[pfx] Re: Problems with mail from fortimailcloud servers

On 15/2/2025 7:28 μ.μ., Wietse Venema via Postfix-users wrote: The evidence suggests that different versions of Rocky Linux have failed an important real-world test. That's true. It would be interesting if someone could cross-check this behavior in any RHEL / AlmaLinux / Scientific Linux / Ora

[pfx] Re: Problems with mail from fortimailcloud servers

On 15/2/2025 7:37 μ.μ., Viktor Dukhovni via Postfix-users wrote: Yes, but what you really need is working TCP fallback, when the DNS response is truncated due to exceeding the UDP packet size limit (even happens with EDNS0, the default UDP buffer size could still be too small for some queries).

[pfx] Re: Problems with mail from fortimailcloud servers

On 15/2/2025 5:18 μ.μ., Viktor Dukhovni via Postfix-users wrote: Have you tried adding "options edns0" to your resolv.conf? The "A" RRset for this name exceeds 512 bytes, and so, absent edns0 can only be returned via TCP, and some Linux versions had no TCP fallback support in the libc resolver.

[pfx] Re: Problems with mail from fortimailcloud servers

On 15/2/2025 11:40 π.μ., Viktor Dukhovni via Postfix-users wrote: I don't recall seeing you testing with "getaddrinfo" (and perhaps also "getnameinfo" to see whether it is slow PTR lookup that is the problem). It may also help to perform tcpdumps to see how long the delay is between that client c

[pfx] Re: Problems with mail from fortimailcloud servers

On 15/2/2025 1:45 π.μ., Wietse Venema via Postfix-users wrote: It is possible to override these system library functions by providing your own alternatives with LD_PRELOAD. Thanks Wietse, it makes sense. Would it be sufficient to LD_PRELOAD 2.34 libs for smptd or we should do so for other exe

[pfx] Re: Problems with mail from fortimailcloud servers

On 14/2/2025 3:09 μ.μ., Wietse Venema wrote: This means that GLIBC (or whatever your equivalent is) has problems not POSTFIX. Thank you Wietse and Victor for the diagnosis. As in RHEL / Rocky 8 we are at glibc v2.28 and it's really difficult to switch to a new server (e.g. RHEL / Rocky 9 with

[pfx] Re: Problems with mail from fortimailcloud servers

On 14/2/2025 11:41 π.μ., Florian Piekert wrote: ... could reject_unknown_reverse_client_hostname in the smtpd_recipient_restrictions be responsible, since there are dns resolution issues for the hostname. ... Thanks Florian for the reply. Interestingly, dns reverse record query does work o

[pfx] Problems with mail from fortimailcloud servers

Hello, The two mail gateway servers (MX 10 mailgw1.noa.gr and ΜΧ 20 mailgw3.noa.gr) of our org (noa.gr), running Rocky 8 and Postfix 3.9.1, are working fine (for a long time - thanks Wietse), but we are having issues with fortimailcloud servers. These servers seem to be trying to connect but

[pfx] Re: Incoming mail server blocks outlook / microsoft servers

On 10/1/2024 6:30 μ.μ., Bill Cole via Postfix-users wrote: You should be more selective about your long lists of DNSBLs. They are not all the same thing, and so are not all suitable for use at postscreen time. It seems like you are ignoring the fact that the underlying cause of this rejection i

[pfx] Re: Incoming mail server blocks outlook / microsoft servers

On 10/1/2024 5:24 μ.μ., Matus UHLAR - fantomas via Postfix-users wrote: If you use postscreen, remove reject_rbl_client from *_restrictions. reject_rhsbl_client, reject_rhsbl_sender and reject_rhsbl_helo are fine to stay since they use something postscreen does not. Thanks Matus for your pr

[pfx] Incoming mail server blocks outlook / microsoft servers

Hello, Our postfix v3.8.3 mail gateway server (for incoming mail) filters clients using postscreen as follows: postscreen_dnsbl_sites =     zen.spamhaus.org*3     b.barracudacentral.org*2     bl.spameatingmonkey.net*2     bl.spamcop.net     dnsbl.sorb

