[pfx] Re: Problems with mail from fortimailcloud servers

>> Yes, but what you really need is working TCP fallback, when the DNS >> response is truncated due to exceeding the UDP packet size limit (even >> happens with EDNS0, the default UDP buffer size could still be too small >> for some queries). Just EDNS0 is not the whole story, it just pushes >> ou

[pfx] Re: Searching for old Postfix 2.0.6 RPM-packaged for Red Hat 6.2 (classic)

> RHEL 6.2 came with Postfix 2.6.6, not 2.0.6 and you can get a copy from > CentOS vault: No, the question was about "Red Hat Linux", not "Red Hat Enterprise Linux". "Red Hat 6.2" was released long ago in the year 2000. When dealing with such old systems a copy of the cdrom images is helpful in

[pfx] Re: Searching for old Postfix 2.0.6 RPM-packaged for Red Hat 6.2 (classic)

> So I am posting here, to ask whether someone has in his archives an RPM > package of Postfix targeted to Red Hat 6.2 (classic edition)? Try to download and mount the ISO(s). Those included RPM packages back then. https://archive.org/details/disc1_202002 The source seems legit, but use at you

[pfx] Re: [mailop] FYI: nixspam RBL has shutdown

>> [ Repost from "mailop" list ] >> >> Just FYI for those with the nixspam RBL configured in their systems (For >> example it's enabled in rspamd by default) > > Is it safe to assume that it will go away by itself during a future upgrade > of rspamd? > Or should we/I manually remove it from the

[pfx] Re: logging, postlogd

>> With systemd logging, logs are by default lossy (rate-limits too tight >> and many users don't notice until it is too late). Also logging is > > System-wide "defaults to 1 messages in 30s" and "is applied per- > service", so this can be easily resolved by providing postfix.service > with

[pfx] Re: Opening up port 465

> 2024-11-08T16:14:09.034570+01:00 mail postfix/submissions/smtpd[107564]: > connect from unknown[192.168.1.1] > 2024-11-08T16:14:09.040936+01:00 mail postfix/submissions/smtpd[107564]: > SSL_accept error from unknown[192.168.1.1]: -1 > 2024-11-08T16:14:09.042051+01:00 mail postfix/submissions/sm

[pfx] Re: DMARC reports

> I'm sorry that I may have been a bit unclear of my issue. > I'm not confused about receiving the report, but the content of it. > And what to change in my config so that I do not see fail records regarding > mail coming from my own server. > I think I have got what I need from Wietse and are tes

[pfx] Re: DMARC reports

> My server is still rather new, so I have a not so tight policy set up. > And I ask for reports at the dmarc record. You have set the following dmarc record: $ host -t txt _dmarc.jungersen.dk _dmarc.jungersen.dk descriptive text "v=DMARC1; p=none; pct=100; rua=mailto:postmas...@jungersen.dk";

[pfx] Re: Process and deliver email but return error to the client?

>> That is probably because your mailserver's ip reputation >> has not been reset by t-online. Have you ever contacted > > What do you mean with reset? T-Online refused to accept mails from servers > using our own IP ranges with completely new IPs. > There would be nothing to reset. Not having s

[pfx] Re: Process and deliver email but return error to the client?

> we are struggling with t-online.de: Why don't you post the corresponding maillog entry? T-online's smtp error messages are quite elaborate and usually contain an email address that you can contact in case of problems. > As you may know as SMTP client you have to fulfill a bunch of requirements

[pfx] Re: Mails sent to rspamd twice

> Now I have had several suggestions that using amavis is not the preferred way > to go. > > Therefore I started all over. > > Back to where I just had a clean install of clamav and clamav-daemon. > > And of course my working postfix > > I then added: > *** > > clamav { > attachments_onl

[pfx] Re: Mails sent to rspamd twice

> On 2024-09-10 19:10 Danjel Jungersen via Postfix-users: > Den 09.09.2024 kl. 15.14 skrev Wietse Venema via Postfix-users: >> Danjel Jungersen via Postfix-users: >>> On 09-09-2024 13:46, chandan via Postfix-users wrote: On 2024-09-09 10:53, Danjel Jungersen via Postfix-users wrote: > Hey

