date:20100704

Re: migrate from qmail to postfix

2010-07-04 Thread Jeroen Geilman


On 07/04/2010 01:38 AM, Asif Iqbal wrote:

Hi All

I am planning to migrate from qmail to postfix.

Currently our qmail uses QMAILQUEUE, qmail-scanner, clamd,
spamassassin, rbldnsd, greylite, qmail-pop, qmail-ldap, virtuals and
ezmlm.
(I hope I did not miss anything)

I found few suggestions from the following articles

   http://www.irbs.net/internet/postfix/0207/1241.html [yr 2002]
   http://www.irbs.net/internet/postfix/0401/1049.html [yr 2004]
   http://johnleach.co.uk/documents/qmail-to-postfix/index.html [yr 2006]

They are pretty old.

   


It seems you managed to miss the postfix documentation.
http://www.postfix.org/documentation.html

It's so odd that people insist on NOT using the actual documentation.


Is there any new feature(s) relevant to qmail to postfix migration,
that are not covered above and, were
introduced in newer postifx?

   


I would not recommend following old, or unsupported, documentation.
Always use the latest official documentation, it includes the versions 
something was introduced at.



Also, if you followed any of those threads, is there some gotcha that
might be missing in there?
   


They're probably flagrantly wrong in about a dozen places. They always are.


I am guessing I need to install postfix as the front-end, will be
installed on a separate new box.
Then use the qmail, currently running on the existing system, as the back-end.
Hoping that will ease the migration, however not exactly sure how to
do it, quite yet :-).
   


I would suggest the opposite. postfix is much more flexible than that 
old crone.

However, you can do it in any way that suits you.


(I have to go back read those threads/articles again.)
Then eventually expire qmail. Not quite sure how to do that either,
but I think have to do some
MX tricks on that.

Anyways, I am looking for comments/suggestions.

Thanks
   


Start with the URL Wietse gave you, it covers the basics.

J.

Re: migrate from qmail to postfix

2010-07-04 Thread Patrick Ben Koetter

* Asif Iqbal :
> Currently our qmail uses QMAILQUEUE, qmail-scanner, clamd,
> spamassassin, rbldnsd, greylite, qmail-pop, qmail-ldap, virtuals and
> ezmlm.
> (I hope I did not miss anything)

Here's the typical way most people go:

qmail -> postfix 
qmail-scanner -> amavisd-new 

clamd -> integrated in amavisd-new
spamassassin -> integrated in amavisd-new
rbldnsd -> integral part of postfix
greylite -> postgrey 
qmail-pop -> dovecot 
qmail-ldap -> postfix 
virtuals -> postfix  You probably
  want to use Dovecot's "deliver" program as LDA in conjunction with virtual
  domain hosting
ezmlm -> use with Postfix or replace with mailman


> I am guessing I need to install postfix as the front-end, will be
> installed on a separate new box.

I suggest to replace qmail with Postfix and not make things more complicated
adding another MTA.

> Then use the qmail, currently running on the existing system, as the back-end.
> Hoping that will ease the migration, however not exactly sure how to
> do it, quite yet :-).

Setup Postfix in parallel. Test locally. Ask people on this list if you don't
understand the documentation or how to test.

Then sync messages from old system to new one and retire old one.

> Then eventually expire qmail. Not quite sure how to do that either, but I
> think have to do some MX tricks on that.

Leave MX and give new machine old (and valid MX) IP address.

p...@rick

-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):

Re: Postfix.org SPF

2010-07-04 Thread JunkYardMail1

Those who wish to make use of it can do so.

From: Jeroen Geilman 
Sent: Saturday, July 03, 2010 11:46 AM
To: postfix-users@postfix.org 
Subject: Re: Postfix.org SPF

On 07/03/2010 08:45 PM, junkyardma...@verizon.net wrote: 
  How about publishing an SPF record for postfix.org.

  This would work well:
  "v=spf1 mx include:cloud9.net ~all"

  http://openspf.org/

  http://old.openspf.org/wizard.html?mydomain=Postfix.org

Um.. and then what ?

Re: Postfix.org SPF

2010-07-04 Thread JunkYardMail1

Some do not accept email from domains whose owner does not publish the 
servers they authorize to transfer mail for their domain.

