[pfx] Re: Still no luck with Cyrus SASL

ot 12288 Jun 22 23:36 /var/spool/postfix/etc/sasldb2 After all that is in place, I use the following to add/list/delete accounts: saslpasswd2 -c me@desktop saslpasswd2 -c me@oldPC sasldblistusers2 hth, -Jim P. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [ext] list.sys4.de fails with starttls

l.net postfix/smtpd[2306]: SSL_accept error from list.sys4.de[188.68.34.52]: lost connection Sep 17 13:25:42 mx1.domainmail.net postfix/smtpd[2306]: lost connection after STARTTLS from list.sys4.de[188.68.34.52] Sep 17 13:25:42 mx1.domainmail.net postfix/

[pfx] Re: Anyone using SMTP relay through dnsexit.com?

On 6/23/23 17:13, Christian Kivalo via Postfix-users wrote: Your lookup key is missing the [ ] you used for the relayhost setting. This results in no authentication to the dnsexit relay. This is described in the section "Enabling SASL authentication in the Postfix SMTP/LMTP client" of the SASL

[pfx] Anyone using SMTP relay through dnsexit.com?

Hey all.  Recently my ISP (Spectrum) decided (after this was working for me for almost 20 years) to make it impossible for a self hosted domain to relay through their SMTP server unless it was actually a spectrum.com email address being used.  After going back and forth with them to try to find

[pfx] Re: [External] Re: Error when telnet testing, 1st cmd always fails

Thanks Wietse, you are correct. I went into the putty config for that profile and unchecked a few things ("Answer back to ^E" was set to PuTTy, Telnet Negotiation from Active to Passive, etc) and its working now. Thanks again. Jim -Original Message- From: Wietse Venema v

[pfx] Error when telnet testing, 1st cmd always fails

Anyone have a clue whats going on/what setting needs changed/whats busted? Thanks Jim This message may contain confidential information. If you are not the intended recipient, do not disseminate, distribute, or copy this e-mail or its attachments. Please notify the sender of the error immediately b

[pfx] Re: www.postfix.org certificate expired

e next scheduled certbot run. This > is a design flaw. > Yep. Just use renew_hook in /etc/letsencrypt/renewal/whatever.conf much more reliable. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmREAuwACgkQPcxbabkK GJ/58hAAtFiHlMghxV

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

oth projects could use some polishing maybe, but that is not something that is "sad" -Jim P. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

postconf manpage suggestion

or include a warning about the possible issue under Unicode locales. -- Jim Garrison j...@acm.org

Re: Restrict access relay to single client

On 12/23/22 19:06, raf wrote: On Fri, Dec 23, 2022 at 01:14:26PM -0800, Jim Garrison wrote: [snip] Not relevant to your problem, but the above says that only ipv4 is used but your config includes ipv6 addresses. You might want to delete it (and default to "all"), or remove the ipv6

Re: Restrict access relay to single client

On 12/23/22 17:24, Wietse Venema wrote: You should also include "postconf -P" for parameter settings in master.cf. Wietse Not much there... $ postconf -P relay/unix/syslog_name = postfix/$service_name -- Jim Garrison j...@acm.org

Restrict access relay to single client

I have Postfix running inside a private LAN as an outgoing relay via GMail (no incoming Internet connections). I have two goals 1. Relay only to one specific domain 2. Accept relay from only one specific LAN client So I configured the following (complete postconf -n appended below): myhost

Re: Send email to one @domain.com via authenticated relay?

On Sat, 2022-12-03 at 10:37 -0500, John Stoffel wrote: > > > > > > "Jim" == Jim Popovitch writes: > > > On Fri, 2022-12-02 at 11:36 -0500, John Stoffel wrote: > > I check, but I find my IP for mail.stoffel.org in the UCEPROTECT-3  > > spam lis

Re: Send email to one @domain.com via authenticated relay?

