Re: Port 25 Throttling?

On Monday, 29 March 2021 9:34:13 AM AEDT Wietse Venema wrote: ... > Third, look with mtr at the latency pattern. If part of your traffic > goes over a satellite, of if it is tunneled to some far-away country, > then you will see a big jump. Unfortunately, mtr does not support > tcp so you can't do

Re: Sender restriction to reject message with multiple from addresses

On Saturday, 10 October 2020 1:59:33 PM AEDT Demi M. Obenour wrote: > On 10/9/20 9:48 PM, Viktor Dukhovni wrote: > >> What are the semantics of a From: header with multiple addresses? > > > > The message purports to be the work of multiple authors. Such a message > > is required to have a "Sender

Re: Postfix with DKIM for a mail relay

On Thursday, 7 November 2019 4:23:20 AM AEDT Dominic Raferd wrote: > ... > The main problem with DMARC is that some mailing lists (not this one, > I believe) mess it up, so I would suggest not to use it with > p=quarantine or p=reject on any domain where users are likely to post > to mailing lists.

Re: How to tell my ISP there's a problem

On Monday, 17 June 2019 7:48:05 PM AEST Chris Pollock wrote: > Apologies if the subject is vague however I'll attempt to explain > further. I run a cron job once a day that updates my Spamassassin > rules. Up until a couple of weeks ago I would get the output of that > cron job mailed to me. For so

Re: How to reject mails where from address and to address is myself.

On Tuesday, 28 May 2019 9:19:09 PM AEST an...@ursc.gov.in wrote: > Dear List, > > Lot of SPAM mails are being received where from and to address is > myself and the mail has contents which are dirty/bad. > > The original sender id will be different. > > How to handle such mails. The best way is

Re: OT: Sender header vs DKIM

On Friday, 26 October 2018 12:53:48 AM AEDT Scott Kitterman wrote: > On October 25, 2018 10:56:53 PM UTC, Richard James Salts wrote: > >Hi all, > > > >This is offtopic in regards to postfix but I bring it up because of the > >last > >few emails I've sent to

OT: Sender header vs DKIM

Hi all, This is offtopic in regards to postfix but I bring it up because of the last few emails I've sent to the postfix mailing list. I was originally signing all the headers mentioned in rfc6376 section 5.4, whether they existed or not and mails to postfix mailing list failed because of the

Re: Restricting From:

On Monday, 30 October 2017 7:52:05 PM AEDT micah anderson wrote: > ehlo, > > tl;dr: Is there really no way in postfix to restrict what "From" headers > a user may specify? > > For outgoing mail, we would like to restrict the "From" header to match > the address users SASL authenticate with, or is

Re: Testing reject_unknown_client_hostname

On 10/03/17 12:44, Viktor Dukhovni wrote: On Mar 9, 2017, at 8:22 PM, MRob wrote: So is there any restriction that compares the client IP mapping with the HELO hostname? Nothing built-in Is that a bad idea? Yes. Unless the system you're receiving email from publishes a CSA record. You wo

Re: SSL Certificates

On 15 February 2017 8:34:55 PM AEDT, Viktor Dukhovni wrote: > >> On Feb 15, 2017, at 4:27 AM, Henry wrote: >> >> With this being the case what is the point of using SSL certificates >> for sending? > >I repeat myself. Typically none. They largely only cause some harm. > >> There is a long d

Re: SSL Certificates

On 15 February 2017 6:47:31 PM AEDT, Viktor Dukhovni wrote: > >> On Feb 15, 2017, at 2:27 AM, Sebastian Nielsen >wrote: >> >> In Gmail jargong, means you have to set up SPF, DKIM and DMARC >records. > >Please do not encourage novice users to configure DMARC. This does >much >more harm than g

Re: envelope/header rewriting for a single client

On 11/11/16 11:00, b...@bitrate.net wrote: On Nov 10, 2016, at 17.17, Noel Jones wrote: On 11/10/2016 4:05 PM, btb wrote: hi- i have an "appliance" which submits mail. it's inflexible, unfortunately, and uses crappy values for the envelope sender and the from: header. i have communicated wi

Re: Policy server problem: connection timed out or connection reset by peer

On 19/08/16 11:32, Zhang Huangbin wrote: Dear Bill, Thanks very much for helping. On Aug 19, 2016, at 4:17 AM, Bill Cole wrote: What do you mean "run" the policy service? It's a python program. Which must be running in order for it to be listening for connections. Likely mechanisms would

Re: Policy server problem: connection timed out or connection reset by peer

On 18/08/16 10:46, Noel Jones wrote: On 8/17/2016 7:26 PM, Zhang Huangbin wrote: On Aug 18, 2016, at 12:17 AM, Noel Jones wrote: Have you defined a time limit as described in http://www.postfix.org/SMTPD_POLICY_README.html#client_config The default time limit of 1000s may be too short. My pol

Re: reject_non_fqdn_sender not working?

On 23/05/16 12:58, Alberto Lepe wrote: On Mon, May 23, 2016 at 11:47 AM, Bill Cole > wrote: On 22 May 2016, at 22:31, Alberto Lepe wrote: In my understanding, "reject_non_fqdn_sender" should have blocked this email

Re: Telnet auth

On 19/05/16 00:38, Wietse Venema wrote: Wietse Venema: A brief example: /etc/postfix/sender_access: example.comreject Sender address requires authentication other.example reject Sender address requires authentication Do "postmap /etc/postfix/sender_access", then add this

Re: OT: TLS and SNI (was Re: Postfix 3.1 and TLS Cert Files)

On 10/03/16 09:32, Curtis Villamizar wrote: In message <56dfcd11.5010...@spectralmud.org> Richard James Salts writes: On 09/03/16 06:44, Viktor Dukhovni wrote: On Mar 8, 2016, at 2:31 PM, Curtis Villamizar wrote: With HTTP the server cert is provided after HTTP identifies which virtua

Re: Postfix 3.1 and TLS Cert Files

On 09/03/16 06:44, Viktor Dukhovni wrote: On Mar 8, 2016, at 2:31 PM, Curtis Villamizar wrote: With HTTP the server cert is provided after HTTP identifies which virtual host it thinks its talking to. The IP address along gives no clue. That connection is then used only for that virtual host

Re: Empty sender question

On Thu, 18 Jun 2015 11:36:01 Bill Cole wrote: > On 17 Jun 2015, at 3:00, Michael Peter wrote: > > Hi, > > > > I understand that postfix send bounces or failed delivered > > notifications > > using empty sender. > > As does every MTA which in compliance with the SMTP standards of the > past >25 ye

Re: Sanity check

On Thu, 19 Feb 2015 06:32:29 John wrote: > On 2/16/2015 10:29 PM, Viktor Dukhovni wrote: > >> smtp_tls_cert_file = /root/ssl/certs/$mydomain.mail.pem > >> smtp_tls_key_file = /root/ssl/private/$mydomain.mail.key > > > > Are there any destinations for which you need client certs to gain > > access?