On postfix startup this message is logged:
[postfix-out/postfix-script] warning: group or other writable:
/etc/postfix-out/./gen-dh-params.sh
Is this expected behavior? This is a multi-instance setup with a common script
in the main config directory.
# postconf mail_version
mail_version = 3.0.3
Datum: Sat, 21 May 2011 00:57:23 +0200
Von: Reindl Harald
Organisation: the lounge interactive design
An: Mailing-List postfix
i need a little help
the following line should filter spam to ivalid rcpt works fine, see
first log-message, but is there any way to exclude lines that also
contains "
"Stan Hoeppner" Monday, April 11, 2011 4:43 PM
pf at alt-ctrl-del.org put forth on 4/10/2011 10:33 PM:
My thought on auto combating this is to use a CIDR list to kick these
networks (and only these networks) over to a greylist policy that delays
these emails for 4+ hours. By then, m
Has anyone implemented or experimented with selectively greylisting specific networks, with a long delay? Let's say 4
hours...
If so, what are your results?
Background:
1. Greylisting seems to have lost much of its value, and I stopped using it
about a year ago.
2. By using and monitoring the l
"Stan Hoeppner" March 31, 2011 12:41 PM
D G Teed put forth on 3/31/2011 10:21 AM:
I'd like some idea of what real world values would be useful, or additional
suggestions
on how to make the performance less attractive to users of compromised
accounts.
When you find a reasonable and effectiv
"Jeroen Geilman":
On 1/4/11 8:32 PM, pf at alt-ctrl-del.org wrote:
The only rejects that I get calls or emails about are:
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
reject_unknown_client_hostname,
Don't blindly use that. It causes a LOT of
"Wietse Venema"
> Example:
>
> /etc/postfix/main.cf:
> smtpd_reject_contact_information = For assistance, call
800-555-0101
>
> Server response:
>
> 550-5.5.1 550 5.5.1 For assistance, call 800-555-0101
>
> This feature is available in
"Wietse Venema":
Yaoxing:
True but there got to be some easy way to export that list, otherwise
I'll have to delete the dead mails from our database manually from time
to time. Any ideas how I can get everything work fluently? I mean, for
example, every several days I get all dead mail address
I'm phasing in usage of reject_unknown_client_hostname.
Since I'm in the U.S., I'm giving ripe, apnic, lacnic and afrinic /8's the harsh treatment of
reject_unknown_helo_hostname,reject_unknown_client_hostname. But I can't get away with using
reject_unknown_client_hostname on all of the US or C
On 2010-10-18 9:58 PM, Steve Jenkins wrote:
The instructions at http://www.postfix.org/BACKSCATTER_README.html
seem to only address what to do if MY server is the one being
forged. In the above example, it seems that procom.ca is being
forged. How should I configure my Postfix installation so
Are inline comments in map files ok to use? Will they break anything?
check_reverse_client_hostname_access...
/sip\..*\.bellsouth.net$/ DUNNO #static.bellsouth address
I don't see any errors in the log, but I don't want to create a nightmare later.
On 10/13/2010 10:08 PM, pf at alt-ctrl-del.org wrote:
I've used postfix as an incoming anti-spam gateway for several
years. Now, I'm experimenting with an additional postfix'n +
policydV2 as an outbound gateway for another mail server.
mynetworks = 127.0.0.0/8, PO.ST.FIX.IP,
I've used postfix as an incoming anti-spam gateway for several years. Now, I'm experimenting with an additional
postfix'n + policydV2 as an outbound gateway for another mail server.
mynetworks = 127.0.0.0/8, PO.ST.FIX.IP, MAIL.SER.VER.IP
smtpd_helo_restrictions = permit_mynetworks
smtpd_client_r
On 10/04/2010 06:25 PM, pf at alt-ctrl-del.org wrote:
On 10/04/2010 02:48 PM, pf at alt-ctrl-del.org wrote:
Are there any existing scripts out there, that report connection counts by cidr
network?
