[pfx] Re: body_checks not catching all backscatter

2023-05-03 Thread Sebastian Wiesinger via Postfix-users
* Peter via Postfix-users [2023-05-03 07:45]: > On 28/04/23 03:59, Sebastian Wiesinger via Postfix-users wrote: > > Hi everyone, > > > > I'm not sure if I'm missing something but I can't find out why my > > body_checks doesn't catch all the

[pfx] Re: body_checks not catching all backscatter

2023-04-27 Thread Sebastian Wiesinger via Postfix-users
* Sebastian Wiesinger [2023-04-27 17:59]: > root@alita:/etc/postfix# postmap -q - regexp:/etc/postfix/body_checks.pcre > Message-ID: > reject SPAM backscatter with forged domain name in Message-ID header And of course I ran into my own filter when I got the mail back

[pfx] body_checks not catching all backscatter

2023-04-27 Thread Sebastian Wiesinger via Postfix-users
Hi everyone, I'm not sure if I'm missing something but I can't find out why my body_checks doesn't catch all the backscatter I'm getting right now. I've it configured like this: root@alita:/etc/postfix# postconf -n body_checks body_checks = pcre:$config_directory/body_checks.pcre root@alita:/e

Re: About messages bounced due name resolution issues using IPv6

2020-12-04 Thread Sebastian Wiesinger
* Matus UHLAR - fantomas [2020-12-04 15:08]: > > El vie, 4 dic 2020 a las 2:15, Viktor Dukhovni > > () escribió: > > > Is there a compelling reason to run a stripped-down (and typically not > > > adequately standards-conformant) DNS resolvers on a mail server? > > On 04.12.20 08:41, Sergio Belkin

Re: Postfix, Hotmail never arrive

2017-03-08 Thread Sebastian Wiesinger
* Sebastian Wiesinger [2017-03-08 15:53]: > * Robert Schetterer [2017-03-05 21:00]: > > Microsofts info mail ( arrived fast today ) > > said that my hetzner Ip will whitelisted , but only for small > > amount of mail until it has a "good" score and it is not a ge

Re: Postfix, Hotmail never arrive

2017-03-08 Thread Sebastian Wiesinger
* Robert Schetterer [2017-03-05 21:00]: > Microsofts info mail ( arrived fast today ) > said that my hetzner Ip will whitelisted , but only for small > amount of mail until it has a "good" score and it is not a general > antispam whitelisting. > > They recommend to get part of > Junk E-Mail Repor

Re: Postfix ML Configuration for Sender Header

2015-10-08 Thread Sebastian Wiesinger
* Sebastian Wiesinger [2015-09-25 12:55]: > * Wietse Venema [2015-09-18 15:51]: > > Majordomo uses the following: Reply-To: (most preferred), From:, > > and Apparently-From: (least preferred). It does not use Sender:. > > The list manager runs on someone elses system. I woul

Re: Postfix ML Configuration for Sender Header

2015-09-18 Thread Sebastian Wiesinger
* Wietse Venema [2015-09-10 15:00]: > Sebastian Wiesinger: > > Hello, > > > > a while ago I changed my mail configuration for mailinglists. I have > > individual mail addresses for every mailing list and the configuration > > now looks like this: > > &g

Postfix ML Configuration for Sender Header

2015-09-10 Thread Sebastian Wiesinger
Hello, a while ago I changed my mail configuration for mailinglists. I have individual mail addresses for every mailing list and the configuration now looks like this: From: Sebastian Wiesinger Sender: postfix-us...@ml.karotte.org This has the advantage that off-list answers go to my main

Re: AntiSpam & AntiVirus Integration with Postfix: lots of tools, but which one's AREN'T 'dead'?

