hermione submission_haproxy/smtpd[21485]: disconnect from
>>>> router.rna.nl[192.168.2.2] commands=0/0
>>>
>>> Yep, turn off smtpd_forbid_unauth_pipelining and try again..
>>>
>>> Wietse
>>
>> Actually, changing the health check on submissio
_unauth_pipelining and try again..
> >
> > Wietse
>
> Actually, changing the health check on submission to
>
> "PROXY TCP4 192.168.2.2 192.168.2.2 65535 587\r\n"
>
> (without the added "QUIT\r\n") did the trick as well. It might
> have be
68.2.2 65535 587\r\n"
(without the added "QUIT\r\n") did the trick as well. It might have been that
in a previous situation HAproxy would 'never' finish the health check, I don't
recall why I added "QUIT\r\n". Maybe it is needed for postscreen or dovecot an
Viktor Dukhovni via Postfix-users:
> On Fri, May 31, 2024 at 02:01:50PM +0200, Gerben Wierda via Postfix-users
> wrote:
>
> > It sends: "PROXY TCP4 192.168.2.2 192.168.2.2 65535 587\r\nQUIT\r\n"
> > It expects a response that matches regex ^220
>
> Don't send "QUIT\r\n", just send the PROXY hand
Gerben Wierda via Postfix-users:
>
> > On 31 May 2024, at 13:20, pat...@patpro.net wrote:
> >
> > Hello,
> >
> > Any sign of postfix 3.9 blacklisting HAproxy because of SMTP
> > errors/abuse/half-baked connections?
>
> Not blacklisting as I understand it, but as HAproxy makes a connection to
On Fri, May 31, 2024 at 02:01:50PM +0200, Gerben Wierda via Postfix-users wrote:
> It sends: "PROXY TCP4 192.168.2.2 192.168.2.2 65535 587\r\nQUIT\r\n"
> It expects a response that matches regex ^220
Don't send "QUIT\r\n", just send the PROXY handshake and wait for 220,
and then drop the connecti
On Fri, May 31, 2024 at 01:06:20PM +0200, Gerben Wierda via Postfix-users wrote:
> Hmm, I just noticed (all outgoing smtp was going to a backup server
> that works) that one of my postfix instances cannot send mail (smtp
> doesn't work, postscreen and smtpd work fine).
What *exactl
o:
On the postfix 3.9 instance
May 26 05:39:29 hermione smtp_haproxy/postscreen[21786]: CONNECT from
[192.168.2.2]:65535 to [192.168.2.2]:25
May 26 05:39:29 hermione smtp_haproxy/postscreen[21786]: ALLOWLISTED
[192.168.2.2]:65535
May 26 05:39:29 hermione smtp/smtpd[21788]: connect from
router.rna.n
Gerben Wierda via Postfix-users:
> Hmm, I just noticed (all outgoing smtp was going to a backup server that
> works) that one of my postfix instances cannot send mail (smtp doesn't work,
> postscreen and smtpd work fine).
>
> # submission (587)
> submission
annot send mail (smtp doesn't work,
postscreen and smtpd work fine).
# submission (587)
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o syslog_name=submission
Hmm, I just noticed (all outgoing smtp was going to a backup server that works)
that one of my postfix instances cannot send mail (smtp doesn't work,
postscreen and smtpd work fine).
# submission (587)
submission inet n - n - - smtpd
-o smtpd_tls_security_
On 2024-03-17 at 05:55:43 UTC-0400 (Sun, 17 Mar 2024 10:55:43 +0100)
Matus UHLAR - fantomas via Postfix-users
is rumored to have said:
On 15.03.24 15:06, Noel Jones via Postfix-users wrote:
Postscreen by design only looks at the IP, and has no mechanism to
consider other envelope data.
The
On 15.03.24 15:06, Noel Jones via Postfix-users wrote:
Postscreen by design only looks at the IP, and has no mechanism to
consider other envelope data.
The solution is to not use a DNSBL that routinely blocks wanted mail
in postscreen.
Or, set postscreen_dnsbl_threshold high enough so it
hich requires a skip if the sender IP is blacklisted in
postscreen. With separation between postscreen and smtpd, postscreen
rejects the connection before handing off to smtpd so
smtpd_recipient_restrictions isn't triggered.
