possibly stupid question
it may be a silly question but.Which option is appropriate to reject emails from ip without ip resolved -- * Este mensaje y todos los archivos adjuntos son confidenciales y de uso exclusivo por parte de su/sus destinatario/s. Si usted ha recibido este mensaje por error, le agradecemos que lo notifique inmediatamente al remitente y destruya el mensaje. Queda prohibida cualquier modificación, edición, uso o divulgación no autorizados. El Emisor no se hace responsable de este mensaje si ha sido modificado, distorsionado, falsificado, infectado por un virus o editado o difundido sin autorización. *** This message and any attachments are confidential and intended for the named addressee(s) only. If you have received this message in error, please notify immediately the sender, then delete the message. Any unauthorized modification, edition, use or dissemination is prohibited. The sender shall not be liable for this message if it has been modified, altered, falsified, infected by a virus or even edited or disseminated without authorization. *** smime.p7s Description: Firma criptográfica S/MIME
Re: a lot of spam or something?
śr., 28 lis 2018 o 12:18 Matus UHLAR - fantomas napisał(a): > On 26.11.18 08:11, Poliman - Serwis wrote: > >I have found some useful commands: > >mailq > >postcat -q > > > >Using second one I examined one of suspicious messages and what I got: > >www-d...@allegro.pl sends email with information about some payment > > a spam probably... > > > and > >this mail is probably redirected or something to another mailbox. > > user setting probably > > >Redirection to private mailbox set by user on my server. But - probably - > >there is some missing or wrong letter in mailbox name so all bounced > emails > >stuck in queue with error: > >Diagnostic-Code: smtp; 511 sorry, no mailbox here by that name / skrzynka > >pocztowa odbiorcy nie istnieje (#5.1.1 - vuser) > >And these origins from my server, from mailer daemon. I am not 100% sure I > >understood properly whole log about specific message but if you would like > >to help I can paste headers. > > pastebin probably, if the error message itself does not explain what's > happening. > > I guess you got all you really need to handle the problem. > - fix invalid forward/redirect > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Posli tento mail 100 svojim znamim - nech vidia aky si idiot > Send this email to 100 your friends - let them see what an idiot you are > Yes, I have fixed it in day when I found out posted information. Now it's ok. It was wrong letter in redirection to private client's mail. -- *Pozdrawiam / Best Regards* *Piotr Bracha*
Re: Installing LetsEncrypt For Postfix and Dovecot
On Wed, 2018-11-28 at 10:03 +0100, Matus UHLAR - fantomas wrote: But I prefer dehydrated over bloated certbot. On 28.11.18 09:49, Jim P. wrote: This comes up enough to warrant the following questions: 1) What do you do about restarting services after automatic cert renewals in the middle of a holiday weekend? (i.e. renew_hook in /etc/letsencrypt/renewal/*.conf) simply modified provided hook.sh script to reload/restart all services that use certificates. 2) What do you do to list all certs to show revocation, expiration, renewal status (e.g. certbot certificates) I haven't needed this yet. I remember that dehydrated contains option to clean up old certificates. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux - It's now safe to turn on your computer. Linux - Teraz mozete pocitac bez obav zapnut.
Re: possibly stupid question
On 29.11.18 09:09, Francesc Peñalvez wrote: it may be a silly question but.Which option is appropriate to reject emails from ip without ip resolved you apparently mean "reject_unknown_client_hostname" in smtpd_*_restrictions settings -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. We are but packets in the Internet of life (userfriendly.org)
Re: possibly stupid question
El 29/11/2018 a las 9:34, Matus UHLAR - fantomas escribió: On 29.11.18 09:09, Francesc Peñalvez wrote: it may be a silly question but.Which option is appropriate to reject emails from ip without ip resolved you apparently mean "reject_unknown_client_hostname" in smtpd_*_restrictions settings thanks i dont found it -- * Este mensaje y todos los archivos adjuntos son confidenciales y de uso exclusivo por parte de su/sus destinatario/s. Si usted ha recibido este mensaje por error, le agradecemos que lo notifique inmediatamente al remitente y destruya el mensaje. Queda prohibida cualquier modificación, edición, uso o divulgación no autorizados. El Emisor no se hace responsable de este mensaje si ha sido modificado, distorsionado, falsificado, infectado por un virus o editado o difundido sin autorización. *** This message and any attachments are confidential and intended for the named addressee(s) only. If you have received this message in error, please notify immediately the sender, then delete the message. Any unauthorized modification, edition, use or dissemination is prohibited. The sender shall not be liable for this message if it has been modified, altered, falsified, infected by a virus or even edited or disseminated without authorization. *** smime.p7s Description: Firma criptográfica S/MIME
Before I actually type 'make upgrade"....
