From: Robert Fitzpatrick
>To: Postfix
>Sent: Monday, January 16, 2012 1:12 PM
>Subject: Spamcop listed gmail?
>
>Perhaps this is not the place for this, I didn't find a mailing list on
>the spamcop site and just looking to see if this is experienced by
>others. Got two calls this morning, both
>From: Stan Hoeppner
>To: postfix-users@postfix.org
>Sent: Sunday, December 18, 2011 9:28 PM
>Subject: Re: Best Practice for (not)allowing "spoofed" MAIL FROM addresses
>
>So to make this crystal clear, you are asking if your users should be
>allowed to SUBMIT mail for RELAY through your Postfi
>From: Wietse Venema
>To: Postfix users
>Sent: Sunday, December 18, 2011 5:40 PM
>Subject: Re: Best Practice for (not)allowing "spoofed" MAIL FROM addresses
>
>Steve Fatula:
>> Have not seen a discussion of this lately, I'd like to hear pros
>>
From: Barry K
>To: "postfix-users@postfix.org"
>Sent: Sunday, December 18, 2011 6:20 PM
>Subject: Re: Best Practice for (not)allowing "spoofed" MAIL FROM addresses
>
>Reindl, what is your problem? Clean up your ignorant and immature language.
>
>Agree 100%. Some people seem to have a very sma
From: Wietse Venema
>To: Postfix users
>Sent: Sunday, December 18, 2011 6:46 PM
>Subject: Re: Best Practice for (not)allowing "spoofed" MAIL FROM addresses
>
>
>For most users, "spoofing" is about email with their address in the
>From: header, coming from an outside machine. The average email
>
Have not seen a discussion of this lately, I'd like to hear pros of disallowing
said spoofing. It appears it's "allowed" in the SMTP "standard". So, are there
reasons to not allow it?
I have seen people use this is a number of seemingly reasonable ways. I'd
rather not argue about that part. I'd
From: Lima Union
>To:
>Cc: Postfix users
>Sent: Monday, December 5, 2011 8:02 AM
>Subject: Re: OT: Yahoo spam load (was: Dead Destination configuration)
>
>
>
>I'm having the same problem here, a lot of spam comming from YAHOO mail system.
>I didn't know about sanesecurity, I'll give it a tr
From: Steve
> To: postfix-users@postfix.org
>Sent: Sunday, December 4, 2011 4:59 AM
>Subject: Re: OT: Yahoo spam load (was: Dead Destination configuration)
>
>
>> >I wish there was a chart for spam sent FROM yahoo. 99% of our spam comes
>> from yahoo (that gets through postscreen).
>>
>On my
From: Wietse Venema
>To: postfix-users@postfix.org
>Sent: Friday, December 2, 2011 8:42 AM
>Subject: OT: Yahoo spam load (was: Dead Destination configuration)
>
>To get some idea of Yahoo spam load (and keyword trends) see
>http://visualize.yahoo.com/ and click the green buttons.
>
>
>I wish th
From: Murray S. Kucherawy
>To: Steve Fatula ; "simon.brere...@buongiorno.com"
>; postfix users
>Sent: Tuesday, November 15, 2011 3:19 PM
>Subject: RE: reject_non_fqdn_helo_hostname usefulness, safety
>
>
>Just heard back from them:
>
>“Murray, FYI, I wa
From: Simon Brereton
>To: postfix users
>Sent: Thursday, November 10, 2011 9:26 PM
>Subject: Re: reject_non_fqdn_helo_hostname usefulness, safety
>
>
>
>Write them a note with the RFC I say. Standards are no good if you
>let yours slip because it's Ebay. or Google. or InsetBrandnamehere.
>
>
>
From: Jeroen Geilman
>To: postfix-users@postfix.org
>Sent: Thursday, November 10, 2011 6:13 PM
>Subject: Re: reject_non_fqdn_helo_hostname usefulness, safety
>
>
>I have seen it too, on bulk mailer software (as ebay's probably is), but my
>logs from the past 6 weeks do not contain a single reject
This check says that the RFC requires a fully qualified hostname for HELO. Most
internet searches show this to be a "safe" check that shouldn't really kill any
real mail. Lately, noticed no ebay mail was coming through, looked through the
logs and see entires like:
Nov 9 20:30:58 host2 postfix
So my obvious question to the list is - Can I get amavis to explicity add a
header with the SPF validity, and if not, can I do this with policyd? And if
not, and I must install postfix-policyd-spf-python or postfix-policyd-spf-perl
which do you recommend and why?
>
>Can't help you with Amavis,
Marko Weber:
>>
>> Hello,
>> is it possible to rate the amount of sent mails per user?
>> Goal is: each mail user should not be possible to send more then 10.000
>> mails each day.
>> And is it possible to set per user (mailaccount) ?
