Re: split domain, relay by default

On 3/19/2013 7:24 PM, David Koski wrote: > I need to relay for a domain by default but deliver for specific users locally > (Dovecot). Configure the domain as a normal relay_domain, define the users in relay_recipient_maps. List the specific users to be delivered by dovecot in transport pointin

Re: safe setup of smtpd_relay_restrictions and smtpd_recipient_restrictions

On 3/19/2013 7:11 PM, Steve Jenkins wrote: > On Tue, Mar 19, 2013 at 4:30 PM, Matthew Hall > wrote: > > It seems like I keep seeing you on every crypto and security list! > Thanks for being there and assisting people so often. > > > Based on the feedback f

Re: What does Postfix do with a 554 on connection?

Reindl Harald: > Am 20.03.2013 00:54, schrieb Wietse Venema: > > Reindl Harald: > >>> I don't think that Postfix has ever distinguished between 5xx codes > >>> at this protocol stage. The documentation says: > >>> > >>>smtp_skip_5xx_greeting (default: yes) > >>> > >>>Skip remote SMTP se

split domain, relay by default

I need to relay for a domain by default but deliver for specific users locally (Dovecot). I have done this before by adding the domain to virtual_mailbox_domains and adding to the transport map in the following manner: da...@kosmosisland.com : kosmosisland.com smtp: This relays by default but

Re: safe setup of smtpd_relay_restrictions and smtpd_recipient_restrictions

On Tue, Mar 19, 2013 at 4:30 PM, Matthew Hall wrote: > It seems like I keep seeing you on every crypto and security list! > Thanks for being there and assisting people so often. Based on the feedback from Viktor, I've made some similar changes in my 2.10 config. It's close to Matthew's, but di

Re: What does Postfix do with a 554 on connection?

Am 20.03.2013 00:54, schrieb Wietse Venema: > Reindl Harald: >>> I don't think that Postfix has ever distinguished between 5xx codes >>> at this protocol stage. The documentation says: >>> >>>smtp_skip_5xx_greeting (default: yes) >>> >>>Skip remote SMTP servers that greet with a 5XX s

Re: What does Postfix do with a 554 on connection?

Reindl Harald: Checking application/pgp-signature: FAILURE -- Start of PGP signed section. [ Charset ISO-8859-1 unsupported, converting... ] > > > Am 20.03.2013 00:26, schrieb Wietse Venema: > > John Levine: > >> RFC 5321 says that if a mail server gives an initial banner with a 554 > >> status

Re: What does Postfix do with a 554 on connection?

Am 20.03.2013 00:26, schrieb Wietse Venema: > John Levine: >> RFC 5321 says that if a mail server gives an initial banner with a 554 >> status code, that means "no mail server here", so the client should do >> whatever it normally does on a connection failure, looking for another >> MX at equal o

Re: safe setup of smtpd_relay_restrictions and smtpd_recipient_restrictions

Hi Viktor, On Tue, Mar 19, 2013 at 3:37 PM, Viktor Dukhovni wrote: > Fine, but you often don't want reject_unknown_recipient_domain in > any restrictions. It is not needed for inbound MX hosts, and > interacts poorly with MUA clients on outbound MSAs. It is only > useful on outbound relays that

Re: What does Postfix do with a 554 on connection?

John Levine: > RFC 5321 says that if a mail server gives an initial banner with a 554 > status code, that means "no mail server here", so the client should do > whatever it normally does on a connection failure, looking for another > MX at equal or lower priority. I don't think that Postfix has ev

Re: Totally disable cache from postscreen?

2013/3/19 Wietse Venema > Joan: > > Hello, I am using postscreen to do some tests on a system, I would like > to > > disable the caching of users that postcreen does (I am basically testing > > Have you tried setting postscreen_cache_map parameter? > I finally could test it, when setting it to e

What does Postfix do with a 554 on connection?

RFC 5321 says that if a mail server gives an initial banner with a 554 status code, that means "no mail server here", so the client should do whatever it normally does on a connection failure, looking for another MX at equal or lower priority. This is different from 554 later in the SMTP session,

Re: safe setup of smtpd_relay_restrictions and smtpd_recipient_restrictions

On Tue, Mar 19, 2013 at 03:25:01PM -0700, Matthew Hall wrote: > smtpd_relay_restrictions = > permit_sasl_authenticated, > permit_mynetworks, > reject_unauth_destination Perfect. > smtpd_recipient_restrictions = >reject_invalid_hostname, >reject_non_fqdn_hostname, >reject_

safe setup of smtpd_relay_restrictions and smtpd_recipient_restrictions

Hello, I am trying to update my configuration in light of the new smtpd_relay_restrictions in Postfix 2.10. I did read some threads and documentation, but I am a bit confused about which reject_* should be in each rulechain. I am hoping someone could quickly check my work, and let me know if I'm

Re: LDAP canonical_maps and domain rewriting

On Tue, Mar 19, 2013 at 08:00:51PM +0100, Patrick Lists wrote: > On 03/19/2013 04:22 PM, Viktor Dukhovni wrote: > >Nothing unusual at all about canonical mapping, the only anomaly > >I'm making a fuss about is the underlying data model. It is OK to > >turn secondary addresses into primary, it is

