://github.com/croessner/pfxhttp
https://github.com/croessner/geoip-policyd
# Mailing lists:
https://lists.nauthilus.org
N.B.: In the future, announcements are sent over the nauthilus-announce ML.
This is just a hello world!
Christian Rößner
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
s, such as virtual
>>mailbox or domain mappings.
>>
>>. Implementing custom email policy checks through
>>HTTP-based policy services.
>>
>>
>> Find the source here:
>>
>> https://github.com/croessner/pfxhttp
>>
>>
you enjoy.
Thanks
Christian Rößner
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Marburger Str. 70a, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
=2Ehphj6VTtfMpJBc8EZ5owao9LT
disconnect from localhost.localdomain[127.0.0.1]:54612 helo=1 commands=1
Adding it consequently to all services even thouse that have not been shown
here in the example.
Feedback very welcome. Thanks in advance
Christian Rößner
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Karl
help make it better ;-)
Hope you enjoy
https://gitlab.roessner-net.de/croessner/geoip-policyd
Christian Rößner
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Karl-Bröger-Str. 10, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
lower or larger than 1h.
And of course: Everyone can decide by its own, if he has a use case for this
service or not.
Christian Rößner
--
Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Karl-Bröger-Str. 10, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-I
> Am 08.03.2019 um 13:26 schrieb Wietse Venema :
>
> Which distro ships with Linux 5.x kernels? I want to install that
> distribution in a VM for tests. I am not interested in a FrankenLinux
> where I have to assemble different parts from different providers.
> Last time I asked I did not get a g
Hi,
> Am 31.03.2017 um 10:48 schrieb Christian Rößner
> :
>
> Hi,
>
>> Am 30.03.2017 um 17:25 schrieb Viktor Dukhovni :
>>
>>
>>> On Mar 30, 2017, at 11:15 AM, Christian Rößner
>>> wrote:
>>>
>>> It is a VM, but the host uses ECC-RAM. No errors were reported to the
>>> kernel message bu
> Am 20.07.2016 um 18:31 schrieb Patrick Ben Koetter :
>
> * Wietse Venema :
>> Dominik Chilla:
>>> Hello together,
>>>
>>> my postfix setup (submission-relay only!) requires an authenticated
>>> (SMTP-AUTH plain/login) sender. Further it checks if the envelope-sender
>>> matches the authentic
> Am 20.07.2016 um 17:59 schrieb Robert Schetterer :
>
> Am 20.07.2016 um 09:17 schrieb Christian Rößner:
>> Hi,
>>
>> I was interested which spamassassin (including dspam) and rspamd rules are
>> used in my mail system and I needed some statistical output.
Hi,
I was interested which spamassassin (including dspam) and rspamd rules are used
in my mail system and I needed some statistical output. For this, I have
written two little helper scripts that can be put into logrotate. They will
produce reports for each filter.
https://github.com/croessner
Hi Robert :-)
> Am 13.07.2016 um 17:51 schrieb Robert Schetterer :
>
> Am 13.07.2016 um 15:45 schrieb Christian Rößner:
>> Hi,
>>
>> I developed a S/MIME signing milter that can be used with Postfix. It
>> features a simple map file, where you can define emai
> Am 13.07.2016 um 16:16 schrieb Benny Pedersen :
>
> On 2016-07-13 16:08, Christian Rößner wrote:
>
>>> I tested it on Mac OS X and Gentoo Linux. Readmes and Man-pages are
>>> included. Feel free to give it a try:
>>> https://signing-milter.org
> I developed a S/MIME signing milter that can be used with Postfix. It
> features a simple map file, where you can define email addresses and
> corresponding certs/keys. If a mail arrives, the milter checks the MAIL FROM
> address and looks up the map file. If it finds a record, it signs the ma
Hi,
I developed a S/MIME signing milter that can be used with Postfix. It features
a simple map file, where you can define email addresses and corresponding
certs/keys. If a mail arrives, the milter checks the MAIL FROM address and
looks up the map file. If it finds a record, it signs the mail
Hi,
just a short question:
If enabling smtputf8_enable feature in Postfix, is this compatible with
milters? The most common library is libmilter and I have no idea, what exactly
this Postfix feature means? By asking, I think about two callbacks in libmilter:
xxfi_header(SMFICTX *ctx, char *hea
> /^My-SPAM-Flag:.+Yes$/i FILTER discard:
> -
>
> You might need to place the header_checks inside master.cf. It depends on
> your setup.
