TLS Certificate Client-auth support with "high sec" Certificates broken? (not SASL)

Versions (on both hosts): Postfix 2.5.6 Linked against OpenSSL 0.9.8c (debian etch with security-fixes backported) as well as OpenSSL 0.9.8j (makes no difference) Configured with Command: (the OpenSSL 0.9.8j variant, the first one used the openssl installed in /usr/) make makefiles CCARGS='-DHAS_

Re: Multiple instances (incoming)

On Mon, February 9, 2009 8:14 am, David Cottle said: > I want to have multiple incoming hostnames to match my domains so it > passes spam checks better. > > I found this: > > http://www.linuxmail.info/postfix-multiple-ip-address-smtp-greeting/ I would seriously like to challenge the following sta

Re: Fwd: Re: TLS certificate

Victor Duchovni yazmış: On Fri, Feb 06, 2009 at 07:13:17PM +0200, Tolga wrote: Who can't use the certificate? I, when I try with Thunderbird from another location. Well, it is Thunderbird that needs to extend its list of trusted CAs not Postfix. No amount of tweaking the Pos

Re: Replacing Message-Id for SASL authenticated senders

Hi, Bastian Blank schrieb: On Sun, Feb 08, 2009 at 03:38:22AM -0500, Sahil Tandon wrote: This works as I'd expect, but will it break anything else? Yes. It will break the complete mail handling of the client. _Never_ ever touch a message id. Not all users are dumb. ;) Sender: I'm mi

Re: result_attribute on ldap query

Hi, Manuel Mely schrieb: query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(permitFrom=inet)(accountActive=TRUE)(delete=FALSE)) result_attribute = final version = 3 "final" is the name of a postfix class, and i have the same attribute for all my users, Do you mean, all values of

Re: reject_unverified_sender vs greylisting

On 2/8/2009, João Miguel Neves (joao.ne...@intraneia.com) wrote: > I recently enabled reject_unverified_sender in my postfix configuration, > but it seems like it fails when the server against which the sender is > verified uses greylisting. I've been getting log entries like (@ were > replaced by

Re: result_attribute on ldap query

Hi Marc Patermann escribió: Do you mean, all values of "final" are the same and all users have this attribute/value? Yes the value of "final" is "final", and is the result_attribute of one of my config files, also "final" it's the name of a class of my main.cf So it's like "objectclas

Re: whitelisting not working

David Cottle wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have got RBL tests and I got a client on godaddy. Naturally their outgoing server (secureserver.net) is listed. I made changes to postfix but its still rejecting, here is the extract of the main.cf and the rules. I don't

Re: postfix blocking yahoo and gmail

jan gestre wrote: On Sun, Feb 8, 2009 at 1:17 PM, Victor Duchovni wrote: On Sun, Feb 08, 2009 at 01:01:49PM +0800, jan gestre wrote: New logs with reject_rbl_client sbl-xbl.spamhaus.org added to main.cf eb 8 12:49:52 kartero postfix/smtpd[6465]: NOQUEUE: reject: RCPT from web57902.mail.re3

Re: reject_unverified_sender vs greylisting

Charles Marcus escreveu: > On 2/8/2009, João Miguel Neves (joao.ne...@intraneia.com) wrote: > >> I recently enabled reject_unverified_sender in my postfix configuration, >> but it seems like it fails when the server against which the sender is >> verified uses greylisting. I've been getting log

Delaying some email addresses

Good morning, I'm using spamassassin thru amavisd. I also have a bunch of spamtraps (addresses that were never used by persons, but that receive spam regularly) feeding automatically its bayes filter. Sometimes I get some spam that goes to regular addresses and to the spamtraps around the same tim

Re: reject_unverified_sender vs greylisting

On 2/9/2009 9:36 AM, João Miguel Neves wrote: > That would mean that the most useful use of SAV is negated. Or is there > some prior arrangement that would allow me to do that to hotmail.com, > gmail.com, yahoo.com*? > > I'm going to reduce the target domains, but is there a known agreement > with