I have a clean compile of 3.4, and have various directories set, based on /usr/local generally. These are the same as the existing installation that is running fine. V3.1 config_directory=/usr/local/etc/postfix \ command_directory=/usr/local/sbin \ daemon_directory=/usr/local/libexec/postfix \ queue_directory=/var/spool/postfix \ data_directory=/var/lib/postfix \ html_directory=/usr/share/doc/postfix/html \ manpage_directory=/usr/local/man \ readme_directory=/usr/share/doc/postfix \ mailq_path=/usr/local/bin/mailq \ newaliases_path=/usr/local/bin/newaliases \ sendmail_path=/usr/local/sbin/sendmail \ What I want to know is, will ‘make upgrade’ overwrite any of the .cf files. The configuration files? or will it leave the existing files in place? The INSTALL fine in the sources directory isn’t clear on this. thanks Robert
Re: Installing LetsEncrypt For Postfix and Dovecot
On 28.11.18 09:49, Jim P. wrote: >This comes up enough to warrant the following questions: > >1) What do you do about restarting services after automatic cert >renewals in the middle of a holiday weekend? (i.e. renew_hook in >/etc/letsencrypt/renewal/*.conf) Unless you are freaking sur eof what you are doing, you do not restart the service in the middle of an holiday :) So you plan to have your certificate renew while you are there to tend any problem, like one week before they expire, because you never know what can get wrong. Olivier
Re: possibly stupid question
Am 29.11.18 um 09:09 schrieb Francesc Peñalvez: > it may be a silly question but.Which option is appropriate to reject > emails from ip without ip resolved > Hi, you could look for reject_unknown_client_hostname and/or reject_unknown_reverse_client_hostname under smtpd_client_restrictions (http://www.postfix.org/postconf.5.html#smtpd_client_restrictions) Willi
Re: queue "manipulation"
On Wed, 28 Nov 2018, Viktor Dukhovni wrote: # postconf |grep limitrec limitrecip_destination_recipient_limit = 3 * Evidence that the nexthop destination domain (not the MX host, but the envelope recipient domain) is routed to the "limitrecip" transport. In transport file: yahoo.com limitrecip: yahoo.itlimitrecip: yahoodns.netlimitrecip: mx-eu.mail.am0.yahoodns.net limitrecip: And how is Postfix configured to use this transport file? :-) Difference between a Pro (you) and a part-time mail administrator (me that manage postfix config few times for year ...): I assumed that it was enabled by default ... Now I have in main.cf: transport_maps = hash:/etc/postfix/transport limitrecip_destination_recipient_limit = 3 and in master.cf: limitrecip unix - - n - - smtp Yes, all 7 recipients were in the same "envelope", so the recipient_limit was not applied, which suggests that the transport settings were not in effect. The settings apply to already queued messages or only for new messages? With the corrected settings I have similar result: Nov 29 13:20:40 ls postfix/qmgr[22205]: B9899396281A: from=, size=234000, nrcpt=50 (queue active) Nov 29 13:20:40 ls postfix/smtp[23237]: B9899396281A: host mx-eu.mail.am0.yahoodns.net[212.82.101.46] said: 451 Message temporarily deferred - Abaca (in reply to end of DATA command) Nov 29 13:20:41 ls postfix/smtp[23245]: B9899396281A: host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: 451 Message temporarily deferred - Abaca (in reply to end of DATA command) Nov 29 13:20:41 ls postfix/smtp[23235]: B9899396281A: host mx-eu.mail.am0.yahoodns.net[212.82.101.46] said: 451 Message temporarily deferred - Abaca (in reply to end of DATA command) Nov 29 13:20:41 ls postfix/smtp[23245]: B9899396281A: to=, relay=mx-eu.mail.am0.yahoodns.net[212.82.101.46]:25, delay=166368, delays=166367/0/0.63/0.35, dsn=4.0.0, status=deferred (host mx-eu.mail.am0.yahoodns.net[212.82.101.46] said: 451 Message temporarily deferred - Abaca (in reply to end of DATA command)) Nov 29 13:20:41 ls postfix/smtp[23245]: B9899396281A: to=, relay=mx-eu.mail.am0.yahoodns.net[212.82.101.46]:25, delay=166368, delays=166367/0/0.63/0.35, dsn=4.0.0, status=deferred (host mx-eu.mail.am0.yahoodns.net[212.82.101.46] said: 451 Message temporarily deferred - Abaca (in reply to end of DATA command)) Nov 29 13:20:41 ls postfix/smtp[23245]: B9899396281A: to=, relay=mx-eu.mail.am0.yahoodns.net[212.82.101.46]:25, delay=166368, delays=166367/0/0.63/0.35, dsn=4.0.0, status=deferred (host mx-eu.mail.am0.yahoodns.net[212.82.101.46] said: 451 Message temporarily deferred - Abaca (in reply to end of DATA command)) Nov 29 13:20:41 ls postfix/smtp[23235]: B9899396281A: to=, relay=mx-eu.mail.am0.yahoodns.net[188.125.73.87]:25, delay=166368, delays=166367/0/0.78/0.39, dsn=4.0.0, status=deferred (host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: 451 Message temporarily deferred - Abaca (in reply to end of DATA command)) Nov 29 13:20:41 ls postfix/smtp[23235]: B9899396281A: to=, relay=mx-eu.mail.am0.yahoodns.net[188.125.73.87]:25, delay=166368, delays=166367/0/0.78/0.39, dsn=4.0.0, status=deferred (host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: 451 Message temporarily deferred - Abaca (in reply to end of DATA command)) Nov 29 13:20:41 ls postfix/smtp[23235]: B9899396281A: to=, relay=mx-eu.mail.am0.yahoodns.net[188.125.73.87]:25, delay=166368, delays=166367/0/0.78/0.39, dsn=4.0.0, status=deferred (host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: 451 Message temporarily deferred - Abaca (in reply to end of DATA command)) Nov 29 13:20:42 ls postfix/smtp[23237]: B9899396281A: to=, relay=mx-eu.mail.am0.yahoodns.net[188.125.73.87]:25, delay=166368, delays=166367/0/0.62/0.4, dsn=4.0.0, status=deferred (host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: 451 Message temporarily deferred - Abaca (in reply to end of DATA command)) Thanks for your hints. B.
Re: smtp_fallback_relay TLS with authentication - possible?
Viktor Dukhovni: So yes, you can't have wrapper mode for just the fallback relay. Hello, I had a similar problem some time ago and also found what you sumarize now. I'm still using 587+STARTTLS but that "break" our `more general rule` to prefer implicit TLS over STARTTLS So, at least I would now announce that it would be nice to have something like this: master.cf smtp unix - - n - - smtp -o smtp_fallback_relay=[relayhost.example]:465 # not yet existing option :-) -o smtp_fallback_relay_wrappermode=on Andreas
Re: Relay access denied
Thanks for help. A lot to digest and read before doing changes to config. Wolfgang On Wed, Nov 28, 2018 at 11:26 PM Bill Cole < postfixlists-070...@billmail.scconsult.com> wrote: > On 28 Nov 2018, at 15:47, Wolfgang Paul Rauchholz wrote: > > > Thanks for the taking this up. > > Concerning hardening TLS settings; can you recommend a read / web page > > that > > is suitable for a home email server? > > The TLS "readme" files in the Postfix distribution (and at > http://www.postfix.org/TLS_README.html and > http://www.postfix.org/FORWARD_SECRECY_README.html) cover what you need > to know. > > The short version: Postfix default TLS cipher and protocol settings are > fine, for releases after 2015. For older versions, you may need to set > smtpd_tls_protocols and smtpd_tls_mandatory_protocols to "!SSLv2, > !SSLv3" which is the default in currently supported versions. > > > Thanks in advance > > > > Here the podtconf -Mf output > > > > smtp inet n - n - - smtpd > > amavisfeed unix - - n - 2 lmtp > > -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes > > -o disable_dns_lookups=yes -o max_use=20 > > submission inet n - n - - smtpd > > -o syslog_name=postfix/submission -o smtpd_sasl_auth_enable=yes > > -o > > > smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination > > -o milter_macro_daemon_name=ORIGINATING > > That's the 'submission' (port 587) daemon, which opens connections in > cleartext and supports the "STARTTLS" command to upgrade the connection > to TLS encryption (because your main config includes > "smtpd_tls_security_level = may"). To send mail through this daemon, you > MUST either be sending to a domain