On 30/01/25 15:11, Peter via Postfix-users wrote:
On 30/01/25 11:34, Josh Good via Postfix-users wrote:
Hello all.
Due to reasons which are best left untold, I am setting up a Red Hat 6.2
(classic edition) machine.
This system comes with Sendmail 8.9.3, and it mainly works just fine.
However
://developers.redhat.com/blog/2016/03/31/no-cost-rhel-developer-subscription-now-available#
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
along with actual steps that
you can take to fix the issue.
This is no worse, imo than any other type of logs, including Postfix
logs which can be difficult for a newcomer to fully understand and which
has collate to help organise the logs to better present them
rce 0` and if something
that wasn't working magically starts working then you know it's selinux.
If there's no denial entries in the audit log then it will indeed be
one of those "hidden" log entries and you will need to run a command
like you mentioned to be able to s
use I use after-220 tests so the
whitelists are important to allow legitimate servers to bypass those and
dnswl is not in and of itself sufficient to allow all the major ESPs to
bypass. Adding abusix, mailspike and senderscore has helped immensely
uld consider using port 465 (submissions) instead of 587 (submission).
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
:
From my main.cf <http://main.cf>:
Show the output of `postconf -Mf`
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
ASL implementation which means that postfix can be directly
linked (similar to the cyrus SASL libs) and offer this type of SASL
directly. I don't know if it's worth the trouble of implementing, but
it would seem to be at least close to what you're asking for which is
why I mentioned it.
On 22/12/24 19:53, Michael Tokarev via Postfix-users wrote:
22.12.2024 03:39, Peter via Postfix-users wrote:
On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example OAUTH2,
which, in terms of Cyrus SASL, does not work with
s own password or
key. It is true, however, that for ALL mechs some sort of
authentication token must be available in plain text at some point on
the client side.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an
s to do the actual
authentication. Client auth is only supported for cyrus but here
postfix actually does the authentication itself using the cyrus sasl
libs. It is entirely possible (and even quite common) to have a postfix
server which uses dovecot on the backend for serve
at under
normal circumstances allowing various different programs to directly
write to maillog can be a major security hole. This is not very
difficult to do, just run audit2why against your audit.log file with the
denials in it and it will tell you exactly what you need
s, or at least
not by default. This was a change in the expected norm and the cause of
quite a bit of logs getting dropped and not being noticed until the most
in-opportune time. Before journald writing to syslogd was reliable, you
could do so on any unix system and your log entry would get rec
time out before being woken up again (unless these settings are
changed). Please correct me if I'm wrong here.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
This is also quite easy using an Apache Redirect directive (or
equivalent for nginx, etc).
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
" (without the "s" on the end) is port 587.
Find the "smtps" or "submissions" section in your master.cf file and
uncomment it, then stop and start postfix.
Peter
___
Postfix-users mailing list -- postfix-users@
n to my server.
If that is really the case I would ditch Outlook faster than you can
blink and install and use Thunderbird instead ... just saying.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
spam
onto the other server. This includes things such as postscreen cache,
Bayes database files, etc.
I would recommend revisiting your reasoning for wanting a second server,
they are usually not needed and require a lot of extra work to set up
and maintain than just a single server.
ted problem address being rejected.
Just postconf -n. -f wasn't supported until 2.9.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
al 2.5
release was in February 2012. This isn't the only time MacOS has
carried an ancient version of some software and I highly recommend that
you use a much newer version. Even if/when you install on a new mac
there is a high probability that it won'
rnative ports on
their service for the very same reason.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On 28/10/24 20:07, Peter Ajamian via Postfix-users wrote:
On 28/10/24 20:02, Wesley wrote:
That VM provider Crunchbits blocks all traffic to external ports of
25, 587, 465, 2525 etc. under this case how the customer can access my
mailserver via SMTP for submissions?
Postfix can listen on
t the client is trying to send to. Just pick a port that they
*don't* block and use that.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
(smtp) should really be used for MX communication only and
not for relaying mail to a submission server.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
arious components can access.
This could all be done on the same host.
I don't know if this makes 127.0.0.1 "the norm" but it is far from an
unusual configuration.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.or
{ smtpd_client_restrictions = check_policy_service
unix:private/myservice }
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
chroot because they want to,
not because of any difficulty in making the change.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
link above?
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
tc
Of course it is possible you've configured your server's firewall to
block those but usually you would configure your server to block inbound
ports, not outbound.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsub
open the port.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
= 2048
This is fine, though keep what I said about other servers above in mind.
And in dovecot's 90-quota.conf I have the practical value set for virtual
mailbox size.
Right.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.o
will be larger, but it's not
recommended to set it to 0 (unlimited) as it is a protection against
certain SMTP attack vectors. If you're not sure about this just leave
it at the default unless / until you have a good reason to increase it
from this thread).
