Hi,
Depending on your client / server interaction, you might be able to setup an
ssh tunnel or a wireguard vpn between client and server, then use localhost:587
for submission, bypassing Crunchbits' firewall.
I see no other reliable way to do it (other than changing providers).
pat
October 2
Hello,
Any sign of postfix 3.9 blacklisting HAproxy because of SMTP
errors/abuse/half-baked connections?
May 31, 2024 1:06 PM, "Gerben Wierda via Postfix-users"
wrote:
Hmm, I just noticed (all outgoing smtp was going to a backup server that works)
that one of my postfix instances cannot send m
Hello,
I’m using openarc from https://github.com/trusteddomainproject/OpenARC
May be dead but does work.
You could try https://github.com/fastmail/authentication_milter
(https://github.com/fastmail/authentication_milter) but it’s way more complex.
cheers
patpro
May 3, 2024 4:17 PM, "Ale
December 7, 2023 9:12 AM, "Doug Hardie via Postfix-users"
wrote:
> Indeed: postsrsd upgraded: 1.10 -> 2.0.8_1,1
OK. I’m still running 1.10 : it does not use a config file. Configuration is
only in /etc/rc.conf.
It’s normal that config files for 2.0.8 are new and not tunned.
up to you.
You might find in your /var/log/messages the log of `pkg` actions.
Any way, a pkg upgrade SHOULD NOT replace your config file.
And you SHOULD use ZFS snapshots (install zfsnap, setup periodic.conf.local and
forget about it) AND backups.
regards,
patpro
;2 "Error: Get Aliases from AD failed (${OUT}) - (${SCRIPT_NAME})"
exit $OTHER_ERR
fi
mv ${EXCHG_ALIASES} ${EXCHG_ALIASES}.old
/usr/local/bin/get_exchg_aliases.awk ${EXCHG_OUTPUT} | sort > ${EXCHG_ALIASES}
But really if you can use a direct bind and query your Azure AD like Wietse a
October 2, 2023 1:42 PM, "Wietse Venema via Postfix-users"
wrote:
> patpro--- via Postfix-users:
>> OK, this is where I was wrong. I thought postscreen would cache
>> the result of the DNS queries for at least postscreen_dnsbl_min_ttl.
>> Most dnsbl have a crazy
>
> But that also reduces the opportunities for connections to overlap,
> and thus, for multiplednsblog queries to be combined into one.
Thanks a lot for the detailed timing informations.
patpro
___
Postfix-users mailing list -- postfix-users@po
-KEY.combined.mail.abusix.zone): query:
134.98.237.109.MY-API-KEY.combined.mail.abusix.zone IN A + (127.0.0.1)
What am I missing?
patpro
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
OMG I'm so blind!
In my original header_checks file, only one BCC address has a 0 instead of a @,
in my email it's a copy-paste problem.
thanks,
Patrick
November 9, 2022 9:16 AM, "Reto" wrote:
> On Wed, Nov 09, 2022 at 08:05:20AM +, pat...@patpro.net wrote:
>
>> Does the error mean my BC
Hello,
I have discovered an odd warning in my logs:
postfix/cleanup[2413186]: warning: bad BCC address "me0foo.example.org" in
header_checks map -- need user@domain
my header_checks file looks like this:
/.*LOCAL_URI_.*/BCC me0foo.example.org
/.*LOCAL_SPAMURI_.*/BCC me0foo.example
the envelop so it's
probably impossible to enforce something at SMTP stage.
I'll dig in spamassassin arcanes for a possible tunable…
thanks
patpro
lified
even though admin.fr does not have an MX record. Envelope Mail From /
Return-Path is blank.
Is there a proper way to block this kind of junk in Postfix or do I have to
rely on my antispam (that will need tuning, obviously)?
thanks
patpro
omply with this kind of ridiculous demands from
people to be "properly ranked" as a prestigious email recipient. I have the
required authority to put an end to these demands, I'm not worry at all ;)
Cheers,
patpro
July 4, 2022 4:12 PM, "Rob McGee" wrote:
> On 20
Hi Peter,
You are right about DKIM, I've not mentioned it because it was obvious to me:
this kind of tempering should be done before any signing.
patpro
July 4, 2022 7:41 AM, "Peter" wrote:
> I'm not aware of any server that would alter headers in this way. Keep i
it be possible to randomize recipients order with some header rewrite
in Postfix?
Thanks,
patpro
ulti, does antispam/av filtering and
dkim singing for outbound, handles mailing lists peaks of +60K messages, etc.
patpro
'm not rejecting Fail2Ban, as it can have some value. I'm just saying
it's not a solution to modern brute-force attack on passwords/accounts. And on
larger email systems it can even cost you more time in support (like when you
get a legitimate shared IP address blacklisted).
patpro
epending on
your context. This is absolutely bullet-proof, 100% efficient against
brute-force and can be low/medium maintenance. Obviously YMMV as it's highly
dependent of your context (how many users, how you provide support for them,
etc.).
patpro
April 26, 2022 7:32 AM, "Antoni
orce success?
- no noise in the logs?
- something else?
regards,
patpro
April 26, 2022 2:49 AM, "ミユナ" wrote:
> that needs a secondary development? due to my limited knowledge I don't know
> there is the
> opensource implementation.
