>I have an email receiving setup with one Postfix instance mapped to one
>instance of Amavisd-new (spamassassin, ClamAV),
>
>Now to prepare for increasing traffic, I am looking on to scale out strategies
>of my setup.
>
>So with that in mind, is it possible that one instance of Postfix can itse
>On Fri, Aug 16, 2013 at 04:22:50PM -0500, lcon...@go2france.com wrote:
>> postconf mail_version
>> mail_version = 2.3.3
>>
>>
>> uname -a
>> Linux . 2.6.18-128.2.1.el5 #1 SMP Wed Jul 8 11:54:47 EDT 2009
>> x86_64 x86_64 x86_64 GNU/Linux
>>
>> got an "access denied" for an IP that is in a
At 07:18 AM 6/1/2013, you wrote:
>Am 31.05.2013 22:56, schrieb Wietse Venema:
>> After the confusion that Postfix 2.10 is not Postfix 2.1, maybe it
>> is time to change the release numbering scheme.
don't dumb postfix down. keep the current numbering style.
Len
>
>Unfortunately I am not using clamav-milter, only clamsmtpd. This doesn't
>exclude clamav-milter as a potential solution though.
The huge weakness of clamsmtpd is that the developer says there is now way to
release false positives.
Len
freebsd 9.0
postfix 2.10
we have:
master.cf
orange unix - - n - 1 smtp
and transport.map
orange.fr orange:
wanadoo.fr orange:
main.cf
postconf | egrep destination | egrep -iv '\$'
default_destination_concurrency_failed_cohort_limit = 1
default_destination_concurrency_limit = 1
default_dest
At 04:36 AM 9/19/2012, you wrote:
>I'm trying to debug a DNS issue:
>
># host www.pimda.eu
>www.pimda.eu has address 88.208.252.197
>Host www.pimda.eu not found: 3(NXDOMAIN)
>Host www.pimda.eu not found: 3(NXDOMAIN)
>
>Where does the NXDOMAIN come from?
>
># host -t a www.pimda.eu
>www.pimda.eu ha
a bad MBL sig quarantined a few 1000 legit msgs.
Thanks
Len
a bad MBL sig quarantined a few 1000 legit msgs.
Thanks
Len
At 04:16 PM 7/23/2012, you wrote:
>Hello,
>
>Sorry for the broad question, but is there any sort of best common practice
>these days regarding limiting outbound email? We recently had a customer's
>account compromised (not sure if it was brute-forced or keylogged) and then
>the perp proceeded t
At 02:54 PM 6/24/2012, you wrote:
>Viktor Dukhovni:
>> On Sat, Jun 23, 2012 at 07:35:53PM -0400, Wietse Venema wrote:
>>
>> > Len Conrad:
>> > > Releasing from HOLD to deliverable is clear (and used often)
>> > >
>> > > but how to
Releasing from HOLD to deliverable is clear (and used often)
but how to move deferred to HOLD?
Len
-- Original Message --
From: "Len Conrad "
Reply-To:
Date: Tue, 6 Dec 2011 19:11:47 +0100
>-- Original Message --
>From: Wietse Venema
>Reply-To: Postfix users
>Date: Tue, 6 Dec 20
-- Original Message --
From: Wietse Venema
Reply-To: Postfix users
Date: Tue, 6 Dec 2011 13:05:39 -0500 (EST)
>Len Conrad :
>> Freebsd 7.2
>>
>> was postfix from last march, 2.8?
>>
>> upgraded to postfix-current 2.9-20
Freebsd 7.2
was postfix from last march, 2.8?
upgraded to postfix-current 2.9-2025
Dec 6 11:54:42 mx1..net/mx1..net postfix/master[14638]: warning:
process /usr/local/libexec/postfix/qmgr pid 14721 exit status 1
Dec 6 11:54:42 mx1..net/mx1..net postfix/master[14638]: warni
At 05:56 AM 7/1/2011, you wrote:
>Hi to all,
>i describe my scenarious and i'd like any suggest to resolve/limit the problem.
