Re: smtpd_client_restrictions = sleep 1

2014-10-04 Thread li...@rhsoft.net
Am 04.10.2014 um 16:04 schrieb li...@rhsoft.net: can this setting to slow down spambots make it through postscreen server made conditional to sleep 0 like as example "smtp_connect_timeout"? smtpd_client_restrictions = sleep 1 smtp_connect_timeout = ${stress?15}${stress:45}s nevermind, works l

Re: smtpd_client_restrictions

2014-02-13 Thread Roman Gelfand
Ah... excellent. Thanks On Thu, Feb 13, 2014 at 12:12 PM, Noel Jones wrote: > On 2/13/2014 11:03 AM, Roman Gelfand wrote: >> I am using this parameter to send message to be filtered by dspam. >> However, I want local email to bypass dspam and go directly to mail >> box server over lmtp. >> >> I

Re: smtpd_client_restrictions

2014-02-13 Thread Noel Jones
On 2/13/2014 11:03 AM, Roman Gelfand wrote: > I am using this parameter to send message to be filtered by dspam. > However, I want local email to bypass dspam and go directly to mail > box server over lmtp. > > I am not sure why the pcre code below doesn't work for local email. > > > > /^192\.1

Re: smtpd_client_restrictions

2014-02-13 Thread li...@rhsoft.net
Am 13.02.2014 18:03, schrieb Roman Gelfand: > I am using this parameter to send message to be filtered by dspam. > However, I want local email to bypass dspam and go directly to mail > box server over lmtp. > > I am not sure why the pcre code below doesn't work for local email. > > /^192\.168\.0

Re: smtpd_client_restrictions = reject_unauth_pipelining weirdness

2013-07-28 Thread Jeffrey 'jf' Lim
On Mon, Jul 29, 2013 at 4:51 AM, Wietse Venema wrote: > Jeffrey 'jf' Lim: >> > Allow me to repeat my reply above: >> > >> > Current reject_unauth_pipelining implementations [...] don't reject >> > clients that talk before Postfix greets them. >> > >> > To reject clients that talk before Postfix gr

Re: smtpd_client_restrictions = reject_unauth_pipelining weirdness

2013-07-28 Thread Wietse Venema
Jeffrey 'jf' Lim: > > Allow me to repeat my reply above: > > > > Current reject_unauth_pipelining implementations [...] don't reject > > clients that talk before Postfix greets them. > > > > To reject clients that talk before Postfix greets them, use > > Postscreen's pregreet detection feature. > >

Re: smtpd_client_restrictions = reject_unauth_pipelining weirdness

2013-07-28 Thread Jeffrey 'jf' Lim
On Mon, Jul 29, 2013 at 4:13 AM, Wietse Venema wrote: > Jeffrey 'jf' Lim: >> On Mon, Jul 29, 2013 at 3:56 AM, Wietse Venema wrote: >> > Jeffrey 'jf' Lim: >> >> Am I misunderstanding something here, that setting >> >> 'smtpd_client_restrictions = reject_unauth_pipelining' should reject a >> >> cli

Re: smtpd_client_restrictions = reject_unauth_pipelining weirdness

2013-07-28 Thread Wietse Venema
Jeffrey 'jf' Lim: > On Mon, Jul 29, 2013 at 3:56 AM, Wietse Venema wrote: > > Jeffrey 'jf' Lim: > >> Am I misunderstanding something here, that setting > >> 'smtpd_client_restrictions = reject_unauth_pipelining' should reject a > >> client that sends the EHLO, or HELO before the smtp banner? > >>

Re: smtpd_client_restrictions = reject_unauth_pipelining weirdness

2013-07-28 Thread Jeffrey 'jf' Lim
On Mon, Jul 29, 2013 at 3:56 AM, Wietse Venema wrote: > Jeffrey 'jf' Lim: >> Am I misunderstanding something here, that setting >> 'smtpd_client_restrictions = reject_unauth_pipelining' should reject a >> client that sends the EHLO, or HELO before the smtp banner? >> (http://www.postfix.org/postco

