Thanks guys, I used the php.ini suggestion but am in the process of integrating
phpmailer.
Thanks again for your time
Danny
On 1/02/2015 10:21 PM, Carl Brewer wrote:
On 1/02/2015 7:21 PM, Robert Schetterer wrote:
and where is your postfix conf..?
read i.e
http://de.postfix.org/httpmirror/postconf.5.html#smtpd_reject_unlisted_recipient
as well as other setup examples and conf stuff
I checked the server from an
LuKreme:
> On 05 Feb 2015, at 05:07 , Wietse Venema wrote:
> > Have you considered the possibility that the mail was sent with a
> > bogus Delivered-To: header (i.e. the header is present, but not
> > added by Postfix).
>
> Yes, but I'm unsure how to diagnose that.
header_checks:
/^Delivered-To:
Thank you very much for the information provided Noel.
Razvan Constantin
-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Noel Jones
Sent: Thursday, February 05, 2015 6:41 PM
To: postfix-users@postfix.org
Subject: Re: Reject
On 05 Feb 2015, at 05:07 , Wietse Venema wrote:
> Have you considered the possibility that the mail was sent with a
> bogus Delivered-To: header (i.e. the header is present, but not
> added by Postfix).
Yes, but I’m unsure how to diagnose that.
Here is a full dump of one of these files (with onl
I thought I'd post the contents of my master.cf file as well (for
completeness):
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix -
On 02/05/2015 09:58 AM, Christian Rößner wrote:
>
> Sorry, if I correct you (hopefully I am right…)
>
> This is not a profile I showed, this is the gcc compiler. And it is from the
> hardened stage tar ball:
>
> stage3-amd64-hardened-20121210.tar.bz2 (I kept it since install in / ;-) )
>
> mak
Charles Marcus:
> > check_recipient_access automatically makes queries for the email
> > address, the domain, and more. See access(5).
> >
> >> # postmap -q exemple.com hash:/etc/postfix/maps/hash/blacklisted_domains
> >> REJECT did you mean 'exAmple.com'?
> >>
> >> # postmap -q recipi...@exemple
Am 05.02.2015 um 22:26 schrieb SW:
li...@rhsoft.net wrote
Am 05.02.2015 um 22:00 schrieb SW:
smtpd_tls_exclude_ciphers = aNULL, eNULL, DES, 3DES, MD5, DES+MD5, RC4
disable DES *and* Rc4 is pure nonsense because it leads in some servers
not able to send mail to you at all and way more fall b
Am 05.02.2015 um 22:19 schrieb Charles Marcus:
Ok, Can't seem to figure this out...
I want to block sending to certain domains - in this case, a domain that
is typod...
Googling suggests this should work:
smtpd_relay_restrictions = check_recipient_access
${hash}/blacklisted_domains, permit_s
On 2/5/2015 4:35 PM, wie...@porcupine.org (Wietse Venema)
wrote:
> Charles Marcus:
>> Ok, Can't seem to figure this out...
>>
>> I want to block sending to certain domains - in this case, a domain that
>> is typod...
>>
>> Googling suggests this should work:
>>
>> smtpd_relay_restrictions = check_
Thanks Viktor. I have set it to:
smtpd_tls_exclude_ciphers = LOW, EXPORT, MD5
How does the rest of the config look? Secure? Any silly mistakes?
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Secure-config-main-cf-tp74536p74542.html
Sent from the Postfix Users mailing
Charles Marcus:
> Ok, Can't seem to figure this out...
>
> I want to block sending to certain domains - in this case, a domain that
> is typod...
