led: geoip-policyd-0.01.tar.gz
>
> With some modifications, it works quite nicely.
>
> Justin.
>
This is just what I'm looking for.
Annoyingly, the spams I was getting (they were all supposedly coming
from one particular domain) have ceased!
Thanks for all the advice,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/10/2011 03:49 PM, Bas Mevissen wrote:
> On Thu, 2011-03-10 at 15:35 +0000, Mark Watts wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>>
>> I'd like to be able to reject connections from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'd like to be able to reject connections from remote IP addresses if
they're from certain countries (or conversely only allow from certain
countries).
What are my options for doing this in/with postfix?
Mark.
- --
Mark Watts BSc R
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/25/2010 05:24 PM, Wietse Venema wrote:
> Mark Watts:
>>
>> I have a requirement to be able to monitor a postfix queue over time,
>> and to determine whether any messages are delayed due to problems
>> connecting to
rticularly useful for scripts to parse, so is there another tool I can
use or is there better way to approach this problem?
Regards,
Mark.
- --
Mark Watts BSc RHCE
Senior Systems Engineer, Secure Managed Hosting
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http:/
On Wednesday 28 January 2009 13:10:52 Wietse Venema wrote:
> Mark Watts:
> > I have a requirement to split a postfix relay installation across two
> > servers.
> >
> > One server will be responsible for receiving incoming SMTP email, and
> > queueuing it on d
in such a way?
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GPG Key: http://www.linux-corner.info/mwatts.gpg
signature.asc
Description: This is a digitally signed message part.
pient_restrictions =
permit_mynetworks,
reject_unauth_destination,
...
check_policy_service unix:private/policyd-spf
# ls -l /var/spool/postfix/private/policyd-spf
srw-rw-rw- 1 postfix postfix 0 Jan 6 16:09
/var/spool/postfix/private/policyd-spf
HTH,
Mark.
--
Ma
ing the decision to change a DNS
entry to point to the backups server) I think this may be one of the few
viable options you have.
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GPG Key: http://www.linux-corner.info/mwatts.gpg
signature.asc
Description: This is a digitally signed message part.
On Thursday 20 November 2008 15:52:56 Victor Duchovni wrote:
> On Thu, Nov 20, 2008 at 03:48:32PM +0000, Mark Watts wrote:
> > > The first cipher has no authentication mechanism in the SSL handshake,
> > > so you get encryption only, no authentication. The second cipher makes
On Thursday 20 November 2008 15:05:50 Victor Duchovni wrote:
> On Thu, Nov 20, 2008 at 08:56:04AM +0000, Mark Watts wrote:
> > I did wonder what the difference between ADH-AES256-SHA and AES256-SHA
> > was. Both still result in an encrypted connection though, right?
>
>
On Wednesday 19 November 2008 16:29:09 Victor Duchovni wrote:
> On Wed, Nov 19, 2008 at 07:23:39AM -0600, Noel Jones wrote:
> > Mark Watts wrote:
> > >I'm in the process of setting up TLS on a number of servers.
> > >I have two servers, both running Postfix, one an
I'm seeing.
> We could speculate forever on what is happening, or you could make
> a proper recording and let the data speak for itself.
At the risk of sounding dumb, what would a "proper recording" be in this case?
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engin
On Wednesday 19 November 2008 14:48:32 Noel Jones wrote:
> Mark Watts wrote:
> > On Wednesday 19 November 2008 14:00:29 Wietse Venema wrote:
> >> Mark Watts:
> >>> I think my original question still stands; why do connections to
> >>> one server
On Wednesday 19 November 2008 14:00:29 Wietse Venema wrote:
> Mark Watts:
> > I think my original question still stands; why do connections to
> > one server not generate verification messages, while connections
> > to a third server do. Both remote servers have self-signed
On Wednesday 19 November 2008 13:42:59 Noel Jones wrote:
> Mark Watts wrote:
> >> When you're sending mail, no client certificate is requested.
> >> Your postfix doesn't know (and doesn't care) that the client
> >> has a self-signed certificate
have any certificates at all.
I've simply configured "smtp_use_tls = yes" and "smtp_tls_loglevel = 1".
The logs are from the originating server.
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GPG Key: http://www.linux-corner.
On Wednesday 19 November 2008 13:23:39 Noel Jones wrote:
> Mark Watts wrote:
> > I'm in the process of setting up TLS on a number of servers.
> > I have two servers, both running Postfix, one an smtp client and the
> > other an smtpd server, using a self-signed SSL ce
h are usiong self-signed certificates?
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GPG Key: http://www.linux-corner.info/mwatts.gpg
signature.asc
Description: This is a digitally signed message part.
og the load balancer as the source.
Direct-Server-Return load balancing would not suffer from this problem, but
it's about as good as multiple MX's, and a lot more complicated to setup.
We use multiple MX's here to good effect.
Mark.
--
Mark Watts BSc RHCE MBCS
Senior S
layed
> > again.
>
> Thanks - so basically this is not specifically something my Postfix
> server is doing wrong or occurring due to config, correct?
Nothing you are directly in control of, no.
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technolo
ably greylisting. The messaage will probably get through on the next
attempt.
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GPG Key: http://www.linux-corner.info/mwatts.gpg
signature.asc
Description: This is a digitally signed message part.
On Wednesday 01 October 2008 09:28:47 mouss wrote:
> Mark Watts wrote:
> > You said earlier that you were running CentOS 5.2. As per a standard
> > install, SELinux defaults to ON.
>
> for this particular problem, he is using Suse (see the "Problem with
> virtual ma
:object_r:postfix_exec_t". I suspect your /etc/postfic/mysql
directory is neither.
Reset your SELinux context on that directory with:
chcon -R system_u:object_r:postfix_etc_t /etc/postfix/mysql
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GPG Key: http://www.linux-corner.info/mwatts.gpg
signature.asc
Description: This is a digitally signed message part.
y not just remove the domain from, I presume, your relay_domains list,
whereupon it will be blocked by reject_unauth_destination?
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GPG Key: http://www.linux-corner.info/mwatts.gpg
signature.asc
Description: This is a digitally signed message part.
On Monday 01 September 2008 14:21:56 Wietse Venema wrote:
> Mark Watts:
> > Is there a mechanism to reduce/stop the logging that anvil does?
>
> No. Anvil logs something when it terminates (Postfix is not receiving
> mail), and it logs something every 10 minutes or so when
Is there a mechanism to reduce/stop the logging that anvil does?
I have a low-traffic mail server and I'd prefer anvil to not log anything if
possible.
Am I limited to setting anvil_status_update_time to something high? (~1 week)
Regards,
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Sy
; Escape character is '^]'.
> +OK Dovecot ready.
> USER sharad
> +OK
> PASS sharad
> -ERR Authentication failed.
This is a question for the Dovecot mailinglist, not Postfix.
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GP
28 matches
Mail list logo