kind of Outlooks, entering
postfix via office 365.
Am Samstag, 20. Juli 2019 schrieb Wietse Venema :
> Stefan Bauer:
>> I dont get it. Testing the above correctly shows
>>
>> Subject:
>>
=?Windows-1252?Q?[Cleartext]_Webinar_=84Noch_keine_55_und_ab_in_die_GKV=93?=
>>
wrong
with encoding.
Am Do., 18. Juli 2019 um 16:27 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Hi,
> >
> > header_checks = regexp:/etc/postfix/headerstring
> > /^Subject: .*\[cleartext\].*/ FILTER cleartext:
> >
> > And n
only this single filter is present - no other filters.
Unfortunately thats not enough to trigger the filter.
Am Do., 18. Juli 2019 um 14:00 Uhr schrieb pasvon :
> What does the complete file /etc/postfix/headerstring look like?
> Does another line match a filter action and override the desired r
man 5 header_checks
By default, regexp <http://www.postfix.org/regexp_table.5.html>: and
pcre <http://www.postfix.org/pcre_table.5.html>: patterns are
case *insensitive*.
Am Do., 18. Juli 2019 um 13:40 Uhr schrieb Matus UHLAR - fantomas <
uh...@fantomas.sk>:
> On 1
Hi,
header_checks = regexp:/etc/postfix/headerstring
/^Subject: .*\[cleartext\].*/ FILTER cleartext:
And now, there is the following mail-Subject, that did not trigger the
above FILTER and i dont see why:
Subject:
=?Windows-1252?Q?[Cleartext]_Webinar_=84Noch_keine_55_und_ab_in_die_GKV=93?=
Any
Thank you for your answer, but this brings in another piece of software.
Want to keep it simple.
Am Di., 25. Juni 2019 um 13:34 Uhr schrieb Matus UHLAR - fantomas <
uh...@fantomas.sk>:
> On 24.06.19 21:42, Stefan Bauer wrote:
> >we're publishing lookup tables through our
Hi,
we're publishing lookup tables through our control git repo but hashing all
tables before commiting them to git is cumbersome. What do you recommend?
several postfix servers are getting same lookup table from central
repository.
we're using it this ways:
smtpd_sender_restrictions = check_se
we're pulling all kind of logs and graph them in fancy ways with zabbix.
zabbix has a small client with tiny footprint and can do encrypted transfer
of logs/data to server.
Am Mo., 17. Juni 2019 um 22:20 Uhr schrieb PGNet Dev :
> I'm aware of the list of stats tools
>
>http://www.postfix.org/
As microsoft ofers DKIM-singing for outgoing mails at no extra cost, i will
validate this information as 3rd authentication token.
Looks much clearer and several addons for postfix exist to do so.
Am Mo., 17. Juni 2019 um 21:31 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
>
> The latter is
.fu...@external.thalesgroup.com>:
> Le 16/06/2019 à 22:37, Viktor Dukhovni a écrit :
> > On Sun, Jun 16, 2019 at 05:46:52PM +0200, Stefan Bauer wrote:
> >
> >> Some of our users use o365 but would like to use our service for
> outgoing
> >> mails. We are offeri
m 22:37 Uhr schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
> On Sun, Jun 16, 2019 at 05:46:52PM +0200, Stefan Bauer wrote:
>
> > Some of our users use o365 but would like to use our service for outgoing
> > mails. We are offering smtp sending services. Integrating
Bill,
yes thats the question. i would consider the two factors as reliable. MS is
signing mails. i just like clear user authentication instead of rely on
volatile ips/blocks, microsoft publishes/changes.
what i need to check is also, whether MS allows spoofing of sender address.
i need to make su
MS is publishing source ips/ranges.
sasl_exeptions_networks seems an option but i still dont like the lack of
authentication.
Am Sonntag, 16. Juni 2019 schrieb Wietse Venema :
> Stefan Bauer:
>> its like the first:
>>
>> end-user client -> microsoft server -> postfix
its like the first:
end-user client -> microsoft server -> postfix server -> remote recipient
Am Sonntag, 16. Juni 2019 schrieb Wietse Venema :
> Stefan Bauer:
>> our users send/receive via o365. the last mile o365->recipient should go
>> through our service li
our users send/receive via o365. the last mile o365->recipient should go
through our service like o365->postfix->recipient
here, o365 does not offer smtp auth against postfix.
