You may want to comment out protocol or cipher tweaks' these can
reduce interoperability:
postconf -n | grep tls
I do not think I am using any tweaks and try to keep things as default as
possible. Or maybe I'm misunderstanding.
[root@host /]# postconf -n | grep tls
milter_rcpt_macros =
My distro package manager gives me postfix 3.5.25 with openssl 3.2.2 which
causes SSL version mismatch warnings I was previously told I could ignore.
I got a failed transaction:
Jan 21 09:15:21 host postfix/smtpd[79286]: warning: run-time library vs.
compile-time header version mismatch: Ope
One way to narrow down trouble shooting to know if its a firewall or config
issue is to check if postfix has bound to the ports for listening.
[root@host /]# netstat -nlp46
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
I saw that when messages sent to duck.com for forwarding, duck.com will
remove the original DKIM info from headers, to protect the sender privacy.
I am just curious how to remove that DKIM in postfix?
That is something that can be done in milters. Most likely a custom solution
they built.
I d
What about openssl, which is current version in RHEL9?
It's Oracle's repo for RHEL9.
Name : openssl
Epoch: 1
Version : 3.2.2
Release : 6.0.1.el9_5
Architecture : x86_64
Size : 1.5 M
Source : openssl-3.2.2-6.0.1.el9_5.src.rpm
Repository :
But you did not also upgrade Postfix, which was built with OpenSSL 3.0.0.
Installed Packages
Name : postfix
Epoch: 2
Version : 3.5.25
Release : 1.el9
Architecture : x86_64
Size : 4.4 M
Source : postfix-3.5.25-1.el9.src.rpm
Repository :
Just to double check this isn't a configuration library issue on my end?
Someone is messing around? I have dozens of these repeated in the logs.
Dec 15 23:07:50 host postfix/smtpd[3181]: warning: run-time library vs.
compile-time header version mismatch: OpenSSL 3.2.0 may not be compatible
w
I was wondering if there is anyway to use the maillog with the SSL
messages to determine who was trying to send messages during that
window.
You have the IP/Hostname of the servers connecting to your server.
If you are asking who as in the person, as in what the From: email address
was going
Is it worth it?
It's easy to do, but I recommend ... have the web server return a redirect
(302 status)
If running Apache it's even easier. Point the DNS. Add the non-www name in
the host/vhost file.
ServerName www.postfix.org
ServerAlias postfix.org
...
ServerNa
If you use the "lmtp" delivery agent for delivery to Dovecot:
/etc/postfix/master.cf:
lmtp .. .. .. .. .. ... lmtp
flags=DORX
/etc/postfix/main.cf:
# Here "lmtp" is the name of the first field in master.cf.
lmtp_destination_recipient_limit = 1
Just
I never have the "X-Original-To:" header added to emails received over
port 25 sent to an alias.
how do you deliver mail to mailboxes?
LMTP to dovecot
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to post
# postconf enable_original_recipient
enable_original_recipient = yes
I never have the "X-Original-To:" header added to emails received over port
25 sent to an alias.
Also related. I didn't see on the MILTER_README or ADDRESS_REWRITING_README
pages anything about rewrite flow related to milte
https://www.postfix.org/postconf.5.html#enable_original_recipient
# postconf mail_version
mail_version = 3.5.9
# postconf enable_original_recipient
enable_original_recipient = yes
RHEL9.4 if it matters.
I am using virtual users (virtual_mailbox_maps) and aliases
(virtual_alias_maps).
I never
People who actually use Dovecot for submission might know.
I'm not even sure whether Dovecot's submission facility ever talks to
Postfix.
Dovecot doesn't "perform" submission services. It is only a proxy to postfix
submission (or other).
https://doc.dovecot.org/2.3/admin_manual/submissi
Is it true that the Queue-ID is generated before Postfix receives the
message content? After which SMTP command?
