Re: Password mismatch. Might the md5usm be wrong?

On Sun, 7 Jul 2013 11:29:55 +0300, Dotan Cohen wrote: > On an Ubuntu Server 12.04 system with Dovecot 2.0.19 I am having some > > $ /usr/bin/doveadm pw -u u...@somedomain.com -s DIGEST-MD5 > Enter new password: # Here I have typed "12345" > {DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc > $ printf "

Re: Forwarding from a particular email address

On Thu, 11 Apr 2013 06:56:13 -0400 (EDT), Wietse Venema wrote: > That should be: > > us...@example1.com us...@example1.com us...@example2.com > us...@example3.com us...@example3.com us...@example4.com Makes sense and perhaps it seems obvious for the postfix developers, but I do not remember see

Re: Forwarding from a particular email address

On Thu, 11 Apr 2013 03:01:58 +0300, "Indiana Jones" wrote: > # for single address > printf "us...@example1.com us...@example2.com\n" > > /etc/postfix/virtual > # for multiple addresses > printf "us...@example1.com us...@example2.com\nus...@example3.com > us...@example4.com\n" > /etc/postfix/v

Re: Forwarding from a particular email address

On Wed, 10 Apr 2013 15:32:14 +0300, "Indiana Jones" wrote: > Thank you, but I don't have file /postfix/virtual > What should I do? Create one? Use any text editor and create it. Or, you can try something like this: # for single address printf "us...@example1.com us...@example2.com\n" > /etc/po

Re: Could you help me with Postfix + MimeDefang?

On Mon, 04 Feb 2013 22:13:14 -0500, "Bill Cole" wrote: > alternative to hooking the MD milter into your main smtpd would be to > define a transport in master.cf running smtpd with MD as a milter, > and use postfix's transport map to route just the one address there. > This would also allow you to

Re: Could you help me with Postfix + MimeDefang?

On Mon, 04 Feb 2013 09:40:41 -0600, Noel Jones wrote: > On 2/4/2013 4:14 AM, Mark Alan wrote: > > I would like to use MimeDefang to sanitize the emails that arrive > > at one of our 3 mailing lists, i.e., to convert html->text, remove > > unsafe attachments, and remove+w

Could you help me with Postfix + MimeDefang?

Hello list, I would like to use MimeDefang to sanitize the emails that arrive at one of our 3 mailing lists, i.e., to convert html->text, remove unsafe attachments, and remove+webserve file attachments larger than 500KB. There are few tutorials on this subject and most, like Mickey Hill's http://

Re: Bounces back to myself

On Tue, 04 Dec 2012 10:10:05 +0200, Muzaffer Tolga Özses wrote: > ... > append_dot_mydomain = no > biff = no > inet_interfaces = all > recipient_delimiter = + > relayhost = You don't need to be re-declaring the postfix default settings again. Try if the following helps simplifying your main.cf:

Re: Is postscreen really this good? [how to configure postscreen]

On Wed, 10 Oct 2012 10:43:47 -0500, Paul Schmehl wrote: > readme files, but some of this stuff is above my pay grade. I get > confused and am not sure what to do. In order to benefit from postscreen you need to change both master.cf and main.cf. Assuming that you are starting with a fresh Postf

Re: [SOLVED] Postfix 2.9.x vs iptables 1.4.x interaction issues under Debian/Ubuntu

On Sun, 29 Jul 2012 00:33:49 +0200, Reindl Harald wrote: > Am 28.07.2012 20:03, schrieb Mark Alan: > >> The solution is to exempt traffic sent from the machine from the > >> rate controls. > > > > In 2012, in a server facing the net and running other services &

[SOLVED] Postfix 2.9.x vs iptables 1.4.x interaction issues under Debian/Ubuntu

On Sat, 28 Jul 2012 14:42:59 +, Viktor Dukhovni wrote: > On Sat, Jul 28, 2012 at 09:10:34AM -0400, Wietse Venema wrote: > > > Thus, VERP increases the number of parallel connections. This may > > result in overflow of state tables in under-powered stateful > > routers, causing them to drop

Re: Postfix 2.9.x vs iptables 1.4.x interaction issues under Debian/Ubuntu

On Sat, 28 Jul 2012 13:48:55 +0200, Benny Pedersen wrote: > Den 2012-07-27 20:43, Mark Alan skrev: > > > While using Postfix 2.9.3, iptables 1.4.12, under Ubuntu 12.04 LTS, > > after upgrading to Postfix 2.9.x, using > > suggest here "apt-get install shorewall&qu