>
> Maybe this works for you
>
> Christian
—
Christian Rößner B.Sc.
Erlenwiese 14, 36304 Alsfe
eed to place the header_checks inside master.cf. It depends on your
setup.
Maybe this works for you
Christian
—
Christian Rößner B.Sc.
Erlenwiese 14, 36304 Alsfeld
T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345
USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com
smime.p7s
Description: S/MIME cryptographic signature
> Am 07.05.2016 um 22:37 schrieb Viktor Dukhovni :
>
>
>> On May 7, 2016, at 8:08 AM, Christian Rößner
>> wrote:
>>
>> At the moment it works with all components, but only with:
>>
>> TLSProtocolMin 3.1
>>
>> which is TLSv1 I t
Hi Michael,
> Christian Rößner wrote:
>> I use OpenLDAP with Postfix. Today I tried to make OpenLDAP more secure by
>> requiring TLSv1.2. At this point Postfix stopped working.
>
> I set TLSProtocolMin 3.3 (requires TLS 1.2) in my slapd.conf and ldap table of
> postfix
Hi,
I use OpenLDAP with Postfix. Today I tried to make OpenLDAP more secure by
requiring TLSv1.2. At this point Postfix stopped working.
I miss something like tls_protocols in ldap_table(5)
It would be nice to add this feature.
Thanks in advance
Christian
—
Christian Rößner B.Sc.
Erlenwiese
> as you can read in this new bug report that I submitted:
>
> GNU debugger employed via Postfix crashed PaX hardened kernel
> https://bugs.gentoo.org/show_bug.cgi?id=541104
>
> also:
>
> GNU debugger checking for PaX and refusing to work with it
> https://forums.gentoo.org/viewtopic-t-1011162.h
> Am 11.02.2015 um 17:35 schrieb Mohammad Isargar :
>
> Hi there,
>
> We have a situation where Postfix installed with a single domain, serving a
> subnet of local LAN users and SASL authentication enforced in order to send
> emails.
>
> Even though that we know that the actual sender can be
> Am 08.02.2015 um 23:29 schrieb Wietse Venema :
>
> [An on-line version of this announcement will be available at
> http://www.postfix.org/announcements/postfix-3.0.0.html]
>
> Postfix stable release 3.0.0 is available. This release ends support
> for Postfix 2.8.
Thanks very much for this gre
> Am 05.02.2015 um 13:20 schrieb Benny Pedersen :
>
> Christian Rößner skrev den 2015-02-05 12:07:
>
>> I am using Gentoo hardening:
>> rns root@mx ~ # gcc-config -l
>> [1] x86_64-pc-linux-gnu-4.8.3 *
>
> this is not hardened profile
Sorry, if I correct
> Am 05.02.2015 um 06:51 schrieb Viktor Dukhovni :
>
> On Thu, Feb 05, 2015 at 01:04:58AM +, Viktor Dukhovni wrote:
>
>> On Wed, Feb 04, 2015 at 01:12:16PM -0500, Wietse Venema wrote:
>>
>>> Very lighty-tested patch follows. No INSTALL documentation until
>>> this has been tested.
>>>
>>>
> Am 03.02.2015 um 11:53 schrieb Marcus Bointon :
>
> On 3 Feb 2015, at 11:25, Christian Rößner
> wrote:
>>
>> php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f
>> foo...@example.org
>
> Don't put a space between the `-f` and
> Am 03.02.2015 um 13:17 schrieb Danny :
>
> Hi Guys,
>
> I have postfix setup on a Debian system that manages all my mail. However,
> whenever php is sending mail it sends it under user "www-data". I tried
> changing
> the headers in php but it remains the same.