Re: Duplicate Emails Sent RESTATED

Thanks Noel, I am going to set up a defined test and look into sendmail/procmail thoughts Ed > > From: Noel Jones >To: postfix-users@postfix.org >Sent: Tuesday, March 19, 2013 12:41 PM >Subject: Re: Duplicate Emails Sent RESTATED > >On 3/19/2013 10:50 AM, E

Re: Spamass-milter and Postfix 2.10

Am 19.03.2013 18:37, schrieb The Doctor: > > > Try spamass-milter on Postfix 2.10 > > Using http://www.malgouyres.fr/linux/spamass-milter_postfix_en.html > > and got > > Mar 19 11:25:16 doctor spamass-milter[23742]: Could not retrieve sendmail > macro "i"!. Please add it to confMILTER_MACROS

Re: LDAP canonical_maps and domain rewriting

Hi Viktor, My apologies for getting your name wrong on the previous email. On 03/19/2013 04:22 PM, Viktor Dukhovni wrote: Nothing unusual at all about canonical mapping, the only anomaly I'm making a fuss about is the underlying data model. It is OK to turn secondary addresses into primary, i

Re: Cannot get mail to work

On 3/19/13 12:42 PM, CS DBA wrote: Hi All; I have a Scientific Linux 6.3 KVM guest, running on a Scientific Linux 6.3 host. I cannot get mail/sendmail/etc to work. I want to get it up so mediawiki can send passwords upon user request. I'm pretty famaliar with Linux biut not so much on the

Re: SMTP authentication

Il 19/03/2013 19:30, Viktor Dukhovni ha scritto: On Tue, Mar 19, 2013 at 06:47:42PM +0100, Matteo Marescotti wrote: Il 19/03/2013 17:41, Viktor Dukhovni wrote: On Tue, Mar 19, 2013 at 02:18:51PM +, Matteo Marescotti wrote: submission inet n - - - - smtpd

Cannot get mail to work

Hi All; I have a Scientific Linux 6.3 KVM guest, running on a Scientific Linux 6.3 host. I cannot get mail/sendmail/etc to work. I want to get it up so mediawiki can send passwords upon user request. I'm pretty famaliar with Linux biut not so much on the mail / networking side. We use go

Re: Totally disable cache from postscreen?

Joan: > Hello, I am using postscreen to do some tests on a system, I would like to > disable the caching of users that postcreen does (I am basically testing Have you tried setting postscreen_cache_map parameter? Wietse

Re: SMTP authentication

On Tue, Mar 19, 2013 at 06:47:42PM +0100, Matteo Marescotti wrote: > Il 19/03/2013 17:41, Viktor Dukhovni wrote: > >On Tue, Mar 19, 2013 at 02:18:51PM +, Matteo Marescotti wrote: > > > >>submission inet n - - - - smtpd > >> -o smtpd_tls_security_level=encrypt >

RE: always_bcc

Thanks Victor > Date: Mon, 18 Mar 2013 19:43:06 + > From: postfix-us...@dukhovni.org > To: postfix-users@postfix.org > Subject: Re: always_bcc > > On Mon, Mar 18, 2013 at 02:42:23PM -0400, Jumping Mouse wrote: > > > I have set up always_bcc = jour...@mydomain.org for an email > > archiving

Re: SMTP authentication

Am 19.03.2013 18:47, schrieb Matteo Marescotti: > 250 DSN > mail from: > 250 2.1.0 Ok > rcpt to: > 554 5.7.1 : Client host rejected: Access denied > > because user authentication is now required. I simply wondered why the client > is rejected after "rcpt to" and not > just after "mail from". Ma

RE: always_bcc

Thank you for the reply! > Jumping Mouse: > > Hello everyone, > > > > I have set up always_bcc = jour...@mydomain.org for an email > > archiving account. How can bypass always_bcc for certain senders? > > It's called *always*_bcc for a reason... Yes that makes sense :-) > > > for example I d

Re: SMTP authentication

Il 19/03/2013 17:41, Viktor Dukhovni wrote: On Tue, Mar 19, 2013 at 02:18:51PM +, Matteo Marescotti wrote: submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authen

Spamass-milter and Postfix 2.10

Try spamass-milter on Postfix 2.10 Using http://www.malgouyres.fr/linux/spamass-milter_postfix_en.html and got Mar 19 11:25:16 doctor spamass-milter[23742]: Could not retrieve sendmail macro "i"!. Please add it to confMILTER_MACROS_ENVFROM for better spamassassin results Mar 19 11:26:09 doc

mopher and postfix 2.10

Just trying out the new mopher but I run into r 19 11:06:12 doctor doctor[31]: postfix/smtpd[16632]: warning: milter unix:/var/spool/postfix/mopherd/mopherd.sock: can't read SMFIC_CONNECT reply packet header: Operation timed out Why? -- Member - Liberal International This is doc...@nl2k.

