Re: Can postscreen whitelist?

postscreen hands off a 'good client' to a Postfix SMTP server process *before* the remote SMTP client sends any commands. It cannot make that decision after receiving the recipient. Wietse

Re: Can postscreen whitelist?

On Mon, 2019-04-15 at 10:21 -0600, Shawn Heisey wrote: > On 4/15/2019 10:02 AM, Jim P. wrote: > > Sure. You want postscreen_access_list, which defaults to permit_mynetworks. > > Just add it to your config with a lookup table like so: > > > > postscreen_access_list = permit_mynetworks, > > hash:/

Re: Can postscreen whitelist?

On Mon, Apr 15, 2019 at 09:43:03AM -0600, Shawn Heisey wrote: > So now we come to my question: Can I whitelist a recipient so email to > that user will always pass postscreen? I tried to find an answer with > google and came up empty. No, this is not possible. Postscreen does does not and ca

Re: Can postscreen whitelist?

On 4/15/2019 10:02 AM, Jim P. wrote: Sure. You want postscreen_access_list, which defaults to permit_mynetworks. Just add it to your config with a lookup table like so: postscreen_access_list = permit_mynetworks, hash:/etc/postfix/postscreen_access_list ~# cat /etc/postfix/postscreen_access_l

Re: Can postscreen whitelist?

On Mon, 2019-04-15 at 09:43 -0600, Shawn Heisey wrote: > Something I did pretty recently on the various restrictions in main.cf > was add a spam_lovers access file that allows me to whitelist certain > recipients so that messages to them will bypass all the filtering. > > I did this because I've

Can postscreen whitelist?

Something I did pretty recently on the various restrictions in main.cf was add a spam_lovers access file that allows me to whitelist certain recipients so that messages to them will bypass all the filtering. I did this because I've had people tell me about situations where they did not receive

Re: Postscreen: whitelist domain

li...@mbchandler.net: > Most of the time, this is not a problem. This IP for example is a > spammer and I want them to be limited. But I have a legitimate server > that needs to send a lot of email at once. Can I bypass this limit by > adding the sender's IP to postscreen_access.cidr? I've alrea

Re: Postscreen: whitelist domain

Noel Jones: > On 11/10/2017 10:33 AM, li...@mbchandler.net wrote: > > I have postscreen setup according to the how-to. I use the following > > configuration for the access list. As I understand it, I can only > > add IP addresses or ranges to this list. Is it possible to whitelist > > the domain na

Re: Postscreen: whitelist domain

Thanks, I thought that might be the case. The problem I'm trying to solve is these messages in the log file: postfix/postscreen[2938]: NOQUEUE: reject: CONNECT from [91.238.9.63]:38101: too many connections I think this must be from the limit I set up with smtpd_client_connection_count_limit

Re: Postscreen: whitelist domain

On 11/10/2017 10:33 AM, li...@mbchandler.net wrote: > I have postscreen setup according to the how-to. I use the following > configuration for the access list. As I understand it, I can only > add IP addresses or ranges to this list. Is it possible to whitelist > the domain name in the from address

Re: Postscreen: whitelist domain

On 10.11.17 10:33, li...@mbchandler.net wrote: I have postscreen setup according to the how-to. I use the following configuration for the access list. As I understand it, I can only add IP addresses or ranges to this list. Is it possible to whitelist the domain name in the from address? no. p

Postscreen: whitelist domain

I have postscreen setup according to the how-to. I use the following configuration for the access list. As I understand it, I can only add IP addresses or ranges to this list. Is it possible to whitelist the domain name in the from address? postscreen_access_list = permit_mynetworks,

Re: Clear postscreen whitelist cache

> On 20 Jul 2017, at 15:53, Scott Techlist wrote: > > Is it possible to inspect or clear postscreen's whitelist cache? Don't see anything in the post screen man page that would indicate that. You can remove it. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: Clear postscreen whitelist cache

Scott Techlist: > Is it possible to inspect or clear postscreen's whitelist cache? This is not supported. You may read garbage, you may corrupt the file. If you're worried about what is in there, just delete the file and do "postfix reload". It's just a performance cache. Wietse

Clear postscreen whitelist cache

Is it possible to inspect or clear postscreen's whitelist cache?

