postfix smarthost authentification error (incorrect token: useruserpassword)
Hi all,
I am trying to relay my outgoing mail and I receive a authentification
error.
I followd the relevand guides for setting up a smarthost
smtp_sasl_mechanism_filter = plain
smtp_sasl_security_options = noanonymous
smtp_sasl_auth_enable = yes
relayhost = [smtp.myrelay.se]:submission
smtp_sasl_password_maps = static:user:password
broken_sasl_auth_clients = yes
I sniffed the network traffic between my server and the relayhost and I
think it all boils down to that postfix tries to authenticate incorrectly
with
AUTH PLAIN dXNlcgB1c2VyAHBhc3N3b3Jk
(which is AUTH PLAIN useruserpassword)
Instead of
AUTH PLAIN AHVzZXIAcGFzc3dvcmQ=
(which is AUTH PLAIN userpassword)
Included an excerpt of my network traffic
250-SIZE 20971520
250-PIPELINING
250-AUTH PLAIN LO
1:123:123.5286 IP host.66301 > se.submission: P 31:68(37) ack 245
'.._5.o.AUTH PLAIN dXNlcgB1c2VyAHBhc3N3b3Jk
1:123:123.5586 IP se.submission > host.66301: P 245:280(35) ack
5.o.'.._535 Incorrect authentication data
Decoding the authetification line
>perl -MMIME::Base64 -e 'print decode_base64("dXNlcgB1c2VyAHBhc3N3b3Jk");'
>useruserpassword
so it seems that my password_map "static:user:password" is incorrect send to
the
relay host (should be \0user\0password instead of useruserpassword)
(i tried with a password file/db but that gives the same result)
from here I am stuck. I cannot find how to correct this.
Regards Gijs
Re: postfix smarthost authentification error (incorrect token: useruserpassword)
Zitat von Gijs Koppers :
Hi all,
I am trying to relay my outgoing mail and I receive a authentification
error.
I followd the relevand guides for setting up a smarthost
smtp_sasl_mechanism_filter = plain
smtp_sasl_security_options = noanonymous
smtp_sasl_auth_enable = yes
relayhost = [smtp.myrelay.se]:submission
smtp_sasl_password_maps = static:user:password
broken_sasl_auth_clients = yes
I sniffed the network traffic between my server and the relayhost and I
think it all boils down to that postfix tries to authenticate incorrectly
with
AUTH PLAIN dXNlcgB1c2VyAHBhc3N3b3Jk
(which is AUTH PLAIN useruserpassword)
Instead of
AUTH PLAIN AHVzZXIAcGFzc3dvcmQ=
(which is AUTH PLAIN userpassword)
Included an excerpt of my network traffic
250-SIZE 20971520
250-PIPELINING
250-AUTH PLAIN LO
1:123:123.5286 IP host.66301 > se.submission: P 31:68(37) ack 245
'.._5.o.AUTH PLAIN dXNlcgB1c2VyAHBhc3N3b3Jk
1:123:123.5586 IP se.submission > host.66301: P 245:280(35) ack
5.o.'.._535 Incorrect authentication data
Decoding the authetification line
perl -MMIME::Base64 -e 'print decode_base64("dXNlcgB1c2VyAHBhc3N3b3Jk");'
useruserpassword
so it seems that my password_map "static:user:password" is incorrect send to
the
relay host (should be \0user\0password instead of useruserpassword)
(i tried with a password file/db but that gives the same result)
from here I am stuck. I cannot find how to correct this.
Regards Gijs
Have a look here:
http://www.postfix.org/DATABASE_README.html#types
static (read-only)
Always returns its lookup table name as lookup result. For example,
the lookup table "static:foobar" always returns the string "foobar" as
lookup result.
so in your case static:password should be correct. In this case the
result is always "password".
Regards
Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
relay home postfix on dynamic ip to postfix server?
