Re: Change sender in php

2015-02-05 Thread Danny
Thanks guys, I used the php.ini suggestion but am in the process of integrating phpmailer. Thanks again for your time Danny

Re: postfix, cyrus imap, backscatter?

2015-02-05 Thread Carl Brewer
On 1/02/2015 10:21 PM, Carl Brewer wrote: On 1/02/2015 7:21 PM, Robert Schetterer wrote: and where is your postfix conf..? read i.e http://de.postfix.org/httpmirror/postconf.5.html#smtpd_reject_unlisted_recipient as well as other setup examples and conf stuff I checked the server from an

Re: Tracking down a mail forwarding loop

2015-02-05 Thread Wietse Venema
LuKreme: > On 05 Feb 2015, at 05:07 , Wietse Venema wrote: > > Have you considered the possibility that the mail was sent with a > > bogus Delivered-To: header (i.e. the header is present, but not > > added by Postfix). > > Yes, but I'm unsure how to diagnose that. header_checks: /^Delivered-To:

RE: Reject domain but allow inbound for a local user

2015-02-05 Thread Inteq Solution - Dep. Tehnic
Thank you very much for the information provided Noel. Razvan Constantin -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Noel Jones Sent: Thursday, February 05, 2015 6:41 PM To: postfix-users@postfix.org Subject: Re: Reject

Re: Tracking down a mail forwarding loop

2015-02-05 Thread LuKreme
On 05 Feb 2015, at 05:07 , Wietse Venema wrote: > Have you considered the possibility that the mail was sent with a > bogus Delivered-To: header (i.e. the header is present, but not > added by Postfix). Yes, but I’m unsure how to diagnose that. Here is a full dump of one of these files (with onl

Re: Secure config - main.cf

2015-02-05 Thread SW
I thought I'd post the contents of my master.cf file as well (for completeness): smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd dnsblog unix - - n - 0 dnsblog tlsproxy unix -

Re: PATCH: PIE for Postfix 3.1

2015-02-05 Thread Michael Orlitzky
On 02/05/2015 09:58 AM, Christian Rößner wrote: > > Sorry, if I correct you (hopefully I am right…) > > This is not a profile I showed, this is the gcc compiler. And it is from the > hardened stage tar ball: > > stage3-amd64-hardened-20121210.tar.bz2 (I kept it since install in / ;-) ) > > mak

Re: Blacklisting external domains

2015-02-05 Thread Wietse Venema
Charles Marcus: > > check_recipient_access automatically makes queries for the email > > address, the domain, and more. See access(5). > > > >> # postmap -q exemple.com hash:/etc/postfix/maps/hash/blacklisted_domains > >> REJECT did you mean 'exAmple.com'? > >> > >> # postmap -q recipi...@exemple

Re: Secure config - main.cf

2015-02-05 Thread li...@rhsoft.net
Am 05.02.2015 um 22:26 schrieb SW: li...@rhsoft.net wrote Am 05.02.2015 um 22:00 schrieb SW: smtpd_tls_exclude_ciphers = aNULL, eNULL, DES, 3DES, MD5, DES+MD5, RC4 disable DES *and* Rc4 is pure nonsense because it leads in some servers not able to send mail to you at all and way more fall b

Re: Blacklisting external domains

2015-02-05 Thread li...@rhsoft.net
Am 05.02.2015 um 22:19 schrieb Charles Marcus: Ok, Can't seem to figure this out... I want to block sending to certain domains - in this case, a domain that is typod... Googling suggests this should work: smtpd_relay_restrictions = check_recipient_access ${hash}/blacklisted_domains, permit_s

Re: Blacklisting external domains

2015-02-05 Thread Charles Marcus
On 2/5/2015 4:35 PM, wie...@porcupine.org (Wietse Venema) wrote: > Charles Marcus: >> Ok, Can't seem to figure this out... >> >> I want to block sending to certain domains - in this case, a domain that >> is typod... >> >> Googling suggests this should work: >> >> smtpd_relay_restrictions = check_