By default during the RCPT TO stage. But can be changed to happen earlier
during the MAIL FROM stage with performance trade offs.
http://www.postfix.org/postconf.5.html#smtpd_
my use case: I want to find out if outgoing messages were delivered
successfully, so I'm looking at the lines containing `status=` in the
logfile.
But I need this only for some mails (not all). To find out, I have to query
the database for the Queue-ID. This step could be skipped if it would b
I followed 'www.postfix.org/VIRTUAL_README.html : As simple as can be:
shared domains, UNIX system accounts' to set style like 'mydestination =
$myhostname localhost.$mydomain ... example.com' for a few domains (except
example has no commas like main.cf). Regardless of $myhostname, $mydomain
(als
I have policyd-spf and opendkim (as a milter) installed for postfix.
How can I customize the policy that, if an incoming message has SPF failed
AND has invalid DKIM then this message will be rejected? AFAIK google has
this kind of rejection policy for their gmail.
That is what DMARC does. Ther
I need to find out if an outgoing message was successfully delivered or not.
I know this can be achieved by setting up some filesystem watcher for the
logfile, and/or by having a cronjob searching through the logfile for the
line containing `status=`.
But it would be so much nicer if Postfix wou
I would like to set up two MX servers with equal priority
One MX server resides on the same physical machine as the Dovecot service
the other MX server is located in a remote data center
Depends what the intent is. Is it for load balancing or is it for backup
because server A is sometimes offli
Spaces are not allowed in submission -o override settings.
How do you handle adding a service? Or is it not possible? Can you \ the space?
-o smtpd_client_restrictions=check_policy_service\ unix:private/myservice
___
Postfix-users mailing list -- po
2024-10-21T16:29:00.942189+00:00 theglobalvoice postfix/qmgr[3900]: E53B5103176:
from=<>, size=3212, nrcpt=1 (queue active)
2024-10-21T16:29:01.124528+00:00 theglobalvoice postfix/smtp[4038]: E53B5103176:
to=, orig_to=,
relay=mail.gandi.net[2001:4b98:e00::9]:587, delay=0.19, delays=0/0/0.09/0.0
I see both postfix and dovecot can set the limit for mailbox size and message
size.
So which to set it as the better way? or both?
By which ever one is delivering the mail to drive. Depends how you have your
system setup.
Additionally I am not sure if postfix allows for per user control or i
> Is there anyway to get postfix to assign the queueId before invoking
> the milters during the rcpt-to stage?
smtpd_delay_open_until_valid_rcpt = no
Almost: the RCPT TO is valid AFTER the Milter accepts it.
Wietse
I don't understand what you mean by that.
I did a test, set the dela
Is there anyway to get postfix to assign the queueId before invoking the
milters during the rcpt-to stage?
smtpd_delay_open_until_valid_rcpt = no
Thanks.
No wonder i couldn't find it by searching for Queue Id in the docs. I didn't
think to search for NOQUEUE.
___
Im sure the answer is NO, but you don't know if you don't ask.
Is there anyway to get postfix to assign the queueId before invoking the
milters during the rcpt-to stage?
My end goal is trying to track the email, so logic in the milter during the
rcpt-to stage can have a header added later in th
what's the main difference between a policy server and a milter?
Policy Server:
- Coded quickly in scripting language
- Lightweight, simple, and fast to setup
- Is only provided limited header information by postfix for evaluating
Milter:
- More complicated to setup and code
- Has access
So there's a confusion between the hostname of the mailer and the
doamin to be used for the SPF check. Is anybody else seeing this ?
Yes, I had to recently add an "a:" record to an SPF (for the sending hostname)
as I was seeing some of these I think.
Im confused by the language being used.
Is an automated/unattended email notifying the user about something,
providing proper ways of contacting. As this email is not read in any way,
rejecting the mail would be a better way to handle than an automatic
response. IMHO.
Then you can not use this e-mail address as envelope sender. Peopl
does smtp have an action "discard"? if so where messages will be discarded?