Re: Postfix 2.9.x vs iptables 1.4.x interaction issues under Debian/Ubuntu

On Fri, 27 Jul 2012 19:43:59 +0100, Mark Alan wrote: > after upgrading to Postfix 2.9.x, using > I am now finding a lot of syslog entries like these: >/var/log/syslog:Jul 27 12:00:32 mx kernel: [485xxx.x] FW >DROP-OUT IN= OUT=eth0 SRC=xx.xxx.xxx.xx DST=xxx.xx.xxx.xx LEN

Re: Postfix 2.9.x vs iptables 1.4.x interaction issues under Debian/Ubuntu

On Fri, 27 Jul 2012 14:11:44 -0700, "Daniel L. Miller" wrote: > That's a fairly restrictive matching rule you > have for your new connection state - what worked before might have > changed. May I suggest removing the --syn for starters? Tried your suggestion. The problem persists. Thank you.

Postfix 2.9.x vs iptables 1.4.x interaction issues under Debian/Ubuntu

Hello, While using Postfix 2.9.3, iptables 1.4.12, under Ubuntu 12.04 LTS, after upgrading to Postfix 2.9.x, using grep -I ' FW ' /var/log/syslog*|sort|grep 'DPT=[0-9]\+' I am now finding a lot of syslog entries like these: /var/log/syslog:Jul 27 12:00:32 mx kernel: [485xxx.x] FW DR

Re: STARTTLS problems

On Wed, 25 Apr 2012 10:07:19 +0100, Mark Alan wrote: > While the postfix updates do not get into into each distribution > repositories, should we use the following? > > postconf -e 'smtpd_tls_protocols = !SSLv2, !TLSv1.2' > postconf -e 'smtp_tls_protocols = !SSLv2,

Re: STARTTLS problems

On Tue, 24 Apr 2012 19:42:20 -0400 (EDT), Wietse Venema wrote: > So, TLSv1.2 is giving trouble. > ... > Works with OpenSSL 1.0.1a with "smtp_tls_protocols = !TLSv1.2": > ... > So it is a good thing that I put out those updates today. > ... > Which leaves me wondering how other MTAs deal with this

[SOLVED] make postscreen answer '450 Service currently unavailable' to all connections

On Tue, 31 Jan 2012 10:06:15 -0500 (EST), Wietse Venema wrote: > The hardest part of support on this mailing list is > to get a precise spec that does not conflict with itself. > Once we have that, configuration is not hard at all. Sometimes we only know what we need when we push the email clien

Re: Behavior of postscreen_access_list = static:retry

On Tue, 31 Jan 2012 06:17:39 -0600, Noel Jones wrote: > You need to set both "postscreen_blacklist_action = drop" and > "soft_bounce = yes". The soft_bounce changes the 521 hangup into a > 421 hangup. Thank you Noel, If we wanted a mere 4.x.x hangup, it would be more elegant to set a single 'm

Re: Behavior of postscreen_access_list = static:retry

On Mon, 30 Jan 2012 19:17:17 -0500 (EST), Wietse Venema wrote: > Mark Alan: > > > > Would the following be an acceptable way to do it? > > > > postconf -e 'postscreen_access_list = reject' > > > > postconf -e 'soft_bounce = yes

Re: Behavior of postscreen_access_list = static:retry

On Mon, 30 Jan 2012 21:50:52 +, Viktor Dukhovni wrote: > On Mon, Jan 30, 2012 at 09:26:42PM +0000, Mark Alan wrote: > > > > > Is there any other way to make the postscreen/postfix > > > > combination temporarily defer all incoming emails with '450 > >

Re: Behavior of postscreen_access_list = static:retry

On Mon, 30 Jan 2012 21:09:21 +, Viktor Dukhovni wrote: > > Is there any other way to make the postscreen/postfix combination > > temporarily defer all incoming emails with '450 4.3.2 Service > > currently unavailable' (in order to give us some time to migrate > > the postfix server to some ot

Behavior of postscreen_access_list = static:retry

Hello, Regarding the config option: postscreen_access_list = static:retry And considering that: 1) "Permanent white/blacklist for remote SMTP client IP addresses. postscreen(8) searches this list immediately after a remote SMTP client connects." 2) static is a valid lookup table type 3) t

