On Wednesday, December 18, 2024 06:05 AEST, Wietse Venema via Postfix-users
wrote:
Kenneth Porter via Postfix-users:
> The biggest headache I had when I used a backup MX was avoiding
> backscatter. So I tweaked my milter on the primary to always accept mail
> from the backup and never reject/b
Hi Postfix list,
I have a stable low-volume Postfix setup on a 10-year-history IP address. In
mid-2025 we need to relocate interstate. The mail MX is going to be offline for
a few days for the relocation and have possible further outage time through new
location setup. The new location will als
Thanks for any ideas.
--
Simon Wilson
M: 0400 12 11 16
tech
support.
YMMV.
Simon.
--
Simon Wilson
M: 0400 12 11 16
From: Ralph Seichter
Sent: Friday, 9 September 2022 10:55 pm
To: postfix-users@postfix.org
Subject: Re: Postfix.org website
* Simon Wilson:
> Noting that whilst some may consider that block excessive, it does
> appear that some 'authorities', including at least the Australia
- Message from Simon Wilson -
Date: Fri, 09 Sep 2022 17:26:09 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Postfix.org website
To: Postfix users
Yet I cannot open www.postfix.org (either over
http://www.postfix.org or https://www.postfix.org
y local redirection happening?
I know there was chat on the mailing list about http/https on
www.postfix.org earlier in the year, but this seems odd.
Simon.
--
Simon Wilson
M: 0400 12 11 16
tion-2
[3]
https://serverfault.com/questions/1101533/is-it-possible-to-use-mta-sts-in-postfix-without-overriding-dane
--
Simon Wilson
M: 0400 12 11 16
l) is to ask that it get
deleted off the interwebs.
Never mind horse bolted gate shutting... the gate hinges have rusted
and the gate has fallen over on this one.
It would be funny if it were not quite so disturbing.
--
Simon Wilson
M: 0400 12 11 16
- Message from John Stoffel -
Date: Sun, 28 Nov 2021 22:58:01 -0500
From: John Stoffel
Subject: Re: Logging silence
To: si...@simonandkate.net
Cc: John Stoffel , postfix-users@postfix.org
"Simon" == Simon Wilson writes:
Simon> - Message from
- Message from John Stoffel -
Date: Sun, 28 Nov 2021 21:37:12 -0500
From: John Stoffel
Subject: Re: Logging silence
To: si...@simonandkate.net
Cc: postfix-users@postfix.org
"Simon" == Simon Wilson writes:
Simon> I feel like I'm missing someth
ump recovered -- back to normality
...where as can be seen it was logging OK in January, then it stopped.
Permissions on the log file:
-rw--- 1 root root0 Nov 28 03:27 maillog
What am I missing??
--
Simon Wilson
local zone RPZ
overrides that I have.
Simon.
--
Simon Wilson
M: 0400 12 11 16
mp87 postfix/smtpd[817446]: disconnect from
scanner21.about.spyse.com[165.227.159.53] auth=0/1 commands=0/1
(RHEL 8)
--
Simon Wilson
M: 0400 12 11 16
- Message from Wietse Venema -
Date: Sat, 31 Jul 2021 09:45:00 -0400 (EDT)
From: Wietse Venema
Reply-To: Postfix users
Subject: Re: reject_sender_login_mismatch
To: Postfix users
Simon Wilson:
A quick query on?smtpd_sender_login_maps format.
I have this working
Am 31. Juli 2021 06:06:17 UTC schrieb Simon Wilson :
A quick query on smtpd_sender_login_maps format.
I have this working well on port 587 to ensure that specified
SASL-authenticated users only can send emails from their owned email
addresses.
So I have in a file 'controlled_envelope_se
in) address? Or does it need
to have *something* on the RHS?
Thanks
Simon
--
Simon Wilson
M: 0400 12 11 16
https://git.centos.org/rpms/postfix/blob/aebf407fea0eeff2335e0d09c70514d7046e7cad/f/SOURCES/postfix.service
Standing by earlier comment - this was a change from C7 to C8, not a
change within C8.
Simon.
--
Simon Wilson
M: 0400 12 11 16
roslav Škarvada - 2:3.5.8-1
- New version
Resolves: rhbz#1688389
When did you first see the change?
We are possibly straying a little from this mailing list's function...
Simon.
--
Simon Wilson
M: 0400 12 11 16
ut to the postfix service's private /tmp.