>
> Is there someway I can cha
>> RFC 2821 (SMTP protocol)
>> --==>> RFC 2920 (SMTP Pipelining) <<==—
>
> Ok, I missed that, but…
Ok, just looked at the RFC. I thought, it required a initial command, but it
doesn’t ;-) Simply start pipelining, …
Thanks
Christian
--
Bachelor of Science Informatik
Erlenwiese 14, 36304 Al
> Am 01.02.2015 um 13:58 schrieb Wietse Venema :
>
> Christian R??ner:
>> I searched allover the docs, but could not find information, if
>> the smtp-client of Postfix can do the PIPELIING extension.
>
> Have you tried "man 8 smtp“?
Yes
> Wietse
>
> SMTP(8)
Hi,
I searched allover the docs, but could not find information, if the smtp-client
of Postfix can do the PIPELIING extension.
I have two Postfix instances on the same host. One is MX-out and the other one
is a MSA for clients. The MSA uses dane-only, while the server has the
fingerprint of th
> Am 27.01.2015 um 17:53 schrieb rupesh chandurkar
> :
>
> How I can verify my postfix is integrate with "Policyd".
postconf -n
There must be some check_policy_service somewhere.
smtpd_recipient_restrictions =
…
check_policy_service …
Also check with
lsof -Pni :PORT_OF_YOUR_SERVICE
> Am 18.01.2015 um 23:27 schrieb m...@ruggedinbox.com:
>
> Return-Path:
> Delivered-To: m...@ruggedinbox.com
> Received: from localhost (localhost.localdomain [127.0.0.1])
> by ruggedinbox.com (Postfix) with ESMTP id 7693331405C7
> for ; Sun, 18 Jan 2015 23:23:03 +0100 (CET)
At this
> Am 18.01.2015 um 15:20 schrieb SW :
>
> policyd-spf unix - n n - 0 spawn
> user=nobody argv=/usr/local/bin/policyd-spf
I use this:
policyd-spf unix -n n - 0 spawn
user=nobody argv=/usr/bin/policyd-spf
/etc/python-policyd-spf/policyd-spf.conf
Maybe
> Change permissions to 700 and ran the script. It gave no errors, which is
> good. However, using ss to check which ports are in use doesn't show port
> 12000(Which I would expect)
lsof -Pni :12000
Christian
--
Bachelor of Science Informatik
Erlenwiese 14, 36304 Alsfeld
T: +49 6631 78823400, F
Hi,
> using dmarc milter sometimes causes hold action
>
> like i.e ( failure pruduced by myself only for demonstrate )
>
> 2015-01-13T10:46:09.372033+01:00 mail opendmarc[15158]:
> 3kM6Nw3sCTzDdG2l: amazon.com fail
> 2015-01-13T10:46:09.411674+01:00 mail postfix/cleanup[3532]:
> 3kM6Nw3sCTzDdG2l
Hi,
> I am looking how to use ppymilter in Postfix. Using pymilter is explained in
> the Postfix docs ( http://www.postfix.org/MILTER_README.html#config ) , but I
> can't find how to do the same for ppymilter. Anyone can send me in the right
> direction ?
