> On 26 Jan 2025, at 14:33, Wietse Venema via Postfix-users
> wrote:
>
> Gerben Wierda via Postfix-users:
>>
>>> On 23 Jan 2025, at 17:55, Wietse Venema via Postfix-users
>>> wrote:
>>>
>>> Gerben Wierda via Postfix-users:
> On 23 Jan 2025, at 17:55, Wietse Venema via Postfix-users
> wrote:
>
> Gerben Wierda via Postfix-users:
>> I was wondering, suppose I have a user like this:
>>
>> f...@bar.com is the account name
>> foo.lastn...@bar.com is the incoming alias and the out
On 23 Jan 2025, at 17:55, Wietse Venema via Postfix-users
wrote:
>
> Gerben Wierda via Postfix-users:
>> I was wondering, suppose I have a user like this:
>>
>> f...@bar.com is the account name
>> foo.lastn...@bar.com is the incoming alias and the outgoing
ke hold in the long term and I
would have to let users change their auth settings (which now is user 'foo' and
'password')
Yours,
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>, Mastodon
<https://newsie.social/@gctwnl>, Bluesky
<https://bs
> On 31 May 2024, at 16:13, Wietse Venema via Postfix-users
> wrote:
>
> Gerben Wierda via Postfix-users:
>>> On 31 May 2024, at 14:53, Wietse Venema wrote:
>>>
>>> Gerben Wierda via Postfix-users:
>>>>
>>>>> On
> On 31 May 2024, at 14:53, Wietse Venema wrote:
>
> Gerben Wierda via Postfix-users:
>>
>>> On 31 May 2024, at 13:20, pat...@patpro.net wrote:
>>>
>>> Hello,
>>>
>>> Any sign of postfix 3.9 blacklisting HAproxy because of SMTP
>
rcpt=1 data=0/1 rset=1 quit=1 commands=7/8
What am I doing wrong?
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>, Mastodon
<https://newsie.social/@gctwnl>)
R&A IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architect
is sent before 220 is received?
G
>
> May 31, 2024 1:06 PM, "Gerben Wierda via Postfix-users"
> <mailto:postfix-users@postfix.org?to=%22gerben%20wierda%20via%20postfix-users%22%20%3cpostfix-us...@postfix.org%3E>>
> wrote:
> Hmm, I just noticed (all outgoing s
annot exclude that I updated HAproxy too, so I am not 100% certain.
What should I do? Revert to postfix 3.8? I rather not, I rather would upgrade
the other to 3.9 (but if I do that, I probably lose all smtp behind HAproxy for
now)
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerb
, but I also think this will
be too complex for me having not enough daily practice with creating milters.
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A Enterprise Architecture <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Archite
to a reply from meatevilcomp...@mydomain.tld to
marketingt...@evilcompany.com, but only for marketingt...@evilcompany.com or
for @evilcompany.com?
Thx,
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>, Mastodon
<https://newsie.social/@gctwnl>)
R&A IT Strategy <h
Is
smtpd_data_restrictions =
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
reject_multi_recipient_bounce
enough to stop this small(?) risk (before I manage to upgrade)?
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwie
> On 18 Feb 2023, at 14:49, Wietse Venema wrote:
>
> Gerben Wierda:
>> Feb 18 12:18:44 snape smtp/smtpd[15128]: NOQUEUE: reject: RCPT from
>> ms11p00im-qufo17282001.me.com
>> <http://ms11p00im-qufo17282001.me.com/>[17.58.38.57]: 550 5.1.1
>> mailto:van
/var/mail/nl.rna.mail/users/vanroodewierda
mailmaildir:/var/mail/nl.rna.mail/users/vanroodewierda
I’m kind of lost, how do I find out why I’m getting ‘User unknown’ here from
postfix? Is there a way to run a test with more verbose output that I cans why
one works and another not?