Re: smtpd_client_restrictions = reject_unauth_pipelining weirdness

2013-07-28 Thread Wietse Venema
Jeffrey 'jf' Lim: > Am I misunderstanding something here, that setting > 'smtpd_client_restrictions = reject_unauth_pipelining' should reject a > client that sends the EHLO, or HELO before the smtp banner? > (http://www.postfix.org/postconf.5.html#reject_unauth_pipelining: > 'Reject the request whe

Re: smtpd_client_restrictions

2009-12-14 Thread Noel Jones
On 12/14/2009 1:17 AM, vtzan wrote: Hello noel, thanks for you response but it didn't worked! Please don't top post. If a suggestion didn't do what you expect, you'll need to show evidence including "postconf -n" output and logging demonstrating the unwanted behavior, and what you expected

Re: smtpd_client_restrictions

2009-12-14 Thread vtzan
Stan Hoeppner wrote: vtzan put forth on 12/14/2009 1:17 AM: Hello noel, thanks for you response but it didn't worked! First, did you reload postfix after editing main.cf? If not, the change won't take effect until you reload of restart postfix. And, how do you know it didn't work?

Re: smtpd_client_restrictions

2009-12-13 Thread Stan Hoeppner
vtzan put forth on 12/14/2009 1:17 AM: > Hello noel, > > thanks for you response but it didn't worked! First, did you reload postfix after editing main.cf? If not, the change won't take effect until you reload of restart postfix. And, how do you know it didn't work? Is he still sending spam?

Re: smtpd_client_restrictions

2009-12-13 Thread vtzan
Hello noel, thanks for you response but it didn't worked! thanks Bill Noel Jones wrote: On 12/11/2009 7:02 AM, Stan Hoeppner wrote: vtzan put forth on 12/11/2009 5:46 AM: thanks for your fast reply. But that was my PLAN B ;-) any idea for PLAN A? thanks alot Bill Hay Bill, First off, pl

Re: smtpd_client_restrictions

2009-12-13 Thread vtzan
Stan Hoeppner wrote: vtzan put forth on 12/11/2009 5:46 AM: thanks for your fast reply. But that was my PLAN B ;-) any idea for PLAN A? thanks alot Bill Hay Bill, First off, please keep all replies on the postfix-users list. 2nd, send your 'postconf -n' output and the relevant cont

Re: smtpd_client_restrictions

2009-12-11 Thread mouss
Stan Hoeppner a écrit : > vtzan put forth on 12/11/2009 5:26 AM: >> Hello all, >> >> I need to reject smtp connection from certain ip inside my network >> (SPAMMER). > > If this is the case, it may be more effective and expedient to drop > _all_ his traffic inbound to your Postfix host. > > iptab

Re: smtpd_client_restrictions

2009-12-11 Thread Noel Jones
On 12/11/2009 7:02 AM, Stan Hoeppner wrote: vtzan put forth on 12/11/2009 5:46 AM: thanks for your fast reply. But that was my PLAN B ;-) any idea for PLAN A? thanks alot Bill Hay Bill, First off, please keep all replies on the postfix-users list. 2nd, send your 'postconf -n' output and th

Re: smtpd_client_restrictions

2009-12-11 Thread Stan Hoeppner
vtzan put forth on 12/11/2009 5:46 AM: > thanks for your fast reply. But that was my PLAN B ;-) > any idea for PLAN A? > > thanks alot > Bill Hay Bill, First off, please keep all replies on the postfix-users list. 2nd, send your 'postconf -n' output and the relevant contents of /etc/postfix/ac

Re: smtpd_client_restrictions

2009-12-11 Thread Eero Volotinen
Quoting Stan Hoeppner : vtzan put forth on 12/11/2009 5:26 AM: Hello all, I need to reject smtp connection from certain ip inside my network (SPAMMER). If this is the case, it may be more effective and expedient to drop _all_ his traffic inbound to your Postfix host. iptables -I INPUT -s xx

Re: smtpd_client_restrictions

2009-12-11 Thread Stan Hoeppner
vtzan put forth on 12/11/2009 5:26 AM: > Hello all, > > I need to reject smtp connection from certain ip inside my network > (SPAMMER). If this is the case, it may be more effective and expedient to drop _all_ his traffic inbound to your Postfix host. iptables -I INPUT -s xxx.xxx.xxx.xxx -j DROP

Re: smtpd_client_restrictions: "permit_mynetworks" additionally necessary!?

