~]# postconf -d | grep xfer_timeout lmtp_data_xfer_timeout = 180s smtp_data_xfer_timeout = 180s [r...@gate ~]# Could this be a redhat thing? Nope - emerged mail-mta/postfix-2.5.5 on gentoo gives

Re: Reverse DNS Rejection Problem

2009-10-28 Thread Mikael Bak
Dennis Putnam wrote: Thanks for the reply. It appears this is not supported with my version of Postfix (2.1.5). When I try this syntax: smtpd_helo_restrictions = check_client_access pcre:/etc/postfix/heloaccept.pcre I get this error: fatal: unsupported dictionary type: pcre

Re: smtpd_recipient_restrictions evaluation question

2009-10-30 Thread Mikael Bak
Simon Morvan wrote: Consider Zen here. It also incorporates the (not-quite-so) new PBL, which has been very effective here. The last time I tried it, Zen included too many legitimate users behind ADSL lines. The Policy behind PBL is a bit too restrictive. Maybe it changed, I'll give it

Re: smtpd_recipient_restrictions evaluation question

2009-10-30 Thread Mikael Bak
Larry Stone wrote: On Fri, 30 Oct 2009, Mikael Bak wrote: Simon Morvan wrote: The last time I tried it, Zen included too many legitimate users behind ADSL lines. The Policy behind PBL is a bit too restrictive. Maybe it changed, I'll give it another try. Can you please tell me why an ADSL

Re: Don't filter the users\

2009-11-25 Thread Mikael Bak
Stan Hoeppner wrote: Why bother? This is an ISP scenario, correct? The 587 command set is standard SMTP right? Just iptables (verb) TCP 25 to TCP 587 for any IP ranges within the ISP's MUA customer range. This is assuming said customers already have to submit auth over TCP 25 to relay

Re: whitelisting problem

2009-12-06 Thread Mikael Bak
On Sat, 05 Dec 2009 21:32:02 -0600 Stan Hoeppner s...@hardwarefreak.com wrote: It's looking like I was having transient issues with my resolvers. I did some more log digging and found more dns related temp fails than I should be having given my mail volume. I've since switched from the old

Re: [OT?] blocking replies (WAS: whitelisting problem)

2009-12-08 Thread Mikael Bak
mouss wrote: I'm looking through you, where did you go: s...@hardwarefreak.com: host greer.hardwarefreak.com[65.41.216.221] said: 554 5.7.1 imlil.netoyen.net[91.121.103.130]: Client host rejected: Access denied (in reply to RCPT TO command) It is nice to not reject mail from people who

Re: [OT?] blocking replies (WAS: whitelisting problem)

2009-12-08 Thread Mikael Bak
lst_ho...@kwsoft.de wrote: Zitat von Mikael Bak mik...@t-online.hu: I could not agree more. I got this from him: s...@hardwarefreak.com: host greer.hardwarefreak.com[65.41.216.221] said: 554 5.7.1 thor.iszerviz.hu[62.77.131.9]: Client host rejected: Mail not accepted from Hungary (in reply

Re: [OT?] blocking replies (WAS: whitelisting problem)

2009-12-09 Thread Mikael Bak
Stan Hoeppner wrote: Mikael Bak put forth on 12/8/2009 3:31 AM: mouss wrote: I'm looking through you, where did you go: s...@hardwarefreak.com: host greer.hardwarefreak.com[65.41.216.221] said: 554 5.7.1 imlil.netoyen.net[91.121.103.130]: Client host rejected: Access denied (in reply

Re: [OT?] blocking replies (WAS: whitelisting problem)

2009-12-10 Thread Mikael Bak
Hi Stan, On Wed, 09 Dec 2009 21:24:53 -0600 Stan Hoeppner s...@hardwarefreak.com wrote: Mikael Bak put forth on 12/9/2009 4:18 AM: I understand why you avoid the real question. But hey - it's your server :-) Do you? I have avoided it because these threads can quickly delve

Re: SOLVED: rbl check being skipped - Postfix logs no error on NXDOMAIN, does on SERVFAIL

2010-01-22 Thread Mikael Bak
Stan Hoeppner wrote: 1. Spamhaus has banned Google Public DNS resolver queries. Stan, Do you have a good enough reason to not run your own name resolver on your front MX machine? IMO relying on third parties for DNS on an MX is bad design. Mikael