[pfx] Re: Feature Request: Adjustable Header Log Size Limit in INFO/WARN/REJECT Header_Check

> Viktor Dukhovni via Postfix-users : > > On Wed, Jan 24, 2024 at 08:27:53PM +0100, Matthias Schneider via > Postfix-users wrote: > >> Using a Milter is an option, but it often involves correlating >> information from both the milter process and the log for a >> comprehensive view. > > Everyt

[pfx] Re: IPv6 and Cloud server CPU

> Q2: > given the minuscule work-load, is there any preference/preclusion between > employing the 'usual' x86 processor or 2 Arm Ampere processors? Both offer > Linux. Cost is effectively same. You should check if the software you want to use is available for the desired platform. Distributions

[pfx] Re: postfix does not use the MX of the parent domain

> When sending a mail to some @helpdesk.inria.fr address, postfix tries > to connect to helpdesk.inria.fr (which does not have a MX): > > Nov 21 15:43:26 joooj postfix/smtp[748304]: D1A104A9: > to=<[...]@helpdesk.inria.fr>, relay=none, delay=76462, delays=76431/0.1/30/0, > dsn=4.4.1, status=de

[pfx] Re: Redirecting mail with an mx record containing *.protection.outlook.com or *.prod.outlook.com to a different transport

>> Another option would be to use the DNS resolver (Bind, unbound, etc) >> support to manipulate zone lookups. > > But the OP wants a dedicated transport (for concurrency control and > scheduling), not a change of destination IP, though in a multi-stage MTA > setup that IP could point at a dedic

[pfx] Re: Domain scoring

> Do you know any plugins for scoring a domain? > For example, new registered domain, free domain get the low scores. Postfix is not an antispam solution. Its job is to reliably deliver emails. Therefore it has some functions to avoid overload like query blocklists but to analyze emails use con

[pfx] Re: Deny any sender address with subdomain

> question 1st : is it a good idea to reject any email which is not sent from a > domain (means sen...@domain.tld) any other like sen...@sub.domain.tld or > sub.sub.domain.tld is rejected ? Generally, no, because you will reject legitimate domains that just look like subdomains, e.g. *.co.uk, *

[pfx] Re: forwarding questions

> I have a local real mailbox: u...@foo.com > When I setup this alias map in virtual_alias_maps file: > > u...@foo.com u...@gmail.com > > (then postmap this file). > The message sent to u...@foo.com won't reach into mailbox, but just forwarded > to gmail. > > How can I setup it to both reach lo

[pfx] Re: Sender address rejected, but domain is found?

>> ;; QUESTION SECTION: >> ;eurobank-direktna.rs .IN >> NS >> >> ;; ANSWER SECTION: >> eurobank-direktna.rs . 3600IN NS >> bgdit01edns01.eurobank.rs . >> >> This is

[pfx] Re: Sender address rejected, but domain is found?

>; Delegation NS >eurobank-direktna.rs. IN NS ns1.eurobank.rs. ; AD=0 >eurobank-direktna.rs. IN NS ns2.eurobank.rs. ; AD=0 >eurobank-direktna.rs. IN NS ns3.eurobank.rs. ; AD=0 > >; Authoritative NS >eurobank-direktna.rs. IN NS bgdit01edns01.eurobank.rs. > > The latter host

[pfx] Re: Postfix Amavis (Virus Checker) PHPList workaround

>> content_filter=smtp-amavis:[127.0.0.1]:10024 meta_directory = /etc/postfix >> >> smtp_tls_security_level = may >> smtpd_tls_security_level = may >> [...] > > 127.0.0.1:2510 inet n - n - - smtpd > -o syslog_name=postfix/submission > -o smtpd_sasl_auth_enable=

[pfx] Re: Sender address rejected, but domain is found?

> Hi, I realize this is probably one of the most frequently asked questions, > but I really can't figure out why this was rejected. > > Apr 25 12:06:01 petra postfix-226/smtpd[592344]: NOQUEUE: reject: RCPT from > mail.email.eurobank.rs [195.242.76.237]: 450 > 4.