>
> Googling suggests this should work:
>
> smtpd_relay_restrictions = check_recipient_access
> ${hash}/blacklisted_domains, permit_sasl_authenticated
On Thu, Feb 05, 2015 at 10:23:10PM +0100, li...@rhsoft.net wrote:
> Am 05.02.2015 um 22:00 schrieb SW:
> >smtpd_tls_exclude_ciphers = aNULL, eNULL, DES, 3DES, MD5, DES+MD5, RC4
>
> disable DES *and* RC4 is pure nonsense because it leads in some servers not
> able to send mail to you at all and wa
li...@rhsoft.net wrote
> Am 05.02.2015 um 22:00 schrieb SW:
>> smtpd_tls_exclude_ciphers = aNULL, eNULL, DES, 3DES, MD5, DES+MD5, RC4
>
> disable DES *and* Rc4 is pure nonsense because it leads in some servers
> not able to send mail to you at all and way more fall back to plain as
> needed
Goo
Am 05.02.2015 um 22:00 schrieb SW:
smtpd_tls_exclude_ciphers = aNULL, eNULL, DES, 3DES, MD5, DES+MD5, RC4
disable DES *and* Rc4 is pure nonsense because it leads in some servers
not able to send mail to you at all and way more fall back to plain as
needed
Ok, Can't seem to figure this out...
I want to block sending to certain domains - in this case, a domain that
is typod...
Googling suggests this should work:
smtpd_relay_restrictions = check_recipient_access
${hash}/blacklisted_domains, permit_sasl_authenticated,
permit_mynetworks, reject
black
Hi All
After building my new Postfix server I spent days securing it as best I
could. So far it seems to be running fine but I was wondering if someone
would mind having a look at my main.cf file to see if there are any
"holes"/issues in the config. I'm particularly interested to hear what
people
I test with fedora19 and CentOS7, the "-fPIE" or "-fpie" option works
with fedora19 and CentOS7.
The "-PIE" or "-pie" option is not worked.
On 02/05/2015 09:57 AM, Wietse Venema wrote:
Viktor Dukhovni:
So we should perhaps just ignore the "pie" option with MacOS/X.
Have not tried Yosetime yet
On 2/5/2015 8:00 AM, li...@rhsoft.net wrote:
>
> Am 05.02.2015 um 14:54 schrieb Inteq Solution - Dep. Tehnic:
>> Thank you for taking your time to reply Wietse,
>>
>> I might have been a bit ambiguous about my problem.
>> I know how to whitelist inbound u...@domain.com while rejecting
>> the all
>
On Thu, Feb 05, 2015 at 03:27:23PM +, Viktor Dukhovni wrote:
> smtp[]: : to=<...>, ... ()
> entries with the same , and are almost
> certainly a single "envelope" (especially if the next hop server
> includes a unique queue-id in its reply).
Okay, now i implemented it the following way.
> On Feb 3, 2015, at 7:11 PM, Viktor Dukhovni
> wrote:
>
> Yep, you're mistaken. This has nothing to do with SASL. What is
> failing is sender address verification (SAV).
>
>http://www.postfix.org/ADDRESS_VERIFICATION_README.html
While it was address verification, it turns out it wasn’t
On Thu, 5 Feb 2015 09:57:00 -0500 (EST), Wietse Venema stated:
> We can adopt the current "pie=yes" support into Postfix 3.0 with a
> note that this was tested on a few recent BSD and Linux distributions
> (it solves 90% of the problem). We can use the Postfix 3.1 cycle
> to make this idiot-proof
On Thu, Feb 05, 2015 at 02:34:09PM +0100, Markus Benning wrote:
> Is there a switch to enable connection logging I missed?
As Wietse pointed out, TLS connectiosn are never re-used. Non-TLS
connections may be re-used, in which case, the log entry shows
"conn_use=" for some count >= 2. Each log e
Am 05.02.2015 um 16:08 schrieb Wietse Venema:
li...@rhsoft.net:
what you you smoked to only quote the part of a sentence which makes no
Reindl, tone it down
sorry, but that style of quote out-of-context and then explain me what a
PTR is like i would not know such things better as most peop
Christian Rößner skrev den 2015-02-05 15:58:
If I am wrong, please contact me offlist. Then I would have to do a
lot of work to correct this problem. Hopefully not. ;-)
emerge -pev @world | grep hardened | wc -l
euses hardened
eselect profile list
pick a number that contains hardened
eselec
li...@rhsoft.net:
> what you you smoked to only quote the part of a sentence which makes no
Reindl, tone it down. Your spam load is not the same as what other
people see. Do not assume that what works for you is good advice
for the rest of the world. In my case, PTR-based rules do not solve
any p
Am 05.02.2015 um 15:58 schrieb Christian Rößner:
So at the moment I stay at my opinion that Postfix is running very stable wie
PIE ans SSP.
