ple.org OK' to sender_access (above rbl blocks, as in my
config) be appropriate action?
yes.
Would rbl_reply_maps be better solution? I tried to understand it and
find some configuration examples but failed.
don't play with rbl_reply_maps unless you really know what you'r
n postconf" should tell you that:
-x Expand $name in main.cf or master.cf parameter values. The ex‐
pansion is recursive.
This feature is available with Postfix 2.10 and later.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warn
e own DNS with QNAME-minimization turned off.
Just FYI, it's better to turn off QNAME minimization on DNS servers used by
MTAs and spam checkers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Var
ppening at all because I have 8 GB of
physical memory for my VPS.
Either 8GB of RAM is not enough or something is using all of it.
"top" command can show you which processes are eating your RAM.
Don't you tmpfs filesystems for temporary data like /tmp?
--
Matus UHLAR - fa
submission port and haven't
configures SSL certificate in it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ..
X
to your servers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for an
y hash did not verify)
header.i=@unimatrix030.de header.s=default header.b=kyrK6Z3o;*
Perhaps I should test whether I let amavis handle the DKIM?
Yeah, this should help.
On systems with both amavis and opendkim I use amavis to dkim-sign.
--
Matus UHLAR - fantomas, uh...@fantomas
hat.
Unless of course you have 3rd party packages, in such case it's up to you or
to source of your packages.
I think the whole point of having RH9 should be to have stable system and
installing 3rd party packages kinda defeats that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.
ting secp384r1
algorithms, which apparently disabled rsa negotiation
after requesting RSA certificate, the client's device succeeded connecting
with TLS1.2. It even works with:
smtpd_tls_mandatory_ciphers=high
and I haven't changed any _cipherlist variiable.
Thanks Viktor for
etc) or is there some other
arrangement?
proxymap is used when your directives to any ACL as "proxy:" e.g.:
postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
local_recipient_maps = proxy:unix:passwd.byname $alias_maps $virtual_alias_maps
--
Matus UHLAR - fantomas, uh
W dniu 5.12.2024 o 13:17, Matus UHLAR - fantomas via Postfix-users pisze:
This changes nothing, at least nothing useful.
cleanup is running in chroot, so the real path for milter-regex
hould be something like
/var/spool/postfix/var/run/milter/milter-regex.sock
Some milters work with c
leanup
(chroot -> y)
ls -la /var/run/milter/
razem 0
drwxr-xr-x 2 mailregx postfix 60 gru 5 11:19 .
drwxr-xr-x 32 root root 1180 gru 5 11:27 ..
srw-rw-r-- 1 mailregx postfix 0 gru 5 11:19 milter-regex.sock
/var/run/milter/milter-regex.sock seems to exist.
--
Matus UHLA
t picks the "wrong" one it won't be
listening on that IP port.
Check that, then see what's in your mail log.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chce
On Mon, Nov 25, 2024 at 11:52:07AM +0100, Matus UHLAR - fantomas via
Postfix-users wrote:
This is Debian 12, postfix 3.7.11 and SSL 3.0.15.
On 25.11.24 22:26, Viktor Dukhovni via Postfix-users wrote:
Does Debian do anything similar to RedHat's crypto policy?
Nothing I know of.
On 2024-11-22 at 13:24:33 UTC-0500 (Fri, 22 Nov 2024 19:24:33 +0100)
Matus UHLAR - fantomas via Postfix-users
is rumored to have said:
Now I'm searching for the proper smtpd_tls_exclude_ciphers setting
to get at least some, possibly most secure ciphers of those provided
in my first
On 2024-11-22 at 07:09:06 UTC-0500 (Fri, 22 Nov 2024 13:09:06 +0100)
Matus UHLAR - fantomas via Postfix-users
is rumored to have said:
IIUC, as CBC ciphers are unsafe,
On 22.11.24 13:01, Bill Cole via Postfix-users wrote:
What is your basis for understanding that, in regards to SMTP
rom quarantine on request.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen di
ciphers are unsafe, it would make most sense to allow RC4 on
specialised submission service on different TCP port.
Is my observatiom correct?
Are there any other options that might need tuning?
Thanks.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT
d if it's different, then reject. I thought
about doing something at the milter level in postfix. Or maybe you
know some other solution?
How is it supposed to work?
If @domain.ltd in return-path and from: is dfferend then Reject
"non allowed"
W dniu 20.11.2024 o 12:53, Matus
hich supports this in reject mode.
https://github.com/croessner/vrfydmn
or other from the same author that does the same:
https://gitlab.roessner-net.de/croessner/verifyemail/
they don't support individual domains though.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
already in your queue, not
incoming mail.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your com
:
message when saving mail to mailbox.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be r
address
is the virtual user the virtual alias maps to.