Is there an appropriate workaround that allows postscreen to repor
On 3/15/2024 3:06 PM, Noel Jones via Postfix-users wrote:
> You can move those checks into smtpd restrictions where there can be
an allowed sender list proceeding the DNSBL checks.
Downside to this approach is no weighting.
> Postscreen by design only looks at the IP, and has no mechan
On 3/15/2024 1:11 PM, Matt Saladna via Postfix-users wrote:
Hello,
I'm seeking a workaround for Microsoft's litany of IPs landing on
DNSBL. They'd like all mail irrespective of DNSBL status to be
delivered, which requires a skip if the sender IP is blacklisted in
postscreen.
Hello,
I'm seeking a workaround for Microsoft's litany of IPs landing on DNSBL.
They'd like all mail irrespective of DNSBL status to be delivered, which
requires a skip if the sender IP is blacklisted in postscreen. With
separation between postscreen and smtpd, postscr
Christophe Kalt via Postfix-users wrote in
:
|no crash over the past day, so something must indeed be off with the
|packages, disappointing, oh well. On the bright side, I no longer depend on
|these getting updated.
There were often problems with the -s they use. Especially before
they starte
no crash over the past day, so something must indeed be off with the
packages, disappointing, oh well. On the bright side, I no longer depend on
these getting updated.
Thanks Wietse & Viktor.
On Sun, Feb 4, 2024 at 10:21 PM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:
>
On Sun, Feb 04, 2024 at 08:12:56PM -0500, Christophe Kalt via Postfix-users
wrote:
> These are the alpine packages themselves, but I'm not familiar with how
> they're built so I can't rule out a bad build. It's also possible that I
> didn't let the 3.8.3 version run long enough for it to crash as
cktrace, as well as ldd
> > output for the executable, and list of mapped objects from the core
> > file.
>
> Scratch that, TLS (and so use of the OpenSSL library) is handled by
> tlsproxy(8) not postscreen(8).
>
> --
> Viktor.
> __
pendencies.
> For further info we'd need a coredump and backtrace, as well as ldd
> output for the executable, and list of mapped objects from the core
> file.
Scratch that, TLS (and so use of the OpenSSL library) is handled by
tlsproxy(8) not postscreen(8).
--
Viktor.
__
On Sun, Feb 04, 2024 at 01:37:18PM -0500, Christophe Kalt via Postfix-users
wrote:
> /usr/libexec/postfix/postscreen pid 93 killed by signal 11
>
> These connections are from an SMTP probe that goes EHLO STARTTLS EHLO QUIT
>
> I've not run postscreen previously, so I cann
Christophe Kalt via Postfix-users:
> Hi,
>
> I'm seeing regular postscreen segfaults on a test server with minimal
> traffic. The patterns I noticed from the logs is that it seems to happen
> when the server gets 2 ~simultaneous connections from the same host:
>
> 2024-
Hi,
I'm seeing regular postscreen segfaults on a test server with minimal
traffic. The patterns I noticed from the logs is that it seems to happen
when the server gets 2 ~simultaneous connections from the same host:
2024-02-04T14:33:31.876390 info postfix starting the Postfix mail system
20
duluxoz via Postfix-users:
> Hi All,
>
> When using `postscreen_upstream_proxy_protocol = haproxy` is there
> anything "special" that needs to be specified to ensure the use of v2 of
> the haproxy protocol, or does postfix automatically detect which version
> of the haproxy protocol is in use?
Hi All,
When using `postscreen_upstream_proxy_protocol = haproxy` is there
anything "special" that needs to be specified to ensure the use of v2 of
the haproxy protocol, or does postfix automatically detect which version
of the haproxy protocol is in use? The doco isn't clear (to me, anyway).
On 2023-11-02 at 04:49:37 UTC-0400 (Thu, 02 Nov 2023 10:49:37 +0200)
Ivan Ionut via Postfix-users
is rumored to have said:
Hi, it's possible that postscreen does not block the email when
postscreen_dnsbl_threshold is reached but to pass that email to
spamassassin(with a score and
* Matus UHLAR - fantomas via Postfix-users :
> > And thus the solution is: Don't use the dnsbl in postscreen, but ONLY
> > in spamassassin/rspamd instead.