>
>
>Another good one is mailfromd, it can not only do the rat
- Original Message -
> From: Niccolò Belli
> To: postfix-users@postfix.org
> Cc:
> Sent: Wednesday, September 28, 2011 9:02 AM
> Subject: Re: reject_unknown_client_hostname: move into the junk folder
> instead of rejecting the e-mail
>
> I want it to automatically create the junk folde
- Original Message -
> From: Marek Salwerowicz
> To: postfix-users@postfix.org
> Cc:
> Sent: Monday, September 19, 2011 12:07 PM
> Subject: Blacklists for you MTA
> I am wondering what rbl's are you using to prevent your MTAs against spam?
>
> Since one month I have benn receiveing mor
- Original Message -
> From: /dev/rob0
> To: postfix-users@postfix.org
> Cc:
> Sent: Friday, August 26, 2011 8:24 AM
> Subject: Re: postscreen stats
> I'm going to disagree, slightly, with Stan and Wietse. The DNSBL
> scoring feature was formerly only available via a policy service, an
> My initial thought was to save my existing config, then use webmin to build a
> config and compare the two. if they are miles apart then drop the idea.
> Part of my reasoning here is that I am getting old and I need to farm out
> some
> of my work, most of the people that I have been asked to
- Original Message -
> From: Patrick Ben Koetter
> To: postfix-users@postfix.org
> Cc:
> Sent: Tuesday, August 23, 2011 9:33 AM
> Subject: Re: postscreen stats
>
> I disabled greylisting since I started using postscreen and the spam ratio did
> not increase, but the immediacy at which m
- Original Message -
> From: Ray Davis
> To: Christian Roessner
> Cc: postfix-users@postfix.org
> Sent: Friday, August 19, 2011 8:59 AM
> Subject: Re: Intermittent User unknown
>
>>>
>>> This is a Mac OS X Snow Leopard Server with no postfix config
> modifications.
>>
> Yes, OpenDir
- Original Message -
> From: Steve Fatula
> To: Postfix Users
> Cc:
> Sent: Wednesday, August 17, 2011 6:18 PM
> Subject: Remove header on reinjection
>
> Sounded easy (and probably is), but, don't see it. I know I can add
> header_checks and have a
Sounded easy (and probably is), but, don't see it. I know I can add
header_checks and have a rule in it to ignore a header, which is what I want to
do. Specifically, the header that is added by reinjection after an after queue
content filter that shows received from localhost.
header_checks is
- Original Message -
> From: Wietse Venema
> To: Postfix users
> Cc:
> Sent: Monday, August 15, 2011 9:00 AM
> Subject: Re: Outbound mail rate limits by user
>
>
> In the case of single-recipient email, this can be done with delays
> on the Postfix receiving side.
>
> 1) Force client
- Original Message -
> From: Wietse Venema
> To: Postfix users
> Cc:
> Sent: Sunday, August 14, 2011 3:32 PM
> Subject: Re: Outbound mail rate limits by user
>
>
> A more serious issue is that _destination_rate_delay is per-destination
> not per-sender, so the example that I gave was
-class-1_destination_rate_delay=1 to limit
>> the per-sender rate to one message per second.
>
> Steve Fatula:
>> Won't this mean I would need a separate class for every sender? And
>> if I have 1,000 senders (which I do)?> No matter what MTA you use, it will
>
- Original Message -
> From: Jeroen Geilman
> To: postfix-users@postfix.org
> Cc:
> Sent: Sunday, August 14, 2011 5:14 AM
> Subject: Re: Best way to not allow locally submitted email
>
>
> You're stating contradictory requirements - you cannot AND allow scripts to
> use sendmail to su
What is the best way to disable locally submitted email (via sendmail binary,
mail, etc.), BUT, still allow cron and such tools to work and be able to send
local mail?
You can't set authorized_submit_users, as, that means cron jobs run as users
won't send the mail as they don't have permission.
> From: Wietse Venema
> To: Postfix users
> Cc:
> Sent: Saturday, August 13, 2011 2:40 PM
> Subject: Re: Outbound mail rate limits by user
>
> Steve Fatula:
>> This seems to have been discussed before, but, I have a small
>> twist. On a system I am workin
This seems to have been discussed before, but, I have a small twist. On a
system I am working on, there are many users. These users can send mail via
some email client or webmail, and, via command line programs (sendmail) or PHP,
mailing list program, etc. I need to be able to limit outbound ema
> From: Wietse Venema
> To: Postfix users
> Cc:
> Sent: Wednesday, August 10, 2011 12:03 PM
> Subject: Re: Order of milter execution
>
>> In the sendmail implementation, milters operate in order specifically
>> so that filters later in the chain see the effects of those that
>> come before.