[pfx] Warnings related to TLS and hostnames not resolving to IP

Hello, I would like to ask your help to find out how to best resolve the following warnings. We are having a lot of such warnings; here is a sample: ... Jun 29 06:07:33 mailgw1 postfix/smtpd[471365]: warning: hostname chg.server1.ideacentral.com does not resolve to address 173.236.106.135 Jun

Re: Local relay delivery delays on particular mails

On 8/6/2022 11:55 p.m., Viktor Dukhovni wrote: The milter may be performing DKIM signature checks on inbound mail, signing would be only for outbound. DKIM signature checks may involve DNS lookups, which could introduce some latency if the remote zone is uncooperative. On 9/6/2022 2:41 a.m., Wi

Re: Local relay delivery delays on particular mails

On 8/6/2022 5:44 μ.μ., Wietse Venema wrote: Possible causes (there may be more): - There is a problem with the network connection between mailgw1 and mailgw1 that causes some connections to have excessive retries. This could be a data-dependent problem. About 20 years ago, someone fixed a Postfi

Re: Local relay delivery delays on particular mails

On 8/6/2022 4:57 μ.μ., Viktor Dukhovni wrote: ... The delay was in processing the message body and/or alerting the queue manager to the arrival of the new message. Are you using milters that query remote oracles (perhaps DNS?) in order to determine whether the message content is acceptable? Pe

Local relay delivery delays on particular mails

Hello, In our setup we have two mail gateway servers accepting incoming mail (mailgw1.noa.gr [primary] and mailgw3.noa.gr - both RockyLinux 8 on VPS with 2 CPUs, 6GB RAM), filtering mail (using postscreen, amavis, spamassassin, clamav) and forwarding to the internal mail server (vmail2.noa.gr

Re: "Alternating" IPv4 / IPv6 connections

On 9/5/2022 3:39 μ.μ., Nikolaos Milas wrote: As an example I am listing below some successive log entries (collated, usernames modified). For your reference, I am posting below the log entries (usernames modified consistently) of the same sessions (which I listed in my original message

Re: "Alternating" IPv4 / IPv6 connections

On 9/5/2022 3:39 μ.μ., Nikolaos Milas wrote: In our setup we have two mail gateway servers accepting incoming mail (mailgw1.noa.gr [primary] and mailgw3.noa.gr), filtering mail (using postscreen, amavis, spamassassin, clamav) and forwarding to the internal mail server (vmail2.noa.gr) where

"Alternating" IPv4 / IPv6 connections

Hello, In our setup we have two mail gateway servers accepting incoming mail (mailgw1.noa.gr [primary] and mailgw3.noa.gr), filtering mail (using postscreen, amavis, spamassassin, clamav) and forwarding to the internal mail server (vmail2.noa.gr) where user mailboxes lie. All servers are run

Re: Mail and mail traces lost (?)

On 30/3/2022 8:12 μ.μ., Michael Ströder wrote: On 3/30/22 18:36, Viktor Dukhovni wrote: On Wed, Mar 30, 2022 at 06:11:33PM +0200, Michael Ströder wrote: Or simply set in /etc/systemd/journald.conf: [Journal] Storage=none ForwardToSyslog=yes That does not fully solve the problem, since IIRC

Re: Mail and mail traces lost (?)

On 30/3/2022 7:04 μ.μ., Viktor Dukhovni wrote: Consider a Linux distribution that does not use systemd, or a recent version of Postfix that writes its own log files bypassing syslog. Thanks Victor, The latter is a more feasible scenario. I guess you are referring to the maillog_file* set of

Re: Mail and mail traces lost (?)

On 30/3/2022 4:56 μ.μ., Nikolaos Milas wrote: In the meantime, I have identified more mails that users considered delivered successfully, but there is no sign of them in the logs; we should conclude that these mails were in fact not sent/received at all? Answering my own question, apparently

Re: Mail and mail traces lost (?)

On 30/3/2022 4:56 μ.μ., Nikolaos Milas wrote: ... I actually used postqueue -p to list queue, but I could not identify any of the un mail. ... Correction to my above sentence: "I actually used postqueue -p to list queue, but I could not identify any of the *missing mails*."

Re: Mail and mail traces lost (?)