--
From: "Sahil Tandon" 
Sent: Saturday, July 03, 2010 11:53 AM
To: 
Subject: Re: Postfix.org SPF

On Sat, 2010-07-03 at 11:45:39 -0700, junkyardma...@verizon.net wrote:

How about publishing an SPF record for postfix.org.

Why?

--
Sahil Tandon

Re: Postfix.org SPF

2010-07-04 Thread mouss

junkyardma...@verizon.net a écrit :
> Some do not accept email from domains whose owner does not publish the
> servers they authorize to transfer mail for their domain.
> 

Then it's their problem. Please don't revive the old spf thread. spf has
fans and opponents.

$ host -t txt yahoo.com
yahoo.com has no TXT record
$ host -t txt mail.com
mail.com has no TXT record
$ host -t txt outblaze.com
outblaze.com has no TXT record
...
(same with "spf" instead of "txt").

> --
> From: "Sahil Tandon" 
> Sent: Saturday, July 03, 2010 11:53 AM
> To: 
> Subject: Re: Postfix.org SPF
> 
>> On Sat, 2010-07-03 at 11:45:39 -0700, junkyardma...@verizon.net wrote:
>>
>>> How about publishing an SPF record for postfix.org.
>>
>> Why?
>>
>> -- 
>> Sahil Tandon  
>

Re: Postfix.org SPF

2010-07-04 Thread Matt Hayes

On 07/04/2010 10:20 PM, junkyardma...@verizon.net wrote:

Some do not accept email from domains whose owner does not publish the
servers they authorize to transfer mail for their domain.

--
From: "Sahil Tandon" 
Sent: Saturday, July 03, 2010 11:53 AM
To: 
Subject: Re: Postfix.org SPF

On Sat, 2010-07-03 at 11:45:39 -0700, junkyardma...@verizon.net wrote:

How about publishing an SPF record for postfix.org.

Why?

--
Sahil Tandon 

Rejecting email souly on the fact that a domain doesn't publish an SPF 
is stupid.

-Matt

Re: Postfix.org SPF

2010-07-04 Thread JunkYardMail1


Yahoo has ulterior motives?  They wish to push their domain keys.

Others probably likewise have ulterior motives.

Do you also oppose SPF, and if so what is your motives?


--
From: "mouss" 
Sent: Sunday, July 04, 2010 7:29 PM
To: 
Subject: Re: Postfix.org SPF


junkyardma...@verizon.net a écrit :

Some do not accept email from domains whose owner does not publish the
servers they authorize to transfer mail for their domain.



Then it's their problem. Please don't revive the old spf thread. spf has
fans and opponents.

$ host -t txt yahoo.com
yahoo.com has no TXT record
$ host -t txt mail.com
mail.com has no TXT record
$ host -t txt outblaze.com
outblaze.com has no TXT record
...
(same with "spf" instead of "txt").



--
From: "Sahil Tandon" 
Sent: Saturday, July 03, 2010 11:53 AM
To: 
Subject: Re: Postfix.org SPF


On Sat, 2010-07-03 at 11:45:39 -0700, junkyardma...@verizon.net wrote:


How about publishing an SPF record for postfix.org.


Why?

--
Sahil Tandon

Re: Postfix.org SPF

2010-07-04 Thread JunkYardMail1

What is stupid is to be so opposed to anti spam tools that have no 
significant downside.

Makes one wonder about true motives.

--
From: "Matt Hayes" 
Sent: Sunday, July 04, 2010 7:29 PM
To: 
Subject: Re: Postfix.org SPF

On 07/04/2010 10:20 PM, junkyardma...@verizon.net wrote:

Some do not accept email from domains whose owner does not publish the
servers they authorize to transfer mail for their domain.

--
From: "Sahil Tandon" 
Sent: Saturday, July 03, 2010 11:53 AM
To: 
Subject: Re: Postfix.org SPF

On Sat, 2010-07-03 at 11:45:39 -0700, junkyardma...@verizon.net wrote:

How about publishing an SPF record for postfix.org.

Why?

--
Sahil Tandon 

Rejecting email souly on the fact that a domain doesn't publish an SPF is 
stupid.