2015-09-10 Thread Sebastian Wiesinger
* joh...@fastmail.com [2015-09-09 03:03]: > Ken > > On Tue, Sep 8, 2015, at 05:49 PM, Ken Peng wrote: > > How about Spamassassin? we have been using it for a long time. > > And how are you integrating it into Postfix. That was my question > not whether to use Spamassassin. I kindof decided on

Re: Define exception(s) from catchall domain

2014-10-24 Thread Sebastian Wiesinger
* Noel Jones [2014-10-24 00:36]: > > I tried to implement this by using a check_recipient_access pcre_table > > like this: > > > > /etc/postfix# cat recipient_access.pcre > > /^postfix-reject-address@.+$/ REJECT > > > > This must match the recipient address as sent by the client and > logged

Re: Define exception(s) from catchall domain

2014-10-23 Thread Sebastian Wiesinger
* Sebastian Wiesinger [2014-10-23 21:54]: > Hello, > > I have a few users that insist on using catch-all domains. Not > surprising they get spam to some address. Now they're asking if they > can reject mail for *some* of the addresses of the catch-all domain. > &g

Define exception(s) from catchall domain

2014-10-23 Thread Sebastian Wiesinger
Hello, I have a few users that insist on using catch-all domains. Not surprising they get spam to some address. Now they're asking if they can reject mail for *some* of the addresses of the catch-all domain. They can create aliases themselves via postfixadmin and they want to do this the same way

How to do whitelisting with milter_header_checks?

2014-10-17 Thread Sebastian Wiesinger
Hello, the documentation states: The milter_header_checks mechanism could also be used for whitelisting. For example it could be used to skip heavy content inspection for DKIM-signed mail from known friendly domains. I want to do that for mail that passes DMARC checks (with 2.11.2 DMARC became

Re: PERMIT smtpd_client_restrictions

2014-10-01 Thread Sebastian Wiesinger
* Wietse Venema [2014-10-01 19:03]: > Sebastian Wiesinger: > > Hello, > > > > as I see/understand it, a check_client_access lookup that returns > > PERMIT will skip over the rest of smtpd_client_restrictions but WILL > > still run the checks in the other sm

PERMIT smtpd_client_restrictions

2014-10-01 Thread Sebastian Wiesinger
Hello, as I see/understand it, a check_client_access lookup that returns PERMIT will skip over the rest of smtpd_client_restrictions but WILL still run the checks in the other smtpd_*_restrictions classes, right? I can't find that information in the SMTPD_ACCESS_README or other documents. (I can'

Re: Postfix SMTPUTF8 support (unicode email addresses)

2014-08-06 Thread Sebastian Wiesinger
* Wietse Venema [2014-07-15 19:33]: > Proudly presenting Postfix SMTPUTF8 support! Below is text from > the RELEASE_NOTES file for postfix-2.12-20140715, to be uploaded > later today. Aaand Google has announced that it will support this for GMail: http://googleblog.blogspot.com/2014/08/a-first-s

Re: Wait if downstream MTA accepts mail - reject if not

2014-05-08 Thread Sebastian Wiesinger
* Wietse Venema [2014-05-08 23:36]: > Sebastian Wiesinger: > > Hello, > > > > I have some users that forward their mail to GMAIL. This is > > implemented with virtual alias maps. So postfix forwards: > > > > u...@example.com -> example.u...@gmail.com &

Wait if downstream MTA accepts mail - reject if not

2014-05-08 Thread Sebastian Wiesinger
Hello, I have some users that forward their mail to GMAIL. This is implemented with virtual alias maps. So postfix forwards: u...@example.com -> example.u...@gmail.com The problem is when SPAM mails get through all the postfix defences and get forwarded to GMAIL. GMAIL does some body checks and

Re: Test TLS DANE Records

2014-05-08 Thread Sebastian Wiesinger
* Viktor Dukhovni [2014-05-08 02:09]: > On Thu, May 08, 2014 at 01:14:09AM +0200, Sebastian Wiesinger wrote: > > > I published TLS DANE Records for my mailserver and now I am wondering > > if there is a way to verify that these records are okay/matching the > > cert. Is t

Test TLS DANE Records

2014-05-07 Thread Sebastian Wiesinger
Hello, I published TLS DANE Records for my mailserver and now I am wondering if there is a way to verify that these records are okay/matching the cert. Is there a tool/site where I can test this? I suppose it would be possible with the right openssl s_client commands but I can't figure them out. T

Re: Current Postfix under Debian

2014-01-16 Thread Sebastian Wiesinger
* Robert Schetterer [2014-01-16 12:42]: > Am 16.01.2014 12:13, schrieb Sebastian Wiesinger: > > Hello, > > > > currently I'm running the distributed postfix version under Debian > > Stable (currently 2.9.6-2). I would like to switch to the current 2.11 > >

Current Postfix under Debian

2014-01-16 Thread Sebastian Wiesinger
Hello, currently I'm running the distributed postfix version under Debian Stable (currently 2.9.6-2). I would like to switch to the current 2.11 version to try out DANE and other new features. Has anyone got the current version packaged for Debian Stable (I was unable to find one online) or does

Re: Distant server to test SMTP TLS ?

