Send mail to hotmail
My email server send mail to Hotmail into junk, how to fix it ? I search on google and found setup sender-id. Have any idea ? Thanks all.
Re: Send mail to hotmail
Le 2013-01-24 09:14, KingT a écrit : My email server send mail to Hotmail into junk, how to fix it ? I search on google and found setup sender-id. Have any idea ? Thanks all. hey KingT I send emails to hotmail without tag but it is necessary to declare spf1 spf2 dkim my example and my hostname may be a little weird but it works perfectly ~]$ host -ttxt smtp.fakessh.eu smtp.fakessh.eu descriptive text "v=spf1 ip4:46.105.34.177 ip4:91.121.7.86 ?all" smtp.fakessh.eu descriptive text "spf2.0/mfrom ip4:46.105.34.177 ip4:91.121.7.86 ~all" smtp.fakessh.eu descriptive text "spf2.0/pra ip4:46.105.34.177 ip4:91.121.7.86 ?all" -- gpg --keyserver pgp.mit.edu --recv-key C2626742 http://about.me/fakessh
How to rewrite email when sent
I have a local host configured to relay through a mailhost. There is a local user (call it test) that I want all the email sent to me (tmac) in other words, any email sent to t...@domain.com (or test@host.local) should go to t...@domain.com I have tried relocated users, but it does not seem to be working. Is there a better (working) solution with postfix without having to deal with .forward files?
Re: How to rewrite email when sent
On 1/24/2013 6:42 AM, tmac wrote: > I have a local host configured to relay through a mailhost. > There is a local user (call it test) that I want all the email sent to me > (tmac) > > in other words, any email sent to > t...@domain.com (or test@host.local) should go to t...@domain.com > > I have tried relocated users, but it does not seem to be working. > Is there a better (working) solution with postfix without having to > deal with .forward files? > Use virtual_alias_maps to redirect mail. # virtual_alias test@local.example t...@example.com Run "postmap virtual_alias" after editing that file. # main.cf virtual_alias_maps = hash:/etc/postfix/virtual_alias Run "postfix reload" after editing main.cf http://www.postfix.org/ADDRESS_REWRITING_README.html#virtual http://www.postfix.org/postconf.5.html#virtual_alias_maps -- Noel Jones
Re: How to rewrite email when sent
Excellent! Thanks. I just did this on my mail relay and it works. I did manage to get it to work a few moments ago with canonical_maps also. Now, what about a step further? I have a a number of systems (under NIS) with the same user. When they generate email, is goes to myuser@host.mydomain where myusr and mydomain are the same, but the host portion is different. is there a way to collapse say: test@locala.example t...@example.com test@localb.example t...@example.com test@localc.example t...@example.com into a single line? i.e. wildcard it some how I have not found any working examples of a wildcard in the "host" position above. Thanks --tmac On Thu, Jan 24, 2013 at 7:56 AM, Noel Jones wrote: > On 1/24/2013 6:42 AM, tmac wrote: >> I have a local host configured to relay through a mailhost. >> There is a local user (call it test) that I want all the email sent to me >> (tmac) >> >> in other words, any email sent to >> t...@domain.com (or test@host.local) should go to t...@domain.com >> >> I have tried relocated users, but it does not seem to be working. >> Is there a better (working) solution with postfix without having to >> deal with .forward files? >> > > Use virtual_alias_maps to redirect mail. > > # virtual_alias > test@local.example t...@example.com > > Run "postmap virtual_alias" after editing that file. > > # main.cf > virtual_alias_maps = hash:/etc/postfix/virtual_alias > > Run "postfix reload" after editing main.cf > > > http://www.postfix.org/ADDRESS_REWRITING_README.html#virtual > http://www.postfix.org/postconf.5.html#virtual_alias_maps > > > > -- Noel Jones
Re: How to rewrite email when sent
On 01/24/2013 02:43 PM, tmac wrote: Excellent! Thanks. I just did this on my mail relay and it works. I did manage to get it to work a few moments ago with canonical_maps also. Now, what about a step further? I have a a number of systems (under NIS) with the same user. When they generate email, is goes to myuser@host.mydomain where myusr and mydomain are the same, but the host portion is different. is there a way to collapse say: test@locala.example t...@example.com test@localb.example t...@example.com test@localc.example t...@example.com into a single line? i.e. wildcard it some how I have not found any working examples of a wildcard in the "host" position above. You can use a regex or PCRE map: /etc/postfix/pcre-virtual: /^test@[^.]+\.example$/ t...@example.com These maps types are not postmap'ed. -- J.
