[pfx] Re: forwarding questions
map in virtual_alias_maps file: u...@foo.com u...@gmail.com (then postmap this file). The message sent to u...@foo.com won't reach into mailbox, but just forwarded to gmail. How can I setup it to both reach local mailbox and forwarding? This is a bad idea. Don't do this. Forwarding spam to gmail, or mail from external senders with SPF policies, ... will fail to be delivered, and will tarnish your server's "reputation". It can of course be made to "work" (in the sense of queueing the mail for delivery), but really, don't. Thanks Victor. I know this is not good idea to forward messages to external systems. But for tech way, what's the right setup to both keep messages in local mailbox and forward them to another address? From http://www.postfix.org/virtual.5.html, note "Virtual aliasing is recursive; to terminate recursion for a specific address, alias that address to itself." Not 100% sure but try this: map in virtual_alias_maps file: u...@foo.com u...@foo.com u...@gmail.com u...@gmail.com u...@gmail.com The second line is probably not strictly necessary but may terminate the recursive evaluation of aliases. You will also need to set up Sender Rewriting Scheme (SRS) or similar, or forwards from SPF domains will be blocked at the other end anyway. -- This email has been checked for viruses by AVG antivirus software. www.avg.com ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Subject modification based on recipient
Thanks for your replies. Meanwhile i have tested with some simple replacements in header checks. /email@office/ REPLACE From: Office /email@hospital/ REPLACE From: Hospital With the above, the replacement works fine for multiple lines. Here are the logs: Apr 28 10:40:10 server postfix/smtpd[48572]: connect from unknown[remote system IP] Apr 28 10:40:10 server postfix/smtpd[48572]: 381C760324: client=unknown[remote system IP] Apr 28 10:40:10 server postfix/cleanup[48576]: 381C760324: message-id=<1682671210.212@company> Apr 28 10:40:10 server postfix/qmgr[48571]: 381C760324: from=, size=600, nrcpt=1 (queue active) Apr 28 10:40:10 server postfix/smtpd[48572]: disconnect from unknown[remote system IP] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Apr 28 10:40:10 server postfix/smtp[48577]: 381C760324: replace: header Received: from company (unknown [remote system IP])??by hres: From: Office Apr 28 10:40:10 server postfix/smtp[48577]: 381C760324: replace: header To: email@office: From: Office Apr 28 10:40:10 server postfix/smtp[48577]: 381C760324: to=, orig_to=, relay=smtp.company.net[IP]:25, delay=0.25, delays=0.01/0 Anyway, the final result i want to achieve, is that the Subject will be filled with the RCPT To header part,like this /email@office/ REPLACE Subject: Office /email@hospital/ REPLACE Subject: Hospital But the replacement is not working. The received emails shows an unmodified Subject but the RCPT To field is empty. Apr 28 10:40:10 server postfix/smtpd[48572]: connect from unknown[remote system IP] Apr 28 10:40:10 server postfix/smtpd[48572]: 381C760324: client=unknown[remote system IP] Apr 28 10:40:10 server postfix/cleanup[48576]: 381C760324: message-id=<1682671210.212@company> Apr 28 10:40:10 server postfix/qmgr[48571]: 381C760324: from=, size=600, nrcpt=1 (queue active) Apr 28 10:40:10 server postfix/smtpd[48572]: disconnect from unknown[remote system IP] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Apr 28 10:40:10 server postfix/smtp[48577]: 381C760324: replace: header Received: from company (unknown [remote system IP])??by hres: Subject: Office Apr 28 10:48:44 hreslb03 postfix/smtp[48602]: 9D1A160324: replace: header To: email@office: Subject: Office Apr 28 10:40:10 server postfix/smtp[48577]: 381C760324: to=, orig_to=, relay=smtp.company.net[IP]:25, delay=0.25, delays=0.01/0 Why are To and From replaced in the header but not the subject? Am I perhaps missing the right expression here and could someone give me some advice? Or is there really no way around Mailmunge or MimeDefang etc.? Any hints would be appreciated. Thank you. Am Mi., 26. Apr. 2023 um 17:25 Uhr schrieb Wietse Venema via Postfix-users < postfix-users@postfix.org>: > Wietse Venema via Postfix-users: > > Andreas Cieslak via Postfix-users: > > > Hi list, > > > > > > i want to achieve that my postfix relay will modify the subject based > on > > > the recipients. > > > The postfiy relay is receiving email from other internal systems and > > > forwards all mail to a mail group (testgroup) on another internal mail > > > system. > > > > Suggestion: use milter-regex. You can install it from source code, > > or install as a package for many distributions. > > Unfortunately, it looks like milter-regex is good for rejecting > mail, not for message modification. > > Wietse > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Subject modification based on recipient