Is this intended behavior? The rewrite happens between these two stages?
afaik the milter happens at SMTP time, thus no rewriting is done at this
stage.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
cks = regexp:{ {/^X-Spam(-Flag)?:[[:blank:]]*YES/ REJECT} }
Just my 0.02€
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much
ectrictions
as specified in main.cf.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the people y
t_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
- if not, what did y
ons?
I assume works but only when smtpd_delay_reject is enabled (default)
otherwise the recipient is not known at time smtpd_sender_restrictions are
processed.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this ad
smtpd
...
-o smtpd_recipient_restrictions=$mua_recipient_restrictions
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
if MTA does not support
authentication.
Are there different reasons to use dovecot for MSA?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu post
_restrictions are often
overridden in master.cf for "submission" and "smtps (submissions)" services
2. If the sender is in your $mynetworks, the
"check_sender_access btree:$meta_directory/restricted_senders"
is skipped because the first rule "permit_mynetworks"
Matus UHLAR - fantomas via Postfix-users:
When processing logs I have noticed that some queue IDs get reported by
smtpd when DATA phase starts, but when connection is lost, those IDs aren't
reported as lost.
Example:
Sep 2 16:51:11 mail postfix/smtps/smtpd[3697]: connect from
a.b.t-c
ueue id?
...I guess this is kind of problematic AV software on client's side, but I
noticed more such cases
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akuk
ss. Should not happen anymore.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy h
addresses not in
local_recipient_maps
- but mail recipient enumeration is still possible.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
ote:
Thanks, I'm not currently running a DNS resolver on the server, but if the
unresponsive PTR record issue persists I'll look into Unbound or maybe
Dnsmasq.
dnsmasq is forwarding resolver and as such a bad idea for a mail server.
...maybe unless you want to avoid all levels of
stfix.org/postconf.5.html#smtpd_error_sleep_time
Note that this is ineffective against distributed attacks.
Well, perhaps fail2ban can match networks like /24
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varova
opped.
This can be done by using DISCARD in access map.
Note that I don't consider it goog idea.
I guess guys already explained the rest.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na t
I add addresses to trusted ones regarding ignoring dmarc
and dkim, it works correctly
I assume that when sending such e-mails with someone from the outside,
i.e. an external domain, the effect will be the same, but I have no
way to check when two domains have dmarc with p=reject
Yes, I k
an error for
DKIM Because DKIM also signs the subject and it is changed by sieve
what error exactly happens here? Does the remote server refuse your e-mail
from your smtp server?
W dniu 11.09.2024 o 11:34, Matus UHLAR - fantomas via Postfix-users pisze:
how and when do you DKIM-SIGN yourt
Or is it such a stupid idea that it is worth abandoning?
There are options for modifying incoming mail but that should only be done
after it's checked for spamminess.
I know cases where only the external mail is modified.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas
27;s clearly the milter that told postfix to tempfail
the mail, you need to search in your milter configuration (port 11332, I
guess rspamd)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adre
elaying.
You can then configure separate rules on those ports.
However, the rest is up to rspamd configuration
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolv
ould pass, apparently neither passes.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a d
tches_subdomains contains "smtpd_access_maps".
I recommend you not putting it there and if you need it, use ".example.com"
instead.
http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.
format which you may not want:
https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I&#
#x27;d say there's still a
risk of leakage there.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christia
f.
But I still believe anonymising Received: headers is safer than removing
them.
Perhaps milter-regex could be able to anonymize them.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto ad
nt instance for incoming mail (or has more services in
master.cf)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, th
tions
you apparently have reject_unknown_client_hostname which checks FCRDNS.
you can use reject_unknown_reverse_client_hostname instead, which only
checks for reverse DNS.
I personally check both.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
Matus UHLAR - fantomas via Postfix-users skrev den 2024-08-05 11:57:
So, even setting DMARC policy to "quarantine" or "reject" would not
cause problems.
On 05.08.24 12:14, Benny Pedersen via Postfix-users wrote:
i want to belive when ... if all dmarc policy is allowed wha
On Jul 31, 2024, at 1:19 AM, Matus UHLAR - fantomas via Postfix-users
wrote:
FYI Mailman 2 claims to rewrite From: header to fullfill DMARC requirements only when DMARC policy
is "quarantine" or "reject"
On 01.08.24 12:12, Robert L Mathews via Postfix-use
AAA.AAA
3.
.AAA
or
AAA
4.