Am Sonntag, 16. Juni 2019 schrieb @lbutlr :
> On 16 Jun2019, at 09:46, Stefan Bauer wrote:
>> som
onntag, 16. Juni 2019 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
> On Sun, Jun 16, 2019 at 04:00:38PM +0200, Stefan Bauer wrote:
>
>> We are running a small smtp relay service with postfix for authenticated
>> users. Unfortunately office 365 does not offer any smt
Hi,
we are running a small smtp relay service with postfix for authenticated
users. Unfortunately office 365 does not offer any smtp authentication
mechanism when sending mails via connectors to smarthosts.
how could one protect smtp submission in another way?
without authentication, everyone fr
aving 7000-8000 mails / day.
Stefan
Am Fr., 31. Mai 2019 um 18:37 Uhr schrieb Noel Jones :
> On 5/31/2019 1:48 AM, Stefan Bauer wrote:
> > Hi,
> >
> > I'm running a pair of postfix-servers in different data-centers
> > (different ip networks) for outgoing-only delive
Hi,
I'm running a pair of postfix-servers in different data-centers (different
ip networks) for outgoing-only delivery. once in a while my providers /22
appear on public blacklists, so mails from my nodes also gets rejected.
For this, i have now a third backup-instance in another data center that
Hi,
our outgoing mails sometimes end up undeliverable in postfix queue and
bounce back after 5 days, when remote sites change MX entries and postfix
has the old informations.
It seems that postfix is not doing another round of lookups when
destination MX was already discoverd for remote domain wh
hi,
smtp_header_checks = pcre:/etc/postfix/header_chk
/^Subject: .*test.*/ FILTER test:
Postfix then logs:
Jan 30 12:44:16 mx2 postfix/cleanup[19243]: 096B95EAE2: filter: header
Subject: some text test from mail-cloud-01.asdfasdf.tld[1.2.3.4];(...)
How to disable logging of this events? I simp
Hi,
we would like to go the next step, enable smtp_tls_security_level = dane.
Currently we have encrypt site-wide.
But in cases where remote sites do not have published key material, the
fallback is may with dane, which is a step back in terms of security and
not wanted.
How can we specify:
1,
Thank you Wietse for taking the time to explain things. I really appreciate
this. now all is clear.
Am Freitag, 25. Januar 2019 schrieb Wietse Venema :
> Stefan Bauer:
>> thank you. seems to be that
>>
>> if address_verify_negative_refresh_time = 30m, the next attempt t
porcupine.org>:
> Stefan Bauer:
> > Jan 25 15:31:14 mx2 postfix/smtpd[10117]: NOQUEUE: reject: RCPT from
> > opsmail.colo.comodo.com[91.209.196.133]: 550 5.1.1
> > > address: host IP[IP] said: 550 5.1.1 > address rejected: User unknown in virtual mailbox table (in reply to
hi,
we have
address_verify_negative_refresh_time = 30m active
(root@mx2:/var/lib/postfix# postconf -n | grep verify
address_verify_negative_refresh_time = 30m)
but the verify behavior is strange.
Jan 23 21:15:21 mx2 postfix/postscreen[Jan 25 15:31:14 mx2
postfix/smtpd[10119]: NOQUEUE: reject: R
"Some sites may blacklist you when you are probing them too often (a probe
is an SMTP session that does not deliver mail), or when you are probing
them too often for a non-existent address. This is one reason why you
should use sender address verification sparingly, if at all, when your site
receiv
reject_unverified_recipient is no option as remote sites don't like
probing/verify requests. After rechecking, i had a typo in my regex.
Damn! It was working as documented. Sorry.
Am Mi., 16. Jan. 2019 um 13:17 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan
Hi,
how can the following error be detected and an instant bounce/reject will
be send to the sender?
