Re: Outbound opportunistic TLS by default?
On Wed, Dec 06, 2017 at 05:22:19PM -0600, Noel Jones wrote: > I was thinking "make install" rather than "make upgrade" is a good > enough indicator of first time install. Deciding if TLS is available > might be trickier. Source based distros like Gentoo make install to a seperate destination dir and then transfer the resulting image to real root during upgrades. Determining first-time installation should be left to the package manager. -- Eray
owner_request_special issue in postfix 3.2.3
Hi, I have an issue with owner_request_special . It rewrites correctly the local part of the sender address BUT, it replaces the right part of the sender address with myorigin (or myhostname) instead of keeping it. My config : OS: FreeBSD 11.1-RELEASE-p4 postfix: postfix-3.2.3,1 (from freebsd package) mail# diff main.cf.sample main.cf 95a96 > myhostname = mail.agneau.org 102a104 > mydomain = agneau.org 118a121 > myorigin = mail.agneau.org 134a138 > inet_interfaces = 127.0.1.5 182a187 > mydestination = mail.agneau.org, listes2.agneau.org, listes3.agneau.org 311a317 > relay_domains = agneau.org bergerie.agneau.org 403a410 > alias_maps = hash:$config_directory/aliases 412a420 > alias_database = hash:$config_directory/aliases My debug aliases in $config_directory/aliases : owner-debuglolo:l...@agneau.org owner-debuglolo-outgoing: owner-debugl...@listes2.agneau.org debuglolo-outgoing: :include:/usr/local/etc/postfix/lists/debuglolo mail# cat lists/debuglolo lfriga...@agneau.org test command to reproduce the problem: printf 'From: Laurent Frigault \nTo: debugl...@listes2.agneau.org\nSubject: test\n\ntest\n' |sendmail -oi -oee -fowner-debugl...@listes2.agneau.org debuglolo-outgo...@listes2.agneau.org The enveloppe sender owner-debugl...@listes2.agneau.org if rewritten to owner-debuglolo-outgo...@mail.agneau.org instead of owner-debuglolo-outgo...@listes2.agneau.org both mail.agneau.org and listes2.agneau.org are in mydestination so there is no reason to rewrite the right part of the sender from listes2.agneau.org to mail.agneau.org /var/log/maillog : Dec 7 15:34:08 mail postfix/pickup[6509]: AA6114D16: uid=0 from= Dec 7 15:34:08 mail postfix/cleanup[6515]: AA6114D16: message-id=<20171207143408.aa6114...@mail.agneau.org> Dec 7 15:34:08 mail postfix/qmgr[6510]: AA6114D16: from=, size=314, nrcpt=1 (queue active) Dec 7 15:34:08 mail postfix/cleanup[6515]: AF13E4D17: message-id=<20171207143408.aa6114...@mail.agneau.org> Dec 7 15:34:08 mail postfix/local[6517]: AA6114D16: to=, relay=local, delay=0.07, delays=0.05/0/0/0.01, dsn=2.0.0, status=sent (forwarded as AF13E4D17) Dec 7 15:34:08 mail postfix/qmgr[6510]: AF13E4D17: from=, size=461, nrcpt=1 (queue active) Dec 7 15:34:08 mail postfix/qmgr[6510]: AA6114D16: removed Dec 7 15:34:08 mail postfix/smtp[6518]: AF13E4D17: to=, relay=obelix.agneau.org[88.173.248.15]:25, delay=0.24, delays=0.01/0.01/0.07/0.15, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as CBF4F1D674F) Dec 7 15:34:08 mail postfix/qmgr[6510]: AF13E4D17: removed I attached 2 files: postconf.txt.gz result of postconf maillog-verbose.txt.gz maillog content with -v flags added to local It looks like a bug in owner_request_special handling to me, because I have a very similar configuration on an old postfix 2.8.1 that does not alter the right part of the sender but I may have missed something. I reproduce the same problem in an other jail with postfix 2.11.10 so this is probably not a postfix 2 vs postfix 3 difference. man 8 local is not very verbose about owner_request_special : owner_request_special (yes) Give special treatment to owner-listname and listname-request address localparts: don't split such addresses when the recipient_delimiter is set to "-". It is only about localparts, nothing about right(domain) part . Any idea on how to prevent owner_request_special from altering the right part of the sender ? This is needed if you want to host lists in many domains on the same postfix. Is it a bug in local or in my configuration ? Regards, -- Laurent Frigault | http://www.agneau.org/> Quand on parle pognon, à partir d'un certain chiffre, tout le monde écoute. (Michel Audiard) postconf.txt.gz Description: application/gzip maillog-verbose.txt.gz Description: application/gzip
Re: owner_request_special issue in postfix 3.2.3
