On 4/19/2016 6:49 PM, jaso...@mail-central.com wrote:
>> Now to wait for something to trigger one of those double-bounce messages.
>
> Ugh. Still undeliverable.
>
> Well, I actually GET the email. Something 'internal' seems to be
> undeliverable.
>
> Now 'mail for example.com loops back to my
> Now to wait for something to trigger one of those double-bounce messages.
Ugh. Still undeliverable.
Well, I actually GET the email. Something 'internal' seems to be undeliverable.
Now 'mail for example.com loops back to myself' (not sure what I've done to
myself NOW. Grumble.)
Apr
Steven Peterson:
> Dear Postfix Maintainers:
>
> Thanks for a great package.
>
> I am using sender_transport to specify custom bind IP addresses, helo name,
> and logging for our clients sending newsletters. In general this works
> well, but with some ISPs, when deferring our e-mail, the only en
jaso...@mail-central.com:
> I'm doing helo_access checks to rid myself of some list-cleaning pests.
> This, plus ns_access checks works well.
>
> I'm using an lmdb list.
LMDB is an indexed file type.
In the access(5) manpage, look for text like:
"With lookups from indexed files such as DB
Sry, talking to myself a bunch :-/
I changed
main.cf
- address_verify_transport_maps =
static:vpn:[back.mail01.example.com]:25
+ address_verify_transport_maps =
master.cf
[mail01.example.com]:25 inet n - n - 1 postscreen
I keep staring at this
Apr 19 14:48:31 mail01 postfix/vpn/smtp[21044]: connect to
back.mail01.example.com[10.1.1.16]:25: Connection refused
Apr 19 14:48:31 mail01 postfix/vpn/smtp[21044]: 3qqJYC3wYbz31Vm:
to=, relay=none, delay=0.1, delays=0/0.01/0.09/0,
dsn=4.4.1, status=undel
> The "connection refused" is the part that needs to be fixed.
VPN (temporarily?) down? firewall issue? "wrong" destination?
something else?
Starting with those^ to narrow down, looking backwards through my logs - for
cases of 'double-bounce' & 'connection refused' - this apparently has been
go
Dear Postfix Maintainers:
Thanks for a great package. (Apologies if my mis-post made it to this list)
I am using sender_transport to specify custom bind IP addresses, helo name,
and logging for our clients sending newsletters. In general this works
well, but with some ISPs, when deferring our e
On 4/19/2016 2:12 PM, jaso...@mail-central.com wrote:
> I'm working on a relay to a backend postfix instance across a VPN link.
>
> My 'flow' is
>
> postscreen
> postscreen-smtp
> preQ milters
> postQ spam filter
> relay over VPN to the backend
>
> At the moment, ma
I'm working on a relay to a backend postfix instance across a VPN link.
My 'flow' is
postscreen
postscreen-smtp
preQ milters
postQ spam filter
relay over VPN to the backend
At the moment, mail's getting both received OK from the net, and sent to it,
over
On Tue, Apr 19, 2016, at 10:20 AM, Bill Cole wrote:
> > I'm using an lmdb list.
>
> I doubt that it is actually working as you expect...
And a big 'oops!' here. All my _other_ lmdb tables are fine. Of course, the
one example I'm asking about I got sloppy and 'polluted' with regex.
Thanks for
On 19 Apr 2016, at 12:02, jaso...@mail-central.com wrote:
I'm doing helo_access checks to rid myself of some list-cleaning
pests. This, plus ns_access checks works well.
I'm using an lmdb list.
I doubt that it is actually working as you expect...
IIUC the way the matches work (?), both of
On Tue, Apr 19, 2016 at 12:49:01PM -0400, Steven Peterson wrote:
> In general this works
> well, but with some ISPs, when deferring our e-mail, the only entry in the
> postfix logs is under the 'error' process. For most ISPs, the smtp process
> has the results of the conversations. Which process
On 19 Apr 2016, at 11:14, jaso...@mail-central.com wrote:
and I DO want to log the bad-actor event. At least the initiation of
it. So I chose == enforce here
With "drop" you get logging like this:
Apr 13 15:53:22 bigsky postfix/postscreen[85824]: CONNECT from
[106.184.3.122]:42740 to [192.
Dear Postfix Maintainers:
Thanks for a great package.
I am using sender_transport to specify custom bind IP addresses, helo name,
and logging for our clients sending newsletters. In general this works
well, but with some ISPs, when deferring our e-mail, the only entry in the
postfix logs is unde
On Tue, Apr 19, 2016 at 05:19:50PM +0200, Dirk Stöcker wrote:
> >In my survey of 12000 DANE TLSA-enabled domains 545 are using LE
> >certificates.
>
> Is this compared to the ~9600 in December last year? That would be 25%
> increase in your survey?
Yes, but some of that is due to new methods to
I'm doing helo_access checks to rid myself of some list-cleaning pests. This,
plus ns_access checks works well.
I'm using an lmdb list.
IIUC the way the matches work (?), both of these should do the same thing
cat helo_access
/.*managablelight.*/ REJECT
On Tue, 19 Apr 2016, Viktor Dukhovni wrote:
On Tue, Apr 19, 2016 at 02:51:58PM +0100, Danny Horne wrote:
Can anyone follow up on this? In other words, are any of you using
Let's Encrypt certificates with any of the TLSA options written about?
