In message
"michae...@rocketmail.com" writes:
> THANKS to a all who answered!!!
>
> A lot of shared experience, learned a lot, cool. It's always very
> interesting how threads are meandering, somehow, adding new aspects to
> unasked but also relevant questions. Crowd as it's best :-) Summarize
In message <2eb09baa-5327-b615-47a9-0c1402385...@rocketmail.com>
"michae...@rocketmail.com" writes:
>
> Hi all,
>
> I've a generic question to all more experienced than me postfix users
> here: Is it nowadays (reasonable) possible to run postfix with IPv6
> only? E.g "mail.example.com" and "smtp
Charles,
At one point I used homegrown shell and perl for my CA maintenance,
DNS zone files, and server configs were all in a set of files with
substitutions list ${{HOST}}, ${{DOMAIN}}, ${{FQDN}}, ${{IPv4::fqdn}},
${{IPv6::fqdn}}, and ${{CNAME::fqdn}} used so that a generic config
can cover multi
In message <20160716192156.09767350@kendramatic>
jdebert writes:
>
> On Sat, 16 Jul 2016 11:42:44 -0400
> Yuval Levy wrote:
>
> > It is indeed a matter of interpretation, and I would like to see the
> > FCC rules text. Questions:
> > (1) how do they define "encrypted"?
>
> The rules and regu
FYI-
connect to sc1.scconsult.com[67.149.19.4]:25: Connection refused
Its been two days.
Maybe Bill has me blacklisted? Is it something I said? :-(
On the off chance that this is an error, I'm sending a heads up.
btw-
#host -t mx billmail.scconsult.com
billmail.scconsult.com mail is h
On 04/12/16 14:26, Noel Jones wrote:
On 4/12/2016 11:38 AM, Curtis Villamizar wrote:
On 04/12/16 06:25, Wietse Venema wrote:
Curtis Villamizar:
I recently had a problem with mail where an ESP was in three
blacklists
plus SPF failed and spamassassin tossed some mail. That ESP is
down to
one
Not an expert on DMARC, but ...
On 04/12/16 01:56, li...@lazygranch.com wrote:
Just a quickie here on DMARC. I set one domain to "quarantine" and set up the
rua to email me a report. Thus far, only MS Hotmail sends me anything, even though I have
emailed yahoo accounts.
The MS Hotmail report
On 04/12/16 06:25, Wietse Venema wrote:
Curtis Villamizar:
I recently had a problem with mail where an ESP was in three blacklists
plus SPF failed and spamassassin tossed some mail. That ESP is down to
one blacklist now. A sender got to me out-of-band and I dug up the
maillog from a few days
On 04/12/16 12:06, Robert Schetterer wrote:
Am 12.04.2016 um 07:56 schrieb li...@lazygranch.com:
Just a quickie here on DMARC. I set one domain to "quarantine" and set up the
rua to email me a report. Thus far, only MS Hotmail sends me anything, even though I have
emailed yahoo accounts.
Th
On 04/11/16 04:09, lst_ho...@kwsoft.de wrote:
Zitat von jaso...@mail-central.com:
On Sun, Apr 10, 2016, at 07:46 PM, Bill Cole wrote:
On a system where you know enough about all your users to know that
they
don't want to get critical email from clueless sources, you can make
restrictive ch
In message <500a9284-b549-460d-8207-f52534e09...@billmail.scconsult.com>
"Bill Cole" writes:
>
> On 9 Apr 2016, at 12:45, jaso...@mail-central.com wrote:
>
> > I block on strict FAILs of any if SPF, DKIM or DMARC. *missing*
> > support for those is logged, but not - yet - acted on.
>
> This
In message
"@lbutlr" writes:
>
> On Apr 10, 2016, at 10:24 AM, Curtis Villamizar =
> wrote:
> > postscreen_dnsbl_sites =3D
> > list.dnswl.org*-5
> > # followed by some blacklist sites
>
> It was my understanding that eh the order of te
In message <3qjzc32dcxzj...@spike.porcupine.org>
Wietse Venema writes:
>
> > > No-one can connect to this from outside.