Re: SSL3_GET_CLIENT_HELLO:wrong version number

On Sun, 22 Jan 2012 20:03:09 -0500 (EST), Wietse Venema wrote: > Mark Alan: > > /var/log/mail.log:Jan 22 19:09:29 mx postfix-submission/smtpd[2797]: > > warning: TLS library problem:2797:error:1408A10B:SSL > > routines:SSL3_GET_CLIENT_HELLO:wrong version number:s3_srvr.c:7

SSL3_GET_CLIENT_HELLO:wrong version number

While using Ubuntu 10.10 postfix 2.8.5-2 openssl 0.9.8o Socket Layer (SSL) binary and related cryptographic tools ii postfix 2.8.5-2~build0.10.10 High-performance We are getting a few of these: /var/log/mail.log:Jan 22 19:09:28 mx postfix-submission/smtpd[2797]: c

Re: Postfix 2.8 + and Berkerley DB > 4.7

On Sat, 21 Jan 2012 18:38:48 -0700, The Doctor wrote: > Any issues with Berkeley DB > 4.7 with current Postfix ? With: libdb4.84.8.30 postfix 2.8.5 Each 4 hours we get a lot of: (...) postfix/postscreen[]: close database /var/lib/postfix/postsc

Re: Declaring options for submission port daemon

On Thu, 19 Jan 2012 17:10:00 -0500 (EST), Wietse Venema wrote: > I found these with: postconf | grep '[A-Z][A-Z][A-Z]:' :-) postconf | grep '[A-Z][A-Z][A-Z]:' :-) results in: bash: syntax error near unexpected token `)' ... and at my system man grep refuses to show what that last :-) switch

Re: Declaring options for submission port daemon

On Thu, 19 Jan 2012 18:43:28 +0200, Nikolaos Milas wrote: > submission inet n - n - - smtpd >-o syslog_name=postfix/submission >-o smtpd_enforce_tls=yes >-o smtpd_sasl_auth_enable=yes > ... > Any other options (except smtpd_*) which we should also redef

Re: postscreen supersedes fqrdns.pcre table

On Sun, 15 Jan 2012 11:04:21 -0500, Charles Marcus wrote: > But I'd still be interested in seeing some example postscreen configs > actually in use right now, by you and anyone else willing to share... This works pretty well: as root: ## configure Postfix to use postscreen sed -i 's/^smtp .*s

Re: Stan's List [was: free antivirus scanner ?]

On Wed, 11 Jan 2012 10:19:36 -0600, Noel Jones wrote: > I would classify it as low risk of false positives, and fairly safe. > (but not 100% safe; few rules are. YMMV and such.) I've had a > couple of FP's from idiots that run their business mail servers on a > cablemodem with a dynamic rDNS na

Re: Problem with DNS lookup when chrooted

On Thu, 11 Aug 2011 12:33:44 -0500, Stan Hoeppner wrote: > > Trivial fix: modify the init script to invoke "postfix start" etc. > > instead of directly invoking the master daemon. > > I don't believe the current init script directly invokes the master > daemon, Debian/Ubuntu's current /etc/ini

Re: mailq full but nothing in active/deferred/incoming

On Mon, 06 Jun 2011 19:45:17 +0200, Stéphane MERLE wrote: > > (I am using ubuntu 10.04LTS). > I am a little surprised by the fact that I would be using sendmail > #dpkg --get-selections | grep -i "sendmail" > I got no package installed for sendmail ... Postfix installs a pseudo-sendmail. In Ub

Re: Unable to enforce the usage of the stronger tls ssl ciphers by Postfix

On Sun, 22 May 2011 22:00:49 -0500, Noel Jones wrote: > Is postfix also the client? What are the settings on that > machine? Client machines use Claws Mail as MUA (configured to use SMTP at 587) and those machine have Postfix as the MTA, configured like this: $ sudo postconf -n | grep -v '^smt

Unable to enforce the usage of the stronger tls ssl ciphers by Postfix

Hello list, While using ubuntu 10.10, postfix 2.8.1, dovecot 2.0.12, openssl 0.9.8o, and trying to connect to the mail server via postfix 'submission' the best cipher that I am able to get is DHE-RSA-AES128-SHA (128/128 bits) As it is only the 11th entry in the list showed by openssl ciphers -v

Re: Adjust smtp to limitations of a host (REPOST without postconf)

On Sat, 2 Apr 2011 18:03:29 -0400 (EDT), Wietse Venema wrote: > > slow unix - - - - - smtp > > -o syslog_name=postfix-slow > > -o default_destination_rate_delay=1s > > -o default_destination_recipient_limit=20 > > -o smtp_connection_cache_on_demand=no

