mailto:marius.golo...@gmail.com]
> *Sent:* Tuesday, February 23, 2016 11:01 PM
> *To:* 'Robert Lopez'; 'Postfix users'
> *Subject:* RE: CVE-2015-7547
>
>
>
> Patches are available for most Linux distributions. You need to verify
> your version and update
Does anyone have any knowledge of postfix being exploited via
CVE-2015-7547, glibc stack-based buffer overflow in getaddrinfo()? Any
concerns about the exploitability?
Discussion here about how fast we must patch glibc.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community
On Fri, Oct 10, 2014 at 10:56 PM, Viktor Dukhovni
wrote:
> On Fri, Oct 10, 2014 at 03:35:09PM -0600, Robert Lopez wrote:
>
>> > Please see:
>> > http://www.postfix.org/DATABASE_README.html#safe_db
>>
>> The question "So these errors happen while the fi
On Fri, Oct 10, 2014 at 2:09 PM, Noel Jones wrote:
> On 10/10/2014 2:21 PM, Robert Lopez wrote:
>> Problem: Valid email addresses being rejected.
>> Problem appears to be intermittent; difficult to tell most rejections
>> are legitimate.
>> Not found in a h
SBT4cn
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
trying the
wrong approach I would like to know.
What are the alternative that are successfully used? Especially in the
area of Spear Phishing?
--
Robert Lopez
After looking at past logs an seeing the errors only began after the
email gateway had been running for a few weeks, I deleted the
/var/lib/postfix/postscreen_cache.db.
Restarting postfix now has a happy postscreen+bdb again.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico
em become apparent and
only after over two weeks of production use.
Wietse, Thank you. At this point I must take your advice to my team
and management to discuss our options.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
rprise Linux Server
release 6.4 (Santiago), Linux mg08 2.6.32-358.6.1.el6.x86_64 #1 SMP
Fri Mar 29 16:51:51 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
On Fri, Jun 14, 2013 at 3:09 PM, Wietse Venema wrote:
> Robert Lopez:
>> I am trying to understand the cause/causes of these log lines:
>>
>> 1) postfix/postscreen[]: fatal: error [-30986] seeking
>> /var/lib/postfix/postscreen_cache.db: Success
>
> Your Be
stfix/access permit_mynetworks reject_non_fqdn_sender
reject_unknown_sender_domain
smtpd_use_tls = no
virtual_alias_maps = hash:/etc/postfix/virtualaliases
Is there a configuration change I must make to eliminate the three
types of concerning lines?
--
Robert Lopez
Unix Systems Administrato
where this isn't the case yet, for
> legacy reasons).
>
>
> And I'd that you probably can't help people who think 2.1 == 2.10 ;)
>
>
> Cheers,
> Chris.
I agree with /dev/rob0, Chris, and the others who agree to leave it as is.
--
Robert Lopez
On Mon, May 6, 2013 at 3:10 PM, Wietse Venema wrote:
> Robert Lopez:
>> Let me try again. I am assuming the link between a line in the
>> dndsbl_reply file and the main.cf file is only a label and it could be
>> anything.
>> Is that a wrong assumption?
>
> Please
= /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtualaliases
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque
in the main.cf from
postscreen_dnsbl_sites = zen.dq.spamhaus.org
to
postscreen_dnsbl_sites = zen.dq.spamhaus.org
and since then none of the test email have been rejected.
How can I prove to myself the spamhaus list actually being used now as
opposed to being not used because of configuration?
--
e the long name with the key in it or the short reply name?
Does it matter what the short name returned is; that is could I use
zen.spamhaus.org just to keep it shorter?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
On Thu, Apr 11, 2013 at 2:23 PM, Noel Jones wrote:
> On 4/11/2013 2:42 PM, Robert Lopez wrote:
> > That was a fast response Jan. Thanks. Is the overall situation
> > suggestive of any misconfiguration here?
>
> [please don't top-post]
>
> It appears you're ge
formation is the MX record
> for the target domain:
>
> # host -t mx ors-cpa.com
> ors-cpa.com mail is handled by 10 server50.appriver.com.
> ors-cpa.com mail is handled by 20 server51.appriver.com.
>
>
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
ientcheck_recipient_access
hash:/etc/postfix/overquotareject_non_fqdn_recipient
reject_unknown_recipient_domain
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
s
key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E A4 EF AD BF 48 34 E1 BB
# echo $?
0
On Mon, Apr 1, 2013 at 5:18 PM, Wietse Venema wrote:
> Robert Lopez:
> > For m
signature: public key not found
On Mon, Apr 1, 2013 at 2:18 PM, /dev/rob0 wrote:
> On Mon, Apr 01, 2013 at 02:11:53PM -0600, Robert Lopez wrote:
> > How do I get the md5sum for postfix-2.10.0.tar.gz out of the
> > postfix-2.10.0.tar.gz.sig file?
>
> The sig file is a GP
How do I get the md5sum for postfix-2.10.0.tar.gz out of the
postfix-2.10.0.tar.gz.sig file?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
all correctly
> "myhostname" can be set to a filename rather than a hostname.
>
> myhostname = /etc/hostname
>
> and optional database drivers are installed as separate packages
> and a related configuration file.
>
> For help with Debian, ask on a Debian-sp
On Wed, May 26, 2010 at 11:10 AM, Wietse Venema wrote:
> Robert Lopez:
>> This college has a contract with Rave Messaging to deliver high volume
>> (ex campus emergency) communications via many vectors including email.
