Re: postfix drown attack migation on version 2.3 (rhel5)?

2016-03-02 Thread Viktor Dukhovni
> On Mar 3, 2016, at 2:12 AM, Eero Volotinen wrote: > > Hi, > > Can some one give working migation intructions for postfix 2.3 > (postfix-2.3.3-7.el5) many of instructions are not working correctly on so > old version. (as settings are not supported) Postfix 2.3 is too old for the required c

postfix drown attack migation on version 2.3 (rhel5)?

2016-03-02 Thread Eero Volotinen
Hi, Can some one give working migation intructions for postfix 2.3 (postfix-2.3.3-7.el5) many of instructions are not working correctly on so old version. (as settings are not supported) thanks, -- Eero

Re: upgrading postfix 3.0.x to 3.1

2016-03-02 Thread Brett @Google
On Thu, Mar 3, 2016 at 6:54 AM, Viktor Dukhovni wrote: > On Wed, Mar 02, 2016 at 06:27:26PM +1000, Brett @Google wrote: > > > I am upgrading 3.0.x to 3.1 it seems the build process has changed, there > > are a few issues at least on solaris, maybe due to the dual 32/64 bit > > library formats whe

Re: Mitigating DROWN

2016-03-02 Thread Viktor Dukhovni
On Wed, Mar 02, 2016 at 10:22:12PM -0700, Richard B. Pyne wrote: > I've added all but the forward secrecy part on my email server running > postfix 2.10.1 (the latest in the CentOS7 repository), and > test.drownattack.com still reports vulnerability on port 25. Any help will > be greatly appreciat

Re: Mitigating DROWN

2016-03-02 Thread Richard B. Pyne
I've added all but the forward secrecy part on my email server running postfix 2.10.1 (the latest in the CentOS7 repository), and test.drownattack.com still reports vulnerability on port 25. Any help will be greatly appreciated. postconf -nf alias_database = hash:/etc/aliases alias_maps = has

Re: PHPMailer different behavior..

2016-03-02 Thread Bill Shirley
Not enough information to even guess what is going on. In my apps when I accept an email address, I use a little bit of ajax to verify the domain: if ($email != '') { $tmp = explode('@', $email); if (isset($tmp[1])) { $got_mx = getmxrr($tmp[1], $mxhosts); if ($got_mx) {

Re: canonicalised address gives: Recipient address rejected: User unknown in local recipient table

2016-03-02 Thread Tom Robinson
On 03/03/16 08:58, wilfried.es...@essignetz.de wrote: >> I was guessing that this would have to be aliased but didn't see it in the >> documentation for >> canonical. Is it the correct way to set up full.name mapping to local users? >> Also I'm more used to >> sendmail and qmail. This is my first

Re: canonicalised address gives: Recipient address rejected: User unknown in local recipient table

2016-03-02 Thread wilfried.es...@essignetz.de
> I was guessing that this would have to be aliased but didn't see it in the > documentation for > canonical. Is it the correct way to set up full.name mapping to local users? > Also I'm more used to > sendmail and qmail. This is my first time configuring postfix. Correct is probably the wrong w

Re: canonicalised address gives: Recipient address rejected: User unknown in local recipient table

2016-03-02 Thread Tom Robinson
On 03/03/16 08:02, wilfried.es...@essignetz.de wrote: > > Am 02.03.2016 um 21:52 schrieb Tom Robinson: >> On 03/03/16 06:33, wilfried.es...@essignetz.de wrote: >>> Am 02.03.2016 um 06:32 schrieb Tom Robinson: Hi, I'm trying to map users to first.last in canonical but I get an e

Re: canonicalised address gives: Recipient address rejected: User unknown in local recipient table

2016-03-02 Thread Tom Robinson
On 03/03/16 07:52, Tom Robinson wrote: > On 03/03/16 06:33, wilfried.es...@essignetz.de wrote: >> Am 02.03.2016 um 06:32 schrieb Tom Robinson: >>> Hi, >>> >>> I'm trying to map users to first.last in canonical but I get an >>> error when sending email to the canonicalized address >>> first.last@dom