[pfx] Re: Use of PTR record

> Running mailservice with Postfix > PTR record is set to myserver.mydomain.com (1.2.3.4) Check if your PTR record is traceable: dig +trace -x 1.2.3.4 ptr If that works check your resolver in /etc/resolv.conf, e.g.: nameserver 127.0.0.1 dig @127.0.0.1 -x 1.2.3.4 ptr You have a dns problem, not

[pfx] Re: Postfix Amavis (Virus Checker) PHPList workaround

> Applicable snippets from files are: > > My main.cf > > > content_filter=smtp-amavis:[127.0.0.1]:10024 meta_directory = /etc/postfix > > smtp_tls_security_level = may > smtpd_tls_security_level = may > > > > I did this to master.cf > > 127.0.0.1:2510 inet n - n -

[pfx] Re: Postfix Amavis (Virus Checker) PHPList workaround

> I run a postfix install which requires authentication and pipes all email > through Amavis (spam checking). > > My PHPList (broadcast only) goes through port 587, and since it sits on the > server, it doesn’t need authentication (I’m the only user). > > I just added Amavis Clamscan, which i

[pfx] Re: temporary lookup error with utf8mb4 characters

> Wietse Venema via Postfix-users : > > And here is a more conservative patch for MySQL client retries. > > It closes the server connection after every error, and it delays > making a new server connection only after specific errors. > > Closing the connection eliminates the possibility that t

[pfx] Re: temporary lookup error with utf8mb4 characters

>>> I've patched postfix 3.7.4 on a low volume server. >> >> Thank you! >> >>> "charset" has to be present and defined in all mysql configs, otherwise >>> startup fails: >>> (no backwards compatibility) >>> >>> postfix/proxymap[3996]: fatal: /etc/postfix/test.mysql.cf: bad string >>> length 0

[pfx] Re: temporary lookup error with utf8mb4 characters

> Wietse Venema via Postfix-users : > >>> My conclusion to hard-solve this issue on my system is transform all >>> tables to utf8mb4. >>> >>> But: > >>> - I don't see any option to change default charset on mysql_table >>> connector, maybe should be interesting add this option on configuratio

[pfx] Re: any web.de staff here?

> Wietse Venema via Postfix-users : > > Jaroslaw Rafa via Postfix-users: >> Dnia 16.04.2023 o godz. 16:32:41 Gerald Galster via Postfix-users pisze: >>> >>> Mails classified as spam or external forwards seemingly take another route >>> via mout-xforwa

[pfx] Re: any web.de staff here?

> John Levine via Postfix-users : > [...] > If you are a customer, what happened when you contacted them through > their customer support channels and asekd for the support you are > paying for? Web.de is a german freemail provider like gmail. They might provide support for paid accounts only.

[pfx] Re: any web.de staff here?

> one of web.de's sender IPs is listed into zen.spamhaus.org as the following > info. > > 554 5.7.1 Service unavailable; Client host [82.165.159.35] blocked using z > en.spamhaus.org; https://www.spamhaus.org/sbl/query/SBL175032 Try to send your email via web.de (browser), which might use server

[pfx] Re: MySQL error from not all the receiver

> unfortunately I don't know this topic, but I'm really willing to study. > Please do you have any documentation on this? Sorry, I can't recommend an up to date howto. Perhaps other list members can help. A lot of links at https://www.postfix.org/docs.html are outdated or do not exist anymor

[pfx] Re: MySQL error from not all the receiver

> I have checked the commands you listed in your first email, but I do not find > any errors in the database, table, or MySQL service. Perhaps, as you say, > this is not the correct path for the configuration. Currently you are connecting via unix domain sockets. Mysql usually listens to 127.0

[pfx] Re: use object storage as message store

> Is it possible to use an object storage system (like aws's S3) to store > message files? if this can be implemented we may have a more persistent > storage for email. AFAIK aws's S3 has three replicas for each file in their > system by default. At that scale emails are usually delivered via

[pfx] Re: MySQL error from not all the receiver

> smtp_sasl_password_maps is configured with a connection parameter to db > connection and a simply select query. > [...] > if i use external smarthost, this mail is always sent regularly. I am also not sure what you want to achieve: https://www.postfix.org/postconf.5.html#smtp_sasl_password_map

