[pfx] Inconsistent failure pattern with smtp_tls_wrappermode

the issue relay unix  -   -   n   -   -   smtp     -o syslog_name=${multi_instance_name?{$multi_instance_name}:{postfix}}/$service_name #   -o smtp_helo_timeout=5 -o smtp_connect_timeout=5     -o smtp_tls_wrappermode=yes     -o smtp_tls_security_level=encrypt [jeff@mx

[pfx] Re: recipient rate limit

Hi I am sorry that for my bad expression which may caused your misunderstanding. I want the rate limit on incoming messages to our local users. for example, we have a domain foo.com, and have a user john...@foo.com. I want john...@foo.com to accept messages up to 1000 per day. besides postfwd,

[pfx] recipient rate limit

How can I setup recipient rate limit in postfix? or via a milter? This setting should be against local users in our system. Thank you. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postf

[pfx] Re: PSA: Access to www.postfix.org on 2024-11-27

November 15, 2024 at 5:18 AM, "Wietse Venema via Postfix-users" mailto:postfix-users@postfix.org? > > > I'm not running the DNS or www service anymore. The work would need > to be done by Ralph (web) and sys4.de staff (DNS). > Is the list hosted by sys4.de as well? regards.

[pfx] Re: greylisting for some domain

November 13, 2024 at 10:11 PM, "Wietse Venema via Postfix-users" mailto:postfix-users@postfix.org?to=%22Wietse%20Venema%20via%20Postfix-users%22%20%3Cpostfix-users%40postfix.org%3E > wrote: > > natan via Postfix-users: > > > > > Hi > > Thenx for replay but im doing something wrong > > > >

[pfx] Postfix to other mta

In default setup when postfix deliver messages to other MTA, is it going by ssl/tls or plaintext? Thank you. -- Jeff Pang jeffp...@aol.com ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le

[pfx] Re: sending email to FQDN address without DNS

smtp:[192.0.2.1] what's the difference between default_transport and relayhost settings? Thank you. -- Jeff Pang jeffp...@aol.com ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: sending email to FQDN address without DNS

cribe send an email to postfix-users-le...@postfix.org -- Jeff Pang jeffp...@aol.com ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: host said: 452 4.5.3 Too many recipients

to peer MTA, and was cached in the local queue. regards. -- Jeff Pang jeffp...@aol.com ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] question again about email routing

-- Jeff Pang jeffp...@aol.com ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: spf

I am using the default value: PermError_reject = True But it totally depends by you. On 2024-07-08 17:36, natan via Postfix-users wrote: Hi What value do you use in postfix-policyd-spf in PermError_reject ? HELO_reject = Fail Mail_From_reject = Fail #update 20240706 #PermError_reject = False

[pfx] Re: DANE and STS

Does LE company have commercial revenue? I thought it was a non-profit organization. generate yourself and don't have to deal with LE's high turnover intermediaries nonsense. -- Jeff Pang j...@simplemail.co.in ___ Postfix-users ma

[pfx] Re: News about The new Postfix book ?

I will order one as well. Here's a link to the web site where you can order it: https://www.tiltedwindmillpress.com/product/ryoms-preorder/ ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le.

[pfx] Roundcube question

Does one roundcube installation support only one SASL backend? For example I configure it to access aol then it cannot access gmail. Other webmail such as snappy can connect to many smtp/imap backends, such as yahoo/outlook/gmail, they can be set up in one installation. Thanks ___

[pfx] Re: managing multi instances

If you were using cloud VM There is a tech called live migration Under which you take no care on applications such as postfix. Hi, I have two questions regarding multi instance management. 1. is there a way to batch migrate multi instances from serverA to serverB? We are planning to replace

[pfx] Re: DANE and STS

I am sorry to see pphosted.com and mimecast.com have no DANE deployed, since proofpoint and mimecast are the lartest email protection companies here. Can you also add SecuMail.de into the list? Thanks victor. Global:https://dnssec-stats.ant.isi.edu/~viktor/hosters.html -- Jeff