Is pymilter the C-binding version for
> Am 21.12.2014 um 10:13 schrieb Jonathan K. Tullett
> :
>
> Greetings,
>
> I've been using Postfix for many years - since about 2002 - and I've finally
> come across a problem I've not been able to resolve by searching online, or
> from tapping into my personal network. So I have come to you
> Am 18.12.2014 um 09:26 schrieb HugoH :
>
> Dec 18 09:08:18 sd-60799 postfix/smtp[17808]: connect to
> gmail-smtp-in.l.google.com[2a00:1450:400c:c00::1a]:25: Connection timed out
> Dec 18 09:08:19 sd-60799 postfix/smtp[17808]: 4176314805C0:
If I follow this list correctly, there recently was so
Hi,
> Am 15.12.2014 um 06:27 schrieb Benny Pedersen :
>
> On 15. dec. 2014 01.19.02 Christian Rößner
> wrote:
>
>> https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/?include_text=1
>
>> 2. Receivers compare the RFC5322 From: address in the mail to th
Hi,
> Am 15.12.2014 um 06:15 schrieb Benny Pedersen :
>
> On 15. dec. 2014 00.21.30 Christian Rößner
> wrote:
>
>> Thanks. That was what I thought. People using the header-from field. But I
>> couldn’t believe that. But now that you gave me this feedback, I think t
> Am 15.12.2014 um 00:36 schrieb Wietse Venema :
>
> Christian R??ner:
>>
>>> Am 14.12.2014 um 23:53 schrieb Wietse Venema :
>>>
>>> Christian R??ner:
sorry, if this question might be a little off-topic, but I really
do not understand some DMARC reports that I receive in conjunction
>
> Am 14.12.2014 um 23:56 schrieb li...@rhsoft.net:
>
> i guess that fools apply the SPF test to the From-Header instead to the
> envelope, frankly Barracuda Networks does the same for Spoofing-Protection
> because "customers complained"
>
> without knowing details i would suggest the problem i
> Am 14.12.2014 um 23:53 schrieb Wietse Venema :
>
> Christian R??ner:
>> sorry, if this question might be a little off-topic, but I really
>> do not understand some DMARC reports that I receive in conjunction
>> to this mailing list and maybe someone can help me in digging down
>> the problem:
>
Hi,
sorry, if this question might be a little off-topic, but I really do not
understand some DMARC reports that I receive in conjunction to this mailing
list and maybe someone can help me in digging down the problem:
*.com
noreply-dmarc@*.com
roessner-network-solutions.com:141
Hi,
> I have a trivial question, which could become a wish list feature.
>
> There are three MTAs. First is a web server postfix instance that relates all
> mail to the second MTAS, a relay server, which can send mail directly to the
> world. This relay server and a third MTA are two postfix mu
> Am 10.12.2014 um 20:17 schrieb Peter Volkov :
>
> We use smtplib in python to send mail through postfix.
I attach a very simple example which I use in Zabbix, writtien in Python.
Best wishes
Christian
#!/usr/bin/env python2.7
import os
import sys
import smtplib
import time
import hashlib
> Am 02.12.2014 um 11:58 schrieb Christian Rößner
> :
>
>
>> Am 02.12.2014 um 11:48 schrieb li...@rhsoft.net:
>>
>>
>>
>> Am 02.12.2014 um 11:39 schrieb Christian Rößner:
>>> what for mails from ourself to the world?
>>> Maybe rej
> Am 02.12.2014 um 11:48 schrieb li...@rhsoft.net:
>
>
>
> Am 02.12.2014 um 11:39 schrieb Christian Rößner:
>> what for mails from ourself to the world?
>> Maybe reject_sender_login_mismatch
>
> that should be mandatory as well as the general rule "do
Hi Robert :-)
> Am 02.12.2014 um 11:28 schrieb Robert Schetterer :
>
> Am 02.12.2014 um 10:41 schrieb Christian Rößner:
>> Hi,
>>
>> simple question:
>>
>> at which point adds Postfix the Return-Path header? Which component is doing
>> that?
>&
Hi,
simple question:
at which point adds Postfix the Return-Path header? Which component is doing
that?
Is it also possible to see this header in a milter? In my tests on a submission
connector, I do not get this header.
Background to my question: If I really want to do SPF/DKIM/DMARC checks
>> This server already has two ip addresses and routing can not be done on
>> answer decisions. That exactly is the problem here.
>>
>> And the main MTA on port 25 enforces a policy.
>
> As you told in a previus message you run multiple instances on one host.
> I assume you have a clean setup ab
> Am 28.11.2014 um 20:50 schrieb "li...@rhsoft.net" :
>
>
>
> Am 28.11.2014 um 20:45 schrieb Christian Rößner:
>>> Am 28.11.2014 um 20:26 schrieb Wietse Venema :
>>>
>>> Christen R??ner:
>>>> I look for:
>>>>
> Am 28.11.2014 um 20:26 schrieb Wietse Venema :
>
> Christen R??ner:
>> I look for:
>>
>> Table:
>> LhsRhs
>> mx.some.mtasmtp:[mx.whatever.tld]:1234
>
> I have implemented smtp_dns_reply_filter (currently, testing), which
> matches a resource record against a
> Am 22.11.2014 um 11:38 schrieb li...@rhsoft.net:
>
> surely - a footer is a footer and because it comes *everywhere* at the end it
> contains the neutral part of the message like contact and so on
>
> if you don#t want "smtpd_reject_footer" don't configure it
Yes, you are right. Sorry
posts
> Am 22.11.2014 um 10:11 schrieb Christian Rößner
> :
>
> I’ll give it a try.