>
>Some user, in my University, reply to phishing email and give username and
>password of your email account; then the malicious send spam email up to we
>block account,
At 04:48 PM 6/1/2011, you wrote:
>On 2011-06-01 Shawn Heisey wrote:
>> On 6/1/2011 12:57 PM, Ansgar Wiechers wrote:
>>> I'm aware of two ways to verify recipients when relaying mail to
>>> upstream Exchange servers:
>>>
>>> - Export recipient addresses from AD and use that list as
>>> $relay_rec
8.2-RELEASE FreeBSD
make && install done here:
cat /usr/ports/mail/postfix-current/distinfo
SHA256 (postfix/postfix-2.9-20110501.tar.gz) =
5789269f34fa152e39a70af3077f3ce4bc9c4e52fc67bb50a42e5d245ee1da3b
SIZE (postfix/postfix-2.9-20110501.tar.gz) = 3671046
pkg_info shows:
mysql-client-5.5.11
At 04:03 AM 1/17/2011, you wrote:
>Dear List,
>
>I'd like to limit the outgoing E-mails. We have a lot of "newsletter"
>users who like to send E-mail via php... so the 80% of the mail comes
>from: 127.0.0.1. But I'd like to limit them to 20 mails / 5 minutes.
>
>How can I set up the rate control, t
uname -a
FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE
postconf mail_version
mail_version = 2.8-20101108
master.cf
smtpd pass - - n - - smtpd -v
smtp inet n - n - 1 postscreen -v
dnsblog unix - - n - 0
At 08:10 PM 12/10/2010, you wrote:
>mx1# pkg_info | egrep -i "(postfix|db4)"
>
>db41-4.1.25_4 The Berkeley DB package, revision 4.1
>
>postfix-current-2.8.20101108,4 A secure alternative to widely-used Sendmail
>
>... both installed with make and make install
>
>postconf -m
>btree
>cidr
>env
mx1# pkg_info | egrep -i "(postfix|db4)"
db41-4.1.25_4 The Berkeley DB package, revision 4.1
postfix-current-2.8.20101108,4 A secure alternative to widely-used Sendmail
... both installed with make and make install
postconf -m
btree
cidr
environ
hash
internal
mysql
pcre
proxy
regexp
stat
>Not entirely, because I can't combine scores in smtpd.
postfwd policy service can weight and score.
Len
At 08:29 AM 11/28/2010, you wrote:
>Le 28/11/2010 15:14, Len Conrad a écrit :
>>
>>>>[snip]
>>>>
>>>>but postfix ain't happy:
>>>>
>>>>Nov 26 15:23:02 mgw1 postfix/smtpd[92264]: fatal: host/service
>>>>localho
>Wietse Venema:
>> Len Conrad:
>> > main.cf:
>> >
>> > check_policy_service inet:127.0.0.1:10023,
>> >
>> >
>> > but postfix ain't happy:
>> >
>> > Nov 26 15:23:02 mgw1 postfix/smtpd[92264]: fatal: host
>>[snip]
>>
>>but postfix ain't happy:
>>
>>Nov 26 15:23:02 mgw1 postfix/smtpd[92264]: fatal: host/service
>>localhost/10023 not found: hostname nor servname provided, or not known
>>
>>Nov 26 15:23:03 mgw1 postfix/master[87697]: warning: process
>>/usr/local/libexec/postfix/smtpd pid 92264 exit
freebsd 8.1 release
mail_version = 2.8-20101108
no chroot
/etc/hosts contains this and the usual non-local host lines:
127.0.0.1 localhost
postgrey params:
postgrey_flags=${postgrey_flags:-"--pidfile=${postgrey_pidfile} \
--inet=10023 \
-d \
--user=postgrey \
--group=postgr
>Len Conrad:
>> At 09:12 AM 11/19/2010, you wrote:
>> >Len Conrad:
>> >> The scan dir ownership was fixed by running postfix-install. not
>> >> sure how another guy detected that scan was bad ownership, since
>> >> that finding was not logg
At 09:12 AM 11/19/2010, you wrote:
>Len Conrad:
>> The scan dir ownership was fixed by running postfix-install. not
>> sure how another guy detected that scan was bad ownership, since
>> that finding was not logged after I moved the scan/* msgs out.