On 28/04/23 21:19, Andreas Cieslak via Postfix-users wrote: Why are To and From replaced in the header but not the subject? Am I perhaps missing the right expression here and could someone give me some advice? Or is there really no way around Mailmunge or MimeDefang etc.? Any hints would be appreciated. Others have already answered this. header_checks operates on only ONE HEADER AT A TIME. If you match the To: header then the REPLACE operation replaces the To: header with whatever you put in the replacement text, so when you are trying to replace the Subject header you are literally replacing the To: header in the message with a second Subject: line thereby resulting in a message with no To: header and two Subject: headers. The way that this is treated in the email client is very much undefined. The only way to accomplish what you want is with either a milter or a content filter. Peter ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: forwarding questions
> I have a local real mailbox: u...@foo.com > When I setup this alias map in virtual_alias_maps file: > > u...@foo.com u...@gmail.com > > (then postmap this file). > The message sent to u...@foo.com won't reach into mailbox, but just forwarded > to gmail. > > How can I setup it to both reach local mailbox and forwarding? u...@foo.com u...@foo.com,u...@gmail.com Gmail is now enforcing spf, that means you need to - add a dns/txt/spf record for your server/domain - rewrite sender for forwarded mails (e.g. postsrsd) - stop forwarding spam As others have said this is a bad idea. There is a much better way: deliver mails to your local u...@foo.com mailbox and tell Gmail to fetch it from there via pop3: https://support.google.com/mail/answer/21289?hl=en Best regards, Gerald ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Domain scoring
Ken Peng via Postfix-users writes: > Do you know any plugins for scoring a domain? > For example, new registered domain, free domain get the low scores. How about dnswl.org? Sincerely, -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Deny any sender address with subdomain
Hi ! question 1st : is it a good idea to reject any email which is not sent from a domain (means sen...@domain.tld) any other like sen...@sub.domain.tld or sub.sub.domain.tld is rejected ? at least i tried with header checks in pcre /^From:\.*@.*\.*\.*/ DISCARD NO SUBDOMAINS but this seemd not to work.. i have several anti spam feature enabled but i get still some messages which are coming from subdomains or sub sub domains BR Gerd ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Deny any sender address with subdomain
On 4/28/2023 8:59 AM, Gerd Hoerst via Postfix-users wrote: Hi ! question 1st : is it a good idea to reject any email which is not sent from a domain (means sen...@domain.tld) any other like sen...@sub.domain.tld or sub.sub.domain.tld is rejected ? That seems like a bad idea, extremely likely to reject legit mail. at least i tried with header checks in pcre /^From:\.*@.*\.*\.*/ DISCARD NO SUBDOMAINS but this seemd not to work.. The regexp is wrong. You can test expressions with postmap. DISCARD is a poor choice here, since legit senders won't be notified. Start with INFO to log what matches, then if you're happy with the results and feeling particularly reckless, move to REJECT. i have several anti spam feature enabled but i get still some messages which are coming from subdomains or sub sub domains I've seen no evidence that the presence of a subdomain is a reliable spam indicator. Zero false positives is a much better goal than zero spam. -- Noel Jones ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Deny any sender address with subdomain