Re: Better spam filter for postfix

2010-07-16 Thread Mikael Bak
Steve wrote: [big snip] So you have made your point. You prefer (or are required) to have user in control. Yes. The big problem is that no solution out there is 100% accurate for all users. So the only way to make the user happy is to delegate the control to him. Can't speek for all

Re: postfix as forwarder and backscatterer problem

2010-07-22 Thread Mikael Bak
Vasya Pupkin wrote: Hello. First, I have spent two days reading articles and searching web for solution but failed there. I am using postfix as an mx for my domains, it accpets mail for different addresses withing my domains which is then forwarded to other external domains, i.e. google.com

Re: Can postfix work with a TLS, authenticated smtp relay server?

2010-09-08 Thread Mikael Bak
Richard Chapman wrote: Perhaps you are describing an alternative method for google apps smtp which I am unaware of. If so - can you point me to a description of this alternative option? I fail to see why you need postfix if your domain is hosted on Google Apps. Google Apps provide you with

Re: set envelope sender = sasl authenticated user ?

2010-09-08 Thread Mikael Bak
Jan-Frode Myklebust wrote: and I still fail to understand how controlling your customers envelope sender will help with backscatterer.org. It will make sure that when viruses/malware on the customers computer is sending out spam from fake addresses, the bounces goes back to the customer

Re: Virtual users pop3d suggestions

2010-09-13 Thread Mikael Bak
Nick Edwards wrote: So basically, using postifx's virtual, excluding Dovecot, what POP3 servers are people using? Hi Nick, We have been happy with Courier for POP and IMAP for years. Not a single problem. We are using it with Postfix's virtual. http://www.courier-mta.org/imap/ Most Linux

Re: SPF and greylisting conditioning

2010-09-27 Thread Mikael Bak
Stan Hoeppner wrote: Michal Bruncko put forth on 9/26/2010 4:24 AM: It is possible in some way to configure postfix, that SPF Passed mails will be automatically accepted with postfix without greylisting? If I may be blunt: this is a really dumb idea. Many, maybe all, snowshoe spammers

Re: SPF and greylisting conditioning

2010-09-28 Thread Mikael Bak
Stan Hoeppner wrote: Mikael Bak put forth on 9/27/2010 6:18 AM: Stan Hoeppner wrote: Michal Bruncko put forth on 9/26/2010 4:24 AM: It is possible in some way to configure postfix, that SPF Passed mails will be automatically accepted with postfix without greylisting? If I may be blunt

Re: Problem with relaying denied error

2010-10-25 Thread Mikael Bak
Stan Hoeppner wrote: [snip] Yes. I would suggest configuring a new smtpd listener for this. Most people use the master.cf default TCP 587 listener daemon to accept submitted mail. MUA clients will need to be configured accordingly. Apparently your current configuration relays all mail to

Re: Fwd: Problem with relaying denied error

2010-10-25 Thread Mikael Bak
Rich wrote: Hi, Instead of permit_mynetworks I'd suggest permit_sasl_authenticated on the above line. The submission service is not very often used without authentication. Mike are you saying remove permit_mynetworks? Yes, I do not see any reason to have it on the

logging transport route

2012-04-02 Thread Mikael Bak
Hi list, I have configured an alternate transport route for mail going to specific destination domains. I call this transport slowsmtp. My problem is that I see no evidence in my logs that email sent to the specific domains uses slowsmtp route for delivery. I have defined slowsmtp in

Re: logging transport route

2012-04-02 Thread Mikael Bak
Szia Levente! On 04/02/2012 02:26 PM, Birta Levente wrote: On 02/04/2012 14:31, Mikael Bak wrote: Hi list, I have configured an alternate transport route for mail going to specific destination domains. I call this transport slowsmtp. My problem is that I see no evidence in my logs

Re: Multiple IP

2012-05-04 Thread Mikael Bak
On 05/03/2012 07:45 AM, Kirill Bychkov wrote: Hi all, I need create server with 5 IP addresses (interfaces) and postfix(es). The role of this server is relay. If message delivered into my mail server on one ip address, for example, 172.16.35.35, so this message should be sent from same ip:

