>> part of my problem is i miss playing `sendmail -bt` adventure to see
>> what the mta is gonna do and why. e.g. from an exim system
>
> You can use "sendmail -bv", which isn't quite the same of course, ...
very different. aside from actually sending the message, one has to
dissect the log to
On Sat, Nov 23, 2024 at 11:11:11AM -0800, Randy Bush via Postfix-users wrote:
> >> did the trick, along with a specific transport
> >>
> >> s...@m0.rg.net local:/var/mail/spam
> >
> > You've still not quite internalised my explanation of local(8) nexthops.
> > There's no good reason
>>> I don't think that using local(8) as a content filter is a good idea,
>>> perhaps you meant to instead use "REDIRECT" or "HOLD".
>>
>> /^X-Spam.*YES/ REDIRECT s...@m0.rg.net
>>
>> did the trick, along with a specific transport
>>
>> s...@m0.rg.net local:/var/mail/spam
>
>
On Fri, Nov 22, 2024 at 05:54:31AM -0800, Randy Bush via Postfix-users wrote:
> > I don't think that using local(8) as a content filter is a good idea,
> > perhaps you meant to instead use "REDIRECT" or "HOLD".
>
> /^X-Spam.*YES/ REDIRECT s...@m0.rg.net
>
> did the trick, along with a speci
# cat /etc/postfix/milter_header_checks
/^X-Spam.*YES/ FILTER local:/var/mail/spam
- man 5 transport
- man 8 local
fwiw, i have read those a number of times. one drowns in detail, and as
i am new here, i need structure as much as, or maybe before, detail.
I don't think tha
thanks
>> # cat /etc/postfix/milter_header_checks
>> /^X-Spam.*YES/ FILTER local:/var/mail/spam
> - man 5 transport
> - man 8 local
fwiw, i have read those a number of times. one drowns in detail, and as
i am new here, i need structure as much as, or maybe before, detail.
> I
On Thu, Nov 21, 2024 at 01:09:35PM -0800, Randy Bush wrote:
> # cat /etc/postfix/milter_header_checks
> /^X-Spam.*YES/ FILTER local:/var/mail/spam
- man 5 transport
- man 8 local
> leaves nothing in /var/mail/spam. as rspamd reports a lot of X-Spam
> headers added, i presume t
> Thinking at a complete tangent, have you tried the PostScreen
> pre-filter (built in to Postfix)?
thanks for the suggestion. i have now tried it. seems to stop the
garbage earlier, e.g. dnsbl rejection, but not much more effectively.
still getting 5+/hr through to my procmail. ghu knows for
On 08/11/2024 16:44, Randy Bush via Postfix-users wrote:
> fairly new at trying a scaled postfix install, so i assume it is my lack
> of clue. trying to use milter_header_checks to reject all marked spam
> on debian 12 running `mail_version = 3.7.11`
>
> milter_header_checks = regexp:/etc/po
On 09-11-2024 19:08, Randy Bush via Postfix-users wrote:
I don't know aboud rspamd, but SpamAssassin may produce headers like:
X-Spam-Status: No, score=-1.9 required=3.5 tests=BAYES_00,DKIM_SIGNED,
which would positively match the OP's regexp:
/^X-Spam.*YES/
i do not believe rspamd produces suc
Robert L Mathews via Postfix-users wrote:
>> pcre is not in the debian postfix package :(
> It's available, but in a separate package named "postfix-pcre" that
> you can install:
> https://packages.debian.org/bookworm/postfix-pcre
w00t! thank you.
randy
On Nov 9, 2024, at 10:08 AM, Randy Bush via Postfix-users
wrote:
> pcre is not in the debian postfix package :(
It's available, but in a separate package named "postfix-pcre" that you can
install:
https://packages.debian.org/bookworm/postfix-pcre
--
Robert L Mathews
__
> If you also emply header checks
i don't. i checked because of the repeated "This feature is not
supported with smtp header/body checks."
> header_checks = regexp:{ {/^X-Spam(-Flag)?:[[:blank:]]*YES/ REJECT} }
> mime_header_checks =
> nested_header_checks =
will try. thanks.
rand
> I don't know aboud rspamd, but SpamAssassin may produce headers like:
> X-Spam-Status: No, score=-1.9 required=3.5 tests=BAYES_00,DKIM_SIGNED,
> which would positively match the OP's regexp:
> /^X-Spam.*YES/
i do not believe rspamd produces such. as always, i could be wrong.