I see smtp code has "reject" while sieve has "discard". So I am asking this
question.
http://www.postfix.org/header_checks.5.html
There is a DISCARD action.
___
Postfix-users
To be honest, you still likely want authentication. Keep in mind that you
don't need to authenticate as a single user for roundcube but rather you can
have roundcube pass authentication through from it's own user login and
therefore support multiple users while also allowing postfix to support
Did you increase the level higher than 2?
debug_peer_level = 5 should show all SMTP commands issued.
Even at 5 I can see only inbound SMTP trace, but not outbound.
Even higher?
The levels go from 1 to 10. I don't know if you will get more commands going
higher than 5. I was under the impres
If I use the hash metod and follow https://www.postfix.org/SASL_README.html
I should write the config file like
/etc/postfix/sasl_passwd:
# Per-sender authentication; see also /etc/postfix/sender_relay.
us...@example.com username1:password1
us...@example.net username2
I tried with debug_peer_list and debug_peer_level, but it looked like not all
commands are included
Did you increase the level higher than 2?
debug_peer_level = 5 should show all SMTP commands issued.
___
Postfix-users mailing list -- postfix-users@po
Trouble Shooting Areas
==
Make sure mydestination contains localhost for postfix to know it gets
delivered locally.
Also double check myhostname, mydomain, and myorigin for anything that doesn't
look right.
Make sure nothing in /etc/aliases is sending root somewhere else.
I have no idea where this r...@localhost.com is coming from. It must be a
misconfiguration but I cannot find it.
Since root@localhost is rewritten in r...@localhost.com, I would also check in
aliases/virtual_aliases, etc.
Not likely, but check if something wacky got into /etc/aliases as th
I have noticed in most deliveries, servers are issuing two ehlo commands. For
example:
postfix/smtpd[232271]: disconnect from talvi.dovecot.org[94.237.105.223]
ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Is this an indication that something might not be configured correctly to c
I am upgrading to postfix 3.9.0.
I have not used DKIM in previous postfix installs, but I would like to
start now with the new google rules.
I have done some research and opendkim is the most recommended, however,
other research states the opendkim has been abandoned by it's maintainers.
So
Just a note to update the thread. Amazon reports that they've now
corrected this issue in all of their regions, and sending the test case
through I mentioned earlier in the thread now works, at least in our region.
Cheers!
Dan
On 11/20/2023 3:52 PM, postfix--- via Postfix-users wrote:
We're using Postfix + Mysql and we're getting this mysql connection
lost issue very often.
Our mysql settings are ok, running using IP instead of the host so no
DNS request is made.
Can you use unix socket instead of IP? Or other machine? Since you are going
over IP, are you using the proxy
I am looking for an option to temporarily pause delivery via LMTP and defer
mail while the Dovecot mailboxes are being backed-up in order to get an
consistent state.
Just take dovecot LMTP offline. Isn't the default behavior of postfix to queue
undeliverable mail and once its able to deliver
On 11/20/2023 2:07 PM, Viktor Dukhovni via Postfix-users wrote:
On Mon, Nov 20, 2023 at 11:02:15AM -0500, postfix--- via Postfix-users wrote:
You'd need to apply "body checks" to internally generated mail, which is
generally not recommended, and would apply regardless of co
On 11/16/2023 3:39 PM, Viktor Dukhovni via Postfix-users wrote:
On Thu, Nov 16, 2023 at 03:18:13PM -0500, postfix--- via Postfix-users wrote:
I'm thinking someone has probably already seen this and wondering if anyone
has a work around (other than send the bounce somewhere else which m
I ve a webserver allowed to send mails message (with PHP) to a postfix relay,
which send it to recipients.
I'd want that the return-path be the same that the From sender.
You do this in PHP, PHP creates the email that postfix relays. Its done with
the -f command line arg.
$to = "u..