On 30/3/2022 4:20 μ.μ., Wietse Venema wrote: - The message was moved to the HOLD queue. It would still show up with the "mailq" command. Thank you Wietse, I actually used postqueue -p to list queue, but I could not identify any of the un mail. - The message was written to the incoming queu

Re: Mail and mail traces lost (?)

On 30/3/2022 3:47 μ.μ., Rob McGee wrote: syslog_name is your friend.  I noticed none of your log lines had any syslog_name other than the default. Hi Rob, Everything is (or at least should be) getting logged in /var/log/maillog. We always find details about any and all mail in this log file

Mail and mail traces lost (?)

Hello, I am facing the following issue: I am tracing particular mails. They are delivered (after being filtered by amavis) from our mail gateway server (postfix) to our internal mailbox server (also postfix). Here is a full example (collated): Mar 30 13:06:23 mailgw1 postfix/smtpd[2771407]:

Re: Continuous quick connects / disconnects from some servers

On 4/3/2022 8:55 μ.μ., Bill Cole wrote: ... Right now, vmail2.noa.gr has no MX record and the IPv4 address for it (which is what would be used without any MX) is not accepting connections on port 25, so I'm not 100% sure how that relates to this, i.e. it looks like you're already dropping port

Re: Continuous quick connects / disconnects from some servers

On 4/3/2022 10:22 π.μ., Matus UHLAR - fantomas wrote: ... Other solution would of course be disabling SMTP connections from the world. ... Thank you Matus for all your advice. Regarding blocking port 25 from the world, couldn't it cause issues when communicating to other SMTP servers since

Continuous quick connects / disconnects from some servers

Hello, I sometimes find abnormal continuous connects/disconnects which delay normal mail deliveries. Here is an example: Mar  3 10:06:42 vmail2 postfix/smtpd[22733]: connect from unknown[45.148.10.243] Mar  3 10:06:43 vmail2 postfix/smtpd[22733]: lost connection after AUTH from unknown[45.1

Re: Assembling log entries for each SMTP session

On 21/12/2021 4:00 μ.μ., Matus UHLAR - fantomas wrote: collate could help you: Thanks Matus, that's exactly what I needed! You saved my day! And the best part of it: Collate was already available on my installation. Simple, flawless and fast. Cheers, Nick

Assembling log entries for each SMTP session

Hello, A quick question: Can you please suggest a software tool which quickly "restructures" postfix mail log in a way that lines pertinent to each and every SMTP session are assembled and kept together. We need this because, otherwise, identifying and analyzing particular sessions by assemb

Re: Communication between postfix - amavis issues

On 8/2/2021 1:38 μ.μ., Matus UHLAR - fantomas wrote: that's not how milter works, unless you instructed amavisd-milter to deliver mail by server via "-D server" option. The default is "-D client", which means, amavisd instructs postfix what to do with the mail - reject/quarantine/pass it, add

Communication between postfix - amavis issues

Hello, We have a mail gateway server (for incoming email) with postfix 3.5.8, amavisd, clamd on CentOS 8.3.2011. Postfix sends incoming mail to amavisd via (in main.cf): smtpd_milters =     unix:/run/amavisd/amavisd-milter.sock After checking, amavisd delivers mail directly using

Re: Gateway to Internal Server random "Connection refused"

On 13/1/2021 4:41 μ.μ., Wietse Venema wrote: This is a TCP-level problem. The remote server's TCP/IP stack, or some middle box, is refusing connections at the TCP level. Thanks Wietse, We'll be checking this out. Although I have done some connectivity testing with repeated netcat (nc) polli

Gateway to Internal Server random "Connection refused"

Hello, We are building a new mail gateway server (on CentOS 8), which is running postfix (v3.5.8) from the GhettoForge Repo. I noticed the following problem: Sometimes the server seems to not be able to connect to our main mail server (Postfix v3.2.5) to verify recipients; for example: Jan

CentOS Linux 8 is being practically abolished

As a long-term member of the postfix community, allow me to draw your attention to the new serious change in CentOS Linux. Not quite a postfix issue, but an important (negative IMHO) development in the open source community. You might want to read: https://blog.centos.org/2020/12/future-is-c