I take it this change would appear in Postfix 3.10.0?
Will this bump the minimum openssl version to 3.x? If so what would be
the exact minimum version? For my EL8 and 9 builds I can work with a
minimum openssl version <= 3.0.7.
Thanks,
Peter
ed on). It's just that I'm
toying with the idea of giving our users (who are mostly pretty savvy)
control over their own Spamassassin user_prefs files :)
That's all well and good, but it's not a bad thing to block additional
spam first if you can be reasonably certain t
ch of
those settings does (read the docs referenced below) and look up each of
those RBLs to see for yourself what they do and if they have any special
requirements for their usage (some require registration, etc).
Reference: postconf(5), postscreen(8),
On 5/08/24 07:38, Alex via Postfix-users wrote:
Hi,
On Sun, Aug 4, 2024 at 2:31 PM Jaroslaw Rafa via Postfix-users
mailto:postfix-users@postfix.org>> wrote:
Dnia 4.08.2024 o godz. 20:14:34 Peter via Postfix-users pisze:
> My best advice when forwarding to gmail is t
le, so it's not really a disadvantage here. At
the end of the day you've already gotten into bed with google no matter
which way you send your mail to them.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send
sue where forwarding SPAM can affect your IP
reputation with gmail.
Note that this only works with gmail, I'm not aware of other major ESPs
that offer this feature.
Further info and instructions:
https://support.google.com/mail/answer/21289
Peter
and mail.err and
just look at mail.log.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
sending servers should fall
back to plain text this is not a given and an increasing number of MTAs
are now enforcing TLS encryption. I would start by fixing this.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an
s, not the
customer. When it's time simply take the account back, he should not
have to relinquish it himself. It should be possible to easily transfer
his stored messages to his new account name. Depending on how generous
you're feeling you can offer to assist the custom
with
mariadb into the foreseeable future. From what I can tell
mysql_optionsv can be called exactly the same as mysql_options and it
should work fine.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an em
recommends mysql_optionsv()
instead:
https://mariadb.com/kb/en/mysql_options/
For now it should work, but we may end up needing to patch postfix once
again in the near future for this.
Peter
___
Postfix-users mailing list -- postfix-users@pos
. Given
this there is honestly very little to gain with a catchall in this regard.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
h is defined in master.cf. As previously
requested, please show the output of:
postconf -Mf
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On 29/06/24 15:16, Curtis J Blank via Postfix-users wrote:
Peter, my misunderstanding, sorry. This is what I discovered today in
my testing. I explicitly used 127.0.0.1 and not localhost or so I
thought, I explain that below.
Back on topic. I did some more testing. This was the spampd
is why I can't
understand why ::1:10025 was being used to do the SA connection and I
still need to determine that why.
We went by what you said in your OP. You never did post your config.
It would help a great deal if you would post the output
On 29/06/24 03:17, Curtis J Blank via Postfix-users wrote:
Well Peter all the "mynetworks =" that I have defined explicitly state
127.0.0.1 not localhost and all the logging shows 127.0.0.1 not
localhost. So that is why I say I am using 127.0.0.1. So I cannot follow
Ralph's sugg
::1 would likely be another way to resolve the issue.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Hello list,
is the precision of time in Postfix log files (version 3.8.4) configurable
(microseconds or milliseconds)?
Thanks in advance
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le
On 21/06/24 23:10, Matus UHLAR - fantomas via Postfix-users wrote:
Peter via Postfix-users skrev den 2024-06-21 08:45:
SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your
mail to be accepted:
1. HELO banner should pass SPF.
2. Envelope Sender should pass SPF.
3. Envelope
On 21/06/24 21:49, Jaroslaw Rafa via Postfix-users wrote:
Dnia 21.06.2024 o godz. 18:45:15 Peter via Postfix-users pisze:
SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your
mail to be accepted:
1. HELO banner should pass SPF.
2. Envelope Sender should pass SPF.
3. Envelope
nly or DKIM alignment only) but the more of those boxes that
you can successfully tick off the better chance you have for you message
to be accepted when things go wrong, or when a destination doesn't
implement one of the above checks properly.
Peter
___
automatic response. IMHO.
A better way would be to set the From: address to someone that will
actually respond from your organization (e.g. info@, help@, etc).
@Peter
My /etc/postfix/no-reply_reject contains lines like:
do-not-re...@domain.tld REJECT This mailbox is not attended/read. Do not
reply to
On 20/06/24 04:35, John Levine via Postfix-users wrote:
It appears that Peter via Postfix-users said:
On 19/06/24 18:51, Tan Mientras via Postfix-users wrote:
Hi
*Trying to setup email REJECT when users try to send to a no-reply email.*
There is no such thing as a no-reply email, there is
always reject, so the last two rules will always reject
regardless.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
quot;tls://..." or "ssl://" with a colon (:) not a semicolon (;).