2009-06-08 Thread meyer-jordan
Hi Noel! Thank you for your further answer! (You are right with the demand of sending configs to end guessing, of course!) Because of your persitently drawing I was encouraged to look for other reasons than the obvious ones. And I found my mistake, after all. Thank you! I used to set smtpd_sas

Re: smtpd_client_restrictions: "permit_mynetworks" additionally necessary!?

2009-06-07 Thread Noel Jones
meyer-jor...@t-online.de wrote: Hi Noel! Your error report is inconsistent with how postfix works, which usually means the actual configuration isn't what you think it is. Please post "postconf -n" output, master.cf contents, and log entries from the non-working system. It's best if you po

Re: smtpd_client_restrictions: "permit_mynetworks" additionally necessary!?

2009-06-07 Thread meyer-jordan
Hi Noel! > Your error report is inconsistent with how postfix works, > which usually means the actual configuration isn't what you > think it is. > > Please post "postconf -n" output, master.cf contents, and log > entries from the non-working system. It's best if you post > unaltered entries

Re: smtpd_client_restrictions: "permit_mynetworks" additionally necessary!?

2009-06-03 Thread Noel Jones
meyer-jor...@t-online.de wrote: Hi there! Can someone give me a hint: I've two postfix servers which both have two NICs, one with an official IP to the internet, and one with a private IP to the internal LAN. I want to permit SMTP from the outside via submission port with SMTP Auth. It runs l

Re: smtpd_client_restrictions is EMPTY, beside setting in main.cf

2009-01-20 Thread mouss
Thomas Ackermann a écrit : > Brian Evans - Postfix List schrieb: >> 'Postconf -d' means "show me the DEFAULTS not what is current". >> > > Uh.. > > I already feared a realy stupid mistake on my side :) > > I used it in this sense, so far - but assumed that this default will be > overwritten (

Re: smtpd_client_restrictions is EMPTY, beside setting in main.cf

2009-01-20 Thread Pascal Volk
On 20.01.2009 16:07 Thomas Ackermann wrote: > ... > r...@localhost:/etc/postfix,$ postconf -d smtpd_client_restrictions > smtpd_client_restrictions = man postconf: -d Print default parameter settings instead of actual settings. use `postconf smtpd_client_restrictions` to see your current

Re: smtpd_client_restrictions is EMPTY, beside setting in main.cf

2009-01-20 Thread Thomas Ackermann
Brian Evans - Postfix List schrieb: 'Postconf -d' means "show me the DEFAULTS not what is current". Uh.. I already feared a realy stupid mistake on my side :) I used it in this sense, so far - but assumed that this default will be overwritten (and displayed) when actually set in main.cf S

Re: smtpd_client_restrictions is EMPTY, beside setting in main.cf

2009-01-20 Thread Thomas Ackermann
Ralf Hildebrandt schrieb: postconf -n shows main.cf settings, not master.cf settings Why not use: postconf -e "smtpd_client_restrictions=reject_invalid_hostname" But as far as i understand, this just sets the variable in main.cf - and there, it is already included! To show this: r...@l

Re: smtpd_client_restrictions is EMPTY, beside setting in main.cf

2009-01-20 Thread Brian Evans - Postfix List
Thomas Ackermann wrote: > Hello, > i seem to be unable to set the "smtpd_client_restrictions" Variable! > > In master.cf, there is an option for smtps that sets this to > "permit_sasl_authenticated,reject". > In main.cf, i try to set this to "reject_invalid_hostname". > > In "postconf -n" the varia

Re: smtpd_client_restrictions is EMPTY, beside setting in main.cf

2009-01-20 Thread Ralf Hildebrandt
* Thomas Ackermann : > Hello, > i seem to be unable to set the "smtpd_client_restrictions" Variable! > > In master.cf, there is an option for smtps that sets this to > "permit_sasl_authenticated,reject". > In main.cf, i try to set this to "reject_invalid_hostname". > > In "postconf -n" the variab

