> On Jun 22, 2019, at 1:12 AM, lists wrote:
>
> If you are netsecdesign.com, ssllabs says your cert has issues. Not that this
> may be your problem, but I would fix that first.
The certificate is past its nominal expiration, but perhaps
more importantly its "Basic Key Usage" field says:
On Sat, Jun 22, 2019 at 04:09:45AM +, Security Admin (NetSec) wrote:
> Within the last week or so I am suddenly unable to send or receive from
> Google Gmail. Any help with this issue would be appreciated.
What version of OpenSSL is installed on your system? Was it upgraded
recently? You a
If you are netsecdesign.com, ssllabs says your cert has issues. Not that this may be your problem, but I would fix that first.
Within the last week or so I am suddenly unable to send or receive from Google
Gmail. Any help with this issue would be appreciated.
Receive Error from mail.log:
Jun 21 20:59:26 portus postfix/smtpd[3726]: SSL_accept:SSLv3/TLS write
certificate
Jun 21 20:59:26 portus postfix/smtpd[3726]: SSL_a
On Sat, Jun 22, 2019, 07:33 Ralph Seichter wrote:
> * Rich Wales:
>
> > I'm wondering if it may be worthwhile for me to enable greylisting in
> > some form on my server.
>
> While postscreen is no silver bullet, it does a fine job for me. I'd
> rather see some spammers connect (doesn't mean their
Thank you; this is much appreciated!
On 2019-06-21 19:49, Wietse Venema wrote:
> jbwli...@hilltopgroup.com:
>> Hi everyone,
>>
>> I'm running postfix 3.2.3 on FreeBSD, with a separate submission service
>> receiving connections via haproxy and using the
>> smtpd_upstream_proxy_protocol=haproxy f
* Rich Wales:
> I'm wondering if it may be worthwhile for me to enable greylisting in
> some form on my server.
While postscreen is no silver bullet, it does a fine job for me. I'd
rather see some spammers connect (doesn't mean their postings go
through) than risk blocking inbound "confirmation t
I have not used greylisting in 5+ years, not even fake greylisting
with address_verify_poll_count or postscreen_whitelist_interfaces,
Wietse
I'm running Postfix 3.1.0 on an Ubuntu 16.04 LTS system.
II'm using Postfix's postscreen filtering, including zen.spamhaus.org
(with a large score) as one of my DNSBL sites, but it's not helping in
some cases because the spam sources are not showing up on Spamhaus at
the time I get e-mail from the
jbwli...@hilltopgroup.com:
> Hi everyone,
>
> I'm running postfix 3.2.3 on FreeBSD, with a separate submission service
> receiving connections via haproxy and using the
> smtpd_upstream_proxy_protocol=haproxy flag. When haproxy performs its
> checks every 30 seconds, I get the following in my
On 6/21/19 4:13 PM, Viktor Dukhovni wrote:
On Fri, Jun 21, 2019 at 04:04:52PM -0500, John Gateley wrote:
root@elephant:~# dpkg-reconfigure postfix-pcre
Removing pcre map entry from /etc/postfix/dynamicmaps.cf
Adding pcre map entry to /etc/postfix/dynamicmaps.cf
root@elephant:~# postmap -q fo
On Fri, Jun 21, 2019 at 04:04:52PM -0500, John Gateley wrote:
> root@elephant:~# dpkg-reconfigure postfix-pcre
> Removing pcre map entry from /etc/postfix/dynamicmaps.cf
> Adding pcre map entry to /etc/postfix/dynamicmaps.cf
> root@elephant:~# postmap -q foo pcre:/etc/postfix/header_checks.pcre
>
Hi everyone,
I'm running postfix 3.2.3 on FreeBSD, with a separate submission service
receiving connections via haproxy and using the
smtpd_upstream_proxy_protocol=haproxy flag. When haproxy performs its
checks every 30 seconds, I get the following in my log (I've made it
more verbose as I'm
On Thu, Jun 20, 2019 at 12:43:22PM +0200, David López wrote:
> > > postfix/smtp[]: : to=,
> > > relay=MXhost[xxx.xxx.xxx.xxx]:25, delay=2190,
> > > delays=2186/0.03/3.9/0.13,
> > > dsn=4.7.0, status=deferred (host MXdomain[xxx.xxx.xxx.xxx] said: 403
> > > 4.7.0 not authenticated
On 6/21/19 3:47 PM, Matus UHLAR - fantomas wrote:
On 6/21/19 4:32 PM, John Gateley wrote:
This is Debian 9, with a fresh install of postfix,
postfix-policyd-spf-python and postfix-pcre packages.
