Rewriting the MAILER-DAEMON address and header formats

2021-09-17 Thread Vladimir Mishonov
Greetings! I'm writing here because, apparently, in 2021, there is still no other way to report bugs or suggest features for Postifx. That's a bummer, but please let me get to the point. I've been setting up a personal mailserver using Postfix, and while I don't have a lot of experience in L

Re: Problems emailing bell.net or sympatico.ca addresses

2021-09-17 Thread J Doe
On 2021-09-17 5:48 p.m., Ian Evans wrote: Just curious if anyone on the list has ever had issues with their postfix server communicating with bell.net or their related sympatico.ca email addresses? I've been trying to send to a few but keep getting "421

Re: Problems emailing bell.net or sympatico.ca addresses

2021-09-17 Thread Ian Evans
On Fri, Sep 17, 2021, 7:28 PM raf, wrote: > On Fri, Sep 17, 2021 at 05:48:24PM -0400, Ian Evans > wrote: > > > Just curious if anyone on the list has ever had issues with their postfix > > server communicating with bell.net or their related sympatico.ca email > > addresses? > > > > I've been try

Re: Untrusted TLS connection when sending emails to Google

2021-09-17 Thread Viktor Dukhovni
On Sat, Sep 18, 2021 at 12:44:30AM +0200, Gerald Galster wrote: > The question is how likely it is such a server is dropping tls support > after that work. I'd guess it will be unlikely and errors mostly occur > due to expired certificates or other (temporary) configuration issues. As a matter of

Re: Untrusted TLS connection when sending emails to Google

2021-09-17 Thread Gerald Galster
>>> Sure, but the forensic value of the signal is rather weak, since you >>> learn nothing about the names in the certificate, and anyone can get >>> a certificate from Let's Encrypt. So your connection was to some >>> server that had some certificate, ... now what? >> >> You'll get the informati

Re: Problems emailing bell.net or sympatico.ca addresses

2021-09-17 Thread raf
On Fri, Sep 17, 2021 at 05:48:24PM -0400, Ian Evans wrote: > Just curious if anyone on the list has ever had issues with their postfix > server communicating with bell.net or their related sympatico.ca email > addresses? > > I've been trying to send to a few but keep getting "421 Connection lim

Re: Untrusted TLS connection when sending emails to Google

2021-09-17 Thread Viktor Dukhovni
On Sat, Sep 18, 2021 at 12:44:30AM +0200, Gerald Galster wrote: > > Sure, but the forensic value of the signal is rather weak, since you > > learn nothing about the names in the certificate, and anyone can get > > a certificate from Let's Encrypt. So your connection was to some > > server that ha

Re: Untrusted TLS connection when sending emails to Google

2021-09-17 Thread Gerald Galster
>>> I am curious why with opportunistic TLS (security level may), you're >>> bothering to take any action to tweak the entirely cosmetic certificate >>> path validation status? >> >> What about parsing the maillog and adding those trusted servers to a table >> in order to enforce a higher tls leve

Problems emailing bell.net or sympatico.ca addresses

2021-09-17 Thread Ian Evans
Just curious if anyone on the list has ever had issues with their postfix server communicating with bell.net or their related sympatico.ca email addresses? I've been trying to send to a few but keep getting "421 Connection limit reached" followed by an eventual failure days later. I've seen people

Re: Untrusted TLS connection when sending emails to Google

2021-09-17 Thread Viktor Dukhovni
On Fri, Sep 17, 2021 at 07:53:55PM +0200, Gerald Galster wrote: > > I am curious why with opportunistic TLS (security level may), you're > > bothering to take any action to tweak the entirely cosmetic certificate > > path validation status? > > What about parsing the maillog and adding those trus

Re: Spam pass the filter

2021-09-17 Thread Benny Pedersen
On 2021-09-17 14:40, Christian Schmitz wrote: DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=garena.com; q=dns/txt; s=mailo; t=1631836303; h=Content-Transfer-Encoding: Content-Type: MIME-Version: Message-ID: Date: Subject: To: From: Sender; ifplugin Mail::SpamAssassin::Plugin::DKIM

Re: Untrusted TLS connection when sending emails to Google

2021-09-17 Thread Gerald Galster
>> Thank you for the answers. I'm reading the documentation and we need to >> adjust the smtp_tls_CAfile indeed. I will adjust this as soon as >> possible and I will report the result here. > > I am curious why with opportunistic TLS (security level may), you're > bothering to take any action to t

Re: Untrusted TLS connection when sending emails to Google

2021-09-17 Thread Viktor Dukhovni
On Fri, Sep 17, 2021 at 01:38:43PM -0300, Fabio S. Schmidt wrote: > Hello David and Gerald, > > Thank you for the answers. I'm reading the documentation and we need to > adjust the smtp_tls_CAfile indeed. I will adjust this as soon as > possible and I will report the result here. I am curious why

Re: Untrusted TLS connection when sending emails to Google

2021-09-17 Thread Fabio S. Schmidt
Hello David and Gerald, Thank you for the answers. I'm reading the documentation and we need to adjust the smtp_tls_CAfile indeed. I will adjust this as soon as possible and I will report the result here. Best regards Fabio Em sex., 17 de set. de 2021 às 11:50, Gerald Galster escreveu: > > I'm

Re: Spam pass the filter

2021-09-17 Thread Wietse Venema
Christian Schmitz: > Return-Path: That is the envelope sennder address. > my main.cf have the following rule: > smtpd_recipient_restrictions = > check_client_access regexp:/etc/postfix/spam/rcpt_cl_isp_prohibidos, > > And in the file i have the rule: > /.*mailgun\.net.*/REJECT

Re: Untrusted TLS connection when sending emails to Google

2021-09-17 Thread Gerald Galster
> I'm sorry if this is a frequent question, but we have deployed a new Postfix > server and we have enabled Opportunistic TLS. We have noticed that even with > a valid certificate when connecting to gmail servers the Untrusted TLS > connection is being displayed. > > I have updated the ca-cert

Re: Spam pass the filter

2021-09-17 Thread Benny Pedersen
On 2021-09-17 14:40, Christian Schmitz wrote: DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=garena.com; q=dns/txt; s=mailo; t=1631836303; h=Content-Transfer-Encoding: Content-Type: MIME-Version: Message-ID: Date: Subject: To: From: Sender; ... dkim blacklist :=) make a spamassass

Re: Untrusted TLS connection when sending emails to Google

2021-09-17 Thread David Bürgin
‘What do "Anonymous", "Untrusted", etc. in Postfix logging mean?’ http://www.postfix.org/FORWARD_SECRECY_README.html#status

Untrusted TLS connection when sending emails to Google

2021-09-17 Thread Fabio S. Schmidt
Hello, I'm sorry if this is a frequent question, but we have deployed a new Postfix server and we have enabled Opportunistic TLS. We have noticed that even with a valid certificate when connecting to gmail servers the Untrusted TLS connection is being displayed. I have updated the ca-certificate

Spam pass the filter

2021-09-17 Thread Christian Schmitz
Hi everyone: Normally when i identify a host spammer i block entire server. Today i receive one spam email. The origin is "mailgun.net", i already have a rule to block him, but the email pass with no problem. I want stop the email, what is wrong? The header, config and rules are the fo