[pfx] Re: MySQL error from not all the receiver

> ok thanks. > > But what is the correct syntax for connect in db to set in sasl_password ? > how should i write it? > > now i try to follow your suggest of the first mail... Try to solve your problem step by step. Currently you are at "Can't connect to local MySQL server". In case your MySQL

[pfx] Re: MySQL error from not all the receiver

> i think the problem is "sasl-password" authentication file. No, your problem is related to mysql which is a database (daemon), that is accessed via sockets, not a file. > [...] > query = SELECT password FROM mailbox WHERE username = '%s' AND active = '1' > > and then "postmap" command. > >

[pfx] Re: MySQL error from not all the receiver

> - postfix/smtp[313760]: warning: connect to mysql server localhost: Can't > connect to local MySQL server through socket '/run/mysqld/mysqld.sock' (2) Have a look at your mysql logs (/var/log/mysql*, journalctl, /var/lib/mysql/*.err). MySQL may not be running, there may be corrupt tables (My

[pfx] Re: milter-reject: END-OF-MESSAGE

> 2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; proxy; > rspamd_task_write_log: id: , qid: <3129536A7A2>, ip: 165.72.200.209, > from: , (default: F (soft reject): [5.31/15.00] > [BAYES_HAM(-2.99){99.97%;},DCC_BULK(2.00){bulk Body=1 Fuz1=4 > Fuz2=many;},MIME_HEADER_CTYPE_ONLY(2.00){},MISSIN

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

> * Patrick Ben Koetter via Postfix-users : > >> * Gerald Galster via Postfix-users > <mailto:list+post...@gcore.biz>>: >> I just wrote that because p@rick (sys4 AG) asked on the mailop mailinglist >> 2023-02-17 "Should mailing list messages be DKIM

[P-U] Re: New List Host and Reply-to Header

>>> This list uses Mailman configuration settings, not handcrafted code. >>> If people believe that it is worthwhile to change the Mailman >>> implementation or the DMARC spec, then I suggest that they work >>> with the people responsible for that. >> >> There is no need for changing implementatio

[P-U] Re: New List Host and Reply-to Header

> They add their own DKIM on top, aka "put an envelope" around "the > message", therefore the mail can be verified (to be from them). That's my point. I do not see a lot of benefit to verify a sender across a *discussion list*. Broken DKIM mails are usually rejected by mta before reaching mailma

[P-U] Re: New List Host and Reply-to Header

> This list uses Mailman configuration settings, not handcrafted code. > If people believe that it is worthwhile to change the Mailman > implementation or the DMARC spec, then I suggest that they work > with the people responsible for that. There is no need for changing implementations, it's alrea

[P-U] Re: New List Host and Reply-to Header

>> Is it the best idea to add a reply-to header to the author on mailing list >> emails? >> The problem I see is many people will hit reply in their email client which >> will create an email from them to the author, bypassing the mailing list. >> Unless they remember to manually alter the To: fi

[P-U] Re: Postfix lists are migrating to a new list server

Out of sheer curiosity ... Mailman 2 or 3? >>> >>> Mailman 3 with ARC support enabled. Additionally all listmail will be DKIM >>> signed. >> >> Do you plan to enable a public archive at >> https://list.sys4.de/hyperkitty/list/postfix-us...@de.postfix.org/ >> as an alternative to marc.info,

[P-U] Re: Postfix lists are migrating to a new list server

>> Out of sheer curiosity ... Mailman 2 or 3? > > Mailman 3 with ARC support enabled. Additionally all listmail will be DKIM > signed. Do you plan to enable a public archive at https://list.sys4.de/hyperkitty/list/postfix-us...@de.postfix.org/ as an alternative to marc.info, mail-archive.com,

Re: [EXTERNAL] Mail queue took 3 hours to recover from a flood. Suggestions ?

