Hi Geert, thanks for your reply!
Am 25.01.2025 um 00:17 schrieb Geert Hendrickx via Postfix-users:
On Fri, Jan 24, 2025 at 22:56:40 +0100, Andreas Kuhlen via Postfix-users wrote:
I have set ‘RejectFailures true’ in /etc/opendmarc.conf. My expectation
was that mails without a dmarc signature
Many thanks for your reply, Bill.
Am 24.01.2025 um 23:41 schrieb Bill Cole via Postfix-users:
On 2025-01-24 at 16:56:40 UTC-0500 (Fri, 24 Jan 2025 22:56:40 +0100)
Andreas Kuhlen via Postfix-users
is rumored to have said:
Hi, dear list members!
I don't know if I'm asking in the r
Hi, dear list members!
I don't know if I'm asking in the right place, but since opendmarc is
configured as a milter in Postfix, I'll just ask it.
Today I received a mail that did not have a dmarc signature.
2025-01-24T21:52:15.374433+01:00 crosis opendkim[1183]: C01D06003F:
m6.so-net.net.tw
As it seems bind turns off qname minimization for queries to SH. As I
can find something like this in the query log:
named[4205]: success resolving
'49.236.215.178.6.zen.dq.spamhaus.net/A' after disabling
qname minimization due to 'ncache nxdomain
So, I'd say it's not necessa
Hi Tomasz,
can you explain why it's better to turn off QNAME minimization MTAs and
spam checkers?
Andreas
Am 14.01.2025 um 18:56 schrieb Steffan Cline via Postfix-users:
Just FYI, it's better to turn off QNAME minimization on DNS servers used by
MTAs and spam checkers.
My NSes
Dear Geert,
thanks for yor quick reply. I've added this to my main.cf file now.
Works!
Andreas
Am 06.01.2025 um 22:15 schrieb Geert Hendrickx:
On Mon, Jan 06, 2025 at 22:09:27 +0100, Andreas Kuhlen via Postfix-users wrote:
A text that simply states that the user is un
Kind regards
Andreas
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
re is added in the desired order by opendkim when I
send an email, which is then also verified as valid. A successful DKIM
signature check is now also carried out for incoming mails. So the
problem is solved.
Thank you for your help in solving the problem.
An
postfix")
Now I am completely confused and don't know how to proceed.
Unfortunately, I can find almost nothing on the subject of opendkim
integration (signing/verification) in amavis. At least nothing that is
promising.
Merry X-mas
Andreas
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
?
Andreas
Am 24.12.2024 um 15:44 schrieb Matus UHLAR - fantomas via Postfix-users:
On 24.12.24 09:08, Andreas Kuhlen via Postfix-users wrote:
I have to correct myself. If I only add the no_milters here, a DKIM
signature is added and the header check also works, it looks like,
but for the body
p[2072]: connect
to 127.0.0.1[127.0.0.1]:10026: Connection refused
A merry X-mas to you!
Andreas
Am 24.12.2024 um 16:04 schrieb Andreas Kuhlen via Postfix-users:
Hi Matus,
As suggested by Wietse and you, I want to add the DKIM signature to
amavis in conjunction with OpenDKIM, but I
n the mail.log:
Am 24.12.2024 um 15:44 schrieb Matus UHLAR - fantomas via Postfix-users:
On 24.12.24 09:08, Andreas Kuhlen via Postfix-users wrote:
I have to correct myself. If I only add the no_milters here, a DKIM
signature is added and the header check also works, it looks like,
but for the bo
.s=default header.b=kyrK6Z3o;*
Perhaps I should test whether I let amavis handle the DKIM?
Now I'm a bit dismayed and don't know what to do.*
*
Kind regards
**Andreas*
*
Am 24.12.2024 um 02:14 schrieb Andreas Kuhlen via Postfix-users:
Hi Wietse,
thanks for your reply.
Am 24.12.2
Hi Wietse,
thanks for your reply.
Am 24.12.2024 um 01:32 schrieb Wietse Venema via Postfix-users:
Andreas Kuhlen via Postfix-users:
Hello,
I am running my Postfix server with Amavis, Spamassassin, Clamav and
have added a configuration for OpenDKIM, OpenDMARC and SPF. Sending and
receiving
eeded?
Regards
Andreas
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
e for me.
