Hi list,
I have a problem with delivering mail to a host and get this error:
host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterdam.nl
Error: timeout exceeded (in reply to end of DATA command)
This error only seems to occur with 'large' mails. Currently I have a mail
of ~600KB and ~8M
On Wed, 20 Jan 2010 10:56:39 +0100, Martijn de Munnik
wrote:
> Hi list,
>
> I have a problem with delivering mail to a host and get this error:
>
> host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterdam.nl
> Error: timeout exceeded (in reply to end of DATA command)
>
> This error onl
On Wed, 20 Jan 2010 11:10:50 +0100, Martijn de Munnik
wrote:
> On Wed, 20 Jan 2010 10:56:39 +0100, Martijn de Munnik
> wrote:
>> Hi list,
>>
>> I have a problem with delivering mail to a host and get this error:
>>
>> host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterdam.nl
>> Error
Hi,
I have a working postfix server from long time.
Now i found out that mails with a read receipt coming from one (and only
one) Exchange Server
are correctely delivered as well as thier read receipt.
However when such mails are sent the sender receive this mail, too.
/This is an automati
Hi Everyone,
I've been running a postfix mailserver for our small company for the last
couple of years. Until a couple of weeks ago we had no trouble at all. But
then suddenly I started seeing a huge number of rejected emails in the
deferred queue, with dodgy looking recipient addresses. I think
> My question is, if I am right, how can I find out which account has been
> compromised?
You can add this to main.cf:
smtpd_sasl_authenticated_header=true
This will add the SASL authenticated user to the received headers which
allows you to see who's account was used.
Kind regards,
Martijn
Hi,
I have a working postfix server from long time.
Now i found out that mails with a read receipt coming from one (and only
one) Exchange Server
are correctely delivered as well as thier read receipt.
However when such mails are sent the sender receive this mail, too.
/This is an automat
Am 20.01.2010 11:55, schrieb luca:
> Hi,
>
> I have a working postfix server from long time.
>
> Now i found out that mails with a read receipt coming from one (and only
> one) Exchange Server
> are correctely delivered as well as thier read receipt.
>
> However when such mails are sent the sen
Hi,
Yes I know it is not a bug.
I would like to know if it is possible to configure postfix so that the
answers it gives to
the Exchange Server instruments it to avoid producing the email to the
sending user.
Robert Schetterer ha scritto:
Am 20.01.2010 11:55, schrieb luca:
Hi,
I have a
Quoting luca :
Hi,
Yes I know it is not a bug.
I would like to know if it is possible to configure postfix so that the
answers it gives to
the Exchange Server instruments it to avoid producing the email to the
sending user.
Well, I think that exchange is using header on mails that only
exch
On 2010-01-20 Martijn de Munnik wrote:
> I have a problem with delivering mail to a host and get this error:
>
> host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterdam.nl
> Error: timeout exceeded (in reply to end of DATA command)
>
> This error only seems to occur with 'large' mails.
Martijn de Munnik:
> Hi list,
>
> I have a problem with delivering mail to a host and get this error:
>
> host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterdam.nl
> Error: timeout exceeded (in reply to end of DATA command)
>
> This error only seems to occur with 'large' mails. Curren
Hi,
I would like to ask you if is there any way to put different rejection
message for rejection if some host doesn't have reverse DNS entry ? I
need to include a link to the website which explains what is that and
what to do and why that message was rejected is there any easy way
to do it ?
* Jaroslaw Grzabel :
> Hi,
>
> I would like to ask you if is there any way to put different rejection
> message for rejection if some host doesn't have reverse DNS entry?
Use an access(5) map on the client:
check_client_access hash:/etc/postfix/nice_reject
with:
unknown 550 5.1.2 Your reve
Ralf Hildebrandt wrote:
> Use an access(5) map on the client:
>
> check_client_access hash:/etc/postfix/nice_reject
>
> with:
>
> unknown 550 5.1.2 Your reverse DNS entries are off
>
>
Thank you for that Ralf. Do you know if may I operate on any variables ?