> “replace Amavis with something faster” > > Any suggestions ? Add the following to amavisd.conf and restart: $log_level = 2; $log_templ = $log_verbose_templ; That way amavisd should log info about timing and rules which you can use to calculate how long it takes to process your average email

Re: A little help/clarification on what SPF does please

>> What I'm not clear about is what happens when the mail is sent onwards >> by the 'smarthost' at Gandi. Does it change the envelope sender to > > Send an email to yourself and have a look at the headers. > Some MTAs add received headers like "received by for ". I meant Return-Path or look a

Re: A little help/clarification on what SPF does please

>> Given an email from ch...@isbd.co.uk, originating at zbmc.eu and sent >> via mail.gandi.net (authenticated smtp submission) to b...@server.com: >> >> - server.com sees the ip address of mail.gandi.net (incoming connection) >> - server.com querys DNS for ch...@isbd.co.uk (host -t txt isbd.co.uk)

Re: A little help/clarification on what SPF does please

> However most of the time I use my hosting at gandi.net to send my > E-Mail, so mail from ch...@isbd.co.uk originates on zbmc.eu, is > transferred by authenticated SMTP to mail.gandi.net and is sent on > from there to whatever its destination is. > > As I understand it the SPF records for mail.ga

Re: Replacing initial "Received:" line on submission?

>>> 192.0.2.1:submission inet n - n - - smtpd >>> -o syslog_name=vpnsubmission >>> -o smtpd_sasl_auth_enable=no >>> -o >>> smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination >> -o header_checks=pcre:/etc/postfix/vpn_header_checks > > header_checks

Re: Replacing initial "Received:" line on submission?

> It definetely does not work. It only works for smtp not smtpd. > Also message_drop_headers+=. I now have disabled relay from the > outside completely and spawn a in-VPN-only-submission > > 192.0.2.1:submission inet n - n - - smtpd > -o syslog_name=vpnsubmission >

Re: none SRS issues

> Do you know why many providers even those big ones didn't implement SRS when > forwarding email to other ESP? > > for instance, outlook.com, mail.ru, and even google domains who has > specificed email forwarding feature for their domain users, don't have SRS > enabled in their forwarded messa

Re: letsencrypt and SSL alert number 80

> I'm seeing periodic entries like this in my maillog: > > Dec 12 13:12:47 xavier postfix-116/smtpd[1683671]: warning: TLS library > problem: error:0A000438:SSL routines::tlsv1 alert internal > error:ssl/record/rec_layer_s3.c:1584:SSL alert number 80: [...] > smtp_tls_cert_file=/etc/letsencryp

Re: how to deal with t-online's blocking

> Those are obligations for web sites. But what about a mail sending domain > without web site ? As far as I'm aware there is no obligation (by law) to provide a website with legal info for e-mail only domains. Companies in Germany are required to include that information inside *every* email

Re: how to deal with t-online's blocking

> Dnia 30.11.2022 o godz. 23:41:53 Nikolai Lusan pisze: >> >> My question is: How do they deal with non-european entities who do not >> have such legal impediments in their jurisdiction? > > While it is actually a legal requirement *in Germany* (not in whole Europe!) > and for *German* websites

Re: Outlook TLS errors after Microsoft Windows Update

>>> just wanted to let you know that Outlook users might run into problems >>> submitting mails after Microsoft's latest Windows update. >>> >>> Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: connect from >>> Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: SSL_accept error from >>> :

Re: Outlook TLS errors after Microsoft Windows Update

> just wanted to let you know that Outlook users might run into problems > submitting mails after Microsoft's latest Windows update. > > Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: connect from > Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: SSL_accept error from > : lost connect

Re: Outlook TLS errors after Microsoft Windows Update

>> Can you check the certificates' serial numbers? >> The working one begins with 03 and the problematic one with 04. >> >> There are 37 archived certificates for this hostname, 29 begin >> with "03" and only 8 with "04". >> >> Certificates starting with "04" occur since autumn 2019. >> After tha

Re: Outlook TLS errors after Microsoft Windows Update

>> This is very strange and I can confirm it. > > Can you test the other (working) certificate again? In Outlook set the > hostname as per certificate and in local hosts file in Windows force > IP of the destination server for this hostname. This way Outlook > should not complain about mismatched

Re: Outlook TLS errors after Microsoft Windows Update

>> The two certificate chains are structurally identical, differing only in >> minor details, such as: dates, keys, hostnames and signatures. > > There is another user (hopefully the URL below won't be blocked by the > list) with the same observation - only 1 of his servers affected and > switchin