-- 880 Kbytes in 3 Requests.
root@mx1:~# mailq
-Queue ID- --Size-- Arrival Time -Sender/Recipient---
A97288008B 776694 Sun Jan 13 13:14:29 sender@sender
now i got it. sorry and thank you for your help.
Am Dienstag, 15. Januar 2019 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Jan 15, 2019, at 8:39 AM, Stefan Bauer
wrote:
>>
>> -o smtpd_tls_mandatory_ciphers=high
>> -o tls_preempt_cipherlist=yes
I just want to set allowed ciphers but can not enforce encryption
generally. this seems to be a limitation and not possible right?
Am Dienstag, 15. Januar 2019 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Jan 15, 2019, at 8:39 AM, Stefan Bauer
wrot
Nessus reports for example TLS_RSA_WITH_SEED_CBC_SHA as weak on our
submission port. So i was using the following to disable all SEED ciphers
on submission port but it has no effect:
-o smtpd_tls_mandatory_ciphers=high
-o tls_preempt_cipherlist=yes
-o
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:E
Awesome. Thank you. That did the trick.
Am Di., 15. Jan. 2019 um 13:22 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Hi,
> >
> > i would like that postfix always sends DSN, when requested by client and
> > mail got forwarded to next-hop
Hi,
i would like that postfix always sends DSN, when requested by client and
mail got forwarded to next-hop / final destination.
Thats works on some recipients, but not on all. postfix always sends DSN on
specific destinations (e.g. web.de)
: delivery via mx-ha02.web.de[212.227.17.8]:25: 250 Req
Thank you. That explains it!
Am Sa., 5. Jan. 2019 um 15:03 Uhr schrieb Benny Pedersen :
> Stefan Bauer skrev den 2019-01-05 14:08:
>
> > tls_whitelist_check unix- - n - -
> > smtp
> >-o header_checks=
> >-o
=ESMTP helo=: tls_whitelist_check:
mail gets delivered, but policy service is not used/called.
What am i missing?
Am Sa., 5. Jan. 2019 um 11:05 Uhr schrieb Stefan Bauer <
cubew...@googlemail.com>:
> Understood. Would it be possible to have header_checks in main.cf that
> send mails
with special subject.
Am Freitag, 4. Januar 2019 schrieb Bill Cole <
postfixlists-070...@billmail.scconsult.com>:
> On 4 Jan 2019, at 10:36, Stefan Bauer wrote:
>
>> Would it be possible to have FILTER as action in policy server
>
> Yes, but FILTER behaves as documented in the
great idea, but recipient verification is not something, remote servers
like.really like.
Am Freitag, 4. Januar 2019 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Jan 4, 2019, at 9:10 AM, Matus UHLAR - fantomas
wrote:
>>
>> this looks to me that you search for connection between
sm
Jan 2019, at 9:36, Stefan Bauer wrote:
>
> > is there a way to bypass policy server in smtp_recipient_restrictions,
> > in
> > case, subject contains special string?
>
> No. As documented, smtp_recipient_restrictions is evaluated for each
> RCPT command, all of which
Hi,
is there a way to bypass policy server in smtp_recipient_restrictions, in
case, subject contains special string?
smtpd_recipient_restrictions = check_policy_service unix:private/policy
header_checks:
/^Subject: .*string.*/ FILTER no-policy-service:
header_checks could reroute by subject bu
Understood. Thank you.
Am Fr., 4. Jan. 2019 um 15:11 Uhr schrieb Matus UHLAR - fantomas <
uh...@fantomas.sk>:
> On 04.01.19 14:44, Stefan Bauer wrote:
> >we have enforced TLS to all remote sites and have appropriate tls policy
> >server, that checks if TLS is avail before
Hi,
we have enforced TLS to all remote sites and have appropriate tls policy
server, that checks if TLS is avail before accepting mails. That works as
expected. we also only accept users with auth.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination
s
Hi Robert,
thanks. already saw that but i dont want to bother remote sites with a
'full verify'. still like the policy server approach. should be no big
thing for a coder - familiar with perl.