Andreas
Am 15.12.2024 um 15:52 schrieb Wietse Venema via Postfix-users:
Andreas Kuhlen via Postfix-users:
Postfix uses the RFC 5322 date/time format, you say. On the subject of
RFC 5322 date/time format, I can find the following in the ?date? man page:
?-R, --rfc-
x27;m asking this to
understand this.
Andreas
Am 15.12.2024 um 13:57 schrieb Wietse Venema via Postfix-users:
Andreas Kuhlen via Postfix-users:
Hello,
currently, some dates appear in American format. As can be seen at the
end of the line below:
2024-12-15T09:48:57.200203+01:00
this a question of the rsyslog settings?
I would be grateful for help with this.
Kind regards
Andreas
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
pickup service is no longer ‘messed up’, I made the changes
to the master.cf. Now, of course, the warning message no longer appears.
Great! Many thanks again.
Am 09.12.2024 um 19:59 schrieb Wietse Venema via Postfix-users:
Andreas Kuhlen via Postfix-users:
Hello,
I run a Postfix server with
anyone here have an answer? Which connection
is refused?
Kind regards
Andreas
This is my main.cf configuration:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
authorized_submit_users = root,www-data,vmail
biff = no
body_checks = pcre:/etc/postfix
and including RFC 5322.
In this context, RFC 2142 may be of interest, too.
--Andreas
--
! AJ3630-RIPE @ RUB8-RIPENetwork Operation Center !
! Dezernat 5.3 Ruhr-Universitaet Bochum !
! The amount of energy necessary to refute bullshit is
;
postfix-users@postfix.org>:
> Wietse Venema via Postfix-users:
> > Andreas Cieslak via Postfix-users:
> > > Hi list,
> > >
> > > i want to achieve that my postfix relay will modify the subject based
> on
> > > the recipients.
> > > The postfiy
solve this?
Any hints would be appreciated.
Thank you.
Andreas
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
y given
that this has been in the code base for so long :)
Andreas
On 13.06.22 17:48, Wietse Venema wrote:
Andreas Weigel:
Hi,
I recently noticed some (for me) unexpected behavior with address
verification probes (reject_unverified_recipient in
smtpd_relay_restrictions). Given an envelope rec
sible for the observed behavior.
I'd expect the verify daemon to re-quote the local part when sending out
a probe in that case, i.e. transmit a probe for <"a:b"@example.org>. Am
I overlooking some obvious issue here why this would be a bad idea?
Kind regards,
Andreas Weigel
stconf: warning: /etc/postfix/main.cf: unused parameter:
nullmx_reject_code=553"
Kind regards,
Andreas
I haven't been able to put my finger on
the exact location.
Andreas
--- Begin Message ---
There is not much interesting stuff going on here.
Just some regular email plain text.
--- End Message ---
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_do
I can confirm that the proposed patch fixes the issue. Just tested with
postfix 3.5.7 patched and unpatched.
On 04.11.20 12:18, Wietse Venema wrote:
Viktor Dukhovni:
On Wed, Nov 04, 2020 at 10:32:57AM -0500, Andreas Weigel wrote:
Hi everyone,
I think I stumbled upon a problem with postfix
rged? Or do you think this is not a good idea? Or did I just read the
code incorrectly and stuff actually works fine?
cheers,
Andreas
urce implementations of policy daemons
and it seems nobody has handled the case of long line headers.
Is there a good way of folding the header? Should postfix be doing that
automatically already?
cheers,
Andreas
n explanation for my
taste.
--
-- Andreas
:-)
Hi everyone. I have a php contact form, that reports the following postfix
error (getting that in maillog file): https://hastepaste.com/view/jr41N
The same applies for, when I send an e-mail to that e-mail address by using
Outlook.
Obviously my mail server having troubles sending e-mails to some
Hi Viktor,
On Thu, 9 May 2019, Viktor Dukhovni wrote:
On May 9, 2019, at 1:13 PM, Andreas Thienemann wrote:
I have the following items in my config:
http://www.postfix.org/DEBUG_README.html#mail
fair enough...
Problem description:
smtpd_recipient_restrictions seems to be working
n01 postfix/smtpd[24094]: generic_checks:
name=reject_unverified_recipient status=2
May 9 18:47:33 mailin01 postfix/smtpd[24094]: >>> END Recipient address
RESTRICTIONS <<<
Does anyone have any pointers what I might be missing?
cheers,
Andreas
le.com).
