ter-failed-permission-denied.69723/
https://dovecot.org/list/dovecot/2022-January/123745.html
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux
Otherwise, use check_policy_service with custoim policy server
that returns FILTER commands to route the message.
On Mon, Jul 21, 2025 at 02:59:40PM +0200, Matus UHLAR - fantomas via
Postfix-users wrote:
postfwd works as policy filter, so it can do that.
Note that in order to know number
> Otherwise, use check_policy_service with custoim policy server
> that returns FILTER commands to route the message.
On Mon, Jul 21, 2025 at 02:59:40PM +0200, Matus UHLAR - fantomas via
Postfix-users wrote:
postfwd works as policy filter, so it can do that.
Note that in order t
ou must call postfwd from
smtpd_data_restrictions or smtpd_end_of_data_restrictions
Also, using FILTER from smtpd_*_restrictions overrides content_filter
settings and can be only done once, and the last will be executed.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk
could help:
http://www.postfix.org/postconf.5.html#smtpd_milter_maps
other choice - ignoring at milter level was already pointed out by Benny
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu
ostfix.org/lists.html
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warnin
Matus UHLAR - fantomas via Postfix-users:
out customer reported that they started migrating users to 365 services
(yeah, after they started).
[snip]
I tried to use fallback_transport and/or fallback_transport_maps
to ensure all mail with non-existing local users is forwarded to remote
orward non-existing users out,
- without listing all users (eiter local or migrated) anywhere besides local
password file?
Debian 12, postfix 3.7.11
thanks
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
access to DNS?
Even if the DNS server does not respond, how is postfix supposed to know
it's permanent and not a temporary error?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tut
u for the software, let's home we'll have new freatures soon
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek rek
On 14.05.25 10:37, vom513 via Postfix-users wrote:
I see docs on how to rate limit for certain networks / IPs - but can custom
rate limiting be applied to authenticated users ?
postfwd as policy filter can do that
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
ur before - and more importantly, does
anyone have any idea WTF is going on and how to fix it?
are you sure the proper smtpd_tls_cert_file and smtpd_tls_key_file are
configured in postfix configuration?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
>> On 14/5/25 00:08, Matus UHLAR - fantomas via Postfix-users wrote:
>> >
>> > are you sure the proper smtpd_tls_cert_file and smtpd_tls_key_file
>> > are
>> > configured in postfix configuration?
> On Wed, May 14, 2025 at 12:17:29AM +10
> to the server and maybe keep Gmail from marking our outgoing email as
> SPAM.
>/^Received:.*with ESMTPSA/ IGNORE
>/^X-Originating-IP:/IGNORE
>/^X-Mailer:/IGNORE
>/^Mime-Version:/ IGNORE
Matus UHLAR - fantomas via Postfix-users:
These should no
t header field
will cause the signature verification to fail if one is later added. There may
be times when that's desirable.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu c
Dnia 9.05.2025 o godz. 16:18:35 Matus UHLAR - fantomas via Postfix-users pisze:
I use pyspf-milter which is from the same package I believe (python,
there's also perl version policyd-spf) and it only accepts/rejects
e-mail and adds Authentication-Results: header.
On 09.05.25 16:41, Jar
sing the same combination and not seeing frequent
DKIM failures, so it's my setup somehow.
I'm not using smtp proxy and I don't believe I have any content filter set up.
I've tried running opendkim as the only milter (commenting out opendmarc and
spamassassin). There were no chang
Dan has already recommended checking DKIM in SpamAssassin to see if it
helps.
On Fri, 9 May 2025, 09:30 Matus UHLAR - fantomas via Postfix-users, <
postfix-users@postfix.org> wrote:
On 08.05.25 15:06, Ken Biggs via Postfix-users wrote:
> OpenDKIM is failing signature verification on
user=policyd-spf argv=/usr/libexec/postfix/policyd-sp
I currently have opendmarc config RejectFailures set to false due to this
issue. I would like to set it back to true.
is your server behind a content filter?
