Rob Tanner skrev den 2013-06-14 00:18:
As requested. I suppose I could grab the queue ID and back track to
the sender but when the logs get long (which they do, half a million
or more lines) these scans can take a while and I'm trying to capture
this info in real time (more or less):
big logs c
/dev/rob0 skrev den 2013-06-15 05:27:
I think the OP will have to fix the logging problem before we can
solve this issue.
it would be more relative simple to use more default settings, if OP is
unsure what to do
sorry if i write it such it could be missunderstandelble :(
--
senders that pu
On Sat, Jun 15, 2013 at 03:45:02AM +0200, Benny Pedersen wrote:
> Nabil Alsharif skrev den 2013-06-15 02:59:
>
> >>> smtp_tls_note_starttls_offer = yes
> >>> smtp_use_tls = yes
> >>
> >>smtp_ is for sending
> >Ok so these two options are telling Postfix to check if STARTTLS
> >is offered by the p
Jan Kohnert skrev den 2013-06-15 03:58:
Well, no, it disables AUTH without tls/ssl but not STARTTLS, IIRC.
starttls have nothing to do with auth or not
auth users can still send plain passwords over unsecured smtpd client
connections, starttls just secure there passwords, so tcpdumpers cant
Am Samstag, 15. Juni 2013, 03:45:02 schrieb Benny Pedersen:
> Nabil Alsharif skrev den 2013-06-15 02:59:
> >>> smtpd_tls_auth_only = yes
> >>
> >> this disable starttls since we already is using ssl/tls now
> >
> > huh? This part I don't quite understand. How are we disabling TLS?
> > Where was
/dev/rob0 skrev den 2013-06-15 03:22:
What you showed us should have announced STARTTLS. I would guess the
problem is related to the single file certificate+key+CAs. Since you
mentioned upthread that no errors are logged, check your syslogd (try
restarting it.) These errors would be logged.
st
Nabil Alsharif skrev den 2013-06-15 02:59:
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtp_ is for sending
Ok so these two options are telling Postfix to check if STARTTLS is
offered by the peer and use TLS if available, right?
correct
smtpd_banner = $myhostname ESMTP
smtpd
On Sat, Jun 15, 2013 at 01:57:12AM +0200, Nabil Alsharif wrote:
> I just setup postfix on my server but I'm having a problem with
> TLS. I have TLS configured, there are no errors in the log, but
> the server does not announce TLS support.Here is the output
> relevant output from 'postconf -n', t
On 06/15/2013 02:39 AM, Wietse Venema wrote:
Have you looked at all the warning messages in the maillog file?
Yes I have, there are no errors or warnings. 'postfix check' doesn't
return any warnings or errors either.
On 06/15/2013 02:38 AM, Benny Pedersen wrote:
Nabil Alsharif skrev den 2013-06-15 01:57:
please disable html
My bad..
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtp_ is for sending
Ok so these two options are telling Postfix to check if STARTTLS is
offered by the peer and u
wie...@porcupine.org skrev den 2013-06-15 02:36:
My advice is to avoid installing multiple Berkeley DB copies, and
to use the Berkeley DB that comes with the operating system.
locate postfix/postscreen
ldd
will show the problem why it fails
under gentoo its "ldd /usr/libexec/postfix/postscr
Nabil Alsharif:
> Hi everyone,
>
> I just setup postfix on my server but I'm having a problem with TLS. I
> have TLS configured, there are no errors in the log, but the server does
> not announce TLS support.Here is the output relevant output from
> 'postconf -n', the full output is at the end
Nabil Alsharif skrev den 2013-06-15 01:57:
please disable html
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtp_ is for sending
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions = permit_mynetworks
reject_unauth_destination
smtpd_tls_CAfile = /etc/pki/dovecot/ce
Robert Lopez:
> 1) postfix/postscreen[]: fatal: error [-30986] seeking
> /var/lib/postfix/postscreen_cache.db: Success
Wietse:
> Your Berkeley DB is screwed up.
>
> Code fragment from src/util/dict_db.c:
>
> status =
> dict_db->cursor->c_get(dict_db->cursor, &db_key, &db_value,
>
wie...@porcupine.org skrev den 2013-06-13 21:32:
Ravindra Gupta // Viva:
Jun 12 20:29:27 ems31 postfix/smtp[1816]: CC78D22400E:
to=, relay=imap.eemail.example.com[10.0.0.125]:25,
delay=0.86, delays=0.01/0/0.42/0.42, dsn=5.0.0, status=bounced (host
imap.eemail.example.com[10.0.0.125] said: 550 Ac
Ravindra Gupta // Viva skrev den 2013-06-13 21:02:
So how we will resolve the issue. Please let me know for your
valuable suggestion.
