Re: backwards compatibility of OK in header_checks still needed?

On Sunday, March 15, 2009 at 07:13 CET, Roger Marquis wrote: > Noel Jones wrote: > > > There is no bypass method for header_checks. > > Have you tried a filter action at the beginning of the file? > Destination can be another postfix instance, another smtpd, > or a content_filter like amav

Re: backwards compatibility of OK in header_checks still needed?

Henk van Oers a écrit : > [snip] >> Doing a proper job requires an external content filter. > > I want to reject as mutch as posible, so i have a header_checks file. > To bypass the header check for trusted senders i tryed: > if /^Return-Path:/ > /trusted_sender/ OK > endif > > As i now unders

Re: backwards compatibility of OK in header_checks still needed?

Bill Cole wrote: Michael Tokarev wrote, On 3/14/09 4:13 PM: Henk van Oers wrote: [...] I the case of multiple recipients there can be rejects for some, no tests for some others (OK), a few test for DUNNO recipients and all the checks for the rest. Right? Yes. For each recipient independentl

Re: backwards compatibility of OK in header_checks still needed?

Henk van Oers: > > On Sat, 14 Mar 2009, Wietse Venema wrote: > > Henk van Oers: > >> > >> Quote from header_checks (5): > >> "" > >> DUNNO Pretend that the input line did not match any pat- > >>tern, and inspect the next input line. This action > >>can b

Re: backwards compatibility of OK in header_checks still needed?

On Sun, 15 Mar 2009, Wietse Venema wrote: Is it so hard to read what the text actually says, instead of what you want it to say? Yes. The semantics differ from what i'm used too in recipient_checks.

Re: smtpd_recipient_restrictions suddenly stopping mail

Sahil Tandon wrote: On Mar 3, 2009, at 1:14 PM, Kevin Bailey wrote: Hiya, We have had this setting on a mail server for a long time. smtpd_recipient_restrictions = permit_sasl_authenticated reject_non_fqdn_recipient reject_non_fqdn_sender reject_unknown_sender_domain reject_unknown_recipien

RE: smtpd_recipient_restrictions suddenly stopping mail

> Thanks for that and the other responses. > > We indeed tracked it to DNS problems - in this case the onsite admin > (who is a Windows only type) had set up a Smoothwall router and we were > using it as our DNS server. It seems to have been responding with bad > data. > > We changed the server

Postfix and Samba best practice

Hi, We have a server which is going to be a Samba file server and a Postfix server where the users will access their mail over IMAP. We normally prefer to use Maildir storage as it seems to be recommended over mailbox - for me, for example, I am subscribed to a dozen or so lists and have ten

Re: smtpd_tls_session_cache_database

On 14-Mar-2009, at 19:39, Wietse Venema wrote: LuKreme: In reading and all the posts in the last 15 months with 'smtpd_tls_session_cache_database' in the subject (all 7 of them!), it is not clear to me how the smtpd_tls_session_cache_database file is crea

Re: backwards compatibility of OK in header_checks still needed?

On Mar 15, 2009, at 10:16 AM, Henk van Oers wrote: On Sun, 15 Mar 2009, Wietse Venema wrote: Is it so hard to read what the text actually says, instead of what you want it to say? Yes. The semantics differ from what i'm used too in recipient_checks. Shall we close this thread? header_che

Re: smtpd_tls_session_cache_database

LuKreme: > On 14-Mar-2009, at 19:39, Wietse Venema wrote: > > LuKreme: > >> In reading and all the posts > >> in the last 15 months with 'smtpd_tls_session_cache_database' in the > >> subject (all 7 of them!), it is not clear to me how the > >> smtpd_tls_ses

Re: smtpd_recipient_restrictions suddenly stopping mail

On Mar 15, 2009, at 11:27 AM, Damon Miller wrote: We changed the server to use OpenDNS servers and all's well. Thanks again for the help. Be careful with OpenDNS: They return false positives, e.g.: www.abcdefghijklmnop12345.com. Server: resolver1.opendns.com Address: 208.67.222.222 Non