>>
>> In their requirements document, in the p
/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtualaliases
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
ail administrator to architect and sustain our perimeter email
> environment. If you are interested, please drop me a note.
>
I have a lot to learn! There are terms and concepts in you response
that are new to me.
Thanks for the direction tips.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
x, LDAP, SASL, andDovecot documentation and
testing ideas on a virtual system but I have thus far not created a
working solution.
What's the best way to accomplish the goal in this environment?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vi
I replied to Charles thinking I was replying to the list...
On Tue, Apr 6, 2010 at 12:40 PM, Charles Marcus
wrote:
> On 2010-04-06 2:35 PM, Robert Lopez wrote:
>> If I remove the .db ile (As Noel points out not necessary) then I get
>> an error because postmap seems to only l
On Tue, Apr 6, 2010 at 12:48 PM, Noel Jones wrote:
> On 4/6/2010 1:42 PM, Robert Lopez wrote:
>>>
>>> The Postfix mail system uses optional lookup tables as described in
>>> the DATABASE_README document. Lists of IP addresses can be specified
>>> in CIDR (C
On Tue, Apr 6, 2010 at 12:33 PM, /dev/rob0 wrote:
> On Tue, Apr 06, 2010 at 11:57:00AM -0600, Robert Lopez wrote:
>> On Tue, Apr 6, 2010 at 10:52 AM, Noel Jones
>> wrote:
>> > On 4/6/2010 11:39 AM, Robert Lopez wrote:
>> >> Why does postfix not like th
On Tue, Apr 6, 2010 at 12:23 PM, Wietse Venema wrote:
> Robert Lopez:
> Now that you mention the documentation:
>
>> SYNOPSIS
>> postmap -q "string" cidr:/etc/postfix/filename
>>
>> postmap -q - cidr:/etc/postfix/filename >
>> DE
On Tue, Apr 6, 2010 at 10:52 AM, Noel Jones wrote:
> On 4/6/2010 11:39 AM, Robert Lopez wrote:
>>
>> For some time I have been tracking changes to the access table with RCS.
>> Each time a change is made the "ci access" results in the removal of
>> the acces
/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtualaliases
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
> 192.168.1.0/24 DUNNO
> 192.168.2.3 REJECT blah
> 192.168.2.0/24 DUNNO
> 192.168.0.0/16 FILTER somefilter
>
>
> in short, create client based policies, not result based policies.
The icing of the "cake" of two very helpful responses. Thanks both.
Robert L
t a
white list part and then a black list part; where each of those two
parts would first list all the exact IP and then list all the CIDR
patterns?
Or is it sufficient to have first the white list then the black list
with no further concern for the order within each part?
--
Robert Lopez
Unix Sys
= /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtualaliases
--
Robert Lopez
Unix Systems Administrator
Central
On Fri, Oct 30, 2009 at 1:26 PM, Noel Jones wrote:
> On 10/30/2009 12:55 PM, Robert Lopez wrote:
>>
>> I would like to confirm my understanding about access files.
>>
>> Please let me know if any of this is not correct...
>>
>> The man (5) access description
yes
virtual_alias_maps = hash:/etc/postfix/virtualaliases
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
access to the Postfix queue" is
an old issue that is no longer the case. In any event, I do not select
what we use.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
On Thu, Oct 1, 2009 at 11:02 AM, Brian Evans - Postfix List
wrote:
> Robert Lopez wrote:
>> check_client_access=hash:/etc/postfix/access
>> smtpd_client_restrictions =
>> permit_mynetworks
>> hash:/etc/postfix/whitelist
>>
> This
ocks in the same file. I have
been told it has been working practice at this college for years
before I got here. I need to be certain we are doing the right things.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
queues to empty?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
-t inet -u
Are there configuration parameters that cause the addition of the "-c
-o stress"?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
cerns about blocking legitimate email.
Which postfix list would be best used for such a block? Could it be
sender_access?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
rvice).
>
> Wietse
>
>From the point of view of one who has been easily confused by
definitions of terms I want to also join the no to "bouncer" and I
agree with all the reasons others have stated.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
mailman.py
${nexthop} ${user}
-- end of postfinger output --
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
> /etc/postfix/access_hash
> ip.ad.dre.ss ok
> tld.com REJECT Access denied
>
> would this OK if found in smtp_client_restrictions trump REJECT if found by
> smtpd_sender_restrictions against tld.com and allow the message to queue?
>
>
--
Robert Lopez
Unix Systems Admini
l-nm.net, idealnm.org, idealnm.net
-- Forwarded message --
From: Wietse Venema
Date: Mon, May 18, 2009 at 5:23 PM
Subject: Re: empty subject, empty body, from: Postfix After-Queue Content
Filter...
To: Robert Lopez
Cc: postfix-users@postfix.org
Robert Lopez:
> A new email gateway I am bu
ipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
filterunix- n n - - pipe
flags=Rq user=filter argv=/u01/gluescript/filter.sh -f ${sender} --
${recipient}
-- end of postfinger output --
tcpdump shows no problem.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
: Aaron Wolfe <[EMAIL PROTECTED]>
Date: Mon, Oct 6, 2008 at 12:55 PM
Subject: Re: outgoing SPAM
To: postfix-users@postfix.org
On Mon, Oct 6, 2008 at 2:33 PM, Robert Lopez <[EMAIL PROTECTED]> wrote:
> In the past months there have been instances where pfishing was used to
get
> a
t the number of email a person can sent in a short
period of time?
Is there a way to block sending an email if a maximum number of recipients
is exceeded?
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
51 matches
Mail list logo