Input:?
parse.pl /var/log/mail cidr_list.zone
Output:?
network count
On 10/04/2010 06:25 PM, pf at alt-ctrl-del.org wrote:
On 10/04/2010 02:48 PM, pf at alt-ctrl-del.org wrote:
Are there any existing scripts out there, that report connection counts by cidr
network?
Input:?
parse.pl /var/log/mail cidr_list.zone
Output:?
network count
On 10/04/2010 02:48 PM, pf at alt-ctrl-del.org wrote:
Are there any existing scripts out there, that report connection counts by cidr
network?
Input:?
parse.pl /var/log/mail cidr_list.zone
Output:?
network count
10.10.128.0/19 983
10.144.48.0/20 121
On 10
Are there any existing scripts out there, that report connection counts by cidr
network?
Input:?
parse.pl /var/log/mail cidr_list.zone
Output:?
network count
10.10.128.0/19 983
10.144.48.0/20 121
After all tests have been passed and Postfix decides to accept an email, I'd like to selectively BCC some email for
later (manual) inspection. But I don't want to "hold" that mail.
BCC isn't available in Access, stable.
Can always_bcc, recipient_bcc_maps or, sender_bcc_maps be called\applied\se
"Jeroen Geilman" wrote:
On 09/28/2010 11:44 PM, motty.cruz wrote:
Hello,
When a client has a typo in the recipient email address it takes 5 days for
my SMTP server to notify that the user does not exist or was unable to
deliver email. Any idea where to change the option to make it more reliable
"Michael Orlitzky" September 23, 2010 9:37 PM
We run a private RBL, jerks.viabit.com, and check against it as well as
four other lists at SMTP time. Occasionally, I'll get a false positive
due to blocking an entire /24 and want to whitelist them from our
private RBL check but not against e.g. Spa
Eugene V. Boontseff, September 18, 2010 5:10 PM
CheckRelayRecipient = reject_unverified_recipient, permit
If the main destination server is not working, mail is rejected with the
folowing reason:
Recipient address rejected: unverified address: connect to host.domain.tld
[xx.xxx.xxx.xx]:25: Con
post...@corwyn.net, September 12, 2010
in fact, yes. (at least, nothing but spam). My company simply...
ps: ^_^ for the hard of humour.
Noel Jones August 23, 2010
* p...@alt-ctrl-del.org:
I find that a lot of spam comes from recently registered, throw away
domains. The new domain may be used as the sender, hostname, or name
server.
Are there any rbl type lists that block fresh domains, for the first
10-15 days of their existen
Peter Evans, September 12, 201
I feel unloved. Why, are you getting nothing but deai spam from us?
You might as well block .info at least there is a deserving case.
I hear .com is full of spammers too.
I'd say that a .info helo or .info rdns as a spam test, has a higher hit (and
accuracy) r
post...@corwyn.net wrote:
what I'd like to do is block all emails from individual contries based on
sender email address (.au, .jp, etc)
check_helo_access regexp:/etc/postfix/map_tld
check_reverse_client_hostname_access regexp:/etc/postfix/map_tld
check_sender_access regexp:/etc/postfix/map
Am I missing something obvious?
With many ISPs providing generic PTR, reject_unknown_reverse_client_hostname
is too gentle.
I'd really like to implement reject_unknown_client_hostname, but I've seen
too many cases where address->name mapping = exists, the name->address
mapping = exists, BUT
On 2010-08-31 4:45 PM, Charles Marcus wrote:
Yep, in that it shows why I really should read all of a post before
asking questions about it.
I was only looking at the one example line you included in the body - I
neglected the last part about the *file* to download that contained all
of the expr
Wietse:
> Postfix already replies with a 5XX for an NXDOMAIN result.