>>
>> I'v
At 06:09 AM 11/19/2010, you wrote:
>Len Conrad:
>>
>> Had a power failure on a linux RHEL and postfix. disk got messed up a
>> little bit but linux seemed to fix it up. all apps and services are running
>> except postfix.
>>
>> I've had this p
Had a power failure on a linux RHEL and postfix. disk got messed up a little
bit but linux seemed to fix it up. all apps and services are running except
postfix.
I've had this problem before on another machine, and it was permissions.
postfix set-permissions
... doesn't solve it
postfix
-- Original Message --
From: Noel Jones
Reply-To: postfix users
Date: Mon, 25 Oct 2010 06:16:07 -0500
>On 10/25/2010 4:28 AM, Len Conrad wrote:
>>
>> I'm testing a new filter, so I HOLD matching messages, then inspect them to
>>
I'm testing a new filter, so I HOLD matching messages, then inspect them to
either release or delete them.
egrep -ic "hold: " /var/log/maillog
298
but in mailq:
mailq | mailq-oneline.pl | egrep -ic "! "
35
cross checking:
find /var/spool/postfix/hold -type f | wc -l
35
In case I for
>At many Universities there is a continual problem with accounts being phished
>and used to send spam. We have a number of measures that catch stolen
>accounts but they take a little bit of time to block outgoing email.
>
>Ideally I'd like to hold email to either a new address or a new
>address
=>I actually use postgrey as greylisting utility
>
>I have no experience with other greylisting softwares
>but Postfix "gurus" advice would be greatly appreciated
>to compare and eventually change for another software.
postgrey and its fork sqlgrey are pretty much optimum. I think changing to
so
-- Original Message --
From: Claus Assmann
Date: Thu, 30 Sep 2010 11:07:23 -0700
>On Thu, Sep 30, 2010, Victor Duchovni wrote:
>
>> Do you have a tcpdump capture? From the above it sounds like HELO is
>> sent before the 220 banner. That's a protocol error.
At 10:46 AM 9/19/2010, you wrote:
>On Sun, 2010-09-19 at 10:16:48 -0500, Len Conrad wrote:
>
>[ .. ]
>
>> so you're both saying that a dns query to the system resolver by
>> unprivileged postscreen gets different results than a query from
>> privileged dig?
>
I'm logged into the postscreen machine and su to root to work on
postfix and run dig.
>
>>>Well that is your mistake. You must do the tests as an UNPRIVILEGED
>>>user. Not root, not group wheel, none of that
>
>>It's a basic beginner mistake, but it's not my mistake, nor the
>>problem.:)
>
>Len Conrad:
>> >>> Did you use the same resolv.conf on the same host.
>> >>
>> >>Did you do the lookups as an UNPRIVILEGED user.
>> >>
>> >>You are giving zero details, so I have to start at the bottom.
>> >
>> &
>>Wietse Venema:
>>> Len Conrad:
>>> > postconf mail_version
>>> > mail_version = 2.7-20091209
>>> >
>>> > we run a copy of zen locally:
>>> >
>>> > process dnblog -v logs:
>>> >
>>&
>Wietse Venema:
>> Len Conrad:
>> > postconf mail_version
>> > mail_version = 2.7-20091209
>> >
>> > we run a copy of zen locally:
>> >
>> > process dnblog -v logs:
>> >
>> > dns_query: 226.22
>Len Conrad:
>> postconf mail_version
>> mail_version = 2.7-20091209
>>
>> we run a copy of zen locally:
>>
>> process dnblog -v logs:
>>
>> dns_query: 226.224.46.92.zen.rbldnsd.domain.net (A): Host not found
>>
>> but
>>
postconf mail_version
mail_version = 2.7-20091209
we run a copy of zen locally:
process dnblog -v logs:
dns_query: 226.224.46.92.zen.rbldnsd.domain.net (A): Host not found
but
dig @zen.rbldnsd.domain.net 226.224.46.92.zen.rbldnsd.domain.net +short
127.0.0.11
in fact, we see only dns_query lo
mx1# postfwd -V
postfwd2 0.21 (Net::DNS 0.65, Net::Server 0.97, Sys::Syslog 0.27, Perl 5.008009
on freebsd)
mx1# postfwd --showconfig -f /usr/local/etc/postfwd.conf | egrep SNDR
Rule 4: id->"SNDR_RATE_LIMIT"; action->"rate($$sender/10/60/450 4.7.1
SNDR_RATE_LIMIT)"; client_address->"==;(.*)"
Is this bcc logic possible with postfix only?