Gerben
> On 28 Jan 2023, at 17:26, post...@ptld.com wrote:
>
>> Currently, every time haproxy checks if postfix is still alive, e.g. on port
>> 587, I see this in my logging:
>> Jan 28 13:13:20 albus submission/smtpd[97331]: warning: haproxy read: EOF
>> Jan 28 13:13:20 albus submission/smtpd[97331]:
> On 28 Jan 2023, at 14:53, Wietse Venema wrote:
>
> Gerben Wierda:
>>> A proper health check verifies that a service actually responds.
>>
>> True.
>>
>>> You can find more with "haproxy health check script". For example,
>&g
> On 28 Jan 2023, at 13:40, Wietse Venema wrote:
>
> Gerben Wierda:
>> Currently, every time haproxy checks if postfix is still alive,
>> e.g. on port 587, I see this in my logging:
>>
>> Jan 28 13:13:20 albus submission/smtpd[97331]: warning: haproxy r
could think of is set up a separate port in master.cf for
postfix to listen to and make sure logging disappears in a black hole. But
maybe I am missing something and there is a better way to do an external health
check to see if postfix is running?
Gerben Wierda (LinkedIn <https://www.linkedi
> On 15 Jan 2023, at 22:09, Wietse Venema wrote:
>
> It would resolve the exclusive lock. However, it make no sense to
> have two postscreen services on the same physical machine exposed
> to clients on the internet.
Not in stable production, agreed.
But it brings me quick changes of my setup
postscreen_cache_map=btree:$data_directory/postscreen_haproxy_cache
So, they now both can handle postscreen side-by-side on two ports where one
port required haproxy and the other does not.
G
> On 15 Jan 2023, at 21:03, Benny Pedersen wrote:
>
> Gerben Wierda skrev den 2023-01
Let me guess: my two postscreen instances side by side on different ports?GSent from my iPhoneOn 15 Jan 2023, at 19:26, Gerben Wierda wrote:For some reason, one of my postfix servers says this:Jan 15 19:18:30 mail postfix/postscreen[1057]: fatal: btree:/opt/local/var/lib/postfix/postscreen_cache
/libexec/postfix/postscreen pid 1057 exit status 1
Jan 15 19:18:31 mail postfix/master[658]: warning:
/opt/local/libexec/postfix/postscreen: bad command startup -- throttling
Should I just stop postfix, remove
/opt/local/var/lib/postfix/postscreen_cache.db (which is there) and restart?
Gerben
> On 15 Jan 2023, at 17:09, Wietse Venema wrote:
>
> In that case, use two SMTP services, one that is proxied and one
> that is not.
Yes, in the meantime I had gathered that that was the obvious solution (should
have realised that earlier).
So, I added this in master.cf:
smtp inet n
> On 15 Jan 2023, at 15:47, Wietse Venema wrote:
>
> "The name of the proxy protocol used by a before-postscreen proxy agent."
That still doesn't tell you what the effect is of entering a value for that
setting while the traffic is not coming from a proxy. Normally, when you enter
config data
> On 15 Jan 2023, at 02:55, Viktor Dukhovni wrote:
>
> On Sun, Jan 15, 2023 at 01:47:10AM +0100, Gerben Wierda wrote:
>
>> I am looking at putting HAproxy between the internet and my two inside
>> postfix MTA's
>
> Is there a good reason to do that? If not
aproxy even if no haproxy is used. Is that a correct
interpretation? Because it is ambiguous.
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl
> On 13 Jan 2023, at 16:22, Gerben Wierda wrote:
>
> I have created a second postfix server in my LAN. The idea is to use both in
> a failover/loadbalancing setting for now. At the back are two dovecots that
> replicate to each other.
>
> When mail is sent out via m
both configured like this:
main.cf:myhostname = mail.rna.nl
or I can have both configured like this:
main.cf:myhostname = a.rna.nl
main.cf:smtp_helo_name = mail.rna.nl
is there a reason to do one or the other?