Using Postfix 2.8.4, I have the following options to smtpd:
-o content_filter=dspam:unix:/var/dspam/dspam.sock -o
smtpd_milters=unix:/var/run/clamav/clamav-milter.sock,unix:/var/run/opendkim/opendkim.sock,unix:/usr/local/var/milter-greylist/milter-greylist.sock
Reading the postfix doc, it says
> Postfix architecture aside, I think this is bad advice, at least about DKIM.
> The premises are false.
Care to elaborate? Clearly, this is not possible to do in postscreen sort of
making this moot, but, SPF spec says to reject messages that have status fail.
DKIM says you MAY, and, several
Yes, I do realize the more added to postscreen, the slower it gets, etc.
However, one function that would seem to fit perfectly if it's not too slow
would be spf and dkim checks. SPF we are doing via a milter, and, seems to be
fast. Yes, it's DNS records, but, postscreen already does much worse
>almost half a year after the above message introducing postscreen
>and the idea of using a low-priority MX on the same host to raise
>the entry barrier for the postscreen whitelist, I would like to ping
>back to the thread with the following question:
>Has anyone found out how to make this work
>Surely the sender has a limited number of IP addresses. Once a
>client IP address passes postscreen's "after 220" tests, it is
>whitelisted and can send mail without "after 220" tests for 30 days.
Of course, it's finite. It's not small though. Here's the SPF record:
ip4:216.239.32.0/19 ip4:64.
>However, BTW a surprising number of legitimate sites, including
>Gmail, have not been trying the lower-priority MX at all. Gmail
>clients also tend to pass off to another host for second and
>subsequent attempts, always and only on the primary MX IP address.
I don't see how Gmail will work, a
I see some previous posts regarding this - just my 2 cents worth. There mig=
ht be multiple triggers for the penalty time, but, one I'd like to see woul=
d be just like postscreen_dnsbl_threshold, perhaps postscreen_dnsbl_penalty=
_threshold. In this way, I might want a score of 3 to trigger block,
Let me try rephrasing this so hopefully someone who understand how the so
called advanced content filter can take a quick gander and let me know. By
advanced content filter, I mean this: http://www.postfix.org/FILTER_README.html
So, here is my current setup from master.cf:
smtp inet n
As specified on the http://www.postfix.org/FILTER_README.html page.
So, here is my current setup from master.cf:
smtpinetn - n - - smtpd -o
content_filter=dspam:unix:/var/dspam/dspam.sock
dspam unix- - n - - lmtp -o
smtp_
> My opinion is if you correctly reject -- not bounce --
> spam/virus/bad recipient email, that takes care of 95%+ of the
> problem bounces, and is a good practice minimum standard.
Agreed, and I do.
I guess then that I should change the after queue SPAM content filter to use
the
advanced metho
Having read quite a few of the messages in this list about bounces, I really
didn't find any (though they may be there) related to preventing bounces for
resource limits, and other unpredictable and strange occurrences. That is my
question, NOT bad recipient, etc. Yes, I know bounces and rejects
>If you do not want to process local mail via SpamAssassin then don't
>send locally submitted mail to SpamAssassin.
Precisely, and the question was how to recognize locally submitted mail vs
other mail given that we had to process on delivery via procmail, and, each
user can have different Spam
>I use postfix and spamassassin, and I have no problem. I don't rewrite
>headers. I don't whitelist senders. ... etc.
It is likely you are not aware of the problem I am speaking of then as
Spamassassin does NOT recognize locally sent mail the way it "should", it uses
a test called NO_RELAYS for
>> Is this a true statement. If a message is sent to postfix via smtp, in the
>> message headers will ALWAYS be at least one header of the form:
>>
>> Received: from...
>>
>> I believe this to be the case, which means the only messages without that
>> are the locally sent emails. Wouldn't that be
Is this a true statement. If a message is sent to postfix via smtp, in the
message headers will ALWAYS be at least one header of the form:
Received: from...
I believe this to be the case, which means the only messages without that are
the locally sent emails. Wouldn't that be true?
>Your concept is b0rken. Received headers can be forged just as well as
>any other header.
Not in my case. That is already accounted for. But irrelevant since that was
not the question.
>If you want to whitelist by sending MTA, why don't you just whitelist
>those MTAs via a check_sender_access
>Why? What problem are you trying to solve.
>if you inist, force it to go to smtpd by using a content_filter in the
>pickup service in master.cf.
The problem to be solved is that various filters we use, spamassassin, dcc,
etc., use the receive from header in order to use whitelists and such conc
For postfix mail sent from cron, or other sendmail command line mail, sent to a
local user on the same server, I am getting the following received header:
Received: by host112.mydomain.com (Postfix, from userid 0) id 4A8E114B8104;
Tue, 15 Sep 2009 03:53:19 -0500 (CDT)
That is the ONLY received
49 matches
Mail list logo