If I am wrong, please contact me offlist. Then I would have to do a lot of work
to correct this problem. Hopefully not. ;-)
postfix is running fine with
> Am 05.02.2015 um 13:20 schrieb Benny Pedersen :
>
> Christian Rößner skrev den 2015-02-05 12:07:
>
>> I am using Gentoo hardening:
>> rns root@mx ~ # gcc-config -l
>> [1] x86_64-pc-linux-gnu-4.8.3 *
>
> this is not hardened profile
Sorry, if I correct you (hopefully I am right…)
This is no
Viktor Dukhovni:
> So we should perhaps just ignore the "pie" option with MacOS/X.
> Have not tried Yosetime yet...
We can adopt the current "pie=yes" support into Postfix 3.0 with a
note that this was tested on a few recent BSD and Linux distributions
(it solves 90% of the problem). We can use t
Am 05.02.2015 um 15:28 schrieb Marcus Bointon:
On 5 Feb 2015, at 14:58, li...@rhsoft.net wrote:
... you don't need your ISP to configure that simple DNS record for your own
domain
Actually you usually do. When anyone does a reverse lookup on your IP, it will
point at the ISP's DNS, not you
On 5 Feb 2015, at 14:58, li...@rhsoft.net wrote:
>
> ... you don't need your ISP to configure that simple DNS record for your own
> domain
Actually you usually do. When anyone does a reverse lookup on your IP, it will
point at the ISP's DNS, not yours, so unless you have reverse delegation set
On Thu, Feb 05, 2015 at 02:25:00AM -0700, saulos wrote:
> Hi I have a problem with one provider "tiscali" when try to send to him I get
> this error
>
> postfix/smtp[13339]: 866B961BF5: TLS is required, but was not offered by
> host etb-4.mail.tiscali.it[213.205.33.62]
It is unwise to require TL
Am 2015-02-05 14:50, schrieb Микаел Бак:
Hi there,
On 02/04/2015 11:06 PM, li...@rhsoft.net wrote:
the truth is that a xx.xx.xx.xx-static-dsl.isp.tld is not a mailserver
just becaus eit contains the word "static" - in fact most of them are
ordinary office dsl lines with clients behind
True.
Hi again,
On 02/05/2015 02:58 PM, li...@rhsoft.net wrote:
frankly SPF is no rocket science and you don't need your ISP to
configure that simple DNS record for your own domain
Rocket science or not, most domain I have seen has NOT set up any SPF.
And many people argue that SPF creates more p
Am 05.02.2015 um 14:54 schrieb Inteq Solution - Dep. Tehnic:
Thank you for taking your time to reply Wietse,
I might have been a bit ambiguous about my problem.
I know how to whitelist inbound u...@domain.com while rejecting the all
other inbound from @domain.com
My problem is:
domainA.com is
Am 05.02.2015 um 14:50 schrieb Микаел Бак:
Hi there,
On 02/04/2015 11:06 PM, li...@rhsoft.net wrote:
the truth is that a xx.xx.xx.xx-static-dsl.isp.tld is not a mailserver
just becaus eit contains the word "static" - in fact most of them are
ordinary office dsl lines with clients behind
Tru
Thank you for taking your time to reply Wietse,
I might have been a bit ambiguous about my problem.
I know how to whitelist inbound u...@domain.com while rejecting the all
other inbound from @domain.com
My problem is:
domainA.com is an external domain
domainB.com is a domain hosted on my server.
Markus Benning:
> For smtp there are no connect/disconnect lines in my log.
> I tried debug_peer* but it is too verbose and still missing a
> clear connect/disconnect log message.
You have "TLS connection established" and "status=sent/bounced/deferred".
