Re: Where to go to configure options for this Mail List

On 09/02/2014 08:33 PM, Wietse Venema wrote: L. D. James: Can someone advise me of where to go to configure my mail list options. When I first signed up I believe I recall a screen where I could select options like configuration when posting, daily archives, etc. I can't find that option at thi

Re: Where to go to configure options for this Mail List

L. D. James: > Can someone advise me of where to go to configure my mail list options. > When I first signed up I believe I recall a screen where I could select > options like configuration when posting, daily archives, etc. I can't > find that option at this time. This is a majordomo list wh

Where to go to configure options for this Mail List

Can someone advise me of where to go to configure my mail list options. When I first signed up I believe I recall a screen where I could select options like configuration when posting, daily archives, etc. I can't find that option at this time. I studied this page for this information, I mig

Re: deep protocol tests only on one specific IP

Am 02.09.2014 um 21:51 schrieb Wietse Venema: > li...@rhsoft.net: >> * i can't find how to enable "deep protocol tests" at all >> in the the docs while it is mentioned often >> http://www.postfix.org/POSTSCREEN_README.html#after_220 explains >> what it does and that it is disabled by defaul

Re: deep protocol tests only on one specific IP

li...@rhsoft.net: > * i can't find how to enable "deep protocol tests" at all > in the the docs while it is mentioned often > http://www.postfix.org/POSTSCREEN_README.html#after_220 explains > what it does and that it is disabled by default but not how > to enable it QUOTE from POSTSCREEN_

Re: SMTP AUTH SASL only from specified IP address

On Tue, Sep 02, 2014 at 07:25:15PM +0200, Lubomir Majersky wrote: > > # Postfix 2.10 or later, ocnsider: smtpd_relay_restrictions > > smtpd_recipient_restrictions = > > permit_mynetworks, > > check_client_access cidr:${config_directory}/allow-sasl.cidr, > > reject_unauth_desti

Re: deep protocol tests only on one specific IP

Am 02.09.2014 um 20:23 schrieb Wietse Venema: > li...@rhsoft.net: >> http://postfix.1071664.n5.nabble.com/postscreen-deep-protocol-tests-without-mail-delays-td20114.html >> >> i found that remembering the original discussion but seems i am >> blind today - how do i tell postscreen to use "deep pro

Re: 521 SMTP reply code (was: Null MX back from the dead)

On Tue, Sep 02, 2014 at 02:18:09PM -0400, Wietse Venema wrote: > > Yes, the recipient and sender basic response codes are backwards, > > this is a bug. It should/could be 521 for rejecting a nullmx sender > > domain, but definitely not for a nullmx recipient domain. > > Reply codes 221 and 421 t

Re: deep protocol tests only on one specific IP

li...@rhsoft.net: > http://postfix.1071664.n5.nabble.com/postscreen-deep-protocol-tests-without-mail-delays-td20114.html > > i found that remembering the original discussion but seems i am > blind today - how do i tell postscreen to use "deep protocol tests" > only on 192.168.196.2 but not for con

Re: 521 SMTP reply code (was: Null MX back from the dead)

Viktor Dukhovni: > On Tue, Sep 02, 2014 at 01:21:47PM -0400, Wietse Venema wrote: > > > Viktor Dukhovni: > > > > > > In the RFC editor queue as of 2014-08-29: > > > > > > https://datatracker.ietf.org/doc/draft-ietf-appsawg-nullmx/ > > > > Hmm. This text says: > > > >When a submission o

Re: How to pass the final recipient to a pipe command

On 02.09.2014 16:25, Wietse Venema wrote: > Michael: >> Hi, >> in master.cf I've defined a Procmail service that pipes a mail to >> Procmail for content filtering. >> >> procmail unix - n n - 10 pipe >>flags=Rq user=vmail null_sender= argv=/usr/bin/procmail -m

Re: 521 SMTP reply code (was: Null MX back from the dead)

On Tue, Sep 02, 2014 at 01:21:47PM -0400, Wietse Venema wrote: > Viktor Dukhovni: > > > > In the RFC editor queue as of 2014-08-29: > > > > https://datatracker.ietf.org/doc/draft-ietf-appsawg-nullmx/ > > Hmm. This text says: > >When a submission or SMTP relay server rejects an envelope

deep protocol tests only on one specific IP

http://postfix.1071664.n5.nabble.com/postscreen-deep-protocol-tests-without-mail-delays-td20114.html i found that remembering the original discussion but seems i am blind today - how do i tell postscreen to use "deep protocol tests" only on 192.168.196.2 but not for connections coming to the prima