I need to have a message like "550
* Jaroslaw Grzabel :
> Ralf Hildebrandt wrote:
> > Use an access(5) map on the client:
> >
> > check_client_access hash:/etc/postfix/nice_reject
> >
> > with:
> >
> > unknown 550 5.1.2 Your reverse DNS entries are off
> >
> >
> Thank you for that Ralf. Do you know if may I operate on any var
Jaroslaw Grzabel wrote:
> Ralf Hildebrandt wrote:
>
>> Use an access(5) map on the client:
>>
>> check_client_access hash:/etc/postfix/nice_reject
>>
>> with:
>>
>> unknown 550 5.1.2 Your reverse DNS entries are off
>>
And also, are you sure that unknown is OK ? I can see in logs that I
* Jaroslaw Grzabel :
> >> unknown 550 5.1.2 Your reverse DNS entries are off
> >>
> And also, are you sure that unknown is OK ? I can see in logs that I've
> got number of connections from unknown[IP_ADDRESS] but when I do
> nslookup IP_ADDRESS they have PTR. So I don't want to reject the
Ralf Hildebrandt wrote:
> * Jaroslaw Grzabel :
>
>
unknown 550 5.1.2 Your reverse DNS entries are off
>> And also, are you sure that unknown is OK ? I can see in logs that I've
>> got number of connections from unknown[IP_ADDRESS] but when I do
>> nslookup IP_ADD
Jaroslaw Grzabel:
> Ralf Hildebrandt wrote:
> > Use an access(5) map on the client:
> >
> > check_client_access hash:/etc/postfix/nice_reject
> >
> > with:
> >
> > unknown 550 5.1.2 Your reverse DNS entries are off
> >
> >
> Thank you for that Ralf. Do you know if may I operate on any variab
On 1/20/2010 5:05 AM, Daniel Howard wrote:
Hi Everyone,
I've been running a postfix mailserver for our small company for the last
couple of years. Until a couple of weeks ago we had no trouble at all. But
then suddenly I started seeing a huge number of rejected emails in the
deferred queue, with
* Jaroslaw Grzabel :
> smtpd_sender_restrictions = check_sender_access
> regexp:/etc/postfix/access.regexp,
> check_sender_access hash:/etc/postfix/access,
> reject_unknown_sender_domain,
> reject_non_fqdn_sender,
On Wed, Jan 20, 2010 at 01:05:01PM +, Jaroslaw Grzabel wrote:
> Ralf Hildebrandt wrote:
> > Use an access(5) map on the client:
> >
> > check_client_access hash:/etc/postfix/nice_reject
> >
> > with:
> >
> > unknown 550 5.1.2 Your reverse DNS entries are off
> >
> >
> Thank you for that
Ralf Hildebrandt wrote:
>
> And where is the check that needs to have aa nice error message?
>
>
I forgot to paste this restriction for client:
smtpd_client_restrictions = reject_unknown_reverse_client_hostname
So there where it should be.
Regards,
Jarek
Henrik K wrote:
> You don't really need that variable. The hostname/IP is already included in
> the
> rejection message going out, if you use check_client_access.
>
> For example:
>
> 550 5.1.1 Client host rejected: "Fix your reverse DNS..."
>
>
OK, but the problem is at this moment that I'm a
Wietse Venema wrote:
>
> Syntax of access tables is documented: man 5 access.
>
> Wietse
>
Yes I know. But as I mention in the post sent a moment ago, the problem
is that I'm afraid I will reject unknown hosts with valid PTR. I don't
want to do this.
Regards,
Jarek
Jaroslaw Grzabel:
> Wietse Venema wrote:
> >
> > Syntax of access tables is documented: man 5 access.
> >
> > Wietse
> >
> Yes I know. But as I mention in the post sent a moment ago, the problem
> is that I'm afraid I will reject unknown hosts with valid PTR. I don't
> want to do this.
See
* Jaroslaw Grzabel :
> Henrik K wrote:
> > You don't really need that variable. The hostname/IP is already included in
> > the
> > rejection message going out, if you use check_client_access.
> >
> > For example:
> >
> > 550 5.1.1 Client host rejected: "Fix your reverse DNS..."