I am getting the following error:
root@elephant:/etc/postfix# postmap -q foo
pcre:/etc/postfix/he
On 6/21/19 4:32 PM, John Gateley wrote:
This is Debian 9, with a fresh install of postfix,
postfix-policyd-spf-python and postfix-pcre packages.
I am getting the following error:
root@elephant:/etc/postfix# postmap -q foo
pcre:/etc/postfix/header_checks.pcre
postmap: warning: unsupported diction
On 6/21/19 4:32 PM, John Gateley wrote:
> Hello,
>
> This is Debian 9, with a fresh install of postfix,
> postfix-policyd-spf-python and postfix-pcre packages.
> I am getting the following error:
>
> root@elephant:/etc/postfix# postmap -q foo
> pcre:/etc/postfix/header_checks.pcre
> postmap: wa
Hello,
This is Debian 9, with a fresh install of postfix,
postfix-policyd-spf-python and postfix-pcre packages.
I am getting the following error:
root@elephant:/etc/postfix# postmap -q foo
pcre:/etc/postfix/header_checks.pcre
postmap: warning: unsupported dictionary type: pcre (no/postfix-pcr
It seems from the other side logs that the problem is that "No certificate
was presented." Is that possible after
Verified TLS connection established to MXhost[xxx.xxx.xxx.xxx]:25: TLSv1.1
with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
?
El jue., 20 jun. 2019 a las 12:43, David López ()
escribi
Thanks for your help! That was what I was missing!
RobertC
From: owner-postfix-us...@postfix.org on
behalf of Wietse Venema
Sent: Friday, June 21, 2019 10:35
To: Postfix users
Subject: Re: Rejecting mail if LDAP lookup returns empty
Cooper, Robert A:
> virtu
svinther:
> Yes it runs as the nobody user, and if I test logging the nobody user it is
> working just fine as I would expect:
>
> sudo runuser -u nobody -- /usr/sbin/postlog -t sometag <<< somemsg
>
> But when running as a postfix external command (as nobody user), it results
> in the permission
Yes it runs as the nobody user, and if I test logging the nobody user it is
working just fine as I would expect:
sudo runuser -u nobody -- /usr/sbin/postlog -t sometag <<< somemsg
But when running as a postfix external command (as nobody user), it results
in the permission error ?
Best regards
Cooper, Robert A:
> virtual_alias_maps = ldap:/etc/postfix/tamu.ldap
As documented, 'not found' means 'do not replace the address by its alias
expansion'.
If you must REJECT a name that has no LDAP, then you MUST also specify
virtual_alias_domains = tamu.edu
For more on virtual_alias_maps
The first one returns a mailRoutingAddress (racoo...@exchange.tamu.edu,
specifically). The second returns nothing from LDAP.
RobertC
From: Fazzina, Angelo
Sent: Friday, June 21, 2019 09:02
To: Cooper, Robert A; postfix-users@postfix.org
Subject: RE: Rejecting
> On Jun 21, 2019, at 3:44 PM, Cooper, Robert A wrote:
>
> Howdy!
>
> We are setting up Postfix to be an on-premise mail lookup and forward service
> for a cloud-based mail filter service (ProofPoint). Our campus uses LDAP to
> route email from a public alias (@tamu.edu) to an internal mai
svinther:
> Im using local to invoke a piped command with an alias like:
>
> http_forward: "|/usr/local/bin/..."