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A I
p.ptld.com/>
Diagnostic-Code: smtp; 550-5.7.1 (ISO:NL) Client blocked by policy rules 550
5.7.1 TRACE(Server=smtp.ptld.com <http://smtp.ptld.com/>,
Client=213.125.118.53, Jan 05 12:20:24)
From: Gerben Wierda mailto:gerben.wie...@rna.nl>>
Subject: Re: postfix connects to dovecot lmtp socket, but nothing is delivered
Date: 5 January 2023 at 18:20:19 CET
To: dove...@ptld.com <mailto:dove...@ptld.com>
Cc: dove...@dovecot.org <mailto:dove...@dovecot.org>
> On 5 Jan 2023, at 18:02, Wietse Venema wrote:
>
> Gerben Wierda:
>> Jan 05 16:16:59 snape postfix/lmtp[126]: C71B3D1262: to=,
>> relay=snape.rna.nl[private/lmtp], delay=300, delays=0.02/0/300/0, dsn=4.4.2,
>> status=deferred (conversation with snape.rna.nl[privat
= postfix
group = postfix
}
}
service lmtp {
executable = lmtp -L
}
protocol lmtp {
info_log_path = /var/log/mail/dovecot-lmtp.log
}
Any other tips?
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A IT Strategy <https://ea.rna.nl/> (ma
> On 24 Dec 2022, at 09:35, David Bürgin wrote:
>
> raf:
>> On Fri, Dec 23, 2022 at 06:20:08PM +0100, Gerben Wierda
>> wrote:
>>> What is the best way to do this? Or is it too troublesome and should
>>> I just use postfix outside of docker, installing
postfix behind traefik. I
want postscreen to be the doorman on port 25 traffic.
Thanks for tips and suggestions.
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Archit
> On 10 Jun 2022, at 13:17, Wietse Venema wrote:
>
> Wietse Venema:
>> Gerben Wierda:
>>>
>>>> On 10 Jun 2022, at 02:30, Wietse Venema wrote:
>>>>
>>>> Gerben Wierda:
>>>>> What is happening here? (mail is delivered,
> On 10 Jun 2022, at 02:30, Wietse Venema wrote:
>
> Gerben Wierda:
>> What is happening here? (mail is delivered, I?m just curious)
>>
>> Jun 09 23:37:39 mail postfix/postscreen[4294]: CONNECT from
>> [146.185.52.133]:10400 to [192.168.2.66]:25
>>
What is happening here? (mail is delivered, I’m just curious)
Jun 09 23:37:39 mail postfix/postscreen[4294]: CONNECT from
[146.185.52.133]:10400 to [192.168.2.66]:25
Jun 09 23:37:45 mail postfix/postscreen[4294]: PASS NEW [146.185.52.133]:10400
Jun 09 23:37:45 mail smtp/smtpd[4296]: connect from
Ik zat me af te vragen of jij ooit had gedacht om SPF in te bouwen in Postfix
(native).
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna
On 5 Mar 2022, at 12:44, daniel Azuelos wrote:
>
> [ Rédigé dans le sens de lecture professionnel.
> Written in the professional reading direction. ]
>
> Le (on) 04/03/2022, Gerben Wierda a écrit (wrote):
>
> | I have upgraded my postfix 3.6 to postfix 3.7.0 as well as having
> On 5 Mar 2022, at 18:23, Matus UHLAR - fantomas wrote:
>
> On 05.03.22 12:43, Gerben Wierda wrote:
>> A forward zone without a forward address gives SERVFAIL
>>
>> But I was able to use
>>
>> forward-zone:
>> name: "spamhaus.org"
What is the correct way to clean out (make a fresh start) with the postscreen
cache?
Can I clean the postscreen cache while postfix is running?
Thanks,
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A IT Strategy <https://ea.rna.nl/> (main site)
Book: C
o
provide information (such as DNSBL) for domains).
