On 9/25/2020 12:27 PM, Wietse Venema wrote:
deoren:
If I run all tasks under the postfix user account, how likely am I to
run into issues? Thus far it seems to be working, but I've yet to go a
full 6 hours, much less 24 hours.
Don't run non-Postfx programs with Postfix privil
On 9/24/2020 8:10 PM, Viktor Dukhovni wrote:
On Thu, Sep 24, 2020 at 05:34:15PM -0500, deoren wrote:
No, just WAL mode means that we haven't opened all the files that
might later be needed.
If I run all tasks under the postfix user account, how likely am I to
run into issues? Thus f
On 9/24/2020 5:16 PM, Viktor Dukhovni wrote:
On Thu, Sep 24, 2020 at 11:50:19AM -0500, deoren wrote:
Postfix + SQLite lookup tables shared with external applications in
Write-Ahead Logging (WAL) mode
SQLite with WAL mode is a multi-file database, in which some of the
files are opened and
On 9/24/2020 12:43 PM, Wietse Venema wrote:
deoren:
Alternate title:
Postfix + SQLite lookup tables shared with external applications in
Write-Ahead Logging (WAL) mode
Hi,
Ultimately, the fix appears to be to set the owner of the containing
directory and the SQLite database files to "po
Alternate title:
Postfix + SQLite lookup tables shared with external applications in
Write-Ahead Logging (WAL) mode
Hi,
Ultimately, the fix appears to be to set the owner of the containing
directory and the SQLite database files to "postfix". What I don't
understand is _why_ this is the fix
On 8/1/2020 8:43 AM, Wietse Venema wrote:
deoren:
Hi,
I'm likely overlooking this (I'm still digging), but do the restrictions
in smtpd_relay_restrictions apply before the rewriting configured for
canonical_maps takes place?
Before. The smtpd_mumble_restrictions peek at the can
Hi,
I'm likely overlooking this (I'm still digging), but do the restrictions
in smtpd_relay_restrictions apply before the rewriting configured for
canonical_maps takes place?
I'm trying to rewrite the sender address for a system before its mail is
relayed and it appears that the reject_non_f
On 8/24/2018 6:51 AM, Wietse Venema wrote:
deoren:
'mail=0/1' means that Postfix rejected the MAIL FROM command (the
client sent 1 MAIL FROM command, and Postfix accepted 0 MAIL FROM
commands).
Thank you for the response and for going into detail.
I suspect I completely overlooked
On 8/23/2018 9:28 PM, Phil Stracchino wrote:
On 8/23/18 7:43 PM, deoren wrote:
Here is a direct link to the config file with comments:
https://github.com/deoren/postfix-examples/blob/master/database-server/mysql/my.cnf
OK. Pretty much everything up to skip-name-resolve is compiled-in
are for a very small amount of data.
https://github.com/deoren/postfix-examples/blob/1f954130ee89032b3e5e3151a35f12dbd44e593b/backend-relay/etc/postfix/main.cf#L103
On 8/23/2018 7:04 PM, Wietse Venema wrote:
deoren:
On 8/21/2018 6:25 PM, Wietse Venema wrote:
Have you looked in Postfix LOGs? For example, if there is a delay
from the start of the probe to the first Postfix logfile record,
then that would indicate a delay with looking up the client hostname
On 8/22/2018 10:29 AM, Noel Jones wrote:
On 8/21/2018 3:17 PM, deoren wrote:
Hi all,
We've been using Postfix for years with good results, but in recent
years have moved to a load-balanced HAProxy front-end with multiple
backend relay nodes. I've consulted various sources during th
On 8/21/2018 7:48 PM, Phil Stracchino wrote:
On 8/21/18 4:17 PM, deoren wrote:
Hi all,
We've been using Postfix for years with good results, but in recent
years have moved to a load-balanced HAProxy front-end with multiple
backend relay nodes. I've consulted various sources during th
On 8/21/2018 6:25 PM, Wietse Venema wrote:
Have you looked in Postfix LOGs? For example, if there is a delay
from the start of the probe to the first Postfix logfile record,
then that would indicate a delay with looking up the client hostname,
and then the address for that hostname.
Thank you
Hi all,
We've been using Postfix for years with good results, but in recent
years have moved to a load-balanced HAProxy front-end with multiple
backend relay nodes. I've consulted various sources during that time to
perform the initial setup and light tuning since then.