I have Postfix 2.3.3 on a Centos behind NAT on home ADSL, ISP blocks outbound 25, this is just for occasional casual use, I set it up to ISP SMTP with 'relayhost = [mail.bigpond.com]' I also have a Postfix server on internet what's the best way to relay from home ADSL NAT server through my own Postfix server (rather than ISP) ? home external IP is dynamic, how to specify LAN IP (192.168.1.x) in conf (longer term I aim to install current release Postfix and sasl/smtp auth, but this is just for interim use till it's upgraded) -- Voytek
multiple servers head office/branch office
can someone suggest some good docs/howtos on setting up 'multiple' (two) Postfix servers for single domain. scenario: company has office in AUS and Asia; mail server is hosted in AUS, all interoffice Asia mail goes via AUS server, would like a local LAN mail server in Asia office for interoffice mail, etc suggestions appreciated -- Voytek
RE: postfix smarthost authentification error (incorrect token: useruserpassword)
Hi,
I think i might have found the problem
>From the documentation:
send_cyrus_sasl_authzid (default: no)
When authenticating to a remote SMTP or LMTP server with the default setting
"no", send no SASL authoriZation ID (authzid); send only the SASL
authentiCation ID (authcid) plus the authcid's password.
The non-default setting "yes" enables the behavior of older Postfix
versions. These always send a SASL authzid that is equal to the SASL
authcid, but this causes inter-operability problems with some SMTP servers.
This feature is available in Postfix 2.4.4 and later.
I run postfix 2.3.3.
>From the above it seems that I sends authzid: authcid: password for AUTH
PLAIN
In my case
authzid =authcid = user
password = password
so the whole AUTH PLAIN becomes useruserpassword which does not validate
is that correct? How can I stop postfix from sending authzid without
upgrading postfix?
Regards Gijs
-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of lst_ho...@kwsoft.de
Sent: den 10 maj 2011 10:14
To: postfix-users@postfix.org
Subject: Re: postfix smarthost authentification error (incorrect token:
useruserpassword)
Zitat von Gijs Koppers :
> Hi all,
>
> I am trying to relay my outgoing mail and I receive a authentification
> error.
> I followd the relevand guides for setting up a smarthost
>
> smtp_sasl_mechanism_filter = plain
> smtp_sasl_security_options = noanonymous
> smtp_sasl_auth_enable = yes
> relayhost = [smtp.myrelay.se]:submission
> smtp_sasl_password_maps = static:user:password
> broken_sasl_auth_clients = yes
>
> I sniffed the network traffic between my server and the relayhost and I
> think it all boils down to that postfix tries to authenticate incorrectly
> with
>
> AUTH PLAIN dXNlcgB1c2VyAHBhc3N3b3Jk
> (which is AUTH PLAIN useruserpassword)
>
> Instead of
>
> AUTH PLAIN AHVzZXIAcGFzc3dvcmQ=
> (which is AUTH PLAIN userpassword)
>
>
> Included an excerpt of my network traffic
>
> 250-SIZE 20971520
> 250-PIPELINING
> 250-AUTH PLAIN LO
> 1:123:123.5286 IP host.66301 > se.submission: P 31:68(37) ack 245
> '.._5.o.AUTH PLAIN dXNlcgB1c2VyAHBhc3N3b3Jk
>
> 1:123:123.5586 IP se.submission > host.66301: P 245:280(35) ack
> 5.o.'.._535 Incorrect authentication data
>
>
> Decoding the authetification line
>> perl -MMIME::Base64 -e 'print decode_base64("dXNlcgB1c2VyAHBhc3N3b3Jk");'
>> useruserpassword
>
> so it seems that my password_map "static:user:password" is incorrect send
to
> the
> relay host (should be \0user\0password instead of useruserpassword)
> (i tried with a password file/db but that gives the same result)
>
> from here I am stuck. I cannot find how to correct this.
>
> Regards Gijs
Have a look here:
http://www.postfix.org/DATABASE_README.html#types
static (read-only)
Always returns its lookup table name as lookup result. For example,
the lookup table "static:foobar" always returns the string "foobar" as
lookup result.
so in your case static:password should be correct. In this case the
result is always "password".
