I've written a response to someone else, explaining some issues you
mention here.
A little note on UI: we don't need web UI. It's a good addition but
unnecessary for the beginning. There are many free-software desktop mail
clients. Some are big and complicated, but some are very simple and very
ea
Hi John and all recipients,
I agree offering such a service without charging for it is impossible
without funding. But "free" means "free like in freedom", not "free
beer". The idea is to respect user freedom, and it has nothing to do
with money. I personally will not mind paying for a hosted mail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/27/2013 8:37 PM, Jamie wrote:
The
useful information gained from your postconf is:
a) It's very unlikely postfix is an open relay
b) you're using a content_filter, so that may explain the "connect
from [127.0.0.1]" log snippit.
I was hoping
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/27/2013 8:37 PM, Jamie wrote:
> The output of postconf -n was submitted in an earlier post (on
> Tuesday). it is archived here
> http://archives.neohapsis.com/archives/postfix/2013-02/0523.html.
The
>
>
useful information gained from your post
The output of postconf -n was submitted in an earlier post (on Tuesday).
it is archived here
http://archives.neohapsis.com/archives/postfix/2013-02/0523.html.
Its difficult to obtain more information now, since the spamming has
stopped after I blocked the offenders IP's. Re-enabling the IP's h
On Wed, Feb 27, 2013 at 5:22 PM, Noel Jones wrote:
> On 2/27/2013 2:45 PM, francis picabia wrote:
>
> > Over 390 unique IPs simultaneously sent email at a gradual rate
> > using 3 sets of
> > compromised credentials.
>
> Use postfwd or similar policy service to rate-limit the total
> recipients p
On Wed, Feb 27, 2013 at 4:52 PM, Reindl Harald wrote:
>
>
> Am 27.02.2013 21:45, schrieb francis picabia:
> > I had a set of cascading iptables rules to rate limit new connections,
> > but they circumvented this as well. Based on the IP, there were 5
> connections
> > per minute and 15 connection
On Thu, Feb 28, 2013 at 12:25:53AM +0100, Jan P. Kessler wrote:
> Am 22.02.2013 17:06, schrieb Viktor Dukhovni:
>
> > > Surely, the policy table is indexed by MX hostname as well as
> > > recipient domain.
> >
> > No, it is not. Only the nexthop domain is used since the MX host
> > is derived from
The operational cost is non-zero. Besides hardware, which must include
backups, and enough physical diversity to offer availability, an email
server is an attractive nuisance; spammers and other criminals constantly
attempt sabotage and burglary, and it takes ongoing manpower to attempt to
hold the
Am 22.02.2013 17:06, schrieb Viktor Dukhovni:
> On Fri, Feb 22, 2013 at 08:48:31AM -0500, Wietse Venema wrote:
>
>>> We are trying to establish enforced TLS with a partner that hosts about
>>> 2000 recipient domains. All of these point to the same four MX records:
>>>
>>> host[1-4].example.com
On Wed, Feb 27, 2013 at 03:42:36PM -0700, Joshua Hopkins wrote:
> I have the need to pipe commands for a few virtual domains. I
> understand that the /etc/aliases is usually used for this but the
> problem I will be running into is needing more than one local user
> with the same name.
>
> Exa
I have the need to pipe commands for a few virtual domains. I understand
that the /etc/aliases is usually used for this but the problem I will be
running into is needing more than one local user with the same name.
Example requirement:
supp...@domain1.com
support: "| /var/www/domain1/
On Wed, Feb 27, 2013 at 05:51:08PM +0500, Muhammad Yousuf Khan wrote:
> i am using virtual users and domains, where i have 2 virtual domains
> and few users in both. i would like getmail to fetch email via pop3
First, I'll note that this is mostly off topic. Postfix has little to
do with this, on
On Wed, Feb 27, 2013 at 03:10:38PM -0600, Noel Jones wrote:
> On 2/27/2013 2:33 PM, /dev/rob0 wrote:
> > I only saw main.cf and some largely irrelevant logs.