Re: Relay access denied to local IPv6 client

On 23/2/2018 9:00 μμ, Bill Cole wrote: The restriction lists in Postfix are run in a fixed logical order (client, helo, sender, relay, recipient, data, end_of_data) and 'OK' from an early restriction list (smtpd_client_restrictions) *DOES NOT*prevent 'REJECT' by a later restriction list (smtp

Relay access denied to local IPv6 client

Hello, We are using Postfix v3.2.4and we arefacing the followingproblem: Aclient (a data storage system) with an IPv6 address of [2001:648:2011:a21:320e:d5ff:fec6:b55] tries to send an (autosupport) email and it's being denied access: Feb 23 06:22:17 vmail2 postfix/smtpd[16146]: NOQUEUE: rej

Re: Advice needed on big-sized replies

On 16/2/2018 2:23 πμ, Wietse Venema wrote: ... And that could be the HTML version of the same content. After base64 decoding, expect to see a lot of HTML tags, and perhaps javascript. ... Thank you Wietse, I did a base64 decoding of the HTML part and it translated to 6144 lines of HTML code,

Advice needed on big-sized replies

Hello, Allow me to attract your attention to a NON-Postfix issue, but rather to a more generic email issue on which I need to find the right direction to search for an explanation. I hope your experience and expertise may guide me to a solution. The problem: I am sending an HTML email (using

Re: Postfix RPMs

On 28/12/2017 2:34 πμ, Peter wrote: The sources are also freely available from GhettoForge if you want to look them over. I am building my own RPMs too, based on GhettoForge src.rpm packages. Cheers, Nick

Re: Postfix RPMs

On 27/12/2017 4:34 μμ, Rosenbaum, Larry M. wrote: Where can I get up-to-date Postfix installation RPMs? I would suggest you to use GhettoForge repo (http://ghettoforge.org/index.php/Main_Page); See packages: http://ghettoforge.org/index.php/Postfix3 Cheers, Nick

Re: Access denied when trying to send from localhost

On 1/12/2017 4:09 πμ, Rodrigo Cunha wrote: Change This: mynetworks = 195.251.204.0/24 , 195.251.202.0/23 , 194.177.194.0/23 , 127.0.0.0/8 , 10.201.0.0/16 , [2001:648:2011::]/4

Re: Access denied when trying to send from localhost

On 1/12/2017 1:58 πμ, Benny Pedersen wrote: change hash to cidr I have already tried cidr with no luck: smtpd_recipient_restrictions =   check_client_access cidr:/etc/postfix/localhost.cidr   check_recipient_access hash:/etc/postfix/protected_destinations   permit_sasl_authenticated   reject_

Access denied when trying to send from localhost

Hello, On our mail server (running Postfix 3.2.4) I am also using fetchmail to read mail from some pop server and deliver it to local users. Yet, mail fails to get delivered: ... Dec  1 01:34:39 vmail2 fetchmail[11447]: POP3> RETR 1 Dec  1 01:34:39 vmail2 fetchmail[11447]: POP3< +OK message 1

Re: TLS Handshake Problems

On 28/11/2017 9:57 μμ, Viktor Dukhovni wrote: This is expected. ... Thank you Viktor for the detailed analysis and for your time. I appreciate it very much. All the best, Nick

TLS Handshake Problems

Hello, I have just started using in production a mail server running Postfix 3.2.4 on CentOS 7.4 (fully patched) with openssl 1.0.2k. This is a new server, replacing an old CentOS 5.11 with Postfix 2.6.11 and OpenSSL 0.9.8e. On the new server I see errors on particular servers as follows; t

Re: Postscreen exceptions and blacklisting

On 8/9/2017 4:17 μμ, /dev/rob0 wrote: ... Thanks a lot for your detailed and valuable advice! It helped me a lot to understand things better! I will surely work on my configuration based on your recommendations. I think I'll start by using your initial recommended changes and see how it g

Re: Postscreen exceptions and blacklisting

On 8/9/2017 2:42 μμ, Wietse Venema wrote: Just as with smtpd access maps, permit/reject are a final decision, and dunno means 'let something else make the decision'. Thank you Wietse, Please let my ask for a clarification here. The problem is that the rejection seems to have happened by post