Regards
Andreas
postfix with 2 queue directories
Hello, I have a postfix box (with two IP-addresses, if necessary) which receives emails from the Internet, then (after spam check) it forwards them to an internal mail server. However the postfix box also acts as a relay for the internal client hosts to send their emails to the Internet. It would be nice (if it's possible at all, and assuming that this is a sane idea) to separate the "incoming"* and "outgoing" queue. My question is how to do this? I want to use qshape.pl to provide a view of both queues. Or is it better to have a single queue and not to complicate things? I would also like to see a pro and cons comparison if it's possible. *: ie. a queue dedicated to the emails coming from the Internet (I know that postfix has a queue directory called 'incoming'...) Best regards, Albert
Re: postfix with 2 queue directories
Kovacs Albert: > Hello, > > I have a postfix box (with two IP-addresses, if necessary) which > receives emails from the Internet, then (after spam check) it forwards > them to an internal mail server. > However the postfix box also acts as a relay for the internal client > hosts to send their emails to the Internet. > > It would be nice (if it's possible at all, and assuming that this is a > sane idea) to separate the "incoming"* and "outgoing" queue. http://www.postfix.org/MULTI_INSTANCE_README.html Wietse
Re: relay home postfix on dynamic ip to postfix server?
Zitat von Voytek Eymont : I have Postfix 2.3.3 on a Centos behind NAT on home ADSL, ISP blocks outbound 25, this is just for occasional casual use, I set it up to ISP SMTP with 'relayhost = [mail.bigpond.com]' I also have a Postfix server on internet what's the best way to relay from home ADSL NAT server through my own Postfix server (rather than ISP) ? home external IP is dynamic, how to specify LAN IP (192.168.1.x) in conf (longer term I aim to install current release Postfix and sasl/smtp auth, but this is just for interim use till it's upgraded) Unfortunately you excluded the only recommended solution. Either use Postfix client side authentication if you like it more complex use certificate based relaying or don't use Postfix at home but a simple MUA and connect to your internet server with SMTP-AUTH. Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
RE: Sender-ID validation via Blackberry failing
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Tuesday, January 25, 2011 8:11 PM To: Postfix users Subject: Re: Sender-ID validation via Blackberry failing Sharma, Ashish: > Hi, > > I have a Postfix mail receiving server, on this I am using sid-milter > (found at http://sourceforge.net/projects/sid-milter/ got from > http://www.postfix.org/addon.html) tool to validate senderID and > SPF. > > Here the problem is for mail servers that implement Sender-ID, > mail servers that are implementing sender-ID and having their > mails sent via Blackberry are having their sender-ID (sender-id=neutral) > not getting verified on my postfix end. According to the Microsoft website: How Sender ID Works Sender ID seeks to verify that every e-mail message originates from the Internet domain from which it claims to have been sent. This is accomplished by checking the address of the server that sent the mail against a registered list of servers that the domain owner has authorized to send e-mail. In other words, it "works" only when the domain owner adds blackberry's IP addresses to their SenderID authorization record. http://www.microsoft.com/mscorp/safety/technologies/senderid/overview.mspx Wietse Wietse, As is evident from the header value : Authentication-Results: dev1.cpgtest.ostinet.net; sender-id=neutral header.from=...@aol.com; spf=pass smtp.mfrom=SRS0=nRLNv7=UW=aol.com=...@srs.bis7.eu.blackberry.com I can see that Blackberry implements SRS, so I am thinking on the terms to lower the priority of Sender-ID verification if the SRS is correctly implemented/valid SRS by mail forwarders like 'Blackberry'. Valid SRS/correct SRS, is it possible in general ? What are your comments on this? Thanks Ashish
RE: Sender-ID validation via Blackberry failing
-Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of fake...@fakessh.eu Sent: Saturday, January 29, 2011 9:11 PM To: postfix-users@postfix.org Subject: Re: Sender-ID validation via Blackberry failing On Tuesday 25 January 2011 14:23, Sharma, Ashish wrote: > Hi, > > I have a Postfix mail receiving server, on this I am using sid-milter > (found at http://sourceforge.net/projects/sid-milter/ got from > http://www.postfix.org/addon.html) tool to validate senderID and SPF. > > Here the problem is for mail servers that implement Sender-ID, mail > servers that are implementing sender-ID and having their mails sent > via Blackberry are having their sender-ID (sender-id=neutral) not > getting verified on my postfix end. > > Following are the mail headers that I am receiving: > SEnderID add special header in the mail exemple of SEnder ID header X-SenderID: Sendmail Sender-ID Filter v1.0.0 r13151.ovh.net 9306957E93 > Can anybody tell me what needs to be done at my end to get sender-ID > for mails sent via Blackberry to be verified and passed correctly. > > Thanks > Ashish Sharma I am unable to follow the idea suggested as there is no such 'Sender ID' header, please elaborate. Thanks Ashish
[no subject]
Hi all, I'm pretty new to postfix and I'm trying to configure a mail relay on a "internal" network that should relay mails outside (Internet) based on different rules. As a first step I configure Postfix to allow some servers to send mail for certain domain and specifically to certain addresses. To do this I've used some of the most used directives: "relay_domains" "mynetworks_style" "mynetworks" "relayhost" "transport_maps" "relay_recipient_maps" "smtpd_recipient_restrictions" My problem is that now I have to enable another group of server to use this mail server as relay but I have to apply other rules to this new group of servers. Is there a way to have different rules (for istance "relay_recipient_maps") based on source hosts/addresses ? ... maybe something like acl for squid proxy ... Thanks very much in advance for any help, kind regards, Daniel
Re: relay home postfix on dynamic ip to postfix server?