>
> I was trying to be polite. That's all I saw too.
I tried to be polite also, but perhaps putting a little less effort
into it than you
Am 27.02.2013 22:08, schrieb Robert Moskowitz:
> Lesson here about how open you make a new server while under construction.
> Fortunately for me, my first step
> before starting postfix was to apply my 'recipe' of postconf commands?
> Anyway the system is publicly addressed,
> but on a differ
On 2/27/2013 2:45 PM, francis picabia wrote:
> Over 390 unique IPs simultaneously sent email at a gradual rate
> using 3 sets of
> compromised credentials.
Use postfwd or similar policy service to rate-limit the total
recipients per account over some period of time.
http://www.postfix.org/SMTPD_
Am 27.02.2013 22:11, schrieb אנטולי קרסנר:
> But I couldn't find a replacement to mailbox hosting.
Hi Anatoly,
I am quite sure there are a ton of professional email services that use
only free (libre) software.
The company I work for provides email services (among other things)
which are based
On Mon, Feb 25, 2013 at 04:59:37PM +, Viktor Dukhovni wrote:
> I see negligible benefit from an SNI implementation for Postfix.
>
> Is it time to add an anti-SNI rationale section to TLS_README? This
> would set a bad precedent, there is no limit to the number of
> non-features we could docume
On 2/27/2013 2:33 PM, /dev/rob0 wrote:
> I only saw main.cf and some largely irrelevant logs.
I was trying to be polite. That's all I saw too.
> Do note that your system is ipso facto compromised. We know this
> because it is being used by a spammer to send spam. Stop saying
> you're not compr
Lesson here about how open you make a new server while under
construction. Fortunately for me, my first step before starting postfix
was to apply my 'recipe' of postconf commands? Anyway the system is
publicly addressed, but on a different subnet than the production box it
will replace. I am
Am 27.02.2013 21:45, schrieb francis picabia:
> I had a set of cascading iptables rules to rate limit new connections,
> but they circumvented this as well. Based on the IP, there were 5 connections
> per minute and 15 connections per 5 minutes. If those were exceeded, iptables
> would block th
On Wed, Feb 27, 2013 at 10:11 AM, francis picabia wrote:
> Hi,
>
> The number of phishing or otherwise compromised accounts is needing
> an automation to manage it. Last night the spammers waited until
> the evening and simultaneously used 3 compromised accounts to send
> spam over secure smtp.
On 27/02/2013 21:54, Nikolaos Milas wrote:
Hello,
I have been building el6 (CentOS 6, RHEL 6) RPMs using J. Mudd's SRPMs
(http://ftp.wl0.org/official/2.9/SRPMS/).
Does anyone have experience on building v2.10.x RPMs using the same
SRPMs? Are these safe, or has anyone adjusted the above v2.9
On Wed, Feb 27, 2013 at 10:01:27PM +0200, Jamie wrote:
> On 2013/02/27 9:48 PM, Noel Jones wrote:
> >If you would send postfix logs and current "postconf -n" to the
> >list as requested several times, we could likely clear this all
> >up pretty quickly.
> If you look back earlier in the thread, y
On 2/27/2013 2:01 PM, Jamie wrote:
> Noel
>
> On 2013/02/27 9:48 PM, Noel Jones wrote:
>> If you would send postfix logs and current "postconf -n" to the list
>> as requested several times, we could likely clear this all up pretty
>> quickly.
> If you look back earlier in the thread, you will see
Noel
On 2013/02/27 9:48 PM, Noel Jones wrote:
If you would send postfix logs and current "postconf -n" to the list
as requested several times, we could likely clear this all up pretty
quickly.
If you look back earlier in the thread, you will see that I had posted
it already.
Hello,
I have been building el6 (CentOS 6, RHEL 6) RPMs using J. Mudd's SRPMs
(http://ftp.wl0.org/official/2.9/SRPMS/).
