Hello,
My MTA (postfix) has both 25 (non-SSL) and 465 (SSL) ports enabled.
How to enforce the peer MTA send messages only to 465 port for better
secure communication?
Can I just shutdown port 25?
Thanks.
On Wed, Aug 14, 2019 at 12:44:30PM -0700, Sean Hogberg wrote:
[ The OP should consider using a paragraph break now and then. ]
> Anyway, I'm seeing mail sit in the active queue (picked up by qmgr, but
> not sent to smtp) for 20-40 mins.
Perhaps your MTA is accepting mail to invalid recipients,
@lbutlr:
> Are logs like the following really worthy of a warning log level?
Yes, because they can result in an irreversible action: if Postfix
replies with 5XX then the client will not retry the delivery attempt.
If you don't like these, "man grep".
Wietse
> postfix/submit/smtpd[84385]
Are logs like the following really worthy of a warning log level?
postfix/submit/smtpd[84385]: warning: hostname zg-0301e-69.stretchoid.com does
not resolve to address 107.170.200.25: hostname nor servname provided, or not
known
postfix/smtps/smtpd[96068]: warning: hostname
189-91-4-216.dvl-wr.
According to pastebin, every minute some email is delivered.
That mail is not stuck in the queue.
To support your claim that mail is stuck in the queue, show evidence
in the form of 'status=deferred' statistics.
Or better, run the qshape tool, which is bundled with Postfix
source code.
W
Kadlecsik J贸zsef wrote:
Hello,
One of our users reported a rejected email with the error code and message
Remote-MTA: dns; artemis.gat.com
Diagnostic-Code: smtp; 550 Sender IP reverse lookup rejected
We handle several domains with different outgoing smtp settings at
multiple mail gateways:
#
Hey guys, I just took over some postfix gateways (my primary MTA is exim,
so getting used to a few differences), and ran into an issue that I'm not
quite sure how to solve. Unfortunately using an old postfix version
(2.6.6), I do want to get that upgraded and up to date but wont be able to
do that
On Aug 14, 2019, at 10:12, Matus UHLAR - fantomas wrote:
>
> or get the bank to fix it. One rarely needs multiple PTR records.
That would be ideal, but in 37 years of dealin with banks, fixing their
stupidity is not something they do.
Sent from my iPhone
On 8/14/2019 10:30 AM, @lbutlr wrote:
Aug 14 09:25:41 mail postfix/smtpd[44179]: NOQUEUE: reject: RCPT from unknown[198.241.168.120]:
550 5.7.25 Client host rejected: cannot find your hostname, [198.241.168.120];
from=<*munged*@*mybak*> to= proto=ESMTP
helo=
馃懝 root@mail # dig cportal3.visa.com
On 8/14/2019 10:30 AM, @lbutlr wrote:
Aug 14 09:25:41 mail postfix/smtpd[44179]: NOQUEUE: reject: RCPT from unknown[198.241.168.120]:
550 5.7.25 Client host rejected: cannot find your hostname, [198.241.168.120];
from=<*munged*@*mybak*> to= proto=ESMTP
helo=
馃懝 root@mail # dig cportal3.visa.com
Possibly multiple PTR records causing issue?
dig -x 198.241.168.120 +short
mail1.payablesautomation.net.
cportal3.visa.com.
On Wed, Aug 14, 2019 at 11:32 AM @lbutlr wrote:
> Aug 14 09:25:41 mail postfix/smtpd[44179]: NOQUEUE: reject: RCPT from
> unknown[198.241.168.120]: 550 5.7.25 Client host
Aug 14 09:25:41 mail postfix/smtpd[44179]: NOQUEUE: reject: RCPT from
unknown[198.241.168.120]: 550 5.7.25 Client host rejected: cannot find your
hostname, [198.241.168.120]; from=<*munged*@*mybak*> to=
proto=ESMTP helo=
馃懝 root@mail # dig cportal3.visa.com +short
On Wed, 14 Aug 2019, Kadlecsik J贸zsef wrote:
> It seems it's a persistent problem. I tried to contact the postmaster at
> the other side but of course got the same reject. We'll try to contact
> them via a third party.
Using a third party as a relay, I got the same error message. Maybe the
who
On Wed, 14 Aug 2019, Wietse Venema wrote:
> Kadlecsik J?zsef:
> > It seems it's a persistent problem. I tried to contact the postmaster at
> > the other side but of course got the same reject. We'll try to contact
> > them via a third party.
>
> In that case, try setting
>
> -o inet_pro
On 13 Aug 19, at 09:19 , Scott Techlist wrote:
> I'd like to block certain IP's from attempting to authenticate on my
> submission port.
You cannot prevent them from attempting to authenticate, at least not via
postfix. You would need to firewall them or do something in hosts.allow for
that.
Kadlecsik J?zsef:
> It seems it's a persistent problem. I tried to contact the postmaster at
> the other side but of course got the same reject. We'll try to contact
> them via a third party.
In that case, try setting
-o inet_protocols=ipv4
(or ipv6) and see if it is a specific kind o
On Wed, 14 Aug 2019, Wietse Venema wrote:
> > One of our users reported a rejected email with the error code and
> > message
> >
> > Remote-MTA: dns; artemis.gat.com
> > Diagnostic-Code: smtp; 550 Sender IP reverse lookup rejected
> >
> > We handle several domains with different outgoing smtp s
Kadlecsik J?zsef:
> Hello,
>
> One of our users reported a rejected email with the error code and message
>
> Remote-MTA: dns; artemis.gat.com
> Diagnostic-Code: smtp; 550 Sender IP reverse lookup rejected
>
> We handle several domains with different outgoing smtp settings at
> multiple mail ga
Hello,
One of our users reported a rejected email with the error code and message
Remote-MTA: dns; artemis.gat.com
Diagnostic-Code: smtp; 550 Sender IP reverse lookup rejected
We handle several domains with different outgoing smtp settings at
multiple mail gateways:
# /etc/postfix/master.cf
wi
Hi Andreas,
> Am 14.08.2019 um 10:01 schrieb A. Schulze :
>
>
> Christian Ro虉脽ner:
>
> Hello Christian,
>
>> By changing *_CAfile parameters to *_CApath, everything started working
>> again.
>
> nothing specific to your OpenSSL version but: do you run postfix chroot?
> from http://www.postfi
Christian Ro虉脽ner:
Hello Christian,
By changing *_CAfile parameters to *_CApath, everything started
working again.
nothing specific to your OpenSSL version but: do you run postfix chroot?
from http://www.postfix.org/postconf.5.html#smtpd_tls_CApath:
"To use smtpd_tls_CApath in chroot mo
Hi,
I recently upgraded my systems to have full openssl-1.1.1c support. After
upgrading my mail-server, I realized that I had problems with trusting server
certificates. I checked that the server still uses
/etc/ssl/certs/ca-certificates.crt, but for some reason Postfix can not work
with this
22 matches
Mail list logo