Re: Sufficiently locked down?
On 01/24/2013 07:08 AM, Stan Hoeppner wrote: On 1/23/2013 2:23 PM, Grant wrote: I thought my postfix setup was configured to send mail on port 587 and receive mail on port 25, so I was surprised to find that I could send mail from the local machine on port 25. Is my config OK? Postfix never sends mail *from* TCP 25 or TCP 587. These are receive ports. Outbound connections occur on high ports. You're not properly describing your use case, actually not at all. Would you please? You're right, I didn't word that correctly. I thought mail received on port 25 could only be delivered locally with my config, but I was able to send mail to any destination via port 25. The mail client and mail server are on the same machine. You haven't identified a problem Grant. You've identified standard Postfix behavior and told us it is confusing to you. We have no idea why that is confusing to you because you haven't told us exactly how you are trying to use Postfix. One thing I can tell you up front is that using authentication between your MUA and Postfix on 587 is useless, completely unnecessary, because the packets are transferred via machine memory, never going over the wire. The submission service exists strictly for accepting authenticated connections over a network. Your connections exist entirely within on machine. If he is actually using SMTP submission on the local server, that is obviously untrue. The workings of SMTP submission are not dependent on where this happens from. I would recommend submission regardless of goal or purpose, even on localhost. -- J.
Re: How to rewrite email when sent
awesome...thanks...I had flubbed my regex that I was trying.. --tmac On Thu, Jan 24, 2013 at 9:39 AM, Jeroen Geilman wrote: > On 01/24/2013 02:43 PM, tmac wrote: >> >> Excellent! Thanks. I just did this on my mail relay and it works. >> I did manage to get it to work a few moments ago with canonical_maps also. >> >> Now, what about a step further? >> >> I have a a number of systems (under NIS) with the same user. When they >> generate email, >> is goes to myuser@host.mydomain where myusr and mydomain are the same, but >> the host portion is different. is there a way to collapse say: >> >> test@locala.example t...@example.com >> test@localb.example t...@example.com >> test@localc.example t...@example.com >> >> into a single line? i.e. wildcard it some how >> I have not found any working examples of a wildcard in the "host" >> position above. > > > You can use a regex or PCRE map: > > /etc/postfix/pcre-virtual: > > /^test@[^.]+\.example$/ t...@example.com > > These maps types are not postmap'ed. > > > -- > J. >
Re: Postscreen & Google Apps
On Wed, Jan 23, 2013 at 6:24 PM, Noel Jones wrote: > On 1/23/2013 4:33 PM, Jon A. wrote: > > Today, a Google Apps user sent a message with two recipients to us, > > one with TO and other a CC internal mailing list. Naturally, Google > > treated each as an independent message. > > > > Over the course of an hour or so, because Google attempted to > > deliver the messages using different outgoing hosts, postscreen > > rejected the message(s) ~20 times, with a service unavailable, as > > we'd expect and normally want. > > > ... > > Comments/Thoughts/Suggestions? > > > I think the usual way is to use postscreen in non-blocking mode for > a couple weeks to build up the temporary whitelist. > > *smack* Thanks, that would do it. I initially ran my configuration in test mode on some boxes, then unified the configuration when I cut everything over to production. Which meant I left that whitelist data behind. I've since moved back to building cache. Of course, as we'd expect, the original message eventually came in. > The default cache time for successful after-220 tests is 30 days; > that's probably sufficient for the majority. A very low volume > server might need to cache longer. The DNS blocklist test will only > cache for 1 hour, but that won't tempfail mail and shouldn't need to > be changed. > > If you want to proactively whitelist google's servers, they publish > SPF records so you don't have to spend much effort hunting them > down. The postscreen access list is IP-only and can't use client or > sender domain names. And you've already added a bunch of their > servers to your cache. > > Indeed, after I posted I did grab the spf records for the biggie email providers and added them to the already-configured-in-case whitelist. [Thanks Wietse for always building in exception mechanisms] However your email has convinced