The health checks are
On 5/17/2018 3:20 PM, Wietse Venema wrote:
Wietse Venema:
deoren:
/etc/postfix/sender-access.cf:
# First, a rule that matches health-check mail.
smtp-health-che...@example.com DUNNO
# Add a BCC recipient to other email.
* BCC f...@example.com
For the last
On 5/13/2018 11:56 AM, deoren wrote:
On 5/11/2018 2:20 PM, Wietse Venema wrote:
deoren:
My apologies if I overlooked an answer somewhere, but I checked the docs
and performed a brief search of the archives before asking and didn't
spot the answer.
Goal:
BCC everything EXCEPT for health
On 5/12/2018 1:51 AM, @lbutlr wrote:
On 11 May 2018, at 09:55, deoren wrote:
BCC everything EXCEPT for health check emails generated by our HAProxy
load-balancer
Seems it would be much simpler to BCC everything and then discard the few
messages you don’t want.
Thanks for your feedback
On 5/11/2018 2:20 PM, Wietse Venema wrote:
deoren:
My apologies if I overlooked an answer somewhere, but I checked the docs
and performed a brief search of the archives before asking and didn't
spot the answer.
Goal:
BCC everything EXCEPT for health check emails generated by our HAProxy
My apologies if I overlooked an answer somewhere, but I checked the docs
and performed a brief search of the archives before asking and didn't
spot the answer.
Goal:
BCC everything EXCEPT for health check emails generated by our HAProxy
load-balancer
I originally tried following the directi
On 3/26/2018 6:02 AM, Wietse Venema wrote:
Viktor Dukhovni:
On Mar 25, 2018, at 11:59 PM, deoren wrote:
Is there an option somewhere to change that, so that all messages logged as as
a result of the debug_peer_* options are set at debug syslog level instead?
No.
Do not turn on
On 3/26/2018 12:18 AM, Viktor Dukhovni wrote:
On Mar 25, 2018, at 11:59 PM, deoren wrote:
Is there an option somewhere to change that, so that all messages logged as as
a result of the debug_peer_* options are set at debug syslog level instead?
No.
Thank you for the definitive answer.
I'm trying to troubleshoot some occasional HAProxy health check
failures. HAProxy logs the health check failures and Postfix logs "lost
connection after RCPT" messages without a whole lot of other detail. I
learned Postfix's debug_peer_list and debug_peer_level options and have
added the IP Add
On 7/30/17 1:23 PM, Bill Cole wrote:
On 29 Jul 2017, at 23:30, deoren wrote:
On 7/29/17 4:31 PM, Bill Cole wrote:
[...]
Using 'OK' in check_sender_access for white;listing isn't wrong, it's
just imperfect and can be risky. It is trivial to forge the SMTP
sender address,
On 7/30/17 4:15 PM, Noel Jones wrote:
On 7/30/2017 9:18 AM, deoren wrote:
On 7/30/17 7:12 AM, Wietse Venema wrote:
deoren:
If I have the following, does that free up using
smtpd_recipient_restrictions for just spam/blacklist/whitelist
rules?
smtpd_relay_restrictions
On 7/30/17 7:12 AM, Wietse Venema wrote:
deoren:
If I have the following, does that free up using
smtpd_recipient_restrictions for just spam/blacklist/whitelist rules?
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
Thank
On 7/29/17 4:31 PM, Bill Cole wrote:
On 29 Jul 2017, at 0:13, deoren wrote:
I suppose it was out of ignorance, but I've used 'OK' in the past to
accept mail from specific domains that are blacklisted by Spamhaus or
have partial DNS records.
Recently I came across several th
On 7/29/17 5:45 PM, Wietse Venema wrote:
deoren:
I suppose it was out of ignorance, but I've used 'OK' in the past to
accept mail from specific domains that are blacklisted by Spamhaus or
have partial DNS records.
Recently I came across several threads here that noted how this
I suppose it was out of ignorance, but I've used 'OK' in the past to
accept mail from specific domains that are blacklisted by Spamhaus or
have partial DNS records.