Len
-- Original Message --
From: Wietse Venema
Date: Thu, 20 May 2010 17:35:46 -0400 (EDT)
>Len Conrad:
>> setsid(0x805c71d,0x2,0x0,0xbfbfeb1c,0xbfbfeb24,0x281beda0) ERR#1 'Operation
>> not permitted'
>> getsid(0x0,0x2,0x0,0
-- Original Message --
From: Wietse Venema
Reply-To: Postfix users
Date: Thu, 20 May 2010 15:34:27 -0400 (EDT)
>Len Conrad:
>> >> postfix/postfix-script: fatal: the Postfix mail system is not running
>> >>
-- Original Message --
From: "Len Conrad"
Reply-To:
Date: Thu, 20 May 2010 20:35:40 +0200
>-- Original Message --
>From: Wietse Venema
>Reply-To: Postfix users
>Date: Thu, 20 May 20
-- Original Message --
From: Wietse Venema
Reply-To: Postfix users
Date: Thu, 20 May 2010 13:08:31 -0400 (EDT)
>Len Conrad:
>> FreeBSD 7.0-RELEASE
>>
>> mail_version = 2.8-20100323
>>
>> postfix start
>>
>>
FreeBSD 7.0-RELEASE
mail_version = 2.8-20100323
postfix start
or
/usr/local/etc/rc.d/postfix start
followed immediately by
postfix stop
gives
postfix/postfix-script: fatal: the Postfix mail system is not running
ps auxw| egrep master
... nothing.
rc.conf.local has postfix_enable="YES"
>>Len Conrad put forth on 3/4/2010 6:40 AM:
>>
>>> But we don't have a relayhost for the sender listsen...@domain.tld. We
>>> want that trusted sender to bypass the (scanning, weak) relayhost and
>>> nexthop to Internet.
>>>
>>
>Len Conrad put forth on 3/4/2010 6:40 AM:
>
>> But we don't have a relayhost for the sender listsen...@domain.tld. We want
>> that trusted sender to bypass the (scanning, weak) relayhost and nexthop to
>> Internet.
>>
>> in the sender_dependent postfi
>> If listsen...@domain.tld, send to Internet
>>
>> Else, send to MX gateway
>
>This may be what you're looking for.
I read that before I sent my msg
>http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps
>
>sender_dependent_relayhost_maps (default: empty)
>
>A sender-dependen
We have two postfix machines, one is a (weak) MX in/out gateway with
amavisd+sa+clam that falls way behind during a huge (trusted) outbound
send-only distribution list.
The other, powerful postfix machine is not-yet-fully configged next-up to
replace the current weak MX, but we can't do tha
-- Original Message --
From: Wietse Venema
Reply-To: Postfix users
Date: Thu, 18 Feb 2010 17:21:53 -0500 (EST)
>Len Conrad:
>> is this param server-wide, or can it be present in smtpd_*_restrictions ?
>
>Use this in smtpd_mumb
is this param server-wide, or can it be present in smtpd_*_restrictions ?
Len
>Dec 31 20:05:54 mail-ausfall kernel: [876822.781710] smtpd[27410] general
>protection ip:80813d8 sp:bf9c2d68 error:0 in smtpd[8048000+53000]
...I have none of these.
>Jan 1 20:19:41 mail-ausfall postfix/verify[26329]: fatal: close database
>/var/lib/postfix/verify.db: No such file or directo
>Hi list.
>
>I was recently looking over my postfix config and RFC 5321 in order to
>see whether everything seems still to be compliant (not postfix,.. but
>my config ;) ).