You *could* return it to the way it worked before by changing the
service definition file and removing privatetmp - assuming you were
comfortable with opening up postfix /tmp to be normal system /tmp -
others far smarter than I with Postfix would
"somealias: /home/simon/somefile" >> /etc/aliases
&& newaliases
[root@emp87 ~]# echo "test" | mail somealias@localhost
[root@emp87 ~]# cd /home/simon
[root@emp87 simon]# cat /home/simon/somefile
{content as expected}
Simon.
--
Simon Wilson
M: 0400 12 11 16
mefile)
On CentOS 7:
[root@emp75 ~]# echo "somealias: /tmp/somefile" >> /etc/aliases && newaliases
[root@emp75 ~]# echo "test" | mail somealias@localhost
[root@emp75 ~]# ls /tmp/somefile
/tmp/somefile (contents as expected)
Simon.
--
Simon Wilson
M: 0400 12 11 16
ogd[945534]: warning: ~ action is deprecated, consider using the
'stop' statement instead [v8.1911.0-7.el8 try
https://www.rsyslog.com/e/2307 ],
it will still work, just with the warnings. To remove the warnings use
'stop' instead.
:msg, contains, "whatever" stop
--
Simon Wilson
M: 0400 12 11 16
"incompatibilities". There is a
Bugzilla with the info, I'll see if I can find it again.
One of them is to set CHUNKING off by default, so unless you are
already explicitly setting smtpd_discard_ehlo_keywords in your config
the new default will be applied.
Simon Wilson
n find it again.
One of them is to set CHUNKING off by default, so unless you are
already explicitly setting smtpd_discard_ehlo_keywords in your config
the new default will be applied.
Simon Wilson
M: 0400 121 116
From: Viktor Dukhovni
Sent: Monday, 24 M
54.225.108.187
54.235.119.112
107.20.134.42
107.20.207.58
107.20.218.183
107.20.232.98
107.20.235.139
107.20.249.220
107.21.204.157
107.22.212.75
184.72.250.175
184.73.205.138
Thanks David, this was very useful.
Simon
--
Simon Wilson
M: 0400 12 11 16
about the cowboys at briteverify.
I'm assuming a 50% reduction in postscreen delay may have an unwanted
impact on inbound spam :(
I'll see how it goes.
Thanks again Bill.
Simon
--
Simon Wilson
M: 0400 12 11 16
Simon Wilson
is rumored to have said:
Question about one of those services that validates email addresses
on the fly when you fill in a form...
There is one (Briteverify) which seems to fail email addresses at
our postfix server for an unknown reason.
Let's start with 2 stipulation
> May 22 17:17:54 emp87 postfix/smtpd[805371]: NOQUEUE: reject: RCPT
> from smtpout10.briteverify.com[107.20.235.139]: 550 5.1.1
> :
> Recipient address rejected: User unknown in virtual alias table;
> from=
> to=
> proto=SMTP
> helo=
Is that your email adrress?
Wietse
No. My ema
fully sent.
Simon.
--
Simon Wilson
M: 0400 12 11 16
- Message from Viktor Dukhovni -
Date: Wed, 19 May 2021 00:46:08 -0400
From: Viktor Dukhovni
Reply-To: postfix-users@postfix.org
Subject: Re: RHEL packaged postfix jump
To: postfix-users@postfix.org
On Wed, May 19, 2021 at 12:01:00PM +1000, Simon Wilson wrote
nf if needed, but if there are any obvious
gotchas will look at those first.
Thanks
Simon.
- End message from Simon Wilson -
--
Simon Wilson
M: 0400 12 11 16
e any obvious
gotchas will look at those first.
Thanks
Simon.
--
Simon Wilson
M: 0400 12 11 16
? (AFAIK each invocation of a policy server
can only return a single action?)
Hi Nick,
Those are two lines from two different emails - even my slow system
doesn't take 24 hours to process an email :-D
Unless I am misunderstanding your question?
Simon.
--
Simon Wilson
M: 0400 12 11 16
- Message from Wietse Venema -
Date: Thu, 22 Apr 2021 10:01:09 -0400 (EDT)
From: Wietse Venema
Subject: Re: Specific DNS server
To: si...@simonandkate.net
Cc: postfix-users@postfix.org
Simon Wilson:
Is there a way to make Postfix/postscreen use a specific DNS
the mail server... but my first question is whether postfix has or
could have ability to have a specific nameserver (as Spamassassin
does), or if this would be a Bad Idea (TM) for reasons unknown to me.
Simon.
--
Simon Wilson
M: 0400 12 11 16
email, not opendkim. I
just prefer the way it handles it.
I know it's a different setup to yours, but may provide an alternate route.
Simon.
--
Simon Wilson
M: 0400 12 11 16
hat
identity it
relates to, which is why I think ***a DMARC processor that assumes any
reported
SPF result relates to the Mail From of the message is buggy***.
