On 25/04/2019 00:21, Wietse Venema wrote:
Mick:
I thought header checks were carried out after all the other smtp
restrictions had passed therefore I didn't see the harm in an 'OK' for a
message header at this stage.
Correct, but the OK action applies only to that header,
On 24/04/2019 21:51, Bill Cole wrote:
On 24 Apr 2019, at 16:04, Mick wrote:
On 23/04/2019 18:34, Bill Cole wrote:
On 23 Apr 2019, at 11:46, John Peach wrote:
On 4/23/19 11:39 AM, Paul wrote:
Yes I agree with Kevin here, the best solution to this problem is
an spf record set to reject mail
reason the following main.cf config should not be used ?
header_checks =
pcre:/etc/postfix/header_checks_pass
pcre:/etc/postfix/header_checks_fail
Best wishes,
Mick.
he
corresponding action is executed and then the next input line is
inspected.'
So if the action is executed, goodbye message, but if header checks
continues to check the following lines it will find an OK by List-Id.
I suspect that I will not receive a copy this message, but don't know
for sure. One way to find out {SEND}.
Best wishes,
Mick.
an and not to be
messed with. In the later offerings, the spelling and grammar seriously
deteriorated.
Best wishes,
Mick.
2)Seccond question :how i can adjust the sender policy to block soft fail SPF?
Thanks you all.
Best Regards.
Christian Schmitz
Info extra 1: LOG: /var/log/mai
x'
The above works for me every time.
Best wishes,
Mick.
why.
The log entry makes sense now I understand what's going on. Thank you
very much for your explanation and also for pointing me to RCF1870.
Best wishes,
Mick.
On 21/06/2016 03:52, Bill Cole wrote:
On 20 Jun 2016, at 20:54, Mick wrote:
I take it from your response (and noting t
Hi Wietse,
On 21/06/2016 01:21, Wietse Venema wrote:
Mick:
Hi,
While checking the mail log yesterday morning, I noticed that Postfix
didn't log the sender or recipient when it rejected a message due to
exceeding the message_size _limit. I'd be interested to know if this is
th
Jun 20 03:53:40 skin P25/smtpd[13887]: disconnect from
mail-it0-x22b.google.com[2607:f8b0:4001:c0b::22b] ehlo=1 mail=0/1
rcpt=0/1 data=0/1 quit=1 commands=2/5
Many thanks,
Mick.
On 26/03/2016 18:54, Scott Kitterman wrote:
On Saturday, March 26, 2016 05:44:45 PM Mick wrote:
Hi Postfix users,
I would like to try and install a later version of Postfix (and
postfix-mysql) than the Debian stable (Jessie) repository currently
offers (2.11.3-1). I've looked at bui
ng 3.1 would
be the best route long term. Any suggestions welcomed.
Best wishes,
Mick.
t exist,
nor by aliasing such an address to an existing mailbox if the
destination accepts mail. I don't reject 'noreply' addresses myself,
but would opt for Wietse's method should I ever feel the need to do
so. Both methods work though.
Mick.
On 27/01/2016 21:03, W
Indeed.
On 27/01/2016 20:45, @lbutlr wrote:
On 27 Jan 2016, at 05:46, Mick wrote:
'nore...@domain.com' needs to exist as a mailbox in order for you to discard
mail to it as far as I can tell.
Obviously not, since Wietse posted:
transport_maps = inline:{u...@example.com=discard:}
try to use it in a To: address field I get the same
response.
'nore...@domain.com' needs to exist as a mailbox in order for you to
discard mail to it as far as I can tell.
Mick
Thanks,
yone has managed to make 'SRS_DOMAIN' dynamic, I'd love to hear
how, otherwise please considder this resolved. Thanks Wietse and
Christian for your help.
Best regards,
Mick.
appreciate examples which rfc7208 provides plenty.
Best regards,
Mick.
Regards
Christian
Thanks for your advice.
Mick.
Wietse
On 10/09/2015 21:13, Wietse Venema wrote:
Mick:
Hi,
I'm trialling DMARC to two of my domains. On checking the results when
posting from the secondary domain I receive 'SPF Domain Alignment Result
= FAIL'. I think this is because postfix always says HELO with the
primary domain
secondary. Is
there a way to rewrite the message envelope to say HELO using the same
domain used in the from field?
Thanks,
Mick.
Thanks for your reply Benny.
On 27/08/2015 20:19, Benny Pedersen wrote:
Mick skrev den 2015-08-27 15:02:
I will be pleased to read of any alternatives, if there are any.
drop sender-id, drop srs
Dropping sender-id? Do you mean leave MAIL FROM: <> blank or have I got
the wrong end
On 27/08/2015 14:26, Wietse Venema wrote:
Viktor Dukhovni:
On Thu, Aug 27, 2015 at 02:02:36PM +0100, Mick wrote:
Does anyone know if there's a table based way to get
cleanup(8) to rewrite on matching the local alias? canonical(5)??