>
>Then I stumbled accross the following:
>http://tools.ietf.org/html/rfc5321#section-4.1.4 says:
>A session that will contai
-- Original Message --
From: "Len Conrad"
Reply-To:
Date: Thu, 17 Dec 2009 19:30:54 +0100
>
>>Len Conrad:
>>> Dec 17 11:28:39 mx1 postfix/postscreen[4867]: fatal: open database
>>> /var/db/postfix/ps_cache.db: In
>Len Conrad:
>> Dec 17 11:28:39 mx1 postfix/postscreen[4867]: fatal: open database
>> /var/db/postfix/ps_cache.db: Invalid argument
>>
>
>You switched Berkeley DB versions, or you switched
>btree/hash types.
maybe "portsnap fetch update" upped the B
-- Original Message --
From: wie...@porcupine.org (Wietse Venema)
Date: Thu, 17 Dec 2009 12:48:37 -0500 (EST)
>Len Conrad:
>>
>> I did the usual freebsd upgrade
>>
>> postfix stop
>>
>> make
>> mak
I did the usual freebsd upgrade
postfix stop
make
make reinstall ( with setenv FORCE_PKG_REGISTER )
postfix start
mx1# postconf mail_version
mail_version = 2.7-20091209
==
dnsblog unix - - n -
Anybody know where to get this?
The fix reversing the order of black/white queries in postscreen is important
for us.
thanks
Len
To speed up postscreen, is there any advantage in, eg, harvesting high-volume
pregreet or dnsbl IPs into a blacklist that would be more efficient than
pregreet or dnsbl dropping?
Len
>As of snapshot 20091209, postscreen searches the whitelist first.
great, thanks
Len
-- Original Message --
From: wie...@porcupine.org (Wietse Venema)
Reply-To: Postfix users
Date: Wed, 9 Dec 2009 16:25:42 -0500 (EST)
>Kenneth Marshall:
>> On Wed, Dec 09, 2009 at 03:42:30PM -0500, Wietse Venema wrote:
>> > Len Conrad:
>Len Conrad:
>> We have an IP whitelisted because it was also blacklisted, but
>> the postscreen whitelist comes after the postscreen blacklist,
>> and the IP is still being postscreen dropped as blacklisted.
>>
>> the man page says nothing about the order
We have an IP whitelisted because it was also blacklisted, but the postscreen
whitelist comes after the postscreen blacklist, and the IP is still being
postscreen dropped as blacklisted.
the man page says nothing about the order of the main.cf postscreen params.
Len
>> >Len Conrad:
>> >> mail_version = 2.7-20091008
>> >> fbsd 7.2
>> >>
>> >> we're seeing one of these each time we stop postfix
>> >>
>> >> Dec 8 00:09:06 mx6 postfix/postscreen[49918]: fatal: close database
>Len Conrad:
>> mail_version = 2.7-20091008
>> fbsd 7.2
>>
>> we're seeing one of these each time we stop postfix
>>
>> Dec 8 00:09:06 mx6 postfix/postscreen[49918]: fatal: close database
>> /var/db/postfix/ps_cache.db: No such file or direct
mail_version = 2.7-20091008
fbsd 7.2
we're seeing one of these each time we stop postfix
Dec 8 00:09:06 mx6 postfix/postscreen[49918]: fatal: close database
/var/db/postfix/ps_cache.db: No such file or directory
but
mx6# ll /var/db/postfix/ps_cache.db
-rw--- 1 postfix wheel - 93761536
-- Original Message --
From: wie...@porcupine.org (Wietse Venema)
Date: Fri, 4 Dec 2009 14:13:17 -0500 (EST)
>Len Conrad:
>> I've got more data. The killer option is when I have this on:
>>
>> postscreen_blacklist_networks
>> freebsd 7.2
>> mail_version = 2.7-20091008
>>
>> out of 6 postscreen machines, I've got one that every 20 or 30
>> minutes just halts, port 25 is dead (several monit agents see it
>> dead), then it starts off by itself after a few minutes, dumping
>> a bunch of these in maillog:
>>
>> warning
freebsd 7.2
mail_version = 2.7-20091008
out of 6 postscreen machines, I've got one that every 20 or 30 minutes just
halts, port 25 is dead (several monit agents see it dead), then it starts off
by itself after a few minutes, dumping a bunch of these in maillog:
warning: postscreen_dnsbl_query:
postfwd2 0.19
perl -v
This is perl, v5.8.8 built for i386-freebsd-64int
postconf mail_version
mail_version = 2.5-20071130
Oct 19 16:08:29 mx102 postfwd41/policy[17181]: warning: Filehandle STDIN
reopened as LOCK only for output at
/usr/local/lib/perl5/site_perl/5.8.8/Net/Server/PreForkSimple.
