* Viktor Dukhovni via Postfix-users :
> On Wed, Nov 27, 2024 at 10:38:45AM +0100, Ralf Hildebrandt via Postfix-users
> wrote:
>
> > Yep, that's matching. Prior to that I was running postfix-3.10-20241027
> > I'm reverting back to postfix-3.10-20241027 for the time
* natan via Postfix-users :
> Hi
> Today i run setup postfix+milter-regex.sock
>
> Some times in log I get:
>
> tail -f /var/log/mail.log |grep milter
> Dec 5 11:23:03 mx-node2 postfix/cleanup[45922]: warning: connect to Milter
> service unix:/var/run/milter/milter-regex.sock: No such file or d
* Sad Clouds via Postfix-users :
> Hello, I'm trying to understand various Postfix pipelines. I'd like to
> ask a few questions:
>
> 1. Hold and corrupt queues. Which processes can automatically move
> messages directly to these queues? Is this only done by cleanup(8) and
> qmgr(8) or are there ot
> Do you have some front-end before your Postfix (for example some UTM device
> that is filtering mail traffic)?
No
> Because the strange rejection message that
> is not generated by Postfix somehow correlates for me with "canceled" in
> your logs.
That's what I thought. Rspamd is connected via
* Ralf Hildebrandt via Postfix-users :
> I checked the occurence of "queueid: canceled" in my logs and found:
20241112
Logging: the cleanup server now logs "queueid: removed (reason)" where "reason"
is either "canceled" (message
transaction not c
> I don't see "SMTPSEND.BareLinefeedsAreIllegal" anywhere, and what does
> "4XszWZ50W6z1Z3Bh: canceled" signify?
I checked the occurence of "queueid: canceled" in my logs and found:
mail.2024-11-01.log.xz:0
mail.2024-11-02.log.xz:0
mail.2024-11-03.log.xz:0
mail.2024-11-04.log.xz:0
mail.2024-11-0
Today somebody sent me this bounce:
--- snip ---
Generierender Server: s-mx16-dhz01.charite.de
somerecipi...@innere.med.uni-giessen.de
mail-cvk.charite.de
Remote Server returned '550 5.6.11 SMTPSEND.BareLinefeedsAreIllegal; message
contains bare linefeeds, which cannot be sent via DATA and recei
* Wietse Venema via Postfix-users :
> And for some reason mail from list.sys4.de has adds no DELIVERED-TO: header
> that would have (also) stopped this loop.
That has also been added while we were at it.
> Can that (also) be fixed? If mail is delivered with LMTP, please add
>
> -o flags=D
* Wesley via Postfix-users :
> > > Perhaps a Mailman "tuneup" is possible to harden it against this sort
> > > of loop.
> >
> > Victor an I had a look and made some changes. I hope this mail goes
> > through :)
>
> Why they had a chinese string added in the subject?
Because some chinese server
> Perhaps a Mailman "tuneup" is possible to harden it against this sort
> of loop.
Victor an I had a look and made some changes. I hope this mail goes
through :)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel.
* Wietse Venema via Postfix-users :
> Tomas Habarta via Postfix-users:
> > Ralf, looking at the log on one of the servers (Postfix 3.9), I can see
> > this:
> >
> > ... smtpd[435179]: NOQUEUE: hold: RCPT from xx[a.b.c.d]:
> > : Sender address triggers HOLD action;
> > from= to= proto=ESMTP helo
Just a minor issue: When a access(5) maps is causing a mail to be
held, I don't see any log line indicating this.
Yes, the mail is on hold, but when I want to check WHY the mail was
put on hold.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraß
* Paul Martin via Postfix-users :
> Hello,
>
> postfix mailq contains differents mails from differents domains.
from or to? I rather think "to"
> Is it possible to have different "maximal_queue_lifetime" in postfix
> depending on the domain names ?
No really. You could have a "long" maximal_qu
* Bryan K. Walton via Postfix-users :
> It then sent a bounce message to root's mailbox. The bounce message
> included a delivery report and the undelivered message headers.
> However, the rest of the original email was removed.
Try increasing bounce_size_limit
bounce_size_limit = 5
(default
* Viktor Dukhovni via Postfix-users :
> Making REDIRECT match naïve user expectations,
ey! :)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@ch
* Wietse Venema via Postfix-users :
> Is this an unexpanded virtual alias?
Yes
> The 'redirect' recipient is not subject
> to canonical mapping, masquerading, or virtual alias mapping.
That explains it.