> >
> > That's correct. Not currently, to this current machine/port, in
> > this configuration.
>
> If someone can connect from outside to your 127.0.0.1 port, then
> you hav
In message <570a341b.9000...@pajamian.dhs.org>
Peter writes:
>
> On 10/04/16 15:00, Curtis Villamizar wrote:
> > This is a workaround that shouldn't be needed.
> >
> > Any idea what the cause of this is? So far no legit mail except gmail
> > gets c
In message <3qjz5d5s15zj...@spike.porcupine.org>
Wietse Venema writes:
>
> Curtis Villamizar:
> > Since I enabled postscreen (with soft_bounce=yes in master.cf) I was
> > getting logs of this form:
> >
> > Apr 9 01:08:12 mta1 postfix/postscreen[18326]:
&g
In message <5709c8c8.1050...@megan.vbhcs.org>
Noel Jones writes:
> On 4/9/2016 10:00 PM, Curtis Villamizar wrote:
> > Since I enabled postscreen (with soft_bounce=yes in master.cf) I was
> > getting logs of this form:
> >
> > Apr 9 01:08:12 mta1 postfix/postscr
In message <20160410024851.gu26...@mournblade.imrryr.org>
Viktor Dukhovni writes:
> On Sat, Apr 09, 2016 at 09:31:48PM -0400, Curtis Villamizar wrote:
>
> > > 1) It looks to me that starttls really only protects the path to the
> > >first server. Classic cas
Since I enabled postscreen (with soft_bounce=yes in master.cf) I was
getting logs of this form:
Apr 9 01:08:12 mta1 postfix/postscreen[18326]:
NOQUEUE: reject: RCPT from [2607:f8b0:4002:c05::22d]:32999:
450 4.3.2 Service currently unavailable;
from=, to=,
proto=ESMTP, helo=
linefeeds add
In message <5707263d.7000...@caseyconnor.org>
Casey Connor writes:
>
> Thank you -- will it accept decimal seconds?
>
> We are sending on the order of 50-200+ messages per second in this
> stress test, so the delay between messages could be smaller than .005
> seconds.
If you are trying to si
In message <1460213048.1937714.573722321.23756...@webmail.messagingengine.com>
jaso...@mail-central.com writes:
> With postscreen in place, bad bots arr getting fended off.
>
> Many give up and go away after a couple of tries.
>
> Some, these days mostly 'ymlf-pc' bots, are more persistent.
>
In message <20160409210245.gs26...@mournblade.imrryr.org>
Viktor Dukhovni writes:
>
> On Sat, Apr 09, 2016 at 08:46:54AM -0700, jaso...@mail-central.com wrote:
>
> > I'm setting up mandatory TLS policy for a couple of private client
> > servers, using
> >
> > - smtpd_tls_security_level = may
In message <20160409230701.5468245.39956@lazygranch.com>
li...@lazygranch.com writes:
>
> Would a guru comment on my "interpretation" of these documents?
Not a guru but ...
> 1) It looks to me that starttls really only protects the path to the
>first server. Classic case being sending em
Since pcre evaluates in order you could add
/^Content-(Disposition|Type).*;??x-apple-part-url="[^"]+"$/x DUNNO
before the pcre that does the rejection.
Since "." is commonly "%2E" you could also change the "\." in the RE to
"(\.|%2E)".
That doesn't solve base64 encoding.
Disclaimer: I have
In message <5700f376.7050...@lfweb.dk>
Lars Nielsen writes:
>
> Hi,
> This Thursday i had problems sending mails to outlook.com addresses. I
> found out that MS thought my mail-server was suspicious and had blocked
> me as sender. I could however mail to them and gotten my server allowed
> agai
In message
John Baker writes:
> We've gone a long time without specifically needing this but suddenly
> we are getting bombarded with spam pretending to be from one of our
> addresses but originating from outside. So I need to block mail with a
> @marlboro.edu sender unless it helos from local s
In message <56f6c728.2090...@megan.vbhcs.org>
Noel Jones writes:
>
> On 3/26/2016 7:18 AM, Nicols wrote:
> > Thanks Wietse and Rob,
> >
> > The client indeed uses SASL, but it gets rejected at HELO/EHLO time.