Gerd Hoerst: > question 1st : is it a good idea to reject any email which is not sent from a > domain (means sen...@domain.tld) any other like sen...@sub.domain.tld or > sub.sub.domain.tld is rejected ? > > at least i tried with header checks in pcre > > /^From:\.*@.*\.*\.*/ DISCARD NO SUBDOMAINS > > but this seemd not to work.. This is a terrible idea, and you will lose a lot of legitimate mail. ‘Number of dots’ in a mail domain is simply not a spam signal. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Deny any sender address with subdomain
> question 1st : is it a good idea to reject any email which is not sent from a > domain (means sen...@domain.tld) any other like sen...@sub.domain.tld or > sub.sub.domain.tld is rejected ? Generally, no, because you will reject legitimate domains that just look like subdomains, e.g. *.co.uk, *.or.at, ... There are lots of these: https://publicsuffix.org/list/public_suffix_list.dat > at least i tried with header checks in pcre > > /^From:\.*@.*\.*\.*/DISCARD NO SUBDOMAINS . = any single char \ = special char for escaping, not the backslash character \. = the dot character itself (escaped dot) \\ = the backslash character (escaped backslash) * = zero or more times ? = zero or one time .* = everything or nothing (greedy) .*? = everything or nothing (non-greedy, smallest match) \s = whitespace \.* = the dot character zero or more times /^From:\.*@ This starts with From: then wants any number of the dot character followed by @, without any whitespace. It would match e.g. /^From:..@ or /^From:@ @.*\.*\.*/ @ followed by anything between nothing and everything, then followed by endless dots or no dots, followed by endless dots or no dots. This does not match domain names, try: /^From:\s*.*?@.*?\..*?\./ Pcre means perl compatible regular expressions. For details see: https://perldoc.perl.org/perlre > i have several anti spam feature enabled but i get still some messages which > are coming from subdomains or sub sub domains This is a job for antispam software, not for generic domain blocking. Best regards, Gerald ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Domain scoring
> Do you know any plugins for scoring a domain? > For example, new registered domain, free domain get the low scores. Postfix is not an antispam solution. Its job is to reliably deliver emails. Therefore it has some functions to avoid overload like query blocklists but to analyze emails use content-/proxyfilter or milter with external programs like spamassassin/amavis/clamav/rspamd/ There are lists that track freshly registered domains, like https://spameatingmonkey.com/services/SEM-FRESH30 But this should be evaluated in a context of additional antispam checks. Best regards, Gerald ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Deny any sender address with subdomain
On 2023-04-28 at 09:59:53 UTC-0400 (Fri, 28 Apr 2023 15:59:53 +0200) Gerd Hoerst via Postfix-users is rumored to have said: Hi ! question 1st : is it a good idea to reject any email which is not sent from a domain (means sen...@domain.tld) any other like sen...@sub.domain.tld or sub.sub.domain.tld is rejected ? No. It would be a deeply unwise idea for most mail systems, and a fundamental misunderstanding of how Internet email is designed to work. OF COURSE, there's no law in most places that would forbid you from doing something deeply unwise, and your own mail stream may never see non-spam "From" anyone with a 3-level domain part to their address. This is possible for subscribers to this list only because it has recently switched to replacing the "From" header on posts. at least i tried with header checks in pcre /^From:\.*@.*\.*\.*/ DISCARD NO SUBDOMAINS but this seemd not to work.. Yes, it wouldn't. It seems to want a local-part consisting of a single literal '.' and a redundantly-specified repeating series of literal '.' characters at the end of the domain name. That would be a whole different class of bogosity... i have several anti spam feature enabled but i get still some messages which are coming from subdomains or sub sub domains Yes, indeed you do... Or you would, if I CC'd a copy of this to you directly. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Deny any sender address with subdomain