2013-10-24 Thread Sebastian Wiesinger
* BONNET, Frank [2013-10-24 17:54]: > Hello > > Continuing on my "secured" email server graal I would like to test SMTP + > TLS exchange of emails > > the volume will be very low for testing purpose only and I will be the only > user when I will suceeded to setup my server :-) > > My eternal gr

Re: TLS errors with GMX/web.de

2013-08-26 Thread Sebastian Wiesinger
* Viktor Dukhovni [2013-08-24 05:27]: > > > I just did, here is the PCAP: > > > > http://www.karotte.org/smtp-gmx.pcap > > The client sends an "internal error" alert. It is not clear what > problem it is encountering. The server elects: > > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_

Re: TLS errors with GMX/web.de

2013-08-21 Thread Sebastian Wiesinger
* Viktor Dukhovni [2013-08-20 16:51]: > > I found the problem... In addition to my normal certificate, I had an > > EC certificate. > > > > smtpd_tls_eccert_file=/etc/postfix/certs/cacert-karotte-ec.crt > > Though I think OpenSSL will generally detect attempts to configure > a public key (certif

Re: TLS errors with GMX/web.de

2013-08-20 Thread Sebastian Wiesinger
* DTNX Postmaster [2013-08-20 12:57]: > Self-signed, 2048 bits certificate from our own root. Picks the same cipher > and TLS version as in Heiko's example, it seems. Perhaps it's your > certificate, perhaps your Postfix settings? No odd overrides for the defaults > anywhere, forced cipher suit

Re: TLS errors with GMX/web.de

2013-08-20 Thread Sebastian Wiesinger
* Heiko Wundram [2013-08-20 12:09]: > Still delivers fine for me (and my mail-server) running Postfix 2.10.1: > > Received: from mout.web.de (mout.web.de [212.227.15.3]) > (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) > (No client certificate requested) > by ma

TLS errors with GMX/web.de

2013-08-20 Thread Sebastian Wiesinger
Hello, GMX and web.de started an initiative for secure E-Mail made in Germany... they turned TLS on. But in addition to that bold move the did something else that causes the following errors when they try to send mail to my postfix: postfix/smtpd[28706]: connect from mout.web.de[212.227.15.14] p

Re: Is it time for 2.x.y -> x.y?

2013-06-03 Thread Sebastian Wiesinger
* Wietse Venema [2013-05-31 22:57]: > After the confusion that Postfix 2.10 is not Postfix 2.1, maybe it > is time to change the release numbering scheme. Okay, perhaps this is a European view, but I never confused Postfix 2.1 with 2.10. Perhaps because here it would be 2,1 and 2,10 if they were

Re: Best way to protect backup-mx?

2012-08-08 Thread Sebastian Wiesinger
* tobi [2012-08-07 18:46]: > Hi list, Sorry list, hi Tobi: I wanted to tell you that your DNSSEC for brain-force.ch is broken so resolvers which validate DNSSEC will not be able to resolve your domain (and so I can't send you mails directly). You might want to fix this. http://dnsviz.net/d/bra

Re: no route to host

2012-08-07 Thread Sebastian Wiesinger
* Stan Hoeppner [2012-07-30 14:35]: > On 7/29/2012 6:57 PM, Engin qwert wrote: > > > Actually it is not router. It is only BPL modem. After Static IP hiring the > > ISP send me an email how to configure the server with this IP addresses > > information. The 10.138.9.201 internal IP address sele

Re: defer mail for unknown recipients for one domain only

2012-04-19 Thread Sebastian Wiesinger
* Wietse Venema [2012-04-04 01:22]: > To soft-reject unknown recipients in selected domains, in mail from > clients outside the local network, request defer_if_reject at the end > of smtpd_recipient_restrictions: > > /etc/postfix/main.cf: > smtpd_recipient_restrictions = > permit_mynetw

defer mail for unknown recipients for one domain only

2012-03-27 Thread Sebastian Wiesinger
Hello, I have a setup with handles a few virtual domains. For one domain only I want mails not to be rejected with an 5xx error code but be deferred with a 4xx error code. Is that possible? Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you D

Re: See which port a user connects to?