…
-> STARTTLS
<- 220 2.0.0 Ready to start TLS
=== TLS started with cipher TLSv1:DHE-RSA-AES256-SHA:256
=== TLS no local certificate set
=== TLS peer DN="/OU=Go to
https://www.thawte.com/r
> Am 21.11.2014 um 23:23 schrieb Wietse Venema :
>
> Wietse Venema:
>> A. Schulze:
>>>
>>> smtpd_recipient_restrictions =
>>>check_foo_to_allow_something,
>>>reject "you did this or that wrong, call +49 ... for assistance"
>>>
>>>
>>> Is that possible?
>>
>> smtpd_recipient_restricti
> Am 21.11.2014 um 22:06 schrieb Wietse Venema :
>
> check_recipient_access static:{reject you did this or that ...}
>
> I'll post a patch in a little while. This takes four lines of code.
I would love to see this. I use current snapshots here, so I can use it, if it
has been implemented.
Tha
> Am 23.09.2014 um 21:27 schrieb Wietse Venema :
>
> Christian R??ner:
>> In the RELEASE_NOTES:
>>
>> - Milter clients and policy clients with non-default settings:
>> smtpd_milters = {inet:host:port, timeout=xxx, default_action=yyy}, ?
>>
>> How is that meant?
>
> It is meant as follows:
>
Hi,
I read the RELEASE_NOTES and tried to modiy one milter. But I get warnings in
the logs:
Sep 23 21:08:46 mx postfix/smtpd[31857]: warning: invalid transport name: {inet
in Milter service: {inet:[::1]:30071
Sep 23 21:08:46 mx postfix/smtpd[31857]: warning: Milter service needs
transport:endp
Am 23.09.2014 um 01:33 schrieb Wietse Venema :
> Viktor Dukhovni:
>> On Mon, Sep 22, 2014 at 11:41:00AM -0400, Wietse Venema wrote:
>>
>>> This time PLEASE refrain from sidetracking the discussion. I want
>>> to know what will break when the default changes, if that is not
>>> too much to ask fo
Am 22.09.2014 um 22:11 schrieb Wietse Venema :
> Subin K S:
>> hi,
>>
>> I've compiled and installed postfix 2.11 on Debian7, from source. Now when
>> I try to send an email using to an extrernal address from teh command line
>> it errs out as follows:
>>
>> Sep 22 15:44:57 server1 postfix/qmgr
Am 17.09.2014 um 10:02 schrieb Christian Rößner
:
> /xREJECT blocked filename ${1}
Missing indention here. Got it. Thanks
Christian
--
Bachelor of Science Informatik
Erlenwiese 14, 36304 Alsfeld
T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345
USt-I
Am 16.09.2014 um 21:42 schrieb Viktor Dukhovni :
> On Tue, Sep 16, 2014 at 09:28:11PM +0200, li...@rhsoft.net wrote:
>
>>># block windows executables PCRE
>>>/^\s*Content-(?:Disposition|Type): # Header label
>>> (?:.*?;)? \s* # Any prior attributes
>>> (?
Am 23.08.2014 um 00:28 schrieb Bill Cole
:
> On 22 Aug 2014, at 14:16, Christian Rößner wrote:
>
>>>> Aug 22 19:14:10 mx0 postfix-submission/smtpd[29528]: Anonymous TLS
>>>> connection established from
>>>> static-201-106.deltasurf.de[193.239.106.201
es, I agree. I have done several certificates now and none work. And as I have
no idea where to find further information, how the certificate must have been
created to work with Apple Mail, I give up right now.
Thanks anyways for your help.