-Matt

Re: Postfix.org SPF

2010-07-04 Thread Matt Hayes


n 07/04/2010 10:53 PM, junkyardma...@verizon.net wrote:

What is stupid is to be so opposed to anti spam tools that have no
significant downside.
Makes one wonder about true motives.

--
From: "Matt Hayes" 
Sent: Sunday, July 04, 2010 7:29 PM
To: 
Subject: Re: Postfix.org SPF


On 07/04/2010 10:20 PM, junkyardma...@verizon.net wrote:

Some do not accept email from domains whose owner does not publish the
servers they authorize to transfer mail for their domain.

--
From: "Sahil Tandon" 
Sent: Saturday, July 03, 2010 11:53 AM
To: 
Subject: Re: Postfix.org SPF


On Sat, 2010-07-03 at 11:45:39 -0700, junkyardma...@verizon.net wrote:


How about publishing an SPF record for postfix.org.


Why?

--
Sahil Tandon 





Rejecting email souly on the fact that a domain doesn't publish an SPF
is stupid.

-Matt





I'm not opposed to it and please stop TOP posting.

-Matt

Re: Postfix.org SPF

2010-07-04 Thread Scott Kitterman

On Sunday, July 04, 2010 10:51:32 pm junkyardma...@verizon.net wrote:
> Yahoo has ulterior motives?  They wish to push their domain keys.
> 
> Others probably likewise have ulterior motives.
> 
> Do you also oppose SPF, and if so what is your motives?
> 
Please stop.  This is offtopic for this list and not helpful in any case.  Some 
people like and use SPF and some people don't.  Rejecting or discarding mail 
due simply to a lack of and SPF record is idiotic and domain owners are 
completely free to publish a record or not.

Consult Google if you want to know my views on SPF (they aren't hard to find).  
If you want to discuss SPF, there is an spf-discuss mailing list where such 
discussions are on topic (see http://www.openspf.org/Forums for details).

Scott K

Re: migrate from qmail to postfix

2010-07-04 Thread Asif Iqbal

On Sun, Jul 4, 2010 at 5:50 AM, Jeroen Geilman  wrote:
> On 07/04/2010 01:38 AM, Asif Iqbal wrote:
>
> Hi All
>
> I am planning to migrate from qmail to postfix.
>
> Currently our qmail uses QMAILQUEUE, qmail-scanner, clamd,
> spamassassin, rbldnsd, greylite, qmail-pop, qmail-ldap, virtuals and
> ezmlm.
> (I hope I did not miss anything)
>
> I found few suggestions from the following articles
>
>   http://www.irbs.net/internet/postfix/0207/1241.html [yr 2002]
>   http://www.irbs.net/internet/postfix/0401/1049.html [yr 2004]
>   http://johnleach.co.uk/documents/qmail-to-postfix/index.html [yr 2006]
>
> They are pretty old.
>
>
>
> It seems you managed to miss the postfix documentation.
> http://www.postfix.org/documentation.html

Well, I was actually looking for specific document(s) that discusses
qmail to postfix migration.
Also, looking for something that covers the dot-qmail, seems like the
hardest part to migrate over.


>
> It's so odd that people insist on NOT using the actual documentation.
>
> Is there any new feature(s) relevant to qmail to postfix migration,
> that are not covered above and, were
> introduced in newer postifx?
>
>
>
> I would not recommend following old, or unsupported, documentation.
> Always use the latest official documentation, it includes the versions
> something was introduced at.
>
> Also, if you followed any of those threads, is there some gotcha that
> might be missing in there?
>
>
> They're probably flagrantly wrong in about a dozen places. They always are.
>
> I am guessing I need to install postfix as the front-end, will be
> installed on a separate new box.
> Then use the qmail, currently running on the existing system, as the
> back-end.
> Hoping that will ease the migration, however not exactly sure how to
> do it, quite yet :-).
>
>
> I would suggest the opposite. postfix is much more flexible than that old
> crone.
> However, you can do it in any way that suits you.
>
> (I have to go back read those threads/articles again.)
> Then eventually expire qmail. Not quite sure how to do that either,
> but I think have to do some
> MX tricks on that.
>
> Anyways, I am looking for comments/suggestions.
>
> Thanks
>
>
> Start with the URL Wietse gave you, it covers the basics.
>
> J.
>
>



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

Re: migrate from qmail to postfix

2010-07-04 Thread Sahil Tandon

On Sun, 2010-07-04 at 23:55:48 -0400, Asif Iqbal wrote:

> Well, I was actually looking for specific document(s) that discusses
> qmail to postfix migration.  Also, looking for something that covers
> the dot-qmail, seems like the hardest part to migrate over.