Re: postscreen whitelist

On 1 Jun 2016, at 9:29, @lbutlr wrote: On May 31, 2016, at 8:30 PM, Steve Jenkins wrote: A quick way to do this is to download postwhite and add web.com to the list of queried hosts. All their known (published) IPs and CIDRs wlll be added to your Postscreen whitelist. Post white looks

Re: postscreen whitelist

> On May 31, 2016, at 7:24 PM, Michael Orlitzky wrote: > > With that in mind, you're putting way too much faith in dnsbl.sorbs.net > and hostkarma.junkemailfilter.com. For a reference point, I have the > same threshold as you (3) but score them each one point. Thanks Michael. I've backed off on

Re: postscreen whitelist

On Wed, Jun 1, 2016 at 6:29 AM, @lbutlr wrote: > On May 31, 2016, at 8:30 PM, Steve Jenkins wrote: > > A quick way to do this is to download postwhite and add web.com to the > list of queried hosts. All their known (published) IPs and CIDRs wlll be > added to your Postscreen whit

Re: postscreen whitelist

On May 31, 2016, at 8:30 PM, Steve Jenkins wrote: > A quick way to do this is to download postwhite and add web.com to the list > of queried hosts. All their known (published) IPs and CIDRs wlll be added to > your Postscreen whitelist. Post white looks interesting, but what is we

Re: postscreen whitelist

A quick way to do this is to download postwhite and add web.com to the list of queried hosts. All their known (published) IPs and CIDRs wlll be added to your Postscreen whitelist. https://github.com/stevejenkins/postwhite SteveJ

Re: postscreen whitelist

On 05/31/2016 08:16 PM, Terry Barnum wrote: > > Since web.com probably has a fleet of mail servers, do I need to find and > enter all their IPs into my postscreen_access.cidr? Is there an easier way? > That's generally what you have to do. Postscreen is meant to catch the most obvious offenders

postscreen whitelist

I have a subcontractor who uses web.com as his email provider. Some of their outgoing servers are listed on sorbs.net and postscreen (correctly) rejects this emails but I would like to be able to receive his email. May 31 15:16:40 mail postfix/postscreen[36888]: NOQUEUE: reject: RCPT from [209.

Re: Feedback on Postscreen Whitelist Article

Il 26/11/15 21:43, Wietse Venema ha scritto: Do not greylist sites that have many *different* outbound MTA IP addresses. This is a greylisting problem, not postscreen, Wietse Thanks for your clarification, Wietse. I have found my (macroscopic!) configuration issue instead: Enablin

Postscreen whitelist script now fixes invalid CIDRs

I appreciate all the feedback I've received from Postfix users on my Postscreen whitelist creation script. I've now moved the project to GitHub, and completely reworked it as a Thanksgiving project: https://github.com/stevejenkins/postwhite Postwhite now creates a single Postscreen

Re: Feedback on Postscreen Whitelist Article

Am 27.11.2015 um 02:53 schrieb @lbutlr: On Nov 26, 2015, at 1:03 PM, ale@proto wrote: I know somebody discourages the use of postscreen + postgrey. But I don't understand those MS retries. If by “someone” you mean just about everyone including the developer of postfix, then yes, someone dis

Re: Feedback on Postscreen Whitelist Article

On Nov 26, 2015, at 1:03 PM, ale@proto wrote: > I know somebody discourages the use of postscreen + postgrey. But I don't > understand those MS retries. If by “someone” you mean just about everyone including the developer of postfix, then yes, someone discourages it. Greylisting and Postscreen

Re: Feedback on Postscreen Whitelist Article

On 26/11/2015 20:10, Steve Jenkins wrote: On Thu, Nov 26, 2015 at 12:03 PM, ale@proto mailto:alessan...@protodigital.net>> wrote: I reviewed my logs today and I saw a lot of connections from a bunch of MS outbound gateways before entering the "postgrey layer". Once postscreen mar

Re: Feedback on Postscreen Whitelist Article

ale @ proto: > I reviewed my logs today and I saw a lot of connections from a bunch of > MS outbound gateways before entering the "postgrey layer". > > Once postscreen marked one of these gw PASS OLD postgrey put the message > in greylist (default 5 mins), but it expects another connection withi

Re: Feedback on Postscreen Whitelist Article

On Thu, Nov 26, 2015 at 12:03 PM, ale@proto wrote: > I reviewed my logs today and I saw a lot of connections from a bunch of MS > outbound gateways before entering the "postgrey layer". > > Once postscreen marked one of these gw PASS OLD postgrey put the message > in greylist (default 5 mins), bu