Re: Duplicate Emails Sent RESTATED

On Tue, 19 Mar 2013, Ed wrote: Hi All. I am experiencing an issue with the following: The scenario:   From: a...@site1.com To:      b...@site2.com CC:    m...@site3.com   After receiving the email CC at site 3, site 3 is sending out emails to everyone on the original, basically a duplicate ema

Re: Totally disable cache from postscreen?

On Mar 19, 2013, at 17:22, Joan wrote: > Hello, I am using postscreen to do some tests on a system, I would like to > disable the caching of users that postcreen does (I am basically testing some > stuff reacting on late HELO) > So far I couldn't find a way to totally or mostly disable the cach

Re: SMTP authentication

On Tue, Mar 19, 2013 at 02:18:51PM +, Matteo Marescotti wrote: > submission inet n - - - - smtpd > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o milter_macro_daemon_

Re: Duplicate Emails Sent RESTATED

On 3/19/2013 10:50 AM, Ed wrote: > Hi All. > > I am experiencing an issue with the following: > > The scenario: > > From: a...@site1.com > To: b...@site2.com > CC:m...@site3.com > > After receiving the email CC a

Re: SMTP authentication

On 3/19/2013 9:18 AM, Matteo Marescotti wrote: > Hello, > I have a question for you about authentication on port 587. At the > moment, my mailserver is configured as follows: > > main.cf: > ... > smtpd_use_tls=yes > smtpd_tls_auth_only = yes > smtpd_sasl_auth_enable = yes > mynetworks = 127.0.0.0/

Totally disable cache from postscreen?

Hello, I am using postscreen to do some tests on a system, I would like to disable the caching of users that postcreen does (I am basically testing some stuff reacting on late HELO) So far I couldn't find a way to totally or mostly disable the caching, this is what I tried (I would like to apply th

Duplicate Emails Sent RESTATED

Hi All. I am experiencing an issue with the following: The scenario:   From: a...@site1.com To:      b...@site2.com CC:    m...@site3.com   After receiving the email CC at site 3, site 3 is sending out emails to everyone on the original, basically a duplicate email arrives to the sender and eve

Re: LDAP canonical_maps and domain rewriting

On Tue, Mar 19, 2013 at 09:02:51AM -0300, Fernando Maior wrote: > All this seems to be something very different from what postfix and other > smtp usually does. So, may be the problem is with the concept, not with the > implementation. > > May I ask you why you need to change the domain name part

Re: LDAP canonical_maps and domain rewriting

Hi Fernando, On 03/19/2013 01:02 PM, Fernando Maior wrote: Hello, All this seems to be something very different from what postfix and other smtp usually does. So, may be the problem is with the concept, not with the implementation. May I ask you why you need to change the domain name part of t

SMTP authentication

Hello, I have a question for you about authentication on port 587. At the moment, my mailserver is configured as follows: main.cf: ... smtpd_use_tls=yes smtpd_tls_auth_only = yes smtpd_sasl_auth_enable = yes mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 smtpd_recipient_restrictions

Re: Duplicate Emails Sent

On Tue, 19 Mar 2013, Ed wrote: I have control over the site3 SMTP where the problem is. It is recent installation, late last year.  Is there a rule in postfix that i missed perhaps? Then please follow the directions you received when you joined the list and include the "postconf -n" output fr

Re: Duplicate Emails Sent

Hi Larry, > > From: Larry Stone >To: "postfix-users@postfix.org Users" >Sent: Tuesday, March 19, 2013 7:46 AM >Subject: Re: Duplicate Emails Sent > >We generally do not top post on this list. Please keep replies in-line. > >Ok... > > >On Mar 19, 2013, at 6:1

Re: LDAP canonical_maps and domain rewriting

Hello, All this seems to be something very different from what postfix and other smtp usually does. So, may be the problem is with the concept, not with the implementation. May I ask you why you need to change the domain name part of the mail delivery address? Can you provide us with information

Re: Duplicate Emails Sent

We generally do not top post on this list. Please keep replies in-line. On Mar 19, 2013, at 6:17 AM, Ed wrote: > I have requested the info from site1. > From your initial description, it appears the problem is with site3. Site1 information will probably not be helpful. > I looked for the SMT

Re: Duplicate Emails Sent

Hi Victor, I have requested the info from site1. I looked for the SMTP RCPT TO command in the man file. Could you provide a hint as to the configuration parameter? Ed > > From: Victor d'Agostino >To: postfix-users@postfix.org >Sent: Monday, March 18, 2013

Re: Secure alternative to smtp_sasl_password_maps?

On 18 March 2013 23:31, Dominik George wrote: > Hi, > > imho, the best approach to getting a road-warrior (laptop) authenticated > as a sattelite sytem using your central MTA as a relayhost is have it in > mynetworks. As in, connect it to the MTA through a VPN tunnel. Hey Dominik! Intriguing ide

Re: Realtime log reporting when postfix delivers mails

Am 16.03.2013 22:11, schrieb Reinaldo Gil Lima de Carvalho: > We need a structured log to avoid parsing. I talk with Wietse in the year > 2011 at FISL conference (Porto Alegre/Brasil). > > The second problem is load this data to a database. Rsyslog put the data in a > single column, and use full