You were given, among other things, several pointers to relevant
sections of the Postfix documentation.  At this point, you need to piece
together information from various sources and perform the transition
based on the idiosyncrasies of your email architecture.  If you have
specific Postfix questions, feel free to ask here.  I think the 'is
there a how-to for my exact migration situation?' line of questioning has
been exhausted.

-- 
Sahil Tandon

Re: Postfix.org SPF

2010-07-04 Thread JunkYardMail1

US financial services industry group endorses SPF, so most banks, credit 
unions, brokerages, etc. publish an SPF record.


MAAWG: "At the very least, senders should incorporate SPF records for their 
mailing domains".


Austrailan DoD Recommends SPF

Google.com, GoogleMail.com, Gmail.com,
Comcast.net,
Verizon.net,
Frontier.net,
Charter.com,
Microsoft.com, Hotmail.com, Live.com,
AOL.com

All publish  SPF records as well.

It is simply becoming unnecessary to accept email from domains which do not 
publish an SPF record to let receiving domains know the systems that are 
authorized to transfer email for them.

And doing so cuts into spam significantly.


--
From: 
Sent: Sunday, July 04, 2010 7:51 PM
To: 
Subject: Re: Postfix.org SPF


Yahoo has ulterior motives?  They wish to push their domain keys.

Others probably likewise have ulterior motives.

Do you also oppose SPF, and if so what is your motives?


--
From: "mouss" 
Sent: Sunday, July 04, 2010 7:29 PM
To: 
Subject: Re: Postfix.org SPF


junkyardma...@verizon.net a écrit :

Some do not accept email from domains whose owner does not publish the
servers they authorize to transfer mail for their domain.



Then it's their problem. Please don't revive the old spf thread. spf has
fans and opponents.

$ host -t txt yahoo.com
yahoo.com has no TXT record
$ host -t txt mail.com
mail.com has no TXT record
$ host -t txt outblaze.com
outblaze.com has no TXT record
...
(same with "spf" instead of "txt").



--
From: "Sahil Tandon" 
Sent: Saturday, July 03, 2010 11:53 AM
To: 
Subject: Re: Postfix.org SPF


On Sat, 2010-07-03 at 11:45:39 -0700, junkyardma...@verizon.net wrote:


How about publishing an SPF record for postfix.org.


Why?

--
Sahil Tandon

Re: Postfix.org SPF

2010-07-04 Thread Sahil Tandon

On Sun, 2010-07-04 at 21:08:58 -0700, junkyardma...@verizon.net wrote:

[blah blah blah]

> It is simply becoming unnecessary to accept email from domains which
> do not publish an SPF record to let receiving domains know the systems
> that are authorized to transfer email for them.  And doing so cuts
> into spam significantly.

Please stop.  This is not the appropriate forum for SPF evangelism.  Do
you have a Postfix question?  If not, please DO NOT reply to this email
or continue this thread.  This is a technical mailing list ABOUT
POSTFIX. Thank you.

-- 
Sahil Tandon

Re: Postfix.org SPF

2010-07-04 Thread JunkYardMail1

My original post was regarding postfix.  But you and others who seemed more 
interested in taking it off topic to squelch the request for postfix.org to 
publish an SPF record.


I oblige the challenge and then you all start complain about thread being 
off topic.  Well it wouldn't be off topic if you all wouldn't have taken it 
off topic.


So now, how about it.  How about an SPF record for the postfix.org domain, 
from which posting to this mail list come.


Anyone opposed to the postfix.org domain publishing an SPF record?