[pfx] Re: DANE and STS

- ddis.dk - protonmail.ch: YES - gmx.de: YES - web.de: YES -- Jeff Pang jeffp...@aol.com ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: DANE and STS

ns trust-ad" in /etc/resolv.conf. -- Jeff Pang jeffp...@aol.com ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: DANE and STS

P DANE is a valuable protocol for enhancing the security of email communication by leveraging DNSSEC to authenticate TLS certificates, ensuring secure and trusted email delivery. But, crucially, also a local*validating* resolver is a pre-requisite, -- Jeff P

[pfx] Re: DANE and STS

Thanks alex so much for the great info. Am 2024-06-25 08:44, schrieb Jeff Pang via Postfix-users: Hello sorry for the beginner question. how to deploy the following email security features? RFC 7672 SMTP-DANE Outgoing: # validate DANE smtp_dns_support_level = dnssec

[pfx] DANE and STS

Hello sorry for the beginner question. how to deploy the following email security features? RFC 7672 SMTP-DANE RFC 8461 MTA-STS is there a guide for that? Thanks -- Jeff Pang jeffp...@aol.com ___ Postfix-users mailing list -- postfix

[pfx] Re: inquiry for milter server

by the original author (Diane Skoll, also author of the Perl MIME::Tools package) called MailMunge which has identical functionality. Because MIMEDefang is 20+ years old, it is quite mature and stable. MailMunge has a better code design, but it is not as widely used. -- Jeff Pang j

[pfx] inquiry for milter server

what's the mainstream milter server for customized content analysis such as headers and languages? I may want to block some special messages which have a special header or special language (like middle-east). Thanks in advance. regards. ___ Postfix-u

[pfx] Re: how to implement this route

On 2024-06-23 20:24, Wietse Venema via Postfix-users wrote: Jeff Peng via Postfix-users: Hello I saw gmx.de/web.de have a policy that, if the submission IP is not from DE/EU, messages will be routed to a different gateway which is listed in spamhaus already. Otherwise if submission client&#

[pfx] how to implement this route

Hello I saw gmx.de/web.de have a policy that, if the submission IP is not from DE/EU, messages will be routed to a different gateway which is listed in spamhaus already. Otherwise if submission client's IP is in DE/EU, messages will be routed out via the normal gateway whose IP is clean. How

[pfx] No email forwarding?

I know how to setup postfix + opensrs for email forwarding. But google "why email forwarding is a bad idea" will get a lot of results. Should we not enable forwarding in now days? Thanks Jeff Pang jeffp...@aol.com ___ Postfix-users ma

[pfx] Re: question for a directive in master.cf

If you want to enable them, you have to uncomment ALL lines for submission service to work correctly. just further, for smtps service, can i just comment out all of options to enable it? #smtps inet n - y - - smtpd # -o syslog_name=postfix/smtps # -o s

[pfx] Re: question for a directive in master.cf

If you want to enable them, you have to uncomment ALL lines for submission service to work correctly. That's good idea. Thanks Rafa. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@po

[pfx] Re: question for a directive in master.cf

The default value is "no", as expected. $ postconf -d smtpd_sasl_auth_enable smtpd_sasl_auth_enable = no Best practice is to enable SASL auth only on the submission ports and NOT on port 25. I have changed the setting for submission to: submission inet n - y -

[pfx] question for a directive in master.cf

Hello for these options for submission in master.cf: submission inet n - y - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes # -o smtpd_tls_auth_only=yes # -o smtpd_reject_unlisted_recipient=no #

[pfx] Re: discard message

best is to use a milter to reject spam, such as rspamd or amavisd-milter, no forged header checks then i know rspamd is a milter, but spamassassin not working as milter? thanks. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsu

[pfx] discard message

Hello does smtp have an action "discard"? if so where messages will be discarded? I see smtp code has "reject" while sieve has "discard". So I am asking this question. Thank you. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsub

[pfx] Re: Best practices?

