Was it smtp_tls_policy_maps perhaps?
--
Rick King
- On May 11, 2021, at 12:09 PM, Noel Jones njo...@megan.vbhcs.org wrote:
On 5/11/2021 12:28 PM, Maurizio Caloro wrote:
> Hello
>
> Mail_version = 3.4.14
>
> postconf: warning: /etc/postfix/main.cf: u
Ahh! Makes sense Viktor, thank you very much!
Best Regards,
--
Rick King
- On Feb 2, 2021, at 1:48 PM, Viktor Dukhovni postfix-us...@dukhovni.org
wrote:
On Tue, Feb 02, 2021 at 02:54:00PM -0500, Rick King wrote:
> However, I haven't been able get BCC to multiple recipients to
Thank you very much Wietse!
Best Regards,
--
Rick King
- On Feb 2, 2021, at 1:45 PM, Wietse Venema wie...@porcupine.org wrote:
Rick King:
> Postfix Version: 3.1.1
>
> header_checks = pcre:/etc/postfix/conf/custom_header_checks
>
> Hello List!
>
> According
xternaldomain.tld>(.*)/ BCC
us...@internaldomain.tld;us...@internaldomain.tld
Has anyone used multiple recipients for the BCC action before? Any
examples/guidance would be greatly appreciated.
Thank you list!
--
Rick King
der_access using FROM addresses, but it
doesn't use IP's only MAIL FROM addresses.
My questions is, is it possible to whitelist the IP's from Shopify with this
config? The customer would prefer to use IP Whitelisting.
Best Regards,
--
Rick King
lt;*@*\>/ REJECT#Sorry, we do not allow emails with
multiple FROM senders
Is it possible to use header_check feature to reject messages with carefully
crafted displayName?
Any suggestions welcome! Thank you!
Best Regards,
--
Rick King
example.com . That should make the host do
> a dns query to find the mx record of example.com .
>
> Robert
> On Wednesday, July 17, 2019, 2:24:46 PM EDT, Rick Zeman
> wrote:
>
>
> I inherited a pair of postfix servers configured by someone else and I
> think I'
I inherited a pair of postfix servers configured by someone else and I
think I've been a manager too long as I can't figure this one out because
I'm too rusty with postfix.
Scenario:
2 identical postfix servers that only accept mail from mynetworks (other
local servers in its /16) with various From
SL to FireFox,
based on the recently standardised notion of Native Messaging,
https://github.com/arpa2/docker-demo/tree/master/demo-ffsasl
Maybe that is (a direction for) a solution. HTML forms are not likely
to support the any-number-of-back-and-forths that SASL requires, in general.
Cheers,
-Rick
with
this in the past, and ended up renaming everything upon
entry and casting it back through the virtual table, but
it felt like generic_maps would have been a better way, had
it distinguished the things it would substitute.
-Rick
o also work on external senders!
Thanks,
-Rick
this with Postfix, and it's not even simple
>> in a policy due to the cyclic risk. What are others doing in this
>> respect?
Thanks, for your input Phil!
-Rick
mely an invocation of the
virtual(8) server for addresses on the said lists.
I don't see how I can do this with Postfix, and it's not even simple in
a policy due to the cyclic risk. What are others doing in this respect?
Thanks,
-Rick
mentioned, making it less difficult to
choose from for email administrators.
I hope this is a useful suggestion :)
Thanks,
Rick van Rein
InternetWide.org / ARPA2.net / OpenFortress.nl
yntax-and-procedures level description. I have
the suspicion that it may be over-engineered, but I can't pin that down
yet.
-Rick
es common modifications such as whitespace replacement and
header field line rewrapping.
[Section 3.4 of RFC6376 on DKIM Signatures]
I didn't see any changes in whitespace in my postings to this list,
but that may also be due to normalisation in the spam filter through
which both outgoing and incoming messages pass.
-Rick
the sender in Reply-To: and
have the list address in From: so it matches the SPF domain and so even
DKIM could be signed by the list would be considered a good or bad idea
by admins running lists.
Cheers,
-Rick
Interestingly,
This list is a modest exception -- DKIM should pass through it perfectly,
mostly because it does not change the Subject: From: To: or body.