Re: Feedback on Postscreen Whitelist Article

I reviewed my logs today and I saw a lot of connections from a bunch of MS outbound gateways before entering the "postgrey layer". Once postscreen marked one of these gw PASS OLD postgrey put the message in greylist (default 5 mins), but it expects another connection within (better: after!) th

Re: Feedback on Postscreen Whitelist Article

On Thu, Nov 26, 2015 at 9:00 AM, Bill Cole < postfixlists-070...@billmail.scconsult.com> wrote: > > Every DNS SOA should have a RP field that is supposed to be an email > address (s/@/./) for the Responsible Party who can fix problems in the > zone. Surely a big responsible company like Microsoft

Re: Feedback on Postscreen Whitelist Article

On 26 Nov 2015, at 11:12, Steve Jenkins wrote: On Thu, Nov 26, 2015 at 4:49 AM, Robert Chalmers wrote: So do I. So I’ll hand cut the cidr file for now, and wait till the author updates his code.. So, I've updated the code. :) Instead of relying on multiple scripts to make multiple list

Re: Feedback on Postscreen Whitelist Article

On Thu, Nov 26, 2015 at 4:49 AM, Robert Chalmers wrote: > So do I. > So I’ll hand cut the cidr file for now, and wait till the author updates > his code.. > So, I've updated the code. :) Instead of relying on multiple scripts to make multiple lists, I simplified things and created a new projec

Re: Feedback on Postscreen Whitelist Article

On Thu, Nov 26, 2015 at 3:41 AM, Robert Chalmers wrote: > Hi Steve, > I’m seeing this in the mail.log > > warning: cidr map /usr/local/etc/postfix/msft_whitelist.cidr, line 36: > non-null host address bits in "207.68.169.173/30", perhaps you should use > "207.68.169.172/30" instead: skipping this

Re: Feedback on Postscreen Whitelist Article

On November 26, 2015 1:46:15 PM Ralf Hildebrandt wrote: What do you think? I think postfix is right :) wish microsoft learn to use shorewall iprange ? :) what id have microsoft on dnswl.org ? hmm

Re: Feedback on Postscreen Whitelist Article

In fact on closer inspection, the last two are duplicates. Robert Chalmers rob...@chalmers.com .au Quantum Radio: http://tinyurl.com/lwwddov Mac mini 6.2 - 2012, Intel Core i7,2.3 GHz, Memory:16 GB. El-Capitan 10.11. 2TB Storage made up of - Drive 0:HGST HTS721010

Re: Feedback on Postscreen Whitelist Article

So do I. So I’ll hand cut the cidr file for now, and wait till the author updates his code.. Robert Chalmers rob...@chalmers.com .au Quantum Radio: http://tinyurl.com/lwwddov Mac mini 6.2 - 2012, Intel Core i7,2.3 GHz, Memory:16 GB. El-Capitan 10.11. 2TB Storage m

Re: Feedback on Postscreen Whitelist Article

> I’m seeing this in the mail.log > > warning: cidr map /usr/local/etc/postfix/msft_whitelist.cidr, line 36: > non-null host address bits in "207.68.169.173/30", perhaps you should use > "207.68.169.172/30" instead: skipping this rule > Nov 26 11:39:25 zeus postfix/postscreen[29402]: warning: ci

Re: Feedback on Postscreen Whitelist Article

Hi Steve, I’m seeing this in the mail.log warning: cidr map /usr/local/etc/postfix/msft_whitelist.cidr, line 36: non-null host address bits in "207.68.169.173/30", perhaps you should use "207.68.169.172/30" instead: skipping this rule Nov 26 11:39:25 zeus postfix/postscreen[29402]: warning: cidr

Re: Feedback on Postscreen Whitelist Article

On Wed, Nov 25, 2015 at 4:13 AM, ale@proto wrote: > I thinks it's a good starting point, Steve. > And it's much better than doing it manually as I did :-) > > Anyway... I rapidly tested delivery time from my office365 account: > - WL disabled: 15 hours > - WL enabled: just a few minutes > > postg

Re: Feedback on Postscreen Whitelist Article

I thinks it's a good starting point, Steve. And it's much better than doing it manually as I did :-) Anyway... I rapidly tested delivery time from my office365 account: - WL disabled: 15 hours - WL enabled: just a few minutes postgrey enabled. Thanks! a. Il 25/11/15 04:45, Steve Jenkins ha s