On 2024-06-19 17:29, Matt Kinni via Postfix-users wrote: On 2024-06-19 02:27, Matt Kinni via Postfix-users wrote: On 2024-06-16 15:21, Cody Millard via Postfix-users wrote: smtpd_helo_restrictions = ... reject_non_fqdn_helo_hostname, ... I've found this to block some legitimate mai

[pfx] Re: Best practices?

On 2024-06-19 05:15, Cody Millard via Postfix-users wrote: I am not sure what SRS or AUC are right now. I saw Dr. Lindenberg has a similar test suite like your site. https://blog.lindenberg.one/EmailSecurityTest ___ Postfix-users mailing list -- post

[pfx] Re: Help with reject_sender_login_mismatch

Thanks for all the kind helps. I have resolved the issue and wrote a note for it. https://notes.postno.de/how-to-use-reject-sender-login-mismatch-in-postfix.html if you find any issue in this note, please let me know. Thanks. Oh, sorry I didn't see you weren't using smtpd_sender_login_ma

[pfx] Re: Help with reject_sender_login_mismatch

On 2024-06-18 15:51, Gilgongo wrote: On Tue, 18 Jun 2024 at 08:31, Jeff Peng via Postfix-users < postfix-users@postfix.org> wrote: Hello, I have this section in master.cf: smtps inet n - y - - smtpd -o syslog_name=postfix/smtps

[pfx] Help with reject_sender_login_mismatch

Hello, I have this section in master.cf: smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_sender_restrictions=permit_sasl_authenticated,reject_sender_login_mismatch,reject -o

[pfx] Re: Troubleshooting roundcube connections to postfix

On 2024-06-18 10:40, postfix--- via Postfix-users wrote: To be honest, you still likely want authentication. Keep in mind that you don't need to authenticate as a single user for roundcube but rather you can have roundcube pass authentication through from it's own user login and therefore supp

[pfx] Re: Troubleshooting roundcube connections to postfix

On 2024-06-18 07:30, Peter via Postfix-users wrote: On 17/06/2024 17:28, Paul Schmehl wrote: How do you set up roundcube to not use authentication? I really don’t need it since it’s on the same machine as the mail server. What config options do I need to use? To be honest, you still likely wa

[pfx] Re: Troubleshooting roundcube connections to postfix

something like: $config['imap_host'] = 'ssl://localhost:993'; then RC will connect to server failed due to mis-configured certs. regards. Jeff ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: questions around the configuration

Got it. Thanks Victor very much. On 2024-06-17 12:18, Viktor Dukhovni via Postfix-users wrote: On Mon, Jun 17, 2024 at 09:54:01AM +0800, Jeff Peng via Postfix-users wrote: smtp_use_tls = yes Obsolete, ignored when the preferred form below is specified. smtp_tls_security_level = may

[pfx] questions around the configuration

Hello experts, for my these settings, smtp_use_tls = yes smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache my questions in

[pfx] Re: Do I have sals authentication properly configured?

- Did the client connect to port 25 or 578? 578 isn't the port 587? :) ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Best practices?

uth smtpd_sasl_auth_enable = no for ssl stuff. is it better to use the system defaults? I am also the postmaster of tls-mail.com. I have a suggestion that, for your homepage, can you add the protocol of SRS and AUC? regards. Jeff ___ Postfix-users mail

[pfx] Re: distributed email system

On 2024-06-15 21:35, Wietse Venema via Postfix-users wrote: This is a bit off topic for Postfix, but a comnmon approach is to shard a global database into regional ones and limit the impact of outages. Some database systems support sharding out of the box (for example, MongoDB, supported by Pos

[pfx] Re: Fastest way to reject unwanted sender

On 2024-06-15 18:14, John Levine via Postfix-users wrote: People I'm working with have a short list of addresses from which they don't want to accept mail at all, and they'd like to reject as early as possible without running it through anti-spam milters, ideally by rejecting the SMTP MAIL FROM c

[pfx] Re: distributed email system

On 2024-06-15 12:46, Jean-François Bachelet via Postfix-users wrote: Hello folks :) isn't it what sql databases replication is good for ? Replication becomes bad when network partition. ;) ___ Postfix-users mailing list -- postfix-users@postfix.or