Don't you use smtp proxy by any chance?
--
Matus UHLAR -
nfiguraton that would control which users may
send mail where.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thoug
enerated:
How does the Postfix logging differ between these cases?
Wietse
No DSN : client->smtp1->smtp2
DSN : client->smtp2
Both smtp's IP is in "mynetworks" in the postfix's configuration
What did I missed ?
Thanks and best regards
#x27;t a fqdn and
so should be rejected due to reject_non_fqdn_helo_hostname.
the IP address in HELO/EHLO string, if enclosed in brackets, is RFC
compliant, therefore not bogus. See RFC 5321 section 2.3.5.
You can disable it locally if you want.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; ht
M +0200, Matus UHLAR - fantomas via
Postfix-users wrote:
canonical_maps apply when postfix receives mail.
Using recipient_canonical_maps on postfix instance that receives mail from
the internet is fine - this way you can check for valid SRS address when
receiving and can immediately refuse that mail.
On 18/04/2025 20:06, Matus UHLAR - fantomas via Postfix-users wrote:
I remember now when I implemented SRS, I configured separate postfix
instance for outgoing mail. This is the postfix issue described in
postsrs docs: canonical maps are processed when mail is being
received.
Yep, I have 2
On 2025-04-18 at 14:06:57 UTC-0400 (Fri, 18 Apr 2025 20:06:57 +0200)
Matus UHLAR - fantomas via Postfix-users
is rumored to have said:
I don't recommend enforcing length shorter than mentioned RFC minimum of 64.
On 18.04.25 14:53, Bill Cole via Postfix-users wrote:
That's easy
query is too big". And there should be 0 reason to accept
rcpts with such *big length like 567 chars just in localpart*...
I don't recommend enforcing length shorter than mentioned RFC minimum of 64.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I
issue.
smtpd_recipient_restrictions =
check_recipient_access
regexp:/etc/postfix/recipient_address_length_restrictions
...
/etc/postfix/recipient_address_length_restrictions
/^.{38,}@/554 5.1.7 Recipient address rejected: Localpart is too long.
38 chars and greater chosen due to SRS need also some space.
ot resolve "localhost" so postfix appended
$mydomain?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random number ge
to handle rewritten recipients)?
On 09.04.25 16:13, Gioele Pannetto via Postfix-users wrote:
> For this use case a post-queue milter is more suitable.
On Wed, Apr 09, 2025 at 04:23:17PM +0200, Matus UHLAR - fantomas via
Postfix-users wrote:
Post-queue filter, not milter. Milter is pre-que
rote:
For this use case a post-queue milter is more suitable.
Post-queue filter, not milter. Milter is pre-queue by definition.
http://www.postfix.org/MILTER_README.html
By the way, are you referring to non_smtpd_milters?
http://www.postfix.org/FILTER_README.html
--
Matus UHLAR - fa
.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends
why?
you can query them in both, but you should be using local caching
non-forwarding DNS server so the same queries are not sent multiple times
when receiving mail.
That way the same query from either won't be repeated.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantom
ok, that means I was wrong with the impression, that this should work
on port 465.
"-starttls smtp" should work on ports 25/587 where plaintext is default.
(587 should require starttle before it allows anything).
on port 465, TLS should be the default and starttls should not make sens
right instance ? (right =
originating instance)
sendmail should use the default instance.
Perhaps you could use "-C config_dir" option to specify config path of
another postfix instance, but I'm not sure it's a good idea.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; ht
dates.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to con
up / change in debian but what's described
there should generally work.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say
via Postfix-users wrote:
Don't do that. Ask them to use clamd. They must not use clamdscan or
clamscan.
Actually, clam*d*scan would to the trick.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovani
You may need to run clamav with special privileges to be able to scan those
files, e.g. when using "amavis" as intermediate between postfix and clamav,
clamd needs to run with "amavis" group as secondary.