-Christian Rößner
--
Bachelor of Science Informa
atrick Ben Koetter helped me to split it into multi
instances. And he also did a complete review of all my settings so chances are
high that there might not be too much wrong here ;-)
>> smtpd_tls_ask_ccert = yes
>
> OK, this Postfix instance requests client certs.
>
>> tls_ss
rotocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_session_cache
sogo_roessner_net_de = 193.239.107.43
syslog_name = postfix-submission
tls_preempt_cipherlist = yes
tls_ssl_options = no_ticket, no_compression
Than
es. If a
milter does not show the first header, amavis gets lost… That was the reason I
came here :-)
As a workaround, I have enabled X-Spam-Flag and X-Spam-Score. The first gets
lost again, but I don’t care (at the moment).
PM @Andreas: Feel free to call me. Milter has to do with OpenDKIM ;-)
s today, as I only set the X-Spam-Status header.
It took me around 8 hours of debugging until I asked on the list :-)
This is just a question. If that can not be included, never mind. I ask with
lots of respect.
Kind regards
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 4
on
successful
Jul 7 19:44:34 mx0 opendkim[15848]: 3h6Z0c5VYWzGp10: s=mail201310 d=sys4.de SSL
Jul 7 19:44:34 mx0 mymilter[31942]: id=11 3h6Z0c5VYWzGp10 result=CONTINUE
If you have any idea, what I am doing wrong, I really would be happy :)
Kind regards
-Christian Rößner
--
[*] sys4 AG
htt
.
If I can not get it to work, I contact out customers to stop using forwarding.
They shall use POP3 or IMAP4 accounts.
Thanks
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vo
has passed milters. And that second instance would do canonical. But this
is really complicated just to have postsrsd working. I fear: too much work
Thanks
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München,
ike reject_unauth_destination
inside smtpd_recipient_restrictions, I would guess that Postfix will stop at
the RCPT TO stage. And even if you have smtpd_delay_reject=yes (default), the
error response is not part of the message and the milter won’t see it.
As said: just what I _guess_
-Christ
alias stuff. So
receive_override_options=no_address_mapping does not work.
I am stuck on this :) Maybe you like to help me.
Thanks in advance
-Christian Rößner
Here is the complete config (if I forgot some important detail) postsrsd is
disabled currently, as I need a fix first:
postf
s missing. I always thought it
would inherit from one to another.
Kind regards
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Oh
int_net,
reject_non_fqdn_recipient,
permit_sasl_authenticated,
reject_unauthenticated_sender_login_mismatch,
reject
authenticated_smtpd_recipient_restrictions =
reject_unauth_destination
I would think that a user already got permission in the
smtpd_relay_restrictions.
So for me this is still so
smtpd_recipient_restrictions?
Thanks in advance
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
sterday. Removing relay_reciepient_maps and
virtual_alias_maps completely. It works, but I have the feeling it takes a
little bit longer than asking LDAP over proxymap. Furthermore I want the
possibility of email forwarding, so I re-added both options. But in general
that works.
-Christian Rößn
Am 06.11.2012 um 08:31 schrieb Christian Rößner :
> I also will test, if "sieve reject" is working the same way. If so, I can
> enable this flag and give users a chance to reject unwanted mails in session.
"reject" creates a new mail and sends it out.
-Christian Rö
a
>> recipients, the probe will only confirm recipient existence. Of
>> course an LMTP server should ideally detect over-quota before
>> message transfer begins, so perhaps Dovecot and other implementations
>> do that.
I also will test, if "sieve reject" is working t
thinking about
this solution and pointing to policy-services.
Kind regards
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der
someone wants to have a copy of that, please contact me off list.
Thanks
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von d
es. As has been suggested many times over the
> past 13 years, this means using an SMTPD access map or policy daemon
> to block mail for over-quota recipients.
Ok, I can understand that. Thank you very much for this feedback.
Kind regards
-Christian Rößner
--
[*] sys4 AG
http://sys4.de
i did as example a major-upgrade on dbmail
> i stopped imap/pop3 and closed submission port
> but we received new messages due the whole migration
> after that "postqueue -f" delivered all of them to the inboxes
See above.