Re: SMTP AUTH SASL only from specified IP address

main.cf: smtpd_sasl_exceptions_networks = # Don't exclude these !cidr:${config_directory}/allow-sasl.cidr, # Exclude the rest 0.0.0.0/0 allow-sasl.cidr: 192.0.2.0/24 permit_sasl_authenticated 10.0.0.0/8 permit_sasl_authenticated

521 SMTP reply code (was: Null MX back from the dead)

Viktor Dukhovni: > > In the RFC editor queue as of 2014-08-29: > > https://datatracker.ietf.org/doc/draft-ietf-appsawg-nullmx/ Hmm. This text says: When a submission or SMTP relay server rejects an envelope recipient due to a domain's null MX record, it SHOULD use a 521 reply code

Re: FYI: Null MX back from the dead

Le 02/09/2014 18:51, Viktor Dukhovni a écrit : > On Tue, Sep 02, 2014 at 06:44:19PM +0200, Robert Schetterer wrote: > >> so this stays as valid mx record ? >> >> $ dig -t mx airbus.com >> airbus.com. IN MX 0 vip-smtp.airbus.gmessaging.net. > Yes, of course. > >> and this is what nullmx is done righ

Re: FYI: Null MX back from the dead

On Tue, Sep 02, 2014 at 06:44:19PM +0200, Robert Schetterer wrote: > so this stays as valid mx record ? > > $ dig -t mx airbus.com > airbus.com. IN MX 0 vip-smtp.airbus.gmessaging.net. Yes, of course. > and this is what nullmx is done rightly? > > $ dig -t mx stoerseite.de > stoerseite.de. IN

Re: FYI: Null MX back from the dead

Am 02.09.2014 um 18:32 schrieb Viktor Dukhovni: > > In the RFC editor queue as of 2014-08-29: > > https://datatracker.ietf.org/doc/draft-ietf-appsawg-nullmx/ > hm ... A "Null MX" No Service Resource Record for Domains that Accept No Mail draft-ietf-appsawg-nullmx-08 .

Re: SMTP AUTH SASL only from specified IP address

Dňa 2. 9. 2014 16:36 Fernando Maior wrote / napísal(a): Also, if you look at smtpd_sasl_exceptions_networks you see: What remote SMTP clients the Postfix SMTP server will not offer AUTH support to. AUTH support I want to offer my clients/subnets only. This ensures that if occurs leak credent

FYI: Null MX back from the dead

In the RFC editor queue as of 2014-08-29: https://datatracker.ietf.org/doc/draft-ietf-appsawg-nullmx/ -- Viktor.

Re: SMTP AUTH SASL only from specified IP address

Dňa 2. 9. 2014 16:47 Viktor Dukhovni wrote / napísal(a): and the 'file.CIDR' contains: ! 195.98.0.0/19OK ! 195.98.128.0/19OK ! ...OK ! ...OK ! 212.26.160.0/19OK 0.0.0.0/0REJECT Is that so? Yes, that should work. No, that's invalid. The cidr_table(5) docume

Re: SMTP AUTH SASL only from specified IP address

On Tue, Sep 2, 2014 at 11:47 AM, Viktor Dukhovni wrote: > On Tue, Sep 02, 2014 at 09:15:32AM -0500, Noel Jones wrote: > > > > and the 'file.CIDR' contains: > > > > > > ! 195.98.0.0/19OK > > > ! 195.98.128.0/19OK > > > ! ...OK > > > ! ...OK > > > ! 212.26.160.0/19OK > > > 0.0.0

Re: SMTP AUTH SASL only from specified IP address

On Tue, Sep 02, 2014 at 09:15:32AM -0500, Noel Jones wrote: > > and the 'file.CIDR' contains: > > > > ! 195.98.0.0/19OK > > ! 195.98.128.0/19OK > > ! ...OK > > ! ...OK > > ! 212.26.160.0/19OK > > 0.0.0.0/0REJECT > > > > Is that so? > > Yes, that should work. No,

Re: SMTP AUTH SASL only from specified IP address

Hello, Also, I should be wary about using negates (!) on rules. I understand you know the use of postmap command. I suggest using both notations (with ! and without ! before the cidr ip ranges) and using postmap extensively to test the real behaviour of the

Re: SMTP AUTH SASL only from specified IP address

Hello, Also, if you look at smtpd_sasl_exceptions_networks you see: What remote SMTP clients the Postfix SMTP server will not offer AUTH support to. You see, I suppose any cidr range within the file is a range for which postfix will NOT offer AUTH support. So, I believe that you should put "xx.x

Re: SMTP AUTH SASL only from specified IP address

Thanks, for reply. Yes, I use port 587, but I can not disable AUTH on port 25... I also have a unruly users... Lubo M. -- http://LuMaX.acom.sk Dňa 2. 9. 2014 16:15 Noel Jones wrote / napísal(a): On 9/2/2014 9:01 AM, Lubomir Majersky wrote: Thanks, I

Re: How to pass the final recipient to a pipe command

Michael: > Hi, > in master.cf I've defined a Procmail service that pipes a mail to > Procmail for content filtering. > > procmail unix - n n - 10 pipe >flags=Rq user=vmail null_sender= argv=/usr/bin/procmail -m > /etc/procmailrc ${sender} ${recipient} ${doma

Re: SMTP AUTH SASL only from specified IP address

Certainly, the ideal situation does not exist... - webmail - I solved webmail (...delay between sending individual e-mails, restriction max recipients, login from some country... etc) - If you find that there was a leak credentials, I am blocking a legitimate user account (change password)..