Re: Postscreen exceptions and blacklisting

On 8/9/2017 1:56 μμ, Allen Coates wrote: In your exceptions list, use ACCEPT or REJECT; By the way, can we interchangeably use any of the values ACCEPT / PERMIT / OK ? If so, can you please reference any associated documentation? I ask because at http://www.postfix.org/POSTSCREEN_README.ht

Re: Postscreen exceptions and blacklisting

On 8/9/2017 1:56 μμ, Allen Coates wrote: DUNNO means "let something else decide" ... Hi Allen, I understand that, but shouldn't this also mean "Bypass ALL postscreen-related checks & filtering", which should avoid blocking by RBLs used within postscreen? Cheers, Nick

Re: Postscreen exceptions and blacklisting

On 8/9/2017 11:36 πμ, Nikolaos Milas wrote: What I am doing wrong in whitelisting them? Let me try to guess: should I use "permit" rather than "dunno" (in postscreen_exceptions.cidr)? If so, why "dunno" doesn't work? Shouldn't it whitelist a c

Postscreen exceptions and blacklisting

Hello, I have tried to whitelist some servers for postscreen, but I notice that they continue to get blocked if they are blacklisted. What I am doing wrong in whitelisting them? How can I successfully whitelist them so that they are not blocked even if they are blacklisted in a RBL/RSBL? H

Re: Switch from LDA to Postfix - Dovecot LMTP delivery (with virtual users)

On 4/8/2017 1:59 μμ, Alex JOST wrote: Dovecot needs to know about the user. What does 'doveadm user -u imaptes...@noa.gr' print? Thank you Alex, I just found the problem. After switching to LMTP, Dovecot receives from Postfix a fully qualified username, whereas with LDA it was receiving a '

Switch from LDA to Postfix - Dovecot LMTP delivery (with virtual users)

Hello, I am setting up a new box with Postfix 3.2.2 and Dovecot. Until now I have been using LDA delivery successfully. On the new server LDA setup works fine too, but I am considering to move to LMTP. IMPORTANT NOTE: It is important in my setup to keep functional all virtual_alias_maps & vi

Re: Migrating 2.11 to 3.2

On 27/7/2017 10:45 μμ, Peter wrote: You don't have to actually rebuild the src.rpms, although you certainly can if you want. There are binary rpms you can just install as per the directions at: http://ghettoforge.org/index.php/Postfix3 Yep, I know; As I've mentioned, I prefer to build agains

Re: Protecting mail addresses using check_sasl_access

On 26/7/2017 2:09 μμ, Nikolaos Milas wrote: Can you please confirm that this is a valid configuration? In the meantime I tested this configuration and it does work fine (as I expected)! Any other suggestions, pitfalls and/or comments? I surely appreciate any suggestions, pitfalls and/or

Re: Migrating 2.11 to 3.2

On 27/7/2017 1:50 μμ, Peter wrote: http://ghettoforge.org/index.php/Packages Right, that one is highly recommended, much better than attempting to install from source. OK, I followed your advice and I rebuilt the rpm(s) using: http://mirror.ghettoforge.org/distributions/gf/el/7Server/plu

Re: Migrating 2.11 to 3.2

On 27/7/2017 1:02 μμ, Pinter Tibor wrote: # rpm -ql postfix | grep files /usr/libexec/postfix/postfix-files Thank you all for your responses. Please see below: # rpm -ql postfix | grep files /usr/share/postfix/postfix-files rpm -qa postfix | grep postfix postfix-3.2.2-2.el7.cent

Migrating 2.11 to 3.2

Hello, We are moving to a new (virtual) server (from CentOS 5 with Postfix 2.11.6 to CentOS 7 with Postfix 3.2.2). I have moved the original configuration to the new server and Postfix won't start; I am getting: # systemctl status postfix postfix.service - Postfix Mail Transport Agent L

Re: Protecting mail addresses using check_sasl_access

On 26/7/2017 2:09 μμ, Nikolaos Milas wrote: /etc/postfix/protected_destinations: privlist1@example.comallowed_list1 privlist1@example.comallowed_list1 privlist1@example.comallowed_list1 Hmm, sorry, this part was meant to be: /etc/postfix/protected_destinations: privli