Scott K" (***emphasis added***)
Simon
--
Simon Wilson
M: 0400 12 11 16
- Message from Dan Mahoney -
Date: Thu, 1 Apr 2021 16:19:05 -0700
From: Dan Mahoney
Subject: Re: Milters and policy
To: si...@simonandkate.net
Cc: postfix-users@postfix.org
On Mar 31, 2021, at 18:23, Simon Wilson wrote:
...if multiple milters are called are
Thanks again Benny. I have policyd-spf set to insert an AR header, and
OpenDMARC set to trust the Authserv-Id added in Authentication-Results
headers by policyd-spf and OpenDKIM. All working nicely and good to
understand the sequence.
Simon.
--
Simon Wilson
M: 0400 12 11 16
pd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8893
I.e. in the example above if OpenDMARC is to see and trust an
already-run OpenDKIM Authentication-Results header is the order of
specifying the milters important?
Simon
--
Simon Wilson
M: 0400 12 11 16
- Message from Benny Pedersen -
Date: Thu, 01 Apr 2021 01:50:15 +0200
From: Benny Pedersen
Subject: Re: Milters and policy
To: postfix-users@postfix.org
On 2021-04-01 01:43, Simon Wilson wrote:
Quick question please:
Which does Postfix run first - a milter specified
check_policy_service unix:private/policyd-spf
permit
Thanks.
--
Simon Wilson
M: 0400 12 11 16
- Message from Simon Wilson -
Date: Wed, 24 Mar 2021 09:57:37 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Re: Setting up virtual alias domains and maps - failing to deliver
To: postfix-users@postfix.org
- Message from Noel Jones
- Message from Noel Jones -
Date: Tue, 23 Mar 2021 12:46:29 -0500
From: Noel Jones
Reply-To: njo...@megan.vbhcs.org
Subject: Re: Setting up virtual alias domains and maps - failing to deliver
To: postfix-users@postfix.org
On 3/23/2021 6:31 AM, Simon Wilson wrote
- Message from Simon Wilson -
Date: Tue, 23 Mar 2021 21:31:29 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Re: Setting up virtual alias domains and maps - failing to deliver
To: postfix-users@postfix.org
- Message from Simon Wilson
- Message from Matus UHLAR - fantomas -
Date: Tue, 23 Mar 2021 12:15:03 +0100
From: Matus UHLAR - fantomas
Subject: Re: Sequence of checks for virtual alias
To: postfix-users@postfix.org
On 23.03.21 14:24, Simon Wilson wrote:
I have some user email addresses (in
- Message from Simon Wilson -
Date: Tue, 23 Mar 2021 17:45:56 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Setting up virtual alias domains and maps - failing to deliver
To: postfix-users@postfix.org
Following recommendation from Viktor
simonmwilson.net, domwilson.net, chiarina.net, benjwilson.net,
millikens.net, howiesue.net, tlchomeandyard.com.au, facetbd.net.au,
facetbd.com.au, facetbuildingdesign.net.au, facetbuildingdesign.com.au
virtual_alias_maps = hash:/etc/postfix/virtual
--
Simon Wilson
M: 0400 12 11 16
,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org, check_policy_service
unix:private/policyd-spf permit
--
Simon Wilson
M: 0400 12 11 16
- Message from Simon Wilson -
Date: Tue, 23 Mar 2021 11:23:58 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Re: Rewrite user xxx in a specific local domain
To: postfix-users@postfix.org
- Message from Viktor Dukhovni -
Date: Mon
ed for a
virtual alias domain. Without this entry, mail is rejected with
"relay access denied", or bounces with "mail loops back to myself".
...yet this requirement for "virtual-alias.domainanything
(right-hand content does not matter)" is not stated in
orks fine already
dom@his-business-domain:dom.w # this is the bit I want to add
How do I achieve this with rewriting or aliasing, i.e. without having
to move to virtual domains?
Simon
--
Simon Wilson
M: 0400 12 11 16
CAfile = /etc/pki/tls/certs/hub.simonandkate.net-chain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/hub.simonandkate.net-cert.pem
smtpd_tls_key_file = /etc/pki/tls/private/hub.simonandkate.net-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
--
Simon Wilson
M: 0400 12 11 16
- Message from Phil Biggs -
Date: Mon, 22 Mar 2021 14:34:44 +1100
From: Phil Biggs
Subject: Re: Double-bounce to ISP's server
To: postfix-users@postfix.org
Monday, March 22, 2021, 1:49:53 PM, Simon Wilson wrote:
Your IP address resolves back to aussiebb:
You
- Message from Simon Wilson -
Date: Mon, 22 Mar 2021 12:49:53 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Re: Double-bounce to ISP's server
To: postfix-users@postfix.org
- Message from Phil Biggs -
Date: Mon, 22 Mar 2021
:1.1.1.1#53
Non-authoritative answer:
Name: mail.simonandkate.net
Address: 119.18.34.29
[root@emp87 ~]# nslookup 119.18.34.29
29.34.18.119.IN-ADDR.ARPA name = mail.simonandkate.net.