Re: Delaying some email addresses

João Miguel Neves schrieb: > I'm using spamassassin thru amavisd. I also have a bunch of spamtraps > (addresses that were never used by persons, but that receive spam > regularly) feeding automatically its bayes filter. Sometimes I get some > spam that goes to regular addresses and to the spamtrap

Re: Delaying some email addresses

Martin Schmitt escreveu: > João Miguel Neves schrieb: > > >> I'm using spamassassin thru amavisd. I also have a bunch of spamtraps >> (addresses that were never used by persons, but that receive spam >> regularly) feeding automatically its bayes filter. Sometimes I get some >> spam that goes to

Re: Delaying some email addresses

On Mon, Feb 09, 2009 at 02:44:09PM +, Jo?o Miguel Neves wrote: > Good morning, > > I'm using spamassassin thru amavisd. I also have a bunch of spamtraps > (addresses that were never used by persons, but that receive spam > regularly) feeding automatically its bayes filter. Sometimes I get som

Re: Delaying some email addresses

João Miguel Neves wrote: Martin Schmitt escreveu: João Miguel Neves schrieb: I'm using spamassassin thru amavisd. I also have a bunch of spamtraps (addresses that were never used by persons, but that receive spam regularly) feeding automatically its bayes filter. Sometimes I get some spam t

Re: Delaying some email addresses

Victor Duchovni wrote: On Mon, Feb 09, 2009 at 02:44:09PM +, Jo?o Miguel Neves wrote: Good morning, I'm using spamassassin thru amavisd. I also have a bunch of spamtraps (addresses that were never used by persons, but that receive spam regularly) feeding automatically its bayes filter.

Re: Delaying some email addresses

On Mon, Feb 09, 2009 at 12:00:12PM -0500, Terry Carmen wrote: >> Don't "delay", if your "spamtrap" addresses are well chosen, have >> never existed as valid email addresses, and are unlikely to be mistyped >> accidentally by a human sender, you can just "REDIRECT" all mail for >> a spamtrap addres

Building postfix for packaging

We currently use postfix as a part of our overall product, which means that it ends up being packaged inside our own RPM (or deb, etc) packages, and then redeployed when our product is installed. One thing I've noticed about the postfix build system in this is that it assumes you are building

Re: Building postfix for packaging

Quanah Gibson-Mount: > We currently use postfix as a part of our overall product, which means that > it ends up being packaged inside our own RPM (or deb, etc) packages, and > then redeployed when our product is installed. One thing I've noticed > about the postfix build system in this is that

Re: Building postfix for packaging

On Mon, Feb 09, 2009 at 09:41:49AM -0800, Quanah Gibson-Mount wrote: > We currently use postfix as a part of our overall product, which means that > it ends up being packaged inside our own RPM (or deb, etc) packages, and > then redeployed when our product is installed. One thing I've noticed

Re: Building postfix for packaging

--On Monday, February 09, 2009 12:57 PM -0500 Victor Duchovni wrote: Of the numerous software applications we build as the underlying components to our product, Postfix is the only one that goes to such pains. Is there a way that I'm missing to turn off this behavior in postfix-install be

Re: Building postfix for packaging

Quanah Gibson-Mount wrote: We currently use postfix as a part of our overall product, which means that it ends up being packaged inside our own RPM (or deb, etc) packages, and then redeployed when our product is installed. One thing I've noticed about the postfix build system in this is that it

Re: Building postfix for packaging

On Mon, Feb 09, 2009 at 10:02:33AM -0800, Quanah Gibson-Mount wrote: >> You have not read "PACKAGE_README". > > This is really the answer. I missed this document, things should work fine > with it. One minor nit in the document, it uses "xargs" to collect a file list for "tar", but the file lis

Re: Building postfix for packaging

On Mon, Feb 09, 2009 at 01:17:08PM -0500, Victor Duchovni wrote: > On Mon, Feb 09, 2009 at 10:02:33AM -0800, Quanah Gibson-Mount wrote: > > >> You have not read "PACKAGE_README". > > > > This is really the answer. I missed this document, things should work fine > > with it. > > One minor nit i