On Fri, 2022-12-02 at 11:36 -0500, John Stoffel wrote: I check, but I find my IP for mail.stoffel.org in the UCEPROTECT-3  spam list. Nothing I can do about it.  I doubt that many sites block by using UCEPROTECH-3 alone, but you can  use www.whitelisted.org to be excluded from it. -Jim P.

Re: Save all emails in transit, including envelope data

On Tue, 2022-09-06 at 12:07 -0400, Wietse Venema wrote: > Jim Popovitch: > > On Tue, 2022-09-06 at 09:25 -0400, Viktor Dukhovni wrote: > > > On Tue, Sep 06, 2022 at 06:35:05AM -0400, Wietse Venema wrote: > > > > > > > > Any suggest

Re: Save all emails in transit, including envelope data

ails for a mailinglist to debug a bounce processing problem. tia, -Jim P.

fail2ban filter for spurious connections?

ands=[0123] This would trigger on any SMTP session that disconnected before processing a valid RCPT command. With a suitable maxretry setting (say 5) this would stop most probes. The Postfix question: Is there a reason this is a bad idea, and could it cause legitimate MTAs to be banned? -- Jim

Re: warning: unknown[137.xxx.xxx.253]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

rd when it changed on the server. It seems the error message always contains the base64 encoding of "Password:" regardless of the actual userid/password. Anybody know why the error message displays this (base64 encoded)? -- Jim Garrison j...@acm.org

Re: Postfix+SASL chrooted - out of ideas

On 5/28/2022 7:07 PM, Viktor Dukhovni wrote: On Sat, May 28, 2022 at 05:11:22PM -0700, Jim Garrison wrote: Foreground saslauthd command, including debug output from successful testsaslauthd but no log entries corresponding to the immediately above extract from the Postfix log: $ sudo

Re: Postfix+SASL chrooted - out of ideas

postfix:x:117: Is there an option to increase the debug level in Postfix's interaction with saslauthd? -- Jim Garrison j...@acm.org

Postfix+SASL chrooted - out of ideas

250-DSN 250-SMTPUTF8 250 CHUNKING AUTH PLAIN [redacted base64] 535 5.7.8 Error: authentication failed: bad protocol / cancel QUIT DONE -- Jim Garrison j...@acm.org

Re: Migrate mbox from 2.6.6 to 3.5.6

r end. Otherwise, indeed the mbox file format hasn't changed in decades. Thanks to all who have responded. I'll be performing the cutover later this weekend. -- Jim Garrison j...@acm.org

Migrate mbox from 2.6.6 to 3.5.6

host for each user? I.e. is the mbox format used still the same, or will I run into incompatibilities? If a conversion or format upgrade is necessary, what is involved? Thanks -- Jim Garrison j...@acm.org

if/endif header_check

Hello! I'm trying to get a complex header_check to work, and unfortunately it isn't. :( I started in #postfix and figured I would follow up here too. The goal is to put mail on HOLD if it is not spam and is destined for 2 role accounts. Any help is much appreciated. ~$ cat header_checks.pcre

Re: postconf -d smtpd_relay_restrictions

On Thu, 2022-01-06 at 12:23 -0500, Wietse Venema wrote: > Jim Popovitch: > > This config produces the warning/error message: > > > > mail_version = 3.6.3 > > smtpd_relay_restrictions = ${{$compatibility_level} > {permit_mynetworks, permit_sasl_authenticated

Re: postconf -d smtpd_relay_restrictions

On Thu, 2022-01-06 at 11:32 -0500, Wietse Venema wrote: > Jim Popovitch: > > On Thu, 2022-01-06 at 22:29 +1100, Viktor Dukhovni wrote: > > > > > > > > > Removing the compatibility_level setting entirely could introduce > > > the reported sympto

Re: postconf -d smtpd_relay_restrictions

gs in smtpd_recipient_restrictions, however I do have permit_auth_destination set. -Jim P.