>
> No problem, you can safely use postscreen with multiple DNSBLs and DNSWLs.
> - just don't rely on single
On 02.11.23 10:49, Ivan Ionut via Postfix-users wrote:
> Hi, it's possible that postscreen does not block the email when
> postscreen_dnsbl_threshold is reached but to pass that email to
> spamassassin(with a score and a tag).
* Matus UHLAR - fantomas via Postfix-users :
Posts
* Matus UHLAR - fantomas via Postfix-users :
> On 02.11.23 10:49, Ivan Ionut via Postfix-users wrote:
> > Hi, it's possible that postscreen does not block the email when
> > postscreen_dnsbl_threshold is reached but to pass that email to
> > spamassassin(with a score a
On 02.11.23 10:49, Ivan Ionut via Postfix-users wrote:
Hi, it's possible that postscreen does not block the email when
postscreen_dnsbl_threshold is reached but to pass that email to
spamassassin(with a score and a tag).
Postscreen does not tag. It passes or blocks the mail.
--
Matus
Hi, it's possible that postscreen does not block the email when
postscreen_dnsbl_threshold is reached but to pass that email to
spamassassin(with a score and a tag).
--
Ivan Ionuț
Str. Mircea cel Bătrân nr 1, Galati 800023
Tel/Fax: +40236 493277
Email: ivan.io...@tehnopol-gl.ro
Wednesday, November 1, 2023, 4:38:13 AM, Michael W. Lucas via Postfix-users
wrote:
> On Tue, Oct 31, 2023 at 12:56:23PM -0400, Wietse Venema via Postfix-users
> wrote:
>> Michael W. Lucas via Postfix-users:
>> > Hi,
>> >
>> > Is there a way to dump
Dnia 31.10.2023 o godz. 14:10:40 Wietse Venema via Postfix-users pisze:
>
> Or copy the file with a dumb program, and use postmnap to dump that
> copy. Caution: the file contains holes and may grow when copied,
> as holes are filled in with nulls.
When GNU cp is used with --sparse=auto parameter,
it on
> > /var/db/postfix/postscreen_cache.db it just hangs:
>
> That's expected. The "postmap -s" command takes a read lock, the
> "postscreen" service holds a write lock. For snapshot reads, you
> need LMDB not Berkeley DB.
>
> Otherwise, you can r
hangs:
That's expected. The "postmap -s" command takes a read lock, the
"postscreen" service holds a write lock. For snapshot reads, you
need LMDB not Berkeley DB.
Otherwise, you can read the database after stopping "postscreen".
--
Viktor.
On Tue, Oct 31, 2023 at 12:56:23PM -0400, Wietse Venema via Postfix-users wrote:
> Michael W. Lucas via Postfix-users:
> > Hi,
> >
> > Is there a way to dump the postscreen database, showing which
> > addresses are cached and why?
> >
> > Running postfix 3
Michael W. Lucas via Postfix-users:
> Hi,
>
> Is there a way to dump the postscreen database, showing which
> addresses are cached and why?
>
> Running postfix 3.8 on FreeBSD.
postmap -s
The database contains tuples with (client IP address, list of
timestamps). Each timest
On 31.10.23 12:26, Michael W. Lucas via Postfix-users wrote:
Is there a way to dump the postscreen database, showing which
addresses are cached and why?
I guess postmap -s could do that.
http://www.postfix.org/postmap.1.html
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
Hi,
Is there a way to dump the postscreen database, showing which
addresses are cached and why?
Running postfix 3.8 on FreeBSD.
Thanks,
==ml
--
Michael W. Lucashttps://mwl.io/
author of: Absolute OpenBSD, SSH Mastery, git commit murder,
Absolute FreeBSD, Butterfly Stomp Waltz
Matus UHLAR - fantomas via Postfix-users:
> I see this was changed in 20120222
> Cleanup: when multiple DNSBLs block an SMTP client, the
> postscreen "reject" message now gives credit to the DNSBL
> with the largest weight, instead of
into other strings, e.g.