Re: smtpd_recipient_restrictions suddenly stopping mail

Sahil Tandon: > OpenDNS will not blindly redirect DNS queries that look like DNSBL > requests. Notice the difference: > > % dig @resolver1.opendns.com www.abcdefghijklmnop12345.com +short > 208.69.32.132 > % dig @resolver1.opendns.com 40.30.20.10.www.abcdefghijklmnop12345.com > +

Re: smtpd_recipient_restrictions suddenly stopping mail

On Sun, 15 Mar 2009, Wietse Venema wrote: > Sahil Tandon: > > OpenDNS will not blindly redirect DNS queries that look like DNSBL > > requests. Notice the difference: > > > > % dig @resolver1.opendns.com www.abcdefghijklmnop12345.com +short > > 208.69.32.132 > > % dig @resolver1.ope

Re: smtpd_tls_session_cache_database

On Sun, Mar 15, 2009 at 12:27:37PM -0400, Wietse Venema wrote: > > smtpd_tls_session_cache_database = btree:$data_directory/smtpd_sessions > > > > postfix/smtpd[67779]: fatal: open database /var/db/postfix/ > > smtpd_sessions.db: No such file or directory > > smtpd never uses the smtpd_tls_se

Re: smtpd_recipient_restrictions suddenly stopping mail

Sahil Tandon wrote: On Sun, 15 Mar 2009, Wietse Venema wrote: Sahil Tandon: OpenDNS will not blindly redirect DNS queries that look like DNSBL requests. Notice the difference: % dig @resolver1.opendns.com www.abcdefghijklmnop12345.com +short 208.69.32.132 % dig @resolver1.opend

Re: non-alpha HELO

On 14-Mar-2009, at 22:53, Noel Jones wrote: But you should really be testing with telnet and openssl s_client before you start testing with a MUA. Yep. Like I said this was just a "let's see what we get in the logs" little test. Mucking about some more with it, TLS at least is working now

Re: non-alpha HELO

LuKreme wrote: Authentication is another matter, but as I recall, that is outside postfix purview and I need to go dink with cyrus-sasl-saslauthd for that. Mar 15 12:54:40 mail submit/smtpd[7403]: Anonymous TLS connection established from c-67-164-162-51.hsd1.co.comcast.net[67.164.162.51]: TL

Re: backwards compatibility of OK in header_checks still needed?

Magnus wrote: /^Received: from .*\.mx\.aol.com (.*\.mx\.aol\.com/ FILTER smtp:[127.0.0.1]:25 That still doesn't bypass the rest of the header checks. Works for us, has for years. Even tested it using the exact same pattern and HOLD immediately after the FILTER. The messages are delivered a

Re: backwards compatibility of OK in header_checks still needed?

On Sunday, March 15, 2009 at 21:59 CET, Roger Marquis wrote: > Magnus wrote: > > > That still doesn't bypass the rest of the header checks. > > Works for us, has for years. Even tested it using the exact same > pattern and HOLD immediately after the FILTER. The messages are > delivered as

Re: smtpd_tls_session_cache_database

On 15-Mar-2009, at 14:25, Victor Duchovni wrote: On Sun, Mar 15, 2009 at 12:27:37PM -0400, Wietse Venema wrote: smtpd_tls_session_cache_database = btree:$data_directory/ smtpd_sessions postfix/smtpd[67779]: fatal: open database /var/db/postfix/ smtpd_sessions.db: No such file or directory

Re: backwards compatibility of OK in header_checks still needed?

Roger Marquis wrote: Magnus wrote: /^Received: from .*\.mx\.aol.com (.*\.mx\.aol\.com/ FILTER smtp:[127.0.0.1]:25 That still doesn't bypass the rest of the header checks. Works for us, has for years. Even tested it using the exact same pattern and HOLD immediately after the FILTER. The me

Issue with pipe mail to script

Hi There, We are running postfix on debian etch and are using mysql to store the transport and alias info and having an issue that i need a little assistance with please. Here is the config: mydestination = mysql:/etc/postfix/mysql-transport.cf transport_maps = mysql:/etc/postfix/mysql-transport.c

Re: backwards compatibility of OK in header_checks still needed?