Re: postconf -d smtpd_relay_restrictions

On Thu, 2022-01-06 at 00:11 +0100, John Fawcett wrote: > On 05/01/2022 21:21, Jim Popovitch wrote: > > On Wed, 2022-01-05 at 20:45 +0100, John Fawcett wrote: > > > On 05/01/2022 20:19, Jim Popovitch wrote: > > > > This can't be right > > > > >

Re: postconf -d smtpd_relay_restrictions

On Wed, 2022-01-05 at 20:45 +0100, John Fawcett wrote: > On 05/01/2022 20:19, Jim Popovitch wrote: > > This can't be right > > > > Using 'postconf -d smtpd_relay_restrictions'... > > > > ...on postfix v3.5 (Debian/Buster) > > sm

postconf -d smtpd_relay_restrictions

This can't be right Using 'postconf -d smtpd_relay_restrictions'... ...on postfix v3.5 (Debian/Buster) smtpd_relay_restrictions = ${{$compatibility_level} < {1} ? {} : {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}} ...on postfix v3.6.3 (Debian/Bookworm) smtpd_relay

Re: Fatal: no SASL authentication mechanisms

r/lib/mailman/bin/postfix-to-mailman.py > ${nexthop} > ${user} > policyd-spf unix - n n - 0 spawn > user=policyd-spf > argv=/usr/bin/policyd-spf > > Those lines above look debian'ish to me. If you are running debian, then make sure you have libsasl2-2, libsasl2-modules and libsasl2- modules-db installed. -Jim P.

Re: feature request: improve vague/incorrect error message

On Tue, Nov 16, 2021 at 11:41 (-0500), Kris Deugau wrote: > Jim wrote: >> On Mon, Nov 15, 2021 at 12:25 (-0500), Wietse Venema wrote: >>> Instead, use Maildir format with one message per file, >> I thought about that once, but I decided I have too many e-mail >>

Re: feature request: improve vague/incorrect error message

Wietse, On Mon, Nov 15, 2021 at 12:25 (-0500), Wietse Venema wrote: > Jim: >> On Artix, the default is 5120. (Aside: in 1985, that would have > Postfix has limits on everything, so that the mail system will not > get stuck. It's really a bad idea to disable them. I ag

feature request: improve vague/incorrect error message

in fact wrong, because (a) it didn't need to *create* the output file, and (b) it was able to write to the output file, it just didn't want to.) Thanks for reading. Jim

Re: "parameter inet_interfaces: no local interface found for 127.0.0.2" at reboot, but not on manual systemctl start

On 7/29/2021 12:34 AM, Matus UHLAR - fantomas wrote: On 28.07.21 12:54, Jim Garrison wrote: This means that Postfix now starts up before the network is completely up, and systemd's DNS resolution hack (systemd-resolved.service), finding no interfaces up yet, resolves 'localhost

Re: "parameter inet_interfaces: no local interface found for 127.0.0.2" at reboot, but not on manual systemctl start

On 7/28/2021 1:49 PM, Wietse Venema wrote: Jim Garrison: For anyone encountering this error, I've traced it to a regression of a very old bug relating to systemd service ordering dependencies. In my case, OS is CentOS Linux release 8.4.2105 postfix-3.5.8-1.el8.x86_64 Since a recent u

"parameter inet_interfaces: no local interface found for 127.0.0.2" at reboot, but not on manual systemctl start

tfix.service" and restore the "After=" dependency on network-online.target -- Jim Garrison j...@acm.org

Re: Illegal address syntax in MAIL command

That did the trick! Many thanks. ;) On 2021-07-07 10:21, Kevin N. wrote: It seems that in the MAIL command the IP address is still not between []. should be On a quick look, it seems that you could try setting resolve_numeric_domain = yes in your Postfix configuration and see if that cha

Re: Illegal address syntax in MAIL command

I believe you are correct, but again I have no control over that part. Also, I mistakenly attached the log attempt from the telnet session I tried, the actual systems having issues have the from address within brackets, here is the system in question: Jul 6 15:18:42 localhost postfix/smtpd[4

Illegal address syntax in MAIL command

Hello folks. I have set up a fresh instance of Postfix at my office to help do some troubleshooting on another issue. There is a relay upstream that is having issues forwarding mail from some devices here, and this seemed the easiest way to get some data to help them troubleshoot. Install is

Re: Search for free MX Backup Service

nturyLink due to some things outside of my control. I'm 100% sure the reverse situation exists somewhere even though I may not know about it today. So my resolution to others' corporate greed and neck beard routing laziness is more than 1 MX. -Jim P.