Recently I came across several threads here that noted how this was a
bad idea. Looking over the Postfix documentation I seemed t
On 6/28/17 3:18 PM, Wietse Venema wrote:
deoren:
On 6/28/17 1:32 PM, Wietse Venema wrote:
I suggest that you look at Postfix features that focus on 'unknown'
client names:
http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
http://www.postfix.org/postc
On 6/28/17 1:32 PM, Wietse Venema wrote:
I suggest that you look at Postfix features that focus on 'unknown'
client names:
http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname
These descriptions also
Hi,
I've read over several threads here in the mailing list archives and
have found authoritative answers from Viktor and Wietse re how Postfix
treats unverified PTR/A DNS records in relation to check_*_access
checks, but I believe I am overlooking where this is explicitly covered
in the docu
On 5/10/2016 2:07 PM, Viktor Dukhovni wrote:
On Tue, May 10, 2016 at 01:46:57PM -0500, deoren wrote:
# match on ALL Gmail accounts.
@gmail.com autosieve
I would not expect the messages generated by Sieve to be sent from
"gmail.com". These auto-generated messages are
On 5/10/2016 11:07 AM, Viktor Dukhovni wrote:
On Tue, May 10, 2016 at 01:15:59AM -0500, deoren wrote:
# sender_dependent_default_transport_maps.conf
#
# This entry is matching against gmail.com because Google Calendar
# delivers notifications to your associated Gmail account. To
# receive them
On 5/7/2016 2:18 PM, Viktor Dukhovni wrote:
>
>> On May 7, 2016, at 8:31 AM, Wietse Venema wrote:
>>
>>> What I'm currently trying to get working is a service entry in master.cf
>>> that has its own header checks conf file. This service would only be
>>> used for specific sender addresses in or
On 5/7/2016 7:31 AM, Wietse Venema wrote:
> deoren:
>> What I'm currently trying to get working is a service entry in master.cf
>> that has its own header checks conf file. This service would only be
>> used for specific sender addresses in order to limit the heade
Hi,
I use Google Calendar to remind me of various tasks to complete. I want
to setup an event, add an email reminder for the event and then setup a
Sieve filter for Dovecot (processed by Pigeonhole) to generate a
notification to an email-to-text gateway address so I can receive a
short text messag
On 4/26/2016 12:21 AM, Eric Kom wrote:
Good day all,
I don't know if this question can me asked on this mailing list; if not,
can someone gently direct me?
I got a running mail system based on postfix and dovecot for more than 5
years now and would like to implement a ticket system so that incomi
On 2015-01-28 08:33, li...@rhsoft.net wrote:
Am 28.01.2015 um 15:28 schrieb deoren:
I searched via Google and via the mailing list archives, but I didn't
find a post which matched my specific situation.
I see those warnings in the logs when the system goes down for a
reboot.
Is the mail
Hi,
I searched via Google and via the mailing list archives, but I didn't
find a post which matched my specific situation.
I see those warnings in the logs when the system goes down for a reboot.
Is the mail lost? Should I be using a different approach when rebooting
a server running Postfix
On 12/11/2014 4:09 PM, wie...@porcupine.org (Wietse Venema) wrote:
deoren:
I have two servers, one where AUTH _is_ enabled and this particular one
that is receiving the AUTH attempts where AUTH currently is not enabled.
It will however be reconfigured at some point in the future to allow
remote
On 12/11/2014 4:26 PM, Noel Jones wrote:
On 12/11/2014 3:51 PM, deoren wrote:
On 12/10/2014 6:26 PM, wie...@porcupine.org (Wietse Venema) wrote:
deoren:
If I enable the options for 'notify_classes' then I'll get a
Postmaster
email which contains the server response to the cli
On 12/10/2014 6:26 PM, wie...@porcupine.org (Wietse Venema) wrote:
deoren:
If I enable the options for 'notify_classes' then I'll get a Postmaster
email which contains the server response to the client:
503 5.5.1 Error: authentication not enabled
So, why do you worry about t
My question is very similar to Richard Laysell's question:
On 4/7/2014 8:42 AM, Richard Laysell wrote:
>
> Hello all,
>
> What is the best way of dealing with pests like this?
>
> Apr 7 12:52:40 polyphemus postfix/smtpd[24765]: lost connection after
> AUTH from unknown[78.188.45.153]
> Apr 7 12
On 12/4/2014 5:18 PM, li...@rhsoft.net wrote:
Am 05.12.2014 um 00:02 schrieb deoren:
A few weeks back I was also surprised to see that the client IP was
being sent out in the headers. Two options that I found in my research:
#1) Enabling the "smtpd_sasl_authenticated_header" option
On 12/4/2014 2:20 PM, Martin Vegter wrote:
When I send email via my Postfix, the header actually contains the IP
address of my laptop. Such as 192.168.1.113 [12.34.56.78]) in the
example below:
Received: from mail.origin.com (mail.origin.com [65.254.242.180])
by mail.destination.com (Po
On 11/22/2014 6:03 PM, Wietse Venema wrote:
> deoren:
>> Is there a way to accomplish what the Linux Email book mentions?