Re: Q: Postfix MTA as a router - callback verification

2012-06-15 Thread Mikael Bak
On 06/15/2012 06:03 AM, Adam Bradley wrote: Sorry, but this sounds to me like an accident waiting to happen. I would /strongly/ recommend getting a proper recipient list and populating transport_maps with a user-host mapping. My only concern is scalability, is there

Re: Reject unencrypted messages

2011-01-07 Thread Mikael Bak
IT geek 31 wrote: Outlook is all-or-nothing - it can force encryption for all recipients, regardless if they have a certificate or not, or none at all. Thunderbird and Enigmail can encrypt by default if a valid key is avalable. HTH, Mikael

Re: Success story: smtpd_reject_footer

2011-01-20 Thread Mikael Bak
/dev/rob0 wrote: http://nospam4.nodns4.us/ The Alternate media stuff is like accepting that spam has made email impossible to rely on for communication. Antispam made right can actually make email work again as it once did. Mikael

Re: Success story: smtpd_reject_footer

2011-01-21 Thread Mikael Bak
Reindl Harald wrote: Am 20.01.2011 12:29, schrieb Christian Roessner: Why adding a contact form? If a postmaster really does his/her job and scans the logs, finds your assistance info and enters the website, don't you think the same admin is also able to write a mail to you

Re: Success story: smtpd_reject_footer

2011-01-21 Thread Mikael Bak
/dev/rob0 wrote: On Fri, Jan 21, 2011 at 09:12:32AM +0100, Mikael Bak wrote: Reindl Harald wrote: Am 20.01.2011 12:29, schrieb Christian Roessner: Why adding a contact form? If a postmaster really does his/her job and scans the logs, finds your assistance info and enters the website, don't

Re: Filtering spam received from multiple users

2011-04-12 Thread Mikael Bak
Stan Hoeppner wrote: [snip] Received: from [190.221.28.39] (unknown [190.221.28.39]) In this example, reject_unknown_reverse_client_hostname would have generated a 450 rejection. You should always use reject_unknown_reverse_client_hostname at minimum, or the more restrictive

Re: Filtering spam received from multiple users

2011-04-13 Thread Mikael Bak
Stan Hoeppner wrote: Mikael Bak put forth on 4/12/2011 7:31 AM: Stan Hoeppner wrote: [snip] Received: from [190.221.28.39] (unknown [190.221.28.39]) In this example, reject_unknown_reverse_client_hostname would have generated a 450 rejection. You should always use

Re: Outgoing mail problem from phone

2012-07-27 Thread Mikael Bak
Hi Dominique, On 07/27/2012 11:37 AM, Dominique wrote: However when trying to connect through a phone app (Android/email app), there is no way to send a mail. It gets rejected all the time. Jul 27 10:25:03 www postfix/smtpd[10868]: connect from 230.Red-176-83-

Re: sporadic bouts of lost connections to exchange 2010 hub transport

2012-09-25 Thread Mikael Bak
Hi Stan, On 09/25/2012 08:22 AM, Stan Hoeppner wrote: Apparently Linux and Windows TCP window scaling doesn't always work reliably together. Try disabling TCP window scaling on the Linux box(en): [snip] Perhaps off topic, but do you have any links to documents or similar that proves that

Re: pop client for postfix.

2012-11-13 Thread Mikael Bak
On 11/12/2012 05:55 PM, John Hinton wrote: A really good use for POP is for more sensitive email situations, such as legal, medical or financial. Some of our users want it 'off' the server soonest. But yes, IMAP is more the standard these days. We allow either using Dovecot. POP is faster,

Re: Gmail as Relayhost

2013-02-13 Thread Mikael Bak
On 02/13/2013 01:14 PM, Dominique wrote: Hi, I am looking at using gmail as a relayhost in our current server setup ubuntu12.04/postfix/cyrus instead of using the ISP relayhost. Is you ISP relayhost service bad? I have it working, but the outgoing email address is replaced by the gmail

Re: Gmail as Relayhost

2013-02-13 Thread Mikael Bak
On 02/13/2013 03:24 PM, Noel Jones wrote: [snip] - If you only have a handful of addresses, you can sign up for a free google apps account with your own domain name. That will allow you to relay through google. You are not required to use google as your MX; you can continue to use your own

