RBLs in postscreen AND smtpd_*_restrictions

I think I recall seeing something about this a while ago, but I can't find it in the archives. If I'm using several RBLs in postscreen_dnsbl_sites, each with its own weighting, then what is the best practice for using at least some of those RBLs in smtpd_*_restrictions, or not? Thanks, M

Re: Can anyone see why this is getting through?

On 06/01/2016 08:53 AM, Robert Chalmers wrote: > I know what postscreen is. I know what postfix is. I know what > dovecot, dkim, dmarc and spf are. Also spamassassin, and amavvisd - I > have them all enabled and working on my mail server. Almost nothing > untoward gets through... All I see in the h

Re: Can anyone see why this is getting through?

On 1 Jun 2016, at 10:10, Robert Chalmers wrote: This is the body of a series of similar messages I’ve been getting - very obviously spam. Very rude. However - I’m struggling now to find why postfix and or postscreen etc is letting it through, when it obviously fails a lot of tests. My postc

Re: Can anyone see why this is getting through?

On 1 Jun 2016, at 12:11, @lbutlr wrote: Third of all, no one has the slightest idea how you’ve configured postfix and postscreen on your system. In Robert's defense: he *did* include postconf -n output as a text attachment.

Re: Can anyone see why this is getting through?

@Paul Thanks for the pointers. That's what I needed to put me back on the right track. I'll work through a few others as well, but you are right. It's those subtle little ones that are slip past. Thanks Robert Sent from my iPad > On 1 Jun 2016, at 17:54, Paul wrote: > > RBL ix.dnsbl.manitu.n

Re: postscreen whitelist

> On May 31, 2016, at 7:24 PM, Michael Orlitzky wrote: > > With that in mind, you're putting way too much faith in dnsbl.sorbs.net > and hostkarma.junkemailfilter.com. For a reference point, I have the > same threshold as you (3) but score them each one point. Thanks Michael. I've backed off on

Re: MX lookup fallback to A

On 2016.06.01. 17:12, Bill Cole wrote: As Wietse has already explained, that is NOT what that setting does. "No response" as used in the documentation is different from a non-error response with no answer records, a response that the domain does not exist, or a server failure response. "No respo

Re: Can anyone see why this is getting through?

RBL ix.dnsbl.manitu.net which you have configured with postscreen with no weight factor (default = 1) appears to be the only rbl listing the sender IP of the mail which bugs you. See http://www.anti-abuse.org/multi-rbl-check-results/?host=64.34.190.110 Perhaps yo

Re: postscreen whitelist

On Wed, Jun 1, 2016 at 6:29 AM, @lbutlr wrote: > On May 31, 2016, at 8:30 PM, Steve Jenkins wrote: > > A quick way to do this is to download postwhite and add web.com to the > list of queried hosts. All their known (published) IPs and CIDRs wlll be > added to your Postscreen whitelist. > > Post

Re: Can anyone see why this is getting through?

On Jun 1, 2016, at 10:04 AM, Robert Chalmers wrote: > I’m just trying to discover how anything let it through. > > I don’t care about postscreen? Well then I am still confused by your original post: > "I’m struggling now to find why postfix and or postscreen etc is letting it > through, when

Re: Can anyone see why this is getting through?

hmmm. :-) I’m just trying to discover how anything let it through. I don’t care about postscreen? > On 1 Jun 2016, at 16:59, @lbutlr wrote: > > On Jun 1, 2016, at 9:53 AM, Robert Chalmers wrote: >> All I am trying to discover is what it is about the enclosed message that is >> enabling

Re: Can anyone see why this is getting through?

On Jun 1, 2016, at 9:53 AM, Robert Chalmers wrote: > All I am trying to discover is what it is about the enclosed message that is > enabling it to get through all of that blockading. OK, let’s try it this way. What does that message have that you think postscreen should have blocked? -- In Ge

Re: Can anyone see why this is getting through?

There seems to be some confusion here. I know what postscreen is. I know what postfix is. I know what dovecot, dkim, dmarc and spf are. Also spamassassin, and amavvisd - I have them all enabled and working on my mail server. Almost nothing untoward gets through... All I am trying to discover is

Re: Can anyone see why this is getting through?