The alternative is use "clamdscan --fdpass" which passes th
ctions, because the remote servers
(54.68.193.51,54.149.154.28) are returning temporary rejections.
domain xgnix.com has no A//MX records, so for mail server it does not
exist.
This is not related to soft bounces.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
W
ple.org OK' to sender_access (above rbl blocks, as in my
config) be appropriate action?
yes.
Would rbl_reply_maps be better solution? I tried to understand it and
find some configuration examples but failed.
don't play with rbl_reply_maps unless you really know what you'r
n postconf" should tell you that:
-x Expand $name in main.cf or master.cf parameter values. The ex‐
pansion is recursive.
This feature is available with Postfix 2.10 and later.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warn
e own DNS with QNAME-minimization turned off.
Just FYI, it's better to turn off QNAME minimization on DNS servers used by
MTAs and spam checkers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Var
ppening at all because I have 8 GB of
physical memory for my VPS.
Either 8GB of RAM is not enough or something is using all of it.
"top" command can show you which processes are eating your RAM.
Don't you tmpfs filesystems for temporary data like /tmp?
--
Matus UHLAR - fa
submission port and haven't
configures SSL certificate in it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ..
X
to your servers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for an
y hash did not verify)
header.i=@unimatrix030.de header.s=default header.b=kyrK6Z3o;*
Perhaps I should test whether I let amavis handle the DKIM?
Yeah, this should help.
On systems with both amavis and opendkim I use amavis to dkim-sign.
--
Matus UHLAR - fantomas, uh...@fantomas
hat.
Unless of course you have 3rd party packages, in such case it's up to you or
to source of your packages.
I think the whole point of having RH9 should be to have stable system and
installing 3rd party packages kinda defeats that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.
2024 at 03:29:54PM +0100, Matus UHLAR - fantomas via
Postfix-users wrote:
works with tls1.3, doesn't work otherwise:
On 26.11.24 02:24, Viktor Dukhovni via Postfix-users wrote:
Of course, because TLS 1.3 ignores "-ciphers", it does algorithm
negotiation very differently.
A
etc) or is there some other
arrangement?
proxymap is used when your directives to any ACL as "proxy:" e.g.:
postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
local_recipient_maps = proxy:unix:passwd.byname $alias_maps $virtual_alias_maps
--
Matus UHLAR - fantomas, uh
W dniu 5.12.2024 o 13:17, Matus UHLAR - fantomas via Postfix-users pisze:
This changes nothing, at least nothing useful.
cleanup is running in chroot, so the real path for milter-regex
hould be something like
/var/spool/postfix/var/run/milter/milter-regex.sock
Some milters work with c
leanup
(chroot -> y)
ls -la /var/run/milter/
razem 0
drwxr-xr-x 2 mailregx postfix 60 gru 5 11:19 .
drwxr-xr-x 32 root root 1180 gru 5 11:27 ..
srw-rw-r-- 1 mailregx postfix 0 gru 5 11:19 milter-regex.sock
/var/run/milter/milter-regex.sock seems to exist.
--
Matus UHLA
t picks the "wrong" one it won't be
listening on that IP port.
Check that, then see what's in your mail log.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chce
On Mon, Nov 25, 2024 at 11:52:07AM +0100, Matus UHLAR - fantomas via
Postfix-users wrote:
This is Debian 12, postfix 3.7.11 and SSL 3.0.15.
On 25.11.24 22:26, Viktor Dukhovni via Postfix-users wrote:
Does Debian do anything similar to RedHat's crypto policy?
Nothing I know of.