What would be your preferred solution? 1. would be the easy fix. 2. seems
cleaner but I am not sure about any side effects. 3. would be the most
work but I fear this might be necessary anyway for moving from local to
virtual mailboxes for my main domain...
Any suggestions?
cheers,
Andreas
Hi Viktor,
On Sun, 5 May 2019, Viktor Dukhovni wrote:
On Mon, May 06, 2019 at 02:38:15AM +0200, Andreas Thienemann wrote:
I currently have a mailserver that serves as final destination for a
domain, say example.com which is configured as mydestination.
This works, but I generally prefer to
glad if someone could give me a hint here... The more docs I
read, the less clearer things become. ;-)
Thanks,
Andreas
Hi Wietse,
On Wed, 3 Apr 2019, Wietse Venema wrote:
I do not know if skipping the printable() call does have any side-effects
though.
As a short-term fix it is probably OK, because the cleanup daemon
already filters the response. But smtpd should not rely on the
cleanup server doing that.
R
st Milter rejection Reason
<** 450-4.7.1 Test Milter rejection Reason 01
<** 450 4.7.1 Test Milter rejection Reason 02
-> QUIT
<- 221 2.0.0 Bye
=== Connection closed with remote host.
cheers,
Andreas
and a proper solution for Postfix 3,5
and onwards.
Hahaha, thank you very much. I appreciate it. Especially as we all know
about that copious spare time.
If it helps, the sample milter I used is at
https://gist.github.com/ixs/70ec5ba23c8da0c9ee3c682eeb8fe452
cheers,
Andreas
her hand, this seems
to be the source for the ?? replacement in the log message.
cheers,
Andreas
nse
-> QUIT
> : 51 55 49 54 0D 0AQUIT..
< : 32 32 31 20 32 2E 30 2E 30 20 42 79 65 0D 0A
221.2.0.0.Bye..
<- 221 2.0.0 Bye
=== Connection closed with remote host.
The lines are separated by 0x20, 0x20 ([space][space]) rather than 0x0d,
0x0a (\n\r).
I had a quick look at the postfix source but did not find the right
codepath where this happens.
Any ideas if this really is a bug in Postfix or am I making a mistake
somewhere in my milter?
cheers,
Andreas
based on the fact that Postfix with
postscreen itself blocks the by far largest part of malicious mail.
Of course, YMMV,
--
-- Andreas
:-)
Hi,
postfix-3.3.0
we got a bug report (https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/
1753470) where postconf was crashing if main.cf had a map pointing to a
file that the user couldn't read.
ubuntu@bionic-postfix:~$ l /etc/postfix/valiases.cf
-rw-r- 1 root root 169 May 7 14:08 /et
I also use postwhite and similar whitelisting, but I also have
postscreen_dnsbl_sites =
...
list.dnswl.org=127.0.[5;9].0*-2
--
-- Andreas
:-)
On Tue, 12 Dec 2017, at 16:27, Alex wrote:
I don't have enough perl knowledge to join or associate then parse
multiple lines.
Did you have a look at auxiliary/collate from Postfix's source?
--
-- Andreas
:-)
n called "debug" and can WARN. But RTFM again or,
as Noel wrote, get on the Postfwd mailing list.
--
-- Andreas
:-)
ails not being deliverable through lmtp...
I can live with that.
cheers,
Andreas
only work for
virtual aliases with one level of redirection but not for something like
i...@example.com -> i...@example.net -> spam-mails.
But I should get most of the problematic entries with that. Thanks for the
suggestion.
cheers,
Andreas
ng to the logs.
Is there a way to configure postfix to check after rewriting of addresses?
cheers,
Andreas
have been
consulted, but then again I also did not have the j...@real.example.com
mapping back to itself. Is that entry needed in such a form?
cheers,
Andreas
have a hint how to get this working correctly? Adding the
domain to both virtual_domains and relay_domains seems to work but as far
as I understand previous discussions here on the list this is a rather bad
idea.
Cheers,
Andreas
sting to add the frequently abused `.jar` to the
regex.
--
-- Andreas
:-)
ion?