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

2016-03-02 Thread Viktor Dukhovni
On Wed, Mar 02, 2016 at 10:01:35PM +0100, Dietrich Streifert wrote: > Ah OK! This log entries may be helpfull: > > 135125:Mar 2 18:32:55 node1 postfix/smtp[9047]: 5B0A235E18A: Cannot start > TLS: handshake failure > 135131:Mar 2 18:32:55 node1 postfix/cleanup[22956]: 7D9B335E185: > message-id=<

Re: canonicalised address gives: Recipient address rejected: User unknown in local recipient table

2016-03-02 Thread wilfried.es...@essignetz.de
Am 02.03.2016 um 21:52 schrieb Tom Robinson: > On 03/03/16 06:33, wilfried.es...@essignetz.de wrote: >> Am 02.03.2016 um 06:32 schrieb Tom Robinson: >>> Hi, >>> >>> I'm trying to map users to first.last in canonical but I get >>> an error when sending email to the canonicalized address >>> first

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

2016-03-02 Thread Dietrich Streifert
Ah OK! This log entries may be helpfull: 135125:Mar 2 18:32:55 node1 postfix/smtp[9047]: 5B0A235E18A: Cannot start TLS: handshake failure 135131:Mar 2 18:32:55 node1 postfix/cleanup[22956]: 7D9B335E185: message-id=<20160302172755.5b0a235e...@..de> 135133:Mar 2 18:32:55 node1 postfix/

Re: upgrading postfix 3.0.x to 3.1

2016-03-02 Thread Viktor Dukhovni
On Wed, Mar 02, 2016 at 06:27:26PM +1000, Brett @Google wrote: > I am upgrading 3.0.x to 3.1 it seems the build process has changed, there > are a few issues at least on solaris, maybe due to the dual 32/64 bit > library formats when compared to Linux. As Wietse said, nothing relevant changed in

Re: upgrading postfix 3.0.x to 3.1

2016-03-02 Thread Quanah Gibson-Mount
--On Wednesday, March 02, 2016 6:27 PM +1000 "Brett @Google" wrote: Hello, I am upgrading 3.0.x to 3.1 it seems the build process has changed, there are a few issues at least on solaris, maybe due to the dual 32/64 bit library formats when compared to Linux. (running on SunOS server 5.10

Re: [PATCH] Domain RDN sequence substitution for LDAP search base.

2016-03-02 Thread Quanah Gibson-Mount
--On Monday, October 07, 2013 3:16 PM -0700 Quanah Gibson-Mount wrote: --On Monday, October 07, 2013 6:07 PM + Viktor Dukhovni wrote: Note, the new "%" substitution pattern for a comma-separated list of DC= components is "%," not "%". I hope that's reasonably clear in the patch documen

Re: How to configure multiple pipe-based content filters?

2016-03-02 Thread Viktor Dukhovni
On Wed, Mar 02, 2016 at 01:52:26PM -0600, helices wrote: > On Wed, Mar 2, 2016 at 1:47 PM, Viktor Dukhovni > wrote: > > > Simplest is to have SA invoke your filter instead of sendmail(1). > > > > spamassassin unix - n n - - pipe > > user=spamd argv=/usr/bin/spamc -f -e > > /

Re: transport smtp failure after MySQL connection

2016-03-02 Thread Viktor Dukhovni
On Wed, Mar 02, 2016 at 12:36:06PM -0500, Ron Guerin wrote: > I've been running three instances of Postfix on Debian since about 2011. > Originally I had to modify the init script, but the one Debian ships in > more recent years handles multi-instance Postfix properly. The init script starts mul

Re: How to configure multiple pipe-based content filters?

2016-03-02 Thread helices
On Wed, Mar 2, 2016 at 1:47 PM, Viktor Dukhovni wrote: > Simplest is to have SA invoke your filter instead of sendmail(1). > > spamassassin unix - n n - - pipe > user=spamd argv=/usr/bin/spamc -f -e > /var/spool/filter/bin/filter.sh -f ${sender} -- ${recipient} > I tried exa

Re: How to configure multiple pipe-based content filters?

2016-03-02 Thread /dev/rob0
On Wed, Mar 02, 2016 at 01:40:17PM -0600, Mike Schleif wrote: > How need I configure postfix to first use spamassassin, then use > "filter?" > > What am I missing? Amavisd-new? This is precisely what amavisd-new is for: invoking multiple filters in one stop. Spamassassin is built-in, assuming

Re: How to configure multiple pipe-based content filters?

