Re: Test DANE

On 06/06/2016 07:46 AM, Viktor Dukhovni wrote: On Mon, Jun 06, 2016 at 03:58:51PM +0200, Alexandre Ellert wrote: I�ve juste enable DANE and https://dane.sys4.de is green when I test my domain numeezy.com . Also postfix SMTP client says "Verified T

IPv6 DNSBL support in Postfix?

Does Postfix support blacklisting / whitelisting for IPv6 addresses? If so, is there any documentation available to help me with the details? I'm running Postfix version 2.11.0 on an Ubuntu 14.04.4 LTS system. -- *Rich Wales* ri...@richw.org

Re: Documentation improvement request (was: RBLs in postscreen AND smtpd_*_restrictions)

On 07/06/16 12:23, Wietse Venema wrote: >> dnsblog(8) states, "Otherwise it replies with the query arguments plus >> an empty address list and the reply TTL (-1 if unavailable)." It is >> unclear that this references the negative cache TTL as returned by the >> SOA record included in an NXDOMAIN r

Re: Documentation improvement request (was: RBLs in postscreen AND smtpd_*_restrictions)

Peter: > On 03/06/16 22:20, Wietse Venema wrote: > > Postscreen has postscreen_dnsbl_ttl (fixed time limit) or it uses > > the DNS TTL, limited by postscreen_dnsbl_{min,max}_ttl. > > > > Please see Postfix documentatiom, and report a bug if it is incomplete. > > dnsblog(8) states, "Otherwise it r

Re: Documentation improvement request

On 07/06/16 08:49, Peter wrote: > On 03/06/16 22:20, Wietse Venema wrote: >> Postscreen has postscreen_dnsbl_ttl (fixed time limit) or it uses >> the DNS TTL, limited by postscreen_dnsbl_{min,max}_ttl. >> >> Please see Postfix documentatiom, and report a bug if it is incomplete. > > dnsblog(8) sta

Re: RBLs in postscreen AND smtpd_*_restrictions

On 07/06/16 01:07, Bill Cole wrote: > 4. The resolver cache honors (as most do) a DNSBL's negative cache TTL > which is less than 60 seconds, e.g. Spamcop (0 seconds) or the various > Spamhaus lists (10) and others. postscreen (specifically dnsblog(8)) honors this as well, but it's not made entire

Documentation improvement request (was: RBLs in postscreen AND smtpd_*_restrictions)

On 03/06/16 22:20, Wietse Venema wrote: > Postscreen has postscreen_dnsbl_ttl (fixed time limit) or it uses > the DNS TTL, limited by postscreen_dnsbl_{min,max}_ttl. > > Please see Postfix documentatiom, and report a bug if it is incomplete. dnsblog(8) states, "Otherwise it replies with the query

Re: Problems with SPF policy service (pypolicyd-spf)

Hello and thank you for your reply.   I have followed your suggestions for debugging and please find below this message the results. I see a general pattern for all the tests, no matter if "smtpd_delay_reject" is set to "no" or "yes", the number of policy calls are not equal to the message rate.

Re: How to handle mail injected by the system sendmail command with DKIM signing

Quanah Gibson-Mount: > Ok. I may just update our script to submit to port 25 using a normal SMTP > session instead. I guess there is no "non_smtpd_sender_restrictions" I > could use. ;) Indeed. Sometimes I think that Milter configuration could be simplified by doing this: /etc/postfix/master.