> There were two recipients: the BCC recipient that was found in
> recipient_bcc_maps, and
> Jul 31 09:24:13 mail-cbf-int postfix/error[2664442]: 4WYk9n2SK3z20ycy:
> to=,
> orig_to=, relay=none,
> delay=0.62, delays=0.57/0.02/0/0.03, dsn=5.1.1, status=bounced (User unknown)
It works, if I replace toscx.hrn...@charite.de with the actual mailbox
address after address expansion (thrn...
We have an always_bcc setup in place for incoming mails:
recipient_bcc_maps = pcre:/etc/postfix/backup_bcc.pcre
/^(.*)@charite\.de$/backup+${1}=charite.de@backup.invalid
Now I tried to redirect mails from my private address sent to anybody
at charite.de to be redirected to someone el
* Philthy Steel via Postfix-users :
>
> Thanks Ralf
>
> I run f2b - ill put something on the ignore list and try again.
I'm able to connect now. The mail should have been delivered.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 |
* Gary R. Schmidt via Postfix-users :
> Hmm, I was able to probe it using smtp2go, so I thought I'd see what telnet
> does for me here in Oz...
So was I (from charite.de), but not from list.sys4.de
There must be some selective blocking in place!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abtei
* Ralf Hildebrandt via Postfix-users :
> > however i dont get a message from the mail list and checking syslog shows
> > there was no contact to the server ?
>
> 4WY0w161l3z1018 1994 Tue Jul 30 05:24:49
> postfix-users-boun...@postfix.org
>(connect
> however i dont get a message from the mail list and checking syslog shows
> there was no contact to the server ?
4WY0w161l3z1018 1994 Tue Jul 30 05:24:49 postfix-users-boun...@postfix.org
(connect to mail.philfixit.com.au[203.45.14.55]:25: Connection refused)
* Viktor Dukhovni via Postfix-users :
> > Is this intentional or a side-effect?
>
> I'm guessing you have "smtpd_reject_unlisted_sender = yes"?
Yes.
> In that case, this'd be expected.
OK! I was just wondering if I missed a reference somewhere in the
docs, since I didn't really see this being
Hi!
ever so often im using transport entries to bounce typo domains or
"noreply" addresses prio to the expiration after $maximum_queue_lifetime.
Something like:
noreplytoMMS.telekom.de error:5.1.2 Doesn't accept mail
But I noticed that this also causes mails with the sender
domain/address bein
* Katherine via Postfix-users :
> Hello list,
>
> We run a small corporate mail server. Recently, we have been sending mail
> to a server, and the server always defers the mail with a 4xx code.
Stuff like this happens.
> doesn't the server just reject it (5xx code)? This deferral is very
> confu
* postfix--- via Postfix-users :
> I have noticed in most deliveries, servers are issuing two ehlo commands. For
> example:
>
> postfix/smtpd[232271]: disconnect from talvi.dovecot.org[94.237.105.223]
> ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
One EHLO before STARTTLS and one
* Gino Ferguson via Postfix-users :
> Hi,
>
>
> We have a relay server which has been working fine (postfix 3.3.0-1ubuntu0.4)
>
> Now there are ~20K mails in the active queue for a certain recipient and they
> are just sitting there.
mailq is reporting what reason?
> Such an email just comes
* Allen Coates via Postfix-users :
> > Better yet, don't be lazy, include a fingerprint string in your RHS
> > reject rule values.
> Postscreen doesn't have the option of unique RHS fingerprints; nonetheless,
> it would useful to see which (of several)
> ACLs was rejecting an incoming connectio
Hi!
I wonder if this is possible:
If a PCRE/regexp style map is triggering, it can be quite hard to
find out WHICH pattern actually caused the action.
So maybe postmap (when invoked with "-b", "-h" or "-q key") could emit
which regular expression (or which line it was in) actually matched.
Yes,
* Viktor Dukhovni via Postfix-users :
> Note that if you want the actual recipient addresses, (not just a
> count),
I just need the count in this case
> you'll need to also intercept recipient restrictions.
oh!
> The Postfix smtpd(8) server does not keep the recipient list in memory, the
> lis
* Matus UHLAR - fantomas via Postfix-users :
> > envelope sender address and number of recipients.
>
> not authenticated user? ;-)
Yes, I'm also checking if the come from our exchangeserver.
> if you want to see/process mail size, using it in
> smtpd_end_of_data_restrictions is necessary.
> if
I'm using postfwd3 as a policy service for rate limiting based on the
envelope sender address and number of recipients.