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <htt
Indeed. The problem is almost certainly most likely my macOS setup in some way.
I will try to use 3.6 but I do not expect it will make a difference.
Gerben
> On 5 Mar 2022, at 04:00, Wietse Venema wrote:
>
> Gerben Wierda:
>>
>>> On 4 Mar 2022, at 20:04, Bill Cole
nother resolver than the
default one.
Or I must forego the use of 9.9.9.9 and lose its DNS blocking of ‘evil’ hosts.
G
> On 4 Mar 2022, at 19:57, Noel Jones wrote:
>
>
> On 3/4/2022 11:58 AM, Gerben Wierda wrote:
>
>> Feb 27 06:02:19 mail postfix/dnsblog[46930]: addr 113.197.
On 4 Mar 2022, at 19:13, Bastian Blank
wrote:
>
> On Fri, Mar 04, 2022 at 06:58:33PM +0100, Gerben Wierda wrote:
>> Feb 27 06:02:19 mail postfix/dnsblog[46930]: addr 113.197.35.193 listed by
>> domain zen.spamhaus.org as 127.255.255.254
>> The 254 response means: the
: EHLO mega.nz\r\n
Mar 04 18:44:26 mail postfix/postscreen[88228]: DISCONNECT [189.51.96.252]:38442
These responses mean the DNSBL works ok,
How do I fix the former one?
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A IT Strategy <https://ea.rna.nl/> (main s
led: postfix @3.7.0_0+dovecot_sasl+pcre+smtputf8+tls
What is the best way to hunt down why postfix stops working on port 25 (that
is: no more postfix/postscreen gets started) at some moment? What kind of
debugging/logging should I turn on to try to find out what happens?
Gerben Wierda (LinkedI
On 22 Oct 2021, at 01:09, Gerben Wierda wrote:
>
>>
>> On 21 Oct 2021, at 14:35, Wietse Venema > <mailto:wie...@porcupine.org>> wrote:
>>
>> Gerben Wierda:
>>> My standard DNS forwards to cloud9 (9.9.9.9) because cloud9 blocks bad
>>>
> On 21 Oct 2021, at 14:35, Wietse Venema wrote:
>
> Gerben Wierda:
>> My standard DNS forwards to cloud9 (9.9.9.9) because cloud9 blocks bad
>> actors. But that means that DNSBL from spamhaus doesn?t work as the query to
>> comes from a public DNS server.
>&g
= drop
# Drop any SMTP client that is in the DNSBL
postscreen_dnsbl_sites = zen.spamhaus.org*2
postscreen_dnsbl_action = drop
I have a secondary resolver that doesn’t forward to cloud9. Can I use that
local DNS instead of the standard one in postfix, preferably for postscreen
DNSBL only?
Gerben
] commands=0/0
Is there a way I could except that server from the rate limit? And could that
be misused (a lot of spammers already send to the backup MX anyway)
Yours,
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A Enterprise Architecture <https://ea.rna.nl
ance postfix was interesting.
G
> On 1 Feb 2021, at 22:59, Viktor Dukhovni wrote:
>
> On Mon, Feb 01, 2021 at 10:21:32PM +0100, Gerben Wierda wrote:
>
>> What I suspect here is that DKIM is the problem. As trivial-rewrite
>> changes the message, the DKIM signature is
What I am trying to do is create a ‘reverse alias’ (next to an alias). The
alias must be used when mail is sent to a specific domain.
> On 1 Feb 2021, at 17:59, Gerben Wierda wrote:
>
> master.cf gets:
>
> mycanon unix - - y - -
> On 1 Feb 2021, at 16:12, Viktor Dukhovni wrote:
>
> On Mon, Feb 01, 2021 at 03:43:55PM +0100, Gerben Wierda wrote:
>
>>> Yes, at the cost of a dedicated transport whose master.cf entry contains
>>> an override for smtp_generic_maps:
>>>
>>&
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A Enterprise Architecture <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-editio
...@externaldomain.net
From/sender are rewritten to myal...@mydomain.net
Is that possible?
