On 2025-01-23 20:25, Randy Bush via Postfix-users wrote:
I'm using zen.spamhaus.org for blocking and list.dnswl.org (with
filter)
for allowlisting.
zen.spamhaus.org*2 list.dnswl.org=127.0.[0..255].[1..3]*-2
Question occur to me, is there way to cease dnsrbl lookups once
threshold is me
On 2025-01-23 14:26, Tomasz Pala via Postfix-users wrote:
On 2025-01-23 12:59, MRob via Postfix-users wrote:
Is that correct? If yes, can we make Postscreen dnsbl_sites lookup
bind
IP for lookups?
I already have inet_interfaces and smtp_bind_address set so I guess
that's not used for
Hellos!
I have see spamhaus response sometimes 127.255.255.254 that mean
"generic" DNS lookup source.
I have three IPs on a virt server, one has PTR mail.exmple.com, other
two are generic for hosting company
I guess spamhaus doesnt like when lookup comes from those 2 addrs
instead of the ma
Hello- Im looking for <= $6/mo VPS suggestions for general mail/web
hosting server. Some super-cheap hosts pre-install O/S and give root but
I want to install O/S myself so can put in FDE. Hard to see which hosts
can do this.
I tried Linode before and yes, could get FDE
($5 1GB, 1CPU, 25GB, 1T
Hello,
Why isnt it standard to put the envelope sender into the RECEIVED
header?
Because it can change in transit in ways which can be confusing and
potentially reveal legitimately private information.
Can you xplain what is private about that? Thank you
See the whole history of "masquerad
On 2022-11-09 13:05, Bill Cole wrote:
On 2022-11-08 at 19:23:51 UTC-0500 (Wed, 09 Nov 2022 00:23:51 +)
MRob
is rumored to have said:
Hello,
Why isnt it standard to put the envelope sender into the RECEIVED
header?
Because it can change in transit in ways which can be confusing and
Hello,
Why isnt it standard to put the envelope sender into the RECEIVED
header? Is some good reason to hide it?
Thank you
On 2021-08-13 23:06, Viktor Dukhovni wrote:
On Fri, Aug 13, 2021 at 10:55:41PM +, MRob wrote:
Is this error:
warning: Message delivery request rate limit exceeded
result of surpassing smtpd_client_message_rate_limit?
I remember theres a way to specify certain parameter overrides
per
On 2021-08-13 23:01, post...@ptld.com wrote:
I remember theres a way to specify certain parameter overrides
per-recipient, but is there a way to override
smtpd_client_message_rate_limit per-client IP address? Right now
smtpd_client_message_rate_limit is set in main.cf
Is smtpd_client_connectio
Hllo,
Is this error:
warning: Message delivery request rate limit exceeded
result of surpassing smtpd_client_message_rate_limit?
I remember theres a way to specify certain parameter overrides
per-recipient, but is there a way to override
smtpd_client_message_rate_limit per-client IP address? R
On 2019-08-22 12:56, Wietse Venema wrote:
MRob:
I have group of user behind single WAN using mine Postfix submission
service. Sometimes they cann't connect but I dont know why. I thought
its cause that Postfix has default connection maximum from single IP
source, is this true?
What i
I have group of user behind single WAN using mine Postfix submission
service. Sometimes they cann't connect but I dont know why. I thought
its cause that Postfix has default connection maximum from single IP
source, is this true?
* What is error/fail message in logs which I could find to verif
On 2019-05-22 08:35, Dominic Raferd wrote:
On Wed, 22 May 2019 at 09:11, MRob wrote:
If I send a message as attachment, header_checks are applied to the
headers of the attachment also. Why does it happen? Can I turn it
off?
Try:
nested_header_checks =
Thank you for pointing it out. Why is
If I send a message as attachment, header_checks are applied to the
headers of the attachment also. Why does it happen? Can I turn it off?
On 2019-05-22 07:58, Matus UHLAR - fantomas wrote:
MRob:
For some time it is possible to make postfix virtual tell a LDA who
is
the original recipient, add x-original-to header. But not LMTP.
I don't understand. The LMTP receivee DOES know who is the recipient,
doesn't it?