2011-12-14 Thread Sebastian Wiesinger
* /dev/rob0 [2011-12-14 17:58]: > I use "postfix-587" (and "postfix-465") because it's shorter and > contains the "postfix" string which helps to isolate Postfix logging > from other mail facility logs. "grep postfix maillog", et c. More > correct, and still meeting that need, would be "postfix

Re: See which port a user connects to?

2011-12-14 Thread Sebastian Wiesinger
* Wietse Venema [2011-12-14 17:34]: > Sebastian Wiesinger: > > Hi, > > > > is there a way (in the logs) to see which port a client connects to? I > > can't find that information at the moment. > > Give each SMTP server its own syslog_name optio

See which port a user connects to?

2011-12-14 Thread Sebastian Wiesinger
Hi, is there a way (in the logs) to see which port a client connects to? I can't find that information at the moment. I'm interested to know if a client is using the smtp, ssmtp or submission port to connect. Thanks Sebastian -- New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94

Re: SMTP hangs when MySQL is down

2011-12-09 Thread Sebastian Wiesinger
* Wietse Venema [2011-12-09 13:47]: > A quick search shows that trivial-rewrite server has no "fatal" > errors - it reports all errors that it can detect to the client (in > this case smtpd(8)). > > However there is one low-level library module (match_ops) that > exits the program with a "fatal"

Re: SMTP hangs when MySQL is down

2011-12-08 Thread Sebastian Wiesinger
* Wietse Venema [2011-12-09 01:01]: > > And that is where I disagree. IMHO a mailsystem should respond with a > > temporary error if it is experiencing a temporary error (like a lookup > > table not being availabe) not simply hang there and do.. nothing. > > We know that. What are you going to do

Re: SMTP hangs when MySQL is down

2011-12-08 Thread Sebastian Wiesinger
* lst_ho...@kwsoft.de [2011-12-08 14:46]: > >And I had hoped that perhaps this would be an improvement to postfix. > >Sadly it seems it was some kind of blasphemy to question the way > >postfix does handle this stuff. > > No, it means until now no one needs this so important to step up > with cod

Re: SMTP hangs when MySQL is down

2011-12-08 Thread Sebastian Wiesinger
* Wietse Venema [2011-12-08 13:09]: > Sebastian Wiesinger: > > I really would like to know if it is not possible to have a temporary > > error when trivial-rewrite fails to access the MySQL database. I don't > > see any apparent reason for it. If there is one I would l

Re: SMTP hangs when MySQL is down

2011-12-08 Thread Sebastian Wiesinger
* Wietse Venema [2011-12-07 17:20]: > Yes it was. I point the attention to the RIGHT problem, which is > fixing the suboptimal configuration that does domain queries from > SQL. Hi, with all due respect but for me the important thing at the moment would be to understand why it works the way it w

Re: SMTP hangs when MySQL is down

2011-12-07 Thread Sebastian Wiesinger
* Sahil Tandon [2011-12-06 01:54]: > > that's not really an option for me, I need these lists in MySQL. It > > seems I have to live with it and make MySQL as stable as possible. > > Is your list of virtual mailbox domains that large or dynamic that it > must be only in SQL? Note that you can sti

Re: SMTP hangs when MySQL is down

2011-12-05 Thread Sebastian Wiesinger
* Sahil Tandon [2011-12-05 03:24]: > > I'm using Postfix with MySQL via proxy:mysql maps. The documentation > > states that mails should get deferred if no mysql server is reachable. > > > > However when I shut down MySQL, SMTP transaction freeze after I enter > > the "MAIL FROM:<...>" statement.

SMTP hangs when MySQL is down

2011-12-04 Thread Sebastian Wiesinger
Hi, I'm using Postfix with MySQL via proxy:mysql maps. The documentation states that mails should get deferred if no mysql server is reachable. However when I shut down MySQL, SMTP transaction freeze after I enter the "MAIL FROM:<...>" statement. Any ideas how I can change that? There seems to b