>> Basically restricting use of your domain to your clients/backup
>> MX and using a custom response or log message to indicate what
>> rule b
On November 22, 2014 10:22:12 AM CST, wie...@porcupine.org wrote:
>deoren:
>> permit_mynetworks, REJECT Unauthorized use of domain name
>
>Where does the Postfix documentation promise that you can do this?
>
> Wietse
Thanks for the reply. I know you are a busy guy
I was reading through "Linux Email" and it has an example policy where only
clients from "your" networks are allowed to use "your" domain in the sender
address:
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_access
# /etc/postfix/sender_access
example.com permit_mynetw
I've been using pfix-srsd from this GitHub project for a while now, but
I'm having some trouble figuring out how to exclude specific destination
domains from modification using their example configuration:
recipient_canonical_maps = hash:/etc/postfix/pfixnosrs, tcp:127.0.0.1:10002
recipient_can
On 2014-11-10 21:42, Viktor Dukhovni wrote:
You're looking for an SRS milter. Make sure you get one that's well
designed.
Hi Viktor,
I've been using pfix-srsd from the pfixtools GitHub repo:
https://github.com/Fruneau/pfixtools
Perhaps it's simply the nature of SRS or I have it misconfigure
> Could somebody please tell me what script I should use, what am I doing wrong?
Not sure if there is an official init script, but
you could always just extract the package contents to get at the init script
that Debian provides.
On 2014-05-13 14:46, /dev/rob0 wrote:
On Tue, May 13, 2014 at 02:15:48PM -0500, deoren wrote:
If I send an email to 'root' and $myorgin is set to $mydomain
(which is also set properly), shouldn't 'root' be qualified as
root@$mydomain (i.e., r...@example.com)?
C
Hi,
I can't help but feel the answer should be painfully obvious, but I'm
just not "getting" it. Apologies for the length, but I wanted to try and
include as much relevant information up front as I could. Please let me
know if I've left anything out and I'll get it to you ASAP.
Thanks.
---
On 5/10/2014 3:38 PM, Viktor Dukhovni wrote:
On Fri, May 09, 2014 at 11:35:04PM -0500, deoren wrote:
If a spam email makes it "in" through the backup MX and is delivered to the
primary, will the 'permit_mynetworks' or 'check_client_access' directives
prevent
On 5/10/2014 10:29 AM, li...@rhsoft.net wrote:
>
>
> Am 10.05.2014 17:17, schrieb deoren:
>>> check_recipient_access, check_sender_access and check_client_access
>>> with no relay and smtpd restricitons before makes you sooner or
>>> later to a open-real
On 5/10/2014 5:45 AM, Wietse Venema wrote:
deoren:
* primary MX with current policies. Also whitelists the backup MX via
check_client_access directive and via permit_mynetworks
Do not give the backup MX host RELAY PERMISSIONS on the primary MX host.
Wietse
Thanks for the reply/tip
Thanks for the reply.
>> * primary MX with current policies. Also whitelists the backup MX
via check_client_access directive and via
>> permit_mynetworks
>>
>> Question:
>>
>> If a spam email makes it "in" through the backup MX and is delivered
to the primary, will the 'permit_mynetworks'
>> o
Setup:
* backup MX with light anti-spam policies (for the moment)
* primary MX with current policies. Also whitelists the backup MX via
check_client_access directive and via permit_mynetworks
Question:
If a spam email makes it "in" through the backup MX and is delivered
to the primary, wil
On 2014-03-26 11:53, Stan Hoeppner wrote:
Note these are common with BRBL. I got a few the very day I added it
to
my Postfix config years ago. I show the following recent resolution
errors for BRBL, the last three trimmed to save space:
Mar 25 15:25:31 greer postfix/smtpd[12892]: warning:
5
On 2014-03-26 10:46, Viktor Dukhovni wrote:
On Wed, Mar 26, 2014 at 08:57:54AM -0500, deoren wrote:
On March 21st I noticed these entries in my mail log and I'm not able
to
pinpoint the source of the trouble:
warning: x.x.x.x.b.barracudacentral.org: RBL lookup error: Host or
domain
Hi all,
On March 21st I noticed these entries in my mail log and I'm not able to
pinpoint the source of the trouble:
warning: x.x.x.x.b.barracudacentral.org: RBL lookup error: Host or
domain name not found. Name service error for
name=x.x.x.x.b.barracudacentral.org type=A: Host not found, tr
62 matches
Mail list logo