Re: Does smtpd_milters=inet:.... round-robin if the hostname has multiple IPs?

On Mon, 2021-05-31 at 19:07 -0400, Wietse Venema wrote: > Jim Popovitch: > > > Postfix will try each IP address in the order as returned from > > > getaddrinfo(3) until it can establish a TCP connection. Postfix > > > will not reconnect when an established Milter

Re: Does smtpd_milters=inet:.... round-robin if the hostname has multiple IPs?

On Mon, 2021-05-31 at 18:20 -0400, Wietse Venema wrote: > Jim Popovitch: > > On Mon, 2021-05-31 at 16:18 -0400, Wietse Venema wrote: > > > Jim Popovitch: > > > > Hello, > > > > > > > > If given hostname that resolves to multiple A/ reco

Re: Does smtpd_milters=inet:.... round-robin if the hostname has multiple IPs?

On Mon, 2021-05-31 at 16:18 -0400, Wietse Venema wrote: > Jim Popovitch: > > Hello, > > > > If given hostname that resolves to multiple A/ records, will > > smtpd_milters=inet:... cycle through all A/ records until if > > finds a host that it can connect

Does smtpd_milters=inet:.... round-robin if the hostname has multiple IPs?

Hello, If given hostname that resolves to multiple A/ records, will smtpd_milters=inet:... cycle through all A/ records until if finds a host that it can connect to? If so, does it make sense to reduce milter_connect_timeout to 10 or 15 seconds? tia, -Jim P.

Re: strange characters in log

ˆÙ„-العالمي.شبكة" to ASCII form: UIDNA_ERROR_DISALLOWED -Jim P.

Re: Logging Question: SASL Auth Failures?

om the web, which is often incorrect. Ok. Thanks, Wietse. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>.

Logging Question: SASL Auth Failures?

addition to, the mail log. Anybody know what is the syslog severity level and facility code attached to SASL auth errors? Thanks, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me

Re: Connection refused / telnet: connect to address 10.5.2.1: Connection refused

> On 29 Dec 2020, at 12:58, Wolfgang Paul Rauchholz > wrote: > > The server is listening on port 25, 587 and 465 > netstat -plutn | grep 25 and 587 > tcp0 0 127.0.0.1:250.0.0.0:* LISTEN > 28704/master > tcp0 0 127.0.0.1:587 0

Re: Postfix 3.5.5 and TLS handshake failure

tem_srvr.c:2259: Jul 26 07:00:37 morbo postfix/master[49852]: warning: process /usr/local/libexec/postfix/smtpd pid 73115 killed by signal 11 When the me.com server tries again, the TLS handshake works: Jul 26 07:10:34 morbo postfix/smtpd[73299]: Anonymous TLS connection established from st11p00im-ztba01351701.me.com[17.172.82.217]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Jul 26 07:10:34 morbo postfix/smtpd[73299]: 4BF4bG2wSxzwPm: client=st11p00im-ztba01351701.me.com[17.172.82.217] -jim

Re: may we suggest ICANN not run that many new tlds?

> On 19 Nov 2019, at 09:58, Merrick wrote: > > in the coming future, everything is a TLD, the cat, the dog, the pig, the > rose, the coffee, the wine, the bike ... > that would be terrible for domain based validation. > we have already too many TLDs today. > may we suggest ICANN not open a ne

Re: Error 46 with TLS

e/smtp.domainmail.net/privkey.pem smtpd_tls_cert_file=/etc/letsencrypt/live/smtp.domainmail.net/cert.pem smtpd_tls_CAfile=/etc/letsencrypt/live/smtp.domainmail.net/fullchain.pem smtpd_tls_CApath=/etc/ssl/certs/ -Jim P.