On 2024-11-22 at 13:24:33 UTC-0500 (Fri, 22 Nov 2024 19:24:33 +0100)
Matus UHLAR - fantomas via Postfix-users
is rumored to have said:
Now I'm searching for the proper smtpd_tls_exclude_ciphers setting
to get at least some, possibly most secure ciphers of those provided
in my first
On 2024-11-22 at 07:09:06 UTC-0500 (Fri, 22 Nov 2024 13:09:06 +0100)
Matus UHLAR - fantomas via Postfix-users
is rumored to have said:
IIUC, as CBC ciphers are unsafe,
On 22.11.24 13:01, Bill Cole via Postfix-users wrote:
What is your basis for understanding that, in regards to SMTP
rom quarantine on request.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen di
ciphers are unsafe, it would make most sense to allow RC4 on
specialised submission service on different TCP port.
Is my observatiom correct?
Are there any other options that might need tuning?
Thanks.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT
d if it's different, then reject. I thought
about doing something at the milter level in postfix. Or maybe you
know some other solution?
How is it supposed to work?
If @domain.ltd in return-path and from: is dfferend then Reject
"non allowed"
W dniu 20.11.2024 o 12:53, Matus
hich supports this in reject mode.
https://github.com/croessner/vrfydmn
or other from the same author that does the same:
https://gitlab.roessner-net.de/croessner/verifyemail/
they don't support individual domains though.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
already in your queue, not
incoming mail.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your com
:
message when saving mail to mailbox.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be r
address
is the virtual user the virtual alias maps to.
Is this intended behavior? The rewrite happens between these two stages?
afaik the milter happens at SMTP time, thus no rewriting is done at this
stage.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
cks = regexp:{ {/^X-Spam(-Flag)?:[[:blank:]]*YES/ REJECT} }
Just my 0.02€
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much
ectrictions
as specified in main.cf.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the people y
t_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
- if not, what did y
ons?
I assume works but only when smtpd_delay_reject is enabled (default)
otherwise the recipient is not known at time smtpd_sender_restrictions are
processed.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this ad
smtpd
...
-o smtpd_recipient_restrictions=$mua_recipient_restrictions
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
if MTA does not support
authentication.
Are there different reasons to use dovecot for MSA?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu post
_restrictions are often
overridden in master.cf for "submission" and "smtps (submissions)" services
2. If the sender is in your $mynetworks, the
"check_sender_access btree:$meta_directory/restricted_senders"
is skipped because the first rule "permit_mynetworks"
Matus UHLAR - fantomas via Postfix-users:
When processing logs I have noticed that some queue IDs get reported by
smtpd when DATA phase starts, but when connection is lost, those IDs aren't
reported as lost.
Example:
Sep 2 16:51:11 mail postfix/smtps/smtpd[3697]: connect from
a.b.t-c
ueue id?
...I guess this is kind of problematic AV software on client's side, but I
noticed more such cases
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akuk
ss. Should not happen anymore.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy h
addresses not in
local_recipient_maps
- but mail recipient enumeration is still possible.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
ote:
Thanks, I'm not currently running a DNS resolver on the server, but if the
unresponsive PTR record issue persists I'll look into Unbound or maybe
Dnsmasq.
dnsmasq is forwarding resolver and as such a bad idea for a mail server.
...maybe unless you want to avoid all levels of
stfix.org/postconf.5.html#smtpd_error_sleep_time
Note that this is ineffective against distributed attacks.
Well, perhaps fail2ban can match networks like /24
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varova
opped.
This can be done by using DISCARD in access map.
Note that I don't consider it goog idea.
I guess guys already explained the rest.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na t
I add addresses to trusted ones regarding ignoring dmarc
and dkim, it works correctly
I assume that when sending such e-mails with someone from the outside,
i.e. an external domain, the effect will be the same, but I have no
way to check when two domains have dmarc with p=reject
Yes, I k
an error for
DKIM Because DKIM also signs the subject and it is changed by sieve
what error exactly happens here? Does the remote server refuse your e-mail
from your smtp server?
W dniu 11.09.2024 o 11:34, Matus UHLAR - fantomas via Postfix-users pisze:
how and when do you DKIM-SIGN yourt
Or is it such a stupid idea that it is worth abandoning?