Re: Relaying email to exchange

2013-02-15 Thread Mikael Bak
Kevin, On 02/14/2013 09:41 PM, Kevin Blackwell wrote: I have 2 mx records. The primary is Exchanges edge server that has it's own internal spam filtering. The secondary is poxtfix server relaying mail to the edge server as a backup mx record. Are you saying the postfix server should be behind

Re: block ip-range for 1 domain

2013-02-19 Thread Mikael Bak
Richard, On 02/19/2013 12:34 PM, richard lucassen wrote: I have transport front-end servers for domains: domain1.tld domain2.tld domain3.tld domain4.tld [..] domainX.tld I want to blacklist 1.2.3.4/24 only for destination domain3.tld (and reply with a 5xx if possible). What's the

Re: block ip-range for 1 domain

2013-02-19 Thread Mikael Bak
On 02/19/2013 01:58 PM, richard lucassen wrote: On Tue, 19 Feb 2013 13:49:54 +0100 Benny Pedersen m...@junc.eu wrote: Any hint? google postfwd postfix can do it with classes, but its more complicated then with postfwd Ok, that seems to be very nice. AFAIUI it can be implemented on

Re: Postfix 2.8.x anti anti backscattering settings

2013-04-18 Thread Mikael Bak
Hi Josef, On 04/18/2013 11:06 AM, Josef Karliak wrote: Good morning, our outgoing smtp server gets into a backscatter blacklist. When I checked my logs, there were only one mailer daemon email to some server in the time that is mentioned on the backscatter web. In all servers in the

Re: Postfix 2.8.x anti anti backscattering settings

2013-04-18 Thread Mikael Bak
On 04/18/2013 12:20 PM, Josef Karliak wrote: Hi, thanks for reply. We thought that we have to copy existing aliases file from imap server to incoming MX. If we reject an emailduring smtp communication, we won't relay spam to victim. Am I right ? Best regards J.K. Hi, Please do not

Re: smtp restrictions

2013-05-31 Thread Mikael Bak
Stan, On 05/31/2013 08:49 AM, Stan Hoeppner wrote: On 5/30/2013 11:43 PM, James Zee wrote: I was hoping someone could take a quick glance at my smtpd_*_restrictions configurations. While I've read and (re-)read the SMTPD_ACCESS_README file a few times over I would be greatly appreciative if

Re: Outsourced anti-spam and Issues with VRFY

2013-08-05 Thread Mikael Bak
On 08/05/2013 02:15 PM, Charles Marcus wrote: Also - I hate to ask (it isn't your job to do their job), but could you suggest off the top of your head what they *should* be doing? Would properly closing all VRFY probe connections really impact performance on their side that much - especially

Re: Would somebody let me know what I need to do to improve this setup.

2013-08-07 Thread Mikael Bak
On 08/07/2013 12:03 PM, John Allen wrote: Is there any particular reason you need to accept messages 32 GB in size? Yes. We support a business that designs and manufactures packaging and displays. The sort of thing you might see in the aisle of a supermarket or store selling gum, personal

Re: Block certain remote hosts on submission port

2013-08-23 Thread Mikael Bak
On 08/22/2013 01:51 PM, Charles Marcus wrote: [snip] The simple fact is, we do not have any users based *anywhere* but the US, so, is what is the simplest way to block any/all non-US based client connections on my submission port? [snip] Hi, Sometimes it seems like a good solution to

Re: mynetworks in mysql database

2013-10-25 Thread Mikael Bak
Hi, On 10/25/2013 09:48 AM, Rune Elvemo wrote: Does anyone know how to use a mysql database for mynetworks? We did manage to use it to match a single ip address, but is there a way to match entire networks? That can be done at the sql level. See mysql functions INET_ATON and INET_NTOA for

Re: restrict or alter to address based on from address

2014-11-19 Thread Mikael Bak
Hi, On 11/19/2014 03:27 AM, Joe Acquisto-j4 wrote: [snip] I was daydreaming about ways to get messages from the old system to the new one, as might be required. For a bit it seemed feasible to cobble up something to allow messages to be sent via SMTP from the old system to the new, in a