On 16.10.23 10:25, Wietse Venema via Postfix-users wrote:
Are you sure that postscreen will use a whitelist name as the reason
for blocking?
On 16.10.23 17:39, Matus UHLAR - fantomas via Postfix-users wrote:
This happened to me a few years ago, so unless this was changed
UHLAR - fantomas via Postfix-users:
> >> Note that this can even result into logging DNSWL as reason for blocking,
> >> if
> >> e.g. IP hits one DNSWL but multiple DNSBLs. You can use
> >> postscreen_dnsbl_reply_map to map the list into other strings, e.g.
n_dnsbl_reply_map to map the list into other strings, e.g.
On 16.10.23 10:25, Wietse Venema via Postfix-users wrote:
Are you sure that postscreen will use a whitelist name as the reason
for blocking?
This happened to me a few years ago, so unless this was changed in later
postfix versions,
-spam one):
> >
> >blocked using dnsbl-2.uceprotect.net
> >blocked using spam.dnsbl.anonmails.de
> >
> >So only two of them, not four. And I want to know if there is a way to
> >log more information about the threshold for each rejected email(maybe
Viktor Dukhovni via Postfix-users:
> On Mon, Oct 16, 2023 at 10:33:34AM +0300, Ivan Ionut via Postfix-users wrote:
>
> > Hi, I'm using postscreen dnsbl configuration to block some spam:
> >
> > postscreen_blacklist_action = drop
> > postscreen_dnsbl_thresh
On Mon, Oct 16, 2023 at 10:33:34AM +0300, Ivan Ionut via Postfix-users wrote:
> Hi, I'm using postscreen dnsbl configuration to block some spam:
>
> postscreen_blacklist_action = drop
> postscreen_dnsbl_threshold = 4
> postscreen_dnsbl_action = enforce
>
Ivan Ionut via Postfix-users skrev den 2023-10-16 09:33:
And in my logs I have this example of blocked email(a non-spam one):
blocked using dnsbl-2.uceprotect.net
blocked using spam.dnsbl.anonmails.de
if this 2 dnsbl lists ips in dnswl.org then its time to remove in
postscreen
Hi, I'm using postscreen dnsbl configuration to block some spam:
postscreen_blacklist_action = drop
postscreen_dnsbl_threshold = 4
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites =
zen.spamhaus.org
b.barracudacentral.org
bl.spameatingmonkey.net
bl.spamco
On 5/10/23 02:40, Peter via Postfix-users wrote:
On 8/05/23 00:27, Wietse Venema via Postfix-users wrote:
After multiple such connnections, postscreen could theoretically
decide that the client is unlikely to ever connect to the primary
MX, but by then the client will likely already have given
On 8/05/23 00:27, Wietse Venema via Postfix-users wrote:
After multiple such connnections, postscreen could theoretically
decide that the client is unlikely to ever connect to the primary
MX, but by then the client will likely already have given up, and
postscreen has done no harm.
Postscreen
;
> > >
> > > this gives an empty set...
> >
> > In that case I need the COMPLETE postscreen logging for
> > such connections, NOT just the 450 response.
> >
> >
> Here it is:
>
> May 07 01:59:28 mail postfix/postscreen[7389]: CONNECT from
; > >
> > I think I have figured it out. I have the "MX Policy test" set up (you
> can
> > see it in the configs) based on the POSTSCREEN_README.
> > As far as I can see, the IPs which connect to the secondary MX will get
> 450
> > from Posts
t;>
> >> (postconf -n; postconf -P) | grep soft_bounce
> >>
> >
> > this gives an empty set...
> >
> >
> I think I have figured it out. I have the "MX Policy test" set up (you can
> see it in the configs) based on the POSTSCREEN_README.
> As far as
On Sun, 7 May 2023 at 13:59, Wietse Venema via Postfix-users <
postfix-users@postfix.org> wrote:
> > > Look at output from:
> > >
> > > (postconf -n; postconf -P) | grep soft_bounce
> > >
> >
> > this gives an empty set...
>
> In
ostfix-users wrote:
I think I have figured it out. I have the "MX Policy test" set up (you can
see it in the configs) based on the POSTSCREEN_README.
As far as I can see, the IPs which connect to the secondary MX will get 450
from Postscreen.