[1]:
http://postfix.1071664.n5.nabble.com/Idea-multiple-actions-in-access-header-checks-policy-results-td71906.html
--
-- Andreas
:-)
sender
> leads you to
> http://www.postfix.org/postconf.5.html#reject_unlisted_sender
Thanks, you are right that I was confused about this reference. So,
smtpd_sender_restrictions = (...)
warn_if_reject
reject_unlisted_sender
works as expected but only if smtpd_reject_unlisted_sender = no.
--
-- Andreas
:-)
On Sun, 7 May 2017, at 15:04, Wietse Venema wrote:
> /etc/postfix/main.cf:
> smtpd_reject_unlisted_sender = yes
Is there a way to test-run this similar to warn_if_reject?
--
-- Andreas
s and just stop them? No matter on all the LDAP stuff,
shouldn't postfix be intelligent enough to detect if forwarding source
and destination are similar?
It would be great, if someone has an idea how we could solve this!
Cheers,
Andreas Krischer
akbyte webentwicklung
Pastor-Lüpschen-Str. 82
52
a Postfix question, but I'm hoping that all the
> Postfix-Gods in here might share an opinion or advice.
My advice would be use amavis. I integrates very well with
Postfix and is running just fine. It does Spam- and Viruschecking
and intergrates DKIM as well if you like to use it.
Greetings
Andreas
Am 2/18/2015 um 18:39 schrieb Viktor Dukhovni:
> With 3.0.0 Linux distributions should start using the upstream
> default. This does mean that users should remove explicit legacy
> default settings of daemon_directory from their main.cf files.
> Distribution package upgrades will need to update or
irst adopted upstream.
Since, as you said, some distributions lack /usr/libexec, wouldn't it be
a better idea to leave it up to the package/distribution maintainers to
separate shared objects from shared executables?
Andreas
ebian, Arch, and probably more) daemon_directory is
/usr/lib/postfix as well, which will lead to a broken multi-instance
capability by default.
Hopefully i just missed some important point.
Andreas
Am 2/18/2015 um 01:32 schrieb Wietse Venema:
> Andreas:
>> Hi,
>>
>> i insta
ib/postfix conflicts with instance /etc/postfix,
> daemon_directory=/usr/lib/postfix
makedefs.out: http://pastebin.com/HhD0AZKQ
Only if i set shlib_directory=no all works as expected. I'm wondering if
this is normal.
--Andreas
Since the virtual_mailbox_domains default value is virtual_mailbox_maps I
thought I didn't need a new query, but it works!
Thank you a lot!
omain.com/me/
Now why postfix doesn't lookup mydomain.com over MySQL?
Best regards,
Andreas
echo '* Infodateien ohne Queuedateien:'
echo ''
echo ${ORPHANED_FILES} | xargs ls -la
fi
That cronjob produces output very rarely but mostly after manual interaction
( postsuper -r ALL and so )
Andreas
: from opendmarc-milter
Authentication-Results: from opendkim-milter
X-Spam-foo: added by amavisd-milter from amavisd + spamassassin
Received: from MTA
Authentication-Results: from spf-milter
...
in short: no problem here (as before ...)
Andreas
rom me: Thank you.
this is the definitive reason to switch from 2.11.1 to 2.12-x here :-)
Andreas
tion - because
it has access to all the information that verify has, so that smtpd
could reject itself in this situation.
Thanks for any advice. Avoiding backscatter here would be a great
achievement.
Andreas
Complete main.cf:
-8<---
smtpd_b
André Rodier:
> I cannot see in the SpamAssassin rules documentation a way to add
> headers.
point for you. Adding any header with SA isn't possible at a first view.
You may ask again on spamassasin-users
Andreas
André Rodier:
> I am looking for a milter script (mail filter) that would classify
> emails automatically. Something in Perl, for instance.
you could use spamassassin for that purpose, too.
write your own SA rules and your done.
Andreas
to "postconf -e "debug_peer_list=$buggy_client" when searching anomalies
and would expect such details only in that context.
Andreas
e.
> > Are there other situations postfix has to recode a message?
> No.
good
Thanks,
Andreas
ck if you test the right way at all.
Andreas
3 08:43:10 2014
Hello Wietse,
I wonder about changes in tls_server.c !?
Andreas
ot;dane").
This suggestion makes sense
People just want to know the overall channel security status.
yes, I mostly like to distinguish plain vs. TLS
The "security" element can either be always present,
with "none" to signal non-TLS delivery, or simply absent to signal the same.