Re: Secure config - main.cf

2015-02-05 Thread SW
Thanks Viktor. I have set it to: smtpd_tls_exclude_ciphers = LOW, EXPORT, MD5 How does the rest of the config look? Secure? Any silly mistakes? -- View this message in context: http://postfix.1071664.n5.nabble.com/Secure-config-main-cf-tp74536p74542.html Sent from the Postfix Users mailing

Re: Blacklisting external domains

2015-02-05 Thread Wietse Venema
Charles Marcus: > Ok, Can't seem to figure this out... > > I want to block sending to certain domains - in this case, a domain that > is typod... > > Googling suggests this should work: > > smtpd_relay_restrictions = check_recipient_access > ${hash}/blacklisted_domains, permit_sasl_authenticated

Re: Secure config - main.cf

2015-02-05 Thread Viktor Dukhovni
On Thu, Feb 05, 2015 at 10:23:10PM +0100, li...@rhsoft.net wrote: > Am 05.02.2015 um 22:00 schrieb SW: > >smtpd_tls_exclude_ciphers = aNULL, eNULL, DES, 3DES, MD5, DES+MD5, RC4 > > disable DES *and* RC4 is pure nonsense because it leads in some servers not > able to send mail to you at all and wa

Re: Secure config - main.cf

2015-02-05 Thread SW
li...@rhsoft.net wrote > Am 05.02.2015 um 22:00 schrieb SW: >> smtpd_tls_exclude_ciphers = aNULL, eNULL, DES, 3DES, MD5, DES+MD5, RC4 > > disable DES *and* Rc4 is pure nonsense because it leads in some servers > not able to send mail to you at all and way more fall back to plain as > needed Goo

Re: Secure config - main.cf

2015-02-05 Thread li...@rhsoft.net
Am 05.02.2015 um 22:00 schrieb SW: smtpd_tls_exclude_ciphers = aNULL, eNULL, DES, 3DES, MD5, DES+MD5, RC4 disable DES *and* Rc4 is pure nonsense because it leads in some servers not able to send mail to you at all and way more fall back to plain as needed

Blacklisting external domains

2015-02-05 Thread Charles Marcus
Ok, Can't seem to figure this out... I want to block sending to certain domains - in this case, a domain that is typod... Googling suggests this should work: smtpd_relay_restrictions = check_recipient_access ${hash}/blacklisted_domains, permit_sasl_authenticated, permit_mynetworks, reject black

Secure config - main.cf

2015-02-05 Thread SW
Hi All After building my new Postfix server I spent days securing it as best I could. So far it seems to be running fine but I was wondering if someone would mind having a look at my main.cf file to see if there are any "holes"/issues in the config. I'm particularly interested to hear what people

Re: PATCH: PIE for Postfix 3.1

2015-02-05 Thread Andrew Ho
I test with fedora19 and CentOS7, the "-fPIE" or "-fpie" option works with fedora19 and CentOS7. The "-PIE" or "-pie" option is not worked. On 02/05/2015 09:57 AM, Wietse Venema wrote: Viktor Dukhovni: So we should perhaps just ignore the "pie" option with MacOS/X. Have not tried Yosetime yet

Re: Reject domain but allow inbound for a local user

2015-02-05 Thread Noel Jones
On 2/5/2015 8:00 AM, li...@rhsoft.net wrote: > > Am 05.02.2015 um 14:54 schrieb Inteq Solution - Dep. Tehnic: >> Thank you for taking your time to reply Wietse, >> >> I might have been a bit ambiguous about my problem. >> I know how to whitelist inbound u...@domain.com while rejecting >> the all >

Re: connection logging in smtp client

2015-02-05 Thread Markus Benning
On Thu, Feb 05, 2015 at 03:27:23PM +, Viktor Dukhovni wrote: > smtp[]: : to=<...>, ... () > entries with the same , and are almost > certainly a single "envelope" (especially if the next hop server > includes a unique queue-id in its reply). Okay, now i implemented it the following way.