Re: Feedback on Postscreen Whitelist Article

On Tue, Nov 24, 2015 at 10:32 AM, proto wrote: > Thank you Steve. > I did something similar some weeks ago because I had to get in contact > with MS Support urgently. > > I remember I had to get outbound gateways IPs from < > spf.protection.outlook.com>, but I didn't use . Actually in > your scri

Re: Feedback on Postscreen Whitelist Article

Thank you Steve. I did something similar some weeks ago because I had to get in contact with MS Support urgently. I remember I had to get outbound gateways IPs from , but I didn't use . Actually in your script this NS return no SPF records (IP and includes). I think this WL could be complet

Re: Feedback on Postscreen Whitelist Article

Hi Steve, I implemented the idea, and it works treat. I’m on OSX 10.11, and apart from a few directory changes, (and my bad spelling) - no problems. Interesting idea and an excellent script. Thanks for the work. I understand now what it’s doing. Robert > On 23 Nov 2015, at 23:54, Steve Jenkin

Re: Feedback on Postscreen Whitelist Article

On Mon, Nov 23, 2015 at 1:48 PM, rob...@chalmers.com.au < rob...@chalmers.com.au> wrote: > Interesting article Steve. What happens when/if they change ip blocks in > between cron runs? > and I can't help thinking this may be a little redundant though, with spf, > dkim and dmarc in place the source

Re: Feedback on Postscreen Whitelist Article

On Mon, Nov 23, 2015 at 1:03 PM, Noel Jones wrote: > > Maintaining a local postscreen whitelist of well-known providers is > largely obsolete. > > http://www.postfix.org/postconf.5.html#postscreen_dnsbl_whitelist_threshold > http://www.postfix.org/postconf.5.html#postscreen

Re: Feedback on Postscreen Whitelist Article

‎If wishes were horses. ;-)  My xyz domain is on the VPS. I'm going to switch systems in a few days.   Original Message   From: Viktor Dukhovni Sent: Monday, November 23, 2015 2:45 PM To: postfix-users@postfix.org Reply To: postfix-users@postfix.org Subject: Re: Feedback on Postscreen Whit

Re: Feedback on Postscreen Whitelist Article

On Mon, Nov 23, 2015 at 02:29:45PM -0800, yahoogro...@lazygranch.xyz wrote: >�Regarding Spamhaus, I am periodically blacklisted on my hosted Web service > provider because somebody �sets up an account on the same service, then > spews spam. Because I share the same IP, I'm declared toxic.  Sounds

Re: Feedback on Postscreen Whitelist Article

‎Regarding Spamhaus, I am periodically blacklisted on my hosted Web service provider because somebody ‎sets up an account on the same service, then spews spam. Because I share the same IP, I'm declared toxic.  I have set up a VPS, which of course has its own IP, not to get in this boat. But I a

Re: Feedback on Postscreen Whitelist Article

On 11/23/2015 3:48 PM, rob...@chalmers.com.au wrote: > Interesting article Steve. What happens when/if they change ip > blocks in between cron runs? > and I can't help thinking this may be a little redundant though, > with spf, dkim and dmarc in place the source of the email is checked > and acted

Re: Feedback on Postscreen Whitelist Article

Interesting article Steve. What happens when/if they change ip blocks in between cron runs? and I can't help thinking this may be a little redundant though, with spf, dkim and dmarc in place the source of the email is checked and acted upon accordingly. Sent from my iPad > On 23 Nov 2015,

Re: Feedback on Postscreen Whitelist Article

ps%3A%2F%2Fwww.youtube.com%2Fuser%2FFerrariSteveJenkins&si=4870762816077824&pi=a7bba61c-d5ff-4f17-ffdb-d2d16b1f8221> <http://t.sidekickopen29.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XX4S9MSCW3LPWyM3LjCtjVQZcFT56dvXWf7fnxkP02?t=https%3A%2F%2Finstagram.com%2Fferraristeve%2F&am

Feedback on Postscreen Whitelist Article

I just posted an article about how to whitelist Gmail and Hotmail/Outlook.com IP addresses for Postscreen, based on the webmaster's SPF records: http://www.stevejenkins.com/blog/2015/11/postscreen-whitelisting-smtp-outbound-ip-addresses-large-webmail-providers/ I'd appreciate feedback from anyone