[pfx] Re: distributed email system

On 2024-06-15 06:32, Wietse Venema via Postfix-users wrote: There is a difference between IMAP/POP and SMTP. With IMAP/POP a front end proxy needs to connect each user to the right message store instance. With SMTP, different sessions can be handled by different servers. The servers can figure

[pfx] Re: distributed email system

On 2024-06-14 22:31, Wietse Venema via Postfix-users wrote: Jeff Peng via Postfix-users: Hello, Is there any guide to setup a distributed email system? there should be multiple MX, multiple IMAP/storage servers, and sasl server cluster etc. That could be a job interview question. The

[pfx] distributed email system

Hello, Is there any guide to setup a distributed email system? there should be multiple MX, multiple IMAP/storage servers, and sasl server cluster etc. Thanks. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email t

[pfx] Re: secure the email system

Hello Wietse, I have added this line: smtpd_reject_unlisted_sender = yes into main.cf. May I ask, this option is for submission request, or for MX request? Thanks. On 2024-06-14 04:14, Wietse Venema via Postfix-users wrote: Wietse Venema via Postfix-users: A paranoid configuration could

[pfx] Re: secure the email system

On 2024-06-13 15:07, Dimitris via Postfix-users wrote: Στις 13/6/24 03:51, ο/η Jeff Peng via Postfix-users έγραψε: 3. use policyd-rate-limit to limit sending rate. 5. use policyd-spf to check sender IP's SPF and reject the failed one. 6. use opendmarc to check sender domain's DMARC

[pfx] secure the email system

atures). 8. have reject_unknown_client_hostname, reject_unknown_sender_domain options for smtpd_sender_restrictions. 9. rspamd for email content security (not deployed yet). can you give suggestions on these or is there any other options? Thanks &

[pfx] Re: DKIM policy question

nice to know the info. thanks Viktor. Per the specification, a DKIM signature that fails to match the message content MUST be treated the same as absence of DKIM signatures. Also, absent a DKIM-Signature header, you can't even find the DKIM DNS record, because the selector is unknown. Any ass

[pfx] DKIM policy question

Hello spf, dmarc have the policy to reject a message. My question is, why dkim has no choice for rejecting messages? for example, if dkim signature failed, where to instruct this message can be rejected? Thank you. ___ Postfix-users mailing list -- p

[pfx] Re: SSL_accept error for smtpd

Thanks Wietse. The request is not maken by our client, so I am safe to ignore the error. If this does not happen with a legitimate client, then this could be someone who is looking for trouble (they failed) and you can ignore the problem. ___ Post

[pfx] SSL_accept error for smtpd

Hello what's this error in mail.log? Jun 11 01:52:15 tls-mail postfix/smtpd[67409]: connect from unknown[172.210.47.140] Jun 11 01:52:16 tls-mail postfix/smtpd[67409]: SSL_accept error from unknown[172.210.47.140]: -1 Jun 11 01:52:16 tls-mail postfix/smtpd[67409]: warning: TLS library problem

[pfx] Re: Sanity check/suggestions appreciated

why not postscreen for this purpose? BTW I'm using a script (policyd.pl ) that does weighted scoring for RBLs (as well as SPF), which I'd prefer rather than doing that with Postfix directly. ___ Postfix-users mailing list -- post

[pfx] SPF format question

Hello If I have a mx server: mx.host.com whose ip is 1.2.3.4. The domain.com who use this mx server may have the following SPF. v=spf1 mx ~all v=spf1 ip4:1.2.3.4 ~all v=spf1 a:mx.host.com ~all v=spf1 mx:domain.com ~all May i know if they mean the same stuff for SPF? Thanks. __

[pfx] Re: FYI: SORBS Closing announcement from the mailop list.