--
From: "Sahil Tandon" 
Sent: Sunday, July 04, 2010 9:12 PM
To: 
Subject: Re: Postfix.org SPF


On Sun, 2010-07-04 at 21:08:58 -0700, junkyardma...@verizon.net wrote:

[blah blah blah]


It is simply becoming unnecessary to accept email from domains which
do not publish an SPF record to let receiving domains know the systems
that are authorized to transfer email for them.  And doing so cuts
into spam significantly.


Please stop.  This is not the appropriate forum for SPF evangelism.  Do
you have a Postfix question?  If not, please DO NOT reply to this email
or continue this thread.  This is a technical mailing list ABOUT
POSTFIX. Thank you.

--
Sahil Tandon

Re: Postfix.org SPF

2010-07-04 Thread John Levine

>Anyone opposed to the postfix.org domain publishing an SPF record?

Yes.  Now, can you go away, please?

R's,
John, MAAWG senior technical advisor, among other things

Re: migrate from qmail to postfix

2010-07-04 Thread Asif Iqbal

On Mon, Jul 5, 2010 at 12:03 AM, Sahil Tandon  wrote:
> On Sun, 2010-07-04 at 23:55:48 -0400, Asif Iqbal wrote:
>
>> Well, I was actually looking for specific document(s) that discusses
>> qmail to postfix migration.  Also, looking for something that covers
>> the dot-qmail, seems like the hardest part to migrate over.
>
> You were given, among other things, several pointers to relevant
> sections of the Postfix documentation.  At this point, you need to piece
> together information from various sources and perform the transition
> based on the idiosyncrasies of your email architecture.  If you have
> specific Postfix questions, feel free to ask here.  I think the 'is
> there a how-to for my exact migration situation?' line of questioning has
> been exhausted.

which doc covers the dot-qmail like behavior in postfix?

>
> --
> Sahil Tandon 
>



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

Re: migrate from qmail to postfix

2010-07-04 Thread Sahil Tandon

On Mon, 2010-07-05 at 01:05:21 -0400, Asif Iqbal wrote:

> On Mon, Jul 5, 2010 at 12:03 AM, Sahil Tandon  wrote:
> > On Sun, 2010-07-04 at 23:55:48 -0400, Asif Iqbal wrote:
> >
> >> Well, I was actually looking for specific document(s) that discusses
> >> qmail to postfix migration.  Also, looking for something that covers
> >> the dot-qmail, seems like the hardest part to migrate over.
> >
> > You were given, among other things, several pointers to relevant
> > sections of the Postfix documentation.  At this point, you need to piece
> > together information from various sources and perform the transition
> > based on the idiosyncrasies of your email architecture.  If you have
> > specific Postfix questions, feel free to ask here.  I think the 'is
> > there a how-to for my exact migration situation?' line of questioning has
> > been exhausted.
> 
> which doc covers the dot-qmail like behavior in postfix?

Read the Postfix documentation.  All supported features are covered
therein; if you do not see it, it is not supported.  Postfix is not a
drop-in replacement for qmail.  Good luck.

-- 
Sahil Tandon

Re: migrate from qmail to postfix

2010-07-04 Thread Asif Iqbal

On Mon, Jul 5, 2010 at 1:13 AM, Sahil Tandon  wrote:
> On Mon, 2010-07-05 at 01:05:21 -0400, Asif Iqbal wrote:
>
>> On Mon, Jul 5, 2010 at 12:03 AM, Sahil Tandon  wrote:
>> > On Sun, 2010-07-04 at 23:55:48 -0400, Asif Iqbal wrote:
>> >
>> >> Well, I was actually looking for specific document(s) that discusses
>> >> qmail to postfix migration.  Also, looking for something that covers
>> >> the dot-qmail, seems like the hardest part to migrate over.
>> >
>> > You were given, among other things, several pointers to relevant
>> > sections of the Postfix documentation.  At this point, you need to piece
>> > together information from various sources and perform the transition
>> > based on the idiosyncrasies of your email architecture.  If you have
>> > specific Postfix questions, feel free to ask here.  I think the 'is
>> > there a how-to for my exact migration situation?' line of questioning has
>> > been exhausted.
>>
>> which doc covers the dot-qmail like behavior in postfix?
>
> Read the Postfix documentation.  All supported features are covered
> therein; if you do not see it, it is not supported.  Postfix is not a
> drop-in replacement for qmail.  Good luck.

well, I am looking for suggestions on how people took care of the
dot-qmail part when
they migrated from qmail to postfix. going back to my original email,
I saw some suggestions
how people did just that. but bringing that up to see if those steps
are relevant.