Protecting mail addresses using check_sasl_access

Hello, Since Postfix is now (since v2.11) providing more extensive sasl access restrictions, we are considering using the following model to protect particular addresses so that only specific users can send mail to them: /etc/postfix/main.cf: ... allowed_list1= check_sasl_acces

Re: Domain loops to itself

On 17/2/2017 4:12 μμ, Wietse Venema wrote: You missed the preceding warning that says why. - The server greets with the same hostname (in the 220 line) as the client wants to use (in the EHLO cdommand). - The server IP address matches $mydestination or $proxy_interfaces. Thanks Wietse, I di

Domain loops to itself

Hello, I have been using the following config without problems, but after I added the domain: hesperia-space.eu, mail to the new domain becomes undelivered with the error (example from one attempt to send mail): Feb 17 15:21:38 mailgw3 postfix/smtpd[17664]: NOQUEUE: reject: RCPT from mail-wr

Re: Blacklisting googlegroups

On 24/10/2016 6:46 μμ, Noel Jones wrote: header_checks can't be used there. Use a second check_sender_access instead. Thank you Noel, Your suggestion worked fine! The only change I did was to escape the + sign: /^oursuperclub-members\+bnc(.*)@googlegroups\.com$/ REJECT All the best, Nick

Re: Blacklisting googlegroups

On 24/10/2016 5:15 μμ, Fazzina, Angelo wrote: Can't you use REGEX to write a rule to catch them, and then decide what you want to do with those emails ? Would the following be valid? smtpd_recipient_restrictions = ... check_sender_access hash:/etc/postfix/blacklisted_senders head

Blacklisting googlegroups

Hello, I am using: smtpd_recipient_restrictions = ... check_sender_access hash:/etc/postfix/blacklisted_senders ... to blacklist certain senders in blacklisted_senders file. I would like to block a certain spam googlegroups mailing list but sender is not constant; it's like:

Re: Complaints due to helo restrictions

On 13/9/2016 8:52 μμ, Wietse Venema wrote: I'd use none of these. Thank you all for your feedback. Following Wietse's advice, I have removed these directives from the config. All the best, Nick

Complaints due to helo restrictions

Hello, We are running postfix v2.11.0 on CentOS 6.8 as a gateway server and we have recently imposed helo restrictions. Few servers have problems sending us mail due to the helo restrictions: Sep 8 09:35:37 mailgw1 postfix/smtpd[18791]: NOQUEUE: reject: RCPT from mail.ipta.demokritos.gr[143

Re: Porn spam killer PCRE

On 25/8/2016 7:46 μμ, Sean Greenslade wrote: Make sure the SPF rules have weights set, then check the spam report for a message. If SPF is working, you should see at least one of the SPF rules trigger for every message. Thank you Sean for all your help. I am focusing on amavisd-new / spamassa

Re: Porn spam killer PCRE

On 23/8/2016 11:58 μμ, Sean Greenslade wrote: Hope this is helpful, Thanks Sean for your time and eagerness to help. I appreciate it. I am planning to try your suggestions. I am using CentOS 6. Can you please let me know about the perl package SPF-related bug you mentioned? I have install

Re: Porn spam killer PCRE

On 20/8/2016 7:56 μμ, Sean Greenslade wrote: ... - Enable & configure per-user bayesan filtering - Increase allowed storage space for bayesan databases - Update a particular perl package to make SPF work (CentOS / RHEL specific bug) ... - Re-weight a bunch of internal rules, in particular the

Re: Porn spam killer PCRE

On 19/8/2016 5:29 μμ, Benny Pedersen wrote: fail2ban ? Thank you, I am already using fail2ban directly with the following rules: /etc/fail2ban/filter.d/: failregex = reject: RCPT from (.*)\[\]: 554 reject: RCPT from (.*)\[\]: 450 reject: RCPT from (.*)\[

Porn spam killer PCRE

Hello, Has anyone developed and/or maintains PCRE filtering for porn spam senders? (Something like https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre) I guess many sender / client domains could be filtered-away if they include keywords like "kiss", "girl", "date", "adult", "cute",