I do use spamhaus, spamcop, sorbs as rbl lists. So I have to update the postscreen policy. sorry to hear that and thanks Sorbs. regards. Naturally, if you're using SORBS as an RBL in postscreen, smtpd, or a content filter (amavis, rspamd, ...) ___

[pfx] Re: force to use starttls on port 587

I have already been using postscreen for port 25. smtp inet n - y - 1 postscreen smtpd pass - - y - - smtpd dnsblog unix - - y - 0 dnsblog tlsproxy unix - - y - 0

[pfx] Re: force to use starttls on port 587

After postfix and dovecot were installed, there are 4 ports open by default. port 587 port 25 port 993 port 143 So I have improved them by implementing: 1. close public port 143 2. disable sasl auth on port 25 3. force smtp client to login using tls only on port 587 do you think there is any s

[pfx] Re: force to use starttls on port 587

That's great. thanks all. Belt and suspenders (the first setting implies the second, and the third should then never be used), in master.cf for the submission entry set: -o { smtpd_tls_security_level = encrypt } -o { smtpd_tls_auth_only = yes } -o { smtpd_sasl_security_options

[pfx] force to use starttls on port 587

Hello I have closed sasl auth on port 25. but users still can use port 587 for login with plain text. how can I force users to use submission via start-tls only? I know I can open port 465 for ssl connection. but for history reason the port 587 must be open. Thanks. ___

[pfx] Re: dmarc domain question

Some receiving systems may use a different search algorithm. See, for example (expired draft): https://www.ietf.org/archive/id/draft-levine-dmarcwalk-00.html Thanks Viktor. I will check the doc you mentioned. ___ Postfix-users mailing list

[pfx] Re: dmarc domain question

Because - as you have found - Google will anyway apply the DMARC record for the parent domain eu.org, over which you have no control, I think it is still better to have the own one. I just enabled DMARC on cloudflare where I hosted the domain. _dmarc.stackops.eu.org. 300 IN TXT "v=DMARC1;

[pfx] Re: dmarc domain question

I would like to set a seperated DMARC for xxx.eu.org. But I have no control over the sender smtp server, so dkim is not possible to be added. do you think if it's still right to add a dmarc? Thanks. Use DMARC for your own domain to clearly signal that your xxx.eu.org domain and the parent e

[pfx] dmarc domain question

Hello I am using a subdomain xxx.eu.org for sending email. Though I have not set a dmarc for xxx.eu.org, but gmail says DMARC pass. So i checked that eu.org does have a DMARC record: _dmarc.eu.org. 7200 IN TXT "v=DMARC1;p=none;sp=none;pct=10;rua=mailto:dmarc-mas...@eu.org;ruf=mailto:dmarc-mas.

Re: recipient_delimiter and bounced mail

On 06/11/2021 23:34, Viktor Dukhovni wrote: >> On 6 Nov 2021, at 3:43 pm, Jeff Abrahamson wrote: >> >> In main.cf I have set >> >> recipient_delimiter = + >> >> Reading the docs, I don't see anything else I ought to set for this to >>

Re: recipient_delimiter and bounced mail

On Sat, Nov 06, 2021 at 07:00:12PM -0400, post...@ptld.com wrote: > > My expectation is that dovecot is not involved in this issue, but I'm > > not sure, so I mention anyway that that I have set > > > >     virtual_transport = dovecot > > > Dovecot has the same setting: recipient_delimiter = + >

recipient_delimiter and bounced mail

I used to be able to receive mail at, for example, jeff+post...@p27.eu.  Such mail is now refused.  I suspect this behaviour changed when I upgraded postfix version some months back. In main.cf I have set     recipient_delimiter = + Reading the docs, I don't see anything else I ought to se

Re: SPF/DMARC modified by host en route

ounds like you're suggesting I should set up separate DKIM signing for mobilitains.fr. (I think I said that poorly.) I'll go back and read the docs again in the morning. Many thanks, though, for pointing to that anomaly. Jeff / p27.eu On 26 Apr 2021, at 9:13, Jeff Abrahamson wrote:     A