Re: Outlook TLS errors after Microsoft Windows Update

> We have witnessed the same issue on one of our mailservers. Both > servers are the same (postfix/debian), with the same config, both have > letsencrypt certificates. I'm just curious, which openssl version are you using? > However we got customer complaints only for 1 server. Renewing the > c

Re: Outlook TLS errors after Microsoft Windows Update

>> For the time being I'll disable session tickets (at least) for submission. >> The performance impact is negligible in my case. >> >> Thanks for having a look! > > You're welcome. If you have a Microsoft support contract, you should > ideally file a bug report and refer to: > >https://dat

Re: Outlook TLS errors after Microsoft Windows Update

Any chance you could provide (off-list if you prefer) a PCAP recording of a good and a problem TLS session? >>> >>> I'll send it off-list. >> >> Thanks. I hope that'll shed more light on what's going on. > > The diff between the "good" and "bad" handshakes is below. The main > featur

Re: Outlook TLS errors after Microsoft Windows Update

This server does not support TLS 1.3 yet and TLS 1.2 is the only version currently allowed for submission. > > That sounds like a rather old (EOL) version of OpenSSL. TLS 1.3 > support was added in OpenSSL 1.1.1 [11 Sep 2018]. Are you using > OpenSSL 1.1.0 or the even older 1.0.2? I

Re: Outlook TLS errors after Microsoft Windows Update

>> With session tickets disabled it logs: >> >>Anonymous TLS connection established from : TLSv1.2 with >>cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) >> >> This server does not support TLS 1.3 yet and TLS 1.2 is the only >> version currently allowed for submission. > > Do you have

Re: Outlook TLS errors after Microsoft Windows Update

>> Just wanted to let you know that Outlook users might run into problems >> submitting mails after Microsoft's latest Windows update. >> >> Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: connect from >> Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: SSL_accept error from >> : lost c

Outlook TLS errors after Microsoft Windows Update

Hi, just wanted to let you know that Outlook users might run into problems submitting mails after Microsoft's latest Windows update. Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: connect from Oct 15 14:49:42 mx1 postfix/submission/smtpd[25067]: SSL_accept error from : lost connection Oct

Re: Mail and mail traces lost (?)

>> Or simply set in /etc/systemd/journald.conf: >> >> [Journal] >> Storage=none >> ForwardToSyslog=yes > > That does not fully solve the problem, since IIRC rate limits and > performance limitations still apply, perhaps somewhat improved for the > latter. I've set RateLimitInterval=0 and RateL

Re: ESMTP banner duplicate

> I've been doing some tests of my postfix server and sometimes when I > connect, I get *two* ESMTP banners, one that has a hyphen (-) after the > 220, and one that doesn't. Other connections, I only get one banner: > > $ nc -v server.example.net 25 > Connection to server.example.net (10.0.0.1) 25

Re: any staff from the provider 5x2.de?

> So I am thinking 5x2.de should improve this for a better > forwarding solution. Why don't you contact them directly? ip registration (ripe): inetnum:136.243.126.128 - 136.243.126.159 netname:VIWA-INVEST-GMBH country:DE ... remarks:*

Re: Untrusted TLS connection when sending emails to Google

>>> Sure, but the forensic value of the signal is rather weak, since you >>> learn nothing about the names in the certificate, and anyone can get >>> a certificate from Let's Encrypt. So your connection was to some >>> server that had some certificate, ... now what? >> >> You'll get the informati

Re: Untrusted TLS connection when sending emails to Google

>>> I am curious why with opportunistic TLS (security level may), you're >>> bothering to take any action to tweak the entirely cosmetic certificate >>> path validation status? >> >> What about parsing the maillog and adding those trusted servers to a table >> in order to enforce a higher tls leve

Re: Untrusted TLS connection when sending emails to Google

>> Thank you for the answers. I'm reading the documentation and we need to >> adjust the smtp_tls_CAfile indeed. I will adjust this as soon as >> possible and I will report the result here. > > I am curious why with opportunistic TLS (security level may), you're > bothering to take any action to t

Re: Untrusted TLS connection when sending emails to Google

> I'm sorry if this is a frequent question, but we have deployed a new Postfix > server and we have enabled Opportunistic TLS. We have noticed that even with > a valid certificate when connecting to gmail servers the Untrusted TLS > connection is being displayed. > > I have updated the ca-cert

Re: are mail isps dumb when seeing atest mail sent to your own server ?