>># I generall
On Fri, Nov 08, 2024 at 10:25:27PM -0800, Randy Bush via Postfix-users wrote:
well, i have seen two `^X-Spam` markings
X-Spam: Yes
X-Spam-Flag: YES
which is why my regexp was `/^X-Spam.*YES/`. i believe, but do not
know, that the first is the mark of rspamd. no idea about the other.
On Fri, Nov 08, 2024 at 10:25:27PM -0800, Randy Bush via Postfix-users wrote:
> >> Fairly new at trying a scaled postfix install, so I assume it is my
> >> lack of clue. Trying to use milter_header_checks to reject all marked
> >> spam on debian 12 running `mail_version = 3.7.11`
> >>
> >> mi
>> Fairly new at trying a scaled postfix install, so I assume it is my
>> lack of clue. Trying to use milter_header_checks to reject all marked
>> spam on debian 12 running `mail_version = 3.7.11`
>>
>> milter_header_checks = regexp:/etc/postfix/milter_header_checks
>
> Was it definitely the
On Fri, Nov 08, 2024 at 08:44:16AM -0800, Randy Bush via Postfix-users wrote:
> Fairly new at trying a scaled postfix install, so I assume it is my
> lack of clue. Trying to use milter_header_checks to reject all marked
> spam on debian 12 running `mail_version = 3.7.11`
>
> milter_header_ch
>> removed the `i` and they are still getting through.
>
> milter_header_checks cannot see all headers, not even all headers
> added by a milter. They only see headers that are added by a milter
> that is connected to the cleanup process that implements
> milter_header_checks.
>
> If you add the
Randy Bush via Postfix-users:
> >> fairly new at trying a scaled postfix install, so i assume it is my lack
> >> of clue. trying to use milter_header_checks to reject all marked spam
> >> on debian 12 running `mail_version = 3.7.11`
> >>
> >> milter_header_checks = regexp:/etc/postfix/milter_
>> fairly new at trying a scaled postfix install, so i assume it is my lack
>> of clue. trying to use milter_header_checks to reject all marked spam
>> on debian 12 running `mail_version = 3.7.11`
>>
>> milter_header_checks = regexp:/etc/postfix/milter_header_checks
>>
>> with
>>
>> # ca
>> /^X-Spam.*YES/i REJECT
> Please review https://www.postfix.org/regexp_table.5.html#table_format
> and do pay attention to the 'i' option.
doh. thank you!
randy
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an em
Randy Bush via Postfix-users:
> fairly new at trying a scaled postfix install, so i assume it is my lack
> of clue. trying to use milter_header_checks to reject all marked spam
> on debian 12 running `mail_version = 3.7.11`
>
> milter_header_checks = regexp:/etc/postfix/milter_header_checks
>
Aleksandr Stankevic:
> Hi,
>
> I understand that there's always a limit - this is expected.
> But the unexpected part was that the limit is very different on same-ish
> functions.
> I think making the limit the same for both scenarios would be best - if
> either 60 or 200 ( more preferred :P ).
D
Hi,
I understand that there's always a limit - this is expected.
But the unexpected part was that the limit is very different on same-ish
functions.
I think making the limit the same for both scenarios would be best - if
either 60 or 200 ( more preferred :P ).
For now I'll take care of my case by
Aleksandr Stankevic via Postfix-users:
> Hi,
>
> I've got a milter that, as part of the job, adds an X-Test-Tracking header
> with a 76 char length string.
> Then, in postfix, i've got a milter_header_checks which uses WARN to log
> this to logs, like:
> /^X-Test-Tracking/ WARN
> I've noticed that
Hello,
sorry to revive old thread, but I came to another case where proposed change
would be beneficial.
Jesper Dybdal:
Thanks. As far as I can see, I need to add
proxy:regexp:/etc/postfix/regexp_milter_header_checks
to proxy_read_maps. But proxy_read_maps has a long default value - is
On 2022-04-14 16:58, Matus UHLAR - fantomas wrote:
OTOH, rejecting DMARC failures with policy reject should be not a
problem, since there's just a few of them.
since many maillist take ownerships its not a problem at all :)
but its more a fail if opendkim reject, i will let it up to the reade
On 2022-03-19 17:49, Matus UHLAR - fantomas wrote:
this should be fixable by using proxymap, better than disabling chroot
http://www.postfix.org/proxymap.8.html
On 20.03.22 17:29, Jesper Dybdal wrote:
Thanks. As far as I can see, I need to add
proxy:regexp:/etc/postfix/regexp_milter_header
On 22/03/2022 16:40, Benny Pedersen wrote:
OpenDMARC's internal SPF handling will be removed
in a future version.