Kind regards
-Christian Rößner
--
[*] sys4 AG
http://s
eing an postfix expert, so this is just trivial thinking
about something that might be extremely complex to accomplish. And I am always
willing to learn and to understand :)
Thanks for reading. And thanks in advance for an answer.
Kind regards
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (
in something like a
template system, where "make" builds the final master.cf.
Thanks
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
sm? I hope that question is
not too silly.
Thanks in advance
Kind regards
-Christian Rößner
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der
gt; specifies header_checks for the re-entry instance.
I found an old mail from Ralf, where he gave this tip:
/./ WARN Test
and see, if this one does anything (not 100% sure about the test pattern).
-Christian Rößner
---
Roessner-Network-Solutions
Bachelor of Science Informatik
Nahrungsberg 81,
then header_checks are not done on port 25 before the filter, because cleanup
is not called there. Is that right? So you would do it in the re-entry block. I
do not really know, if that makes sense what I say, because I do not use these
kind of ilters and smtpd_proxy_filter. So my answer is jus
Hi,
I have a problem that the smtpd_proxy_filter option has higher priority than a
FILTER setting in an access table:
Sep 30 12:33:04 mx0 postfix/smtpd[5250]: warning: access table
cidr:/etc/postfix/maps/client_access.cidr: with smtpd_proxy_filter specified,
action FILTER is unavailable
What
>> simply question: I have configured my postfix that it keeps mails on
>> HOLD, if they come from the webserver and are not addressed to me (i.e.
>> if the webserver tries do relay mail over my MTA).
>>
>> This works pretty well, but how could the postmaster (me) get notified, if
>> new mail is
Hi,
simply question: I have configured my postfix that it keeps mails on HOLD, if
they come from the webserver and are not addressed to me (i.e. if the webserver
tries do relay mail over my MTA).
This works pretty well, but how could the postmaster (me) get notified, if new
mail is on hold?
D
> Authenticate what? Postfix cannot forge the connecting SMTP client's
> private key to convince the LDAP server that it is the client via
> "EXTERNAL" auth.
>
> If you are talking about authenticating the Postfix LDAP client, so that
> one does not to specify a "bind_pw", then I'll try to get thi
> Two questions:
>
> 1) I assume it would not be a good thing just to copy main.cf & master.cf
> along with the associated .db files to the new server as I can see lots has
> changed. I'm assuming that a line-by-line walk-through and comparison of the
> old & new files is prudent copying over o
> I have to check, if I did a mistake with the patch itself, causing the man
> page errors, or if the patch needs little tweaks :) But at least the
> functionality is working. I am so happy! :)
The patch has very little bugs. The following snippet from the patch _could_
look like this:
--- pro
It works!
The ldap_table SASL patch works for me on postfix-2.8-20100913
Sep 15 18:57:58 db slapd[1355]: do_bind: dn () SASL mech EXTERNAL
Sep 15 18:57:58 db slapd[1355]: ==>slap_sasl2dn: converting SASL name
cn=mx0.roessner-net.de to a DN
Sep 15 18:57:58 db slapd[1355]: slap_parseURI: parsing
> I have the patch, it has not yet been fully reviewed/integrated. If
> anyone wants to test it "as is", it is attached.
Thanks. I took the patch and applied it. Is compiled without warnings. Just
little bugs in the man page, which I am going to fix tomorrow.
server_host = ldap://db.roessner-net
>> What about SASL-AUTH (i.e. EXTERNAL) and or Kerberos support in
>> ldap_table? I was looking for not binding with binddn/bindpw to my
>> LDAP-server and using something like authz-regexp to map the user. But
>> could not find the support in postfix :)
>
> You may use the sasl auxprop ldapdb and
> Postfix uses Dovecot or Cyrus libraries for SASL implementations.
>
> It does not care how they are configured to look on their backend for
> requests.
But the backend is a part of the setup. Shouldn't it cover it?
My wishlist features for example would be:
/etc/postfix/some_ldap.cf:
...
lda
1 - 100 of 105 matches
Mail list logo