> Well, I've tried to test my server setup (postfix++Spamassassin++) with an > official Gtube test mail and got rejected at sending (!) by all the isps I've > tried... can't test my own server because of that... how dumb they are! > > they aren't smart enough to recognize a test email specialy

Re: multiple ip addresses for submission -- My Google Fu is lacking

> when a user clicks "send", the email client has to make some tcp-connection > to some ip address. > what if the hostname configured at the email client resolves to multiple ip > addresses? There are several hops that could randomize ips: - authoritative dns server - dns resolver at your di

Re: I have successfully configured SSL/TLS for Postfix SMTP outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed

> Add the following firewall rules to /etc/sysconfig/iptables. This is > to open ports for services/daemons listening on TCP ports 25, 465, and > 587. /etc/sysconfig/iptables sounds like RHEL/CentOS, on Debian it might be /etc/iptables/rules.v4 or rules.v6 > -A INPUT ! -i lo -p tcp -m state --s

Re: Hostname DNS error

> Could it be a transient DNS/network problem? If it only You can check which nameservers are responsible: 1) with dns (/etc/resolv.conf) [user@server ~]$ dig +short radio-z.net ns robotns3.second-ns.com. ns1.first-ns.de. robotns2.second-ns.de. 2) with dns (tracing from dns root, asking every na

Re: Hostname DNS error

> Aug 21 10:22:59 stretch postfix/smtpd[8394]: warning: hostname > mail.radio-z.net does not resolve to address 136.243.54.124 > Aug 21 10:22:59 stretch postfix/smtpd[8394]: connect from > unknown[136.243.54.124] > Aug 21 10:22:59 stretch postfix/smtpd[8394]: 18D3F6A40A2B: > client=unknown[136.2

Re: Can send but not receive

> I had not removed the vhost on the VPS for keiththewebguy.com, so when I sent > email from the VPS to my home server, it saw the same email on the local > server (VPS) and routed it to the inbox. > > I am very surprised this occurred. I would have thought the sending server > (VPS) would f

Re: Can send but not receive

> I am running Ubuntu 20.04lts / Apache / MySql (or a clone) / PHP / > BIND9 / Postfix / Dovecot > > Web server works. I have configred a lot of LAMP virtual host servers. > I am new to BIND9 / Postfix / Dovecot. > > FQDN is soho.keiththewebguy.com > > MX record is

Re: Training and/or Consluting ?

>> smtpd_use_tls = yes > > This is obsolete. The non-obsolete syntax is: Thanks for the hint, this seems to have survived some old configs of mine. I appreciate that postfix does not try to break configuration throughout the years. >> smtpd_tls_CAfile = /etc/pki/ca-trust/extracted/pem/tls-c

Re: Training and/or Consluting ?

> The links under "Training" on http://www.postfix.org/docs.html > are either dead links or are not in the United States (my current work/home > location) > > The problems with the available documentation: > * There seems to be no consensus about how to configure servers and services > Example:

Re: Specific DNS server

>> Is there a way to make Postfix/postscreen use a specific DNS server? > > Edit /etc/resolv.conf. > > No kidding - Postfix uses the SYSTEM LIBRARY for DNS lookups, and > the SYSTEM LIBRARY uses the resolv.conf file. Theree are no plans > to re-implement this part of the SYSTEM LIBRARY in Postfix

Re: bl.spamcop.net false positives

>> That aside, IMHO, this is a huge screw-up for SC - not even in the >> realm of acceptable… > > On the other hand, why did the domain registrar put a blanket entry for > *.spamcop.net pointing to their server's IP when the domain expired instead of > just returning NXDOMAIN? Because you can't m

Re: bl.spamcop.net false positives

>> Given the ip 1.2.3.4 - if postfix is configured to query the spamcop >> blacklist then a dns query like this is issued: >> >> [gerry@noc ~]$ dig 4.3.2.1.bl.spamcop.net >> [...] >> ;; ANSWER SECTION: >> 4.3.2.1.bl.spamcop.net. 300 IN A 91.195.240.87 > > But isn't this a comm