-- Original Message --
From: wie...@porcupine.org (Wietse Venema)
Date: Fri, 16 Oct 2009 12:38:22 -0400 (EDT)
>Len Conrad:
>> postconf mail_version
>> mail_version = 2.3-20060126
>>
>> postconf | egrep smtpd_c
postconf mail_version
mail_version = 2.3-20060126
postconf | egrep smtpd_client_connection_rate_limit
smtpd_client_connection_rate_limit = 0
but after a few minutes of running, maillog is flooded with 1000s of
Oct 16 12:11:45 postfix/smtpd[82433]: warning: connect to private/anvil:
Connection r
:)
>2009/9/30 Scott Miller :
>> In case anyone is interested, I've attached a working Postfix Mail Queue
>> Monitor for nagios - It's working for me as is, but if anyone has any
>> suggested modifications I'd be glad to look at them.
>
>We do something like this where I work, a mailqueue-size check fo
-- Original Message --
From: Brian Evans - Postfix List
Reply-To: Postfix users
Date: Tue, 18 Aug 2009 12:58:43 -0400
>Len Conrad wrote:
>> -- Original Message --
>> From: "Len Conrad"
&g
-- Original Message --
From: "Len Conrad"
Reply-To:
Date: Tue, 18 Aug 2009 18:08:59 +0200
>
>mail_version = 2.3.3
>
>postconf | egrep virtual_alias_maps
>
>proxy_read_maps = $local_recipient_maps, $mydestin
mail_version = 2.3.3
postconf | egrep virtual_alias_maps
proxy_read_maps = $local_recipient_maps, $mydestination,
$virtual_alias_maps, $virtual_alias_domains, $virtual_mailbox_maps,
$virtual_mailbox_domains, $relay_recipient_maps, $relay_domains,
$canonical_maps, $sender_canonical_maps, $reci
>I think Barracude actually has a Postfix server on their appliance
MailTraq and Barracuda SMTPD dialog phrases are verbatim stock postfix phrases,
as far as I've seen.
Len
>>>The above is caught by:
>>>
>>>/[0-9]{1,3}(\.|\-)[0-9]{1,3}(\.|\-)[0-9]{1,3}(\.|\-)[0-9]{1,3}.*\[/
>>>client_filter.class
>>remove the \[ part.
>>and BTW, here is a shorter version:
>>/(\d{1,3}[-\.]){3}\d{1,3}/ class_client_filter
>>
>>
>>>... but is not going to the restriction class as
I've got a restriction class client_filter.class, which has several PCREs.
The problem is that some PTRs that should be shunted into that class are not.
When I test/paste actual maverick PTRs, eg this "access net" PTR:
postmap -q "79-70-88-236.as9105.com["
pcre:/usr/local/etc/postfix/client_f
-- Original Message --
From: Ralf Hildebrandt
Reply-To: postfix-users@postfix.org
Date: Fri, 1 May 2009 20:56:15 +0200
>* Len Conrad :
>> postmap -q "67.218.188"
>> mysql:/usr/local/etc/postfix/mysql-mta_clie
postmap -q "67.218.188"
mysql:/usr/local/etc/postfix/mysql-mta_clients_reactive_b.cf
554 mta_client_reactive_b
postmap -q "67.218.188.4"
mysql:/usr/local/etc/postfix/mysql-mta_clients_reactive_b.cf
... no data
man 5 access seems to make no distinction between .map and SQL tables:
HOST NAME/A
>>> freebsd 7.1 and 7.0
>>>
>>> postfix mail_version = 2.4.10
>>>
>>> When traffic triggers postfix to log:
>>>
>>> postfix/smtpd[4]: warning: problem talking to server 127.0.0.1:10041:
>>> Operation timed out
>>>
>>> ... I see that the process qty of policy-to-postfix pegs at 201.