Sahil Tandon a écrit : > On Mar 15, 2009, at 10:16 AM, Henk van Oers wrote: > >> On Sun, 15 Mar 2009, Wietse Venema wrote: >> >>> Is it so hard to read what the text actually says, >>> instead of what you want it to say? >> >> Yes. The semantics differ from what i'm used too in recipient_checks. >

Re: Issue with pipe mail to script

Simon: > Hi There, We are running postfix on debian etch and are using mysql to > store the transport and alias info and having an issue that i need a > little assistance with please. Here is the config: > > mydestination = mysql:/etc/postfix/mysql-transport.cf > transport_maps = mysql:/etc/postfi

Re: backwards compatibility of OK in header_checks still needed?

On Sun, 15 Mar 2009, mouss wrote: > Sahil Tandon a écrit : > > On Mar 15, 2009, at 10:16 AM, Henk van Oers wrote: > > > >> On Sun, 15 Mar 2009, Wietse Venema wrote: > >> > >>> Is it so hard to read what the text actually says, > >>> instead of what you want it to say? > >> > >> Yes. The semantics

Re: backwards compatibility of OK in header_checks still needed?

Roger Marquis a écrit : > Magnus wrote: >>> /^Received: from .*\.mx\.aol.com (.*\.mx\.aol\.com/ FILTER >>> smtp:[127.0.0.1]:25 >> That still doesn't bypass the rest of the header checks. > > Works for us, has for years. does it have a green card? otherwise, "it" shouldn't work ;-p > Even test

Re: Postfix and Samba best practice

Kevin Bailey a écrit : > Hi, > > We have a server which is going to be a Samba file server and a Postfix > server where the users will access their mail over IMAP. > > We normally prefer to use Maildir storage as it seems to be recommended > over mailbox - for me, for example, I am subscribed to

Re: Issue with pipe mail to script

On Mon, 16 Mar 2009, Simon wrote: > Now - this works fine.. But as soon as i add a pipe to the > destination_address like this: > > orgin_address = t...@testdomain.co.nz > destination_address = |/usr/local/autoresponder/autoresponder.php For security reasons, virtual(8) does not support delivery

Re: smtpd_tls_session_cache_database

LuKreme a écrit : > > I can connect now to the submission port from my MUA (mail.app) as long > as I authenticate against the sasldb. I cannot connect from the > command-line with openssl s_client: no you can't. which is why Noel added "connectivity" to his recommendation. only use openssl to see

Re: smtpd_tls_session_cache_database

On Sun, Mar 15, 2009 at 03:32:26PM -0600, LuKreme wrote: > $ openssl s_client -connect mail.covisp.net:587 > CONNECTED(0003) > 4001:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:s23_clnt.c:601: This is SMTP inside SSL, Postfix does STARTTLS inside SMTP, so this is not

Re: smtpd_tls_session_cache_database

On 15-Mar-2009, at 17:08, mouss wrote: LuKreme a écrit : I can connect now to the submission port from my MUA (mail.app) as long as I authenticate against the sasldb. I cannot connect from the command-line with openssl s_client: no you can't. which is why Noel added "connectivity" to his re

Re: backwards compatibility of OK in header_checks still needed?

mouss a ecrit : whatever you may think, it doesn't work the way you think You're right, my mistake. Apologies. Chalk up another one for quick and dirty QA. At least FILTER bypasses the content_filter so won't be DISCARDed on that basis. Roger Marquis

Re: READMEs, where can I find them?

Wietse Venema wrote: > KLaM Postmaster: > >> where can I find the postfix readme files, I have looked all over the >> postfix.com site, and while there is lots of documentation (man pages, >> how to, faqs, etc) but I cannot find the readme files except as >> embedded links. >> > > The file

Too strict?

Hello, and thank you in advance for your time! I have been setting up a mail server since more than a week and after reading several posts/articles and some pages of the Postfix manual, I'm a little confused about how to setup the security. The mail server is outside my LAN and it will be used to

Re: Too strict?

On Monday, March 16, 2009 at 06:18 CET, Alberto Lepe wrote: [...] > I wanted to force the users to authenticate, in order to send mails, with: > > #smtpd_client_restrictions = permit_sasl_authenticated,reject > > But for some reason, when I use that line, and I send a mail from > gmail to