Re: bl.spamcop.net false positives

Good news, the nameservers have changed again: [gerry@noc ~]$ whois spamcop.net Domain Name: SPAMCOP.NET Registry Domain ID: 3340109_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: http://www.enom.com Updated Date: 2021-01-31T16:04:06Z Creation Date: 1999-01

Re: bl.spamcop.net false positives

Hello Ludi, > But if spamcop.net is still intact, how can someone grab bl.spamcop.net? it does not matter if spamcop servers are up and running, the problem is that the responsible dns-servers do not answer with the spamcop servers' ips anymore. Now the ip of a website belonging to a domain broke

Re: postfix with mysql - too many connections

>>> In my postfix proxymap may not be working very well: >>> warning: virtual_mailbox_domains: proxy:mysql:/etc/postfix/map.sql: table >>> lookup problem >>> warning: memcache:/etc/postfix/memcache_recipient_whitelist_cache.cf: table >>> lookup problem >>> >>> because in mysql i see many hangi

Re: postfix with mysql - too many connections

> In my postfix proxymap may not be working very well: > warning: virtual_mailbox_domains: proxy:mysql:/etc/postfix/map.sql: table > lookup problem > warning: memcache:/etc/postfix/memcache_recipient_whitelist_cache.cf: table > lookup problem > > because in mysql i see many hanging processes Do

Re: postfix with mysql - too many connections

>> I gave you hint's on this very list two days ago ... >> >> Best regards >> Gerald >> >> > Yes but I have proxy_read_maps in main.cf: > > proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps > $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps >

Re: postfix with mysql - too many connections

> I use postfix-3.1.15 and mysql (domain mp, policyd, whitelist) - this is > vary have high-volume server > > I read e-mail from this group near "Feb 07, 2016; 5:44pmRe: postfix with > mysql - too many connections" about changing proxy:mysql to sharing > connections > http://postfix.1071664.n5.na

Re: Adding route to Gateway server

> You can just add it to the transport file > Ex add this to the transport file: > 1...@1234test.com smtp:1.2.3.4 for ip addresses [] are required: 1...@1234test.com smtp:[1.2.3.4] The syntax of a nexthop destination is transport dependent. With SMTP, specify a servi

Re: Adding route to Gateway server

> I currently have 2 postfix servers as our gateway servers hosting our domain. > It is currently configure to receive internet email bound for our domain and > then send it to our ProofPoint servers for hygiene scrubbing. This is all > working great right now, but our Cyber team wanted us to

Re: too many connections

> check_recipient_access mysql:/etc/postfix/mysql_whitelist_recipient.cf > ... > "Dec 2 13:51:09 mail4 postfix/smtpd[21777]: warning: connect to mysql > server 127.0.0.1: Too many connections try http://www.postfix.org/proxymap.8.html check_recipient_access proxy:mysql:/etc/postfix/mysql_whiteli

Re: smtpd_recipient_restrictions Failure?

>>> Thanks, Gerald. I also have this in my main.cf configuration file: >>> smtpd_sender_restrictions = >>> permit_mynetworks, >>> reject_non_fqdn_sender, >>> reject_unknown_sender_domain, >>> check_client_access cidr:/etc/postfix/blacklist_cidr, >>> permit >>> Shouldn'

Re: smtpd_recipient_restrictions Failure?

> Thanks, Gerald. I also have this in my main.cf configuration file: > > smtpd_sender_restrictions = >permit_mynetworks, >reject_non_fqdn_sender, >reject_unknown_sender_domain, >check_client_access cidr:/etc/postfix/blacklist_cidr, >permit > > Shouldn't the

Re: smtpd_recipient_restrictions Failure?

> Lately I've been getting email sent from one persistent spammer that's > somehow getting through my smtpd_recipient_restrictions filters. Here are > the message headers: > > Return-Path: [...] > From:=?UTF-8?B?RGVybWFDb3JyZWN0?= [...] > smtpd_recipient_restrictions = > check_sender_acc

  1   2   >