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On 18/06/24 13:00, Jeff Peng via Postfix-users wrote:
On 2024-06-18 07:30, Peter via Postfix-users wrote:
On 17/06/2024 17:28, Paul Schmehl wrote:
How do you set up roundcube to not use authentication? I really
don’t need it since it’s on the same machine as the mail server.
What config
is is that you can then use settings such as
smtpd_sender_login_maps and reject_sender_login_mismatch in postfix to
control individual users from roundcube.
http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
http://www.postfix.org/postconf.5.html#reject_sender_login_mismat
On 17/06/24 17:16, Peter via Postfix-users wrote:
Without seeing logs and actual config settings I can only guess. One
thing to keep in mind is that there's two types of TLS connection,
implicit TLS and explicit TLS. Implicit TLS connects to a port
dedicated to TLS connections
-confirmed_reverse_DNS
* Make sure that SPF, DKIM and DMARC are correctly configured.
* Sign up for www.dnswl.org
* Check for DNSRBL entries: http://multirbl.valli.org/
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an
On 17/06/24 16:49, Paul Schmehl via Postfix-users wrote:
On Jun 16, 2024, at 10:30 PM, Peter via Postfix-users
wrote:
It's likely that roundcube is not configured for TLS and postfix is (as it
should be) configured not to offer AUTH until TLS is established.
Yes, postfix is configur
ething in the config. I’m wondering if roundcube is not
even attempt auth because postfix isn’t announcing it as a service that
it offers.
It's likely that roundcube is not configured for TLS and postfix is (as
it should be) configured not to offer AUTH until TLS is established.
Peter
___
On 5/06/24 19:23, Peter via Postfix-users wrote:
On 5/06/24 16:20, Viktor Dukhovni via Postfix-users wrote:
Original text:
Is there a link to the announcement online?
I see it's from the mailop list which, unfortunately has the archives
set private so it doesn't help me to be ab
On 5/06/24 16:20, Viktor Dukhovni via Postfix-users wrote:
Original text:
Is there a link to the announcement online?
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
.
How can I make that?
Either:
http://www.postfix.org/postconf.5.html#check_sasl_access
...or...
http://www.postfix.org/postconf.5.html#check_sender_access
...or you can configure your SASL backend (dovecot or cyrus) to only
allow access to the single user.
Peter
On 25/05/24 01:37, Matus UHLAR - fantomas via Postfix-users wrote:
He mentioned that on postfix with "smtpd_tls_auth_only=yes" (the
default) authentication is only available when TLS is active
The default is no, but it is very common to have it set to ye
stfix/blob/postfix-3.4/postfix/conf/master.cf#L29
...vs the current postfix:
https://github.com/vdukhovni/postfix/blob/master/postfix/conf/master.cf#L39
...and note that in both cases there is a -o smtpd_sasl_auth_enable=yes
line.
Peter
___
Postfix-
port 25 anyways the
smtpd_tls_auth_only is immaterial to port 25 connections. This setting
does not disable plain text connections it simply disables SMTP
authentication over plain text connections.
Peter
___
Postfix-users mailing list -- postfix
:)
You may very well not see AUTH even if it's enabled with this test
depending on the smtpd_tls_auth_only setting.
If you want to be sure use openssl s_client for your test.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.o
On 25/05/24 00:29, Benny Pedersen via Postfix-users wrote:
Northwind via Postfix-users skrev den 2024-05-24 14:17:
so, in main.cf:
smtpd_sasl_auth_enable=no
comment this out in main.cf, it already default no
It's fine to have it, it's simply redundan
o the
submissions (or may be smtps) section as well.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
On 24/05/24 21:32, Matus UHLAR - fantomas via Postfix-users wrote:
On 24.05.24 12:00, Peter via Postfix-users wrote:
And the OP is referring to SASL AUTH attacks which are for submission,
not MX connections.
But some of those log lines mention postfix/smtpd, which means they
happen on port
le in main.cf and instead explicitly set it on your
submission and/or submissions service in master.cf instead. When it
comes to things like this it is generally better to default to off and
explicitly turn on rather than default to on and explicitly turn off.
s to pick a different
username to their primary mailbox email address can be problematic.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
orts where reject_rbl_client and/or
zen.spamhaus.orgshould not be used.
And the OP is referring to SASL AUTH attacks which are for submission,
not MX connections.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email
e of such being a null
client such as submitting mail from a server.