Am Samstag, 22. Dezember 2018 schrieb Robert Schetterer :
> Am 22.12.18 um 07:55 schrieb
>:
>> On Dec 20, 2018, at 1:25 PM, Stefan Bauer
wrote:
>>
>> I'm aware of such exceptions but I don't like to set them. Our policy
is safe or not at all via mail.
>
> That policy has a cost. You don't like the cost, but there it is...
>
>> I
thats a nice approach! thank you. will test.
Am Donnerstag, 20. Dezember 2018 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Dec 20, 2018, at 1:25 PM, Stefan Bauer
wrote:
>>
>> I'm aware of such exceptions but I don't like to set them. Our pol
.
Am Donnerstag, 20. Dezember 2018 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>> On Dec 20, 2018, at 12:42 PM, Stefan Bauer
wrote:
>>
>> I use smtp_tls_security_level = encrypt
>
> The cost of that choice is that you must also have:
>
> main.cf
Hi,
i use smtp_tls_security_level = encrypt - if remote site have mx like
mx 10 mail1 without tls
mx 100 mail2 fake-mx with no open port
postfix detects lack of tls on mx10goes to mx100 and waits
maximal_queue_lifetime.
i don't like fake mx as they create a long delay.
i could reduce queue lif
the threshold is at default, so 1.
but the dns timeout, Wietse mentioned, might be the real cause. gonna check
manuals, if this is configurable.
Thank you.
Am Mittwoch, 19. Dezember 2018 schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
> On Wed, Dec 19, 2018 at 02:00:34PM +010
Hi,
Dec 19 13:04:36 mx1 postfix/postscreen[4770]: CONNECT from
[209.85.166.196]:52168 to [public-ip]:25
Dec 19 13:04:42 mx1 postfix/dnsblog[4774]: addr 209.85.166.196 listed by
domain dnsbl.sorbs.net as 127.0.0.6
Dec 19 13:04:42 mx1 postfix/postscreen[4770]: PASS NEW
[209.85.166.196]:52168
Dec 19
uot; behavior you need for the exchange
> transport is no sasl:
> exchange unix - - n - - smtp
> -o smtp_sender_dependent_authentication=no
>
> Daniel
>
>
> On 12/11/2018 1:40 PM, Stefan Bauer wrote:
>
> thank you for your help!
>
>
org>:
> > On Dec 11, 2018, at 4:40 PM, Stefan Bauer
> wrote:
> >
> > exchange unix - - n - - smtp
> > -o smtp_sender_dependent_authentication=no
> > -o transport_maps=hash:/etc/postfix/transport_internal
>
> No the "t
org>:
> > On Dec 11, 2018, at 3:41 PM, Stefan Bauer
> wrote:
> >
> > Can you recommend appropriate manual(s)? I dont understand what you mean
> with separate transport.
>
> http://www.postfix.org/master.5.html
> http://www.postfix.org/tr
eparate transport for the relay(s) in question,
> with "smtp_sender_dependent_authentication = no" for that
> transport.
>
> > On Dec 11, 2018, at 2:37 PM, Stefan Bauer
> wrote:
> >
> > I dont see a way to have AUTH&T
So howto not use AUTH&TLS at all to 192.168.124.5:2525 ?
Am Di., 11. Dez. 2018 um 20:32 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Hi,
> >
> > we receive mails from $world and forward them to internal exchange
> server.
> >
Hi,
we receive mails from $world and forward them to internal exchange server.
Exchange is offering STARTTLS and AUTH
root@gate01:~# telnet 192.168.124.5 2525
Trying 192.168.124.5...
Connected to 192.168.124.5.
Escape character is '^]'.
220 ex01 Microsoft ESMTP MAIL Service ready at Tue, 11 Dec
nema <
wie...@porcupine.org>:
> Stefan Bauer:
> > stuff/best practice that makes the process more effective.
> >
> > i'm certain that remote sites prefer one way over the other.
>
> I don't think that there is a 'standard' policy that 'works' fo
that remote sites prefer one way over the other.
Stefan
Am Donnerstag, 6. Dezember 2018 schrieb Andrey Repin :
> Greetings, Stefan Bauer!
>
> >>> we're running a small relay-service and looking for best practice to
> >>> deliver mails to remote sites
Its no user issue. Its a real and legal use case that customers send
several mails / second to same recipient over a long period (software tests
whatever).