On 2019-05-21 21:47, @lbutlr wrote:
On 21 May 2019, at 15:36, MRob wrote:
Privacy problem is addressed with smtpd_recipient_limit=1 but thats
not very feasible.
Are you sure?
I think even the big mailing-list services send individual messages
now-a-days.
I thought I remember strong
On 2019-05-21 20:22, Wietse Venema wrote:
MRob:
For some time it is possible to make postfix virtual tell a LDA who is
the original recipient, add x-original-to header. But not LMTP. This
create problems in final delivery, one example is autoreply vacation
program cannot check if message was
On 2019-05-21 18:42, MRob wrote:
For some time it is possible to make postfix virtual tell a LDA who is
the original recipient, add x-original-to header. But not LMTP. This
create problems in final delivery, one example is autoreply vacation
program cannot check if message was addressed directly
For some time it is possible to make postfix virtual tell a LDA who is
the original recipient, add x-original-to header. But not LMTP. This
create problems in final delivery, one example is autoreply vacation
program cannot check if message was addressed directly to this user or
not, so many au
On 2018-03-05 18:05, Bill Cole wrote:
Would you mind sharing which RBLs you recommend to use in postscreen?
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2
zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2
zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2
psb
On 2018-03-05 18:05, Bill Cole wrote:
Would you mind sharing which RBLs you recommend to use in postscreen?
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2
zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2
zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2
Why l
Bill Cole said:
The postscreen DNSBL
configuration should be designed to only block IPs that *only* send
spam.
So why, I like to ask is fqrdns list not recommended for use in
postscreen?
https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre
Its maintained by same person as postwhite
On 2018-03-02 13:46, Karol Augustin wrote:
On 2018-03-02 12:09, MRob wrote:
Asking for opinions about postwhite.
https://github.com/stevejenkins/postwhite
Below is the default whitelist domains. It's nice idea, but what about
the time when spammers got hold of 10.000 hotmail accounts?
Asking for opinions about postwhite.
https://github.com/stevejenkins/postwhite
Below is the default whitelist domains. It's nice idea, but what about
the time when spammers got hold of 10.000 hotmail accounts?
OTOH this is only for postscreen and not whitelisted your antispam
engine so seems
On 2018-03-02 07:24, Dominic Raferd wrote:
On 1 March 2018 at 23:24, J Doe wrote:
I know there are a number of lists of publicly available DNS BL’s but
is there a list of BL’s that have a low false-positive history ? I’m
aware that false positives do happen, but blacklisting Gmail seems to
On 2018-03-01 23:24, J Doe wrote:
Hi,
On Mar 1, 2018, at 4:17 PM, MRob wrote:
Good suggestions thank you everyone. Over the last 24hours I saw
clients SORBS listed:
** a few that were listed by other RBLs
** many that were senders I can't block or delay: facebook, google,
etc
** o
On 2018-03-01 17:51, Andreas Schamanek wrote:
I also use postwhite and similar whitelisting, but I also have
postscreen_dnsbl_sites =
...
list.dnswl.org=127.0.[5;9].0*-2
Good suggestions thank you everyone. Over the last 24hours I saw clients
SORBS listed:
** a few that were listed
On 2018-03-01 08:14, John Fawcett wrote:
On 01/03/18 05:09, J Doe wrote:
Hi John,
On Feb 27, 2018, at 3:25 PM, John Fawcett
wrote:
I can't think of a compelling reason either to enable VRFY or to
disable
it. Disabling it stops people abusing it, but then they can just use
RCPT TO to get the
On 2018-03-01 05:16, Viktor Dukhovni wrote:
On Feb 28, 2018, at 11:49 PM, MRob wrote:
OK thanks Victor a lot. Does that mean I should also remove
smtp_tls_session_cache_database?
NO.
I typoed in my last email (YES/NO), so anyways I think I understand
thanks to your time taken to do some
On 2018-03-01 04:49, MRob wrote:
On 2018-03-01 04:42, Viktor Dukhovni wrote:
On Feb 28, 2018, at 11:35 PM, MRob wrote:
I thought I had read somewhere that modern versions of Postfix you
shouldn't set up smtpd_tls_session_cache_database but I can't see
anything in the docs now
On 2018-03-01 04:42, Viktor Dukhovni wrote:
On Feb 28, 2018, at 11:35 PM, MRob wrote:
I thought I had read somewhere that modern versions of Postfix you
shouldn't set up smtpd_tls_session_cache_database but I can't see
anything in the docs now.