Re: Adjust smtp to limitations of a host

On Sat, 2 Apr 2011 18:03:29 -0400 (EDT), Wietse Venema wrote: > > slow unix - - - - - smtp > > -o syslog_name=postfix-slow > > -o default_destination_rate_delay=1s > > -o default_destination_recipient_limit=20 > > -o smtp_connection_cache_on_demand=no >

Re: Adjust smtp to limitations of a host

On Thu, 31 Mar 2011 14:53:11 -0400, Victor Duchovni wrote: > > /etc/postfix/master.cf > > slow unix - - - - - smtp > > -o syslog_name=postfix-slow > > -o smtp_connection_reuse_time_limit=30s > > EOT > > > > /etc/postfix/main.cf > > slow_initial_destination

Re: Adjust smtp to limitations of a host

On Thu, 31 Mar 2011 14:53:11 -0400, Victor Duchovni wrote: > Why would this be a response to "too many recipient commands", a > single message with many recipients is sent over a single connection, > unless you have set an ill-advised destination recipient limit. All _recipient_limit parameters a

Re: Adjust smtp to limitations of a host

On Thu, 31 Mar 2011 12:39:20 -0400, Victor Duchovni wrote: > The receiving sites policies are stupid if they don't implement > them sensibly by just returning 4XX responses without penalizing > subsequent transactions. I am sorry to hijack this thread but we have what seems to be the same proble

Error: close database /var/lib/postfix/postscreen_cache.db: No such file or directory (possible Berkeley DB bug)

While using Postfix 2.8.1 + Ubuntu 10.10, after enabling postscreen the system seems to be working well (sends and receives email without any apparent problems) but has sporadic errors as shown bellow (without any other errors or warnings). sudo grep 'postscreen_cache.db' /var/log/syslog Mar 10 1

Re: Configuration of postfix 2.8.1 + ezmlm 1.2.17

On Mon, 7 Mar 2011 09:43:40 -0500 (EST), Wietse Venema wrote: > The basic idea is that with a local aliases > file, file ownership determines the execution privileges for > "|command" and /file/name destinations, and the envelope sender > address for non-delivery notifications. Meaning that (kee

Re: Configuration of postfix 2.8.1 + ezmlm 1.2.17

On Sun, 6 Mar 2011 18:46:44 -0500 (EST), Wietse Venema wrote: > > In order to have postfix 2.8.1 feeding email to a ezmlm 1.2.17 > If you follow the mlmmj website's instructions, then it should > work. Do you mean the README.Postfix at http://mlmmj.org/archive/mlmmj/att-0511/README.postfix ? >

Configuration of postfix 2.8.1 + ezmlm 1.2.17

Hello list, In order to have postfix 2.8.1 feeding email to a ezmlm 1.2.17 mailing list manager (under Debian/Ubuntu) we have a tentative setup that goes like described bellow. I have 2 questions: 1. is there a way to do the same without (the rather expensive) regexp:/ lists? 2. in case of not be

Re: postqueue

On Wed, 16 Feb 2011 13:03:37 +0300, "Ejaz" wrote: > Postqueue -p command taking so long time to execute, start and > stopping the postfix also the same, in the meanwhile I checked > server performance is quite normal, no load Is yours /etc/hosts sane? M.

Re: How to parameterize postscreen to act like openbsd spamd

On Wed, 9 Feb 2011 15:18:39 -0500 (EST), Wietse Venema wrote: > postscreen currently does not implement greylisting - smtpd(8) > currently can do that with policy daemons. Yes but they do it very late in the process smtpd_recipient_restrictions = ... reject_unau

How to parameterize postscreen to act like openbsd spamd

Hello list, The things that I miss from OpenBSD are spamd and pf (iptables are almost there). It seems that postscreen has the potential to, finally, replace spamd. So, my question is: How would one configure postscreen's parameters to act like the spamd defaults, i.e., passtime = 25 m, gre

Re: Ubuntu/Debian Postfix 2.8.x repository -- general chroot question

On Mon, 7 Feb 2011 14:21:39 -0500 (EST), Wietse Venema wrote: > Except for all those beginners that get into trouble because they > use someone elses cookbook instructions instead of their own > expertise. And instead of being continuously consumed by same beginner questions, wouldn't it be easi

Re: Ubuntu/Debian Postfix 2.8.x repository [SOLVED]

On Mon, 7 Feb 2011 17:49:38 +0100, Stefan Foerster wrote: > [chroot disabled] > ... and the mysql client libraries > will then try to use the unix socket. This socket is, of course, not > present in the chroot.> > Now I know there are better ways around this - use proxymap(8), e.g., > but frankl