On Tue, May 10, 2011 10:56 pm, lst_ho...@kwsoft.de wrote: > Zitat von Voytek Eymont : > Unfortunately you excluded the only recommended solution. Either use > Postfix client side authentication if you like it more complex use > certificate based relaying or don't use Postfix at home but a simple MUA > and connect to your internet server with SMTP-AUTH. Andreas, thanks. I'll stick to relaying via ISP, and, accelerate upgrade path (meanwhile, I might try to enable that sasl on the home server) -- Voytek
Rules based on source IPs/Addresses
Hi all, sorry for my previous post without subject (OWA :) I'm pretty new to postfix and I'm trying to configure a mail relay on a "internal" network that should relay mails outside (Internet) based on different rules. As a first step I configure Postfix to allow some servers to send mail for certain domain and specifically to certain addresses. To do this I've used some of the most used directives: "relay_domains" "mynetworks_style" "mynetworks" "relayhost" "transport_maps" "relay_recipient_maps" "smtpd_recipient_restrictions" My problem is that now I have to enable another group of server to use this mail server as relay but I have to apply other rules to this new group of servers. Is there a way to have different rules (for istance "relay_recipient_maps") based on source hosts/addresses ? ... maybe something like acl for squid proxy ... Thanks very much in advance for any help, kind regards, Daniel
Re: Rules based on source IPs/Addresses
Hubeli Daniel: [ Charset ISO-8859-1 unsupported, converting... ] > Hi all, sorry for my previous post without subject (OWA :) > > I'm pretty new to postfix and I'm trying to configure a mail relay on a "i >-nternal" network that should relay mails outside (Internet) based on differe >-nt rules. > > As a first step I configure Postfix to allow some servers to send mail for > certain domain and specifically to certain addresses. To do this I've used > some of the most used directives: > > "relay_domains" > "mynetworks_style" > "mynetworks" > "relayhost" > "transport_maps" > "relay_recipient_maps" > "smtpd_recipient_restrictions" > > My problem is that now I have to enable another group of server to use thi >-s mail server as relay but I have to apply other rules to this new group of >-servers. Is there a way to have different rules (for istance "relay_recipien >-t_maps") based on source hosts/addresses ? ... maybe something like acl for >-squid proxy ... By definition, relay_recipient_maps specifies the recipients. Therefore it cannot depend on sender address or sender host. Wietse
R: Rules based on source IPs/Addresses
Hi Mr. Wietse, thanks for your reply. Maybe my example wasn't completely correct but is there a way to have different rules/routing based on different groups of sources ? Regards, Daniel Da: owner-postfix-us...@postfix.org per conto di Wietse Venema Inviato: mar 10.05.2011 16:20 A: Postfix users Oggetto: Re: Rules based on source IPs/Addresses Hubeli Daniel: [ Charset ISO-8859-1 unsupported, converting... ] > Hi all, sorry for my previous post without subject (OWA :) > > I'm pretty new to postfix and I'm trying to configure a mail relay on a "i >-nternal" network that should relay mails outside (Internet) based on differe >-nt rules. > > As a first step I configure Postfix to allow some servers to send mail for > certain domain and specifically to certain addresses. To do this I've used > some of the most used directives: > > "relay_domains" > "mynetworks_style" > "mynetworks" > "relayhost" > "transport_maps" > "relay_recipient_maps" > "smtpd_recipient_restrictions" > > My problem is that now I have to enable another group of server to use thi >-s mail server as relay but I have to apply other rules to this new group of >-servers. Is there a way to have different rules (for istance "relay_recipien >-t_maps") based on source hosts/addresses ? ... maybe something like acl for >-squid proxy ... By definition, relay_recipient_maps specifies the recipients. Therefore it cannot depend on sender address or sender host. Wietse <>
Re: R: Rules based on source IPs/Addresses