Re: Refuse mail from hosts with closed port 25

> On 16 Sep 2019, at 14:17, Paul van der Vlis wrote: > >> A significant number of installations will use different servers for >> inbound and outbound email. > > I know a provider what is actually using this. I guess only the big > providers will have different servers for inbound and outboun

Re: Refuse mail from hosts with closed port 25

> On 16 Sep 2019, at 13:47, Paul van der Vlis wrote: > > How can I refuse mail from hosts who don't have an open port 25? > > What do you think from such a check? It’s a stunningly bad idea. Don’t do it. Many enterprises and cloud-based mail providers have discrete servers/systems handling

Re: 'SERVFAIL' error on DNS 'TXT' lookup

> On 14 Jun 2019, at 14:24, klirstr wrote: > > host smtp.customerdomain.com[customer-mx-server-ip] said: 450 4.7.1 > : Recipient address rejected: > SPF-Result=smtp.mydomain.com: 'SERVFAIL' error on DNS 'TXT' lookup of > 'smtp.mydomain.com' (in reply to RCPT TO command)) >

Re: Can postscreen whitelist?

On Mon, 2019-04-15 at 10:21 -0600, Shawn Heisey wrote: > On 4/15/2019 10:02 AM, Jim P. wrote: > > Sure. You want postscreen_access_list, which defaults to permit_mynetworks. > > Just add it to your config with a lookup table like so: > > > > postscreen_access_list = p

Re: Can postscreen whitelist?

permit # camomile.cloud9.net 168.100.1.4 permit # russian-caravan.cloud9.net 2604:8d00:0:1::4permit # russian-caravan.cloud9.net 168.100.1.7 permit # english-breakfast.cloud9.net 2604:8d00:0:1::7permit # english-breakfast.cloud9.net hth, -Jim P.

Re: OpenDKIM not signing

Try using ExternalIgnoreList (i don't know why it works, but it does) #InternalHosts refile:/etc/opendkim/InternalHosts ExternalIgnoreList refile:/etc/opendkim/InternalHosts hth, -Jim P.

What's new in log file parsers? Anything better than pflogsumm?

I'm looking for a postfix log file parser that can provide the number of messages delivered, broken down by sending domain, and per hour counts on a daily basis. I have looked at pflogsumm, but it seems a bit dated, and isn't as flexible as I had hoped. Can someone suggest any alternatives? -

Re: Rethinking the Postfix release schedule

d personnel. -Jim P.

Re: mailer-daemon bounce notifications with original message in clear text?

As a followup, we found a workaround... postconf -e bounce_size_limit=1 zmcontrol restart (Yes, this is Zimbra.) This had the effect of including the bounce notification and headers, but without the original email content (and no .eml attachment). -- Sent from: http://postfix.1071664.n5.nabbl

Re: mailer-daemon bounce notifications with original message in clear text?

The sending platform is Sitecore, which I believe is a Microsoft platform. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html

mailer-daemon bounce notifications with original message in clear text?

We have a client connecting with a custom pop-client script that wants to parse mailer-daemon bounce notifications. But the original email content is being returned as an .eml attachment. Is there any way to configure bounce to compose the response message in clear text (message/rfc822)? mail_v

Re: SSL not working after unwanted server migration

gth, it's default on Debian is 1024. -Jim P.

Re: Installing LetsEncrypt For Postfix and Dovecot

On Thu, 2018-11-29 at 09:28 +0100, Matus UHLAR - fantomas wrote: > > On Wed, 2018-11-28 at 10:03 +0100, Matus UHLAR - fantomas wrote: > > > But I prefer dehydrated over bloated certbot. > > On 28.11.18 09:49, Jim P. wrote: > > This comes up enough to warrant the foll

Re: Installing LetsEncrypt For Postfix and Dovecot

On Wed, 2018-11-28 at 12:25 -0500, Viktor Dukhovni wrote: > > On Nov 28, 2018, at 9:49 AM, Jim P. wrote: > > > > 1) What do you do about restarting services after automatic cert > > renewals in the middle of a holiday weekend?  (i.e. renew_hook in > > /etc/letsencr

Re: Installing LetsEncrypt For Postfix and Dovecot

middle of a holiday weekend? (i.e. renew_hook in /etc/letsencrypt/renewal/*.conf) 2) What do you do to list all certs to show revocation, expiration, renewal status (e.g. certbot certificates) -Jim P.