Am Do., 6. Dez. 2018 um 12:50 Uhr schrieb Andrey Repin :
> Greetings, Stefan Bauer!
>
> > Hi,
>
>
> > we're
Hi,
we're running a small relay-service and looking for best practice to
deliver mails to remote sites regarding concurrent delivery and so on.
Sometimes, we have customers that are sending several mails per second to
same recipients.
What is best practice to handle this?
We would like to avoid
2018 schrieb Wietse Venema :
> Stefan Bauer:
>> Hi,
>>
>> is there a way to keep an smtp session open and do before queue filtering
>> AND final delivery to remote mta? do only sent 250 if we have already
>> received 250. if not send temp error.
>
> How would t
Hi,
is there a way to keep an smtp session open and do before queue filtering
AND final delivery to remote mta? do only sent 250 if we have already
received 250. if not send temp error.
we would like to only accept mails if we can deliver them at the same time.
a local queue is not wanted due to
esmtp' is set by default.
Am Mo., 26. Nov. 2018 um 11:21 Uhr schrieb Stefan Bauer <
cubew...@googlemail.com>:
> Hi,
>
> log shows:
>
> enabling PIX workarounds: disable_esmtp delay_dotcrlf for mx0.esb.de
>
> But the specific workaround 'disable_esmtp' l
en Koetter :
> * Stefan Bauer :
> > Dear Users,
> >
> > we trying to deliver mail to remote party with enforced encrcyption.
> >
> > 63FFB80805: TLS is required, but was not offered by host mx0.esb.de
> > [194.77.230.138]
> >
> > But looks like, remote dev
Dear Users,
we trying to deliver mail to remote party with enforced encrcyption.
63FFB80805: TLS is required, but was not offered by host mx0.esb.de
[194.77.230.138]
But looks like, remote device is announcing TLS and can handle it:
# telnet mx0.esb.de 25
Trying 194.77.230.138...
Connected to m
Found it. Was required to modify smtp_auth to
customer1.de user1:password
customer2.de user2:password.
Am Do., 22. Nov. 2018 um 10:22 Uhr schrieb Stefan Bauer <
cubew...@googlemail.com>:
> After setting
>
> smtp_sender_dependent_authentication = yes
>
> and adding a
ietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Hi,
> >
> > i have:
> > sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_maps
> > smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
> >
> > more /etc/postfix/relayhost_maps
>
i have similar case and set the first relayseever inmy pool as the one on
which changes ar eonly allowed. then i do scp + service restart to the
others with bash oneliner on demand.
for the future i plan to check in config from any host to central svn/git
repo and check frequently for changes from
Thank you!
Am Montag, 5. November 2018 schrieb Wietse Venema :
> Stefan Bauer:
>> Hi,
>>
>> i have:
>> sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_maps
>> smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
>>
>> more /etc/postfix/
Hi,
i have:
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_maps
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
more /etc/postfix/relayhost_maps
@mydomain.de[smtp.1und1.de]:587
@my2domain.de [smtp.1und1.de]:587
more /etc/postfix/smtp_auth
[smtp.1und1.de]:587mydomain:
We just noticed once again, that postfix is so well designed in a way, that
often we did not even think of "corner cases" that are already handled by
default in a way, that is in most cases exactly how is should be setup.
Just picking a random setup - relaying mails to external relayhosts by
sende
We simply monitor established tcp sessions to smtpd port. if client flies
away, tcp session does as well:
lsof -i tcp:25 | grep ESTABLISHED | wc -l
Am Samstag, 20. Oktober 2018 schrieb Peer Heinlein :
>
>
>
> Hi,
>
> we're monitoring the amount of active smtpd processes to make sure, that
> we do
Hi Andreas,
i really like postscreen. There are quite some nice tricks buikd in so
thanks again for pushing me in this direction.
i just bundled it now with clamav-milter so the expensive checks are only
triggered when a client survives postscreen and all my additional
sender/recipient checks and
s
> triggered. But ClamAV can't do anything before the content is
> transfered. So the performance impact should be insignificant.