me this need was really a temporary measure. The idea of chasing SPF changes from the laundry list of providers for the normal case just doesn't scale. I don't bother with trying to whitelist big senders, and I don't > think many other folks do either. The big senders usually end up in > the the cache by themselves pretty quickly, and the > once-every-30-days refresh isn't particularly intrusive. You just > got caught in a situation where an important mail came through > before the whitelist had a chance to populate. > > > > > Management(TM) saw the CC'ed reply, but hadn't gotten the original > message. This has caused some concern. > > > I probably repeat once a week to folks around here something like: > "The mail protocol standards are heavily weighted towards not losing > mail rather than instant delivery, and sometimes mail is unavoidably > delayed. Much of this is outside our control. Either the delayed > message will eventually arrive, or the sender will get a notice that > it was not delivered." > > > If you don't mind, I may very well quote ya. Thanks for a well thought out response Noel! You gave me my first d'oh moment of the week.
Re: postfix rejecting mail: 555 5.5.4 Unsupported option: AUTH=<>
Jaap van Wingerde skrev den 2013-01-14 22:55: "['Permerror', 'SPF Permanent Error: Too many DNS lookups', FROM: SIZE=5696 AUTH=<>": "555 5.5.4 Unsupported option: AUTH=<>" http://dmarcian.com/spf-survey/microsoft.com contact postmasters at microsoft.com to fix this spf problem what dkim checker do you use ? to me it seems that it does not work with bounces, auth is failing when no sender domain exists so there is 2 seperate probems here
Re: postfix rejecting mail: 555 5.5.4 Unsupported option: AUTH=<>
Jeroen Geilman skrev den 2013-01-14 23:42: That said, postfix contains no SPF functionality. You'll have to consult the documentation for whatever you are using to deal with SPF. spf is not a recipient problem on the software used to verify that sender domain did a good job of reading rfc specs on how many records it can contain hopefully microsoft.com have logs of the problem to resolve
Re: Sufficiently locked down?
On Jan 24, 2013, at 01.08, Stan Hoeppner wrote: > On 1/23/2013 2:23 PM, Grant wrote: I thought my postfix setup was configured to send mail on port 587 and receive mail on port 25, so I was surprised to find that I could send mail from the local machine on port 25. Is my config OK? >>> >>> Postfix never sends mail *from* TCP 25 or TCP 587. These are receive >>> ports. Outbound connections occur on high ports. You're not properly >>> describing your use case, actually not at all. Would you please? >> >> You're right, I didn't word that correctly. I thought mail received >> on port 25 could only be delivered locally with my config, but I was >> able to send mail to any destination via port 25. The mail client and >> mail server are on the same machine. > > You haven't identified a problem Grant. it seems quite clear to me the behavior he is attempting to understand/correct. commendably, he is at least making an attempt to properly use submission [which, btw, is far from "useless" and has nothing to do with the route a packet might take]. grant - please show master.cf with comments removed. general comments regarding your current postconf -n output: you likely have a number of redundant settings in main.cf. something like (postconf -d; postconf -n) | sort | uniq -d can be helpful in identifying these unnecessary main.cf entries and simplifying your config. also, a message_size_limit of 40mb is rather large. i'd encourage you to reduce that. lastly, i'd strongly encourage enforcing some additional basic smtpd_recipient_restrictions - e.g. smtpd_recipient_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain reject_non_fqdn_recipient reject_unauth_destination permit note that "permit" is not strictly necessary, but isn't necessarily a bad idea either, imo. in addition, you probably ought to employ some basic antispam restrictions. things like reject_unknown_client_hostname reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_unknown_helo_hostname as well as some basic rbl checks [not to mention postscreen] are worth consideration. do note that some of those restrictions may be more prone to collateral damage [perhaps most notably helo related restrictions], so you might consider testing these with warn_if_reject first. lastly, don't miss the warning postconf printed regarding smtpd_relay_restrictions -ben
Re: Sufficiently locked down?