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A Enterprise Architecture <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna
> On 21 Nov 2020, at 15:53, Wietse Venema wrote:
>
> Gerben Wierda:
>> I think I am using postfix defaults here.
>>
>> WHen a client is rejected because of a mssing reverse hostname, I see:
>>
>> Nov 21 15:37:02 mail smtp/smtpd[2168]: NOQUEUE: reject:
I think I am using postfix defaults here.
WHen a client is rejected because of a mssing reverse hostname, I see:
Nov 21 15:37:02 mail smtp/smtpd[2168]: NOQUEUE: reject: RCPT from
unknown[46.221.40.2]: 450 4.7.1 Client host rejected: cannot find your reverse
hostname, [46.221.40.2]; from= to=
p
mail.rna.nl”. Of course this went wrong as soon as authentication was started.
Gerben Wierda
Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
Architecture for Real Enterprises
<https://www.inf
> On 10 Jan 2020, at 19:01, Bill Cole
> wrote:
>
> On 10 Jan 2020, at 12:28, Gerben Wierda wrote:
>
>> postfix is started during boot on my macOS system. This fails with:
>>
>> Jan 10 18:00:08 mail postfix/master[488]: fatal: bind 0.0.0.0 port 25:
>>
> On 10 Jan 2020, at 19:01, Bill Cole
> wrote:
>
> On 10 Jan 2020, at 12:28, Gerben Wierda wrote:
>
>> postfix is started during boot on my macOS system. This fails with:
>>
>> Jan 10 18:00:08 mail postfix/master[488]: fatal: bind 0.0.0.0 port 25:
>>
postfix is started during boot on my macOS system. This fails with:
Jan 10 18:00:08 mail postfix/master[488]: fatal: bind 0.0.0.0 port 25: Address
already in use
Jan 10 18:00:10 mail /postfix-script[511]: fatal: mail system startup failed
but when I shortly thereafter launch it it just starts fi
> On 31 Dec 2019, at 01:57, Wietse Venema wrote:
>
> I remember that you reported a bug where a program cant talk to
> postlogd if it opens the postlog socked after dropping privileges.
>
> I posted a patch for that, but I never heard back if that worked,
> and therefore that patch is not part
> On 31 Dec 2019, at 00:24, Wietse Venema wrote:
>
>> These bots are very stupid and very persistent. My maillog file for
>> today has 3500 of these, and that is with 6 more hours to go.
>
9500 in 13 hours here. With the new settings (ENFORCE) smtpd is spared but I
still have this junk in my l
that it was successfully handed to another smtp-server.
I’ve tried adding -v to the smtpd commands in master.cf but that doesn’t really
help.
I can’t use syslog on my system so I’m using postlog.
Gerben Wierda
Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Mas
> On 31 Dec 2019, at 00:11, Allen Coates wrote:
>
>
>
> On 30/12/2019 22:32, Gerben Wierda wrote:
>> Now that Finally have a postfix back with actual logging, I noticed this in
>> my log:
>>
>> Dec 30 23:26:09 mail postfix/postscreen[16020]: C
> On 30 Dec 2019, at 23:46, Viktor Dukhovni <mailto:postfix-us...@dukhovni.org>> wrote:
>
> On Mon, Dec 30, 2019 at 11:32:11PM +0100, Gerben Wierda wrote:
>
>> Now that Finally have a postfix back with actual logging, I noticed this in
>> my log:
>>
>
Now that Finally have a postfix back with actual logging, I noticed this in my
log:
Dec 30 23:26:09 mail postfix/postscreen[16020]: CONNECT from
[182.99.42.88]:49546 to [192.168.2.66]:25
Dec 30 23:26:10 mail postfix/postscreen[16020]: PREGREET 14 after 0.26 from
[182.99.42.88]:49546: EHLO ylmf-
> On 20 Dec 2019, at 22:06, Matus UHLAR - fantomas wrote:
>
> On 20.12.19 17:25, Gerben Wierda wrote:
>> I am trying to understand how my aliases/virtual_users/etc interact.