Re: A bit stuck compiling Postfix on Mac Mojave.

On 19 Nov 2018, at 15:42, Robert Chalmers wrote: > > "_OpenSSL_version", referenced from: > import-atom in libpostfix-tls.dylib > ... > "_X509_up_ref", referenced from: > import-atom in libpostfix-tls.dylib > ld: symbol(s) not found for architecture x86_64 > clang: error: linker comm

Re: Reminder DNSSEC Root KSK roll today

> On 11 Oct 2018, at 19:07, pg...@dev-mail.net wrote: > >> The switch to the new KSK seems the most likely cause, assuming DNSSEC >> validation always worked for you before then. > > It's been 'working' for ages. Yes, I could have been 'just lucky for a long > time'. DNSSEC is very brittl

Re: Reminder DNSSEC Root KSK roll today

On 11 Oct 2018, at 18:27, pg...@dev-mail.net wrote: > > Changing my local dns (named) config to > > - dnssec-enable yes; > + dnssec-enable no; > dnssec-lookaside no; > - dnssec-validation yes; > + dnssec-validation no; > > ge

Re: [Postfix] Re: [Postfix] Re: [Postfix] Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

On Tue, 2018-05-29 at 13:57 -0400, Viktor Dukhovni wrote: > > On May 29, 2018, at 1:54 PM, Jim P. wrote: > > > > It's more of a language "feature".  This works: > > > > LANG=C comm -1 -2 <(postconf -n) <(postconf -d) > > >

Re: [Postfix] Re: [Postfix] Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

On Tue, 2018-05-29 at 13:32 -0400, Viktor Dukhovni wrote: > > On May 29, 2018, at 12:28 PM, Jim P. wrote: > > > > FWIW, I had to use this: > > > > comm -1 -2 <(postconf -n|sort) <(postconf -d|sort) > > That'd only be needed if you have a funny

Re: [Postfix] Re: Question about disabling SSLv2 and SSLv3 and Opportunistic TLS

everything identical to > > default. > > You can get changed parameters that are at their default value with: > > comm -1 -2 <(postconf -n) <(postconf -d) FWIW, I had to use this: comm -1 -2 <(postconf -n|sort) <(postconf -d|sort) -Jim P.

Re: Hotmail spam prevention mech.

> On 16 Jan 2018, at 10:49, jin&hitman&Barracuda wrote: > > We are having difficulties while delivering mails to Microsoft's domains like > hotmail and outlook. They appear to have a DNS problem which is causing outbound mail to fail. Their SMTP servers are using non-existent hostnames when

Re: Accurate install guide for Postfix on Ubuntu 16.04 LTS

> On 15 Sep 2017, at 11:07, pjakcity wrote: > > All i want is enough understanding that wont take me years so i can set this > up, but understand what features are present and what they do (in a broad > sence) Note the O/P's email address Dear Internet, please do my classwork for me.

Re: Check out my Kickstarter

For those that are user’s of Kickstarter, might I suggest reported this campaign for spamming. Here’s the link: https://www.kickstarter.com/projects/1349369124/endfirst-accelerate-your-business-communication-fo?ref=nav_search --- Jim McCorison Orcas Island, WA > On Apr 12, 2017, at 3:14

Re: Where are bounce messages for milters configured?