Hubeli Daniel: > My problem is that now I have to enable another group of server to use thi >-s mail server as relay but I have to apply other rules to this new group of >-servers. Is there a way to have different rules (for istance "relay_recipien >-t_maps") based on source hosts/addresses ? ... maybe something like acl for >-squid proxy ... Wietse: > By definition, relay_recipient_maps specifies the recipients. > Therefore it cannot depend on sender address or sender host. Hubeli Daniel: > Maybe my example wasn't completely correct but is there a way to > have different rules/routing based on different groups of sources Please describe the *problem* that you want to solve, instead of the solution (rules/routing). Wietse
Re: Using smtpd_sender_login_maps & sasl
Hi, >> I have a fedora14 system configured to use dovecot sasl, and having >> some difficulties with smtpd_sender_login_maps. The docs say it's >> optional, but without a proper mapping, mail is rejected with "Sender >> address rejected: not owned by user alex". Is this configuration >> indeed optional? I'd like to exclude this extra step so another level >> of authentication isn't necessary. > > You've specified "reject_sender_login_mismatch" in your > smtpd_recipient_restrictions. When you specify that, you MUST also specify > smtpd_sender_login_maps. Awesome, thanks so much. >> relay_clientcerts = hash:/etc/postfix/relay_clientcerts > > I wonder why you have this defined. Doesn't look as if you are using it. This was migrated from an older system. I'll have to investigate, but I think you're right. >> smtpd_sender_restrictions = permit_mynetworks, >> permit_sasl_authenticated, reject_non_fqdn_sender, >> reject_unknown_sender_domain, >> reject_unauth_pipelining, reject_sender_login_mismatch, permit > > These are all duplicated in smtpd_recipient_restrictions. Looks as if you > can remove them from here. Okay, great. I should remove the smtpd_sender_restrictions entirely? Thanks again. I really appreciate you taking the time to help. Best, Alex
Re: Using smtpd_sender_login_maps & sasl
On 5/10/2011 10:23 AM, Alex wrote: smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, reject_sender_login_mismatch, permit These are all duplicated in smtpd_recipient_restrictions. Looks as if you can remove them from here. Okay, great. I should remove the smtpd_sender_restrictions entirely? Yes, just remove the whole smtpd_sender_restrictions section. -- Noel Jones
asynchronous milter check
Hello, My scheme is simple: Client <--> Postfix <--> Internet. Client to Postfix - oubound emails. Postfix to client - inbound emails. Approx. outbound email traffic - 5 messages per second. Approx. inbound email traffic - 0.1 message per second I want to sign only outbound (not inbound) emails with DKIM and DomainKeys signature and check only inbound (not outbound) emails with antivirus+antispam (Drweb). Drweb can work by MILTER and content_filter. dkim-milter & dk-milter can work by MILTER. How to restrict validation by milter or content_filter only for a one direction (in or out)? Thanks. -- Kirill
Re: asynchronous milter check
Kirill Bychkov: > Hello, > > My scheme is simple: > Client <--> Postfix <--> Internet. > Client to Postfix - oubound emails. > Postfix to client - inbound emails. > Approx. outbound email traffic - 5 messages per second. > Approx. inbound email traffic - 0.1 message per second > > I want to sign only outbound (not inbound) emails with DKIM and DomainKeys > signature and check only inbound (not outbound) emails with > antivirus+antispam (Drweb). > Drweb can work by MILTER and content_filter. > dkim-milter & dk-milter can work by MILTER. > > How to restrict validation by milter or content_filter only for a one > direction (in or out)? See: http://www.postfix.org/MULTI_INSTANCE_README.html Wietse
Re: multiple servers head office/branch office