[SOLVED] Re: Ubuntu/Debian Postfix 2.8.x repository

On Sun, 6 Feb 2011 18:52:15 +, Mark Alan wrote: > Do you know any reliable Debian/Ubuntu repositories for the > newest Postfix 2.8? [SOLVED] For now we will use Christian Roessner's http://mysourceco.de Ubuntu repository. Our servers run on Ubuntu 10.04 & 10.10, so to ins

Re: Ubuntu/Debian Postfix 2.8.x repository

On Sun, 6 Feb 2011 23:42:39 -0600, /dev/rob0 wrote: > If you're capable of determining that Stefan is unreliable, you > should also be capable of building your own reliable package, or > that's what I'd expect, anyway. I am. We are. But as you very well know, one of the first rules of Open So

Re: Ubuntu/Debian Postfix 2.8.x repository

On Sun, 6 Feb 2011 22:22:52 +0100, Patrick Ben Koetter wrote: > If there are "significant differences that are not Debian related" > Stefan certainly has had reasons to add them. That's certainly a way to view things and I respect your opinion. But it is hard to see the rationale in, for instan

Re: Ubuntu/Debian Postfix 2.8.x repository

On Mon, 7 Feb 2011 00:40:16 -0500, Victor Duchovni wrote: > Debian Postfix has significant integration enhancements, dynamic > loading of table drivers, Debian-specific SASL configuration > directory, hostname setting in external file, ... Debian users should > probably not build directly from un

Re: Ubuntu/Debian Postfix 2.8.x repository

On Sun, 06 Feb 2011 20:01:17 +0100, Robert Schetterer wrote: > > Do you know any reliable Debian/Ubuntu repositories for the > > newest Postfix 2.8? > > http://debian.incertum.net/ Thank you, but the emphasis in my question was in 'reliable'. A quick diff between the 2.8 sources and patches at

Ubuntu/Debian Postfix 2.8.x repository

Hello, Do you know any reliable Debian/Ubuntu repositories for the newest Postfix 2.8? Regards, M.

Gross greylist app. while we wait for Postfix 2.8 and its postscreen processor

While we do not have Postfix 2.8 (in Debian/Ubuntu) and its postscreen processor, Is there someone in this list with experience of using the Gross greylist app. with Postfix? Is it stable? Is it less resource hungry than greyfix or postgrey? Has it major problems? Regards, M.

Re: spammers getting better? help with filtering this one

On Thu, 03 Feb 2011 04:36:26 -0500, Daniel Bromberg wrote: > Those who can block this, how did you do it? I hope whatever > technique(s) also help block many more like it. Blocked here with bogofilter (bayesian header+body filter). M.

Re: Looking for a maillist manager

On Sun, 30 Jan 2011 07:19:48 +0200, Jaques Cochet wrote: > I'm currently using qmail with ezmlm maillist manager. I intent to > move to postfix, and i'm looking for a mail list manager that stores > maillists subscribers in mysql databse, includes posting permissions, > and can handle several hun

Re: Order of policies?

On Mon, 10 Jan 2011 23:04:31 +0100, mouss wrote: > Le 10/01/2011 10:33, Mark Alan a écrit : > > Well then, would the following order make sense? > > > > smtpd_recipient_restrictions = sleep 1, > > reject_unlisted_recipient, reject_unauth_pipelining, >

Re: Order of policies?

On Sun, 9 Jan 2011 10:17:57 -0500 (EST), Wietse Venema wrote: > Jan Johansson: > > I have the following config: > > > > smtpd_recipient_restrictions = permit_mynetworks > > reject_unauth_destination check_policy_service inet:127.0.0.1:10031 > > > For that, specify reject_unlisted_recipient befor

Re: Is there a way to make Postfix 2.7.x stop announcing ETRN?

On Sun, 09 Jan 2011 14:49:11 -0600, Noel Jones wrote: > http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keywords > > # main.cf > smtpd_discard_ehlo_keywords = silent-discard, etrn That works. Problem solved. Thank you very much Noel. M.

Is there a way to make Postfix 2.7.x stop announcing ETRN?

While using Postfix 2.7.1 at an Ubuntu 10.10 server: We disabled ETRN as stated in the 'Configuring the Postfix fast ETRN service' section of the ETRN_README.html (...) smtpd_delay_reject = yes fast_flush_domains = mydestination = localhost.localdomain, localhost mynetworks = 127.0.0.0/8