>
> amavis-milter is just a wrapper script from milter to amavis protocol.
> As long amavis is not dead this is fine.
>
> Carsten
>
>
>
or sender and recipient.
>
> Have a look to amavis-milter (+spamassassin+clamav) or even rspamd.
>
>
> Carsten
>
> On 19.10.18 07:15, Stefan Bauer wrote:
> > Thank you for your feedback. Seems like smtpd_milters are also used
> > before any other check_*_access and
Thank you for your feedback. Seems like smtpd_milters are also used before
any other check_*_access and rbl checks/header checks etc., so it's
expensive this way, to pipe every mail through virus scan.
I'm just testing if i could plug in clamav by check_policy_service.
Am Fr., 19. Okt. 2018 um 05:
Dear Users,
I'm building a simple pair of front MX-servers to get rid of our cisco
ironports. For spam and virus-scanning i'd like to have spamassassin and
clamav doing pre-filtering during smtp-dialog rejecting bad mails and
forwarding good mails to internal mail-farm.
Is it best practice to use
Yes, that's it. Thank you!
Am Fr., 12. Okt. 2018 um 14:27 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> That's the probe's 421 result:
>
> > Oct 11 17:19:13 kop01 postfix/lmtp[5711]: E759E301412:
> to=,
> > relay=127.0.0.1[127.0.0.1]:2003, delay=13, delays=0/0.01/13/0, dsn=4.0.0,
> > statu
d.
Am Do., 11. Okt. 2018 um 22:12 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > We just noticed, that senders got several "550 5.1.0 Address rejected"
> > bounces even though postfix logs no permanent errors.
> >
> > Oct 11 17:
127.0.0.1[127.0.0.1] refused to talk to me: 421
internal error: OpenResolveAddrFolder failed)
Isn't status=undeliverable a 5xx reject?
Am Do., 11. Okt. 2018 um 19:14 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Dear Users,
> >
Dear Users,
we have the following in place:
smtpd_recipient_restrictions = reject_unknown_recipient_domain,
reject_unverified_recipient
unverified_recipient_reject_code = 550
unknown_address_reject_code = 550
today, we had an issue with our groupware so the following was happening:
NOQUEUE: rej
Johannes,
did you double check if your planned setup will not break other things?
Have similar needs but am not yet deep enough into mail to see possible
pitfalls.
Stefan
Am Dienstag, 2. Oktober 2018 schrieb Johannes Bauer :
> Hi list,
>
> I'm having an issue with my Postfix configuration: Curr
Hi,
we're running a small smtp send only service for authenticated users only.
Even though we only accept allowed combinations of authenticated user and
pre-defined envelope from addresses with access_maps, some smartasses
started to spoof From: addresses so we got bad reputation at receiver sites
25, 2018, at 10:13 AM, Stefan Bauer
> wrote:
> >
> > I was more asking if it's even a good idea to add the null entry to the
> table? i would like to be a good postmaster but not want to relax policies
> for allowed sender addresses.
>
> You need to allow mail
I was more asking if it's even a good idea to add the null entry to the
table? i would like to be a good postmaster but not want to relax policies
for allowed sender addresses.
Am Di., 25. Sep. 2018 um 13:26 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
>
> Stefan Bauer:
&g
Hi,
I'm using smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/allowed_sender
to make sure, my senders only send out with pre-defined and allowed domains.
Now i noticed, that if my users acknowledge "read confirmations" in
clients, mails in the following form arrive at postfix:
thank you. this is awesome!
Am Dienstag, 18. September 2018 schrieb Viktor Dukhovni :
>> On Sep 18, 2018, at 5:58 AM, Stefan Bauer
wrote:
>>
>> I noticed the following today. Is this part of the standard?
>
> You should have asked "is this expected behaviour in P
2018 schrieb Matus UHLAR - fantomas :
> On 18.09.18 14:43, Stefan Bauer wrote:
>>
>> I was expecting that the mail would bounce as the first MX refuses to
talk
>> TLS and i mapped that to a perm error. But postfix skips the one with
>> temporary/temp error and delivered to
org>:
> Stefan Bauer:
> > Hi,
> >
> > i noticed the following today. Is this part of the standard?