>>
>> postfix setup has virtual domains and virtual users, but all users (also
>>
ng
that I have made things overly complex. Am I correct?
And what is preferred? An /etc/aliases file that is in use (next to the one I
am using) or a ~root/.forward file?
Gerben Wierda
Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
Mastering ArchiMate <http:
> On 7 Oct 2019, at 15:50, Wietse Venema wrote:
>
> Wietse Venema:
>> Gerben Wierda:
>>>> If it is chroot related, try turning off smtpd chroot in master.cf,
>>>> and do "postfix reload?.
>>>
>>> Indeed, it is. If I turn chroot
And I forgot to mention, now that it isn’t running chroot-ed, the DNS reverse
lookups suddenly also work.
Apparently, running chrooted is somewhat more difficult that imagined.
> Oct 07 01:26:20 mail postfix/master[18890]: daemon started -- version 3.4.6,
> configuration /opt/local/etc/postfix
,
permit_mynetworks,
permit_sasl_authenticated,
reject_multi_recipient_bounce
Gerben Wierda
Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
Mastering ArchiMate <http://masteringarchimate.com/>
Architecture for Real Enterprises
<https://ww
> On 7 Oct 2019, at 01:10, Wietse Venema wrote:
>
> Gerben Wierda:
>> For some reason, I don?t get smtpd logging at all. E.g. when sending a mail
>> from Apple Mail.app MUA, this is all I see:
>>
>> Oct 06 22:42:21 mail postfix/cleanup[1020]: AE6C5504A6F:
in my maillog (including debug_peer) when I
introduce an unrelated error in main.cf? I’d like to see logging for each mail
delivery.
Gerben Wierda
Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
Mastering ArchiMate <http://masteringarchimate.com/>
Arch
> On 5 Oct 2019, at 18:43, Viktor Dukhovni wrote:
Thank you. That helped (more to point out I had made a stupid mistake).
> On Sat, Oct 05, 2019 at 11:51:24AM +0200, Gerben Wierda wrote:
>
>> [...], my log says:
>>
>> Oct 05 11:35:21 mail postfix/smtpd[2218]
t to smtpd?
(Note, syslog is completely broken on macOS, so I depend on logging to mail log
files). I’m running postfix 3.4.6.
Gerben Wierda
Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
Mastering ArchiMate <http://masteringarchimate.com/>
Architectur
facilitate more easy migration
in the future. Hence the question.
Gerben Wierda
Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
Mastering ArchiMate <http://masteringarchimate.com/>
Architecture for Real Enterprises
<https://www.infoworld.com/blog/archit
domain.
But an outside, non SASL-authenticated client that says it wants to deliver
mail From my domain is illegal. Apparently, that one still gets through (though
is generally blocked by greylisting). Anyway, is there a way to block that
without blocking legitimate mail?
Gerben Wierda
Chess and
at 22:25, Gerben Wierda wrote:
>
>
>> On 23 Mar 2017, at 21:59, Noel Jones > <mailto:njo...@megan.vbhcs.org>> wrote:
>>
>>
>>>
>>> maybe up the loglevel, or use tcpdump to capture some packets and
>>> see if the postfix logs are c
> On 23 Mar 2017, at 21:59, Noel Jones wrote:
>
>
>>
>> maybe up the loglevel, or use tcpdump to capture some packets and
>> see if the postfix logs are correct.
>>
>
> Increasing the postfix log level is unlikely to give any further
> useful information -- the other end dropped the connecti
> -Angelo Fazzina
> Operating Systems Programmer / Analyst
> University of Connecticut, UITS, SSG, Server Systems
> 860-486-9075
>
> From: owner-postfix-us...@postfix.org
> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Gerben Wierda
> Sent: Thursday, Ma
I’m using the postfix that is part of mac OS Sierra with Server 5.2. Apple has
kind of damaged the logging system, so getting logs from sptmd/smtp has become
a lot more difficult.