> > I will observe these days if I can fence in a reduced CIDR range and
> > use Wietse'
In message <0f3f9e7a-f0da-400a-b331-514a471b4...@valo.at>
Christian Kivalo writes:
>
> >> One minor comment: I would not even offer AUTH on port 25.
> >
> >I don't. I offer opportunistic TLS on port 25 for SMTPd. All mail
> >submission have to be on port 587.
>
> You do.
>
> valo@uschi:~ $ tel
In message <76865be6-8041-498d-91ae-36ef80c91...@kreme.com>
"@lbutlr" writes:
>
> On Mar 13, 2016, at 9:06 AM, Robert Chalmers wrote:
> > Nice hardware, but the software is really recycled FreeBSD. say what?
>
> This should not be news. One of the reasons I chose FreeBSD for my
> servers was b
In message <612d47d4-9465-4031-9d48-e6a0c3a8a...@dukhovni.org>
Viktor Dukhovni writes:
>
> > On Mar 13, 2016, at 5:42 PM, Curtis Villamizar
> > wrote:
> >
> > The NS RR are typically delivered in a fixed order, the order in the
> > zone file, and wh
In message <3qnxhn426dzj...@spike.porcupine.org>
Wietse Venema writes:
>
> Curtis Villamizar:
> > Are you saying they only looked at the primary NS record? Maybe I
> > misread a prior post but I thought you meant primary MX record. The
> > former, if true, would be
OT - therefore my first and only post on this.
In message
Jim Reid writes:
>
> > On 13 Mar 2016, at 15:06, Robert Chalmers wrote:
> >
> > Nice hardware, but the software is really recycled FreeBSD. say what?
>
> The MacOSX kernel is based on Mach, not BSD, though that Mach kernel
> presents
In message
"@lbutlr" writes:
> On Fri Mar 11 2016 12:21:07 Noel Jones said:
> >=20
> > This problem (postscreen delays legit mail server) is nicely solved
> > by using a dns whitelist such as dnswl.org to bypass postscreen
> > tests for known mail servers... not necessarily "known good"
In message <56e0ccb4.6010...@spectralmud.org>
Richard James Salts writes:
>
> On 10/03/16 09:32, Curtis Villamizar wrote:
> > In message <56dfcd11.5010...@spectralmud.org>
> > Richard James Salts writes:
> >
> >> On 09/03/16 06:44, Viktor Dukhovni wro
In message <56dfcd11.5010...@spectralmud.org>
Richard James Salts writes:
> On 09/03/16 06:44, Viktor Dukhovni wrote:
> >> On Mar 8, 2016, at 2:31 PM, Curtis Villamizar
> >> wrote:
> >>
> >> With HTTP the server cert is provided after HTTP ide
In message
Tom Browder writes:
> On Tuesday, March 8, 2016, Curtis Villamizar wrote:
> > Tom,
> >
> > I've been following this thread and also not clear on your
> > objectives. See inline.
> > As Viktor pointed out, look at the examples. Your home machin
Tom,
I've been following this thread and also not clear on your
objectives. See inline.
In message
Tom Browder writes:
>
> On Mon, Mar 7, 2016 at 10:57 PM, Viktor Dukhovni
> wrote:
> > On Mon, Mar 07, 2016 at 08:30:54PM -0600, Tom Browder wrote:
> >> On Mon, Mar 7, 2016 at 5:13 PM, Viktor Duk
In message <20160229171935.gh12...@mournblade.imrryr.org>
Viktor Dukhovni writes:
> On Mon, Feb 29, 2016 at 11:38:26AM -0500, Ruben Safir wrote:
>
> > > To have mailman reinject on an extra port on localhost is how it
> > > should be done.
> >
> > Thanks!