On Jun 1, 2016, at 9:14 AM, Robert Chalmers wrote: > Ah well, this is the problem - I can’t figure out what test it’s failing that > is letting it through. Are you perhaps unclear as to what postscreen is? -- Beautiful dawn / Lights up the shore for me / There is nothing else in the world I'd

Re: Can anyone see why this is getting through?

Ah well, this is the problem - I can’t figure out what test it’s failing that is letting it through. This, and other email like it, possibly the same actual source, is the only spam getting through. Robert > On 1 Jun 2016, at 15:38, Wietse Venema wrote: > > Robert Chalmers: >> This is the bod

Re: Can anyone see why this is getting through?

Robert Chalmers: > This is the body of a series of similar messages I?ve been getting - very > obviously spam. Very rude. > > However - I'm struggling now to find why postfix and or postscreen > etc is letting it through, when it obviously fails a lot of tests. What postscreen tests does it fail

Re: Different SMTP AUTH options and credentials for different clients

Rob Maidment: > On 31 May 2016 at 17:32, Sebastian Nielsen wrote: > > You would need to use a firewall for this. > > That's an interesting idea. I was considering deploying postscreen - > could postscreen do the splitting instead of the firewall? If not then > I guess I would need multiple posts

Re: MX lookup fallback to A

On 1 Jun 2016, at 9:07, KSB wrote: Hi! I have in config ignore_mx_lookup_error = no as default. Which, as I understand, don't force to look for A record, if MX not found. As Wietse has already explained, that is NOT what that setting does. "No response" as used in the documentation is differ

Re: Mails rejected due to SPF?

Am 01.06.2016 um 13:41 schrieb Wietse Venema: Admin Beckspaced: i had a similar issue a while back ago when switching to new servers. the new servers supported the IPv6 protocol and as far as i remember IPv6 is always preferred before IPv4. my problem was a missing IP reverse DNS entry for the I

Re: Different SMTP AUTH options and credentials for different clients

On 31 May 2016 at 17:32, Sebastian Nielsen wrote: > You would need to use a firewall for this. That's an interesting idea. I was considering deploying postscreen - could postscreen do the splitting instead of the firewall? If not then I guess I would need multiple postscreen instances talking to

Re: postscreen whitelist

On May 31, 2016, at 8:30 PM, Steve Jenkins wrote: > A quick way to do this is to download postwhite and add web.com to the list > of queried hosts. All their known (published) IPs and CIDRs wlll be added to > your Postscreen whitelist. Post white looks interesting, but what is web.com? It looks

Re: MX lookup fallback to A

KSB: > Hi! > I have in config > ignore_mx_lookup_error = no > as default. Which, as I understand, don't force to look for A record, if > MX not found. ignore_mx_lookup_error (default: no) Ignore DNS MX lookups that produce no response. A "not found" result is not "no response". W

MX lookup fallback to A

Hi! I have in config ignore_mx_lookup_error = no as default. Which, as I understand, don't force to look for A record, if MX not found. But in logs I clearly see, that is tried to deliver mails to ip address which corresponds to domain A record if domain haven't MX. It is needed for some RFC an

Re: Mails rejected due to SPF?

Admin Beckspaced: > i had a similar issue a while back ago when switching to new servers. > the new servers supported the IPv6 protocol and as far as i remember > IPv6 is always preferred before IPv4. > my problem was a missing IP reverse DNS entry for the IPv6 address of my > server. i had an I

Re: access map fallthrough - prevent lookup of IP address

Roel van Meer writes: I was wondering if it is possible to return something (other than OK) on the first pass, so the second lookup does not happen? So, something like DUNNO, that prevents further lookups in the same map, and immediately continues in the next map. Ok, this is exactly what

Re: postfix password authorisation not working

Hi Patrick, today evening I will try to open new session with openssl and then I will analyze what is in the output. This sounds logic. Thanks Vielen Dank und Viele Gruesse aus Bayern Zalezny On Tue, May 31, 2016 at 11:29 PM, Patrick Ben Koetter wrote: > * Zalezny Niezalezny : > > Hi, > > >