Re: SPF/DMARC modified by host en route

On 26/04/2021 14:46, Dominic Raferd wrote: > > On 26/04/2021 13:31, Jeff Abrahamson wrote: >> On 26/04/2021 12:56, Dominic Raferd wrote: >>> On 26/04/2021 10:16, Jeff Abrahamson wrote: >>>> I'm seeing a disturbing (but minority) number of hosts that class our

Re: SPF/DMARC modified by host en route

On 26/04/2021 12:56, Dominic Raferd wrote: > On 26/04/2021 10:16, Jeff Abrahamson wrote: >> >> I'm seeing a disturbing (but minority) number of hosts that class our >> mail is spam.  After some digging, I've found an interesting test >> case.  What I'm u

SPF/DMARC modified by host en route

it's somehow our fault. (Note: this is about mail for mobilitains.fr and not p27.eu.) -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ http://mobilitains.fr/

Re: SSL version question

licit exclusion).  I'm rather tempted, based on the man page, to change it to its default value (essentially, >= TLSv1).  I'm open to argument.     smtpd_tls_mandatory_ciphers = medium     # smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1     smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ http://mobilitains.fr/

Re: SSL version question

On 16/02/2021 11:46, Dominic Raferd wrote: > > On 16/02/2021 10:28, Jeff Abrahamson wrote: >> >> I have a client that's triggering these errors in my logs (and is >> therefore unable to send even though he can read mail ok): >> >>     [...] >> >

SSL version question

ointers. (Fwiw, the client is running thunderbird on Windows 10.  Hopefully that's not relevant.) -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ http://mobilitains.fr/

ipv6, SPF, DMARC

een a DNS query return an ipv6 address, so this behaviour surprised me. -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ http://mobilitains.fr/

on not being spam - mostly about DKIM and DMARC

cern.  But I've not found that documented.  (I didn't read the RFC cover to cover, I admit.) I think that section 2.8 (whitespace) of RFC 6376 and the BNF that follows says that white space doesn't count.  There are over 200 pages of RFC on DKIM (that I found before I got tired of

virtual-mailbox-users confusion

ilbox-users? Thanks for helping me understand. -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ http://mobilitains.fr/

Re: Alternate vs canonical domain name

On 24/01/2021 16:44, Wietse Venema wrote: > Jeff Abrahamson: >> On 24/01/2021 16:08, Wietse Venema wrote: >>> Jeff Abrahamson: >>>> I've a domain (mobilitains.fr) with mail mostly configured.? I've also >>>> registered mobilitain.fr (without th

Re: Alternate vs canonical domain name

On 24/01/2021 16:08, Wietse Venema wrote: > Jeff Abrahamson: >> I've a domain (mobilitains.fr) with mail mostly configured.? I've also >> registered mobilitain.fr (without the "s") to catch misspellings.? This >> is easy for https, but I don't see how

Re: New postfix server, authentication confusion

UA for the test. 3.  I'm still looking for automated testing tools that I can stick in cron so that I don't need to pay attention except if there's some day a problem. Many thanks. Jeff On 24/01/2021 13:07, Curtis Maurand wrote: > for the blackhole lists, etc.  take

Alternate vs canonical domain name

tual). Probably I'm just not asking the right question to google et al, but I'd much appreciate any pointers. Thanks much for any tips. -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ http://transport-nantes.com/

New postfix server, authentication confusion

ains.fr:{BLF-CRYPT}$2y$05$c... I do not see how postfix knows who is allowed to connect, however.  Does postfix delegate SASL to dovecot?  This is the relevant config, I think: [T] jeff@nantes-m1:log $ postconf -n | grep -i sasl broken_sasl_auth_clients = yes smtpd_recipient_restrictio

Re: refused mail/host not found -- confusion about error source

On 21/01/2021 15:31, Richard wrote: >> Date: Thursday, January 21, 2021 15:24:10 +0100 >> From: "Herbert J. Skuhra" >> >> On Thu, Jan 21, 2021 at 03:15:24PM +0100, Jeff Abrahamson wrote: >>> I've been seeing this error for this one host.  My firs

refused mail/host not found -- confusion about error source

likely misconfigured something? -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ http://transport-nantes.com/