2016-03-02 Thread Viktor Dukhovni
On Wed, Mar 02, 2016 at 01:40:17PM -0600, Mike Schleif wrote: > Original filter-only: > master.cf: > smtp inet n - n - - smtpd > -o content_filter=filter:dummy > > filter unix - n n - 10 pipe > flags=Rq user=filter null_sender= > argv=/var/spool/filter/bin/filter.sh -f ${sende

How to configure multiple pipe-based content filters?

2016-03-02 Thread Mike Schleif
Centos: 7.2.1511 (Core) postfix: 2.10.1 This postfix server was designed to run as follows, which it has done for several months without incident: Original filter-only: master.cf: smtp inet n - n - - smtpd -o content_filter=filter:dummy filter unix - n n - 10 pipe flags=Rq use

Re: canonicalised address gives: Recipient address rejected: User unknown in local recipient table

2016-03-02 Thread wilfried.es...@essignetz.de
Am 02.03.2016 um 06:32 schrieb Tom Robinson: > Hi, > > I'm trying to map users to first.last in canonical but I get an > error when sending email to the canonicalized address > first.last@domain: ... > My Error: Mar 2 15:47:36 camber policyd-spf[17984]: None; > identity=helo; client-ip=10.0.6.3;

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

2016-03-02 Thread Viktor Dukhovni
On Wed, Mar 02, 2016 at 06:09:54PM +0100, Dietrich Streifert wrote: > I'm using php mail to send mails which uses /usr/sbin/sendmail -t -i to > send the mail. > > On my previous server centos 6 using postfix 2.6.6 the mail was delivered > nearly instant to the recipient, whereas on centos 7 with

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

2016-03-02 Thread John Stoffel
> "Dietrich" == Dietrich Streifert > writes: Dietrich> I'm running centos 7.2 with postfix 2.10.1, installed from the standard Dietrich> centos 7 repo which corresponds to rhel 7. Dietrich> I'm using php mail to send mails which uses /usr/sbin/sendmail -t -i to Dietrich> send the m

Re: blocking offending IPs (relay access, hello rejects, rate limit exceeded, ..)

2016-03-02 Thread Darac Marjal
On Wed, Mar 02, 2016 at 11:31:44AM -0600, /dev/rob0 wrote: On Wed, Mar 02, 2016 at 02:49:35PM +0100, Karel wrote: I am running small Postfix server for personal use. My logs are flooded with: relay access denied hello rejects connection rate limit exceeded ... lost connection after AUTH

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

2016-03-02 Thread Mauricio Tavares
On Wed, Mar 2, 2016 at 12:37 PM, Dietrich Streifert wrote: > Hi Mauricio, > > no, there is nothing in the log file. Here is the output for one sending > attempt: > > mail() on [/data/development/phpmail/mail.php:9]: To: > dietrich.streif...@googlemail.com -- Headers: From: nore...@.de > Reply-

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

2016-03-02 Thread Dietrich Streifert
Hi Mauricio, no, there is nothing in the log file. Here is the output for one sending attempt: mail() on [/data/development/phpmail/mail.php:9]: To: dietrich.streif...@googlemail.com -- Headers: From: nore...@.de Reply-To: s...@.de X-Mailer: PHP/5.4.16 Mar 2 18:27:55 node1 postfi

Re: transport smtp failure after MySQL connection

2016-03-02 Thread Ron Guerin
On 3/2/2016 11:19 AM, Christian Renner wrote: > On 25/02/16 15:30, Wietse Venema wrote: >> As Postfix has not changed, this is a platform-specific (maybe >> even site-specific) problem. Have you asked your software provider >> for help? > > Problem is solved now and yes, it was some kind of > pla

Re: blocking offending IPs (relay access, hello rejects, rate limit exceeded, ..)

