Hi,
What are the $mua_helo_restrictions and $mua_sender_restrictions in the
master.cf and how are they supposed to be used ?
How do they affect the restrictions for the submission if left commented ?
Thanks
> "Doug" == Doug Sampson writes:
Doug> I've opened an account with Spamhaus to use their Data Query Service.
Doug> I've reconfigured the main.cf to incorporate the necessary adjustments.
Doug> One thing I've noticed that when the maps (postscreen_dnsbl_reply_map &
Doug> rbl_reply_maps) as
> "DS" == Doug Sampson writes:
>> Doug Sampson: > I've opened an account with Spamhaus to use their Data
>> Query > Service. I've reconfigured the main.cf to incorporate the necessary
>> > adjustments.
>> >
>> > One thing I've noticed that when the maps (postscreen_dnsbl_reply_map > &
>>
> "r" == raf writes:
r> On Tue, Dec 21, 2021 at 10:06:29AM -0500, post...@ptld.com wrote:
>> Spamhaus is just one company you can use, there are several others, I am
>> not making any claims or recommendations to them over any other. They do
>> allow free usage for low volume servers which
> "Matus" == Matus UHLAR <- fantomas > writes:
Matus> funny, some time ago I found spamrats very unrealiable, junkemailfilter
Matus> realiability is imho on level of sorbs/uceprotect (scoring only)
I am using selective blocklists like for postscreen scoring if they pass then
use of spamhaus
> "Matus" == Matus UHLAR <- fantomas > writes:
Matus> is it not. To be precise:
Matus> SRS is to be used when you accept mail for one address and re-send to
Matus> another address (in different domain/on different server).
Matus> this is not the case for backup MX.
Thanks for the
Hi,
Should Sender Rewriting Scheme be enabled for a server acting as backup MX.
Just to be specific I want one of my servers to solely act as a backup MX for
the domain.
My understanding is SRS is needed if the mail server acts as forwarder. But
in the case of a backup MX it is not a
>>>>> "Viktor" == Viktor Dukhovni writes:
>> On 18 Nov 2021, at 12:28 pm, Togan Muftuoglu wrote:
>>
>> Thanks for the clarification. One more thing having the backup MX listed in
>> the SPF records of the domain and opendkim signing th
> "ptld" == postfix writes:
>> How can I reject connections from generic Forward Confirmed Reverse DNS
>> (FCrDNS) like “123-45-67-8.your.isp.com”.
ptld> I do not know if there is an easier way but you could make a script using
ptld> check_policy_service or a milter to check if client
> "Matus" == Matus UHLAR <- fantomas > writes:
Matus> you can check hostnames by using pcre map in
Matus> check_reverse_client_hostname_access. e.g. refuse regex
Matus> /(\d+)[.-](\d+)[.-](\d+)[.-](\d+)./ REJECT "generic DNS refused"
Matus> (trailing . should avoid matching IP Addresses)
> "Ludi" == Ludi Cree writes:
Ludi> Root Servers / IPs at datacenters often also get a default RDNS in that
Ludi> style. Greets, Ludi
Yes but if you own the domain you can ask the datacenters/cloud centers for
the RDNS and your helo will match your RDNS.
I am using AWS and it was done in a
> "Matus" == Matus UHLAR <- fantomas > writes:
Matus> you can check hostnames by using pcre map in
Matus> check_reverse_client_hostname_access. e.g. refuse regex
Matus> /(\d+)[.-](\d+)[.-](\d+)[.-](\d+)./ REJECT "generic DNS refused"
Matus> (trailing . should avoid matching IP Addresses)
>>>>> "toganm" == Togan Muftuoglu writes:
>>>>> "Matus" == Matus UHLAR <- fantomas > writes:
Matus> you can check hostnames by using pcre map in
Matus> check_reverse_client_hostname_access. e.g. refuse regex
^^^
Hi,
The access man(5) has definitions for OTHER_ACTIONS. The definition for info
says:
INFO optional text...
"Log an informational record with the optional text,together with client
information and if available,with helo, sender, recipient and protocol
information."
for WARN:
WARN optional
>>>>> "DMO" == Demi Marie Obenour writes:
DMO> On 11/11/21 10:28 AM, Bill Cole wrote:
>> On 2021-11-11 at 06:06:45 UTC-0500 (Thu, 11 Nov 2021 12:06:45 +0100) Togan
>> Muftuoglu is rumored to have said:
>>
>>> Hi,
>>>
>>>
Hi,
How can I reject connections from generic Forward Confirmed Reverse DNS
(FCrDNS) like “123-45-67-8.your.isp.com”.