Re: Building postfix for packaging

Victor Duchovni: > On Mon, Feb 09, 2009 at 10:02:33AM -0800, Quanah Gibson-Mount wrote: > > >> You have not read "PACKAGE_README". > > > > This is really the answer. I missed this document, things should work fine > > with it. > > One minor nit in the document, it uses "xargs" to collect a file

RE: Problems with Postfix / Round-Robin

Hi! thanks for the help and sorry for the delay. I don´t know if i am able to send attachments, I will try. I am attaching you the maillog, master.cf and main.cf Thanks again. Pablo.- > Subject: Re: Problems with Postfix / Round-Robin > To: postfix-users@postfix.org > Date: Fri, 6 Feb 2009 12:

Re: Redirect all mail from one domain to the same u...@otherdomain?

--- In postfix-us...@yahoogroups.com, Victor Duchovni wrote: > > On Sun, Feb 08, 2009 at 09:50:16PM -0800, Jeff Weinberger wrote: > > > > > I am trying to figure out the best way to map one domain to another with > > the same users...precisely the behavior I am trying to achieve is: when > > mail

Re: Building postfix for packaging

On Mon, Feb 09, 2009 at 02:13:55PM -0500, Wietse Venema wrote: > > > > One minor nit in the document, it uses "xargs" to collect a file list for > > "tar", but the file list may be too long for one command invocation: > > > > % cd INSTALL_ROOT > > % rm -f SOMEWHERE/outputfile > > % f

Re: Building postfix for packaging

On Mon, Feb 09, 2009 at 02:59:02PM -0500, Victor Duchovni wrote: > On Mon, Feb 09, 2009 at 02:13:55PM -0500, Wietse Venema wrote: > > > > > > > One minor nit in the document, it uses "xargs" to collect a file list for > > > "tar", but the file list may be too long for one command invocation: > >

Re: Building postfix for packaging

On Mon, Feb 09, 2009 at 12:19:26PM -0800, Quanah Gibson-Mount wrote: > --On Monday, February 09, 2009 12:57 PM -0500 Victor Duchovni > wrote: > >> > > And just to confirm, the steps here worked beautifully, thank you. :) > > I did have to use an i

Re: Building postfix for packaging

Quanah Gibson-Mount: > --On Monday, February 09, 2009 12:57 PM -0500 Victor Duchovni > wrote: > > > > > And just to confirm, the steps here worked beautifully, thank you. :) > > I did have to use an install root of /../ since it won't take /. I

Re: Building postfix for packaging

--On Monday, February 09, 2009 12:57 PM -0500 Victor Duchovni wrote: And just to confirm, the steps here worked beautifully, thank you. :) I did have to use an install root of /../ since it won't take /. I build with a prefix of /opt/zimbra

Re: Replacing Message-Id for SASL authenticated senders

Marc Patermann a écrit : > Hi, > > Bastian Blank schrieb: >> On Sun, Feb 08, 2009 at 03:38:22AM -0500, Sahil Tandon wrote: >>> This works as I'd expect, but will it break anything else? >> >> Yes. It will break the complete mail handling of the client. _Never_ >> ever touch a message id. > Not all

Re: Building postfix for packaging

On Mon, Feb 09, 2009 at 03:41:34PM -0500, Wietse Venema wrote: > > It would be nice if there was someway for it to recognize it was already > > built with a prefix, so no need to go down multiple layers. But I have an > > easily working solution to it. :) > > It's good to hear that the instruc

Re: Delaying some email addresses

Victor Duchovni a écrit : > On Mon, Feb 09, 2009 at 12:00:12PM -0500, Terry Carmen wrote: > >>> Don't "delay", if your "spamtrap" addresses are well chosen, have >>> never existed as valid email addresses, and are unlikely to be mistyped >>> accidentally by a human sender, you can just "REDIRECT"

Re: Redirect all mail from one domain to the same u...@otherdomain?

jeff_homeip a écrit : > --- In postfix-us...@yahoogroups.com, Victor Duchovni > wrote: >> On Sun, Feb 08, 2009 at 09:50:16PM -0800, Jeff Weinberger wrote: >> >>> I am trying to figure out the best way to map one domain to > another with >>> the same users...precisely the behavior I am trying to a