But the question was about soundness of the general Reply-To: idea anyway.
-Rick
a list address under the list bounce domain
3. setup SPF in the list bounce domain
4. this should pass on DMARC, because SPF passes and DKIM fails
I'd like to learn if this approach is considered sound by the list.
Cheers,
Rick van Rein
ailing
list is a bed of nails... even when you do it really nicely, perhaps
even still when you canonicalise remote users to local addresses as in
http://internetwide.org/blog/2017/08/16/mail-route-filtering.html
Cheers,
-Rick
but Tom indicated to
need something really-really-quickly.
-Rick
between envelope and header from
addresses.
https://www.libsrs2.org
-Rick
Hi Tom,
> For example: Incoming mail for for "need...@foo.com
> " and "need...@bar.com
> " are sent to separate subscriber lists.
That will work if you create the lists in the virtual map.
You probably should have an SRS setup to get through properly.
-Rick
g on passing feedback for individual recipients in a
one-by-one fashion from lmtpd back to lmtp, but it is actually even
nicer to do it per group -- so that a resend can be tried for the
group and they get to see each other's addresses to share.
Thanks!
-Rick
d a bad idea, or just a new idea?
Thanks,
Rick van Rein
industry, so it is big.
Cheers -- Rick
On May 25, 2017 3:26:34 PM EDT, D'Arcy Cain wrote:
>On 2017-05-25 03:20 PM, li...@lazygranch.com wrote:
>> Right from the Telus website :
>> --
>> "Clear the Requires a secure connection (SSL) check box"
>>
On 2017-05-25 02:31 AM, Philip Paeps wrote:
On 2017-05-24 14:54:34 (+0200), Bastian Blank
wrote:
On Wed, May 24, 2017 at 02:41:01AM -0700, li...@lazygranch.com wrote:
You shouldn't be accepting sslv3 due to the poodle attack.
https://en.m.wikipedia.org/wiki/POODLE
Please explain how exact
boat'.
Cheers --- Rick
On May 24, 2017 12:26:32 PM EDT, Viktor Dukhovni
wrote:
>
>> On May 24, 2017, at 5:41 AM, li...@lazygranch.com wrote:
>>
>> You shouldn't be accepting sslv3 due to the poodle attack.
>>
>> https://en.m.wikipedia.org/wiki/POODLE
&
Hi All
Should this TLS warning worry me?
cheers -- Rick
Warnings
smtpd (total: 1)
1 TLS library problem: error:14094416:SSL routines:SSL3_READ_BYTE...
mail.log:
May 23 11:35:42 myHostName postfix/smtpd[6619]: connect from
sonic310-27.consmr.mail.ne1.yahoo.com
On Sat, Mar 25, 2017 at 2:48 PM, Paul C wrote:
> I wish the world would use ipv6 enough for this to be worth doing, but
> it's not going to have much benefit to you as there's almost no one
> using it for smtp, from the last time I checked which was a few months
> ago, google uses it perfectly, ve
On Sat, Jul 9, 2016 at 9:57 AM, Viktor Dukhovni
wrote:
>
>> On Jul 8, 2016, at 10:09 PM, Rick Zeman wrote:
>>
>> How might 'filtering out that mechanism" be done, Viktor? Doesn't
>> sound (or look like, based on SASL_README) that it's something
On Fri, Jul 8, 2016 at 9:17 PM, Viktor Dukhovni
wrote:
>
>> On Jul 8, 2016, at 9:15 PM, Wietse Venema wrote:
>>
>> Your SASL library cannot authenticate with PLAIN or LOGIN.