that Postfix is configured to accept > mail for (local, virtual, and relay domains) OR authenticate using SASL > first. Because of "smtpd_tls_auth_only = yes" in your main config, you > can only authenticate using SASL *after* using STARTTLS to negotiate a > TLS session. > > > smtps inet n - n - - smtpd > > -o syslog_name=postfix/smtps -o smtpd_sasl_auth_enable=yes > > -o > > > smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination > > -o milter_macro_daemon_name=ORIGINATING > > That's supposedly the 'smtps' (port 465) daemon, which *NORMALLY* would > have an additional configuration override directive: > > -o smtpd_tls_wrappermode=yes > > Which "wraps" the SMTP session in TLS encryption that is negotiated > immediately at connect time, rather than having clients connect in the > clear. As it stands, your 'submission' and 'smtps' daemons will behave > identically, except for listening on different ports and using different > syslog labels. There's no benefit in that, because any client using port > 465 will expect the smtps 'wrappermode' behavior and any using port 587 > will expect the configured cleartext/STARTTLS behavior. > > Because you are overriding the default smtpd_recipient_restrictions with > a restriction list which only permits mail from authenticated senders or > to recipients in local and relay-authorized domains, your attempt to > send mail to a gmail.com address was rejected. > > You were able to send through port 25 because by default, > smtpd_recipient_restrictions is empty (giving an implicit 'DUNNO' > result) and smtpd_relay_restrictions starts with 'permit_mynetworks'. > This lets the mail through because you are connection from the loopback, > which is included in your mynetworks setting. > > I hope this helps. Good luck! > > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Available For Hire: https://linkedin.com/in/billcole > -- Wolfgang Rauchholz
Upgraded to 3.4 today. All logging has Stopped?
I upgraded to and installed 3.4 today. It appears to be running, but all logging has stopped. The last entry in the log file was at the exact time I started the new version. I’m also having trouble with the Mail program but that’s another story. Which is why I’m trying contact via my iPad. Local mail, via sendmail seems to be working as does mail going off site again via sendmail. But no logging. I haven’t changed my main.cf nor the master.cf in ages now, so what’s changed I wonder. Thanks Robert
Re: Upgraded to 3.4 today. All logging has Stopped?
> On Nov 29, 2018, at 9:15 AM, Robert Chalmers wrote: > > I upgraded to and installed 3.4 today. It appears to be running, but all > logging has stopped. The last entry in the log file was at the exact time I > started the new version. Apple changed the syslog API to use the os_log(3) interface, but apparently if you compile on a sufficiently old MacOS/X system, you get linked against the traditional syslog API. So some people do that, but the os_log(3) stuff is configurable, so you should be able to configure the logs to be saved. The in-memory logs can be queried with log(1). For example: # postfix reload postfix/postfix-script: refreshing the Postfix mail system # log show --info --style syslog --last 2m --predicate 'eventType == logEvent' | grep libpostfix-util 2018-11-29 12:02:26.765215-0500 localhost postlog[59348]: (libpostfix-util.dylib) refreshing the Postfix mail system 2018-11-29 12:02:26.776443-0500 localhost master[33680]: (libpostfix-util.dylib) reload -- version 3.4-20181125, configuration /var/tmp/postfix/etc Someone should figure out how create an asl.conf(5) configuration that causes appropriate Postfix logs to land on disk, and share the recipe. I should note that the new API appears to strip everything up to the last "/" in the log name, so we're losing the "postfix/" prefixes. Might need to change the code (on MacOS) to send postfix:master rather than postfix/master -- Viktor.
Re: smtp_fallback_relay TLS with authentication - possible?
