On 11/22/2014 6:03 PM, Wietse Venema wrote:
> deoren:
>> Is there a way to accomplish what the Linux Email book mentions?
>> Basically restricting use of your domain to your clients/backup
>> MX and using a custom response or log message to indicate what
>> rule blocked offenders?
>
> /etc/postfix
On Sat, Nov 22, 2014 at 08:10:38PM -0500, Wietse Venema wrote:
> Otherwise this requires new Postfix code. Giving this a few minutes
> of thought I came up with two designs.
>
> My simplest design is a new configurable DNS reply filter that can
> be used to ignore Google records (but it can
On 11/22/2014 5:10 PM, Wietse Venema wrote:
Darren Pilgrim:
if ipv4 is still working you could
- modify your local dns resolver to strip the part in it's answer
for the hosts in question
I thought about that, but the domains in question use DNSSEC and I
generally try not to break other pe
Darren Pilgrim:
> > if ipv4 is still working you could
> > - modify your local dns resolver to strip the part in it's answer
> > for the hosts in question
>
> I thought about that, but the domains in question use DNSSEC and I
> generally try not to break other people's protective measures. :
deoren:
> Is there a way to accomplish what the Linux Email book mentions?
> Basically restricting use of your domain to your clients/backup
> MX and using a custom response or log message to indicate what
> rule blocked offenders?
/etc/postfix/main.cf:
smtpd_client_restrictions =
perm
On 11/22/2014 1:12 PM, A. Schulze wrote:
Darren Pilgrim:
But now I have a second such doamin, and I'd like to head-off a
maintenance problem. All such domains use the same set of MXes, so
it's an obvious pattern to switch transports if the next hop is one
of the offending MXes.
if ipv4 is st
Darren Pilgrim:
But now I have a second such doamin, and I'd like to head-off a
maintenance problem. All such domains use the same set of MXes, so
it's an obvious pattern to switch transports if the next hop is one
of the offending MXes.
if ipv4 is still working you could
- modify your
I've run into a problem with a hosting service's IPv6 connectivity.
Their IPv6 broken such that they get odd transient failures. Normally
not a problem, but their anti-spam appliance or whatever they're using
in front of their mail servers hard-bounces on those failures instead of
following th
On November 22, 2014 10:22:12 AM CST, wie...@porcupine.org wrote:
>deoren:
>> permit_mynetworks, REJECT Unauthorized use of domain name
>
>Where does the Postfix documentation promise that you can do this?
>
> Wietse
Thanks for the reply. I know you are a busy guy and I appreciate the dire
Am 22.11.2014 um 17:19 schrieb Wietse Venema:
> Robert Schetterer:
>> Hi Andreas , there a "wide" reports that google sometimes fails somehow
>> with ipv6, i investigated in this hardly , it simply looks its their
>> bug, my best speculation goes in sometimes not working spf ipv6 stuff at
>> their
deoren:
> permit_mynetworks, REJECT Unauthorized use of domain name
Where does the Postfix documentation promise that you can do this?
Wietse
Robert Schetterer:
> Hi Andreas , there a "wide" reports that google sometimes fails somehow
> with ipv6, i investigated in this hardly , it simply looks its their
> bug, my best speculation goes in sometimes not working spf ipv6 stuff at
> their site
My domain has no SPF, but it signs all mail w
Zitat von "A. Schulze" :
wietse:
A. Schulze:
So instead implementing strange workarounds, one should search, find,
understand and fix the real problem.
Google bounced my mail because of a temp error. I changed nothing
in my DNS or DKIM. It's their bug, not mine.
I don't expect your setup
I was reading through "Linux Email" and it has an example policy where only
clients from "your" networks are allowed to use "your" domain in the sender
address:
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_access
# /etc/postfix/sender_access
example.com permit_mynetw
Am 22.11.2014 um 14:50 schrieb A. Schulze:
>
> wietse:
>
>> A. Schulze:
>>> So instead implementing strange workarounds, one should search, find,
>>> understand and fix the real problem.
>>
>> Google bounced my mail because of a temp error. I changed nothing
>> in my DNS or DKIM. It's their bug,
wietse:
A. Schulze:
So instead implementing strange workarounds, one should search, find,
understand and fix the real problem.
Google bounced my mail because of a temp error. I changed nothing
in my DNS or DKIM. It's their bug, not mine.
I don't expect your setup is obviously broken and al
Am 22.11.2014 um 13:45 schrieb Olivier CALVANO:
I'm trying to switch one of my email servers qmail postfix. This is a
server that only the relay.
I had two features on Qmail I can not find on the net for Postfix.
- On Qmail, I had a module that Rbl closed the connection after the from
/ to, i
hello,
I'm trying to switch one of my email servers qmail postfix. This is a
server that only the relay.
I had two features on Qmail I can not find on the net for Postfix.
- On Qmail, I had a module that Rbl closed the connection after the from /
to, it allowed me to log information.
- On Qmail
A. Schulze:
> So instead implementing strange workarounds, one should search, find,
> understand and fix the real problem.
Google bounced my mail because of a temp error. I changed nothing
in my DNS or DKIM. It's their bug, not mine.
Wietse
Peter:
Unfortunately the above solution assumes that all recipients that use
the google MX servers will have email addresses with google.com or
gmail.com domains.
(@Wietse: correct me, if I'm wrong)
that's a general consequence of postfix design.
postfix is destination domain centric. It does
> Am 22.11.2014 um 11:38 schrieb li...@rhsoft.net:
>
> surely - a footer is a footer and because it comes *everywhere* at the end it
> contains the neutral part of the message like contact and so on
>
> if you don#t want "smtpd_reject_footer" don't configure it
Yes, you are right. Sorry
posts
Am 22.11.2014 um 11:30 schrieb Christian Rößner:
One question: I also have set smtpd_reject_footer. So I get two reject texts.
The first comes from the patch, the second from smtpd_reject_footer. Is that
the normal wanted behavior?
surely - a footer is a footer and because it comes *everywhe
> Am 22.11.2014 um 10:11 schrieb Christian Rößner
> :
>
> I’ll give it a try.
…
-> STARTTLS
<- 220 2.0.0 Ready to start TLS
=== TLS started with cipher TLSv1:DHE-RSA-AES256-SHA:256
=== TLS no local certificate set
=== TLS peer DN="/OU=Go to
https://www.thawte.com/repository/index.html/OU=Tha
> Am 21.11.2014 um 23:23 schrieb Wietse Venema :
>
> Wietse Venema:
>> A. Schulze:
>>>
>>> smtpd_recipient_restrictions =
>>>check_foo_to_allow_something,
>>>reject "you did this or that wrong, call +49 ... for assistance"
>>>
>>>
>>> Is that possible?
>>
>> smtpd_recipient_restricti
> Am 21.11.2014 um 22:06 schrieb Wietse Venema :
>
> check_recipient_access static:{reject you did this or that ...}
>
> I'll post a patch in a little while. This takes four lines of code.
I would love to see this. I use current snapshots here, so I can use it, if it
has been implemented.
Tha
25 matches
Mail list logo