Laurent Frigault: > Hi, > > I have an issue with owner_request_special . It rewrites correctly the > local part of the sender address BUT, it replaces the right part of the > sender address with myorigin (or myhostname) instead of keeping it. Does the 'unexpected behavior' depend on the owner_request_special setting? Wietse
Re: owner_request_special issue in postfix 3.2.3
On Thu, Dec 07, 2017 at 03:18:40PM -0500, Wietse Venema wrote: > Laurent Frigault: > > I have an issue with owner_request_special . It rewrites correctly the > > local part of the sender address BUT, it replaces the right part of the > > sender address with myorigin (or myhostname) instead of keeping it. > > Does the 'unexpected behavior' depend on the owner_request_special setting? Yes. If I set owner_request_special to no , the sender address is not changed at all. No change on the local part and no change on the right part which is expected behavior. The problem is with owner_request_special set to yes (default). The rewrite of the local part of the sender is correct and expected , but the right part should not have been changed. -- Laurent Frigault | http://www.agneau.org/>
Re: owner_request_special issue in postfix 3.2.3
Laurent Frigault: [ Charset ISO-8859-15 converted... ] > Hi, > > I have an issue with owner_request_special . It rewrites correctly the > local part of the sender address BUT, it replaces the right part of the > sender address with myorigin (or myhostname) instead of keeping it. > > My config : > OS: FreeBSD 11.1-RELEASE-p4 > postfix: postfix-3.2.3,1 (from freebsd package) > > mail# diff main.cf.sample main.cf > 95a96 > > myhostname = mail.agneau.org > 102a104 > > mydomain = agneau.org > 118a121 > > myorigin = mail.agneau.org > 134a138 > > inet_interfaces = 127.0.1.5 > 182a187 > > mydestination = mail.agneau.org, listes2.agneau.org, listes3.agneau.org > 311a317 > > relay_domains = agneau.org bergerie.agneau.org > 403a410 > > alias_maps = hash:$config_directory/aliases > 412a420 > > alias_database = hash:$config_directory/aliases > > My debug aliases in $config_directory/aliases : > > owner-debuglolo: l...@agneau.org > owner-debuglolo-outgoing: owner-debugl...@listes2.agneau.org > debuglolo-outgoing: :include:/usr/local/etc/postfix/lists/debuglolo > > mail# cat lists/debuglolo > lfriga...@agneau.org > > > test command to reproduce the problem: > > printf 'From: Laurent Frigault \nTo: > debugl...@listes2.agneau.org\nSubject: test\n\ntest\n' |sendmail -oi -oee > -fowner-debugl...@listes2.agneau.org debuglolo-outgo...@listes2.agneau.org > > The enveloppe sender owner-debugl...@listes2.agneau.org if rewritten to > owner-debuglolo-outgo...@mail.agneau.org instead of > owner-debuglolo-outgo...@listes2.agneau.org If sending to debuglolo-outgoing, Postfix will replace the sender with one of the following: 1) owner-debugl...@listes2.agneau.org (expand_owner_alias = yes) 2) owner-debuglolo-outgoing (expand_owner_alias = no) which then becomes owner-debuglolo-outgoing@$myorigin. You appear to have configured Postfix to do 2). Wietse
PSA University of Michigan research IP space
http://researchscan288.eecs.umich.edu/ I never could find the research IP space and my email went unanswered. I just blocked the whole university. Link has the IP space as listed below: 141.212.121.0/24 141.212.122.0/24
Re: PSA University of Michigan research IP space
> On Dec 7, 2017, at 9:14 PM, li...@lazygranch.com wrote: > > http://researchscan288.eecs.umich.edu/ > I never could find the research IP space and my email went unanswered. > I just blocked the whole university. Link has the IP space as listed > below: > 141.212.121.0/24 > 141.212.122.0/24 Seems rather an overreaction. So a few bots scan your system now and then, for socially beneficial research purposes[1]. Does it really make sense to block an entire university to try to avoid this? -- Viktor. [1] Full disclosure, I perform DANE/DNSSEC adoption scans of as many DNSSEC-validated domains I can find, currently ~5.1 million, making connections to MX hosts that publish secure TLSA records (~4 thousand MX hosts, covering ~174 thousand domains). Domain owners whose TLSA records don't match reality are notified of any problems. Generally, postmasters seem pleased to be notified and given the opportunity to fix the problem in a timely manner. So I have some empathy for the Michigan team, who are also by the way one of the sources from which I gather domain names. If some of you have deployed DANE TLSA records, but feel strongly that I should exclude your domains from automated scans, please drop me a note and I'll add your domains to my "ignore" list.