>
> Note that much of the delay was
In message <5a7fbd95-2256-4177-a30d-32e36ea73...@dukhovni.org>
Viktor Dukhovni writes:
> > On Feb 1, 2016, at 3:54 AM, Curtis Villamizar
> > wrote:
> >
> > As I said to Viktor, I mistakenly thought, based on reading (maybe
> > misreading) numerous web pages
In message <20160201080958.9bede332...@english-breakfast.cloud9.net>
Curtis Villamizar writes:
> > Aliasing root on null-clients is explained in:
> >
> >http://www.postfix.org/MULTI_INSTANCE_README.html#split
>
> OK. This
Oops.
Was going to write "This
In message <211281bd-f686-4a8a-9e37-7d4368568...@kreme.com>
LuKreme writes:
> On Jan 30, 2016, at 22:42, Curtis Villamizar wrote:
> > It would be:
> >
> > cd /usr/local/etc
> > mv postfix postfix.old
> > ln -s ../../../etc/postfix postfix
>
In message <2a0d3251-10a1-4903-8689-2d190e144...@dukhovni.org>
Viktor Dukhovni writes:
> > On Jan 30, 2016, at 8:03 PM, Curtis Villamizar
> > wrote:
> >
> > I'm asking a little advice.
> >
> > On most of my hosts mail is generated for root and t
In message <49c94ad9-3c94-4c48-9726-0e81e1109...@dukhovni.org>
Viktor Dukhovni writes:
> > On Jan 31, 2016, at 1:01 AM, Curtis Villamizar
> > wrote:
> >
> > I use tcsh so:
> >
> > # sh -c 'postconf -c $(postconf -dh config_directory ) \
>
In message
Viktor Dukhovni writes:
> > On Jan 31, 2016, at 12:24 AM, Curtis Villamizar
> > wrote:
> >
> >>> /usr/local/sbin/postconf: warning: inet_protocols: disabling IPv4
> >>> name/address support: Protocol not supported
> >>>
>
In message
"@lbutlr" writes:
>
> On 30 Jan 2016, at 20:27, Curtis Villamizar wrote:
> > Though postfix is compiled with /usr/local prefix (and I prefer the
> > executables in /usr/local) I have configs in /etc/postfix so I start
> > postfix with "-c /e
In message <16f8c2b2-59cd-41b2-a452-5ec4b4442...@dukhovni.org>
Viktor Dukhovni writes:
> > On Jan 30, 2016, at 10:27 PM, Curtis Villamizar
> > wrote:
> >
> > This is more of an annoyance than a serious bug since there is a
> > simple workaround.
This is more of an annoyance than a serious bug since there is a
simple workaround. But it seems to me that it is a bug.
Though postfix is compiled with /usr/local prefix (and I prefer the
executables in /usr/local) I have configs in /etc/postfix so I start
postfix with "-c /etc/postfix". I get:
BTW- my mta2 now has RSA and ECDSA keys. mta2 and mta3 have the CA
cert concatonated with the server cert since I use 2 0 1 TLSA records.
There is no intermediate (I'd just replace the CA and change all of
the TLSA records if the CA key was compromised).
Currently MX are mta3 and mta1 for most do
I'm asking a little advice.
On most of my hosts mail is generated for root and then canonicaled to
root@fqdn and is relayed to the MSA on another host. This is by
design.
relayhost = msa-fqdn
There is an alias on the originating host for root but it doesn't seem
to expand there. If that coul
In message <47e15980-159e-4f15-8256-c868632b2...@kreme.com>
"@lbutlr" writes:
>
> I've mostly always compiled postfix myself, but managing postfix and
> the mail server is something I have less and less time for, so I took
> the opportunity of moving to 3.x to switch to using ports in freeBSD
> fo
In message <20160122213312.gk25...@mournblade.imrryr.org>
Viktor Dukhovni writes:
> On Fri, Jan 22, 2016 at 03:14:22PM -0500, Curtis Villamizar wrote:
>
> > You might
> > also want to report that the keys they use are less than LOW security
> > but that mi
In message <20160122041647.gh25...@mournblade.imrryr.org>
Viktor Dukhovni writes:
> On Thu, Jan 21, 2016 at 10:55:19PM -0500, Curtis Villamizar wrote:
>
> > It took a while to get a dumpfile. My tcpdump command only covered a
> > subset of comcast.net mailhosts.
