Re: Postfix, SASL and LDAPDB

On Fri, 21 May 2010 13:12:08 +0200, Julien Vehent wrote: > > > I re-read the SASL howto and I'm quite confinced that my configuration is > fine (but once again, you're never a 100% sure). > > Any idea ? > I found something interesting in the Slapd logs. When Postfix sends the UID of the user

Re: SRS implementation

Tomoyuki Murakami: > > Tomoyuki Murakami: > >> > First, this would accept mail for forwarder+anyuser=anydom...@my.dom, > >> > meaning that it would be an open relay. A more secure implementation > >> > would compute a hash of (orig_sen...@domain.com, local secret) and > >> > include that hash in th

Re: which port to use for SSL/TLS?

On Fri, May 21, 2010 at 18:03, mouss wrote: > if you mean "wrapper mode ssl" (aka smtps), then > $ grep smtps /etc/services > ssmtp           465/tcp         smtps           # SMTP over SSL > > this is non standard. but it's used by outlook and by other "people". > > in the old days, people kept a

May be an OPEN Relay - But not really

Hello Everybody, I´m having some problem dealing with OPEN Relay Issues, We have a postfix server 2.5.5 and we have successfully reduced the SPAM outgoing and incoming, we have sasaulth for smtp authentication, and everything is ok, but when I try to check my server for open relay, I do the telne

fatal: /etc/postfix/master.cf: line 32: valid hostname or network address required in "[fc00::0.0.0.25]:25"

So it looks like the IP address parser used here doesn't accept all valid forms of IPv6? fatal: /etc/postfix/master.cf: line 32: valid hostname or network address required in "[fc00::0.0.0.25]:25" It worked when I used "[fc00::0019]:25".

Re: May be an OPEN Relay - But not really

On 5/24/2010 8:41 AM, Alan Cowes wrote: Hello Everybody, I´m having some problem dealing with OPEN Relay Issues, We have a postfix server 2.5.5 and we have successfully reduced the SPAM outgoing and incoming, we have sasaulth for smtp authentication, and everything is ok, but when I try to chec

Re: which port to use for SSL/TLS?

On 2010-05-24 9:33 AM, Phil Howard wrote: > Is it the case that 465 once was assigned as smtps and later retracted > and re-assigned differently? Or was it never official at all and the > /etc/services file you have isn't just an old one, but an unofficial > one? I get mine from IANA and 465 is a

Mail filters not running behind a controlled enviornment

Hi, I have deployed a postfix server for email receiving. On this I have configured DKIM and SenderID + SPF milters, by referring to http://www.postfix.org/MILTER_README.html Following are my settings in main.cf file: #Milter support for smtpd mail smtpd_milters = inet:localhost:10026, ine

Re: fatal: /etc/postfix/master.cf: line 32: valid hostname or network address required in "[fc00::0.0.0.25]:25"

Phil Howard: > So it looks like the IP address parser used here doesn't accept all > valid forms of IPv6? > > fatal: /etc/postfix/master.cf: line 32: valid hostname or network > address required in "[fc00::0.0.0.25]:25" 0.0.0.25 is not a valid IPv4 address. Wietse > It worked when I use

Re: Mail filters not running behind a controlled enviornment

On 5/24/2010 11:31 AM, Sharma, Ashish wrote: Hi, I have deployed a postfix server for email receiving. On this I have configured DKIM and SenderID + SPF milters, by referring to http://www.postfix.org/MILTER_README.html Following are my settings in main.cf file: #Milter support for smtpd mai

Re: Postfix, SASL and LDAPDB [definitely solved]

Final solution provided by the Openldap mailing list: > Just change your authz-regexp line to > > authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$" > "ldap:///dc=linuxwall,dc=info??sub?(|(uid=$1)(mail=$1))" And the authentication works. I think it's worth a line in the sasl howto to

Re: Postfix, SASL and LDAPDB [definitely solved]