>
> --
> Sahil Tandon 
>



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

Re: Postfix.org SPF

2010-07-04 Thread Stan Hoeppner

junkyardma...@verizon.net put forth on 7/4/2010 9:53 PM:
> What is stupid is to be so opposed to anti spam tools that have no
> significant downside.

The problem is it has no significant upside either, which is why most sites
don't use it as an anti spam measure.  Since spammers can simply create an SPF
record for their domains such this

"v=spf1 +all"

a simple "does it have an SPF record" check does nothing to stop the spam,
since the above SPF string says every internet address is allowed to send mail
on behalf of the domain.  So you then must implement some script or code to
actually parse the SPF record in an effort to figure out if it's a spammer
domain or not.  So you parse out "+all" and reject mail from domains having
that string.  Then the botnet spammers do something sinisterly creative like 
this

"v=spf1 ip4:1.0.0.0/8 ip4:2.0.0.0/8 ip4:223.0.0.0/8 [...] -all"

which again allows every IP address to send on behalf of the spammer domain
but makes it pretty much impossible to parse and apply rules that firmly
identify it as a spammer domain.  Spammers may use something similar but with
more clever CIDR notation that doesn't break SPF record length rules, etc.
I'm not a spammer and have never crafted such a string, but it is possible,
and some do it.

Now you are absolutely screwed, unless you want to waste the thousands of man
hours required to write code to parse these types of records and make an
_accurate_ "spammer domain" determination based on these complex SPF records.

You are obviously a newbie when it comes to SPF as a spam fighting tool, or
spam fighting in general, or you'd have already known these things.  There are
far more effective anti-spam tools available that are much less error prone,
and require far less custom coding to make them work effectively.  I've been
heavily involved in spam fighting for a few years now, and I've yet to hear of
an effective SPF based spam fighting tool.  No seasoned SAs I've run into are
evangelizing SPF, but the opposite.

If you'd like to further your spam fighting eduction, I direct you to Google,
NANAE, and spam-l.  For every one newbie proponent of SPF as an A/S tool,
you'll find 999 seasoned SAs who don't and won't use it as an A/S tool.
Amongst seasoned SAs you will find some that use the existence of an SPF
record for _scoring only_ in SpamAssassin, but that's about the extent of its
use as an A/S tool.

-- 
Stan

Re: Postfix.org SPF

2010-07-04 Thread JunkYardMail1


What is your objection?

--
From: "John Levine" 
Sent: Sunday, July 04, 2010 9:48 PM
To: 
Cc: 
Subject: Re: Postfix.org SPF


Anyone opposed to the postfix.org domain publishing an SPF record?


Yes.  Now, can you go away, please?

R's,
John, MAAWG senior technical advisor, among other things

Re: Postfix.org SPF

2010-07-04 Thread JunkYardMail1

Very aware spammers can create their own domains and and SPF records.  They 
can do essentially the same thing with any anti spam measures.  And I have 
see a number of them do just that, an SPF record of entire IPv4 address 
space (0.0.0.0/0).  But guess what, everyone of them has been in an RHSBL. 
The fact it prevents them from using just any ol domain instead of their own 
makes it extermely quick and easy for them to get detected and added into 
the RHSBL's.


Requiring an SPF record to publish a domains authorized MTA's is very 
effective.


--
From: "Stan Hoeppner" 
Sent: Sunday, July 04, 2010 10:58 PM
To: 
Subject: Re: Postfix.org SPF


junkyardma...@verizon.net put forth on 7/4/2010 9:53 PM:

What is stupid is to be so opposed to anti spam tools that have no
significant downside.