I’ve now found a way to get the logs. While investigating something else, I’ve
noticed entries like these in the lo
If I am open on 25 and 587, how can I see in the log on which port a connection
has been established?
G
My postfix MTA has been under a lot of DOS-like attention. Such as a botnet
sending many EHLO-requests, then password attempts:
First a lot of:
2017-01-03 10:09:54.964765+0100 0x6254a9 Info0x0
12992 smtpd: connect from unknown[95.183.220.2]
2017-01-03 10:09:55.044713+
2:38, Mariusz Piasecki pisze:
>> You should check master.cf, maybe you have some commands below services
>> which overrides main.cf.
>>
>>
>> W dniu 2016-11-21 o 21:17, Wietse Venema pisze:
>>> Gerben Wierda:
>>>&
I was wondering, how many legitimate email (i.e. poorly configured but legit
MTA’s out there) would be blocked with either of these?
unknown_client_reject_code = 550 # Hmm, should this be another value in the 5xx
range?
smtpd_recipient_restrictions =
…,
reject_unknown_client_host
> On 22 Nov 2016, at 01:58, Wietse Venema wrote:
>
> Gerben Wierda:
>> I did another test. I changed the recipient restrictions to:
>>
>> smtpd_recipient_restrictions =
>> reject_unauth_pipelining,
>> reject_non_fqdn_recip
Nov 2016, at 21:17, Wietse Venema wrote:
>
> Gerben Wierda:
>>
>>> On 21 Nov 2016, at 17:33, Wietse Venema wrote:
>>>
>>> Gerben Wierda:
>>>> smtpd_recipient_restrictions =
>>>>permit_sasl_a
Wietse, sorry, please bear with me here, but this is not easy to understand
(given the complexity of all the settings). And I’m afraid to damage my mail in
the sense that I start refusing legitimate mail.
> On 21 Nov 2016, at 21:17, Wietse Venema wrote:
>
> Gerben Wierda:
>>
> On 21 Nov 2016, at 17:33, Wietse Venema wrote:
>
> Gerben Wierda:
>> smtpd_recipient_restrictions =
>> permit_sasl_authenticated
>> permit_mynetworks
>> reject_unauth_destination
>> reject_unknown_recipient_domain
>> rej
Hello,
In my setup, I’m using the greylisting policy. Now, a spammer tries to send
mail to a nonexistent address. But he still gets the greylisting temp failure
sent:
Nov 21 16:35:42 vanroodewierda.rna.nl postfix/smtpd[21832]: connect from
unknown[186.1.16.66]
Nov 21 16:35:43 vanroodewierda /u
experienced people: is this OK?
Does macports overwrite what Apple has provided or does it have its own
separate tree (like fink used to have, which means you get another job that is:
keeping the second tree up to date)?
G
On 2 Feb 2013, at 20:36, James Griffin wrote:
> --> Gerben Wierda
Actually, I'm still on
/usr/libexec/postfix/greylist.pl
as I am using Mac OS X Server 10.6.8 and I haven't dared to upgrade to a higher
version of OS X Server as they were busy crippling it in many respects.
G
On 2 Feb 2013, at 18:51, John Allen wrote:
> On 02/02/2013 11:
sing
messagelabs, e.g. apg.nl or apg-am.nl. So not so much the client but the from,
e.g.
@apg.nl permit
how do I do that?
G
On 2 Feb 2013, at 17:48, Wietse Venema wrote:
> Gerben Wierda:
>> smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks
>> reject
I have set up my smtpd restrictions as follows:
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated
check_sender_access hash:/etc/postfix/whitelist reject_rbl_client
zen.spamhaus.org permit
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks
reject_un
95 matches
Mail list logo