Greetings, A. Schulze! >> So yes, you can't have wrapper mode for just the fallback relay. > Hello, > I had a similar problem some time ago and also found what you sumarize now. > I'm still using 587+STARTTLS but that "break" our `more general rule` > to prefer implicit TLS over STARTTLS > So, at least I would now announce that it would be nice to have > something like this: > master.cf >smtp unix - - n - - smtp > -o smtp_fallback_relay=[relayhost.example]:465 > # not yet existing option :-) > -o smtp_fallback_relay_wrappermode=on I think, a more transparent solution would be to extend influence of preferences set in smtp_tls_policy_maps to the wrappermode setting, or have a new dedicated flag in this file to the same meaning. As it is right now, the smtp_tls_wrappermode setting is more a nuisance than a solution to any problem, and should be either removed or lowered in its necessity. P.S. Stunnel works like a charm. -- With best regards, Andrey Repin Thursday, November 29, 2018 20:12:04 Sorry for my terrible english...
Re: Installing LetsEncrypt For Postfix and Dovecot
On Thu, 2018-11-29 at 09:28 +0100, Matus UHLAR - fantomas wrote: > > On Wed, 2018-11-28 at 10:03 +0100, Matus UHLAR - fantomas wrote: > > > But I prefer dehydrated over bloated certbot. > > On 28.11.18 09:49, Jim P. wrote: > > This comes up enough to warrant the following questions: > > > > 1) What do you do about restarting services after automatic cert > > renewals in the middle of a holiday weekend? (i.e. renew_hook in > > /etc/letsencrypt/renewal/*.conf) > > simply modified provided hook.sh script to reload/restart all services > that use certificates. ack > > 2) What do you do to list all certs to show revocation, expiration, > > renewal status (e.g. certbot certificates) > > I haven't needed this yet. I remember that dehydrated contains option > to clean up old certificates. > Ok, Thank you. -Jim P.
Re: queue "manipulation"
On Thu, Nov 29, 2018 at 02:03:05PM +0100, Barbara M. wrote: > >> In transport file: > >> yahoo.com limitrecip: > >> [...] > > > > And how is Postfix configured to use this transport file? > > I assumed that it was enabled by default ... > > Now I have in main.cf: > transport_maps = hash:/etc/postfix/transport > limitrecip_destination_recipient_limit = 3 > > and in master.cf: > limitrecip unix - - n - - smtp That's better, and working now... > The settings apply to already queued messages or only for new messages? All messages on entry into the active queue, thus you get fresh transport lookups when deferred messages are retried. > With the corrected settings I have similar result: Similar, and yet substantially different: > Nov 29 13:20:40 ls postfix/qmgr[22205]: B9899396281A: > from=, size=234000, nrcpt=50 (queue active) > Nov 29 13:20:40 ls postfix/smtp[23237]: B9899396281A: > host mx-eu.mail.am0.yahoodns.net[212.82.101.46] said: 451 Message > temporarily > deferred - Abaca (in reply to end of DATA command) > Nov 29 13:20:41 ls postfix/smtp[23245]: B9899396281A: > host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: 451 Message > temporarily > deferred - Abaca (in reply to end of DATA command) > Nov 29 13:20:41 ls postfix/smtp[23235]: B9899396281A: > host mx-eu.mail.am0.yahoodns.net[212.82.101.46] said: 451 Message > temporarily > deferred - Abaca (in reply to end of DATA command) That's *three* different delivery agents delivering three messages in 3, 3 and 1 recipient respectively: > Nov 29 13:20:41 ls postfix/smtp[23245]: B9899396281A: to=, > relay=mx-eu.mail.am0.yahoodns.net[212.82.101.46]:25, delay=166368, > delays=166367/0/0.63/0.35, dsn=4.0.0, status=deferred > (host mx-eu.mail.am0.yahoodns.net[212.82.101.46] said: > 451 Message temporarily deferred - Abaca > (in reply to end of DATA command)) > Nov 29 13:20:41 ls postfix/smtp[23245]: B9899396281A: to=, > relay=mx-eu.mail.am0.yahoodns.net[212.82.101.46]:25, delay=166368, > delays=166367/0/0.63/0.35, dsn=4.0.0, status=deferred > (host mx-eu.mail.am0.yahoodns.net[212.82.101.46] said: > 451 Message temporarily deferred - Abaca > (in reply to end of DATA command)) > Nov 29 13:20:41 ls postfix/smtp[23245]: B9899396281A: to=, > relay=mx-eu.mail.am0.yahoodns.net[212.82.101.46]:25, delay=166368, > delays=166367/0/0.63/0.35, dsn=4.0.0, status=deferred > (host mx-eu.mail.am0.yahoodns.net[212.82.101.46] said: > 451 Message temporarily deferred - Abaca > (in reply to end of DATA command)) First three users, handled by smtp[23245]. > Nov 29 13:20:41 ls postfix/smtp[23235]: B9899396281A: to=, > relay=mx-eu.mail.am0.yahoodns.net[188.125.73.87]:25, delay=166368, > delays=166367/0/0.78/0.39, dsn=4.0.0, status=deferred > (host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: > 451 Message temporarily deferred - Abaca > (in reply to end of DATA command)) > Nov 29 13:20:41 ls postfix/smtp[23235]: B9899396281A: to=, > relay=mx-eu.mail.am0.yahoodns.net[188.125.73.87]:25, delay=166368, > delays=166367/0/0.78/0.39, dsn=4.0.0, status=deferred > (host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: > 451 Message temporarily deferred - Abaca > (in reply to end of DATA command)) > Nov 29 13:20:41 ls postfix/smtp[23235]: B9899396281A: to=, > relay=mx-eu.mail.am0.yahoodns.net[188.125.73.87]:25, delay=166368, > delays=166367/0/0.78/0.39, dsn=4.0.0, status=deferred > (host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: > 451 Message temporarily deferred - Abaca > (in reply to end of DATA command)) Second three users. > Nov 29 13:20:42 ls postfix/smtp[23237]: B9899396281A: to=, > relay=mx-eu.mail.am0.yahoodns.net[188.125.73.87]:25, delay=166368, > delays=166367/0/0.62/0.4, dsn=4.0.0, status=deferred > (host mx-eu.mail.am0.yahoodns.net[188.125.73.87] said: > 451 Message temporarily deferred - Abaca > (in reply to end of DATA command)) Final user. Which goes to show that concurrent users has nothing to do with it. Yahoo just does not want this content. You need a different medium to get this message to the users in question, have you considered telepathy? :-) -- Viktor.
OT: SMTP auth, 2FA, Outlook
Hi, Is there a way to setup 2FA in SMTP auth (with postfix) when the client is Outlook? It seems it does not support either GSSAPI (Kerberos) or client cert auth. Is there any way to get a working 2FA with Outlook in a non MS environment? Thanks any tips! Best regards, Jozsef - E-mail : kad...@blackhole.kfki.hu, kadlecsik.joz...@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary
Re: looking for any options to better deal with mail looping
On 11/28/2018 4:02 PM, Fazzina, Angelo wrote: > Hi, I am still lost with how this all works together, sadly. Do you see > obvious errors or am I misunderstanding the limits of what can be done ? > > I am not sure yet what is relevant > My current settings: > relay_recipient_maps = mysql:/etc/postfix/files/mysql_pn.cf > smtpd_recipient_restrictions = reject_unknown_recipient_domain, > check_recipient_access > hash:/etc/postfix/files/sender_relay_domains, > reject_unverified_recipient, > permit_mynetworks, > permit_sasl_authenticate This should look like: smtpd_recipient_restrictions = reject_unknown_recipient_domain check_recipient_access hash:/etc/postfix/maps/block_to check_recipient_access hash:/etc/postfix/files/sender_relay_domains > smtpd_relay_restrictions = check_recipient_access > hash:/etc/postfix/maps/block_to, permit_mynetworks, > permit_sasl_authenticated, defer_unauth_destination smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination > > [root@mta5 files]# more sender_relay_domains > ## -ALF This should allow Listerv addresses even though they are not in > PerName DB > listserv.uconn.edu DUNNO # sender_relay_domains listserv.uconn.edu DUNNO uconn.edu reject_unverified_recipient -- Noel Jones
Re: OT: SMTP auth, 2FA, Outlook
Jozsef Kadlecsik: > Hi, > > Is there a way to setup 2FA in SMTP auth (with postfix) when the client is > Outlook? It seems it does not support either GSSAPI (Kerberos) or client > cert auth. > > Is there any way to get a working 2FA with Outlook in a non MS > environment? The answer is that depends on the SASL backend (Dovecot or Cyrus SASL library), because Postfix does not implement SASL itself. It just passes around the SASL server's challenges and the remote client's responses. Wietse
3.4 postmap throwing Segmentation:11
I’ve just installed 3.4 and postmap connected to MySQL is throwing a Segmentation Fault:11 on completion of a query. The query appears successful but the error aborts it I think. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