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#Recipient
address verification
frontend accept and bounce problems
--
senders that put my email into
Hi everyone,
I just setup postfix on my server but I'm having a problem with TLS. I
have TLS configured, there are no errors in the log, but the server does
not announce TLS support.Here is the output relevant output from
'postconf -n', the full output is at the end of the message:
-
On Fri, Jun 14, 2013 at 3:09 PM, Wietse Venema wrote:
> Robert Lopez:
>> I am trying to understand the cause/causes of these log lines:
>>
>> 1) postfix/postscreen[]: fatal: error [-30986] seeking
>> /var/lib/postfix/postscreen_cache.db: Success
>
> Your Berkeley DB is screwed up.
>
> Code fra
Simon B skrev den 2013-06-14 18:00:
/etc/postfix $netstat -plan | grep ':25' | grep ESTAB
tcp0 0 xx.xx.xx.xx:25 181.66.192.196:11798
ESTABLISHED
17329/smtpd
tcp0 0 xx.xx.xx.xx:25 77.42.140.151:54112
ESTABLISHED -
tcp0 0 xx.xx.xx.xx:25 109.
On 06/14/2013 11:08 PM, Ben Greenfield wrote:
Hey All,
Please excuse my loose terminology in the following description as I barely
know what I'm doing.
I have a strange problem where I'm unable to send some mail from mailman using
a postfix installation on the same host.
I have postfix mail_
Robert Lopez:
> I am trying to understand the cause/causes of these log lines:
>
> 1) postfix/postscreen[]: fatal: error [-30986] seeking
> /var/lib/postfix/postscreen_cache.db: Success
Your Berkeley DB is screwed up.
Code fragment from src/util/dict_db.c:
/*
* Database lookup.
Hey All,
Please excuse my loose terminology in the following description as I barely
know what I'm doing.
I have a strange problem where I'm unable to send some mail from mailman using
a postfix installation on the same host.
I have postfix mail_version 2.8.4 I have users authenticating and s
wrt: mail_version = 2.10.0
I am trying to understand the cause/causes of these log lines:
1) postfix/postscreen[]: fatal: error [-30986] seeking
/var/lib/postfix/postscreen_cache.db: Success
2) postfix/master[4070]: warning: process
/usr/libexec/postfix/postscreen pid 4366 exit status 1
3)
Bernhard Schmidt:
> This gets even worse when the mail has two recipients ... doesnotexist@
> does not exist, t1@ does...
>
> mail from:
> 250 2.1.0 Sender OK
> rcpt to:
> 250 2.1.5 Recipient OK
> rcpt to:
> 250 2.1.5 Recipient OK
> data
> 354 Start mail input; end with .
> test
> .
> 550 5.1.
Am 14.06.2013 18:00, schrieb Simon B:
> On 14 June 2013 17:44, c cc wrote:
>>
>> Hi,
>>
>> For the last few days, I noticed that our postfix server had crawl to a halt
>> due to some kind of email attack. As you can see below, there were a lot of
>> smtp connections. I was wondering if there is a
On Fri, 14 Jun 2013 17:10:16 +0200, Bernhard Schmidt
wrote:
> This gets even worse when the mail has two recipients
> ... doesnotexist@ does not exist, t1@ does...
>
> mail from:
> 250 2.1.0 Sender OK
> rcpt to:
> 250 2.1.5 Recipient OK
> rcpt to:
> 250 2.1.5 Recipient OK
> data
> 354 Start
On Fri, Jun 14, 2013 at 06:00:37PM +0200, Simon B wrote:
> On 14 June 2013 17:44, c cc wrote:
> >
> > Hi,
> >
> > For the last few days, I noticed that our postfix server had crawl to a halt
> > due to some kind of email attack. As you can see below, there were a lot of
> > smtp connections. I w
On Fri, Jun 14, 2013 at 05:53:03PM +0200, Jan P. Kessler wrote:
> >I would have expected SHA-2 support as of OpenSSL 1.0.0a.
>
> Ok, so the problem seems to be clear. The system uses an ancient
> openssl version (sunfreeware package):
>
> libssl.so.0.9.8 => /usr/local/ssl/lib/libssl.so.0
On 14 June 2013 17:44, c cc wrote:
>
> Hi,
>
> For the last few days, I noticed that our postfix server had crawl to a halt
> due to some kind of email attack. As you can see below, there were a lot of
> smtp connections. I was wondering if there is a way to stop this from
> Postfix? Thanks!
>
>
Signature Algorithm: sha256WithRSAEncryption
It looks your OpenSSL library does not enable this via
OpenSSL_add_ssl_algorithms().
The use of certificates with signature algorithms other than MD5
and SHA-1 is supposed to be negotiated via TLSv1.2, plain SSLv3/TLSv1
do not have a way to neg
Hello,
this is Semi-OT but since a lot of people run Postfix before Exchange I
hope to find some knowledge here. Also heads-up :-)
We have a couple of Exchange customers behind our frontend MX servers.