Does anyone have experience on building v2.10.x RPMs using the same
SRPMs? Are these safe, or has anyone adjusted the above v2.9.x SRPMs
properly so that they can be used f
If you would send postfix logs and current "postconf -n" to the list
as requested several times, we could likely clear this all up pretty
quickly.
On 2/27/2013 1:43 PM, Jamie wrote:
> Thanks Lorens. I'll consider that.
>
> On 2013/02/27 9:29 PM, Lorens Kockum wrote:
>> On Tue, Feb 26, 2013 at 05
Thanks Lorens. I'll consider that.
On 2013/02/27 9:29 PM, Lorens Kockum wrote:
On Tue, Feb 26, 2013 at 05:16:20PM +0200, Jamie wrote:
I unblocked the IP and the problem came back.
In another mail you said you'd used tcpdump. Why don't you set
tcpdump to record everything from that IP address,
On Tue, Feb 26, 2013 at 05:16:20PM +0200, Jamie wrote:
> I unblocked the IP and the problem came back.
In another mail you said you'd used tcpdump. Why don't you set
tcpdump to record everything from that IP address, unblock the
IP address, wait faor a few spams to go through, block the
IP address
Thorsten Glaser:
> Wietse Venema porcupine.org> writes:
>
> > deliveries. Proper SMTP connection caching is not done by the SMTP
> > clients but by a separate process that is queried by SMTP clients.
>
> If you don?t manage to do that with TLS, this statement is plainly wrong.
Well, how does on
On 02/27/2013 12:26 PM, DTNX Postmaster wrote:
On Feb 27, 2013, at 18:05, Robert Moskowitz wrote:
Another tidbit is you should firewall access to port 53. Your caching server
is only for you. It is listening only on localhost, but why open up a port not
needed.
Review the examples given
On Feb 27, 2013, at 18:05, Robert Moskowitz wrote:
> Another tidbit is you should firewall access to port 53. Your caching server
> is only for you. It is listening only on localhost, but why open up a port
> not needed.
Review the examples given again, please. Why would you need to firewall
On Wed, Feb 27, 2013 at 05:47:28PM +0100, Reindl Harald wrote:
> ... more DNS related suggestions ...
Perhaps Postfix could benefit from a DNS_README.html, with examples
tuning a local cache for MX overrides, RBLDNSD integration using
an internal RBL zone, DNSSEC support, and any other DNS-relate
On 02/27/2013 11:47 AM, Reindl Harald wrote:
Am 27.02.2013 17:42, schrieb Robert Moskowitz:
On Centos 6.3 (bind 9.8.2 with security patches) I did:
yum install bind bind-chroot
In /etc/sysconfig/network-scripts/ifcfg-eth0 set:
DNS1=127.0.0.1
DNS2=::1
ifdown eth0; ifup eth0
Add to /var/nam
On Wed, Feb 27, 2013 at 01:45:04PM +, Thorsten Glaser wrote:
> > deliveries. Proper SMTP connection caching is not done by the SMTP
> > clients but by a separate process that is queried by SMTP clients.
>
> If you don't manage to do that with TLS, this statement is plainly wrong.
If you don'
Am 27.02.2013 17:42, schrieb Robert Moskowitz:
> On Centos 6.3 (bind 9.8.2 with security patches) I did:
>
> yum install bind bind-chroot
>
> In /etc/sysconfig/network-scripts/ifcfg-eth0 set:
>
> DNS1=127.0.0.1
> DNS2=::1
>
> ifdown eth0; ifup eth0
>
> Add to /var/named/chroot/etc/named.conf
On 02/27/2013 10:43 AM, Viktor Dukhovni wrote:
On Wed, Feb 27, 2013 at 10:20:50AM -0500, Wietse Venema wrote:
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perimeter. One DNS server
per host in a farm of mail servers may not be prac
Wietse Venema porcupine.org> writes:
> deliveries. Proper SMTP connection caching is not done by the SMTP
> clients but by a separate process that is queried by SMTP clients.
If you don’t manage to do that with TLS, this statement is plainly wrong.