Re: smtpd_client_restrictions break connection immediately after connect

2008-10-16 Thread Bill Cole
ram wrote: On one of my servers I have put in main.cf smtpd_client_restrictions = permit_mynetworks,reject Because I want only my internal servers to use this machine as a relay. This works as expected , but when connections come from outside mynetworks the Error comes only after "RCPT TO:"

Re: smtpd_client_restrictions break connection immediately after connect

2008-10-14 Thread Victor Duchovni
On Tue, Oct 14, 2008 at 07:43:07PM +0400, Nikita Kipriyanov wrote: > Victor Duchovni ??: > >Consider setting a null-mx record for the system's > >host name: > > > > ahost.example.com IN MX 0 . > > > > > As I understand things, it simply forces a 'fallback to A record', like >

Re: smtpd_client_restrictions break connection immediately after connect

2008-10-14 Thread Nikita Kipriyanov
Victor Duchovni пишет: Consider setting a null-mx record for the system's host name: ahost.example.com IN MX 0 . As I understand things, it simply forces a 'fallback to A record', like when there is no MX records... Can you please explain, why this is needed?

Re: smtpd_client_restrictions break connection immediately after connect

2008-10-14 Thread Victor Duchovni
On Tue, Oct 14, 2008 at 12:13:39PM +0400, Nikita Kipriyanov wrote: > Yes, you can. See http://www.postfix.org/postconf.5.html#smtpd_delay_reject > It is on by default, so postfix delays reject until RCPT TO; if you turn > off that parameter, it will reject immediatly. But, not all mail > software

Re: smtpd_client_restrictions break connection immediately after connect

2008-10-14 Thread Nikita Kipriyanov
http://www.postfix.org/postconf.5.html#smtpd_delay_reject more to say, even better is to block external connections with firewall

Re: smtpd_client_restrictions break connection immediately after connect

2008-10-14 Thread Nikita Kipriyanov
ram пишет: On one of my servers I have put in main.cf smtpd_client_restrictions = permit_mynetworks,reject Because I want only my internal servers to use this machine as a relay. This works as expected , but when connections come from outside mynetworks the Error comes only after "RCPT TO:"

Re: smtpd_client_restrictions - order doesn't matter?

2008-10-07 Thread LÉVAI Dániel
On Tuesday 07 October 2008 16.14.37 Victor Duchovni wrote: > On Tue, Oct 07, 2008 at 03:13:20PM +0200, L?VAI D?niel wrote: > > postfix/smtpd[23810]: warning: 78.131.56.68: hostname > > 78-131-56-68.static.hdsnet.hu verification failed: no address > > associated with name > > postfix/smtpd[23810]: c

Re: smtpd_client_restrictions - order doesn't matter?

2008-10-07 Thread Victor Duchovni
On Tue, Oct 07, 2008 at 03:13:20PM +0200, L?VAI D?niel wrote: > postfix/smtpd[23810]: warning: 78.131.56.68: hostname > 78-131-56-68.static.hdsnet.hu verification failed: no address associated > with name > postfix/smtpd[23810]: connect from unknown[78.131.56.68] > postfix/smtpd[23810]: NOQUEUE:

Re: smtpd_client_restrictions - order doesn't matter?

2008-10-07 Thread LÉVAI Dániel
mouss wrote: LÉVAI Dániel wrote: Hi! I'm using postfix-2.5.4. I have this in my main.cf: smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access, permit_sasl_authenticated, reject_unknown_client_hostname It seems that the reject_unknown_client_hostname is applied alwa

Re: smtpd_client_restrictions - order doesn't matter?

2008-10-07 Thread mouss
LÉVAI Dániel wrote: Hi! I'm using postfix-2.5.4. I have this in my main.cf: smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access, permit_sasl_authenticated, reject_unknown_client_hostname It seems that the reject_unknown_client_hostname is applied always before the