>
> Another possibility is that it supports and prefers XOAUTH2, but lacks
> the necessary credentials or configuration to
Working system that suddenly started crapping out on
SASL-authenticated connections to its relay. Nothing's changed for
this 2.11.0 Apple-supplied postfix, and the username/password
authenticates fine to smtp.comcast.com (relay). I'm not see what's
wrong (must be what "generic" means lol). Thou
On Tue, Mar 22, 2016 at 11:25 PM, Noel Jones wrote:
> On 3/22/2016 10:03 PM, Rick Zeman wrote:
>> Oops, knew I forgot something, Noel. This is a (soft) bounce f
>> recipient that does exist on the destination system, but not on the
>> postfix system, as the following telne
16 at 10:17 PM, Noel Jones wrote:
> On 3/22/2016 8:54 PM, Rick Zeman wrote:
>> OS X Postfix system rebuilt as a relay with no local mailboxes, but
>> we're not passing inbound mail to the final destination except for the
>> few people who have local accounts on the postfix s
OS X Postfix system rebuilt as a relay with no local mailboxes, but
we're not passing inbound mail to the final destination except for the
few people who have local accounts on the postfix server. Soft bounce
is onluckily (great safety net, Wietse). I have something that's
negating reject_un
Howdy,
Upgrading Apple server to Apple's postfix 2.11.0 and seeing this in the logs:
Mar 20 12:12:53 miniserv postfix/smtpd[43174]: warning: TLS library
problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL0
On Mon, Sep 15, 2014 at 5:42 PM, Marius Gologan
wrote:
> Extract the queue-ids from the logs and hold those messages for later
> delivery:
> postsuper -h queue-id (or postsuper -h ALL to hold everything in the queue)
> to un-hold:
> postqueue -H queue-id (or postsuper -H ALL to un-hold everything
On Sat, Aug 16, 2014 at 5:18 PM, Viktor Dukhovni
wrote:
[...]
>
>> inet_protocols = all
>
> Set this to ipv4, you don't have ipv6 connectivity.
I wouldn't be so hasty, Viktor. It looks like he is routing IPv6, as
does Comcast (I know that from personal experience):
Aug 16 13:38:13 RichCookHome
On Tue, Jun 3, 2014 at 12:04 PM, Wietse Venema wrote:
> Rick Zeman:
>> I'm using the Apple-compiled Postfix 2.9.4 that comes with Mac
>> Mavericks server. One thing that made setup much harder than it
>> needed to be for me is that Apple puts their postfix config files
On Tue, Jun 3, 2014 at 11:18 AM, Viktor Dukhovni
wrote:
> On Tue, Jun 03, 2014 at 10:31:34AM -0500, Rick Zeman wrote:
>
>> I'm using the Apple-compiled Postfix 2.9.4 that comes with Mac
>> Mavericks server. One thing that made setup much harder than it
>> needed to
Wietse:
Begin quote from Postfix sendmail manpage
-C config_file
-C config_dir
The path name of the Postfix main.cf file, or of its parent
directory. This information is ignored with Postfix versions
before 2.3.
With a
On Tue, May 13, 2014 at 9:31 AM, Viktor Dukhovni
wrote:
> The logging is misleading, it should say "Anonymous" rather than
> "untrusted". This is fixed in 2.11.1 and 2.12 snapshots.
I'm glad of that. That confused the heck out of me, too.
On Mon, May 5, 2014 at 3:36 AM, hiren panchasara
wrote:
> This is how it should work, afaik:
> Sending: Initiates from my home box and go out via VM.
> Receiving: VM receives it and forwards to home box.
>
> (I've also tried sending through my home machine on port 587 but the
> home comcast IP is
On Sun, Apr 20, 2014 at 7:54 PM, li...@rhsoft.net wrote:
>
>
> Am 21.04.2014 01:43, schrieb Rick Zeman:
>> First let me say that I'm NOT trying to start any sort of flame war
>> here, and I tried to google to find out the answer before asking.
>> That being said,
First let me say that I'm NOT trying to start any sort of flame war
here, and I tried to google to find out the answer before asking.
That being said, I just installed OpenBSD in a VM and ran into this:
"Some commonly asked questions about third-party products:
Why isn't Postfix included?
The lic
I'm guessing since I've received a bunch of these over the past few
days that these are Heartbleed scrape attempts, especially since these
IPs belongs to our friends in the former Soviet Union. Agreed? (It's
an Apple server so it uses its own "goto fail" TLS library, and only
has an older version
On Fri, Apr 11, 2014 at 7:14 AM, Wietse Venema wrote:
> Markus Sch?nhaber:
>> Hi,
>>
>> while the documentation for mailbox_size_limit
>> http://www.postfix.org/postconf.5.html#mailbox_size_limit
>> explicitly states "[...] or zero (no limit).", the doc for
>> message_size_limit
>> http://www.post
Howdy,
I now have IPv6 routing working along with "inet_protocols = all" in
my main.cf (Postfix 2.9.4). I've noticed that using my outbound relay
(which is load balanced across many machines) will connect with either
protocol with no discernible pattern even to the same destination.