Re: not an open relay, but something happened

On 15/12/2020 12:36, Ansgar Wiechers wrote: > On 2020-12-15 Jeff Abrahamson wrote: >> I received an obvious fishing mail today from ad...@p27.eu (my own >> domain).  I appear not to be running an open relay [...] >> >> Am I reading this wrong?  Why was that ab

not an open relay, but something happened

t: lda(jeff): msgid=<20201215025803.2e9d962210e40...@p27.eu>: saved mail to INBOX Dec 15 11:58:03 nantes-1 postfix/local[31162]: 8AFC8FF74D: to=, relay=local, delay=0.12, delays=0.08/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/lib/dovecot/deliver -c

Re: How to keep several Postfix installations in step with each other?

machines) that sends to a smarthost but doesn't receive, not even if you cc yourself. So I'd start by copying your config to your laptop, then just ask yourself what you need to change so that mail to "local" users is sent to the smarthost.  Once mail to yourself goes to smarthost, you're probably almost there. -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ http://transport-nantes.com/

Re: OpenDKIM but no log of postfix milter running or trying to run

Oh, that's awesome, thanks.  So for the first time I got a log message concerning the milter.  And so this is, indeed, an OpenDKIM issue. Many thanks, I'll go look over there for my problems. Jeff Abrahamson http://p27.eu/jeff/ http://transport-nantes.com/ On 14/10/2020 16:43, I

Re: OpenDKIM but no log of postfix milter running or trying to run

put it here. > Also, try to increase logging: > http://www.postfix.org/DEBUG_README.html I've been playing with postconf this afternoon.  It's fun, but not telling me what I don't know.  (Here I've added a blank line between the two for readability): [T] jeff@na

Re: OpenDKIM but no log of postfix milter running or trying to run

On 14/10/2020 16:06, Wietse Venema wrote: > Jeff Abrahamson: >> I've set up OpenDKIM.? I've noted the config below, but the basic issue >> is that my mails aren't being DKIM signed and my logs, while showing no >> mail-related errors, also don't show any ev

Re: OpenDKIM but no log of postfix milter running or trying to run

PLAIN, sasl_username=jeff Oct 14 15:42:54 nantes-1 postfix/cleanup[5959]: 05102FDD7F: message-id= Oct 14 15:42:54 nantes-1 postfix/qmgr[5926]: 05102FDD7F: from=, size=2588, nrcpt=1 (queue active) Oct 14 15:42:54 nantes-1 postfix/smtps/smtpd[5954]: disconnect from w.z.y.x.rev.sf

OpenDKIM but no log of postfix milter running or trying to run

ningTable is *@p27.eu nantes-1.p27.eu *@transport-nantes.com   nantes-1.p27.eu and TrustedHosts (which may not be needed) is 127.0.0.1 Any suggestions? -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ http://transport-nantes.com/

Re: Email architecture

ing I'm slowly fixing.) https://github.com/JeffAbrahamson/hosts/tree/master/p27 Please do write up and share what you learn and do for your own site. -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/

Re: Tracing single email through postfix

ort back to the list how it works out. (In passing, email message id's may be considered to contain PII.  IANAL, just a techy heavily bombarded by GDPR mails of late.) -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/

First time setting up Postfix having an issue

lay=00:00:00, mailer=relay, pri=60328, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as ABBF1330) Jan 13 17:32:05 Consortiex-VM1 postfix/local[18563]: ABBF1330: to=, relay=local, delay=0.1, delays=0.06/0.02/0/0.02, dsn=5.1.1, status=bounced (unknown user: "jeff") Jan 13 1

Re: SSL LDAP maps cause SEGV in cleanup

On Fri, May 23, 2014 at 2:18 PM, Viktor Dukhovni wrote: > On Fri, May 23, 2014 at 01:55:42PM -0500, Jeff Larsen wrote: > >> > The stack trace may help. Plus a test without chroot if chroot is >> > enabled by default (typical in Debian/Ubuntu). Still the signal 11 >&g

  1   2   3   >