> On 10 Mar 2017, at 16:48, Linda Pagillo wrote: > > Also, is SMFIS_REJECT* even a file where I can configure a bounce message or > is it just a protocol which means "reject”. SMFIS_REJECT is a status/error code in the milter protocol. What some milter application does when SMFIS_REJECT gets

launchd plist files on MacOSX

> On 3 Jan 2017, at 14:37, Robert Chalmers wrote: > > To start Postscript I use the following plist file. Based in > /Library/LaunchDaemons > > org.postfix.master.plist Don’t do that. Pick names for your own plist files that don’t clash with the ones Apple use. There will be confusion if yo

Re: DNS round robin on helo?

> On 15 Dec 2016, at 16:01, L.P.H. van Belle wrote: > > Hello Noel/Jim, > > Thank you for the replies. If you’re going to continue hiding the actual names and addresses, don’t bother posting followups. As far as I know, nobody on this list is a mind reader. How do you e

Re: DNS round robin on helo?

> On 15 Dec 2016, at 14:56, L.P.H. van Belle wrote: > > Now the thing i dont get. > > 1) if both ipnumbers have a hostname, why do i see : unknown[1.2.3.4] Your starting assumption is wrong or mistaken. If the postfix logs are saying "unknown[1.2.3.4]” it means reverse lookups of tha

Re: TLD blocking revisited

> On 21 Sep 2016, at 01:40, Sebastian Nielsen wrote: > > I would really suggest using DISCARD instead of "500 This TLD sends spam - g > e t lost.". > Thus the spammer dosen't get to know he got stuck in a spam filter and can > update their tools to bypass it. Spammers generally don’t pay that l

Re: TLD blocking revisited

> On 20 Sep 2016, at 21:10, li...@lazygranch.com wrote: > > What is the simplest way to block a TLD? Put the offending TLD in a map and have that map referenced through check_sender_access and/or check_client_access. ie in main.cf: smtpd_client_restrictions = permit_mynetworks

Re: OpenBSD build 'OPENSSL_VERSION' undeclared

> On 23 Aug 2016, at 20:44, David Benfell wrote: > > What I have now, which should not be considered complete because the dovecot > part isn't working I’d bet money on that being caused by a broken OpenSSL installation too. Check your OpenSSL setup before you do *anything* else. References to

Re: OpenBSD build 'OPENSSL_VERSION' undeclared

> On 23 Aug 2016, at 20:16, Wietse Venema wrote: > > David Benfell: >> So now I have: >> >> make tidy \ >>&& make makefiles CCARGS="-DUSE_TLS >> -I/usr/local/include/eopenssl/openssl > > Try: -I/usr/local/include/eopenssl Looks like the OP made a typo when they orginally installed Ope

Re: Postscreen white listing based on MX, SPF

> On 16 Jul 2016, at 02:50, Lefteris Tsintjelis wrote: > > I was thinking it more in simple DNS terms only and a simply reverse > look up of the IP and then extract the domain from there but it is not > possible without the FROM. That wouldn’t have worked anyway. Assuming a reverse lookup of a

Re: Is not honoring bounces-to violation of RFC?

> On 28 Jun 2016, at 20:26, Jeffs Chips wrote: > > I'm just saying that ALL email campaign services allow and indeed suggest > users to identity a specific sole purpose email account in which to receive > bounces to eliminate spam and which almost all email campaigners adhere to The IETF proc

Re: Is not honoring bounces-to violation of RFC?

> On 28 Jun 2016, at 19:28, Chip wrote: > > Okay maybe it's not in RFC's but I would it would be at least a > recommendation that bounces can be routed back to bounces-to rather than > reply-to. After all, why have the field at all if it's not used properly. No RFC defines a bounces-to email

Re: detecting /etc/resolv.conf

> On 13 May 2016, at 09:56, Hans Ginzel wrote: > > Does Postfix detect changes in /etc/resolv.conf to flush its dns caches etc, > please? Changing /etc/resolv.conf has no impact on what DNS data an application or name server has cached. All that can do is tell an application which name server

Re: Is the reason for this "connect from unknown[65.181.123.80]" from NXDOMAIN? Is it safe to reject it always?