Re: Block certain prefixes/TLDs from accessing

On 12/8/2016 12:01 πμ, Nikolaos Milas wrote: The following works for me: smtpd_restriction_classes ... ... Forget this suggestion, it's used in a different context; and it's not complete either. Sorry for the confusion. Nick

Re: Block certain prefixes/TLDs from accessing

On 11/8/2016 11:49 μμ, Richard Klingler wrote: I've put it also now on the client restriction..but the message looks the same... Clients still can try to do SMTP AUTH... The following works for me: smtpd_restriction_classes = controlled_senders,allowed_list1 controlled_senders = check

Re: Block certain prefixes/TLDs from accessing

On 11/8/2016 11:34 μμ, Richard Klingler wrote: I have in the blacklist: 60.166.0.0/15 REJECT Have you restarted postfix after updating the cidr file? Nick

Re: Block certain prefixes/TLDs from accessing

On 11/8/2016 10:56 μμ, Richard Klingler wrote: Well I would have expected that the first entry in smtpd_recipient_restrictions... Actually, it seems you are confusing restrictions at different phases of mail handling. Read more carefully Noel's notes! (He explains things clearly!) Reading

Re: Block certain prefixes/TLDs from accessing

On 11/8/2016 1:25 μμ, Richard Klingler wrote: Is there an easy way to block a list of prefixes from accessing postfix? ... Preferably I would like to combine prefix and domain filtering as plain helo_checks won't allow regular expression for hostnames. I think you can use: smtpd_recipient_res

Re: RHEL / CentOS 7 RPMs

On 15/3/2016 9:26 μμ, Peter wrote: All you're doing here is doubling up on -DUSE_SASL_AUTH and changing hard-coded defaults to dovecot. Leave well enough alone and put your dovecot SASL settings in main.cf where they belong. Sorry for my ignorance, Thank you very much for all the clarificati

Re: RHEL / CentOS 7 RPMs

On 15/3/2016 11:44 πμ, Nikolaos Milas wrote: So, it seems that initially the above compilation options are disabled. Right? To answer my own question, in fact, it's the other way round! For example: %bcond_without ldap means ldap is enabled by default! And a second question: Cou

Re: RHEL / CentOS 7 RPMs

On 14/3/2016 8:56 μμ, Peter wrote: The -release RPM for CentOS 7 is at: http://mirror.symnds.com/distributions/gf/el/7/gf/x86_64/gf-release-7-8.gf.el7.noarch.rpm Thank you Peter, I took a first look at your Postfix3 SRPM package today. It looks well organized and updated. Before I move on

Re: RHEL / CentOS 7 RPMs

Thank you all for the feedback. Unfortunately, it seems that GhettoForge is currently (14 March) down (it shows some errors with a backtrace), while repo.mailserver.guru does not appear to include source rpms (SRPMs). If I am missing something, please point me to the right direction. It is i

RHEL / CentOS 7 RPMs

Hello, I would like to ask whether someone has worked on J. Mudd's RPMs (http://postfix.wl0.org/) to produce RHEL / CentOS 7 versions. The above site includes code for RHEL / CentOS versions 5 and 6 (not for all Postfix versions, but which can be adapted more or less easily for current Postf

Re: haproxy enablement issues

On 20/8/2015 10:48 μμ, Viktor Dukhovni wrote: Have the proxy connect to a dedicated smtpd(8) instance in master.cf listening on a dedicated ip/port. Allow only the proxy to connect there, and turn on haproxy support for just that instance. Thank you Wietse and Victor for your help. I've modi

Re: haproxy enablement issues

On 20/8/2015 2:41 μμ, Wietse Venema wrote: Postfix does not receive text followed by newline within the time limit (1 second). In other words the proxy doesn't send the HAPROXY header line. That does not happen automatically. You need to turn it on. It is turned on the proxy itself, but the l

haproxy enablement issues

Hello, I am using v2.11.6 on CentOS 5 (and 6 and 7), without postscreen (it's a final destination server, not accepting mail from the Internet). I have tried enabling the proxy protocol to make postfix log correctly user data when connections arrive from our haproxy proxy (currently in test

