Re: OT: spf2.0 (was Re: mx bind ip)
On Sat, 2012-03-10 at 22:33 -0500, Scott Kitterman wrote: > >no because i did not notice about spf2.0 until now > >and do not find anything about it on openspf.org > >http://www.openspf.org/SPF_Record_Syntax > > > >have you some good documentation/examples > >since i am the developer of our admin-backends > >it should be easy to integrate any record-types > > > I wouldn't worry too much about it. You won't find anything about it on > openspf.org because it's is a Microsoft variant that has virtually no support > in the open source world. There's an IETF working group in progress to move > SPF, the openspf.org kind, onto its standards track (SPFbis). One probable > outcome of this work is to deprecate the Microsoft variant. > Scott, as pointed out by Nick, it does help a lot with delivery to hotmail, has done for years, and as of late last year, they still have far more users than gmail or yahoo, depends on your network, but if you're an ISP/ASP, it kinda is important if your network sends a bit of mail to them, given hotmails horrendous track record for silently trashing mail, every little bit helps. Reindl, See RFC 4406, The format Ive used, which was recommended by an old hotmail postmaster website guide a few years back, when we had delivery issues to them (like everyone else) was essentially TXT "spf2.0/mfrom,pra " I only use spfv1 for the SPF RR. passing comment - nice to see finally they fixed up openspf.org, which was dead for a very long time, had to alter my spf.pl's to use .net which did not fail. signature.asc Description: This is a digitally signed message part
Re: OT: spf2.0 (was Re: mx bind ip)
Am 11.03.2012 09:44, schrieb Noel Butler: > On Sat, 2012-03-10 at 22:33 -0500, Scott Kitterman wrote: >> >have you some good documentation/examples >> >since i am the developer of our admin-backends >> >it should be easy to integrate any record-types >> > >> I wouldn't worry too much about it. You won't find anything about it on >> openspf.org because it's is a Microsoft variant that has virtually no >> support in the open source world. There's an IETF working group in progress >> to move SPF, the openspf.org kind, onto its standards track (SPFbis). One >> probable outcome of this work is to deprecate the Microsoft variant. >> > > Scott, as pointed out by Nick, it does help a lot with delivery to hotmail, > has done for years, and as of late last > year, they still have far more users than gmail or yahoo, depends on your > network, but if you're an ISP/ASP, it > kinda is important if your network sends a bit of mail to them, given > hotmails horrendous track record for silently > trashing mail, every little bit helps. > > > Reindl, See RFC 4406, The format Ive used, which was recommended by an old > hotmail postmaster website guide a few > years back, when we had delivery issues to them (like everyone else) was > essentially TXT "spf2.0/mfrom,pra data as spf1>" I only use spfv1 for the SPF RR. > > > passing comment - nice to see finally they fixed up openspf.org, which was > dead for a very long time, had to alter > my spf.pl's to use .net which did not fail. hm, since it contains the same data as spf1 and even hotmail itself has only spf1 i tend to ignore it also in the future ;; QUESTION SECTION: ;hotmail.com. IN TXT ;; ANSWER SECTION: hotmail.com.1391IN TXT "v=spf1 include:spf-a.hotmail.com include:spf-b.hotmail.com include:spf-c.hotmail.com include:spf-d.hotmail.com ~all" ;; AUTHORITY SECTION: hotmail.com.10738 IN NS ns2.msft.net. hotmail.com.10738 IN NS ns5.msft.net. hotmail.com.10738 IN NS ns4.msft.net. hotmail.com.10738 IN NS ns3.msft.net. hotmail.com.10738 IN NS ns1.msft.net. signature.asc Description: OpenPGP digital signature
unused parameter? (policy_time_limit=600)
I've just updated from 2.8.5 to 2.9.1 and now, when I start postfix, I am getting the following set of messages (that I've never seen before): /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: policy_time_limit=600 What gives? I haven't changed anything. The relevant line in my main.cf file is unremarkable: policy_time_limit = 600 Why should this cause the generation of 17 exceptionally redundant warning messages? Why should it give rise to any warning messages at all?
Re: unused parameter? (policy_time_limit=600)
On Sun, Mar 11, 2012 at 03:50:51AM -0700, Ronald F. Guilmette wrote: > I've just updated from 2.8.5 to 2.9.1 and now, when I start > postfix, I am getting the following set of messages (that I've > never seen before): > > > /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: > unused parameter: policy_time_limit=600 snip * 16 > > What gives? I haven't changed anything. The relevant line in my > main.cf file is unremarkable: > > policy_time_limit = 600 Unremarkable, except that nothing in the configuration uses it. > Why should this cause the generation of 17 exceptionally redundant > warning messages? Why should it give rise to any warning messages > at all? See the release notes for 2.9 and the new features as documented in the postconf(1) manual. You were lucky, you only had one unused parameter. IIRC I had 3, yielding a barrage of ~51 warnings. :) -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: mx bind ip
On Sat, Mar 10, 2012 at 01:01:00AM +1000, Nick Edwards wrote: > I have tried smtp_bind_address(6) but for some reason, although it > uses the correct IP, the relays are denied for spf failure on the > main server, even though they are all permitted in spf RR, ok, evident > by fact that if I remove the option, it works again, As you have no control about third party DNS records, this does not help. A secondary MX is all about accepting incoming mail from the world. It have to do all policy checks. The main server can not longer do policy checks by definition for mails already accepted by the secondary, so it needs to be whitelisted. Bastian -- Each kiss is as the first. -- Miramanee, Kirk's wife, "The Paradise Syndrome", stardate 4842.6
Re: OT: spf2.0 (was Re: mx bind ip)
On Sun, 2012-03-11 at 11:01 +0100, Reindl Harald wrote: > > hm, since it contains the same data as spf1 and even hotmail itself > has only spf1 i tend to ignore it also in the future > Just had a look and you're right, but as it improved our deliverable success rates to hotmail many fold a few years back, I won't give my CSRs headaches by risking influx of support requests/bitches over mail not getting through :) certainly doesn't harm anything even if they no longer give increases in reputation for those publishing it. Personally never liked it, I did trial it once, but dumped it pretty quickly, it played merry hell with those using mailing lists where as spfv1 is perfectly fine. <> signature.asc Description: This is a digitally signed message part
Re: LoadShared Failover
On 3/10/2012 8:30 AM, Michael Maymann wrote: > How do I best setup a loadshared failover postfix mailrelay solution for > this on RHEL6 ? You consult the RHEL6 documentation. If you don't find the answer there, you contact Red Hat support who will point you in the right direction. Isn't this why you use a paid commercial Linux distro? -- Stan
Re: unused parameter? (policy_time_limit=600)
On Sun, 2012-03-11 at 03:50 -0700, Ronald F. Guilmette wrote: > > I've just updated from 2.8.5 to 2.9.1 and now, when I start postfix, > I am getting the following set of messages (that I've never seen before): > > /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused > parameter: policy_time_limit=600 > > > What gives? I haven't changed anything. The relevant line in my main.cf > file is unremarkable: > > policy_time_limit = 600 > > Why should this cause the generation of 17 exceptionally redundant warning > messages? Why should it give rise to any warning messages at all? Because there is no matching entry in master.cf I was bitten as well (like a few it seems), mine was with spf (guess I used a bad spf howto when I moved to postfix a few years back) I had spfpolicy in master.cf - but in main.cf I had policy_time_limit and NOT spfpolicy_time_limit , like I needed, only a 5 second fix :) <> signature.asc Description: This is a digitally signed message part