> On 21 Apr 2016, at 20:46, wrote: > > What is "unknown" in this case? > > I think it is the RDNS that is not there? Yes. There’s no reverse DNS for the connecting IP address. > host 65.181.123.80 > Host 80.123.181.65.in-addr.arpa. not found: 3(NXDOMAIN) You should really use di

source code for MacOSX tools

> On 13 Mar 2016, at 15:06, Robert Chalmers wrote: > > Nice hardware, but the software is really recycled FreeBSD. say what? The MacOSX kernel is based on Mach, not BSD, though that Mach kernel presents a largely BSD-flavour/POSIX API to user mode applications. It might be fairer to say FreeB

working around System Integrity Protection on MacOSX

> On 13 Mar 2016, at 14:07, Larry Stone wrote: > > The only “pain” likely to result is if you aren’t smart and let malware do > something bad. OS X (at least so far) does not care if SIP is on or off. SIP, > IMHO, is protection for those who don’t know what they are doing but is in > the way

Re: Is /usr/bin/mail a link to sendmail/postfix

> On 13 Mar 2016, at 08:41, Alice Wonder wrote: > > It's possible the mail command on OS X is using the OS X sendmail command > provided by the OS X postfix which would want its configuration file at > /etc/postfix/main.cf It is. Though MacOSX puts the sendmail front-end in /usr/sbin:

pfctl on MacOSX

> On 5 Mar 2016, at 15:38, Robert Chalmers wrote: > > Also, I can see that pfctl -e turns it on - enables it, but I can’t see how > that is put in place automatically. On re boot, it’s once again disabled, and > pf is not working. Even though the plist is loading. Did you tell the OS to switc

access permissions 101

> On 19 Feb 2016, at 23:52, Sebastian Nielsen wrote: > > but if you're hosting for example a mail server for a company, and only you > as a sysadmin has shell access to the server, its no danger 666'ing files > that throw permission errors. Then the file isn't really "world writable", > since

Re: Postfix and (Open)DKIM: Received Email?

On Thu, 24 Sep 2015 08:48:24 -0400 (EDT) wie...@porcupine.org (Wietse Venema) wrote: > Jim Seymour: > > Hi All, > > > > I just installed, configured and have working OpenDKIM. I can see > > outgoing email is being properly signed, but not certain what it's > &

Postfix and (Open)DKIM: Received Email?

r outgoing email, but not a word on what it does for you on received email--e.g.: validating the signatures on same, alerting you to mis-matches, or whatever? Can somebody either enlighten me or point me in a direction in which I might find enlightenment? Thanks, Jim -- Note: My mail server emp

Re: postfix3.0.2 compile error on AIX61/71

On 4 Sep 2015, at 23:43, Takae Harrington wrote: > does u_short/u_int, and unassigned makes difference? Maybe, maybe not. Consult your C compiler documentation. BTW I assume you meant "unsigned" instead of "unassigned". Though I doubt compiler documentation will help you because the definition

Re: postfix3.0.2 compile error on AIX61/71

On 4 Sep 2015, at 23:43, Takae Harrington wrote: > does u_short/u_int, and unassigned makes difference? Maybe, maybe not. Consult your C compiler documentation. BTW I assume you meant "unsigned" instead of "unassigned". Though I doubt compiler documentation will help you because the definition

Re: postfix3.0.2 compile error on AIX61/71

On 3 Sep 2015, at 22:11, Takae Harrington wrote: > When I compile postfix3.0.2 (the same issue has existed since 2.11.x) on > aix61 and aix71, I get this error: > > [vq2ua613:/staging/Postfix-3.0.2]make > dns_lookup.c: In function 'dns_query': > dns_lookup.c:339: error: 'HEADER' has no member

Re: Postfix and Mailman 2 virtual alias domain integration

On 18 Aug 2015, at 22:06, Tom Browder wrote: > Okay, I assume then that this should be the only PTR record: > > 4.3.2.1.in-addr.arpa. IN PTR B.tld. Yes. Provided of course B.tld is The One True Hostname for your server. BTW, you will get on a lot better if your postings used the actual IP add

  1   2   3   >