2016-03-02 Thread /dev/rob0
On Wed, Mar 02, 2016 at 02:49:35PM +0100, Karel wrote: > I am running small Postfix server for personal use. My logs are > flooded with: > > relay access denied > hello rejects > connection rate limit exceeded ... > lost connection after AUTH from ... > > Often there are hundreds of thes

Postfix - accept all mail

2016-03-02 Thread Peter
Hey guys, I am struggling with the following setup; I need to set up a postfix server accepting everything (from a single domain; say abc.domain.com) and save it locally even when the e-mail box does not exist. The latter part is covered by a procmail script and is not a biggy, however, deliveri

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

2016-03-02 Thread Mauricio Tavares
On Wed, Mar 2, 2016 at 12:09 PM, Dietrich Streifert wrote: > Hi all, > > I'm running centos 7.2 with postfix 2.10.1, installed from the standard > centos 7 repo which corresponds to rhel 7. > > I'm using php mail to send mails which uses /usr/sbin/sendmail -t -i to > send the mail. > > On my prev

mail sent via sendmail is queued and delayed for approx. 300 seconds

2016-03-02 Thread Dietrich Streifert
Hi all, I'm running centos 7.2 with postfix 2.10.1, installed from the standard centos 7 repo which corresponds to rhel 7. I'm using php mail to send mails which uses /usr/sbin/sendmail -t -i to send the mail. On my previous server centos 6 using postfix 2.6.6 the mail was delivered nearl

Re: transport smtp failure after MySQL connection

2016-03-02 Thread Christian Renner
On 25/02/16 15:30, Wietse Venema wrote: As Postfix has not changed, this is a platform-specific (maybe even site-specific) problem. Have you asked your software provider for help? Problem is solved now and yes, it was some kind of platform-specific. We're running multiple chrooted instances o

Re: alias_maps delivery rights?

2016-03-02 Thread Jack Bates
On 26/02/16 08:57 AM, Viktor Dukhovni wrote: On Fri, Feb 26, 2016 at 08:16:43AM -0800, Jack Bates wrote: Hmmm ... That is what's happening, but why's there no user context? I expected the first case ("the rights of the receiving user on whose behalf the delivery is made") vs. the second ("the

Re: Postfix Mailman integration

2016-03-02 Thread Ron Guerin
On 3/2/2016 1:30 AM, Viktor Dukhovni wrote: > On Tue, Mar 01, 2016 at 07:32:02PM -0500, Ron Guerin wrote: > >> On 2/29/2016 12:19 PM, Viktor Dukhovni wrote: >>> For submission of list messages to a large number of recipients, >>> I would generally use sendmail(1) rather than SMTP. Don't know >>>

PHPMailer different behavior..

2016-03-02 Thread lejeczek
on postfix? I'm not a php developer but I look after a postfix server and I wonder if you might know what might be the cause for a (simple) php app to sort of hang on email address bit when it is incorrect - and it is even not the app itself that validates the address - web page sort of refre

Re: blocking offending IPs (relay access, hello rejects, rate limit exceeded, ..)

2016-03-02 Thread John Stoffel
> "Karel" == Karel writes: Karel> I am running small Postfix server for personal use. My logs are flooded Karel> with: Karel> relay access denied Karel> hello rejects Karel> connection rate limit exceeded ... Karel> lost connection after AUTH from ... Karel> Often there are hundred

Re: blocking offending IPs (relay access, hello rejects, rate limit exceeded, ..)

2016-03-02 Thread Mike Coddington
> Does this process have to be so complicated ? Is there no easier way to > block offending IP addresses using iptables ? So, first off, everybody's mail logs are loaded with spammers' failed attempts to send us mail. I consider it a badge of honor to have so many bozos turned down! However, as

blocking offending IPs (relay access, hello rejects, rate limit exceeded, ..)

2016-03-02 Thread Karel
I am running small Postfix server for personal use. My logs are flooded with: relay access denied hello rejects connection rate limit exceeded ... lost connection after AUTH from ... Often there are hundreds of these logs from the same IP address. I know, that I can use fail2ban to block

Re: upgrading postfix 3.0.x to 3.1

2016-03-02 Thread Wietse Venema
Brett @Google: > Hello, > > I am upgrading 3.0.x to 3.1 it seems the build process has changed, there > are a few issues at least on solaris, maybe due to the dual 32/64 bit > library formats when compared to Linux. > > (running on SunOS server 5.10 Generic_150400-29 sun4v sparc sun4v) The chanc

upgrading postfix 3.0.x to 3.1

2016-03-02 Thread Brett @Google
Hello, I am upgrading 3.0.x to 3.1 it seems the build process has changed, there are a few issues at least on solaris, maybe due to the dual 32/64 bit library formats when compared to Linux. (running on SunOS server 5.10 Generic_150400-29 sun4v sparc sun4v) 1. Is seems to be no longer possible t