You're better of without it,
Right now and for at least the last 24hours+ gmail IPs are on SORBS.
Good, I don't mind. However, it's causing Gmail to hit after-220 deep
protocol tests in postscreen and this causes long delays because Gmail
rotates sending IPs.
I scroe dnsbl.sorbs.net 2 points. dnswl.org:
list.dnswl.org=12
I thought I had read somewhere that modern versions of Postfix you
shouldn't set up smtpd_tls_session_cache_database but I can't see
anything in the docs now.
Reading docs still it seems smtpd_tls_session_cache_database can be
useful. What is behavior when its empty(default)?
On 2018-01-11 11:57, Dominic Raferd wrote:
On 11 January 2018 at 10:15, MRob wrote:
I use reject_unknown_helo_hostname even though it rejects legitimate
mail,
it also catches a reasonable amount of bad things.
I want to whitelist some clients of course. I thought it should be
easy:
/etc
I use reject_unknown_helo_hostname even though it rejects legitimate
mail, it also catches a reasonable amount of bad things.
I want to whitelist some clients of course. I thought it should be easy:
/etc/postfix/main.cf
smtpd_helo_restrictions =
reject_invalid_helo_hostname
reject_non_fqdn_he
Lately it looks like some zombie bot farm is connecting to submission
(and looks to do nothing except connect), causing many of these in the
logs:
Oct 28 06:15:35 mail postfix/smtpd[12941]: warning: hostname x.y.z does
not resolve to address 11.22.33.44: Name or service not known
For submiss
Hello, short of Per-Recipient Data Responses (PRDR) becoming standard,
may I ask how administrators are faking it? I understand you can
temp-fail all but the first rcpt-to, but how to do this in Postfix? Does
it require a custom milter? Surely there must be a published solution
somewhere?
Has anyone done something like this for Postfix who is willing to share?
Rate limit outgoing mail based on the number of bad recipients as a more
intelligent rule that won't impact regular users (intended to stop abuse
of compromised accounts).
https://lists.exim.org/lurker/message/20100226.1
I have reject_unknown_client_hostname in smtpd_client_restrictions.
Some clients are able to pass this restriction with accompanying warning
when the hostname does not point to the IP address of the client. The
rDNS does point to the claimed hostname, which seems to be why Postfix
gives it a
On 2017-03-09 13:41, Noel Jones wrote:
On 3/9/2017 3:16 PM, MRob wrote:
obtained by HELO? Is there something in the tcp connection that
identifies the hostname? Sorry if I misunderstood this part.
The HELO name is not related to and doesn't matter for
reject_unknown_client_hostname. Pe
On 2017-03-09 14:35, /dev/rob0 wrote:
On Thu, Mar 09, 2017 at 12:44:04PM -0800, MRob wrote:
Are there any admins with opinions where in the order is best
for postmaster/abuse whitelisting?
My opinion is "don't do it." I use smtpd_reject_footer to point to
my web page for f
On 2017-03-09 13:41, Noel Jones wrote:
On 3/9/2017 3:16 PM, MRob wrote:
obtained by HELO? Is there something in the tcp connection that
identifies the hostname? Sorry if I misunderstood this part.
The HELO name is not related to and doesn't matter for
reject_unknown_client_hostname. Pe
On 2017-03-09 13:06, Noel Jones wrote:
On 3/9/2017 2:58 PM, MRob wrote:
Hello, in Postfix v3.1 I'm having a hard time getting
reject_unknown_client_hostname to bounce test messages.
See the docs for what this rejects.
http://www.postfix.org/postconf.5.html#reject_unknown_client_hos
Hello, in Postfix v3.1 I'm having a hard time getting
reject_unknown_client_hostname to bounce test messages.
I set an external host's Postfix myhostname to be purposefully
incorrect, like nosuchhost.example.com and sent a message to the test
system. If I have reject_unknown_helo_hostname enab
On 2017-03-08 15:23, Noel Jones wrote:
On 3/8/2017 2:53 PM, MRob wrote:
Hello all,
Is there a best practices for exempting the postmaster/abuse address
from certain smtpd_mumble_restrictions?