> >
> >
> OK, b
Wietse Venema wrote:
> See "man 5 postconf" for the difference between:
> reject_unknown_reverse_client_hostname
> reject_unknown_client_hostname
>
> Wietse
>
Sorry Wietse, but you completely lost me. How does it regard to my
problem ? I need to have custom message.
reject_unknown_reverse
Jaroslaw Grzabel:
> But as I mention in the post sent a moment ago, the problem
> is that I'm afraid I will reject unknown hosts with valid PTR. I don't
> want to do this.
Wietse Venema wrote:
> See "man 5 postconf" for the difference between:
> reject_unknown_reverse_client_hostname
> reject_unkn
Wietse Venema wrote:
> If you are concerned that you reject mail from hosts with valid PTR,
> then I recommend that you choose between:
>
> 1) reject_unknown_reverse_client_hostname. As documented, this
>will accept any reverse name, without checking whether it resolves
>to to the client IP
> You can add this to main.cf:
>
> smtpd_sasl_authenticated_header=true
>
> This will add the SASL authenticated user to the received headers which
> allows you to see who's account was used.
>
> Kind regards,
>
> Martijn Brinkers
Thanks Martijn, but if the SASL user gets put into the headers, th
Jaroslaw Grzabel:
> I'm afraid I will reject unknown hosts with valid PTR. I don't
> want to do this.
> Wietse Venema:
> > If you are concerned that you reject mail from hosts with valid PTR,
> > then I recommend that you choose between:
> >
> > 1) reject_unknown_reverse_client_hostname. As docume
Today I downloaded Ralph Hildebrandt's Postfix example and used his
'check_helo_access' example in my configuration. I have not 'reloaded'
Postfix yet because I want to make sure that I did not add this in and
cause any redundant checks or worse, break something. Can you guys
please review my main.
* Carlos Williams :
> cause any redundant checks or worse, break something. Can you guys
why not use soft_bounce = yes :) ?
> check_helo_access pcre:/etc/postfix/helo_checks.pcre,
And what is the content of the file?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Char
On Wed, Jan 20, 2010 at 10:20 AM, Ralf Hildebrandt
wrote:
> why not use soft_bounce = yes :) ?
I have never used it before. That sounds like a good idea.
>> check_helo_access pcre:/etc/postfix/helo_checks.pcre,
> And what is the content of the file?
[r...@mail postfix]# cat helo_checks.pcre
Hi folks
How can I avoid smtp clients from my local network trying to relay mail
trough my server? I need to specify clients wich "from" address are not
mapped in the canonical or virtual table.
I need some ideas here.
Thanks
David
> /^localhost$/ 550 Don't use my own domain (localhost)!
> /^iamghost.\com$/ 550 Don't use my own domain!
> /^64\.95\.64\.198$/ 550 Your spam was rejected because you're
> forging my IP.
> /^\[64\.95\.64\.198\]$/ 550 Your spam was rejected be
On 1/20/2010 8:43 AM, Jaroslaw Grzabel wrote:
Wietse Venema wrote:
If you are concerned that you reject mail from hosts with valid PTR,
then I recommend that you choose between:
1) reject_unknown_reverse_client_hostname. As documented, this
will accept any reverse name, without checking whe
On 2010-01-20 Davy Leon wrote:
> How can I avoid smtp clients from my local network trying to relay mail
> trough my server? I need to specify clients wich "from" address are not
> mapped in the canonical or virtual table.
I'm not sure if I understood you correctly. Do you want to allow only
s
We are experimenting with spamass-milter to check mails and reject them
if a configured spamassassin score is reached. That part works, but the
milter is (of course) applied to all mails after our
smtpd_recipient_restrictions lookups return OK for the recipient, i.e.
also postmaster@ for whom w
On Wed, Jan 20, 2010 at 10:34 AM, Ralf Hildebrandt
wrote:
> I would merge:
>
> smtpd_helo_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_non_fqdn_helo_hostname,
> reject_invalid_helo_hostname
>
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticate
Please keep this discussion on-list. I'm not doing personal support for
free. And please don't top-post.
On 2010-01-20 Davy Leon wrote:
> As I said authentication is not the solution. Some of my clients use
> the server to access their real smtp server, and I just relay mail for
> them.
