Re: Reject sender silently?

2022-11-08 Thread Markus E.
On Tue, 8 Nov 2022, Jaroslaw Rafa wrote: Dnia 8.11.2022 o godz. 22:13:01 Markus E. pisze: Can you do the opposite? I.e. reject the message with 554 and log nothing? And what is the reason for it? Usually you want to know that you rejected something, it's useful. I have some ol

Re: Reject sender silently?

2022-11-08 Thread Markus E.
On Tue, 8 Nov 2022, Wietse Venema wrote: Markus E.: Hi! Is it possible to silently reject messages from a specific sender or domain in Postfix? Somthing like: us...@domain.tld OK us...@domain.tld REJECT us...@domain.tld REJECT:nolog It's called DISCARD From the access man

Reject sender silently?

2022-11-08 Thread Markus E.
Hi! Is it possible to silently reject messages from a specific sender or domain in Postfix? Somthing like: us...@domain.tld OK us...@domain.tld REJECT us...@domain.tld REJECT:nolog ...accepting messages from user1, rejecting and logging user2, and rejecting user3 without logging. /me

Re: "Authentication-Results" header order

2021-07-03 Thread Markus E.
On Mon, 28 Jun 2021, Kevin N. wrote: Super. Thank you for all the info :) Cheers, Kevin By the way, I like the way Google merges the headers into one, like: Authentication-Results: mx.google.com; dkim=pass header.i=@example.net header.s=example header.b=lXmpAXoJ; spf=pass (google.c

Empty/malformed sender address accepted

2021-05-14 Thread Markus E.
Hi! I need some help here. My system apparently just accepted a messege with no valid sender address. Logfile: May 14 05:32:30 mx postfix/postscreen[22902]: CONNECT from [202.74.56.X]:49082 to [172.105.87.X]:25 May 14 05:32:36 mx postfix/postscreen[22902]: PASS NEW [202.74.56.X]:49082 May 14

Re: Why 454 on Relay access denied?

2021-03-11 Thread Markus E.
On Wed, 10 Mar 2021, Viktor Dukhovni wrote: On Wed, Mar 10, 2021 at 04:45:29PM +0100, Markus E. wrote: Sorry, I meant it's empty in my config. I know that defaults to "permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination". But, you gave me a good hint here.

Re: Why 454 on Relay access denied?

2021-03-10 Thread Markus E.
On Wed, 10 Mar 2021, Wietse Venema wrote: Markus E.: On Wed, 10 Mar 2021, Wietse Venema wrote: Markus E.: Hello! I just noticed my servers replies with a 454 (instead of 554) when a bot checks for an open relay. Here's one exameple: Mar 10 08:53:46 mx1 postfix/smtpd[16747]: connect

Re: Why 454 on Relay access denied?

2021-03-10 Thread Markus E.
On Wed, 10 Mar 2021, Wietse Venema wrote: Markus E.: Hello! I just noticed my servers replies with a 454 (instead of 554) when a bot checks for an open relay. Here's one exameple: Mar 10 08:53:46 mx1 postfix/smtpd[16747]: connect from xxx.fesersglobal.com[45.85.90.xxx] Mar 10 08:53:5

Why 454 on Relay access denied?

2021-03-10 Thread Markus E.
Hello! I just noticed my servers replies with a 454 (instead of 554) when a bot checks for an open relay. Here's one exameple: Mar 10 08:53:46 mx1 postfix/smtpd[16747]: connect from xxx.fesersglobal.com[45.85.90.xxx] Mar 10 08:53:51 mx1 postfix/smtpd[16747]: NOQUEUE: reject: RCPT from xxx.fe

Re: non_fqdn vs invalid helo hostname

2020-09-24 Thread Markus E.
On Thu, 24 Sep 2020, Bill Cole wrote: reject_non_fqdn_helo_hostname reject_invalid_helo_hostname Is there a good reason to use both checks? What is your risk tolerance? Mine is high, so I use both. Sounds good to me as well :) reject_invalid_helo_hostname is generally safe. I've never

non_fqdn vs invalid helo hostname

2020-09-24 Thread Markus E.
Hi! I have a few questions regarding the HELO/EHLO checks. According to the documentation: reject_non_fqdn_helo_hostname Reject the request when the HELO or EHLO hostname is not in fully-qualified domain or address literal form, as required by the RFC. reject_invalid_helo_hostname Reject t

Re: TLS library problem: no shared cipher

2020-09-22 Thread Markus E.
On Tue, 22 Sep 2020, Viktor Dukhovni wrote: On Tue, Sep 22, 2020 at 04:37:55PM +0200, Markus E. wrote: You might find another one in your logs now. :-) You're welcome! :) $ posttls-finger -g HIGH -o tls_high_cipherlist='DEFAULT:!aECDSA' -p '!TLSv1.3' mars

Re: TLS library problem: no shared cipher

2020-09-22 Thread Markus E.
On Tue, 22 Sep 2020, Herbert J. Skuhra wrote: On Tue, Sep 22, 2020 at 04:37:55PM +0200, Markus E. wrote: Is it possible to not announce STARTTLS to some clients? http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps Thank you! Problem circumvented but not solved

TLS library problem: no shared cipher

2020-09-22 Thread Markus E.
Hi! What's your suggestion to avoid the following problem? Sep 22 13:11:22 postfix/smtpd[21000]: connect from dragon.trusteddomain.org[208.69.40.156] Sep 22 13:11:25 postfix/smtpd[21000]: SSL_accept error from dragon.trusteddomain.org[208.69.40.156]: -1 Sep 22 13:11:25 postfix/smtpd[21000]: wa