The only question is why it sends back 450
Mihaly Zachar:
> On Sun, 7 May 2023 at 03:05, Wietse Venema via Postfix-users <
> postfix-users@postfix.org> wrote:
>
> >
> > Look at output from:
> >
> > (postconf -n; postconf -P) | grep soft_bounce
> >
>
> this gives an empty set...
In t
gives an empty set...
>
>
I think I have figured it out. I have the "MX Policy test" set up (you can
see it in the configs) based on the POSTSCREEN_README.
As far as I can see, the IPs which connect to the secondary MX will get 450
from Postscreen.
The only question is why it sen
On Sun, 7 May 2023 at 03:05, Wietse Venema via Postfix-users <
postfix-users@postfix.org> wrote:
>
> Look at output from:
>
> (postconf -n; postconf -P) | grep soft_bounce
>
this gives an empty set...
___
Postfix-users mailing list -- postfix-users@post
Wietse Venema via Postfix-users:
> Mihaly Zachar via Postfix-users:
> > Hi All,
> >
> > Here is my postscreen section of my config:
> >
> > # POSTSCREEN
> > postscreen_access_list = permit_mynetworks,
> > cidr:/etc/postfix/postscreen_access.
Mihaly Zachar via Postfix-users:
> Hi All,
>
> Here is my postscreen section of my config:
>
> # POSTSCREEN
> postscreen_access_list = permit_mynetworks,
> cidr:/etc/postfix/postscreen_access.cidr
> postscreen_denylist_action = enforce
>
Hi All,
Here is my postscreen section of my config:
# POSTSCREEN
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_denylist_action = enforce
postscreen_greet_wait = 10s
postscreen_allowlist_interfaces = !x.x.x.x static:all
postscreen_greet_action
Alex via Postfix-users:
> Hi,
>
> I have postscreen implemented on postfix-3.7.3 on fedora37, and not sure I
> understand if it's working properly. Sometimes I see the postscreen/dnsblog
> combination ending with a simple DISCONNECT. In this case, it met the
> 8-point t
Hi,
I have postscreen implemented on postfix-3.7.3 on fedora37, and not sure I
understand if it's working properly. Sometimes I see the postscreen/dnsblog
combination ending with a simple DISCONNECT. In this case, it met the
8-point threshold to be rejected, but appears to only recei
Hello
For this parameter of postscreen:
postscreen_dnsbl_allowlist_threshold
The docs says:
1. Specify a negative value to enable this feature.
2. This feature is available in Postfix 3.6 and later.
Available as postscreen_dnsbl_whitelist_threshold in Postfix 2.11 - 3.5.
So my questions are
Saturday, April 29, 2023, 5:40:19 PM, Ken Peng via Postfix-users wrote:
> Hello
> When I enabled postscreen, why even gmail's sender IP was greylisted?
> The log says:
> Apr 29 15:35:35 mxin postfix/postscreen[59408]: NOQUEUE: reject: RCPT from
> [209.85.160.53]:5021
protocol test, everything
goes fine.
So what's the correct way to deal with postscreen protocol tests?
Do not enable any of the Postscreen "After 220" tests. They are not
worth their cost in delays.
This was discussed earlier in this thread...
I mean the
ay to deal with postscreen protocol tests?
The correct way is to read the documentation before enabling the deep protocol
tests, especially concerning the limitation that postscreen cannot hand off the
live connection to the postfix server process.
I mean the following
ith gmail and the like, they never use the same IP address twice, and the
connection is stopped every time.
A "proper" grey-list ap looks at three pieces of data:- hostname, source and
destination addresses - Postscreen ONLY
looks at the IP address, and is easily fooled by multiple mai
Nope. I found that if I enabled protocol test, every provider including
gmail/orange/vodafone sending messages to me will get response code 450. After
I disabled those protocol test, everything goes fine.
So what's the correct way to deal with postscreen protocol tests?
I mean the foll
On Sat, 29 Apr 2023, Ken Peng via Postfix-users wrote:
Hello
When I enabled postscreen, why even gmail's sender IP was greylisted?
Did you expect or configure to deal with gmail differently?