Re: Test DANE

On Mon, Jun 06, 2016 at 08:36:09PM +0200, Tom Hendrikx wrote: > > I did some further research. It seems that validns does not like this > > construct, because it insists that TLSA records are 'properly prefixed' > > (i.e. with a port and service prefix, see [1]). > > Insists, as a policy check, w

Re: Test DANE

On 06-06-16 17:46, Viktor Dukhovni wrote: > On Mon, Jun 06, 2016 at 05:31:49PM +0200, Tom Hendrikx wrote: > >> I have been playing around with the dane check tool from sys4 too, and >> it seems it doesn't support the nice CNAME trick shown in >> https://community.letsencrypt.org/t/please-avoid-3-0

Re: Test DANE

On 06-06-16 20:26, Tom Hendrikx wrote: > On 06-06-16 17:46, Viktor Dukhovni wrote: >> On Mon, Jun 06, 2016 at 05:31:49PM +0200, Tom Hendrikx wrote: >> >>> I have been playing around with the dane check tool from sys4 too, and >>> it seems it doesn't support the nice CNAME trick shown in >>> https:/

Re: How to handle mail injected by the system sendmail command with DKIM signing

--On Saturday, June 04, 2016 9:34 AM -0400 Wietse Venema wrote: zimbra@edge02e:~/common/conf$ cat tag_as_originating.re /^/ FILTER smtp-amavis:[127.0.0.1]:10026 I have no idea what that regexp is about. I do know, however, how I sign sendmail(1) submission with Postfix and opendkim. Thi

Re: how did this message make it through?

Thanks for the help, Bill. On 16-06-06 10:24 AM, Bill Cole wrote: > NOTE THAT 454 REPLY! could it be because I have soft_bounce = yes while trying to understand the outcome of my rules without losing incoming emails? > include postconf -n rather than main.cf snippets. Attached, apology for no

Re: check_sender_regexp - multiple relay IP`s

On 6/6/2016 7:28 AM, Zalezny Niezalezny wrote: > Hi, > > I just would like to know if its possible to configure muliple IP`s > of SMTP servers in this configuration file: > > check_sender_access regexp:/etc/postfix/check_sender_regexp > > > > At the moment we are forwarding message with foll

Re: Test DANE

On Mon, Jun 06, 2016 at 05:31:49PM +0200, Tom Hendrikx wrote: > I have been playing around with the dane check tool from sys4 too, and > it seems it doesn't support the nice CNAME trick shown in > https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificat

Re: Test DANE

> Le 6 juin 2016 à 16:46, Viktor Dukhovni a écrit : > > On Mon, Jun 06, 2016 at 03:58:51PM +0200, Alexandre Ellert wrote: > >> I�ve juste enable DANE and https://dane.sys4.de >> is green when I test my domain numeezy.com . Also >> postfix SMTP clien

Re: Test DANE

Hi, I have been playing around with the dane check tool from sys4 too, and it seems it doesn't support the nice CNAME trick shown in https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificates/7022 The tool does not seem to follow the CNAME pointer, and

Re: Test DANE

On Mon, Jun 06, 2016 at 03:58:51PM +0200, Alexandre Ellert wrote: > I�ve juste enable DANE and https://dane.sys4.de > is green when I test my domain numeezy.com . Also > postfix SMTP client says "Verified TLS connection established to > mail-in-1.numee

Re: how did this message make it through?

On 6 Jun 2016, at 0:34, Yuval Levy wrote: Hello Postfix-Users. First time poster here, looking for help to understand what is wrong with my Postfix configuration that has delivered a message from a blacklisted server. Log Excerpt === Jun 5 09:58:37 x2 postfix/smtpd[8440]: connect fro

Test DANE

Hello, I’ve juste enable DANE and https://dane.sys4.de is green when I test my domain numeezy.com . Also postfix SMTP client says "Verified TLS connection established to mail-in-1.numeezy.com[188.165.154.163]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-

Postfix Configure Some Users Not Receive Emails

Hi, I am using postfix with latest version for smtp. And for pop3, I am using dovecot with Maildir. Postfix is running on centos. I have couple of users on the system (I have created users with useradd command with nologin). I want to configure some users as can send e-mail but can not receive

SV: SV: poor repution work arounds? standby smtp?