The problem is it has no significant upside either, which is why most 
sites
don't use it as an anti spam measure.  Since spammers can simply create an 
SPF

record for their domains such this

"v=spf1 +all"

a simple "does it have an SPF record" check does nothing to stop the spam,
since the above SPF string says every internet address is allowed to send 
mail
on behalf of the domain.  So you then must implement some script or code 
to

actually parse the SPF record in an effort to figure out if it's a spammer
domain or not.  So you parse out "+all" and reject mail from domains 
having
that string.  Then the botnet spammers do something sinisterly creative 
like this


"v=spf1 ip4:1.0.0.0/8 ip4:2.0.0.0/8 ip4:223.0.0.0/8 [...] -all"

which again allows every IP address to send on behalf of the spammer 
domain

but makes it pretty much impossible to parse and apply rules that firmly
identify it as a spammer domain.  Spammers may use something similar but 
with

more clever CIDR notation that doesn't break SPF record length rules, etc.
I'm not a spammer and have never crafted such a string, but it is 
possible,

and some do it.

Now you are absolutely screwed, unless you want to waste the thousands of 
man

hours required to write code to parse these types of records and make an
_accurate_ "spammer domain" determination based on these complex SPF 
records.


You are obviously a newbie when it comes to SPF as a spam fighting tool, 
or
spam fighting in general, or you'd have already known these things.  There 
are
far more effective anti-spam tools available that are much less error 
prone,
and require far less custom coding to make them work effectively.  I've 
been
heavily involved in spam fighting for a few years now, and I've yet to 
hear of
an effective SPF based spam fighting tool.  No seasoned SAs I've run into 
are

evangelizing SPF, but the opposite.

If you'd like to further your spam fighting eduction, I direct you to 
Google,

NANAE, and spam-l.  For every one newbie proponent of SPF as an A/S tool,
you'll find 999 seasoned SAs who don't and won't use it as an A/S tool.
Amongst seasoned SAs you will find some that use the existence of an SPF
record for _scoring only_ in SpamAssassin, but that's about the extent of 
its

use as an A/S tool.

--
Stan

Re: [Postfix-Users] Re: Postfix.org SPF

2010-07-04 Thread John R. Dennison

On Sun, Jul 04, 2010 at 11:31:03PM -0700, junkyardma...@verizon.net wrote:
> What is your objection?

For the love of $deity *STOP* top-posting.  Thank you.

You wanted an objection?  There it is.




John


-- 
"Thinking implies disagreement; and disagreement implies non-comformity; and
non-comformity implies heresy; and heresy implies disloyality -- so obviously
thinking must be stopped"
[Call to Greatness, 1954] -- Adlai Stephenson


pgp8hBbOHmmtT.pgp
Description: PGP signature

Re: migrate from qmail to postfix

2010-07-04 Thread Patrick Ben Koetter

Asif,

* Asif Iqbal :
> well, I am looking for suggestions on how people took care of the
> dot-qmail part when
> they migrated from qmail to postfix. going back to my original email,
> I saw some suggestions
> how people did just that. but bringing that up to see if those steps
> are relevant.

can you be specific about which particular functionality/mechanism from
dot-qmail you want/need to migrate, so we can tell you how it would be done in
Postfix?

Speaking for myself I don't know what's in a dot-qmail file, but I know
Postfix and if you can describe in an abstract manner what you need, most
people on this list will be able to tell you how it is done in Postfix.

p...@rick

-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):

Re: migrate from qmail to postfix

Re: migrate from qmail to postfix

Re: Postfix.org SPF

Re: Postfix.org SPF

Re: Postfix.org SPF

Re: Postfix.org SPF

Re: Postfix.org SPF

Re: Postfix.org SPF

Re: Postfix.org SPF

Re: Postfix.org SPF

Re: migrate from qmail to postfix

Re: migrate from qmail to postfix

Re: Postfix.org SPF

Re: Postfix.org SPF

Re: Postfix.org SPF

Re: Postfix.org SPF

Re: migrate from qmail to postfix

Re: migrate from qmail to postfix

Re: migrate from qmail to postfix

Re: Postfix.org SPF

Re: Postfix.org SPF

Re: Postfix.org SPF

Re: [Postfix-Users] Re: Postfix.org SPF

Re: migrate from qmail to postfix

24 matches

Site Navigation

Mail list logo

Footer information