Re: reject_unverified_sender vs greylisting

João Miguel Neves a écrit : > Charles Marcus escreveu: >> On 2/8/2009, João Miguel Neves (joao.ne...@intraneia.com) wrote: >> >>> I recently enabled reject_unverified_sender in my postfix configuration, >>> but it seems like it fails when the server against which the sender is >>> verified uses

Re: whitelisting not working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Noel Jones wrote: > David Cottle wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Hi, >> >> I have got RBL tests and I got a client on godaddy. Naturally their >> outgoing server (secureserver.net) is listed. I made changes to >> post

RE: reject_unverified_sender vs greylisting

> -Original Message- > From: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] On Behalf Of mouss > Sent: Tuesday, 10 February 2009 8:39 AM > To: postfix-users@postfix.org > Subject: Re: reject_unverified_sender vs greylisting > > João Miguel Neves a écrit : >

Re: whitelisting not working

David Cottle wrote: smtpd_client_restrictions = check_client_access hash:/etc/postfix/whitelist, check_sender_access hash:/etc/postfix/check_backscatterer, check_sender_access hash:/etc/postfix/check_spamcannibal, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_cl

virtual_mailbox_domains as a hash file

Everything I'm reading in "The Book of Postfix" and from the web site seem to indicate that virtual_mailbox_domains has to be a list of values in main.cf. Is this correct? Anyway to put them in a file instead? TIA, Rod --

Re: virtual_mailbox_domains as a hash file

Roderick A. Anderson wrote: Everything I'm reading in "The Book of Postfix" and from the web site seem to indicate that virtual_mailbox_domains has to be a list of values in main.cf. Is this correct? Anyway to put them in a file instead? TIA, Rod The documentation is the correct place to

Re: whitelisting not working

Sent from my iPhone On 10/02/2009, at 11:02, Noel Jones wrote: David Cottle wrote: smtpd_client_restrictions = check_client_access hash:/etc/postfix/whitelist, check_sender_access hash:/etc/postfix/check_backscatterer, check_sender_access hash:/etc/postfix/check_spamcannibal, reject_rbl_cli

Re: whitelisting not working

David Cottle wrote: If I move my check_xxx routines to the smtpd_data_restrictions, is this still called up as a check_sender_access? Yes, it's still using the sender address for the lookup, so it still needs to be check_sender_access. So I also assume that smtpd_data_ restrictions does wh

Getting localhost put in my From field

I have been trying to figure out how to get Postfix to not append "localhost" in to the From: field. I am sending email mostly between two local users, using RHEL5/Squirrelmail/Postfix/Dovecot. When I send an email from user_...@schoolretail.local to user_...@schoolretail.local it arrives

Re: Getting localhost put in my From field

On Mon, Feb 09, 2009 at 09:43:49PM -0500, Xn Nooby wrote: > I have been trying to figure out how to get Postfix to not append > "localhost" in to the From: field. I am sending email mostly between > two local users, using RHEL5/Squirrelmail/Postfix/Dovecot. > > When I send an email from > > us

Re: Redirect all mail from one domain to the same u...@otherdomain?

--- In post...@yahoogroups.com, mouss wrote: > > jeff_homeip a écrit : > > --- In postfix-us...@yahoogroups.com, Victor Duchovni > > wrote: > >> On Sun, Feb 08, 2009 at 09:50:16PM -0800, Jeff Weinberger wrote: > >> > >>> I am trying to figure out the best way to map one domain to > > another with

Re: reject_unverified_sender vs greylisting

On Mon, Feb 09, 2009 at 02:36:25PM +, João Miguel Neves wrote: > That would mean that the most useful use of SAV is negated. Or is there > some prior arrangement that would allow me to do that to hotmail.com, > gmail.com, yahoo.com*? Some Mailproviders explicitly forbid the use of SAV against

Re: reject_unverified_sender vs greylisting

On Tue, Feb 10, 2009 at 07:15:06AM +0100, Juergen P. Meier wrote: > If everyone would use SAV, the ammount of SMTP traffic in the Internet > would *double*. I bet most heavy duty mailssystems don't scale double. An address probe is MUCH cheaper to process than a message. Address probe results are