The log says:
Apr 29 15:35:35 mxin postfix/postscreen[59408]: NOQUEUE: reject: RCPT
Hello
When I enabled postscreen, why even gmail's sender IP was greylisted?
The log says:
Apr 29 15:35:35 mxin postfix/postscreen[59408]: NOQUEUE: reject: RCPT from
[209.85.160.53]:50219: 450 4.3.2 Service currently unavailable;
from=, to=, proto=ESMTP,
helo=
And this is my configur
The postscreen feature for RBL checks allows us to use scoring!
My configuration is based on this one here:
https://gitlab.com/noumenia/aetolos/-/blob/master/modules/el8/postfix/maincf.tpl
Take a look at lines 100 to 132.
For example:
postscreen_dnsbl_action = enforce (reject email with
Saturday, April 29, 2023, 10:15:41 AM, Ken Peng via Postfix-users wrote:
> Sorry i have a question to postscreen.
> I saw many people use postscreen for RBL checks.
> But postfix itself have the RBL checks already:
> smtpd_recipient_restrictions =
>...
>
April 28, 2023 at 1:02 AM, "Phil Stracchino via Postfix-users"
wrote:
>
> On 4/27/23 04:47, Ralph Seichter via Postfix-users wrote:
>
> >
> > * Ken Peng via Postfix-users:
> > Using rspamd instead of postscreen?
> > I'm not quite sure what
On 4/27/23 04:47, Ralph Seichter via Postfix-users wrote:
* Ken Peng via Postfix-users:
Using rspamd instead of postscreen?
I'm not quite sure what you mean by that.
If you suggest relying on rspamd only, and forgo postscreen, I have to
disagree. In my experience, postscreen has p
On 26.04.23 19:40, Ken Peng via Postfix-users wrote:
Using rspamd instead of postscreen?
no, using spamassassin or rspamd in addition to postscreen.
postscreen is great for eliminating bots, which is something other spam
filters only hardly detect.
It's also can machines listed in mul
* Ken Peng via Postfix-users:
> Using rspamd instead of postscreen?
I'm not quite sure what you mean by that.
If you suggest relying on rspamd only, and forgo postscreen, I have to
disagree. In my experience, postscreen has proven highly useful in spam
prevention, in particular wh
On Wed, 26 Apr 2023 at 18:47, Wietse Venema via Postfix-users <
postfix-users@postfix.org> wrote:
> Don't do it unless you aree willing to suffer some pain. The mere
> fast that a button exists does not impy that everyone must use it.
>
>
Dear Wietse,
Could you please give me some examples where
Using rspamd instead of postscreen?
>
> Dear All,
>
> I am building a new server where I would like to build the best spam filter
> possible :)
> I am checking postscreen these days. I am planning to turn on the "deep
> tests" as well, but it seems to be really
On 2023-04-26 at 11:56:01 UTC-0400 (Wed, 26 Apr 2023 17:56:01 +0200)
Mihaly Zachar via Postfix-users
is rumored to have said:
Dear All,
I am building a new server where I would like to build the best spam
filter
possible :)
I am checking postscreen these days. I am planning to turn on the
Mihaly Zachar via Postfix-users:
> Dear All,
>
> I am building a new server where I would like to build the best spam filter
> possible :)
> I am checking postscreen these days. I am planning to turn on the "deep
> tests" as well, but it seems to be really scary to m
Dear All,
I am building a new server where I would like to build the best spam filter
possible :)
I am checking postscreen these days. I am planning to turn on the "deep
tests" as well, but it seems to be really scary to me :)
In the doc they say that I can have 2 IPs and set up a se
ave said:
>>> I have just finished building a new server for a friend and, after
>>> installing
>>> the postfix FreeBSD package and restoring his main.cf, I see no
>>> postscreen logs
>>> at all.
>>>
>>> I have updated his FreeBSD to
gt; installing
>> the postfix FreeBSD package and restoring his main.cf, I see no
>> postscreen logs
>> at all.
>>
>> I have updated his FreeBSD to 13.1-RELEASE-P6 and the postfix-sasl pkg
>> version installed is 3.7.4,1, which is the latest and the same a
On 2023-03-18 at 01:28:42 UTC-0400 (Sat, 18 Mar 2023 16:28:42 +1100)
Phil Biggs via Postfix-users
is rumored to have said:
I have just finished building a new server for a friend and, after
installing
the postfix FreeBSD package and restoring his main.cf, I see no
postscreen logs
at all.