Simon
--
Simon Wilson
M: 0400 12 11 16
g mynetworks_style=subnet
**Using backwards-compatible default setting relay_domains=$mydestination**
Using backwards-compatible default setting smtputf8_enable=no
With the items I need to watch for (emphasis added ** **) that means I
need it to be less than 1. Once I am confident of the outc
destination
If I do those should I explicitly set compatibility_level, or
would it not be needed because I have addressed the compatibility
issues?
And are there any other 'gotchas' to be aware of with this upgrade?
On 21.03.21 21:57, Simon Wilson wrote:
Ok, I migrated the config from t
- Message from Simon Wilson -
Date: Fri, 19 Mar 2021 13:40:11 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: upgrade 2.10 - 3.3 config compatibility
To: postfix-users@postfix.org
I have a well established 2.10 Postfix instance on 2.10 (CentOS7
- Message from Simon Wilson -
Date: Sat, 20 Mar 2021 19:19:49 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: _time_limit
To: postfix-users@postfix.org
According to Postfix SMTP Access Policy Delegation[1] "_time_limit"
takes the
parameter:
policyd-spf_time_limit=3600
This is on Postfix 3.3 on RHEL8
What am I doing wrong here, or is this just because the name is a
transportname_parameter construct?
Simon
Links:
--
[1] http://www.postfix.org/SMTPD_POLICY_README.html
--
Simon Wilson
M: 0400 12 11 16
127.0.0.0/8, 192.168.1.0/24")
3. explicitly set relay_domains=$mydestination
If I do those should I explicitly set compatibility_level, or would it
not be needed because I have addressed the compatibility issues?
And are there any other 'gotchas' to be aware of with this upgrade?
Thank you kindly.
Simon
--
Simon Wilson
M: 0400 12 11 16
- Message from /dev/rob0 -
Date: Wed, 19 Jul 2017 11:57:49 -0500
From: /dev/rob0
Reply-To: postfix-users@postfix.org
Subject: Re: SASL auth only on port 25
To: postfix-users@postfix.org
On Wed, Jul 19, 2017 at 05:44:56PM +1000, Simon Wilson wrote:
>>>
On Apr 27, 2017, at 12:45 PM, Simon Wilson wrote:
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/client_checks,
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/sender_access,
That check looks risky here. You&#x
- Message from wie...@porcupine.org -
Date: Tue, 18 Jul 2017 11:55:52 -0400 (EDT)
From: wie...@porcupine.org
Reply-To: Postfix users
Subject: Re: Internal IP range bypass filters
To: Postfix users
Simon Wilson:
I have a (currently empty) client_checks test that I
imal overhead - straight
through postfix to delivery?
Ideally I want something along the lines of
IF((source IP = 192.168.1.0/24) AND (destination =
(root,si...@simonandkate.net,whatever_other_internal)) THEN: send
through aliases and to delivery transport.
Simon.
--
Simon Wilson
M: 0400 12 11 16
Viktor Dukhovni:
> On May 1, 2017, at 8:17 AM, Simon Wilson wrote:
>
> ostscreen is using (threshold 3):
>
>zen.spamhaus.org*3
>bl.mailspike.net*2
>b.barracudacentral.org*2
>bl.spameatingmonkey.net
>bl.spamcop.n
Simon Wilson:
On my new Postfix 2.10 system incoming mail is slow to process (about
15 seconds end to end), and I think it is mainly because DNS queries
are slowing things down.
The server runs local caching DNS BIND, so it's as quick as I can get
it on the slow Internet connection we a
nvestigate that. :)
Simon
--
Simon Wilson
M: 0400 12 11 16
- Message from Simon Wilson -
Date: Mon, 01 May 2017 18:43:41 +1000
From: Simon Wilson
Reply-To: si...@simonandkate.net
Subject: Optimising new system and postscreen questions
To: Postfix users
On my new Postfix 2.10 system incoming mail is slow to process
(about
ed and accuracy of result?
4. Is it worth running postscreen in more detailed (verbose?) mode to
see what it is doing?