Re: Postfix authentication with login username instead of sasl_passwd username

2015-02-05 Thread Jim McCorison
> On Feb 3, 2015, at 7:11 PM, Viktor Dukhovni > wrote: > > Yep, you're mistaken. This has nothing to do with SASL. What is > failing is sender address verification (SAV). > >http://www.postfix.org/ADDRESS_VERIFICATION_README.html While it was address verification, it turns out it wasn’t

Re: PATCH: PIE for Postfix 3.1

2015-02-05 Thread Postfix User
On Thu, 5 Feb 2015 09:57:00 -0500 (EST), Wietse Venema stated: > We can adopt the current "pie=yes" support into Postfix 3.0 with a > note that this was tested on a few recent BSD and Linux distributions > (it solves 90% of the problem). We can use the Postfix 3.1 cycle > to make this idiot-proof

Re: connection logging in smtp client

2015-02-05 Thread Viktor Dukhovni
On Thu, Feb 05, 2015 at 02:34:09PM +0100, Markus Benning wrote: > Is there a switch to enable connection logging I missed? As Wietse pointed out, TLS connectiosn are never re-used. Non-TLS connections may be re-used, in which case, the log entry shows "conn_use=" for some count >= 2. Each log e

Re: TONE IT DOWN: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread li...@rhsoft.net
Am 05.02.2015 um 16:08 schrieb Wietse Venema: li...@rhsoft.net: what you you smoked to only quote the part of a sentence which makes no Reindl, tone it down sorry, but that style of quote out-of-context and then explain me what a PTR is like i would not know such things better as most peop

Re: PATCH: PIE for Postfix 3.1

2015-02-05 Thread Benny Pedersen
Christian Rößner skrev den 2015-02-05 15:58: If I am wrong, please contact me offlist. Then I would have to do a lot of work to correct this problem. Hopefully not. ;-) emerge -pev @world | grep hardened | wc -l euses hardened eselect profile list pick a number that contains hardened eselec

TONE IT DOWN: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread Wietse Venema
li...@rhsoft.net: > what you you smoked to only quote the part of a sentence which makes no Reindl, tone it down. Your spam load is not the same as what other people see. Do not assume that what works for you is good advice for the rest of the world. In my case, PTR-based rules do not solve any p

Re: PATCH: PIE for Postfix 3.1

2015-02-05 Thread li...@rhsoft.net
Am 05.02.2015 um 15:58 schrieb Christian Rößner: So at the moment I stay at my opinion that Postfix is running very stable wie PIE ans SSP. If I am wrong, please contact me offlist. Then I would have to do a lot of work to correct this problem. Hopefully not. ;-) postfix is running fine with

Re: PATCH: PIE for Postfix 3.1

2015-02-05 Thread Christian Rößner
> Am 05.02.2015 um 13:20 schrieb Benny Pedersen : > > Christian Rößner skrev den 2015-02-05 12:07: > >> I am using Gentoo hardening: >> rns root@mx ~ # gcc-config -l >> [1] x86_64-pc-linux-gnu-4.8.3 * > > this is not hardened profile Sorry, if I correct you (hopefully I am right…) This is no

Re: PATCH: PIE for Postfix 3.1

2015-02-05 Thread Wietse Venema
Viktor Dukhovni: > So we should perhaps just ignore the "pie" option with MacOS/X. > Have not tried Yosetime yet... We can adopt the current "pie=yes" support into Postfix 3.0 with a note that this was tested on a few recent BSD and Linux distributions (it solves 90% of the problem). We can use t

Re: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread li...@rhsoft.net
Am 05.02.2015 um 15:28 schrieb Marcus Bointon: On 5 Feb 2015, at 14:58, li...@rhsoft.net wrote: ... you don't need your ISP to configure that simple DNS record for your own domain Actually you usually do. When anyone does a reverse lookup on your IP, it will point at the ISP's DNS, not you