There are options for modifying incoming mail but that should only be done
after it's checked for spamminess.
I know cases where only the external mail is modified.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas
27;s clearly the milter that told postfix to tempfail
the mail, you need to search in your milter configuration (port 11332, I
guess rspamd)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adre
elaying.
You can then configure separate rules on those ports.
However, the rest is up to rspamd configuration
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolv
ould pass, apparently neither passes.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a d
tches_subdomains contains "smtpd_access_maps".
I recommend you not putting it there and if you need it, use ".example.com"
instead.
http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.
format which you may not want:
https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I&#
#x27;d say there's still a
risk of leakage there.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christia
f.
But I still believe anonymising Received: headers is safer than removing
them.
Perhaps milter-regex could be able to anonymize them.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto ad
nt instance for incoming mail (or has more services in
master.cf)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, th
tions
you apparently have reject_unknown_client_hostname which checks FCRDNS.
you can use reject_unknown_reverse_client_hostname instead, which only
checks for reverse DNS.
I personally check both.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
Matus UHLAR - fantomas via Postfix-users skrev den 2024-08-05 11:57:
So, even setting DMARC policy to "quarantine" or "reject" would not
cause problems.
On 05.08.24 12:14, Benny Pedersen via Postfix-users wrote:
i want to belive when ... if all dmarc policy is allowed wha
On Jul 31, 2024, at 1:19 AM, Matus UHLAR - fantomas via Postfix-users
wrote:
FYI Mailman 2 claims to rewrite From: header to fullfill DMARC requirements only when DMARC policy
is "quarantine" or "reject"
On 01.08.24 12:12, Robert L Mathews via Postfix-use
AAA.AAA
3.
.AAA
or
AAA
4.
AA.AA@
...with REJECT or 5xx result
.AAA or AAA depends on your setting of parent_domain_matches_subdomains
(I don't know your default)
Note that "sender" means the envelope from address.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://ww
ents
only when DMARC policy is "quarantine" or "reject"
- rejecting mail failing DMARC can be safe even with mailing lists which
usually appear to break DKIM.
https://wiki.list.org/DOC/Mailman 2.1 List Administrators
Manual#Additional_settings
--
Matus UHLAR - fant
Dnia 30.07.2024 o godz. 12:38:15 Matus UHLAR - fantomas via Postfix-users pisze:
>I filter messages only based on RBLs, manual blocklists and content
>filtering (SA + many custom rules). And as for the latter, the messages are
>sent to spam folder, never rejected. Rejections are base
sed only on first two.
Funny, since multiple people in the past recommended rejecting on
spamminess, not on the results of single DNSBL listing.
Of course, that's your policy.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adverti
calls this for every postfix instance
and count lines:
postmulti -x postqueue -j|wc -l
most of the time it's enough, but if you use different instances for
incoming/outgoing mail, it may make sense to monitor them separately.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fan
net],
this postfix won't lookup MX records for foo.com, but send messages to
mail.example.net unconditionally.
I hope I understand that correctly. :)
yes.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this add
, so usually /etc/postfix has
files writable by root/admin, readable by postfix and everything writable by
postfix should be in /var/lib/postfix.
Logs in /var/log/ should be written by syslog daemon, postfix should not be
able to modify them.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
, so it
detects changes in logfiles immediately and not retroactively as you
stated. So at the moment when Postfix logs connection from
"fluffy.cuddly.port.raping.internet-measurement.com" ;), fail2ban can
block it. It's all the matter of writing proper rules for fail2ban.
--
Matus UH
have to do that with 20.04LTS
within a year, unless you pay ubuntu for extended LTS.
However, if you wan tanother provider, you can choose any other system that
has 3.9 available.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
g these headers.
However, together with comment above, it should be safe if you don't
oversign them - I don't expect List-* header to appears in any mail sent to
the list, and their appearance can indicate error.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
1 - 100 of 1077 matches
Mail list logo