Going by the
On Sun, Mar 16, 2014 at 9:43 AM, Noel Jones wrote:
> On 3/16/2014 8:31 AM, Rick Zeman wrote:
>> On Sat, Mar 15, 2014 at 11:34 PM, Noel Jones wrote:
>>> On 3/15/2014 5:08 PM, Rick Zeman wrote:
>>>> I've started working on my bastard Mac postfix relay. For de
On Sat, Mar 15, 2014 at 11:34 PM, Noel Jones wrote:
> On 3/15/2014 5:08 PM, Rick Zeman wrote:
>> I've started working on my bastard Mac postfix relay. For delivery to
>> the local domain, it will only relay to the internal mail server
>> defined in transport if the
I've started working on my bastard Mac postfix relay. For delivery to
the local domain, it will only relay to the internal mail server
defined in transport if the user exists locally on the postfix
box...and I can't figure out why (luckily, the 450 safety net is
there!). I could see how it would
_maps = hash:/etc/postfix/transport
> >
> > What is in this file?
>
> Rick Zeman:
> > pointyears.net smtp:[192.168.1.5]:587
>
> >>Based on the configuration details that you have given in earlier
> >>.email, Postfix cannot invoke the local delivery agen
I
On Sat, Mar 1, 2014 at 8:46 PM, Wietse Venema wrote:
> >
> >>What is in this file?
>
> I've got delivery to the relay host working, and delivery to the local
> mail destination; however it only works from the server's command line
> Connections for mail coming outside of $mynetwork just seems
On Sat, Mar 1, 2014 at 8:46 PM, Wietse Venema wrote:
> Rick Zeman:
> > mydestination =
> > local_transport = error:local mail delivery is disabled
>
> >Nevertheless, you have some mail going to the local delivery agent.
>
> >> transport_maps = hash:/etc/pos
I'm sure everyone else knows this, but OS X keeps has two complete sets of
postfix config files. Guess who, based on linux experience, was using
/etc/postfix?
On Sat, Mar 1, 2014 at 8:10 PM, Rick Zeman wrote:
> On Sat, Mar 1, 2014 at 7:50 PM, li...@rhsoft.net wrote:
>
>>
&g
On Sat, Mar 1, 2014 at 7:50 PM, li...@rhsoft.net wrote:
>
>
> Am 02.03.2014 01:08, schrieb Rick Zeman:
> > Howdy, I'm trying to set up a Mac version of postfix (2.9.4) as a mail
> gateway. It's been many years since I've
> > set up a postfix instance
moved
Mar 1 18:58:58 miniserv.private postfix/local[17006]: error:
od[getpwnam_ext]: no record for user rick
Mar 1 18:58:58 miniserv.private postfix/pipe[17007]: 4D42BA00A2: to=<
r...@pointyears.net>, relay=dovecot, delay=0.1, delays=0/0.01/0/0.09,
dsn=5.1.1, status=bounced (user unknown)
Just upgraded to 3.93 from 3.62 from source (amazingly smooth "make
upgrade" after skipping 3 years of interim versions. Easier than
using an rpm!). I fixed the TLS database location warnings that
cropped up in the logs, but I'm also seeing:
Jul 8 21:51:51 tux postfix/verify[28749]: close datab
I had configured inet_interfaces = localhost but did not realize Postfix
required a different hostname for each MTA. My lack of understanding is the
problem, not Postfix. Thanks for the explanation.
On Dec 6, 2011, at 4:04 PM, Wietse Venema wrote:
> As a matter of sanity, Postfix requires that
o have the same hostname. This was intentional since
incoming (via Kerio) and outgoing (via Postfix) are on the same IP and my goal
was for the hostname to match forward and reverse DNS.
Is there no workaround? Or is my configuration flawed and to be avoided?