How to pass the final recipient to a pipe command

Hi, in master.cf I've defined a Procmail service that pipes a mail to Procmail for content filtering. procmail unix - n n - 10 pipe flags=Rq user=vmail null_sender= argv=/usr/bin/procmail -m /etc/procmailrc ${sender} ${recipient} ${domain} The ${recipient}

Re: postfix + smtpauth + multiple remote mail hosts setup

> I need this postfix server to auth the users to their respective > mail server using imap/pop authentication > ... > postfix will need to query the ldap server first to find out the > mailserver of domainA.com in order to do pop/imap auth Postfix is not a POP/IMAP login proxy. Instead, Postfix

Re: SMTP AUTH SASL only from specified IP address

On 9/2/2014 9:01 AM, Lubomir Majersky wrote: > Thanks, I overlooked. So if I understand it, this should be: > > smtpd_sasl_exceptions_networks = cidr: /path/to/file.CIDR no space between map:file = cidr:/path/to/file.cidr > > and the 'file.CIDR' contains: > > ! 195.98.0.0/19OK

Re: SMTP AUTH SASL only from specified IP address

Thanks, I overlooked. So if I understand it, this should be: smtpd_sasl_exceptions_networks = cidr: /path/to/file.CIDR and the 'file.CIDR' contains: ! 195.98.0.0/19 OK ! 195.98.128.0/19 OK ! ... OK ! ... OK ! 212.26.160.0/19 OK 0.0.0.0/0 REJECT Is that so?

Re: SMTP AUTH SASL only from specified IP address

Hi, Just think about this: some real and legitimate user may have his/her computer invaded, and used for sending non-authorized e-mails via his/her authorized account. How can this be countered? Because the computer IS in a non-restricted ip range, the user IS authorized and everything else is fi

Re: SMTP AUTH SASL only from specified IP address

Hi, I use the FW restrictions, but I can not block the relevant clients from foreign. Therefore, I need to block already authenticated clients, based on written: "Sometimes it happens that my legitimate user has an infected computer and occurs leak credentials, for example to Asia and then

Re: SMTP AUTH SASL only from specified IP address

On Tue, Sep 02, 2014 at 06:45:32AM -0500, Noel Jones wrote: > To answer your question above about 1000 entries in the main.cf > parameter, that sounds like a bad idea. It probably wouldn't give > an error, but would likely make smtpd slow to start, maybe > significantly so. I doubt it's ever bee

Re: SMTP AUTH SASL only from specified IP address

Hello, What about using iptables or other firewall ruling to rule out connections for SMTP from those CIDR ranges? Atenciosamente, --- Fernando Maciel Souto Maior Projetos e Soluções de Tecnologia (31) 9226-9440 TIM On Tue, Sep 2, 2014 at 8:45 AM, Noel Jones wrote: > On 9/2/2014 5:39 AM, Lubo

Re: SMTP AUTH SASL only from specified IP address

On 9/2/2014 5:39 AM, Lubomir Majersky wrote: > Hi, > > sorry for my english. I would like to allow access for clients > who are already authenticated (SMTP AUTH SASL), but from specified > IP address ranges only. > > In the Internet I found various posts. I found something that > interest

Re: Postfix 2.12 ETA?

LuKreme: > I've probably missed something on the list as I've had my attention > on other things, but is there and ETA on postfix 2.12 moving to > stable/official? Not looking for a hard and fast date just something > like "Yeah, soon." or "A few weeks/months more" or "are you looney, > it's been o

Re: postfix + smtpauth + multiple remote mail hosts setup

s3c0ndsky yahoo.com> writes: > > > hi guys. > > need your help in setting up a postfix mailserver. > > Basically I have a several mail servers which running different > platform/software and hosting quite a number of domains. > Now, all I want to setup is ... a single smtp-auth server using p

SMTP AUTH SASL only from specified IP address

Hi, sorry for my english. I would like to allow access for clients who are already authenticated (SMTP AUTH SASL), but from specified IP address ranges only. In the Internet I found various posts. I found something that interested me: http://serverfault.com/questions/476451/postfix-allow-