I fail to
On Wed, 20 Jan 2010 07:20:01 -0500 (EST), wie...@porcupine.org (Wietse
Venema) wrote:
> Martijn de Munnik:
>> Hi list,
>>
>> I have a problem with delivering mail to a host and get this error:
>>
>> host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterdam.nl
>> Error: timeout exceeded (i
Thanks Martijn, but if the SASL user gets put into the headers, then
doesn't that just meant that the recipient will see who the message came
from, rather than the administrator - me?
Yes but you said:
"...I started seeing a huge number of rejected emails in the deferred
queue..."
If the SAS
Carlos Williams schrieb:
> On Wed, Jan 20, 2010 at 10:34 AM, Ralf Hildebrandt
> wrote:
>> I would merge:
>>
>> smtpd_helo_restrictions = permit_mynetworks,
>> permit_sasl_authenticated,reject_non_fqdn_helo_hostname,
>> reject_invalid_helo_hostname
>>
>> smtpd_recipient_restrictions = permit_my
Sorry
When hitting reply button to the message, it just was routed to your
address, not to the list as should be. Just noticed that now.
Thanks for your answer anyway.
David
- Original Message -
From: "Ansgar Wiechers"
To:
Sent: Wednesday, January 20, 2010 11:39 AM
Subject: Re:
Am 20.01.2010 12:48, schrieb luca:
> Hi,
>
> Yes I know it is not a bug.
> I would like to know if it is possible to configure postfix so that the
> answers it gives to
> the Exchange Server instruments it to avoid producing the email to the
> sending user.
I am not sure but maybe
http://www.pos
Martijn de Munnik:
> On Wed, 20 Jan 2010 07:20:01 -0500 (EST), wie...@porcupine.org (Wietse
> Venema) wrote:
> > Martijn de Munnik:
> >> Hi list,
> >>
> >> I have a problem with delivering mail to a host and get this error:
> >>
> >> host mx2.amsterdam.nl[145.222.14.10] said: 421 enepmx02.amsterd
Wolfgang Zeikat:
> We are experimenting with spamass-milter to check mails and reject them
> if a configured spamassassin score is reached. That part works, but the
> milter is (of course) applied to all mails after our
> smtpd_recipient_restrictions lookups return OK for the recipient, i.e.
>
This is definitely more an Exchange question than a Postfix one, but
as I'm already using Postfix for greylisting and will probably be
using SpamAssassin fairly soon, I thought I'd ask it. Some anti-spam
software that works with Exchange can deliver spam messages to a Spam
folder in a user's mailb
On 1/20/2010 12:49 PM, Aaron Clausen wrote:
> This is definitely more an Exchange question than a Postfix one, but
> as I'm already using Postfix for greylisting and will probably be
> using SpamAssassin fairly soon, I thought I'd ask it. Some anti-spam
> software that works with Exchange can deli
Wietse Venema wrote:
The following solution solves 99% of the problem:
- IF mail is from a local (or authenticated) client
That's the magic part right there. How do I accomplish this?
- AND the sender has already passed "reject_unlisted_sender"
- THEN store the (sender, recipient) pair in
Here's the TCP initial handshake:
17:30:44.951789 IP 213.207.90.2.48147 > 145.222.14.10.25: S
50514820:50514820(0) win 49640
17:30:44.954496 IP 145.222.14.10.25 > 213.207.90.2.48147: S
4148480248:4148480248(0) ack 50514821 win 5840
17:30:44.954519 IP 213.207.90.2.48147 > 145.222.14.10.25: . ac
Daniel L. Miller:
> Wietse Venema wrote:
> > The following solution solves 99% of the problem:
> >
> > - IF mail is from a local (or authenticated) client
> >
> That's the magic part right there. How do I accomplish this?
The client IP address passed along in the policy protocol.
> > - AND th
Stan Hoeppner a écrit :
> Well, there's one positive side to this thread Noel. Your reply to
> "undisclosed
> recipients" instead of the list address broke my postfix-users sort filter. I
> just spent 20 minutes trying to figure it out. I tried "received" and
> "return-path" and all kinds of he
On Wed, Jan 20, 2010 at 03:22:56PM -0500, Wietse Venema wrote:
> The broken router then throws away the bytes with higher sequence
> numbers than 14233.
