On 22/10/2020 00:39, PGNet Dev wrote:
On 10/21/20 4:31 PM, Wietse Venema wrote:
PGNet Dev:
Two questions:
clear.
i'll focus just on just the dmarc bits.
both debugging opendmarc, and replacing it with another option to see
if behavior changes.
xclient's extremely helpful in any case.
Jason Long wrote:
> For configuration Postfix, is changing "hostname" to something like
> "Mail.example.net" mandatory? For example, my server running Apache
> and I don't like to change its name.
Your hostname can be almost anything you feel like completely
independent of running either Postfix o
On 10/21/20 4:31 PM, Wietse Venema wrote:
PGNet Dev:
Two questions:
clear.
i'll focus just on just the dmarc bits.
both debugging opendmarc, and replacing it with another option to see if
behavior changes.
xclient's extremely helpful in any case.
PGNet Dev:
> Two questions:
>
> (1) my postfix config includes,
>
> strict_rfc821_envelopes = yes
>
> the FROM: & RCPT TO: addressed i inject, as well as those in the originally
> sent mail, appear to be compliant.
>
> is there _more_ that strict restriction that might be relevant?
Post
On 10/21/20 11:13 AM, Wietse Venema wrote:
If your XCLIENT arguments match Postfix logging, including the name
and IP address info
they do
and you used HELO or EHLO depending on Postfix's proto= logging
proto=ESMTP, so I used EHLO
then I think that the Postfix SMTP daemon cannot distingui
On 2020-10-21 09:18, Benny Pedersen wrote:
> why do you SHOUT at Wietse ?
I was not shouting -- at least not intentionally. I was being emphatic,
and perhaps a little frustrated at the suggestion that I might have been
hit by a WordPress exploit even after I had said earlier in this thread
that
If your XCLIENT arguments match Postfix logging, including the name
and IP address info and you used HELO or EHLO depending on Postfix's
proto= logging, then I think that the Postfix SMTP daemon cannot
distinguish between a real intuit.com connection and one made with
XCLIENT.
That leaves the poss
I'm using Postfix's XCLIENT to synthesize/inject a test email into my
postfix->filter/milter->delivery chain.
I'd like to verify that my XCLIENT usage isn't the cause of the delivery
failure I see below ...
@ this postfix instance, mail flows as
-> postscreen (@ IP = 203.0.113.1)
|
On 20 Oct 2020, at 19:01, Viktor Dukhovni wrote:
> On Tue, Oct 20, 2020 at 05:29:22PM -0600, @lbutlr wrote:
>
The current setup uses recipient_bcc_maps which I would have thought
did what I wanted, but it actually does all outbound mail as well.
>>>
>>> With recipient_bcc_maps, the spe
On 10/21/20 11:16 AM, Fred Morris wrote:
> If DNSSEC isn't required for the domain(s) in question (or at least
> postfix in this specific case) you might look at RPZ as a way of
> rewriting just a single record in the zone: https://www.dnsrpz.info/
Demi M. Obenour:
> You can also use a local valid
Rich Wales skrev den 2020-10-21 17:50:
On 2020-10-21 06:17, Wietse Venema wrote:
My server IS NOT RUNNING THINKPHP OR WORDPRESS. Never has.
why do you SHOUT at Wietse ?
it does not matter if you have or not have, remote will try to detect if
you do or did, long time frame or not
try wge
On Wed, Oct 21, 2020 at 08:50:54AM -0700, Rich Wales wrote:
> My server IS NOT RUNNING THINKPHP OR WORDPRESS. Never has.
While the webserver is a good bet, before investing too much time
chasing ghosts, enumerate all the network listeners on your listem.
Something along the lines of (for Linux):
On 10/20/20 8:20 PM, IL Ka wrote:
>>
> /index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1
> That is fine: networks are constantly scanned by bots. They are trying to
> hack any site using well-known vulnerabilities.
>
> I have a lot of similar
On 10/21/20 11:16 AM, Fred Morris wrote:
> If DNSSEC isn't required for the domain(s) in question (or at least postfix
> in this specific case) you might look at RPZ as a way of rewriting just a
> single record in the zone: https://www.dnsrpz.info/
You can also use a local validating recursive r
On 2020-10-21 06:17, Wietse Venema wrote:
> If any of those got a 200 HHTP response then you have been owned.
Acknowledged. In this case, though, I honestly don't think so. Let me
explain why.
My server IS NOT RUNNING THINKPHP OR WORDPRESS. Never has.
The PHP site in question here was not bu
If DNSSEC isn't required for the domain(s) in question (or at least
postfix in this specific case) you might look at RPZ as a way of rewriting
just a single record in the zone: https://www.dnsrpz.info/
On Wed, 21 Oct 2020, IL Ka wrote:
I think you can install the DNS server locally (on the sa
Zsombor B:
> Hi Wietse,
>
>
> > Postfix 3.5 supports multiple relayhosts:
>
> Currently we are on 3.2
>
> > If these folks want to receive mail in six places, why can't they
> > set up DNS records like everyone else does?
>
> I'm already over this discussion, that's why I have asked the questi
Hi Wietse,
Postfix 3.5 supports multiple relayhosts:
Currently we are on 3.2
If these folks want to receive mail in six places, why can't they
set up DNS records like everyone else does?
I'm already over this discussion, that's why I have asked the question. :(
Big company, rigid people,
Zsombor B:
>
> Hi All,
>
>
> Customer asked us to relay their mails to a specific smtp server.
>
> Actually they provided 6 possible destination servers.
>
>
> When add them to sender_dependent_relayhost_maps postmap complains
> that there are duplicate entries:
>
> @foo.bar [mail1.whateve
Rich Wales:
> On 2020-10-20 06:45, Wietse Venema wrote:
>
> > Extract time stamps for NON-ERROR web server responses, and
> > correlate those time stamnps with activity in Postfix logs.
>
> Working on this now. There are log entries for several GET requests
> asking for nonsensical things like t
I think you can install the DNS server locally (on the same machine where
postfix runs) and configure postfix to use it
On Wed, Oct 21, 2020 at 1:42 PM Zsombor B wrote:
>
> I can' force the customer changing their DNS.
>
> Any postfix solution?
>
> BTW it looks like postfix delivers mails to al
I can' force the customer changing their DNS.
Any postfix solution?
BTW it looks like postfix delivers mails to all the relay servers so
the postmap warning is a bit misleading as if it won't work.
But this brings up another question: if any of the relay servers can't
accept mail will pos
> Hi All,
>
>
> Customer asked us to relay their mails to a specific smtp server.
>
> Actually they provided 6 possible destination servers.
>
>
> When add them to sender_dependent_relayhost_maps postmap complains that there
> are duplicate entries:
>
> @foo.bar [mail1.whatever]:123
> @foo
Hi All,
Customer asked us to relay their mails to a specific smtp server.
Actually they provided 6 possible destination servers.
When add them to sender_dependent_relayhost_maps postmap complains
that there are duplicate entries:
@foo.bar [mail1.whatever]:123
@foo.bar [mail2.whatever]:12
> Date: Wednesday, October 21, 2020 05:26:38 +
> From: Jason Long
>
> For configuration Postfix, is changing "hostname" to something like
> "Mail.example.net" mandatory? For example, my server running Apache
> and I don't like to change its name.
No, but the forward and reverse DNS records
25 matches
Mail list logo