For the most cases spamhaus is able to block it but with the cloud providers
with FCrDNS as follows not all of them are not blocked.
123-45-67-89.ip.linodeusercontent.com
I would like to check if I am understanding setting a backup MX correctly.
Am I missing something here ?
DNS settings
example.com primary-mx.example.com 10
example.com backup-mx.example.com 20
Backup MX postfix settings
/etc/postfix/main.cf:
myorigin = example.com
>>>>> "JR" == Jaroslaw Rafa writes:
JR> Dnia 1.12.2021 o godz. 14:09:49 Togan Muftuoglu pisze:
>>
>> Glad that I put HOLD rather than REJECT as IOS devices are producing this
>> format
>>
>> Message-Id:
>>
>> Is there a wa
Hi,
After reading the http://www.postfix.org/BACKSCATTER_README.html, I have
included the following to /etc/postfix/header_checks:
/^[> ]*Message-ID:.*@(mydomain\.com)/ HOLD forged domain name in Message-ID:
header: $1
Glad that I put HOLD rather than REJECT as IOS devices are producing this
>>>>> "WV" == Wietse Venema writes:
WV> Togan Muftuoglu:
>>
>> After searching through the document with the help of strong coffee I ended
>> up adding the following to submission
>>
>> -o receive_override_options=no_header_body_checks
> "LT" == Lefteris Tsintjelis writes:
LT> Is there a way to limit access by RBLs postscreen alike? Lefteris
If you have API key from spamhaus or abusix then you can use the auth related
rbls along with a rotating secure password policy for the authenticated users
IMO is a good option.
> "JR" == Jaroslaw Rafa writes:
JR> Dnia 3.12.2021 o godz. 09:14:23 Fourhundred Thecat pisze:
>> Hello,
>>
>> I have strict helo checks:
>>
>> smtpd_helo_required = yes smtpd_helo_restrictions =
>> reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
>> reject_unknown_helo_hostname
> "Piper" == Piper H writes:
Piper> I sent an email from my t-online.de account to gmail.
Piper> Gmail shows SPF pass by best guessing:
Piper> Received-SPF: pass (google.com: best guess record for domain of
Piper> x...@t-online.de designates 194.25.134.18 as permitted sender)
Piper>
> "Matus" == Matus UHLAR <- fantomas > writes:
Matus> the latter can be disabled by calling check_recipient_access
Matus> "user+whate...@example.com REJECT"
This is what I want to achieve and after reading the documentation at
http://www.postfix.org/RESTRICTION_CLASS_README.html I got the
> "DE" == Dino Edwards writes:
DE> Hello, We have various IPs that throughout the day hammer our server
DE> attempting to deliver messages to non-existent recipients. The messages
DE> get rejected because the recipients do not exist. This results with having
DE> 30 to 100 rejected emails at
> "VDvP" == Viktor Dukhovni via Postfix-users
> writes:
VDvP> The Postfix LMTP delivery agent supports LMTP delivery over TCP
VDvP> (possibly also with STARTTLS or TLS wrapper mode). This is
VDvP> documented in the lmtp(8) manpage.
Let me get the basic functioning maybe later I
I am planning to move the dovecot imapd to a new server which has no smtp
server. The postfix server located in an other machine is responsible for
receving the mail for the main and the virtual domains and has no local
delivery.
postfix server has ip 172.16.0.184
dovecot server has ip
> "VDvP" == Viktor Dukhovni via Postfix-users
> writes:
VDvP> On Sun, Dec 31, 2023 at 08:25:42PM +0100, toganm--- via Postfix-users
wrote:
>> this is what I have so I should be OK, or do I need to specifiy the
>> inet:[address] instead of unix ?
>>
>> lmtp unix - -
> "MU" == Matus UHLAR <- fantomas via Postfix-users
> > writes:
MU> I have tried to explain it before: you should not use DNSBLs in
MU> submission/smtps services, as you can expect many your clients to
MU> connect from shared or dynamic IP addresses, which are surelly listed
29 matches
Mail list logo