Use: smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders in controlled_envelope_senders, specify like: @domain.tld useraccount, useraccount2, useraccount3 Or: n...@domain.tld useraccount, useraccount4 The first one allows the listed accounts to send from any user of that doma

FYI. The UK mirror page of the 3.1.1 source code appear to be broken. 404 Not Found

http://mirror.tje.me.uk/pub/mirrors/postfix-release/index.html Postfix 3.1 Patchlevel 0 Source code | 404 - Not Found Robert Chalmers rob...@chalmers.com .au Mac mini 6.2 - 2

Re: SV: poor repution work arounds? standby smtp?

On Mon, June 6, 2016 10:10 pm, Sebastian Nielsen wrote: Sebastian, thanks > Second, the problem is that you will only get your backup server > blacklisted/poorreputated aswell. I would suggest solving the underlying > problem instead, so accounts is harder to compromise, by implementing a > few

Re: ot: poor repution work arounds? standby smtp?

On Mon, June 6, 2016 8:27 pm, Wietse Venema wrote: Wietse, thanks > Stuck in the queue with a 5xx (hard reject) reply? yes: -Queue ID- --Size-- Arrival Time -Sender/Recipient--- 78DFF4BEAC 335977 Mon Jun 6 14:59:30 serv...@aa.com (host mail2.b.com[217.xx.xx.xx] refused

Re: RBLs in postscreen AND smtpd_*_restrictions

On 5 Jun 2016, at 2:30, Peter wrote: On 05/06/16 17:10, Michael Fox wrote: Right. As I mentioned, I understand that part. My question was about v3.1+ where the default for postscreen_dnsbl_min_ttl is only 60s. And, as I understand it, the defaults for v3.1 would cause both the postscreen c

check_sender_regexp - multiple relay IP`s

Hi, I just would like to know if its possible to configure muliple IP`s of SMTP servers in this configuration file: check_sender_access regexp:/etc/postfix/check_sender_regexp At the moment we are forwarding message with following sender E-mail address to one of our MS Exchange servers. /zel

SV: poor repution work arounds? standby smtp?

First, most servers cache the blacklist lookup, so it will persist for 1-2 days. Second, the problem is that you will only get your backup server blacklisted/poorreputated aswell. I would suggest solving the underlying problem instead, so accounts is harder to compromise, by implementing a few r

Re: greylist doesn't seem to be working? Setup correctly.

I see. A confusion of naming. The .pl file is the file that comes wigh osx. Pretty much the same as the example in the docs. But as mentioned, I'm going to remive it anyway. Thanks. - From my iPhone. > On 6 Jun 2016, at 11:16 am, Wietse Venema wrote: > > Robert Chalmers: >> I have set up

Re: ot: poor repution work arounds? standby smtp?

Voytek: > I have a small Postfix/Dovecot virtual server, low usage > every so often a user account get compromised and spam sent (like couple > of days ago), now I'm seeing 5 or 6 emails 'stuck' in the queue with like: > > (host mail2.abcdef.com[217.xx.xx.xx] refused to talk to me: > 554-mail1.abc

Re: greylist doesn't seem to be working? Setup correctly.

Robert Chalmers: > I have set up the greylist policy, exactly according to the postfix docs, but > nothing seems to be getting generated in /var/mta - no database that is. > > When reloading I get this. > > postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: > greylist_time_lim

Re: greylist doesn't seem to be working? Setup correctly.

On 2016-06-06 11:54, Robert Chalmers wrote: I have set up the greylist policy, exactly according to the postfix docs, but nothing seems to be getting generated in /var/mta - no database that is. When reloading I get this. postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: gr

greylist doesn't seem to be working? Setup correctly.

I have set up the greylist policy, exactly according to the postfix docs, but nothing seems to be getting generated in /var/mta - no database that is. When reloading I get this. postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: greylist_time_limit=3600 However, the documents

ot: poor repution work arounds? standby smtp?

I have a small Postfix/Dovecot virtual server, low usage every so often a user account get compromised and spam sent (like couple of days ago), now I'm seeing 5 or 6 emails 'stuck' in the queue with like: (host mail2.abcdef.com[217.xx.xx.xx] refused to talk to me: 554-mail1.abcdef.com 554 Your acc