I'm thinking someone has probably already seen this and wondering if
anyone has a work around (other than send the bounce somewhere else
which may or may not be possible in my current situation, still
investigating that).
In brief if a Postfix bounce message is sent through Amazon SES, and the
Sep 10 12:21:39 wopr postfix/smtp[25425]: 94E7840E5C: to=,
relay=gmail-smtp-in.l.google.com[74.125.130.27]:25, delay=0.85,
delays=0.03/0.04/0.56/0.22, dsn=2.0.0, status=sent (250 2.0.0
38A5LeYj001108-38A5LeYl001108 Message accepted for delivery)
Reporting-MTA: dns; spamfilter-02.totbroadband
I have set up different txt record for dkim for each domain and the problem is
that when I'm sending mail via the main domain (space), they are not dkim
signed.. It either says dkim=none or the dkim header is totally missing.
If I send via the aliased domain I have no issues whatsoever.
Assu
Now I can send my mails (changing sender address from space to eu) using the
same users I had (have) for the .space domain without issues, even to google
but if I perform an online test for the .eu domain, it still references my
.space domain and I don't know where that is coming from..
Here's
Hi, Is it possible to discard an email based on the Subject and the destination
email address?
/^Subject:.*Test email subject .*To:.*m...@me.com/ DISCARD
The postfix filters only work on one header at a time. You can not put
conditions for multiple headers.
As already suggested, a milter wou
I would really look forward to this. I've been running my own mail server
for over two decades. First with qmail, but the larger latter half with
postfix. It's running pretty well, but there are still aspects that could
be sharpened up, or configurations that I blindly relied on tutorials for
Currently Postfix do not show in log the Recipient of emails that exceed
Meesage_size_limit becasue MAIL FROM comes before RCPTO TO... but
is there any nice way of forcing Postfix to reject that email after the RCPTO
TO?
http://www.postfix.org/postconf.5.html#smtpd_delay_reject
___
I saw some domains have MX pointing to 127.0.0.1. what does this mean?
This will tell the sender of the email to connect to 127.0.0.1 which is itself.
It will send the mail program chasing its own tail.
___
Postfix-users mailing list -- postfix-users@
I'm using multi-instance postfix-3.7.2 on fedora37 and would like to be
able to control which header and body checks apply to which domain in a
specific instance. I'm looking for advice on the best way to do this.
I'd say, start with one instance per domain. The 'cost' of doing so
is really sma
K.I.S.S.
Because of forwarding, both SPF or DKIM signatures *could* be broken. This is
what DMARC was introduced for.
DMARC checks the results of both SPF and DKIM, and as long as one of those two
passes then the mail is good so DMARC passes.
If both SPF and DKIM fail, then DMARC fails, and *TH
Put the following in /etc/postfix/main.cf:
recipient_delimiter = +
cheers,
raf
Just FYI;
If you are using dovecot and postfix is handing off delivery to dovecot (such
as LMTP) you also need to make sure that setting is in the dovecot config or
dovecot will backscatter as unknown user.
__
Apr 14 23:00:08 mailserver postfix/smtps/smtpd[1653]: connect from
unknown[192.168.1.44]
Apr 14 23:00:08 mailserver postfix/smtps/smtpd[1653]: SSL_accept error from
unknown[192.168.1.44]: Connection reset by peer
Apr 14 23:00:08 mailserver postfix/smtps/smtpd[1653]: lost connection after
CONNEC
smtp_tls_security_level = may/encrypt sets global policy for the server. Is there a way
to override that on a per user basis when delivering mail to another public server? For
example if the server default is "may" can email being sent from
a_select_u...@example.com behave as if smtp_tls_securi
My server [204.10.37.139] also.
Mar 17 07:32:36 host postfix/smtpd[1474828]: connect from
list.sys4.de[188.68.34.52]
Mar 17 07:32:36 host postfix/smtpd[1474828]: SSL_accept error from
list.sys4.de[188.68.34.52]: lost connection
Mar 17 07:32:36 host postfix/smtpd[1474828]: lost connection after
some times, for not all of address, my mail remaining in queue
what can i check?
is the problem the server configuration or the SPF record?