We're both limiting "freemailer" senders (they can only reach a low
number of internal recipients before being restricted) as well as our
internal users (they can only reach a lo
> postfix/submission/smtpd[23263]: NOQUEUE: reject: RCPT from
> unknown[21.193.143.55]: 450 4.1.1 : Recipient address rejected:
> unverified address: unknown mail transport error; from=
> to= proto=ESMTP helo=
The verification fails with a "unknown mail transport error"
Check the logs (on both
> i am running Postfix 3.4.14 and try to set up mailrouting to multiple
> smtp hosts.
> transport_maps = hash:/etc/postfix/mailertable
>
> example.com smtp:[mx1.foobar.com],smtp:[mx2.foobar.com]
>
> However i get:
> fatal: garbage after "]" in server description:
> [mx1.foobar.
> Would it be possible to log at least the queue-id as well? Also sender
> and/or recipient would be nice ;-) Or is it for security that no more
> information is logged?
20240104
Cleanup: when the Postfix SMTP server rejects bare ,
log the helo, mail and rcpt information if available. Files:
smtp
http://ftp.porcupine.org/mirrors/postfix-release/index.html
lists:
http://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-3.9-20240109.tar.gz
http://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-3.9-20240109.HISTORY
both of which report:
The requested URL
/mirro
* Wietse Venema via Postfix-users :
> As a few on this list may recall, it is 25 years ago today that the
> "IBM secure mailer" had its public beta release. This was accompanied
> by a nice article in the New York Times business section.
Ah, it's today. Recently I scrolled through the Changelog a
* Chris Green via Postfix-users :
> On Tue, Dec 05, 2023 at 05:41:11PM +0100, Ralf Hildebrandt via Postfix-users
> wrote:
> > * Chris Green via Postfix-users :
> >
> > > mydestination =
> >
> > no mail is delivered locally. Thus "/etc/aliases&quo
* Chris Green via Postfix-users :
> mydestination =
no mail is delivered locally. Thus "/etc/aliases" doesn't get to do
anything
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155 | Fax:
* duluxoz via Postfix-users :
> A quick question (just to clarify things in my own mind):
>
> If `non_smtpd_milters = $smtpd_milters`, does this mean that an email
> received on port 25 passes through the milters twice; once for the
> `smtpd_milters` (from the `smtpd(8)` process) and again for the
* Linkcheck via Postfix-users :
> If someone wishes to check this, a typical form (which is sent to me with
> copy to "you") is at
> https://www.linkcheck.co.uk/
> under menu option Contact & Enquiries.
I tried your form:
Authentication-Results: mail-cbf-ext.charite.de;
dkim=pass heade
* Wietse Venema via Postfix-users :
> Wietse Venema via Postfix-users:
> > If you use defer_transports to freeze mail deliveries, then some
> > messages may get close to the bounce_queue_lifetime, meaning that
> > Postfix will try to deliver them only once.
>
> And that was incorrect. defer_transp
* Matus UHLAR - fantomas via Postfix-users :
> > And thus the solution is: Don't use the dnsbl in postscreen, but ONLY
> > in spamassassin/rspamd instead.
>
> No problem, you can safely use postscreen with multiple DNSBLs and DNSWLs.
> - just don't rely on single hit, unless it's your own DNSBL.
* Matus UHLAR - fantomas via Postfix-users :
> On 02.11.23 10:49, Ivan Ionut via Postfix-users wrote:
> > Hi, it's possible that postscreen does not block the email when
> > postscreen_dnsbl_threshold is reached but to pass that email to
> > spamassassin(with a score and a tag).
>
> Postscreen do
Hi!
Since this morning, various MX hosts in *.mail.protection.outlook.com
reporting are reporting back temporary errors for us:
Exhibit A)
host ohri-ca.mail.protection.outlook.com[104.47.75.228] said: 452 4.5.3 Too
many recipients (AS780090) [YQBCAN01FT018.eop-CAN01.prod.protection.outlook.com
* Ralf Hildebrandt via Postfix-users :
> * Stanislav via Postfix-users :
> > Greetings,
> >
> > After upgrading from postfix 3.7.3 to postfix 3.8.2, I've noticed my email
> > is not signed with DKIM anymore. After further investigation, I've found
> &
* Stanislav via Postfix-users :
> Greetings,
>
> After upgrading from postfix 3.7.3 to postfix 3.8.2, I've noticed my email
> is not signed with DKIM anymore. After further investigation, I've found
> that Postfix ignores milter on outgoing emails (incoming goes through milter
> ok).
How is the m
* Joey J via Postfix-users :
> I have been getting a ton of pipelining errors over the past few weeks and
> I can't figure out why.
I'm not seeing any here, so let's focus on what you're posting here.