>
> There is no standard that requires TLS for MTA-to-MTA deliveries.
>
> > For recipient domain:
> >
> > MX 5 mx1.recipient.com - does not support TLS
Hi,
i noticed the following today. Is this part of the standard?
For recipient domain:
MX 5 mx1.recipient.com - does not support TLS and refused delivery with
temp error
MX 10 mx2.recipient.com - does support TLS and took the mail
Sep 18 10:36:29 B245080E75: TLS is required, but was not offered
Thank you! I was too stupid to RTFM. Clamd can provide custom reject
messages.
Am Mo., 17. Sep. 2018 um 16:18 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Hi,
> >
> > I like the clean and easy milter way and having clamd this way integrated
&g
to be refreshed.
Am Fr., 14. Sep. 2018 um 20:25 Uhr schrieb Wietse Venema <
wie...@porcupine.org>:
> Stefan Bauer:
> > Am Freitag, 14. September 2018 schrieb Wietse Venema :
> > > Stefan Bauer:
> > >> verify_cache.db seems to get corrupted or at least not up
Hi,
I like the clean and easy milter way and having clamd this way integrated
in postfix. But i can not use custom reject message in case clamd detects
virus.
postfix/cleanup[4292]: BD6BA80ACA: milter-reject: END-OF-MESSAGE from
(...): 5.7.1 Command rejected; from= to= proto=ESMTP
helo=
This mes
Am Freitag, 14. September 2018 schrieb Wietse Venema :
> Stefan Bauer:
>> verify_cache.db seems to get corrupted or at least not updated properly
as
>> new/updated entries do not get correctly verified and postfix logs:
>>
>> close database /var/lib/postfix/verif
Hi,
we use reject_unverified_recipient and have
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
after changes in aliases and issuing postalias /etc/aliases
verify_cache.db seems to get corrupted or at least not updated properly as
new/updated entries do not get correctly verif
, 2018, at 1:01 PM, Stefan Bauer
> wrote:
> >
> > any way to inform my users about TLS fails via bounce without waiting
> queue lifetime?
>
> http://www.postfix.org/postconf.5.html#delay_warning_time
>
> In corporate systems I tend to split the mail plant into separate
Am So., 9. Sep. 2018 um 21:51 Uhr schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>
>
> > On Sep 9, 2018, at 3:39 PM, Stefan Bauer
> wrote:
> >
> > I see no way to combine both. I want to enforce tls for sender1 to
> google.com but not for sender2 to goo
Am Sonntag, 9. September 2018 schrieb Wietse Venema :
> Instead, you can use transport_maps to choose between different
> Postfix SMTP clients (with different configurations) based on the
> recipient address or domain.
>
> You can use the access map or header/body_checks FILTER action
> ("FILTER na
our system is only outbound but here when TLS fails so remote sites, we
would be happy to have an option to instantly bounce as this is mostly a
fixed state.
Am So., 9. Sep. 2018 um 19:27 Uhr schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>
>
> > On Sep 9, 2018, at 1:0
That would be great to have this as part of the log string! Thank you for
considering my request.
Am So., 9. Sep. 2018 um 19:03 Uhr schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>
>
> > On Sep 9, 2018, at 9:46 AM, Stefan Bauer
> wrote:
>
seems to only work when postfix is server. I need this for postfix as
client when remote site is not offering tls.
Am So., 9. Sep. 2018 um 18:59 Uhr schrieb Herbert J. Skuhra <
herb...@gojira.at>:
> On Sun, Sep 09, 2018 at 06:49:07PM +0200, Stefan Bauer wrote:
> > Hi,
> >
any way to inform my users about TLS fails via bounce without waiting queue
lifetime?
Am So., 9. Sep. 2018 um 18:58 Uhr schrieb Viktor Dukhovni <
postfix-us...@dukhovni.org>:
>
>
> > On Sep 9, 2018, at 12:49 PM, Stefan Bauer
> wrote:
> >
> > delays=422/0.03/0
1 - 100 of 113 matches
Mail list logo