On Dec 6, 2011, at 2:31 PM, Wietse Venema
andt's excellent book but I'm still at a loss.
Any suggestions or advice would be appreciated.
Rick Hazey
Thanks That was the clue I was needing. I had to explicitly set mynetworks on
the guest OS.
seemed to fix it.
RIck
On Nov 6, 2011, at 11:17 AM, Wietse Venema wrote:
> Blair, Rick:
>> [root@guestServer init.d]# telnet fileserver 25
>> Trying 192.168.1.31...
>> Co
ot running.
I have tried configuring for just ipv4 same results.
All posts suggest looking at firewall, but iptables is not running.
Many thanks in advance.
Rick
--
Tìoraidh!
Rick Blair
smime.p7s
Description: S/MIME cryptographic signature
{nexthop} -n -m ${extension}
(the "hu" in the flags)
but I'd rather lc it as it enters the system (in part because we use +Spam
as an extension for spam filtering, and I'd rather not change that to +spam
when it enters dovecot). Is there a way to change the email address to LC in
postfix before it goes through amavis?
thanks
rick
On Wed, Nov 11, 2009 at 11:20 AM, Eero Volotinen wrote:
> Rick Zeman wrote:
>
>>> http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
>>
>> Whoops...been so long since I set that up that I should have mentioned
>> I have cyrus sasl installed.
>
> Maybe you
On Wed, Nov 11, 2009 at 11:06 AM, Eero Volotinen wrote:
> Rick Zeman wrote:
>>
>> Howdy,
>>
>> I have sasl installed and postfix uses it for its outbound relay just
>> fine. I need now for a smart phone or two to use postfix to send
>> mail. Am I
Howdy,
I have sasl installed and postfix uses it for its outbound relay just
fine. I need now for a smart phone or two to use postfix to send
mail. Am I correct that there's no mechanism like
"smtp_sasl_password_maps = hash:/etc/postfix/sasl_password" for smtpd?
Just need a quick and dirty one
ust bizarre. Anyone have any suggestions on where to look for what
could be making the behaviour different for that email address?
Rick
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_queue_lifetime = 2d
bounce_size_limit = 5
bounce_template_file = /etc/postfix/bounce.
d source of backscatter?
If the answer is, "your exchange server config is broken" well, perhaps, but
I didnt' set up (or own) that box. Setting up postfix as a secondary won't
break anything any worse than it already is, right?
rick
Rick
On Thu, Apr 23, 2009 at 11:35 AM, Victor Duchovni
wrote:
> There you are message delivered to procmail, and procmail returned a
> success (0) exit code. What happened after "procmail" is outside
> the scope of Postfix.
>
Ok, fair enough but can procmail issue the "mesage too big" response
that th
>
> You are truncating all the long logfile records.
>
> Wietse
>
Sorry I didn't even realize that was happening. I dl'd the file and
copied and pasted instead of grabbing from putty which I guess was
only grabbing the screen.
Apr 22 13:52:54 vps04 postfix/smtpd[16215]: connect from unknow
>
> The easy explanation is that it's not the same message.
> You'll have to provide better proof that it really is.
>
It definitely is the same message. It's the only one that the guy sent
me with a 14m attachment. I've searched the log for emails from that
user and it's the only one that has a la
>
> You truncated all the interesting data from the local(8) log entry.
> This message is not rejected by Postfix, and Exim could not have seen
> an error in the SMTP transfer to Postfix. It could have bounced, because
> the local(8) delivery failed, but you carefully hide this information.
I'm no
>
> This message was accepted and delivered.
>
> -- Noel Jones
>
Problem is that it wasn't delivered (it was coming to me and I never
rcvd it) and a reject mesage was sent as seen in the Exim logs.
This is what is confusing.
As you can see we're talking about the same message, the exact same #
>
>> [r...@vps04 log]# postconf -n | grep size_limit
>> message_size_limit = 2048
>
> OK, so you are potentially configured to accept 20,000 KB messages.
> Where are the logs?
>
> --
> Viktor.
SOrry, I did send it in an earlier post, here it is again.