>
> Workaround: turn off window scaling support on the sender's kernel.
This problem is sufficiently common, that on Linux MTAs I always add:
* Carlos Williams :
> Thank you very much for your merge suggestion. I am reading your book
> right now (page 70-72) and trying to understand the concept are the
> merge suggestion. Would you mind explaining what benefit / performance
> is attributed by merging all?
It makes it easier to read :)
* tobi :
> @Ralf
> would it not make more sense to place check_sender_access before the
> check_policy_service? Otherwise you might greylist senders you don't
> want (like maillists)
I was thinking about this as well... Up to you I guess :)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung
Ralf Hildebrandt a écrit :
> * Jaroslaw Grzabel :
>> Ralf Hildebrandt wrote:
>>> Use an access(5) map on the client:
>>>
>>> check_client_access hash:/etc/postfix/nice_reject
>>>
>>> with:
>>>
>>> unknown 550 5.1.2 Your reverse DNS entries are off
>>>
>>>
>> Thank you for that Ralf. Do you k
Wietse Venema wrote:
Is it possible to exclude mails from
smtpd_milters = unix:/var/run/spamass.sock?
There is no such option.
OK. Thank you for the bad news ;)
Would we have that option if we use an
smtpd_proxy_filter,
i.e. spampd?
Regards,
wolfgang
Ralf Hildebrandt a écrit :
> * Carlos Williams :
>
>> Thank you very much for your merge suggestion. I am reading your book
>> right now (page 70-72) and trying to understand the concept are the
>> merge suggestion. Would you mind explaining what benefit / performance
>> is attributed by merging a
Wolfgang Zeikat:
> Wietse Venema wrote:
>
> >> Is it possible to exclude mails from
> >> smtpd_milters = unix:/var/run/spamass.sock?
> >
> > There is no such option.
>
> OK. Thank you for the bad news ;)
It is not a good idea to simply turn off Milters in the middle of
an SMTP session, because
On Jan 20, 2010, at 9:28 PM, Victor Duchovni wrote:
> On Wed, Jan 20, 2010 at 03:22:56PM -0500, Wietse Venema wrote:
>
>> The broken router then throws away the bytes with higher sequence
>> numbers than 14233.
>>
>> Workaround: turn off window scaling support on the sender's kernel.
>
> This
Martijn de Munnik:
>
> On Jan 20, 2010, at 9:28 PM, Victor Duchovni wrote:
>
> > On Wed, Jan 20, 2010 at 03:22:56PM -0500, Wietse Venema wrote:
> >
> >> The broken router then throws away the bytes with higher sequence
> >> numbers than 14233.
> >>
> >> Workaround: turn off window scaling suppo
Wietse Venema:
> You can do
>
> ndd /dev/tcp \?
>
> to find out what parameters are supported. On my Solaris9 and
> Solaris10 test boxes it is called tcp_wscale_always.
>
> According to Solaris10 documentation:
>
> When this parameter is enabled, which is the default setting
> [sinc
Wietse Venema wrote:
The client IP address passed along in the policy protocol.
This goes back to my original question. How, using existing Postfix
syntax, can I call the policy daemon - after the IP address and/or
sender authentication has been performed by Postfix? Or would I have to
r
/dev/rob0 wrote:
> On Tue, Jan 19, 2010 at 11:34:13AM +0530, J. Bakshi wrote:
>
>> I am trying to drop outgoing emails having particular email-id in
>> its [TO] field. Say myn...@domain1.com and myna...@domain2.com,
>> hence any mail destined for myn...@domain1.com or
>> myna...@domain2.com w
mouss put forth on 1/20/2010 2:26 PM:
>> That's just plain silly.
>
> Keep calm Stan!
I was calm. I had no exclamation point there. ;)
> Consider this to be a good lesson: your filtering approach is
> suboptimal. For most mailing lists, you can use one of:
It _was_ less than optimal.
> List-
69 matches
Mail list logo