Modern versions of openDMARC can and should be built with dependency on
libspf2, so would never use the very old internal spf code, and instead
use libspf2 'under
On 2022-03-22 12:45, Matus UHLAR - fantomas wrote:
NOTE: OpenDMARC's internal SPF handling will be removed
in a future version.
and although I don't recall the exact details, I seem to remember
there was a security exploit that could be prevented by
getting OpenDMARC to always
However, opendmarc milter requires those Authentication-Results
headers for SPF and DKIM to be already present. so you need
spf/dkim milter(s) before opendmarc.
On 19/03/22 01:46, Jesper Dybdal wrote:
I use Amavis to generate and verify DKIM signatures, and
policyd-spf-python to perform SPF
On 19/03/22 01:46, Jesper Dybdal wrote:
However, opendmarc milter requires those Authentication-Results
headers for SPF and DKIM to be already present. so you need spf/dkim
milter(s) before opendmarc.
I use Amavis to generate and verify DKIM signatures, and
policyd-spf-python to perform SPF ch
Jesper Dybdal:
> On 2022-03-19 17:49, Matus UHLAR - fantomas wrote:
> > this should be fixable by using proxymap, better than disabling chroot
> > http://www.postfix.org/proxymap.8.html
> Thanks. As far as I can see, I need to add
> proxy:regexp:/etc/postfix/regexp_milter_header_checks
> to pr
On 2022-03-19 17:49, Matus UHLAR - fantomas wrote:
this should be fixable by using proxymap, better than disabling chroot
http://www.postfix.org/proxymap.8.html
Thanks. As far as I can see, I need to add
proxy:regexp:/etc/postfix/regexp_milter_header_checks
to proxy_read_maps. But proxy_rea
Wietse Venema:
> Viktor Dukhovni:
> > > On 19 Mar 2022, at 5:31 pm, Wietse Venema wrote:
> > >
> > > The cleanup server initializes Milters lazily, because they are not
> > > always needed. In some cases an smtpd process decides if Miltering
> > > is needed (based on the smtpd_milters setting), a
Viktor Dukhovni:
> > On 19 Mar 2022, at 5:31 pm, Wietse Venema wrote:
> >
> > The cleanup server initializes Milters lazily, because they are not
> > always needed. In some cases an smtpd process decides if Miltering
> > is needed (based on the smtpd_milters setting), and in some cases
> > the cl
> On 19 Mar 2022, at 5:31 pm, Wietse Venema wrote:
>
> The cleanup server initializes Milters lazily, because they are not
> always needed. In some cases an smtpd process decides if Miltering
> is needed (based on the smtpd_milters setting), and in some cases
> the cleanup server makes that decis
Viktor Dukhovni:
> > On 19 Mar 2022, at 12:49 pm, Matus UHLAR - fantomas
> > wrote:
> >
> > This should be fixable by using proxymap, better than disabling chroot
> > http://www.postfix.org/proxymap.8.html
>
> Postfix typically opens all tables before chroot.
> Not clear whether initialisation
> On 19 Mar 2022, at 12:49 pm, Matus UHLAR - fantomas wrote:
>
> This should be fixable by using proxymap, better than disabling chroot
> http://www.postfix.org/proxymap.8.html
Postfix typically opens all tables before chroot.
Not clear whether initialisation of milter_header_checks
after chroot
On 2022-03-18 12:35, I wrote:
I run postfix 3.4.14 (Debian Buster) with Amavisd-new as a
pre-queue filter.
...
Mar 18 11:42:53 nuser postfix/cleanup[8931]: warning: unsupported
dictionary type: pcre (/usr/lib/postfix/postfix-pcre.so: No such
file or directory)
Mar 18 11:42:53 nuser postfix/cl
On 2022-03-18 12:35, I wrote:
I run postfix 3.4.14 (Debian Buster) with Amavisd-new as a pre-queue
filter.
...
Mar 18 11:42:53 nuser postfix/cleanup[8931]: warning: unsupported
dictionary type: pcre (/usr/lib/postfix/postfix-pcre.so: No such file
or directory)
Mar 18 11:42:53 nuser postfix/cl
On 18.03.22 12:35, Jesper Dybdal wrote:
I run postfix 3.4.14 (Debian Buster) with Amavisd-new as a
pre-queue filter.