Apr 22 13:52:54 vps04 postfix/smtp
> Yes. "postconf -d | grep size_limit"
>
> body_checks_size_limit = 51200
> bounce_size_limit = 5
> header_size_limit = 102400
> mailbox_size_limit = 5120
> message_size_limit = 1024
>
> Of these the last two are the most pertinent.
>
> --
> Viktor.
>
[r...@vps0
> It is 2 kilobytes, which is not quite 20480 kilobytes, but probably
> close enough. Post the output of "postconf -n" and Postfix server logs
> showing the rejection of the message.
>
> --
> Viktor.
>
[r...@vps04 log]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/
> check the POSTFIX log.
> check "postconf -n" output
>
> -- Noel Jones
Done and done, see my original post. Here's the log of the email in question..
Apr 22 13:52:54 vps04 postfix/smtpd[16215]: connect from unknown[74.51.38.172]
Apr 22 13:52:54 vps04 postfix/smtpd[16215]: B3E982010001:
client=u
Yes, I have thanks but as I said, the config already is set to well
above the 14Mb limit that was rejected, it's currently set to 20M
(message_size_limit = 2048) That is 20 Megs right? I'm not
missing a zero I don't think.
So why else could it possibly be rejected?
On Wed, Apr 22, 2009 at 2
/etc/postfix/main.cf had no message_size_limit line in it but a
>> postconf -d showed virtual_mailbox_limit = 5120
>>
>> postconf -n shows the same.
>>
>> Anyone know why this email would be getting rejected based on size?
>> Are there other settings I'm missing?
>>
>> Rick
>>
would be getting rejected based on size?
Are there other settings I'm missing?
Rick
On Wed, Oct 15, 2008 at 9:20 AM, Brian Evans - Postfix List
<[EMAIL PROTECTED]> wrote:
> Rick Zeman wrote:
>> On Tue, Oct 14, 2008 at 11:41 PM, Henrik K <[EMAIL PROTECTED]> wrote:
>>
>>> On Tue, Oct 14, 2008 at 05:32:56PM -0400, Rick Zeman wrote:
>>>
&g
On Tue, Oct 14, 2008 at 11:41 PM, Henrik K <[EMAIL PROTECTED]> wrote:
> On Tue, Oct 14, 2008 at 05:32:56PM -0400, Rick Zeman wrote:
>> Just discovered that gmail is now retrying greylisted email from not
>> only multiple servers, but from multiple servers located within
On Tue, Oct 14, 2008 at 11:41 PM, Henrik K <[EMAIL PROTECTED]> wrote:
> On Tue, Oct 14, 2008 at 05:32:56PM -0400, Rick Zeman wrote:
>> Just discovered that gmail is now retrying greylisted email from not
>> only multiple servers, but from multiple servers located within
Just discovered that gmail is now retrying greylisted email from not
only multiple servers, but from multiple servers located within
different subnets...which totally breaks breaks tumgreyspf greylisting
implementation. I kind of like it cuz it uses the filesystem to store
its data. However, ther
> I suppose you missed the part about "please don't top post".
Sorry but I'm using Gmail and it doesn't show me the earlier postings
in the reply unless specifically open it and look for it.
Thanks for your other info and detailed explanations. I'll try it as
you suggested.
Thanks
ly don't accept mail unless its to a local know address (like
normal) AND it cam from IP 1.2.3.4
Unless I'm mistaken the earlier code from Noel is about relaying mail
for outbound sending isn't it?
Rick
On Wed, Jul 30, 2008 at 2:36 PM, Brian Evans - Postfix List
<[EMAIL PROTECTED]&
Noel: where exactly would I put the IP address to acces mail from?
Sorry, but I'm really new to postfix.
Rick
On Wed, Jul 30, 2008 at 10:45 AM, Noel Jones <[EMAIL PROTECTED]> wrote:
>
> Rick Duval wrote:
>>
>> I hope I can explain this corrctly...
>>
>>
nt to.
Problem is that many spammers ignore the MX record and try to send mail
straight to the domain assuming that many will be correct. I want to stop
that.
Any help would be appreciated...
Oh, BTW, I'm running postfix through virtualmin.
Thanks
RIck
90 matches
Mail list logo