Re: MX Points to Loopback error

On 18/5/2015 9:54 μμ, Wietse Venema wrote: You should configure the MAILING LIST, so that it sends all mail, from all senders, with its own envelope sender address (for example, an envelope sender of owner-listn...@example.com). In the case of Postfix, and a mailing list that is configured in a

Re: MX Points to Loopback error

On 18/5/2015 8:41 μμ, Wietse Venema wrote: You need to distribute those submissions with an envelope adress sender set to a list-specific envelope sender address OK, as I understand I should use sender_canonical_maps to rewrite envelope sender. Should this new (rewritten) mail sender addres

Re: MX Points to Loopback error

On 18/5/2015 2:05 μμ, Wietse Venema wrote: The problem in this case is that you should send mailing list mail with a list-specific envelope sender address (for example, owner-project-...@noa.gr), instead of the original poster's sender address (mx...@lcc.uma.es). Don't use the list submissi

MX Points to Loopback error

Hi, We have set up one (of many) mailing lists using Postfix / LDAP as an alias. In one case, one of the members of the mailing list, has tried to send a message to the mailing list and it was delivered fine to all other members except to his own mail address: (expanded from ): host

Building a mail service with redundancy

Hello, In the past I have discussed some failover options for incoming mail. Now, I would appreciate your advice on outgoing mail (and POP3/IMAP mailbox access) in building a mail service with redundancy. We already have two production mail servers, vmail1 and vmail2, running postfix/dovecot

Re: High Availability

On 7/4/2014 8:17 πμ, Patrick Ben Koetter wrote: On Linux use DRBD to replicate mail queues between a pair of machines and crm to control a second Postfix instance that will be started locally to pickup any remaining mails once the partner machine dies. Hmm, I think DRBD is only advised in case

Re: Backup relay possible?

On 27/3/2014 6:18 μμ, Robert Sander wrote: I know that they are not "official" MX. The whole point is that you create an internal domain name with two MX records pointing to these servers. This is then used in your transport map and nowhere else. Hmm, interesting. It sounds a good idea! Thank

Re: Backup relay possible?

On 27/3/2014 4:47 μμ, Birta Levente wrote: I'm not sure and this is not tested, but maybe you can: transport_map: noa.gr relay1:[vmail.noa.gr] admin.noa.gr relay2:[vmail.noa.gr] add to master.cf: relay1 unix - - n - - smtp -o fallback_relay=[firstwhateverhost] relay2 unix - - n - - smtp -o fal

Re: Backup relay possible?

On 27/3/2014 5:04 μμ, Robert Sander wrote: You do not need A records, but you can instead add MX records with priority. This way your use case is implemented. No, these are not MXs. They are internal (final destination) servers. MXs are gateway servers relaying to the internal one (for which

Re: Backup relay possible?

On 27/3/2014 4:32 μμ, James Day wrote: noa.gr relay:noa.gr.local I have then configured A records for the multiple relay destinations, queries are then balanced in a DNS round robin fashion. Yes, I undertand. However, we don't want balancing (our traffic is low - but we want failover). In

Re: Backup relay possible?

On 27/3/2014 4:10 μμ, Birta Levente wrote: Not really IMHO AFAIK since you have two entries with same key in transport map, postfix will choose the first. I think this is the way: main.cf: fallback_relay=[vmail1.noa.gr] transport_map: noa.gr relay:[vmail.noa.gr] admin.noa.gr relay:[vmail.n

Re: Backup relay possible?

On 27/3/2014 2:04 μμ, Birta Levente wrote: http://www.postfix.org/postconf.5.html#fallback_relay Oh, thanks! So, since the two conditions are by default fulfilled: * In main.cf specify "relay_transport = relay", * In master.cf specify "-o fallback_relay =" (i.e., empty) at the end of

Backup relay possible?

Hello, On our gateway server, we have: transport_maps = hash:/etc/postfix/transportmap /etc/postfix/transportmap noa.gr relay:[vmail.noa.gr] admin.noa.grrelay:[vmail.noa.gr] nestor.noa.gr relay:[vmail.noa.gr] space.noa.grrelay:[vmail.noa.gr]

  1   2   3   4   >