Re: GeoIP based rejections

2011-03-14 Thread Mark Watts
led: geoip-policyd-0.01.tar.gz > > With some modifications, it works quite nicely. > > Justin. > This is just what I'm looking for. Annoyingly, the spams I was getting (they were all supposedly coming from one particular domain) have ceased! Thanks for all the advice,

Re: GeoIP based rejections

2011-03-10 Thread Mark Watts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/10/2011 03:49 PM, Bas Mevissen wrote: > On Thu, 2011-03-10 at 15:35 +0000, Mark Watts wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> >> I'd like to be able to reject connections from

GeoIP based rejections

2011-03-10 Thread Mark Watts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'd like to be able to reject connections from remote IP addresses if they're from certain countries (or conversely only allow from certain countries). What are my options for doing this in/with postfix? Mark. - -- Mark Watts BSc R

Re: Queue monitoring

2010-11-29 Thread Mark Watts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/25/2010 05:24 PM, Wietse Venema wrote: > Mark Watts: >> >> I have a requirement to be able to monitor a postfix queue over time, >> and to determine whether any messages are delayed due to problems >> connecting to

Queue monitoring

2010-11-25 Thread Mark Watts
rticularly useful for scripts to parse, so is there another tool I can use or is there better way to approach this problem? Regards, Mark. - -- Mark Watts BSc RHCE Senior Systems Engineer, Secure Managed Hosting www.QinetiQ.com QinetiQ - Delivering customer-focused solutions GPG Key: http:/

Re: Splitting recieve/transmit processes

2009-01-28 Thread Mark Watts
On Wednesday 28 January 2009 13:10:52 Wietse Venema wrote: > Mark Watts: > > I have a requirement to split a postfix relay installation across two > > servers. > > > > One server will be responsible for receiving incoming SMTP email, and > > queueuing it on d

Splitting recieve/transmit processes

2009-01-28 Thread Mark Watts
in such a way? Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Applied Technologies GPG Key: http://www.linux-corner.info/mwatts.gpg signature.asc Description: This is a digitally signed message part.

Re: SPF Checking

2009-01-14 Thread Mark Watts
pient_restrictions = permit_mynetworks, reject_unauth_destination, ... check_policy_service unix:private/policyd-spf # ls -l /var/spool/postfix/private/policyd-spf srw-rw-rw- 1 postfix postfix 0 Jan 6 16:09 /var/spool/postfix/private/policyd-spf HTH, Mark. -- Ma

Re: Redundant remote server

2008-11-24 Thread Mark Watts
ing the decision to change a DNS entry to point to the backups server) I think this may be one of the few viable options you have. Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Applied Technologies GPG Key: http://www.linux-corner.info/mwatts.gpg signature.asc Description: This is a digitally signed message part.

Re: TLS Logging

2008-11-20 Thread Mark Watts
On Thursday 20 November 2008 15:52:56 Victor Duchovni wrote: > On Thu, Nov 20, 2008 at 03:48:32PM +0000, Mark Watts wrote: > > > The first cipher has no authentication mechanism in the SSL handshake, > > > so you get encryption only, no authentication. The second cipher makes

Re: TLS Logging

2008-11-20 Thread Mark Watts
On Thursday 20 November 2008 15:05:50 Victor Duchovni wrote: > On Thu, Nov 20, 2008 at 08:56:04AM +0000, Mark Watts wrote: > > I did wonder what the difference between ADH-AES256-SHA and AES256-SHA > > was. Both still result in an encrypted connection though, right? > >

Re: TLS Logging

2008-11-20 Thread Mark Watts
On Wednesday 19 November 2008 16:29:09 Victor Duchovni wrote: > On Wed, Nov 19, 2008 at 07:23:39AM -0600, Noel Jones wrote: > > Mark Watts wrote: > > >I'm in the process of setting up TLS on a number of servers. > > >I have two servers, both running Postfix, one an

Re: TLS Logging

2008-11-19 Thread Mark Watts
I'm seeing. > We could speculate forever on what is happening, or you could make > a proper recording and let the data speak for itself. At the risk of sounding dumb, what would a "proper recording" be in this case? Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engin

Re: TLS Logging

2008-11-19 Thread Mark Watts
On Wednesday 19 November 2008 14:48:32 Noel Jones wrote: > Mark Watts wrote: > > On Wednesday 19 November 2008 14:00:29 Wietse Venema wrote: > >> Mark Watts: > >>> I think my original question still stands; why do connections to > >>> one server