In my survey of 12000 DANE TLSA-enabled domains
On Tue, Apr 19, 2016, at 07:56 AM, Noel Jones wrote:
> Nothing unusual here...
On Tue, Apr 19, 2016, at 08:01 AM, Bill Cole wrote:
> It's pretty much "business as normal"
Great, that's what I'm looking for -- some confidence that there's NOT a prob
in my config.
That string of "/000" was jus
On Tue, Apr 19, 2016 at 02:51:58PM +0100, Danny Horne wrote:
> Can anyone follow up on this? In other words, are any of you using
> Let's Encrypt certificates with any of the TLSA options written about?
In my survey of 12000 DANE TLSA-enabled domains 545 are using LE
certificates.
The most comp
On 19/04/2016 3:51 pm, Philip McGaw wrote:
> See my attempt.
>
> https://skippy.org.uk/lets-encrypt-postfix-and-dovecot/
>
> Sent from my iPhone
>
>
Are you using TLSA records though? That was what I really wanted
feedback on
signature.asc
Description: OpenPGP digital signature
On 19 Apr 2016, at 9:29, jaso...@mail-central.com wrote:
Mainly I just want to make sure I've not missed or misconfigured
something, and that this is just business as normal.
It's pretty much "business as normal" but the pointless noise can be
reduced with "postscreen_greet_action = drop" and
On 4/19/2016 9:02 AM, jaso...@mail-central.com wrote:
>
> Right, which is why I read & referenced the docs. I understand that that's
> how it's supposed to work.
>
> My question is is that^ how it's supposed to LOOK? And is that 'ok logging',
> or any problem?
>
> Jason
>
It looks as if t
See my attempt.
https://skippy.org.uk/lets-encrypt-postfix-and-dovecot/
Sent from my iPhone
> On 19 Apr 2016, at 14:51, Danny Horne wrote:
>
> Can anyone follow up on this? In other words, are any of you using
> Let's Encrypt certificates with any of the TLSA options written about?
>
> I'm
On Tue, Apr 19, 2016, at 06:55 AM, Wietse Venema wrote:
> jaso...@mail-central.com:
> > I've got after-220 tests turned off
>
> As documented, postscreen will redirect a bad client to its internal
> SMTP engine, in order to log the client, helo, sender and recipient
> for forensic purposes (why
jaso...@mail-central.com:
> I've got after-220 tests turned off
As documented, postscreen will redirect a bad client to its internal
SMTP engine, in order to log the client, helo, sender and recipient
for forensic purposes (why did your server block my email? Here's why).
While it is doing that,
Can anyone follow up on this? In other words, are any of you using
Let's Encrypt certificates with any of the TLSA options written about?
I'm considering moving to LE but would like some feedback (last post on
this thread was four months ago so early adopters should have
experienced a renewal by
> I'm wondering what to do in case of future attacks like this.
I'm using a fail2ban+ipsets to catch these quickly & ban them efficiently.
Works well. Simply use a regex like in those grep commands to match.
Make sure you test your matches -- using a combo or online regex tester &
fail2ban-re
I've got after-220 tests turned off
postconf | grep postscreen | egrep -i "bare|non_smtp|pipelining"
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = no
postscreen_bare_newline_ttl = 30d
postscreen_non_
miguel.telle...@iteisa.com:
> Dear all,
>
> In a Postfix 2.8.7 + Cyrus SASL installation, on a server with multiple
> IP addresses,
> we would like to find a way to map the outgoing IP address with the SASL
> username.
Postfix can't do that, but it can require that the envelope sender
matches t
Dear all,
In a Postfix 2.8.7 + Cyrus SASL installation, on a server with multiple
IP addresses,
we would like to find a way to map the outgoing IP address with the SASL
username.
We have already used sender_dependent_default_transport_maps but this
mapping is
based on the MAIL FROM parameter
Vincent Lefevre:
> [...]
> 130 [75.147.78.177]
> 366 [213.193.32.35]
> 492 [193.189.117.148]
> 100543 [108.245.138.130]
>
> So, this was due to a single IP address, which did more than 100,000
> connections within 15 hours!
fail2ban
Wietse
On 2016-04-09 18:51:00 -0400, Wietse Venema wrote:
> jaso...@mail-central.com:
> > conitinues on for a total of (in this case) 237 attempts in one
> > continuous string over a few minutes.
>
> All connections are blocked after 0.1 second, as the client fails
> both the DNSBL and the pregreet tests
Thank you Wietse & Viktor for the response.
Much appreciated.
Regards
Tom
On Mon, Apr 18, 2016 at 5:52 PM, Viktor Dukhovni wrote:
> On Mon, Apr 18, 2016 at 12:15:13PM +0200, Thomas kinghorn wrote:
>
> > In master.cf
> >
> > transport_maps = hash:/etc/postfix/vox_transport
> > vox_destination_c
On the other hand, it looks like the restrictions can be used as another way to
whitelist, and in this case a specific user at a specific domain. Or am I
reading this incorrectly.
/etc/postfix/recipient_access:
joe@my.domain permissive
jane@my.domain restrictive
Original
On 2016-04-19 08:52, li...@lazygranch.com wrote:
From what I can tell, if you whitelist a domain, the policyd-spf check
is skipped. Now I white listed domains to stop the RBL from blocking
them, but it would be nice to see if SPF passes.
Am I right about the SPF being skipped?
While I'm at it,
36 matches
Mail list logo