>>>
>
>> freebsd 7.1 and 7.0
>>
>> postfix mail_version = 2.4.10
>>
>> When traffic triggers postfix to log:
>>
>> postfix/smtpd[4]: warning: problem talking to server 127.0.0.1:10041:
>> Operation timed out
>>
>> ... I see that the process qty of policy-to-postfix pegs at 201.
>>
>> As lo
freebsd 7.1 and 7.0
postfix mail_version = 2.4.10
When traffic triggers postfix to log:
postfix/smtpd[4]: warning: problem talking to server 127.0.0.1:10041:
Operation timed out
... I see that the process qty of policy-to-postfix pegs at 201.
As long as that qty stays below 200, there a
We have a simple restriction class to which we apply SAV and RAV to a very
small class of msgs:
some_class =
check_helo_access pcre:/path/to/4tuple_unfiltered.pcre,
reject_unverified_sender,
reject_unverified_recipient,
check_helo_access pcre:/path/to/4tuple_filtered.pcre,
permit
The 4tuple
>http://www.postfix.org/ADDRESS_VERIFICATION_README.html#probe_routing
that did it, thanks
Len
__
IMGate OpenSource Mail Firewall www.IMGate.net
When a relayhost is used as outbound gateway, how to get postfix to
address_verify (non-local domains) out to Internet?
Thanks
Len
>> >What is output of:
>> >
>> >ls -ld / /var /var/spool /var/spool/snfilter
>>
>>
>> mx1# ls -ld / /var /var/spool /var/spool/snfilter
>>
>> drwxr-xr-x 19 root wheel 512 Jul 24 19:02 /
>> drwxr-xr-x 25 root wheel 512 Sep 29 17:13 /var
>> drwxr-xr-x 12 root wheel
>What is output of:
>
>ls -ld / /var /var/spool /var/spool/snfilter
mx1# ls -ld / /var /var/spool /var/spool/snfilter
drwxr-xr-x 19 root wheel 512 Jul 24 19:02 /
drwxr-xr-x 25 root wheel 512 Sep 29 17:13 /var
drwxr-xr-x 12 root wheel 512 Sep 28 19:06 /var/spool
>> > mx1# ll /var/spool/snfilter/sniffer
>> > -rwxrwxrwx 1 snfilter snfilter 4013 Sep 29 20:54
>> > /var/spool/snfilter/sniffer
>>
>> Why is your PROGRAM file WRITABLE?
a temporary ploy to eliminate perms as the problem.
>> > sniffer contains:
>> >
>> > #!/bin/sh
>> ...
>> >
>> > Sep 29
freebsd 6.3
mx1# postconf mail_version
mail_version = 2.6-20080606
main.cf
content-filter = snfilter
master.cf
snfilter unix - n n - 10 pipe
flags=q user=snfilter argv=/var/spool/snfilter/sniffer
-f ${sender} ${recipient}
mx1# ll /var/spool/snfi
if bounce, then bcc or forward
... so we can analyze the bounces.
bounce_notice_recipient would be perfect, but it only includes the headers, not
the DATA.
thanks
Len
__
IMGate OpenSource Mail Firewall www.IMGate.net
tail -f -100 /var/log/maillog | awk 'tolower ($0) ~ /exceeded/ {print
$3, $11, $13 }'
07:18:18 391 unknown[unknown]
07:18:18 392 unknown[unknown]
07:18:19 394 unknown[unknown]
07:18:20 395 unknown[unknown]
07:18:21 396 unknown[unknown]
07:18:26 397 unknown[unknown]
07:18:27 398 unknown[unknow
I wrote a tarpitting policy server.
It is patch for postgrey greylisting policy server.
It needs Postfix-2.3.x or more. (use SLEEP action)
taRgrey - S25R + tarpitting + greylisting
http://k2net.hakuba.jp/targrey/index.en.html
http://k2net.hakuba.jp/pub/targrey-0.30-postgrey-1.27.patch
t
99 matches
Mail list logo