Simon.
--
Simon Wilson
M: 0400 12 11 16
orde to the new IMAP server, and set
new postfix to deliver to local cyrus-imapd socket again.
All sound reasonable?
The big test will be inbound SMTP, but that will have to wait until I
can get on to my router and change port forward rules.
--
Simon Wilson
M: 0400 12 11 16
_fqdn_recipient,
reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org,
check_policy_service unix:private/policy-spf
permit
--
Simon Wilson
M: 0400 12 11 16
- Message from Viktor Dukhovni -
Date: Thu, 27 Apr 2017 13:01:16 -0400
From: Viktor Dukhovni
Reply-To: Postfix users
Subject: Re: SASL auth only on port 25
To: Postfix users
On Apr 27, 2017, at 12:45 PM, Simon Wilson wrote:
smtpd_recipient_restrictions
- Message from Viktor Dukhovni -
Date: Thu, 27 Apr 2017 15:07:02 +
From: Viktor Dukhovni
Reply-To: postfix-users@postfix.org
Subject: Re: SASL auth only on port 25
To: postfix-users@postfix.org
On Thu, Apr 27, 2017 at 11:51:06PM +1000, Simon Wilson wrote:
1
- Message from Viktor Dukhovni -
Date: Thu, 27 Apr 2017 12:00:22 -0400
From: Viktor Dukhovni
Reply-To: Postfix users
Subject: Re: SASL auth only on port 25
To: Postfix users
On Apr 27, 2017, at 11:54 AM, Simon Wilson wrote:
# -o smtpd_client_restrictions
of main.cf, the idea being
they can be appended to here?
Simon.
___
Simon Wilson
M: 0400 12 11 16
- Message from Viktor Dukhovni -
Date: Thu, 27 Apr 2017 15:07:02 +
From: Viktor Dukhovni
Reply-To: postfix-users@postfix.org
Subject: Re: SASL auth only on port 25
To: postfix-users@postfix.org
On Thu, Apr 27, 2017 at 11:51:06PM +1000, Simon Wilson wrote:
1
ion_cache_timeout = 3600s
- End message from Noel Jones -
--
Simon Wilson
M: 0400 12 11 16
erts/root-bundle.pem
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
--
Simon Wilson
M: 0400 12 11 16
N - thanks Jan - yes you are allowed... :) It's now working
using TLS and LOGIN mech.
Thanks again guys - kudos to you all for helping me out.
--
Simon Wilson
www.simonandkate.net
nandkate.net-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
Any help would be appreciated... :)
--
Simon Wilson
www.simonandkate.net
Quoting Paul Beard :
>
> On Sep 14, 2009, at 6:04 PM, Simon Wilson wrote:
>
>> Originally I had only port 25 open on the router, and it used to
>> work fine, with the iPhone specifically told to use port 25 and SSL.
>> Then something changed (on the iPhone I suspect
Quoting LuKreme :
On 14-Sep-2009, at 08:59, Victor Duchovni wrote:
On Mon, Sep 14, 2009 at 11:52:27PM +1000, Simon Wilson wrote:
And it never succeeds. If I set smtpd_tls_auth_only to no and
disable Use SSL on the iPhone it auths over SMTP (insecurely) and
sends fine.
Sep 14 23:17:59
sh:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
--
Simon Wilson
www.simonandkate.net
Links:
--
[1] http://mail.simonandkate.net
http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade
--
Simon Wilson
www.simonandkate.net
Quoting Mathias Meinelt :
Simon Wilson wrote:
TXT v=spf1 a mx ip4:59.167.212.191 ~all
Your setup of the SPF record is ok, however you should leave out
the
"a" and "mx" directive as they have no use here unless you want to
send mail over "mail.bluetie.com" as
F record
-0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
[score: 0.2655]
0.0 HTML_MESSAGE BODY: HTML included in message
2.2 TVD_SPACE_RATIOBODY: TVD_SPACE_RATIO
Is my TXT record OK? Do I need the IP4 entry?
Thanks.
--
Simon Wilson
www.simonandkate.net
Quoting Sahil Tandon :
On Mon, 27 Apr 2009, Simon Wilson wrote:
So my question is why did I get a message that one was wring and
not the
other? Do I need to change config somehow?
You use reject_unknown_recipient_domain, which results in a
deferral and
re-retry of mail delivery in the
alktalk.net one) saying
"Status: Host or domain name not found. Name service error for
name=talktalk.com type=MX: Host not found, try again"
So my question is why did I get a message that one was wring and not
the other? Do I need to change config somehow?
Th
91 matches
Mail list logo