>
> thank you
>
> Mauricio Tav
ried it, though.
patpro
August 30, 2021 1:01 PM, "Sebastian Hyrwall" wrote:
> Hi
>
> Hope someone can help me with this. Feels like it should be simple.
>
> I would like to whitelist any sender that a user on my mail server has sent
> an email to. Overriding
> some spa
9.16 doing it all for you, or just going unsigned for a
> couple of days.
>
> And before you decide its all fixed for a few years, implement
> *monitoring*. Unmonitored security is an oxymoron.
If I understand correctly CDNSKEY/CDS records allows full automation without
requiring manually sending public keys to my registrar, is that correct?
thanks
patpro
from the start to be "future proof", not so
smart I guess.
What would be the main steps to renew keys with best practice in mind
(algorithm 13 with ECDSA P256 keys)?
I'm trying and find a good how-to but most are quite old and/or focus on
initial setting only.
I've ditched the ns6.gandi.net secondary DNS for now, will add it back later
when my config will be "all green" again.
thanks
patpro
> Correct. But in that case, see:
>
> https://mail.sys4.de/pipermail/dane-users/2018-February/000440.html
>
> which describes key rollover recommendations for "3 1 1".
thanks.
> I expect to have code soon for robust integration of DANE "3 1 1" with
> EFF's "certbot" for Let's Encrypt.
Oh, that would be really nice to have!
thank you,
patpro
Hello,
Just to ensure I've understood this well: if I'm using "3 1 1" I don't need to
change anything, right?
thanks
patpro
September 21, 2020 9:49 AM, "Viktor Dukhovni"
wrote:
> On Mon, Sep 21, 2020 at 04:22:42AM -0200, Viktor Dukhovni wrote:
>
&
t;
> http://www.postfwd.org supports conditions on sender and recipient.
Looks very powerful, may be too much for my needs but I'll take a closer look.
Thanks,
patpro
ehensive filtering tool. Because milters can return a
> "quarantine" reply, a
> milter would be the obvious choice. MIMEDefang is one which could do this
> rather easily.
Thanks Bill, I'll take a look at MIMEDefang.
regards,
patpro
Hello,
I'm using smtpd_sender_login_maps with submission in my master.cf:
submission inet n - n - - smtpd
../..
-o { smtpd_sender_login_maps =
unionmap:{hash:/path/to/controlled_envelope_senders,hash:/path/to/controlled_envelope_senders_static}
}
../..
-o {
February 21, 2020 4:00 PM, "Wietse Venema" wrote:
> pat...@patpro.net:
>
>> Hello,
>>
>> I would like to progressively restrict the ability for users to
>> impersonate other email addresses when they use our authenticated
>> SMTP (Postfix + Dovecot). We have about 2500 users on this SMTP
>> ser
Hello,
I would like to progressively restrict the ability for users to impersonate
other email addresses when they use our authenticated SMTP (Postfix + Dovecot).
We have about 2500 users on this SMTP server but we have about 50K total users
and 60K email adresses.
As a first step I would like
g requires something more agile/interactive. If you have a low volume
of daily logs (less than 500 MB) you could just install a free version of
Splunk Enterprise and create your own dashboards.
patpro
January 24, 2020 9:47 AM, "Cédric Gallo" wrote:
> Hello,
>
> Munin server and m
Hello,
I'm also using Splunk, but I'm not really sure parsedmarc worth the effort. The
only dashboard screenshot available for parsedmarc is rather unimpressive…
pat
January 6, 2020 3:35 PM, "Julian Kippels" wrote:
> Hi,
>
> I am using parsedmarc (https://domainaware.github.io/parsedmarc) fo
On 2019-11-27 09:31, Wesley Peng wrote:
Thanks.
While I am still not clear about what the description in mxtoolbox.
Can you give more details?
I've never used the "exists" keyword, it's for more advanced use case
and rely on SPF macros. You'll find some examples online, like here:
https://sco
xists:%{ir}.spf.rambler.ru
You'll find an explanation here:
https://mxtoolbox.com/SuperTool.aspx?action=spf%3amyrambler.ru&run=toolpage
patpro
t validates SPF. It helps *a lot*.
patpro
ain.com is right (like my sender account).
So I was confused.
Thanks.
Have you tryied the RFC that defines email addresses? (even the space in
allowed: or "my name"@example.com)
patpro
On 2019-03-06 13:49, De Petter Mattheas wrote:
# a single ship can generate up to 60 K in a hour, we have had it in
the past when a ship goes in error or failure or by mistake of the
programmer it send alert mails to HQ
# the test was done in are virtual lab sow there was no SatCom
involved, tha
On 2019-03-06 13:10, De Petter Mattheas wrote:
Yes it is a strange business model, but the postfix must run on are
vessels.
So they sail over the world and because of the time difference we
can't help them ride away.
I believe you should clarify or remake your test model, there is
something
About 31000 are in are postfix que and the rest is gone, on are
exchange we= see the confirmation of postfix that he has received the
mail is not in th= e postfix que.
We see a very high I/O on the disk but still writing...
../..
Witch parameter do I have to change to start throttling sow my
On 2019-02-25 15:56, Wietse Venema wrote:
Stefan Bauer:
Hi,
our outgoing mails sometimes end up undeliverable in postfix queue and
bounce back after 5 days, when remote sites change MX entries and
postfix
has the old informations.
That is incorrect. Postfix does not remember DNS information
40 matches
Mail list logo