I would now like to add DMARC validation, done by the opendmarc
milter in the after-Amavis smtpd instance.
This basically works: opendmarc inserts an
"Authentication-Results
Just an FYI re: an alternative:
https://github.com/fastmail/authentication_milter
It's freely available AND used in commercial production by the Fastmail crew.
I switched to it a while ago, from a similar setup.
I use it in its smtpd mode -- and does a good/reliable job of providing an
integ
On 2022-03-18 13:07, Matus UHLAR - fantomas wrote:
On 18.03.22 12:35, Jesper Dybdal wrote:
I run postfix 3.4.14 (Debian Buster) with Amavisd-new as a pre-queue
filter.
I would now like to add DMARC validation, done by the opendmarc
milter in the after-Amavis smtpd instance.
This basical
On 18.03.22 12:35, Jesper Dybdal wrote:
I run postfix 3.4.14 (Debian Buster) with Amavisd-new as a pre-queue
filter.
I would now like to add DMARC validation, done by the opendmarc milter
in the after-Amavis smtpd instance.
This basically works: opendmarc inserts an "Authentication-Results"
On 5/12/2019 7:04 PM, joao reis wrote:
Hi,
The header is detected but it doesn't seems to forward the message
to the filter:
May 12 20:40:01 submitter1 postfix-y31/cleanup[32460]: 1B29DD5F7E66:
milter-header-filter: header X-Spam: Yes from
host.xyz.org[000.000.000.201]; from=
to= proto=ESM
Am 12.08.2014 um 16:04 schrieb Matthias Schneider:
> I found a solution, turning off chroot for cleanup in master.cf
>
> cleanup unix n - n - 0 cleanup
>
> this should be added to the documention:
> http://www.postfix.org/postconf.5.html#milter_header_checks
no
On Tue, Aug 12, 2014 at 04:04:46PM +0200, Matthias Schneider wrote:
> I found a solution, turning off chroot for cleanup in master.cf
>
> cleanup unix n - n - 0 cleanup
>
> this should be added to the documention:
> http://www.postfix.org/postconf.5.html#milter_h
I found a solution, turning off chroot for cleanup in master.cf
cleanup unix n - n - 0 cleanup
this should be added to the documention:
http://www.postfix.org/postconf.5.html#milter_header_checks
i searched the code what returns the error, hope this will help.
if you have any suggestions or experimantal code changes i'll compile
and test them
with my addheader milter.
Best regards
Matthias Schneider
cleanup_milter.c:
381 static int cleanup_milter_header_checks(CLEANUP_STATE *state,
please note that pcre is working fine with normal "header_checks", the
problem is just with milter_header_checks :
# postconf -m
btree
cidr
environ
fail
hash
internal
memcache
nis
pcre
proxy
regexp
sdbm
socketmap
sqlite
static
tcp
texthash
unix
what does "postconf -m" list - most likely not pc
Am 12.08.2014 um 13:59 schrieb Matthias Schneider:
> i am trying to use this feature in postfix 2.11:
> http://www.postfix.org/postconf.5.html#milter_header_checks
>
> I have created a milter which adds a Header: "X-Body: bla" and i'd like to
> filter mails, unfortunately the cleanup
> process d
The Doctor wrote:
On Mon, Jul 06, 2009 at 12:32:53AM -0400, Sahil Tandon wrote:
On Sun, 05 Jul 2009, The Doctor wrote:
Where is the postfix 2.7-20090607 can this be found?
milter_header_checks was introduced in snapshot 20090606, and revised in
20090607. To download Postfix releases (snapsho
On Mon, Jul 06, 2009 at 12:32:53AM -0400, Sahil Tandon wrote:
> On Sun, 05 Jul 2009, The Doctor wrote:
>
> > Where is the postfix 2.7-20090607 can this be found?
>
> milter_header_checks was introduced in snapshot 20090606, and revised in
> 20090607. To download Postfix releases (snapshot, exper
On Sun, 05 Jul 2009, The Doctor wrote:
> Where is the postfix 2.7-20090607 can this be found?
milter_header_checks was introduced in snapshot 20090606, and revised in
20090607. To download Postfix releases (snapshot, experimental, or
non-production), go to one of the mirrors:
http://www.postfix.
56 matches
Mail list logo