The procedure to whitelist a recipient is to use a
check_recipient_access map prior to whatever
Hello all,
Is there a best practices for exempting the postmaster/abuse address
from certain smtpd_mumble_restrictions?
For example, we see some small businesses who have trouble getting past
reject_unknown_helo_hostname and reject_unknown_client_hostname and if
we reach out to them, we need
On 2016-12-06 17:14, Viktor Dukhovni wrote:
On Tue, Dec 06, 2016 at 04:56:58PM -0800, MRob wrote:
> To be fair to the good folks at PowerDNS, the software in question
> was an alpha version, that Ubuntu should probably not have shipped
> in a prod release. I don't know of any
On 2016-12-06 16:23, Viktor Dukhovni wrote:
On Tue, Dec 06, 2016 at 07:20:41PM -0500, Wietse Venema wrote:
> Having removed ipv6 from the question, I get the error I quoted above
> even for domains that do resolve using "dig" from the CLI of the same
> host. Why would there be that kind of disc
Victor, Wietse,
On 2016-12-06 11:16, wie...@porcupine.org wrote:
MRob:
Last few days, I'm seeing large amount of failures in a log file for
domains using protection.outlook.com:
to=, relay=none, delay=13190,
delays=13187/0.08/2.2/0,
dsn=4.4.3, status=deferred (Host or domain name not
Last few days, I'm seeing large amount of failures in a log file for
domains using protection.outlook.com:
to=, relay=none, delay=13190, delays=13187/0.08/2.2/0,
dsn=4.4.3, status=deferred (Host or domain name not found. Name service
error for name=example-com.mail.protection.outlook.com type=
On 2016-12-05 16:45, wie...@porcupine.org wrote:
MRob:
On 2016-12-05 16:27, wie...@porcupine.org wrote:
> MRob:
>> I was recently surprised to see .forward file in user's home dir being
>> honoured in a context where mail is set to be delivered via LMTP to
>> dov
On 2016-12-05 16:27, wie...@porcupine.org wrote:
MRob:
I was recently surprised to see .forward file in user's home dir being
honoured in a context where mail is set to be delivered via LMTP to
dovecot for final delivery. A response I got on the dovecot list
implied
that the M
I was recently surprised to see .forward file in user's home dir being
honoured in a context where mail is set to be delivered via LMTP to
dovecot for final delivery. A response I got on the dovecot list implied
that the MTA is responsible for this.
Does Postfix handle .forward just before it
I'd like to understand the differences in the envelope fields at points
where external filtering can happen:
* content_filter when receive_override_options=no_address_mappings (sent
to filter via SMTP)
* content_filter when address mappings have occurred (sent to filter via
SMTP)
* in the
On 2016-11-21 16:15, @lbutlr wrote:
On Nov 21, 2016, at 3:30 PM, MRob wrote:
Appreciate the reply, but I wasn't asking how to set it up. I thought
my question made it clear I was asking about the pros/cons of the
placement of SA in the mail flow.
No, that wasn’t clear. At least not
On 2016-11-21 13:06, @lbutlr wrote:
On Nov 21, 2016, at 11:43 AM, MRob wrote:
On 2016-11-18 21:03, MRob wrote:
Hello,
I am looking at a system where SpamAssassin is called out from the
delivery agent. I know there will be a difference here in terms of
the
envelope information but I'
On 2016-11-21 11:58, wie...@porcupine.org wrote:
MRob:
Can anyone help with this please?
Looks like this is not a common use case.
I'm looking for conceptual clarification, as in what, if any, difference
the envelope fields have when a message is inspected at the
content_filter
Can anyone help with this please?
On 2016-11-18 21:03, MRob wrote:
Hello,
I am looking at a system where SpamAssassin is called out from the
delivery agent. I know there will be a difference here in terms of the
envelope information but I'm not familiar enough to know the pitfalls
of
Hello,
I am looking at a system where SpamAssassin is called out from the
delivery agent. I know there will be a difference here in terms of the
envelope information but I'm not familiar enough to know the pitfalls of
this versus calling SA from the postfix content_filter.
Specifically, I be
59 matches
Mail list logo