On 5/10/2011 5:32 AM, Voytek Eymont wrote: can someone suggest some good docs/howtos on setting up 'multiple' (two) Postfix servers for single domain. scenario: company has office in AUS and Asia; mail server is hosted in AUS, all interoffice Asia mail goes via AUS server, would like a local LAN mail server in Asia office for interoffice mail, etc suggestions appreciated There is more than one solution, but they all involve making one or more lists of who goes to which server. Here's what I would do... (this isn't a complete recipe, just guidelines) Make a virtual_alias_maps list routing each user to the proper server. This same list can be used on both servers. # virtual_alias_maps us...@example.com us...@sitea.example.com us...@example.com us...@siteb.example.com ... Each postfix should be responsible for its own site name # main.cf at siteA mydestination = siteA.example.com ... # main.cf at siteB mydestination =siteB.example.com ... make sure siteA and siteB either have an MX record, or add transport_maps entries so postfix can deliver the mail. -- Noel Jones
Re: Sender-ID validation via Blackberry failing
Le mardi 10 mai 2011 15:25, Sharma, Ashish a écrit : > -Original Message- > From: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] On Behalf Of fake...@fakessh.eu > Sent: Saturday, January 29, 2011 9:11 PM > To: postfix-users@postfix.org > Subject: Re: Sender-ID validation via Blackberry failing > > On Tuesday 25 January 2011 14:23, Sharma, Ashish wrote: > > Hi, > > > > I have a Postfix mail receiving server, on this I am using sid-milter > > (found at http://sourceforge.net/projects/sid-milter/ got from > > http://www.postfix.org/addon.html) tool to validate senderID and SPF. > > > > Here the problem is for mail servers that implement Sender-ID, mail > > servers that are implementing sender-ID and having their mails sent > > via Blackberry are having their sender-ID (sender-id=neutral) not > > getting verified on my postfix end. > > > > Following are the mail headers that I am receiving: > > SEnderID add special header in the mail > exemple of SEnder ID header > > X-SenderID: Sendmail Sender-ID Filter v1.0.0 r13151.ovh.net 9306957E93 > > > Can anybody tell me what needs to be done at my end to get sender-ID > > for mails sent via Blackberry to be verified and passed correctly. > > > > Thanks > > Ashish Sharma > > I am unable to follow the idea suggested as there is no such 'Sender ID' > header, please elaborate. > > Thanks > Ashish hi Asnish Sender ID is complicated request the presence of a field ptr for all uses. page manual that describes a tempfail spf dns bind only the response of the validation so it must declare a single field A to describe a simple usage to with that exemple field TXT sender id compliant v=spf1 a ptr ip4:94.23.*.* ?all microsoft allow ?all and -all and recommend the use to fiel MX sincerely -- http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7 pgphiZ4RYt5Lj.pgp Description: PGP signature
Re: Sender-ID validation via Blackberry failing
On Tue, 10 May 2011 17:38:29 +0200, fakessh wrote: Le mardi 10 mai 2011 15:25, Sharma, Ashish a écrit : -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of fake...@fakessh.eu Sent: Saturday, January 29, 2011 9:11 PM To: postfix-users@postfix.org Subject: Re: Sender-ID validation via Blackberry failing On Tuesday 25 January 2011 14:23, Sharma, Ashish wrote: > Hi, > > I have a Postfix mail receiving server, on this I am using sid-milter > (found at http://sourceforge.net/projects/sid-milter/ got from > http://www.postfix.org/addon.html) tool to validate senderID and SPF. > > Here the problem is for mail servers that implement Sender-ID, mail > servers that are implementing sender-ID and having their mails sent > via Blackberry are having their sender-ID (sender-id=neutral) not > getting verified on my postfix end. > > Following are the mail headers that I am receiving: SEnderID add special header in the mail exemple of SEnder ID header X-SenderID: Sendmail Sender-ID Filter v1.0.0 r13151.ovh.net 9306957E93 > Can anybody tell me what needs to be done at my end to get sender-ID > for mails sent via Blackberry to be verified and passed correctly. > > Thanks > Ashish Sharma I am unable to follow the idea suggested as there is no such 'Sender ID' header, please elaborate. Thanks Ashish hi Asnish Sender ID is complicated request the presence of a field ptr for all uses. page manual that describes a tempfail spf dns bind only the response of the validation so it must declare a single field A to describe a simple usage to with that exemple field TXT sender id compliant v=spf1 a ptr ip4:94.23.*.* ?all microsoft allow ?all and -all and recommend the use to fiel MX sincerely and it is mandatory to rewrite areas bind sincerely your