AA.AA@
...with REJECT or 5xx result
.AAA or AAA depends on your setting of parent_domain_matches_subdomains
(I don't know your default)
Note that "sender" means the envelope from address.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://ww
ents
only when DMARC policy is "quarantine" or "reject"
- rejecting mail failing DMARC can be safe even with mailing lists which
usually appear to break DKIM.
https://wiki.list.org/DOC/Mailman 2.1 List Administrators
Manual#Additional_settings
--
Matus UHLAR - fant
Dnia 30.07.2024 o godz. 12:38:15 Matus UHLAR - fantomas via Postfix-users pisze:
>I filter messages only based on RBLs, manual blocklists and content
>filtering (SA + many custom rules). And as for the latter, the messages are
>sent to spam folder, never rejected. Rejections are base
sed only on first two.
Funny, since multiple people in the past recommended rejecting on
spamminess, not on the results of single DNSBL listing.
Of course, that's your policy.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adverti
calls this for every postfix instance
and count lines:
postmulti -x postqueue -j|wc -l
most of the time it's enough, but if you use different instances for
incoming/outgoing mail, it may make sense to monitor them separately.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fan
net],
this postfix won't lookup MX records for foo.com, but send messages to
mail.example.net unconditionally.
I hope I understand that correctly. :)
yes.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this add
, so usually /etc/postfix has
files writable by root/admin, readable by postfix and everything writable by
postfix should be in /var/lib/postfix.
Logs in /var/log/ should be written by syslog daemon, postfix should not be
able to modify them.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
, so it
detects changes in logfiles immediately and not retroactively as you
stated. So at the moment when Postfix logs connection from
"fluffy.cuddly.port.raping.internet-measurement.com" ;), fail2ban can
block it. It's all the matter of writing proper rules for fail2ban.
--
Matus UH
have to do that with 20.04LTS
within a year, unless you pay ubuntu for extended LTS.
However, if you wan tanother provider, you can choose any other system that
has 3.9 available.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
g these headers.
However, together with comment above, it should be safe if you don't
oversign them - I don't expect List-* header to appears in any mail sent to
the list, and their appearance can indicate error.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
r go later as I just want the email server
up and running seeing, I lost access to the other one. My ISP changed
its network topology which changed my home IP, the server only lets my
old IP access SSH.
On 7/23/2024 4:52 AM, Matus UHLAR - fantomas via Postfix-users wrote:
The best on Debi
dated when new version appears in backports or
system is upgraded.
Example: trixie has version 3.9.0-3, I would download it and rebuild as
3.9.0-3~local0
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this ad
bmission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o milter_macro_daemon_name=ORIGINATING
this is misformatted so I find it hard to read, but I guess the
"smtpd_reject_unlisted_recipient=no" is why recipient is not rejected on
port 58
On 08.07.24 11:42, natan via Postfix-users wrote:
What you propose use ?
Maybe instead of not accepting such mail will better is change
score in SA ?
W dniu 15.07.2024 o 12:06, Matus UHLAR - fantomas via Postfix-users pisze:
This is a policy issue. You can choose your policy to be
right way to do
this?
I understand this as safety measure to avoid mail loops when sending mail to
server that has the same hostname as postfix.
Having different hostnames also helps tracking issues with e-mail -
you can see in Received: headers where the mail went through.
--
Matus UHLAR
ect = Fail
Mail_From_reject = Fail
#update 20240706
#PermError_reject = False
PermError_reject = True
TempError_Defer = False
I don't know if that's maybe too restrictive PermError_reject
But on the other hand, the sender should have correctly configured
SPF for his domain
--
Matus
erver just reject it (5xx code)? This deferral is very
confusing to our administrators.
Common reasons for deferrals
- mailbox quota full
- you are blocklisted
- your (or their) DNS produces temporary errors
- others
does the deferral message explain why the deferral happens?
--
Matus UHLAR - fan
't tell whether the DKIM sig is OK or not in my test
setup, but I'd like to ensure it's the last thing to happen before sending.
How can I do that?
deliver it to mailbox locally and run spamassassin scan, it should tell you
whether the signature is correct.
--
Matus UHLAR - fantom
postfix to the sasl group and allowing group access for
sasl group to the proper directory.
The file I mentioned above contains information on running saslauthd as
saslaush user/group under systemd, haven't tried that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fanto
r-x--- 2 root sasl 4096 Apr 25 17:29 /var/spool/postfix/var/run/saslauthd
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all
if you expect the port_name in logs, it must be send by your spampd and
if it's not, you won't find it anywhere, which is why I recommended
overriding syslog_name in master.cf
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
omain postfix/smtpd[20770]: connect from
localhost[::1]
are mostly related to port 10026.
Add " -o syslog_name=postfix/spampd-in" to master.cf options to see them
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
tworks=127.0.0.0/8,[::1]
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
__
alhost does not necessarily resolve to
127.0.0.1 if both IPv4 and IPv6 are used. That's not a problem. If you
do need to make the distinction, you can be explicit by using either
[127.0.0.1] or [::1] in your settings. Does this help?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fan
ns you got the answer and the sender IP is not allowed for a
domain.