>
> from inside that bash script I try to log with systemd-cat but this results
> in "Failed to create stream fd: Permission denied"
As documented, commands in root-owned aliases file
Hi, what is the output when you test if testing is possible of say these
commands ?
postmap -q racoo...@tamu.edu ldap:/etc/postfix/tamu.ldap
postmap -q bad_a...@tamu.edu ldap:/etc/postfix/tamu.ldap
if I'm sending you down the wrong rabbit hole I am sure someone more savvy will
help out.
Im using local to invoke a piped command with an alias like:
http_forward: "|/usr/local/bin/..."
from inside that bash script I try to log with systemd-cat but this results
in "Failed to create stream fd: Permission denied"
I have tried to use postlog instead, but it just dont emit anything to
j
Howdy!
We are setting up Postfix to be an on-premise mail lookup and forward service
for a cloud-based mail filter service (ProofPoint). Our campus uses LDAP to
route email from a public alias (@tamu.edu) to an internal mailbox (e.g.,
@exchange.tamu.edu) or external destination such as yahoo o
On Fri, 21 Jun 2019 at 14:30, Fazzina, Angelo
wrote:
> > Is possible add a header based on a regex in a subject?
>
> Yes, see
> https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.postfix.org%2Fheader_checks.5.html&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7C5fe624f0bb2748eb6c120
Thank you.
It worked very well.
Em sex, 21 de jun de 2019 às 08:55, Ralph Seichter
escreveu:
> * Marcelo Machado:
>
> > Is possible add a header based on a regex in a subject?
>
> Yes, see http://www.postfix.org/header_checks.5.html (PREPEND action).
>
> -Ralph
>
I have a question, wouldn't that break a DKIM sig if the incoming email had one
?
Thank you.
-ANGELO FAZZINA
ang...@uconn.edu
University of Connecticut, ITS, SSG, Server Systems
860-486-9075
-Original Message-
From: owner-postfix-us...@postfix.org On
Behalf Of Ralph Seichter
Sent: F
* Marcelo Machado:
> Is possible add a header based on a regex in a subject?
Yes, see http://www.postfix.org/header_checks.5.html (PREPEND action).
-Ralph
Hello everyone.
Is possible add a header based on a regex in a subject?
Best regards.
Marcelo
anzelmooo .:
> Hello all,
>
> Thanks for the suggestions.
>
> We changed smtp_starttls_timeout to 10s and now the messages are in the
> queue exactly 10 seconds when next hop is O365. There is no issue with
> other servers.
smtp_starttls_timeout (default: 300s)
Time limit for Postfix SMTP c
Viktor Dukhovni:
> > On Jun 21, 2019, at 3:32 AM, Ralf Hildebrandt wrote:
> >
> > /^452-4\.2\.2 (The email account that you tried to reach is over quota.*)/
> > 552 5.2.2 ${1}
>
> Just as I expected. Now change that to:
>
> /^4(52[- ]4\.2\.2 The email account that you tried to reach is over
Hello all,
Thanks for the suggestions.
We changed smtp_starttls_timeout to 10s and now the messages are in the
queue exactly 10 seconds when next hop is O365. There is no issue with
other servers.
During the investigation we found out that the OpenSSL version had been
updated from 1.0.0 to
* Viktor Dukhovni :
> > On Jun 21, 2019, at 3:32 AM, Ralf Hildebrandt wrote:
> >
> > /^452-4\.2\.2 (The email account that you tried to reach is over quota.*)/
> > 552 5.2.2 ${1}
>
> Just as I expected. Now change that to:
>
> /^4(52[- ]4\.2\.2 The email account that you tried to reach is ov
> On Jun 21, 2019, at 3:32 AM, Ralf Hildebrandt wrote:
>
> /^452-4\.2\.2 (The email account that you tried to reach is over quota.*)/
> 552 5.2.2 ${1}
Just as I expected. Now change that to:
/^4(52[- ]4\.2\.2 The email account that you tried to reach is over quota.*)/
5${1}
and don't do it
* Wietse Venema Ralf, you need to fix your smtp_reply_filter :-( You replace "452-"
> with "552 ", and break one multiline response into two responses.
> We can help if you share the regexp.
That's probably the one:
/^452-4\.2\.2 (The email account that you tried to reach is over quota.*)/ 552
40 matches
Mail list logo