Re: TLS Logging

2008-11-19 Thread Mark Watts
On Wednesday 19 November 2008 14:00:29 Wietse Venema wrote: > Mark Watts: > > I think my original question still stands; why do connections to > > one server not generate verification messages, while connections > > to a third server do. Both remote servers have self-signed

Re: TLS Logging

2008-11-19 Thread Mark Watts
On Wednesday 19 November 2008 13:42:59 Noel Jones wrote: > Mark Watts wrote: > >> When you're sending mail, no client certificate is requested. > >> Your postfix doesn't know (and doesn't care) that the client > >> has a self-signed certificate

Re: TLS Logging

2008-11-19 Thread Mark Watts
have any certificates at all. I've simply configured "smtp_use_tls = yes" and "smtp_tls_loglevel = 1". The logs are from the originating server. Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Applied Technologies GPG Key: http://www.linux-corner.

Re: TLS Logging

2008-11-19 Thread Mark Watts
On Wednesday 19 November 2008 13:23:39 Noel Jones wrote: > Mark Watts wrote: > > I'm in the process of setting up TLS on a number of servers. > > I have two servers, both running Postfix, one an smtp client and the > > other an smtpd server, using a self-signed SSL ce

TLS Logging

2008-11-19 Thread Mark Watts
h are usiong self-signed certificates? Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Applied Technologies GPG Key: http://www.linux-corner.info/mwatts.gpg signature.asc Description: This is a digitally signed message part.

Re: postfix behind load balancers

2008-10-31 Thread Mark Watts
og the load balancer as the source. Direct-Server-Return load balancing would not suffer from this problem, but it's about as good as multiple MX's, and a lot more complicated to setup. We use multiple MX's here to good effect. Mark. -- Mark Watts BSc RHCE MBCS Senior S

Re: Refused Message from RCPT TO

2008-10-10 Thread Mark Watts
layed > > again. > > Thanks - so basically this is not specifically something my Postfix > server is doing wrong or occurring due to config, correct? Nothing you are directly in control of, no. Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Applied Technolo

Re: Refused Message from RCPT TO

2008-10-10 Thread Mark Watts
ably greylisting. The messaage will probably get through on the next attempt. Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Applied Technologies GPG Key: http://www.linux-corner.info/mwatts.gpg signature.asc Description: This is a digitally signed message part.

Re: postfix/virtual and dovecot/deliver

2008-10-01 Thread Mark Watts
On Wednesday 01 October 2008 09:28:47 mouss wrote: > Mark Watts wrote: > > You said earlier that you were running CentOS 5.2. As per a standard > > install, SELinux defaults to ON. > > for this particular problem, he is using Suse (see the "Problem with > virtual ma

Re: postfix/virtual and dovecot/deliver

2008-10-01 Thread Mark Watts
:object_r:postfix_exec_t". I suspect your /etc/postfic/mysql directory is neither. Reset your SELinux context on that directory with: chcon -R system_u:object_r:postfix_etc_t /etc/postfix/mysql Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Applied Technologies GPG Key: http://www.linux-corner.info/mwatts.gpg signature.asc Description: This is a digitally signed message part.

Re: Rejecting mail for a domain

2008-09-11 Thread Mark Watts
y not just remove the domain from, I presume, your relay_domains list, whereupon it will be blocked by reject_unauth_destination? Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Applied Technologies GPG Key: http://www.linux-corner.info/mwatts.gpg signature.asc Description: This is a digitally signed message part.

Re: anvil logging

2008-09-01 Thread Mark Watts
On Monday 01 September 2008 14:21:56 Wietse Venema wrote: > Mark Watts: > > Is there a mechanism to reduce/stop the logging that anvil does? > > No. Anvil logs something when it terminates (Postfix is not receiving > mail), and it logs something every 10 minutes or so when

anvil logging

2008-09-01 Thread Mark Watts
Is there a mechanism to reduce/stop the logging that anvil does? I have a low-traffic mail server and I'd prefer anvil to not log anything if possible. Am I limited to setting anvil_status_update_time to something high? (~1 week) Regards, Mark. -- Mark Watts BSc RHCE MBCS Senior Sy

Re: this is my postfix conf

2008-08-14 Thread Mark Watts
; Escape character is '^]'. > +OK Dovecot ready. > USER sharad > +OK > PASS sharad > -ERR Authentication failed. This is a question for the Dovecot mailinglist, not Postfix. Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Applied Technologies GP