Connection caching is a matter of also being ni
On 02/27/2013 11:10 AM, Viktor Dukhovni wrote:
I think we've beaten this thread to death, I'm done for now.
And I thank you for all you have said.
On Wed, Feb 27, 2013 at 10:53:58AM -0500, Robert Moskowitz wrote:
> But to share a single DNS among a number of mail servers, say in a
> mail farm that probably has lots of other types of servers running
> with questionable content, I would want secure tunnels from the mail
> server to the DNS ser
On 02/27/2013 10:20 AM, Wietse Venema wrote:
DTNX Postmaster:
On Feb 27, 2013, at 12:58, Wietse Venema wrote:
Viktor Dukhovni:
Perhaps "postfix check" could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I
On Wed, Feb 27, 2013 at 10:20:50AM -0500, Wietse Venema wrote:
> > > I think it would be entirely reasonable to share a DNS cache among
> > > multiple systems within the same trusted perimeter. One DNS server
> > > per host in a farm of mail servers may not be practical.
> >
> > A local cache on
On Wed, Feb 27, 2013 at 10:11:08AM -0400, francis picabia wrote:
> The number of phishing or otherwise compromised accounts is needing
> an automation to manage it. Last night the spammers waited until
> the evening and simultaneously used 3 compromised accounts to send
> spam over secure smtp.
* Piotr Rotter :
> I want to disallow this because is rarely (probably poor mail
> clients) and make more difficult to automatic parsing amavis logs
> like this
>
> 2013-02-25T04:29:47+01:00 kurier4 amavis[20204]: (20204-10) Passed
> CLEAN, <> -> , Hits: -2.56, tag=-999, tag2=5,
> kill=10, queued
DTNX Postmaster:
> On Feb 27, 2013, at 12:58, Wietse Venema wrote:
>
> > Viktor Dukhovni:
> >> Perhaps "postfix check" could generate a warning if DANE is enabled
> >> and non-local nameservers are found in /etc/resolv.conf (or and/or
> >> its chroot-jail version).
> >
> > I think it would be en
On Wed, Feb 27, 2013 at 03:25:41PM +0100, DTNX Postmaster wrote:
> > I think it would be entirely reasonable to share a DNS cache among
> > multiple systems within the same trusted perimeter. One DNS server
> > per host in a farm of mail servers may not be practical.
>
> A local cache on each, fo
On 02/27/2013 09:25 AM, DTNX Postmaster wrote:
On Feb 27, 2013, at 12:58, Wietse Venema wrote:
Viktor Dukhovni:
Perhaps "postfix check" could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would b
On 02/27/2013 06:58 AM, Wietse Venema wrote:
Viktor Dukhovni:
Perhaps "postfix check" could generate a warning if DANE is enabled
and non-local nameservers are found in /etc/resolv.conf (or and/or
its chroot-jail version).
I think it would be entirely reasonable to share a DNS cache among
mult
On Feb 27, 2013, at 12:58, Wietse Venema wrote:
> Viktor Dukhovni:
>> Perhaps "postfix check" could generate a warning if DANE is enabled
>> and non-local nameservers are found in /etc/resolv.conf (or and/or
>> its chroot-jail version).
>
> I think it would be entirely reasonable to share a DNS
Wietse:
> You have a service on 127.0.0.1 port 10024 that isn't receiving
> mail as it should. If that is not a Postfix service, then my
> trouble shooting egrep pattern will not apply.
Muzaffer Tolga ?zses:
> I had stopped amavis while trying to debug. I now started it again, and
> now I am gett
Am 27.02.2013 15:11, schrieb francis picabia:
> The size of the message you are trying to send exceeds a temporary size
> limit of the server. The message was not sent; try to reduce the message size
> or wait some time and try again. The server responded: 4.5.3 Error: too many
> recipients.