What you propouse to set in PermError_reject ?
if you want to envorce SPF, set it to true.
Note that there are mails that fail SPF but still pass DMARC test, you may
want those. rejecting at DMARC level looks safer alte
e defining mua_recipient_restrictions
in main.cf and in master.cf use something like:
-o smtpd_recipient_restrictions=$mua_recipient_restrictions
this way you can define the same for "submission" and "smtps" (or
"submissions") service.
--
Matus UHLAR - fantomas, uh...@fanto
/var/run/saslauthd
restart saslauthd & postfix
perhaps it helps you
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640
firewall logs.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept
from:
Correct, note that this requires implementing SRS on forwarding machine.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random n
, but spamassassin not working as milter?
spamass-milter can already REJECT the mail that scores too much.
It can't discard them though.
amavisd-milter can do either.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to th
, make sure that address is
deliverable.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to th
It appears that Matus UHLAR - fantomas via Postfix-users
said:
If one of recipients wants to accept mail from a sender while another
recipient doesn't, teoretically you can reject that sender at recipient
level, but that complicates configuration (but it's possible).
This would mea
ecipient doesn't, teoretically you can reject that sender at recipient
level, but that complicates configuration (but it's possible).
This would mean that for single mail to more recipients, sendes gets
accepted and different recipients get refused.
--
Matus UHLAR - fantomas, uh
at:
http://www.postfix.org/smtp-smuggling.html
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to
>BTW in the meantime, if I add this (where mx2.mydomain.com is our
>secondary MX hostname), I take it that would be a good idea:
>
>permit_mx_backup_networks = $mynetworks mx2. mydomain.com
On Tue, 11 Jun 2024 at 10:36, Matus UHLAR - fantomas via Postfix-users <
postfix-us
address verification (if that's what is
going on) with something better?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Sc
reeting
tests, it will be a lighter load than a Perl policy filter.
Not mentioning pregreet test which is AFAIK impossible with policy server.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varov
y should use port 25 for sending mail out.
3.
smtpd_recipient_restrictions = permit_mx_backup
avoid this whenever possible. Or at least define permit_mx_backup_networks
I've put a couple of questions in as comments in the configs - any
thoughts/suggestions very much appreciated! :-)
--
Matus UHLAR - fantomas, u
Le 05/06/2024 à 14:01, Matus UHLAR - fantomas via Postfix-users a écrit :
What I mean is: wildcard TXT (SPF) record for
*.single-wild.porcupine.org only applies to wildcarded hosts, not to
any other record explicitly defined in single-wild.porcupine.org
zone.
Thus, when A record for mail01
Matus UHLAR - fantomas via Postfix-users:
>- Create a wild-card SPF policy for *.raystedman.org that permits
>all your SMTP client IP addresses.
Sorry: wildcard in DNS only applied for non-existing names and since
the hostname already exists:
On 04.06.24 13:02, Wietse Venema via Postfix
e that already has an SPF policy.
This is messy because the name should match the PTR record for the
SMTP client IP address.
I think this only applies for SPF records that have "ptr" option which is
discouraged in SPF. Otherwise, the IP must be listed in SPF record which is
a bit easi
.1 instead?
However I'm sure this isn't the 'right' way to do this. How do I get
postfix to pick up the resolv.conf file that is used/created by dnsmasq?
restarting postfix does set up proper environment, should apply on Ubuntu.
After changing resolv.conf restarting postfix s
smtpd_client_restrictions=$mua_client_restrictions
do you think there is any stuff I am missing?
Use postscreen on port 25, it will drop many bots from trying to connect and
send mail through your server.
http://www.postfix.org/POSTSCREEN_README.html
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
ta=0/1 rset=1 quit=1 commands=7/8
What am I doing wrong?
It's the milter that tempfailed the message, it's not postfix.
perhaps you need allow facebook mail at milter level.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adv
phe Kalt via Postfix-users wrote:
For this to be worthwhile, I assume you also set smtpd_delay_reject to no ?
Good point. But only on smtps/submission level, so in master.cf services.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail a
xbl listed clients with postscreen, one would configure
xbl.spamhaus.org or zen.spamhaus.org=127.0.0.4
On 5/27/24 4:13 AM, Matus UHLAR - fantomas via Postfix-users wrote:
While they are the same, I recommend using the latter, so you can
benefit from caching DNS results in case the same source IP
ces.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the s
this is something very different from what Stephan said.
He mentioned that on postfix with "smtpd_tls_auth_only=yes" (the default)
authentication is only available when TLS is active
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
I would expect all of them to use EHLO,
especially because of DSN and SIZE extensions.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
1 - 100 of 1038 matches
Mail list logo
