On 12/27/2020 3:15 PM, Nick Tait wrote:
Hi Ludi.
One option might be to add OpenDMARC to your implementation? The
reason for mentioning this is because in addition to checking DMARC
policies, OpenDMARC also has an option to reject any message that
doesn't have the mandatory headers according
On 12/22/2020 3:10 PM, Viktor Dukhovni wrote:
On Tue, Dec 22, 2020 at 02:57:13PM -0600, John Schmerold wrote:
I should have looked at the log before sending this note. Postfix is
including a " orig_to=" header when sending to the destination server,
that is causing our problem.
T
On 12/22/2020 2:31 PM, Wietse Venema wrote:
John Schmerold:
I want messages sent to lo...@tld1.com to be redirected to
lo...@redirected.com
Until this morning, adding canonical_maps = hash:/etc/postfix/canonical
to main.cf got the job done.
canonical contained:
@tld1.com @redirected.com
error:
(expanded from ): host
mx10.redirected.com[104.119.187.151] said: 550 Unauthorized
recipient: domain part
How do I persuade Postfix to replace tld1.com with redirected.com,
without the "expanded from" issue (I am not even sure what expanded from
means)?
--
John Schm
On 8/27/2020 3:26 PM, Gregory Heytings wrote:
For cases like the one you have in mind, it is necessary to use a
milter.
Thank you for saving me some head scratching. It wouldn't be the
end of the world to spin up an Exim VM (its system_filtering is
capable of this black magic), but would p
On 8/27/2020 5:58 AM, Gregory Heytings wrote:
My Postfix server handles message for a dozen domains, for one of
these domains, I want the subject replaced with the recipient's local
part, so something like this, but put in a format that Postfix
understands:
# domain3.com is the one recipi
ts.
Thanks for you help.
--
John Schmerold
Katy Computer Systems, Inc
https://katycomputer.com
St Louis
On 11/18/2019 7:46 AM, @lbutlr wrote:
On 18 Nov 2019, at 06:04, Andrew Sullivan wrote:
At the same time, there are a _lot_ of anti-abuse techniques for mail that don't
rely on the broad hueristic of, "This TLD seems to suck,” and that don't rely
on establishing that rule as a permanent part o
c/postgrey/whitelist_clients.local manually.
I guess postscreen should also have some whitelist mechanism?
I use Postwhite to build my whitelist, I don't like it, but I do like my
job. Postwhite helps keep the clients happy.
John Schmerold
Katy Computer Systems, Inc
https://katycomputer.com
St Louis
lient_name.
http://www.postfix.org/SMTPD_POLICY_README.html
You will be rejecting everything you get from Office 365, rDNS is for
the little people.
I am a big fan of rigid adherence to rDNS & SPF rules, doing so, however
would sentence me to a life in isolation.
--
John Schmerold
Katy Co
On 11/2/2019 9:42 PM, Wietse Venema wrote:
John Schmerold:
What is the best way to protect against dictionary attacks in Postfix?
Reportedly, fail2ban (no first-hand experience, because I have no
SASL clients).
Wietse
I am using Postfix as a filter in front of O365/cpanel/Google
On 11/2/2019 3:20 PM, John Schmerold wrote:
https://mxtoolbox.com/diagnostic.aspx reported a six second connection
time, with total transaction time of nearly 9 seconds, so I dug into
the issue. I suspect I have rbl issues (perhaps too many):
postscreen_dnsbl_sites =
cbl.abuseat.org*2
the best way to troubleshoot this issue?
--
John Schmerold
Katy Computer Systems, Inc
https://katycomputer.com
St Louis
I have a few email addresses that were valid 15 years ago, but they have
been invalid for 5+ years, we are rejecting them with a 450 message, my
thought is "Let's tie up this spammer's computer just a little bit"
Good idea? Bad idea? Effective? Ineffective?
--
John Sch
On 10/24/2019 12:32 AM, @lbutlr wrote:
On 23 Oct 2019, at 15:20, lists wrote:
/\.asia$/ 510 Denied: Unacceptable TLD .asia
[Long list… removed]
smtpd_helo_restrictions = reject_invalid_helo_hostname
check_helo_access pcre:/etc/postfix/helo_checks.pcre permit
/etc/postfix/helo_checks.pcr
On 10/24/2019 4:46 AM, Jaroslaw Rafa wrote:
Dnia 23.10.2019 o godz. 23:32:44 @lbutlr pisze:
/etc/postfix/helo_checks.pcre:
/.*\.(com|net|org|edu|gov|ca|mx|de|dk|fi|fr|uk|us|tv|info|biz|eu|es|il|it|nl|name|jp|host|au|nz|ch|tv)$/
DUNNO
/.*\.*$/ 550 Mail to or from this TLD is not allowed
And thu
ter
$rcpt_fail_count recipients failed). Ratelimit incremented.
ratelimit = 0 / 2h / strict / per_conn
message = Number of failed recipients exceeded. Come back
in a few hours.
I am switching from Exim to Postfix and looking for a mechanism to block
these attacks.
--
J
p:/etc/postfix/rcptaccess
check_sender_access regexp:/etc/postfix/senderaccess check_client_access
cidr:/etc/postfix/clientaccess check_policy_service inet:127.0.0.1:10022
reject_unknown_recipient_domain reject_unverified_recipient
unverified_recipient_reject_code = 450
--
John Schmerold
K
On 10/14/2019 1:30 PM, John Schmerold wrote:
On 10/14/2019 11:41 AM, John Schmerold wrote:
One of everyone's favorite topics:
I added "virtual_alias_maps = hash:/etc/postfix/virtual" to main.cf
Then I added "joeb...@katy.net j...@katy.net" to /etc/postfix/virt
On 10/14/2019 11:41 AM, John Schmerold wrote:
One of everyone's favorite topics:
I added "virtual_alias_maps = hash:/etc/postfix/virtual" to main.cf
Then I added "joeb...@katy.net j...@katy.net" to /etc/postfix/virtual
/etc/postfix/main.cf includes:
relay_domain
thing to "check_recipient_access" in
main.cf, but I am not sure what syntax will get the job done.
--
John Schmerold
Katy Computer Systems, Inc
https://katycomputer.com
St Louis
21 matches
Mail list logo