Also this should *not* be a substitute for SASL AUTH, but rather an
added check.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
ld be
smtpd_sasl_mechanism_filter.
or, in dovecot.conf, set:
auth_mechanisms = plain
Indeed, probably both is the way to go.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
r from your ISP.
He's having problems with authentication attempts. This is a bad idea
for submission as it would effectively block home users from submitting
email.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscr
be careful not to block port 25
connections with this and realize that if you or your users ever intend
to do any travelling this could be problematic.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to pos
On 16/05/24 23:40, Jaroslaw Rafa via Postfix-users wrote:
Dnia 16.05.2024 o godz. 12:05:52 Peter via Postfix-users pisze:
On my side the email is accepted from here, and relayed, Rspamd
does sign it, and Postfix's last message in the log is a message
sent delivered, and removed from my que
, an SPF and DKIM both pass.
I am open to suggestions.
It's probably just IP reputation and you need to let it build up with
google, but see:
https://support.google.com/mail/answer/81126
Peter
___
Postfix-users mailing list -- postfix-users@
Thank you very much Victor, You put me on the right track. I should have
checked the access databases more closely.
Peter
Am Mo., 13. Mai 2024 um 12:18 Uhr schrieb Viktor Dukhovni via Postfix-users
:
> On Mon, May 13, 2024 at 11:56:30AM +0200, Peter Uetrecht via Postfix-users
> wrote:
&
r orig_to recipients in "other.domain".
Thanks in advance for any help on where to start
Peter
Here comes my setup:
# postconf -c /etc/postfix-common/ -nf
alias_maps = hash:/etc/aliases
append_at_myorigin = no
authorized_submit_users = root
bounce_queue_lifetime = 3d
compatibility_lev
= ipv6, inet_interfaces = a:b:c::d, mynetworks,
smtpd__restrictions, etc).
Am I on the right track with the previous paragraph, or is/are there
better way(s) to accomplish this?
Sincerely,
Peter
___
Postfix-users mailing list -- postfix-users@postfix.o
On 25/04/24 19:42, Benny Pedersen via Postfix-users wrote:
Peter via Postfix-users skrev den 2024-04-25 09:19:
On 15/04/24 10:14, Benny Pedersen via Postfix-users wrote:
Authentication-Results list.sys4.de; dkim=pass
header.d=porcupine.org; arc=none (Message is not ARC signed);
dmarc=pass
27;re going to run down the postfix list for your
own failure at least have the decency to do it *on* the postfix list.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
e sender and From:
header are all changed to postfix.org so it's all in alignment.
Just to be clear, both porcupine.org and postfix.org have SPF and DKIM
policies and Wietse's messages pass both when passing through the list.
Peter
___
Pos
On 21/02/24 12:40, Wietse Venema via Postfix-users wrote:
Peter via Postfix-users:
A quick status update.
First, several features have been logging warnings that they would
be removed for 10 years or more, so we could delete them in good
conscience (perhaps keeping the warning with the
postfix start, start-fg,
check, reload, or status.
Just a quick thought here. I think it would make sense to release this
as Postfix 4.0 since removing and deprecating a large number of features
should probably be considered quite a major change.
Peter
7;m not sure
I ever managed to set it up successfully, however.
Right, postscreen has similar functionality to greylisting, but since it
has a different goal there are some features of postgrey that aren't
present in postscreen.
Peter
___
Postfi
ge*, so in a manner of speaking the message is still valid and a
different connection might accept it (e.g. by attempting a different
MX). An MTA that wants to reject the message should should wait until
after the RCPT TO command to reject the actual message
nding server to
defer (disconnect and try again later). This is very similar to how
greylisting works.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
this approach.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
ther things you do for mail that you
originate (SPF, DKIM, DMARC, etc).
Good luck,
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
t; has any significant workload (VirtualBox host). The others are all test
> beds.
Glad to hear you've upgraded nearly all of your machines, though I would
have recommended a different approach to Elevate (as stated above).
Peter
___
Post
asier programs to build in my experience.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
e
responsibility on Wietse to try to build binary rpms for every distro
under the sun.
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Dear Viktor, dear Wietse,
thanks again for your vigilant eyes.
On 2024-01-05 19:31:35 +0100, Viktor Dukhovni via Postfix-users wrote:
On Fri, Jan 05, 2024 at 06:46:01PM +0100, Peter Wienemann via Postfix-users
wrote:
RFC 2033 says: "The LMTP protocol is identical to the SMTP protocol
Dear Wietse,
thanks for your careful review.
On 2024-01-05 16:11:56 +0100, Wietse Venema via Postfix-users wrote:
Peter Wienemann via Postfix-users:
smtp(8):
The Postfix SMTP+LMTP client supports multiple destinations
1 - 100 of 888 matches
Mail list logo