>
On Wed, Feb 27, 2013 at 10:11:08AM -0400, francis picabia wrote:
> Hi,
>
> The number of phishing or otherwise compromised accounts is needing
> an automation to manage it. Last night the spammers waited until
> the evening and simultaneously used 3 compromised accounts to send
> spam over secure
On 02/27/2013 04:04 PM, Wietse Venema wrote:
Wietse Venema:
and restarted postfix. However, I'm now getting "(connect to
127.0.0.1[127.0.0.1]:10024: Connection refused)". I did a grep in the
logs and the output was "Feb 27 09:48:17 server postfix/smtp[11674]:
3C361768793: to=, relay=127.0.0.1[1
Hi,
The number of phishing or otherwise compromised accounts is needing
an automation to manage it. Last night the spammers waited until
the evening and simultaneously used 3 compromised accounts to send
spam over secure smtp. A nagios alert on number of messages
in the queue was our only alarm,
Wietse Venema:
> > and restarted postfix. However, I'm now getting "(connect to
> > 127.0.0.1[127.0.0.1]:10024: Connection refused)". I did a grep in the
> > logs and the output was "Feb 27 09:48:17 server postfix/smtp[11674]:
> > 3C361768793: to=, relay=127.0.0.1[127.0.0.1]:10024,
> > delay=0.
Am 27.02.2013 13:51, schrieb Muhammad Yousuf Khan:
> i am using virtual users and domains, where i have 2 virtual domains
> and few users in both. i would like getmail to fetch email via pop3
> from our hosting servers and copy it directly to our Maildir Base,
> here is the path of my virtual users
i am using virtual users and domains, where i have 2 virtual domains
and few users in both. i would like getmail to fetch email via pop3
from our hosting servers and copy it directly to our Maildir Base,
here is the path of my virtual users mailbox base.
/maildb/vmail/$domain/$user/Maildir
is the
On 27 February 2013 13:16, Reindl Harald wrote:
>
>
> Am 27.02.2013 13:14, schrieb Muzaffer Tolga Özses:
>>
>> On 02/27/2013 02:04 PM, Wietse Venema wrote:
>>> egrep '(warning|error|fatal|panic):
>>
>> Unfortunately, all I get was these and similar, and the most recent one is
>> from 2 days ago.
Am 27.02.2013 13:14, schrieb Muzaffer Tolga Özses:
>
> On 02/27/2013 02:04 PM, Wietse Venema wrote:
>> egrep '(warning|error|fatal|panic):
>
> Unfortunately, all I get was these and similar, and the most recent one is
> from 2 days ago.
>
> egrep '(warning|error|fatal|panic):' /var/log/mail.l
On 02/27/2013 02:04 PM, Wietse Venema wrote:
egrep '(warning|error|fatal|panic):
Unfortunately, all I get was these and similar, and the most recent one
is from 2 days ago.
egrep '(warning|error|fatal|panic):' /var/log/mail.log | head
Feb 25 01:56:26 server postfix/smtpd[10324]: warning:
s
Muzaffer Tolga ?zses:
> Hi,
>
> It seems my service provider's network has been blocked by Hotmail.
> After many correspondences, I was mailed by Hotmail that the issue was
> cleared for one IP, however I gave them wrong one. So, I edited main.cf
> and replaced inet_interfaces = all with inet_i
Viktor Dukhovni:
> Perhaps "postfix check" could generate a warning if DANE is enabled
> and non-local nameservers are found in /etc/resolv.conf (or and/or
> its chroot-jail version).
I think it would be entirely reasonable to share a DNS cache among
multiple systems within the same trusted perime
On 02/27/2013 01:21 AM, Viktor Dukhovni wrote:
On Tue, Feb 26, 2013 at 08:57:51PM -0500, b...@bitrate.net wrote:
When Postfix support for DANE (RFC 6698) is introduced, there will
be a requirement to operate a local nameserver that is DNSSEC aware
on any machine that wants to take advantage of
Hi,
It seems my service provider's network has been blocked by Hotmail.
After many correspondences, I was mailed by Hotmail that the issue was
cleared for one IP, however I gave them wrong one. So, I edited main.cf
and replaced inet_interfaces = all with inet_interfaces = the.ip.I.gave,
and r
65 matches
Mail list logo