Dnia 28.04.2023 o godz. 15:59:53 Gerd Hoerst via Postfix-users pisze: > > question 1st : is it a good idea to reject any email which is not > sent from a domain (means sen...@domain.tld) any other like > sen...@sub.domain.tld or sub.sub.domain.tld is rejected ? As others have said, it's a total misunderstanding. Mail coming from subdomains is a perfectly normal thing. For example, many big corporations and/or universities do not have a single top-level mail service for the whole entity, but they have separate mail servers at department levels. It's totally normal that you will see emails from u...@department.company.com. Also take into account that many countries use two-level domain registration scheme - for example someone already mentioned UK, where you have *.co.uk for companies or *.ac.uk for universities. Also my country uses for example *.com.pl, *.edu.pl (not mentioning *.gov.pl !) addressing scheme - to be more confusing ;), in parallel to direct registrations in *.pl, and to geographical per-city scheme like *.krakow.pl, *.waw.pl, *.gda.pl etc. And please look at my email address as well :) -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Deny any sender address with subdomain
April 29, 2023 at 12:38 AM, "Jaroslaw Rafa via Postfix-users" wrote: > > Dnia 28.04.2023 o godz. 15:59:53 Gerd Hoerst via Postfix-users pisze: > > > > > question 1st : is it a good idea to reject any email which is not > > sent from a domain (means sen...@domain.tld) any other like > > sen...@sub.domain.tld or sub.sub.domain.tld is rejected ? > > > > As others have said, it's a total misunderstanding. > > Mail coming from subdomains is a perfectly normal thing. > > For example, many big corporations and/or universities do not have a single > top-level mail service for the whole entity, but they have separate mail > servers at department levels. It's totally normal that you will see emails > from u...@department.company.com. > > Also take into account that many countries use two-level domain registration > scheme - for example someone already mentioned UK, where you have *.co.uk > for companies or *.ac.uk for universities. Also my country uses for example > *.com.pl, *.edu.pl (not mentioning *.gov.pl !) addressing scheme - to be > more confusing ;), in parallel to direct registrations in *.pl, and to > geographical per-city scheme like *.krakow.pl, *.waw.pl, *.gda.pl etc. > > And please look at my email address as well :) > -- > Besides something.eu.org, here *.co.jp, *.ne.jp, *.com.hk, *.co.in are quite common domains in regular businesses. Regards -- https://kenpeng.pages.dev/ ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Deny any sender address with subdomain
On Fri, Apr 28, 2023 at 06:38:04PM +0200, Jaroslaw Rafa via Postfix-users wrote: > Also take into account that many countries use two-level domain registration > scheme ... In Japan, 3rd-level public suffixes are quite common, taking the form: ...jp. For example: hospital.hekinan.aichi.jp. MX 10 mwbgw2.ocn.ad.jp. hospital.hekinan.aichi.jp. MX 10 mwbgw1.ocn.ad.jp. And there's even: pike.pvt.k12.ma.us. MX 100 thepike.ne.client2.attbi.com. delegated from the PSL-listed 4LD: pvt.k12.ma.us -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postscreen question
April 28, 2023 at 1:02 AM, "Phil Stracchino via Postfix-users" wrote: > > On 4/27/23 04:47, Ralph Seichter via Postfix-users wrote: > > > > > * Ken Peng via Postfix-users: > > Using rspamd instead of postscreen? > > I'm not quite sure what you mean by that. > > If you suggest relying on rspamd only, and forgo postscreen, I have to > > disagree. In my experience, postscreen has proven highly useful in spam > > prevention, in particular when DNSBL lookups are configured in addition > > to the standard tests. The latter already catch many spammers in a > > hurry, though. > > > > Postscreen is good for rejecting the low-hanging fruit in fast before-accept > checks. It's not so good at deep inspection. If you want deep inspection, do > it after acceptance using a more suitable tool ... such as rspamd. Don't try > to do it in postscreen. That's not its intended purpose. > Sorry i have a question to postscreen. I saw many people use postscreen for RBL checks. But postfix itself have the RBL checks already: smtpd_recipient_restrictions = ... reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net So what's the difference between them? Regards. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postscreen question