Re: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread Marcus Bointon
On 5 Feb 2015, at 14:58, li...@rhsoft.net wrote: > > ... you don't need your ISP to configure that simple DNS record for your own > domain Actually you usually do. When anyone does a reverse lookup on your IP, it will point at the ISP's DNS, not yours, so unless you have reverse delegation set

Re: unable to send email TLS not offered by host

2015-02-05 Thread Viktor Dukhovni
On Thu, Feb 05, 2015 at 02:25:00AM -0700, saulos wrote: > Hi I have a problem with one provider "tiscali" when try to send to him I get > this error > > postfix/smtp[13339]: 866B961BF5: TLS is required, but was not offered by > host etb-4.mail.tiscali.it[213.205.33.62] It is unwise to require TL

Re: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread Michael Storz
Am 2015-02-05 14:50, schrieb Микаел Бак: Hi there, On 02/04/2015 11:06 PM, li...@rhsoft.net wrote: the truth is that a xx.xx.xx.xx-static-dsl.isp.tld is not a mailserver just becaus eit contains the word "static" - in fact most of them are ordinary office dsl lines with clients behind True.

Re: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread Микаел Бак
Hi again, On 02/05/2015 02:58 PM, li...@rhsoft.net wrote: frankly SPF is no rocket science and you don't need your ISP to configure that simple DNS record for your own domain Rocket science or not, most domain I have seen has NOT set up any SPF. And many people argue that SPF creates more p

Re: Reject domain but allow inbound for a local user

2015-02-05 Thread li...@rhsoft.net
Am 05.02.2015 um 14:54 schrieb Inteq Solution - Dep. Tehnic: Thank you for taking your time to reply Wietse, I might have been a bit ambiguous about my problem. I know how to whitelist inbound u...@domain.com while rejecting the all other inbound from @domain.com My problem is: domainA.com is

Re: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread li...@rhsoft.net
Am 05.02.2015 um 14:50 schrieb Микаел Бак: Hi there, On 02/04/2015 11:06 PM, li...@rhsoft.net wrote: the truth is that a xx.xx.xx.xx-static-dsl.isp.tld is not a mailserver just becaus eit contains the word "static" - in fact most of them are ordinary office dsl lines with clients behind Tru

RE: Reject domain but allow inbound for a local user

2015-02-05 Thread Inteq Solution - Dep. Tehnic
Thank you for taking your time to reply Wietse, I might have been a bit ambiguous about my problem. I know how to whitelist inbound u...@domain.com while rejecting the all other inbound from @domain.com My problem is: domainA.com is an external domain domainB.com is a domain hosted on my server.

Re: connection logging in smtp client

2015-02-05 Thread Wietse Venema
Markus Benning: > For smtp there are no connect/disconnect lines in my log. > I tried debug_peer* but it is too verbose and still missing a > clear connect/disconnect log message. You have "TLS connection established" and "status=sent/bounced/deferred". The Postfix SMTP client closes the TLS conne

Re: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread Микаел Бак
Hi there, On 02/04/2015 11:06 PM, li...@rhsoft.net wrote: the truth is that a xx.xx.xx.xx-static-dsl.isp.tld is not a mailserver just becaus eit contains the word "static" - in fact most of them are ordinary office dsl lines with clients behind True. Not nessassarily a mail server, but it co

Re: Reject domain but allow inbound for a local user

2015-02-05 Thread Wietse Venema
Inteq Solution - Dep. Tehnic: > somedomain.com REJECT > Is there any way to REJECT a domain but allow inbound messages to a specific > local user from the rejected domain? u...@example.comDUNNO example.com REJECT If in doubt, RFTM: ACCESS(5)

connection logging in smtp client

2015-02-05 Thread Markus Benning
Hello, for TLS statistics i'm counting the "TLS connection established" lines for per connection statistics. But i'm also collecting per message statistics. This is possible for smtpd because it is also logging connect/disconnect: smtpd[30784]: connect from english-breakfas... (unencrypted) smtp