As admins have to adjust logfile parser anyway, I would prefer version #1
Andreas
Viktor Dukhovni:
> It may be simpler to upgrade your system.
yes, upgrade would be best but sometimes,
older crypto is not as painfull as it should be
Andreas
Robert Schetterer:
> > openssl 0.9.8j and Postfix 2.11.1.
> maybe a suboptimal mixture
any hint's to build postfix + openssl-1.x on a system based on openssl-0.9.x ???
I also avoided building openssl from source for good reasons over the last
years.
But I'm open to try.
Andreas
Alexandre Ellert:
I'm going to test by adding a first useless header in the policy
server and see if things works in the milter.
also consider using a milter based SPF checker. Lock at the
opendmarc-users archive for suggestions.
Andreas
end to you because they try/have only a
higher protocol version.
But these should fallback to plaintext anyway.
Andreas
...
-o smtpd_milters=${dkim_milter},${dmarc_milter}
sumbission inet ...
-i smtpd_milters=${dkim_milter}
this master.cf is much more selfexplaining.
Andreas
lists:
To get a "+", the descriptions says:
"Your system requires authentication (AUTH) on port 587 before the
MAIL FROM command is issued"
that is pure nonsense
+1
you cannot enforce any client to not send any command.
but you can enforce proper answers.
Andreas
LuKreme:
> OK, what is pfqgrep? I don't see it in my ports tree?
see http://www.arschkrebs.de/postfix/scripts/
wietse:
But wait, there is more
does not sound like an easy job.
just an idea: if the timestamp of a queuefile is relevant, could a
changed time
of a queuefile be interpreted as "bounce immediately" ?
for example timestamp to a fixed date near 1.1.1970
Andreas
would sometimes be useful to
postbounce
Andreas
e your suggested solution.
Andreas
Wietse Venema:
> Assuming that you haven't configured a global policy of "all mail
> deliveries shall use TLS",
that's exactly the limitation Peer has in mind.
Andreas
Birta Levente:
Yes, but you sould give some reason why is bounced ... which IMHO is
something permanent ...
good point!
# postbounce
so you just set up one time some map and no more care about that problem.
just this is unwanted and the reason for the request.
Andreas
Birta Levente:
Why not just delete from the queue?
from senders perspective that message is lost.
sometimes it's useful to clear bounce back to sender.
Andreas
. Maybe it could be included in postfix
some day.
usage: master.cf
submission inet n - n - - smtpd
-o syslog_name=postfix/submission_with_dsn
-o smtpd_force_dsn_on_success=yes
Andreas
Index: postfix-2.11.0/src/global/mail_params.h
for the question.
I also needed such feature some times.
# postbounce
Andreas
eases/)
Andreas
check your own identity card to prove that you are you? )
But I assume your problem is consistent behaviour.
If that is the point you have to split mail flows:
* separate system signing all submitted messages
* separate system validating any inbound messages.
Andreas
/new.example.com/cert+intermediate.pem
Andreas
Hello,
I have to add a "Reply-To" Header in (smtp-) submitted messages.
Adding it unconditionally using PREPEND result in messages with more
then one instance
of this header which violates RFC5322.
Is there a way to add a header _only_ if not present?
Thanks
Zitat von wie...@porcupine.org:
Postfix 2.11.0 stable release candidate 1 is uploaded to ftp.porcupine.org
and will appear on mirror sites in the next 24 hours.
2.11x is running here on different hosts without problems.
Andreas
Hello,
the documentation to these parameters refers the NSA website. However
the links are broken.
Also I don't feel very comfortable these days if postfix uses crypto
approved by NSA :-/
Andreas
eal name in the header
section.
Regards
Andreas
My opinion (slightly off topic but very relevant) having read the thread
carefully:
It is obvious that the English speaking world does not want to abandon
ASCII. For their own reasons.
If you want an RFC (or any project for that matter) to f
rver that is only Trusted but not Verified)
Andreas
Am 15.12.2013 22:08 schrieb Patrick Ben Koetter:
> % unbound-control flush
I prefer "unbound-control flush_zone " because "flush" don't flush TXT
Andreas
min) I would not even consider (non-FOSS) Exchange for a
second. Executives of course
know-it-all-can-do-it-all type always win! That is why I am looking into
retirement the
soonest!!
Thanks
Andreas
1 - 100 of 172 matches
Mail list logo