>
pf at alt-ctrl-del.org:
nslookup mailserver.jtl.co.in
google-public-dns-a.google.com can't find
mailserver.jtl.co.in: Non-existent
domain
NOQUEUE: reject: RCPT from
outgoing.jeevantechnologies.com[61.12.114.170]
Wietse:
> pf at alt-ctrl-del.org:
>> Noel Jones, August 27, 2010 3:56 PM:
>> >
>> >> On: August 27, 2010 2:23 PM, I wrote:
>> >>> Is there any known policy server or add-on, that will change
>> >>> the tempfail action after a couple of
Noel Jones, August 27, 2010 3:56 PM:
On: August 27, 2010 2:23 PM, I wrote:
Is there any known policy server or add-on, that will change
the tempfail action after a couple of hours, for things like
reject_unknown_client_hostname and
reject_unknown_client_hostname?
I guess it would be an adapta
On: August 27, 2010 2:23 PM, I wrote:
Is there any known policy server or add-on, that will change the tempfail
action after a couple of hours, for things like
reject_unknown_client_hostname and reject_unknown_client_hostname?
I guess it would be an adaptation of greylisting, where.
default un
Is there any known policy server or add-on, that will change the tempfail
action after a couple of hours, for things like
reject_unknown_client_hostname and reject_unknown_client_hostname?
Sending a reject has problems. I don't want to flat out reject, based on a
temp error.
Sending a 450 has
Is there any known policy server or add-on, that will change the tempfail
action after a couple of hours, for things like
reject_unknown_client_hostname and reject_unknown_client_hostname?
Sending a reject has problems. I don't want to flat out reject, based on a
temp error.
Sending a 450 has
On 8/22/2010 11:42 AM, p...@alt-ctrl-del.org wrote:
On Sunday, August 22, 2010 at 16:01 CEST,
p...@alt-ctrl-del.org wrote:
Reading RESTRICTION_CLASS_README confused me as to whether
adding a Restriction (or a defined smtpd_restriction_classes
group), to the right side of an access table, would
Noel Jones wrote:
I've also been playing with these:
http://spameatingmonkey.com/lists.html
The FRESH lists are what you're looking for.
Very nice.
I'm now using their geobl.spameatingmonkey.net, right before I accept a
delivery. But not for blocking. Just for statistics at this point.
I find that a lot of spam comes from recently registered, throw away
domains. The new domain may be used as the sender, hostname, or name server.
Are there any rbl type lists that block fresh domains, for the first 10-15
days of their existence?
On Sunday, August 22, 2010 at 16:01 CEST,
p...@alt-ctrl-del.org wrote:
So I have,
smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,
check_helo_access regexp:/etc/postfix/heloaccess.cf
If I put the following into heloaccess.cf, for .cc hostnames,
/^.*\.[a-z][a-z]$/ reject_unknown_hel
So I have,
smtpd_helo_restrictions = reject_non_fqdn_helo_hostname, check_helo_access
regexp:/etc/postfix/heloaccess.cf
If I put the following into heloaccess.cf, for .cc hostnames,
/^.*\.[a-z][a-z]$/ reject_unknown_helo_hostname
Am I adding to the restrictions? Making it,
smtpd_helo_restricti
From: D G Teed
Subject: How common is reverse DNS checking?
Out of all of the things we do to restrict spam,
the only one with a steady trickle of false positives is
the host lookup not passing reverse DNS check.
reject_unknown_client_hostname = gives problems
reject_unknown_reverse_client
p...@alt-ctrl-del.org wrote:
Hello postfix admins,
I have always placed all restrictions in smtpd_recipient_restrictions.
Over the last few days, I have been experimenting with breaking the
restrictions up into client, helo, sender, etc. I ran into something odd
(to me), when permit_mynetworks
p...@alt-ctrl-del.org wrote:
Hello postfix admins,
I have always placed all restrictions in smtpd_recipient_restrictions.
Over the last few days, I have been experimenting with breaking the
restrictions up into client, helo, sender, etc. I ran into something odd
(to me), when permit_mynetworks
Hello postfix admins,
I have always placed all restrictions in smtpd_recipient_restrictions. Over
the last few days, I have been experimenting with breaking the restrictions
up into client, helo, sender, etc. I ran into something odd (to me), when
permit_mynetworks is in smtpd_helo_restrictions
42 matches
Mail list logo