The Postfix SMTP client closes the TLS conne
Hi there,
On 02/04/2015 11:06 PM, li...@rhsoft.net wrote:
the truth is that a xx.xx.xx.xx-static-dsl.isp.tld is not a mailserver
just becaus eit contains the word "static" - in fact most of them are
ordinary office dsl lines with clients behind
True. Not nessassarily a mail server, but it co
Inteq Solution - Dep. Tehnic:
> somedomain.com REJECT
> Is there any way to REJECT a domain but allow inbound messages to a specific
> local user from the rejected domain?
u...@example.comDUNNO
example.com REJECT
If in doubt, RFTM:
ACCESS(5)
Hello,
for TLS statistics i'm counting the "TLS connection established"
lines for per connection statistics.
But i'm also collecting per message statistics.
This is possible for smtpd because it is also logging connect/disconnect:
smtpd[30784]: connect from english-breakfas... (unencrypted)
smtp
Christian Rößner skrev den 2015-02-05 12:07:
I am using Gentoo hardening:
rns root@mx ~ # gcc-config -l
[1] x86_64-pc-linux-gnu-4.8.3 *
this is not hardened profile
[2] x86_64-pc-linux-gnu-4.8.3-hardenednopie
[3] x86_64-pc-linux-gnu-4.8.3-hardenednopiessp
[4] x86_64-pc-linux-gnu-4.8.3-h
LuKreme:
>
> > On Feb 4, 2015, at 9:20 AM, Miles Fidelman
> > wrote:
> >
> > LuKreme wrote:
> >> I have a local user who is generating occasional mail forwarding loop
> >> errors, which are causing forged emails to cause NDNs and fill up mailq.
> >>
> >> Jan 30 13:46:08 mail postfix/local[441
Zitat von li...@rhsoft.net:
Am 05.02.2015 um 11:03 schrieb lst_ho...@kwsoft.de:
You are putting too much of meaning in a DNS token. There is no global
rule or RFC about the interpretation of the string forming this token.
I'm totaly free to call my host bad-host-static-0815.example.com.
whic
> Am 05.02.2015 um 06:51 schrieb Viktor Dukhovni :
>
> On Thu, Feb 05, 2015 at 01:04:58AM +, Viktor Dukhovni wrote:
>
>> On Wed, Feb 04, 2015 at 01:12:16PM -0500, Wietse Venema wrote:
>>
>>> Very lighty-tested patch follows. No INSTALL documentation until
>>> this has been tested.
>>>
>>>
Am 05.02.2015 um 11:03 schrieb lst_ho...@kwsoft.de:
You are putting too much of meaning in a DNS token. There is no global
rule or RFC about the interpretation of the string forming this token.
I'm totaly free to call my host bad-host-static-0815.example.com.
which is no problem because it don
Zitat von li...@rhsoft.net:
Am 04.02.2015 um 22:54 schrieb Noel Jones:
On 2/4/2015 3:12 PM, li...@rhsoft.net wrote:
*sadly* that sort of incoming rules is not widespreaded enough,
otherwise spam from infected botnet zombies would no longer exist
and frankly the rule for "IPhfc.comcastbus
my first answer was rejected ridiculously because it contained the word
subsc**e (BOUNCE postfix-users@postfix.org: Admin request of type
/\bsubs***ibe\b/i at line 7 )
Weitergeleitete Nachricht
Betreff: Re: unable to send email TLS not offered by host
Datum: Thu, 05 Feb 2015
Hi I have a problem with one provider "tiscali" when try to send to him I get
this error
postfix/smtp[13339]: 866B961BF5: TLS is required, but was not offered by
host etb-4.mail.tiscali.it[213.205.33.62]
Can I fix it or I will loose some security ?
How I stop the server to keep try to send to thi
Hello,
Using check_sender_access to REJECT a list of domains
Using the format:
somedomain.com REJECT
My searching skills seem to be subpar today, so I request your help.
Is there any way to REJECT a domain but allow inbound messages to a specific
local user from the rejecte
51 matches
Mail list logo