On 1/24/2013 8:42 AM, Jeroen Geilman wrote: > On 01/24/2013 07:08 AM, Stan Hoeppner wrote: >> On 1/23/2013 2:23 PM, Grant wrote: > I thought my postfix setup was configured to send mail on port 587 and > receive mail on port 25, so I was surprised to find that I could send > mail from the local machine on port 25. Is my config OK? Postfix never sends mail *from* TCP 25 or TCP 587. These are receive ports. Outbound connections occur on high ports. You're not properly describing your use case, actually not at all. Would you please? >>> You're right, I didn't word that correctly. I thought mail received >>> on port 25 could only be delivered locally with my config, but I was >>> able to send mail to any destination via port 25. The mail client and >>> mail server are on the same machine. >> You haven't identified a problem Grant. You've identified standard >> Postfix behavior and told us it is confusing to you. We have no idea >> why that is confusing to you because you haven't told us exactly how you >> are trying to use Postfix. One thing I can tell you up front is that >> using authentication between your MUA and Postfix on 587 is useless, >> completely unnecessary, because the packets are transferred via machine >> memory, never going over the wire. The submission service exists >> strictly for accepting authenticated connections over a network. Your >> connections exist entirely within on machine. >> > > If he is actually using SMTP submission on the local server, that is > obviously untrue. So you're saying all interprocess communication should require authentication and encryption? Hmm.. how many of the applications you run do this Jeroen? > The workings of SMTP submission are not dependent on where this happens > from. > > I would recommend submission regardless of goal or purpose, even on > localhost. That's because you seem to be looking at this backwards. smtp over TLS with auth has a single goal: security. What additional security is provided by using TLS and auth for interprocess communication on a single user PC? I.e. what is the attack vector here, and how does 'submission' prevent such an atack? Answer: there is no attack vector, thus it doesn't help. -- Stan
Re: Sufficiently locked down?
On 1/24/2013 3:49 PM, b...@bitrate.net wrote: > > On Jan 24, 2013, at 01.08, Stan Hoeppner wrote: > >> On 1/23/2013 2:23 PM, Grant wrote: > I thought my postfix setup was configured to send mail on port 587 and > receive mail on port 25, so I was surprised to find that I could send > mail from the local machine on port 25. Is my config OK? Postfix never sends mail *from* TCP 25 or TCP 587. These are receive ports. Outbound connections occur on high ports. You're not properly describing your use case, actually not at all. Would you please? >>> >>> You're right, I didn't word that correctly. I thought mail received >>> on port 25 could only be delivered locally with my config, but I was >>> able to send mail to any destination via port 25. The mail client and >>> mail server are on the same machine. >> >> You haven't identified a problem Grant. > > it seems quite clear to me the behavior he is attempting to > understand/correct. It's not clear at all. Read above. He says he's "configured to send mail on port 587" which suggests ASDL/cable/consumer outbound submission to his ISP, not inbound submission to Postfix. > commendably, he is at least making an attempt to properly use submission > [which, btw, is far from "useless" and has nothing to do with the route a > packet might take]. The primary features of the submission service are TLS encryption and authentication. Neither are needed for interprocess communication, as I explained to Jeroen. The "packet" transfer here is simply a write to local memory by the MUA and a read from it by Postfix. So unless someone has a rouge program installed on his box that is eavesdropping his TCP stack, the two primary features of the submission service are absolutely useless in this scenario. Even the user logging of submission is useless, as it's a single user box. If he needs to separate inbound/outbound smtpds for *other* reasons, such as separate smtpd_foo_restrictions, then a separate inbound smtpd might make sense. But in that case, simply create another smtpd service definition from scratch, that listens on an arbitrary port, that does not require auth or TLS, which again, are useless for interprocess communication as they add no meaningful security to the transaction. -- Stan