Re: PATCH: PIE for Postfix 3.1

2015-02-05 Thread Benny Pedersen
Christian Rößner skrev den 2015-02-05 12:07: I am using Gentoo hardening: rns root@mx ~ # gcc-config -l [1] x86_64-pc-linux-gnu-4.8.3 * this is not hardened profile [2] x86_64-pc-linux-gnu-4.8.3-hardenednopie [3] x86_64-pc-linux-gnu-4.8.3-hardenednopiessp [4] x86_64-pc-linux-gnu-4.8.3-h

Re: Tracking down a mail forwarding loop

2015-02-05 Thread Wietse Venema
LuKreme: > > > On Feb 4, 2015, at 9:20 AM, Miles Fidelman > > wrote: > > > > LuKreme wrote: > >> I have a local user who is generating occasional mail forwarding loop > >> errors, which are causing forged emails to cause NDNs and fill up mailq. > >> > >> Jan 30 13:46:08 mail postfix/local[441

Re: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread lst_hoe02
Zitat von li...@rhsoft.net: Am 05.02.2015 um 11:03 schrieb lst_ho...@kwsoft.de: You are putting too much of meaning in a DNS token. There is no global rule or RFC about the interpretation of the string forming this token. I'm totaly free to call my host bad-host-static-0815.example.com. whic

Re: PATCH: PIE for Postfix 3.1

2015-02-05 Thread Christian Rößner
> Am 05.02.2015 um 06:51 schrieb Viktor Dukhovni : > > On Thu, Feb 05, 2015 at 01:04:58AM +, Viktor Dukhovni wrote: > >> On Wed, Feb 04, 2015 at 01:12:16PM -0500, Wietse Venema wrote: >> >>> Very lighty-tested patch follows. No INSTALL documentation until >>> this has been tested. >>> >>>

Re: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread li...@rhsoft.net
Am 05.02.2015 um 11:03 schrieb lst_ho...@kwsoft.de: You are putting too much of meaning in a DNS token. There is no global rule or RFC about the interpretation of the string forming this token. I'm totaly free to call my host bad-host-static-0815.example.com. which is no problem because it don

Re: Working around recalcitrant ISP wrt rDNS

2015-02-05 Thread lst_hoe02
Zitat von li...@rhsoft.net: Am 04.02.2015 um 22:54 schrieb Noel Jones: On 2/4/2015 3:12 PM, li...@rhsoft.net wrote: *sadly* that sort of incoming rules is not widespreaded enough, otherwise spam from infected botnet zombies would no longer exist and frankly the rule for "IPhfc.comcastbus

Re: unable to send email TLS not offered by host

2015-02-05 Thread li...@rhsoft.net
my first answer was rejected ridiculously because it contained the word subsc**e (BOUNCE postfix-users@postfix.org: Admin request of type /\bsubs***ibe\b/i at line 7 ) Weitergeleitete Nachricht Betreff: Re: unable to send email TLS not offered by host Datum: Thu, 05 Feb 2015

unable to send email TLS not offered by host

2015-02-05 Thread saulos
Hi I have a problem with one provider "tiscali" when try to send to him I get this error postfix/smtp[13339]: 866B961BF5: TLS is required, but was not offered by host etb-4.mail.tiscali.it[213.205.33.62] Can I fix it or I will loose some security ? How I stop the server to keep try to send to thi

Reject domain but allow inbound for a local user

2015-02-05 Thread Inteq Solution - Dep. Tehnic
Hello, Using check_sender_access to REJECT a list of domains Using the format: somedomain.com REJECT My searching skills seem to be subpar today, so I request your help. Is there any way to REJECT a domain but allow inbound messages to a specific local user from the rejecte