We don't turn them up until they have configured their HBT servers to
reject unknown recip
On Fri, Jun 14, 2013 at 12:24:39PM +0200, Jan P. Kessler wrote:
> Jun 14 10:24:47 rv-smtpext-101 postfix/smtpd[5847]: [ID 197553
> mail.info] mail.dgverlag.de[145.253.80.6]: Untrusted:
> subject_CN=DGVDEX.DGVERLAG.DE, issuer=VR IDENT SSL CA 2011,
> fingerprint=3D:5A:B2:71:E2:62:07:88:E5:68:BC:AB:8
On Fri, Jun 14, 2013 at 12:48:51PM +0200, Bastian Blank wrote:
> On Fri, Jun 14, 2013 at 12:37:11PM +0200, Petar Bogdanovic wrote:
> > It's a milter that some people on this list might find useful.
>
> So it only supports what the milter server can do.
Mopher is a milter (or mail filter) and the
>> Jun 14 10:24:47 rv-smtpext-101 postfix/smtpd[5847]: [ID 197553
>> mail.info] certificate verification failed for
>> mail.dgverlag.de[145.253.80.6]: untrusted issuer
>> /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
> Why do you check client certificates?
Because we authenticate/w
Bastian Blank skrev den 2013-06-14 12:08:
+ PSL (by Mozilla, see http://publicsuffix.org/)
What is the use for this? This all is focused on web.
patch postfix to not accept mails with dns A/ records, there is
ignorants everywhere
--
senders that put my email into body content will deli
On Fri, Jun 14, 2013 at 12:37:11PM +0200, Petar Bogdanovic wrote:
> On Fri, Jun 14, 2013 at 12:08:00PM +0200, Bastian Blank wrote:
> > On Fri, Jun 14, 2013 at 08:50:42AM +0200, Manuel Badzong wrote:
> > > I would like to introduce mail gopher, a new all-in-one, MIT-licensed
> > > mail filter.
> > H
On Fri, Jun 14, 2013 at 11:55:27AM +0200, postfix wrote:
> forgot LDAP support?
Yes. And probably other items too. It's really an open-end list..
Petar Bogdanovic
On Fri, Jun 14, 2013 at 12:24:39PM +0200, Jan P. Kessler wrote:
> currently we are experiencing problems with an incoming SMTP/TLS
> connection. Remote side is an Ironport device, we are using postfix
> 2.8.13 on solaris 10.
Please show "postconf -n".
> Jun 14 10:24:47 rv-smtpext-101 postfix/smtp
On Fri, Jun 14, 2013 at 12:08:00PM +0200, Bastian Blank wrote:
> On Fri, Jun 14, 2013 at 08:50:42AM +0200, Manuel Badzong wrote:
> > I would like to introduce mail gopher, a new all-in-one, MIT-licensed
> > mail filter.
>
> How does it relate to Postfix?
It's a milter that some people on this lis
Jan P. Kessler:
> Jun 14 10:24:47 rv-smtpext-101 postfix/smtpd[5847]: [ID 947731
> mail.warning] warning: TLS library problem: 5847:error:0D0C50A1:asn1
> encoding routines:ASN1_item_verify:unknown message digest
> algorithm:a_verify.c:146:
> Jun 14 00:31:58 rv-smtpext-201 postfix/smtpd[22673]: [ID
Hi,
currently we are experiencing problems with an incoming SMTP/TLS
connection. Remote side is an Ironport device, we are using postfix
2.8.13 on solaris 10. The problem exists only for incoming mails
(ironport to postfix), the other direction works fine. It happens for
both opportunistic (which
On Fri, Jun 14, 2013 at 08:50:42AM +0200, Manuel Badzong wrote:
> I would like to introduce mail gopher, a new all-in-one, MIT-licensed
> mail filter.
How does it relate to Postfix? Postfix already does this with a bit of
help.
> Mopher can:
> + tarpit hosts
Bad idea in userspace. Bad idea
forgot LDAP support?
suomi
On 2013-06-14 08:50, Manuel Badzong wrote:
Hi,
I would like to introduce mail gopher, a new all-in-one, MIT-licensed
mail filter.
Mopher is designed to be lightweight, modular and extensible, has
several unique features and uses a very flexible and customizable
conf
> > Alternative/additional approach:
> >
> > smtp_fallback_relay_threshold_time (compare to
> > smtp_pix_workaround_threshold_time)
> >
> > How long a message must be queued before the Postfix SMTP client
> > passes the mail to the smtp_fallback_relay.
>
> A threshold would work, with the defaul
44 matches
Mail list logo