Re: how to flush frozen email from queue
Quoting li...@vfemail.net: Quoting "Randy Ramsdell" : /dev/rob0 wrote: As you can see, sendmail does not appear ... How can I fix it? This could be ugly. Installation from source, even correctly done, interferes with OS features like this "alternatives" thing. It is well worth your while to spend some time learning how properly to manage your OS before undertaking mail admin. Just for posterity and from my memory ... Stop postfix! Run a script to rename all files installed at 19th march 2009 between 16.45 and 17.00 when postfix has been installed by hand. rpm -ivh postfix-2.3.3-2.el5.centos.mysql_pgsql.*.rpm Restore main.cf and master.cf , tls certs, etc from backed up config directory. Start postfix! yum remove exim! rm -fr /var/spool/exim userdel -r exim! Thanks to all posters in this thread! Regards, Alx - This message sent via VFEmail.net http://www.vfemail.net $14.95 Lifetime accounts! 15GB disk! No bandwidth quotas!
filter incoming bounce messages for one email account
Hi List, Is there nice way to disable incoming bounces for one email account? This account is used for reporting and I want disable incoming bounce messages for it. br, -- Eero
Re: filter incoming bounce messages for one email account
On 2011-05-10 Eero Volotinen wrote: > Is there nice way to disable incoming bounces for one email account? > This account is used for reporting and I want disable incoming bounce > messages for it. http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt Section "Back-Scatter To Non-Sending (Role) Addresses". Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
Re: relay home postfix on dynamic ip to postfix server?
On 5/10/2011 8:39 AM, Voytek Eymont wrote: On Tue, May 10, 2011 10:56 pm, lst_ho...@kwsoft.de wrote: Zitat von Voytek Eymont: Unfortunately you excluded the only recommended solution. Either use Postfix client side authentication if you like it more complex use certificate based relaying or don't use Postfix at home but a simple MUA and connect to your internet server with SMTP-AUTH. Andreas, thanks. I'll stick to relaying via ISP, and, accelerate upgrade path (meanwhile, I might try to enable that sasl on the home server) Another option would be to establish a VPN tunnel between the home server and your external Postfix server, then relay all outbound mail over the tunnel. Depending on your skill level, upgrading Postfix and using auth submission may be easier than setting up a VPN tunnel. Given your situation of home server + colo/VPS box on the net, a VPN would offer many other advantages as well. -- Stan
Re: filter incoming bounce messages for one email account
On Tue, May 10, 2011 at 11:08:09PM +0300, Eero Volotinen wrote: > Is there nice way to disable incoming bounces for one email account? > This account is used for reporting and I want disable incoming bounce > messages for it. Don't sent messages to recipients that repeatedly trigger bounces. Prune your report subscription list to remove invalid recipients. Also see: http://tools.ietf.org/html/rfc3834 you may benefit from adding an Auto-Submitted: auto-generated header to your message (fewer auto-replies from properly designed systems). -- Viktor.
Re: filter incoming bounce messages for one email account
Victor Duchovni: > On Tue, May 10, 2011 at 11:08:09PM +0300, Eero Volotinen wrote: > > > Is there nice way to disable incoming bounces for one email account? > > This account is used for reporting and I want disable incoming bounce > > messages for it. > > Don't sent messages to recipients that repeatedly trigger bounces. Prune > your report subscription list to remove invalid recipients. Also see: > > http://tools.ietf.org/html/rfc3834 > > you may benefit from adding an > > Auto-Submitted: auto-generated > > header to your message (fewer auto-replies from properly designed systems). This may also help: send with DSN option of NOTIFY=NEVER Command line: sendmail -N never SMTP: RCPT TO: NOTIFY=NEVER That of course works only to the extent that down-stream systems actually implement DSN. You still need to get rid of invalid recipients or else remote sites may treat you as a spammer (i.e. drop the mail). Wietse