I
I have just finished building a new server for a friend and, after installing
the postfix FreeBSD package and restoring his main.cf, I see no postscreen logs
at all.
I have updated his FreeBSD to 13.1-RELEASE-P6 and the postfix-sasl pkg
version installed is 3.7.4,1, which is the latest and
On Sun, Nov 13, 2022 at 10:49:46AM -0500, PGNet Dev wrote:
> in postfix logs i see lots of these sort of entries
>
> postfix/postscreen[46378]: PREGREET 182 after 0 from [137.220.233.97]:33196:
> \026\245\001\000\261\310\000\000\255\003\003'_\260T\362\266\255\001\370\255\037\003
in postfix logs i see lots of these sort of entries
postfix/postscreen[46378]: PREGREET 182 after 0 from
[137.220.233.97]:33196:
\026\245\001\000\261\310\000\000\255\003\003'_\260T\362\266\255\001\370\255\037\003\000\334+\213\364
the backslashed/numeric strings vary from messa
On 15/08/22 23:42, Wietse Venema wrote:
When a postscreen_dnsbl_sites pattern matches one or more DNSBL
query results, postscreen(8) adds that pattern's weight once
to the remote SMTP client's DNSBL score.
That is extremely clear and concise, I like it.
Peter
27;s
> > scoring code outside of postscreen. I have written a half-dozen
> > tests to ensure that future changes in hat code will not introduce
> > changes (i.e. mistakes).
>
> Thanks Wietse I appreciate you looking into that and the clarification
> helps a lot for me to
On 12/08/22 08:41, Wietse Venema wrote:
After some delay, I have verified that postscreen_dnsbl_sites works
as promised: it adds up the scores from all matching patterns.
This verification required some infrastructure to test postscreen's
scoring code outside of postscreen. I have writ
After some delay, I have verified that postscreen_dnsbl_sites works
as promised: it adds up the scores from all matching patterns.
This verification required some infrastructure to test postscreen's
scoring code outside of postscreen. I have written a half-dozen
tests to ensure that f
On 8/9/22 16:02, Dino Edwards wrote:
>
>> It's absolutely not forwarding. It's resolving recursively. I'm using
> unbound with pfsense and I'm suspecting there is something wrong with it.
>> When I point to MS DNS server or 9.9.9.9, it's resolving correctly.
>
> The issue has been resolved. Just
>It's absolutely not forwarding. It's resolving recursively. I'm using
unbound with pfsense and I'm suspecting there is something wrong with it.
>When I point to MS DNS server or 9.9.9.9, it's resolving correctly.
The issue has been resolved. Just in case someone finds the solution useful,
pfse
>In any case, the OP may well be using a local resolver, but they didn't say
whether it's resolving recursively or forwarding (e.g. to 8.8.8.8), and I'd
bet it's the latter.
It's absolutely not forwarding. It's resolving recursively. I'm using
unbound with pfsense and I'm suspecting there is som
On Tue, 9 Aug 2022, Bill Cole wrote:
On 2022-08-09 at 12:50:22 UTC-0400 (Tue, 9 Aug 2022 12:50:22 -0400)
Dino Edwards
is rumored to have said:
Let's do some concreate tests.
1) What is the output from:
dig +short 2.0.0.127.zen.spamhaus.org
Output is nothing
Your DNS resolver is brok
Dino Edwards:
>
>
> >Let's do some concreate tests.
>
> >1) What is the output from:
>
> > dig +short 2.0.0.127.zen.spamhaus.org
>
> Output is nothing
There should be a list of responses, as pointed out by Bill Cole
(or an error response if you are using a provider's resolver).
Wiet
;
> Output is nothing
Expected and correct
[...]
>> 4) How do you know that postscreen does DNS lookups? Hint: look for
> > dnsblog processes. By default these process terminate after being
>>idle for 100s.
>
> There are dnsblog entries, sadly they only seem to be ti
1 - 100 of 1680 matches
Mail list logo