Can't connect to local MySQL server through socket '/run/mysqld/mysqld.sock'
The problem isn't SPF. The problem is postfix can't open the database to
If I'd change anything I would delete the '-' in the middle of the
current tag.
I'm all in favour, though I also be happy with [U], [D], and [A]. :-)
Or we all could be adults and not giggle like little girls at seeing [P-U]
___
Postfix-users mailin
The very much worth reading RFC 9057 of Dave Crocker defines an Author: field...
I like that idea better than my suggestion of footer or x-header.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users
Is it the best idea to add a reply-to header to the author on mailing list
emails?
The problem I see is many people will hit reply in their email client which
will create an email from them to the author, bypassing the mailing list.
Unless they remember to manually alter the To: field to keep th
Is it the best idea to add a reply-to header to the author on mailing list
emails?
The problem I see is many people will hit reply in their email client which
will create an email from them to the author, bypassing the mailing list.
Unless they remember to manually alter the To: field to keep th
I am still seeing DKIM fails and two DKIM-Signatures.
Is this correct? HavenĀ“t seen this with other mails but I cannot rule out a
config issue on my side. Is someone else observing that?
Yes there will be two DKIM signatures due to the configuration of the mailing
list.
The first DKIM signatur
We'll generate a new 2024 Bit key pair and place the new key in DNS. When we
do that we'll also see to fix the h=sha256 problem. This will take place
within the next 12 hours. Mailman will be restarted in the end and the service
will be unavailable for about 30 seconds. No list mail will be lost.
We'll generate a new 2024 Bit key pair and place the new key in DNS. When we
do that we'll also see to fix the h=sha256 problem. This will take place
within the next 12 hours. Mailman will be restarted in the end and the service
will be unavailable for about 30 seconds. No list mail will be lost.
We'll generate a new 2024 Bit key pair and place the new key in DNS. When we
do that we'll also see to fix the h=sha256 problem. This will take place
within the next 12 hours. Mailman will be restarted in the end and the service
will be unavailable for about 30 seconds. No list mail will be lost.
No solution so far, I think there are 2-3 open bug reports on
github, but since the project is very dead, nobody has bothered to
fix the problem.
So what's the option for a more upto date version of DKIM milter for debian?
And what would be a dmarc replacement or solution for RHEL systems?
__
OpenDMARC is segfaulting. That's what 'signal 11' means. Postfix fails to get
an answer to its end-of-body milter call because of the segfault closing the
other end of that socket. That failure results in Postfix sending a 4xx to the
client.
First step is to verify your installation of OpenDMAR
OpenDMARC is segfaulting. That's what 'signal 11' means. Postfix fails to get
an answer to its end-of-body milter call because of the segfault closing the
other end of that socket. That failure results in Postfix sending a 4xx to the
client.
First step is to verify your installation of OpenDMA
new list server from list.sys4.de[188.68.34.52];
from= to= proto=ESMTP
helo=
Mar 7 13:18:57 host postfix/cleanup[1153970]: 4PWNxY2dFlz4l3gy: info: header From: postfix--- via
Postfix-users from list.sys4.de[188.68.34.52];
from= to= proto=ESMTP
helo=
Mar 7 13:18:57 host opendkim[1883]: 4PWNxY2dF
What date does this take effect and we start receiving list mail from the new
server host?
7th March 2023 (today), 12:35 UTC (approx 5 hours ago).
Oh, silly me. I thought they said a footer would be added when it happened.
Guess I read that wrong.
Looks like no issues and i didn't have to d
What date does this take effect and we start receiving list mail from the new
server host?
So we can keep an eye out to make sure no issues on our side, whitelisting if
needed.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe
73 matches
Mail list logo
