I just don't understand the process: if a local client uses sendmail to
enqueue an email, that client is not expecting much more than a zero or
non-zero response code. If the shim is set up to communicate using SMTP
and Postfix responds that it will not enqueue mail from localhost because
of "Too
On Wed, Jan 04, 2023 at 12:25:47AM -0500, Hébergement Arbre Binaire wrote:
> I don't know if this could be put to consideration by your dev team (or
> not, because of technical considerations above my knowledge), but a single
> door to a barn makes a more secure barn.
My "dev" team is just me, an
>The real "only" way to enqueue mail for local delivery via Postfix is
>postdrop(1), which is "setgid" to a group that can write to the
>"maildrop" queue. If you set "authorized_submit_users" to a restricted
>set of trusted system accounts, then all users would have to use your
>shim, a postdrop(1
On Tue, Jan 03, 2023 at 07:50:19PM -0500, Hébergement Arbre Binaire wrote:
> Maybe I should ask another question: is sendmail the ONLY way for a local
> script (be it any kind of script: PHP or otherwise) to queue a mail for
> delivery?
All that applications can portably expect to work for local
>Otherwise, the script can just send mail directly
As far as my experience goes, abusive scripts depend on the local MTA to
relay abusive mail. They would need to crack two hosts instead of a single
one to route bad mail.
Maybe I should ask another question: is sendmail the ONLY way for a local
On Tue, Jan 03, 2023 at 07:20:30PM -0500, Hébergement Arbre Binaire wrote:
> >If submission rate limits are required, use SMTP instead of the Postfix
> sendmail command.
>
> Aside from creating a "shim" of some sort to catch sendmail calls made by
> random malicious scripts and that uses SMTP to
On 1/3/23 19:20, Hébergement Arbre Binaire wrote:
>> If submission rate limits are required, use SMTP instead of the Postfix
> sendmail command.
>
> Aside from creating a "shim" of some sort to catch sendmail calls made by
> random malicious scripts and that uses SMTP to route mail to the local MT
>If submission rate limits are required, use SMTP instead of the Postfix
sendmail command.
Aside from creating a "shim" of some sort to catch sendmail calls made by
random malicious scripts and that uses SMTP to route mail to the local MTA,
I don't see any solution. It's a bit above my paygrade s
H?bergement Arbre Binaire:
> I really appreciate your (very) thorough answer. I'll use it to search for
> a solution or devise a homemade one.
>
> The problem I'm describing affects so many web hosts... I'm surprised that
> this security problem has not been circumvented in any reliable way. I
I really appreciate your (very) thorough answer. I'll use it to search for
a solution or devise a homemade one.
The problem I'm describing affects so many web hosts... I'm surprised that
this security problem has not been circumvented in any reliable way. I
understand Postfix cannot fix alone t
On Tue, Jan 03, 2023 at 06:03:29PM -0500, Hébergement Arbre Binaire wrote:
> Local clients (bash scripts and PHP mailers in particular) are still not
> rate limited at all. How can I accomplish this?
The simple answer is that You can't, without replacing sendmail(1), with
something that submits
First part of my question:
I successfully could limit outbound emails sent from remote clients using
this main.cf testing configuration:
anvil_rate_time_unit = 60s
smtpd_client_message_rate_limit = 1
This conf, however, cannot limit clients sending emails from within the
host. I then found this
On 1/3/23 17:23, Xavier Belanger wrote:
> Hi,
>
> My question is not directly related to Postfix, but hopefully
> someone could point me in the right direction.
>
> I am building a SMTP relay server with SASL authentication,
> using LDAP (Active Directory) as a backend and it does work.
> Regular
Hi,
My question is not directly related to Postfix, but hopefully
someone could point me in the right direction.
I am building a SMTP relay server with SASL authentication,
using LDAP (Active Directory) as a backend and it does work.
Regular users can send emails after being authenticated.
My go
I am seeing the subjected error for a small percentage of messages, and
then those message stay in the deferred queue.
from the log:
postfix/local[1124]: warning: unexpected protocol delivery_request_protocol
from private/bounce socket (expected: delivery_status_protocol)
On 1/1/23 19:01, Wiet
On 1/1/23 19:01, Wietse Venema wrote:
> trading fours:
>> I am seeing the subjected error for a small percentage of messages, and
>> then those message stay in the deferred queue.
>>
>> from the log:
>> postfix/local[1124]: warning: unexpected protocol delivery_request_protocol
>> from private/boun
16 matches
Mail list logo