Saturday, April 29, 2023, 10:15:41 AM, Ken Peng via Postfix-users wrote: > Sorry i have a question to postscreen. > I saw many people use postscreen for RBL checks. > But postfix itself have the RBL checks already: > smtpd_recipient_restrictions = >... >reject_rbl_client zen.spamhaus.org, >reject_rbl_client bl.spamcop.net > So what's the difference between them? > Regards. > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org This may help: http://www.postfix.org/POSTSCREEN_README.html -- Cheers, Phil ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Reply To header
I have an app that sends SMTP to post fix to deliver an email. The first line it sends after the DATA command is a Reply To line. However, that causes postfix to terminate the headers and puts the Reply To line after the blank line at the end of theheaders. As a result, none of the following header lines are in the header and only show up in the text. Is this normal, or have I done something wrong? If I leave out the Reply To line, then everything works fine. -- Doug ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Reply To header
> On Apr 29, 2023, at 12:43 AM, Doug Hardie via Postfix-users > wrote: > > I have an app that sends SMTP to post fix to deliver an email. The first > line it sends after the DATA command is a Reply To line. However, that > causes postfix to terminate the headers and puts the Reply To line after the > blank line at the end of theheaders. As a result, none of the following > header lines are in the header and only show up in the text. Is this normal, > or have I done something wrong? > Sounds like your app is inserting a blank line where it shouldn’t. A tcp capture will show what’s actually being sent. — Noel Jones ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Reply To header
> On Apr 28, 2023, at 23:13, Noel Jones via Postfix-users > wrote: > > > >> On Apr 29, 2023, at 12:43 AM, Doug Hardie via Postfix-users >> wrote: >> >> I have an app that sends SMTP to post fix to deliver an email. The first >> line it sends after the DATA command is a Reply To line. However, that >> causes postfix to terminate the headers and puts the Reply To line after the >> blank line at the end of theheaders. As a result, none of the following >> header lines are in the header and only show up in the text. Is this >> normal, or have I done something wrong? >> > > Sounds like your app is inserting a blank line where it shouldn’t. A tcp > capture will show what’s actually being sent. > That's what I thought also. I checked and can't find one Here is the tcpdump output from the DATA through the Reply to line which is the first line sent after the DATA. 23:42:59.591170 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 58, bad cksum 0 (->3cbc)!) localhost.24534 > localhost.smtp: Flags [P.], cksum 0xfe2e (incorrect -> 0x49b2), seq 69:75, ack 103, win 1277, options [nop,nop,TS val 2735927841 ecr 2347198655], length 6: SMTP, length: 6 DATA 0x: 4500 003a 4000 4006 7f00 0001 E..:..@.@... 0x0010: 7f00 0001 5fd6 0019 1d84 3332 0c8e 3d62 _.32..=b 0x0020: 8018 04fd fe2e 0101 080a a312 f221 ...! 0x0030: 8be7 68bf 4441 5441 0d0a ..h.DATA.. 23:42:59.591781 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 89, bad cksum 0 (->3c9d)!) localhost.smtp > localhost.24534: Flags [P.], cksum 0xfe4d (incorrect -> 0xbe3b), seq 103:140, ack 75, win 1277, options [nop,nop,TS val 2347198656 ecr 2735927841], length 37: SMTP, length: 37 354 End data with . 0x: 4500 0059 4000 4006 7f00 0001 E..Y..@.@... 0x0010: 7f00 0001 0019 5fd6 0c8e 3d62 1d84 3338 .._...=b..38 0x0020: 8018 04fd fe4d 0101 080a 8be7 68c0 .Mh. 0x0030: a312 f221 3335 3420 456e 6420 6461 7461 ...!354.End.data 0x0040: 2077 6974 6820 3c43 523e 3c4c 463e 2e3c .with..< 0x0050: 4352 3e3c 4c46 3e0d 0a CR>.. 23:42:59.592129 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 94, bad cksum 0 (->3c98)!) localhost.24534 > localhost.smtp: Flags [P.], cksum 0xfe52 (incorrect -> 0x1809), seq 75:117, ack 140, win 1277, options [nop,nop,TS val 2735927842 ecr 2347198656], length 42: SMTP, length: 42 Reply To: t...@vintagecorvettessocal.com 0x: 4500 005e 4000 4006 7f00 0001 E..^..@.@... 0x0010: 7f00 0001 5fd6 0019 1d84 3338 0c8e 3d87 _.38..=. 0x0020: 8018 04fd fe52 0101 080a a312 f222 .R." 0x0030: 8be7 68c0 5265 706c 7920 546f 3a20 7465 ..h.Reply.To:.te 0x0040: 7374 4076 696e 7461 6765 636f 7276 6574 st@vintagecorvet 0x0050: 7465 7373 6f63 616c 2e63 6f6d 0d0a tessocal.com.. There is nothing between the DATA and Reply to except for the CRLF at the end of the DATA. -- Doug ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