No. Secure SRS rewriting that does not turn your ma
On 27/08/2015 14:07, Viktor Dukhovni wrote:
On Thu, Aug 27, 2015 at 02:02:36PM +0100, Mick wrote:
At least
one of those schemes re-writes the envelope for every received message which
seems overkill to me.
That's what needs to be done.
Okay. I'm surprised though.
Does anyo
ewrite on matching the
local alias? canonical(5)??
I will be pleased to read of any alternatives, if there are any.
Best regards,
Mick.
Wietse Venema wrote:
Mick:
Does anyone know if there's a way to add a custom perl policy to
Postscreen (tests carried out before the 220 SMTP server greeting)?
It doesn't look as though this is allowed.
Indeed. Use postscreen to eliminate *most* spambots as cheaply as pos
Does anyone know if there's a way to add a custom perl policy to
Postscreen (tests carried out before the 220 SMTP server greeting)?
It doesn't look as though this is allowed.
Best regards,
Mick.
el. I will bear that in mind.
Mick.
mmy message. I have now set the negative
cache to 'no' meaning a retry for every incoming message that hasn't
passed address verification. It is either that or adding all domain that
use greylisting to the whitelist.
Does anyone know if there's a way to exempt / prevent 471 (or other
temporary reject codes) from being cached?
Thanks,
Mick.
Viktor Dukhovni wrote:
On Tue, Mar 17, 2015 at 05:11:33PM +, Mick wrote:
To comply with RFC2142 and always accept mail destined for abuse or
postmaster, the role account exceptions would have to be top of
smtpd_recipient_restrictions, but should I bother to comply with mail
servers that
leaccount_exceptions,
reject_non_fqdn_hostname,
reject_invalid_hostname,
#check_helo_access hash:/etc/postfix/helo_checks,
reject_unverified_sender,
check_policy_service unix:private/policy-spf
If anyone has any thoughts on this, they will be gladly received.
Many thanks,
Mick.
Hi Viktor,
Viktor Dukhovni wrote:
On Tue, Mar 10, 2015 at 02:33:08AM +, Mick wrote:
You'd have to look at postfix.org documentation I'm afraid.
One of:
http://www.postfix.org/mysql_table.5.html
That was generally enlightening.
RHS? Royal Horticultur
ownloaded "The Postfix Book". Thanks for
that. A real bonus for sure. While a lot has probably changed or been
added since 2005 I'm sure I will get up a better idea of what is going
on from there.
Thanks Viktor, and good luck P.V.
Mick.
Viktor Dukhovni wrote:
On Mon, Mar 09, 2015 at 04:40:41AM +, Mick wrote:
I would not deploy this policy script. It requires a new Perl
process for each request. That's a rather bad idea. It does not
treat the sender address in a case-insensitive manner.
I hadn't
Viktor Dukhovni wrote:
On Mon, Mar 09, 2015 at 03:36:53AM +, Mick wrote:
Darn formatting! I can't read it myself. Gr! Attached as a text file.
Hope attachments are allowed.
I would not deploy this policy script. It requires a new Perl
process for each request. Tha
Darn formatting! I can't read it myself. Gr! Attached as a text
file. Hope attachments are allowed.
Mick.
#!/usr/bin/perl
# sasluser.p
# PERL Script abused by Snakebyte
# version 0.01
$action="action=DUNNO\n\n";
$sender="";
$sasl_username="\n";
#
# SAS
P.V.Anthony wrote:
On 03/08/2015 08:04 PM, Mick wrote:
I'm a noobie to postfix myself but I'll have an educated guess and say
'reject_authenticated_sender_login_mismatch' will REJECT if sender does
not match the sasl_username without any exception. If you want to allow
P.V.Anthony wrote:
On 03/08/2015 08:04 PM, Mick wrote:
I'm a noobie to postfix myself but I'll have an educated guess and say
'reject_authenticated_sender_login_mismatch' will REJECT if sender does
not match the sasl_username without any exception. If you want to allow
each request based on the
sasl_username. Do you know how to do this? If you don't, I could post a
simple PERL example tomorrow.
Mick.
h neater than my burn offerings. Thanks again. The' if($sasl_username
ne "\n") ' is still needed as non SASL authenticated incoming mail would
be rejected otherwise.
Cheers,
Mick.
trusted business. With the group link, all I need is one
account that is SMTP active to be able to send mail from any of these.
If other accounts are blocked by default, it cuts down the risk of a
compromised pop3 becoming open SMTP. Yeah, I know it won't catch on ;-)
Thanks again,
Mick.
eq "recipient") { $recipient=$value;}
if ($key eq "recipient_count") { $recipient_count=$value;}
if ($key eq "sasl_username") { $sasl_username=$value;}
}
if($b eq "\n") { $c=1;}
}
$action="action=DUNNO\n\n";
if($sasl_username
39 matches
Mail list logo