> It keeps saying queue write error, but disk & cpu performance is good, disk
> space is good.
> smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
> smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
Try adding:
smtp_tls_key_file = $smtpd_tls_key_file
smtp_tls_cert_file = $smtpd_tls_cert_file
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmed
* Patrick Ben Koetter via Postfix-users :
> Greetings,
>
> I was wondering if there's something similar to warn_if_reject when it comes
> to dry-run / test-run MILTER applications in Postfix. The documentation on
> warn_if_reject does not mention MILTERs, which usually means the feature isn't
> t
* Tom Reed via Postfix-users :
>
> Dear lists,
>
> I in fact use rarely this mailbox: t...@dkinbox.com
> But today I found both my domain "dkinbox.com" and the mailserver IP:
> 38.45.66.54 are listed into spamhaus "css" and "dbl" blacklists.
Checking https://multirbl.valli.org/lookup/38.45.66.54
* Scott Kitterman via Postfix-users :
> DKIM has no policy mechanism associated with it, so there's no basis in any
> standardized mechanism to determine if a DKIM failure should be cause for
> rejection. I don't think it makes logical sense to treat a message with a
> DKIM signature that fail
* Tom Reed via Postfix-users :
> Hello
>
> How can I implement the following feature?
> the messages sent to:
>
> foo+la...@sample.com
> foo+lab...@sample.com
> ...
>
> all them will be delivered into:
> f...@sample.com
recipient_delimiter = +
--
Ralf Hildebrandt
Geschäftsbereich IT | Abtei
* Corey Hickman via Postfix-users :
> Hello list,
>
> We have 3 smtp servers for sending messages. When mail in one server has
> delivery issue, how can we setup it to use another more servers for
> second/third delivery?
You could use smtp_fallback_relay
--
Ralf Hildebrandt
Geschäftsbereich
> smtpd_recipient_restrictions =
>permit_mynetworks,
>permit_sasl_authenticated,
>reject_unauth_destination,
>check_policy_service unix:private/policyd-spf,
>reject_rbl_client zen.spamhaus.org,
>reject_rbl_client bl.spamcop.net
>
> When I sent message from a Spamhaus Zen li
* Wietse Venema via Postfix-users :
> Start by looking for "@domain" wildcards in virtual_alias_maps or
Somewhat related: I was under the impression that virtual_alias_maps
"@domainA @domainB" did NOT break recipient verifiction. Or am I
hallucinating?
--
Ralf Hildebrandt
Geschäftsbereich IT
* Israel britto via Postfix-users :
> Hey, I have a strange problem, my incoming queue is growing and my
> active and deferred queues are low on queue items. I checked and I
> have a lot of incoming mailer-daemon and double-bounce emails, is
> there a way to discard these messages?
Read them usin
* Corey Hickman via Postfix-users :
> Since almost every sending MTA has the queues, do I need a secondary MX for
> my domain email?
I don't know if the RFC mandate it, but nowadays everbody knows
better, so WTF.
> I am afraid the secondary MX was abused by spammers.
Indeed. The secondary basic
* Aosars Repository via Postfix-users :
> Hi all,
> I have installed postfix on Ubuntu server 22 and configured to use gmail
> smtp.But it fails to send mails.
The log should inform you why it's failing.
I have a config snippet here:
main.cf:
smtp_use_tls=yes
relayhost = smtp.gmail.com:587
# w
* Gino Ferguson via Postfix-users :
> Can you explain me the practical difference between relay and smtp delivery
> on a relay server?
The "relay" and "smtp" service are both "smtp" services.
But: If you seperated "relay" from "smtp" you can do stuff like:
defer_transports = relay
without af
* Benny Pedersen via Postfix-users :
> Mar 17 11:38:31 localhost postfix/smtpd[22150]: lost connection after
> STARTTLS from list.sys4.de[2a03:4000:10:51d:b8ce:63ff:feca:a5a0]
> Mar 17 12:09:10 localhost postfix/smtpd[23415]: lost connection after
> STARTTLS from list.sys4.de[2a03:4000:10:51d:b8c
> The books Michael writes are little gems, nice to read, often funny,
> always "to-the-point" and not expensive. This might be his most
> important (technical) book.
I took a quick glance, and Chapter 0 is looking good!
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité -
* Patrick Ben Koetter via Postfix-users :
> approach to subscriber self management. Once you've become a registered
> MLM platform participant you can easily change settings that will apply to all
> lists you've subscribed to in one place. I consider that a great usability
> benefit for subscriber
63 matches
Mail list logo