> &
In message <20160115235712.gn...@mournblade.imrryr.org>
Viktor Dukhovni writes:
>
> On Fri, Jan 15, 2016 at 06:47:38PM -0500, Curtis Villamizar wrote:
>
> > Viktor,
> >
> > If you are still interested below is a tcpdump.
> >
> > If not interested,
In message
Paul Goyette writes:
> While researching to see if I could find a way to fix my other issue
> (how my primary-MX server can differentiate between messages originating
> on my backup-MX server and those that are simply relayed from elsewhere)
> I thought maybe I could configure the bac
In message <20160115235712.gn...@mournblade.imrryr.org>
Viktor Dukhovni writes:
>
> On Fri, Jan 15, 2016 at 06:47:38PM -0500, Curtis Villamizar wrote:
>
> > Viktor,
> >
> > If you are still interested below is a tcpdump.
> >
> > If not interested,
In message <88031027-d5b8-4f48-947d-294302fac...@dukhovni.org>
Viktor Dukhovni writes:
> Post a PCAP file of a single failed TLS handshake. I know the person
> at comcast in charge of their email transport security. I can probably
> get them to fix it once we nail down the problem, assuming it
In message
Paul Goyette writes:
>
>
> I'm having a little bit of a problem with my configuration... :)
>
> I have followed all of the how-to docs on getting things set up, and
> everything works fine when an Email client connects to my primary mail
> server. The postfix rules get triggered
In message <20160115051749.gl...@mournblade.imrryr.org>
Viktor Dukhovni writes:
> On Thu, Jan 14, 2016 at 11:54:13PM -0500, Curtis Villamizar wrote:
>
> > > > > > smtp_tls_ciphers = high
> > > > >
> > > > > Usually best to leav
> On Thu, Jan 14, 2016 at 03:53:23PM -0500, Curtis Villamizar wrote:
>
> > > > smtp_tls_ciphers = high
> > >
> > > Usually best to leave this at "medium". This is opportunistic
> > > TLS, and if high fails, you'll send cl
In message <20160114200215.gj...@mournblade.imrryr.org>
Viktor Dukhovni writes:
> On Thu, Jan 14, 2016 at 02:07:07PM -0500, Curtis Villamizar wrote:
>
> > In message
> > Curtis Villamizar writes:
> >
> > > btw - I just added "!TLSv1.0"
In message <20160114175729.gg...@mournblade.imrryr.org>
Viktor Dukhovni writes:
> On Thu, Jan 14, 2016 at 12:06:43PM -0500, Curtis Villamizar wrote:
>
> > /usr/local/sbin/postconf -c /etc/postfix -n | grep tls
> >
> > smtp_tls_cert_file = /etc/postfix/cert.pe
In message
Curtis Villamizar writes:
> btw - I just added "!TLSv1.0" to get only TLSv1.2. I wasn't sure I
> could specify !TLSv1.0 so I just tried it.
>
> Curtis
oops that didn't work.
Curtis
In message <88031027-d5b8-4f48-947d-294302fac...@dukhovni.org>
Viktor Dukhovni writes:
>
> > On Jan 13, 2016, at 8:52 PM, Curtis Villamizar
> > wrote:
> >
> > The logs revealed something about the nature of the problem. A few of
> > these sort of messag
In message <3pgpvv0nvczj...@spike.porcupine.org>
Wietse Venema writes:
> Curtis Villamizar:
> > What I'd like to do is set smtpd_tls_security_level back to "may" and
> > then somehow set it to "none" if the EHLO domain is comcast.net (oops
I turned on opportunistic TLS last summer I think. All was fine for a
long time. btw - I'm currently running the FreeBSD
postfix-current-3.0.20151003,4 port but previously used 2.8.
Somewhat recently someone with a residential cable provider account
complained that he got mail from me but mail f
In message <003c01d14e5e$053d4990$0fb7dcb0$@consortiex.com>
"Jeff Karrels" writes:
>
> Summary:
>
> I have installed postfix on a linux machine. Our current mail host is
> GoDaddy and we are trying to setup postfix to do mailing to our GoDaddy
> accounts. I have the software installed and config
65 matches
Mail list logo