* Julien Vehent : > Final solution provided by the Openldap mailing list: > > > Just change your authz-regexp line to > > > > authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$" > > "ldap:///dc=linuxwall,dc=info??sub?(|(uid=$1)(mail=$1))" > > > And the authentication works. > I think

RE: Mail filters not running behind a controlled enviornment

Noel, I am unable to find/get the logs of these milters. Can you point me in right direction of where should I check the logs of these milters. Thanks in advance Ashish Sharma -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of

Re: Postfix, SASL and LDAPDB [definitely solved]

On Mon, May 24, 2010 at 07:30:56PM +0200, Julien Vehent wrote: > Final solution provided by the Openldap mailing list: > > > Just change your authz-regexp line to > > > > authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$" > > "ldap:///dc=linuxwall,dc=info??sub?(|(uid=$1)(mail=$1))" >

Disable NDR

Hello, One of my postfix server is sending thousands of messages to non-existent mail box in another internal server. The internal application sends mail as mailb...@domain.net thru postfix. The TO addresses are invalid. I need reject messages from those domains not resolved. to=, relay=none,

Re: Disable NDR

On Mon, May 24, 2010 at 2:05 PM, Linux Addict wrote: > Hello, One of my postfix server is sending thousands of messages to > non-existent mail box in another internal server. The internal application > sends mail as mailb...@domain.net thru postfix. The TO addresses are > invalid. I need reject

Re: Mail filters not running behind a controlled enviornment

On 5/24/2010 12:57 PM, Sharma, Ashish wrote: Noel, I am unable to find/get the logs of these milters. Can you point me in right direction of where should I check the logs of these milters. Thanks in advance Ashish Sharma You'll need to check the docs for the milters you are using. That's ou

Re: Disable NDR

On 24.05.2010 20:05, Linux Addict wrote: Hello, One of my postfix server is sending thousands of messages to non-existent mail box in another internal server. The internal application sends mail as mailb...@domain.net thru postfix. The TO addresses are invalid. I need

Re: Disable NDR

On Mon, May 24, 2010 at 2:25 PM, John Adams wrote: > On 24.05.2010 20:05, Linux Addict wrote: > >> Hello, One of my postfix server is sending thousands of messages to >> non-existent mail box in another internal server. The internal >> application sends mail as mailb...@domain.net >>

Re: Postfix, SASL and LDAPDB [definitely solved]

On Mon, 24 May 2010 14:04:45 -0400, Victor Duchovni wrote: > On Mon, May 24, 2010 at 07:30:56PM +0200, Julien Vehent wrote: > >> Final solution provided by the Openldap mailing list: >> >> > Just change your authz-regexp line to >> > >> > authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$" >> >

Re: Disable NDR

On 5/24/2010 2:10 PM, Linux Addict wrote: > These are the restrictions. Surely the host which is sending spam is > part of mynetworks. > > smtpd_recipient_restrictions = [snip] > reject_rbl_client blackholes.easynet.nl > , > reject_rbl_client cbl.abuseat.org

sasl with postfix

I apologize as I know its is somewhat off topic. I have a postfix server running saslauthd 2.1.19 (cyrus-sasl-2.1.19-14) and recently I have been hit with a lot of dictionary attacks using sasl authentication. While looking at this issue I noticed that the sasl logs, (/var/log/messages) is no

Re: sasl with postfix

On 5/24/2010 4:03 PM, P.A wrote: > > I apologize as I know its is somewhat off topic. > > > > I have a postfix server running saslauthd 2.1.19 > (cyrus-sasl-2.1.19-14) and recently I have been hit with a lot of > dictionary attacks using sasl authentication. > > While looking at this issue I noti

Re: Postfix, SASL and LDAPDB [definitely solved]

On Mon, May 24, 2010 at 09:18:44PM +0200, Julien Vehent wrote: > === case 2: authentification succeeds === > > Same authz-regex in slapd, same smtpclient command, I just removed the > smtpd_sasl_local_domain value: > > > # postconf |grep "smtpd_sasl" > smtpd_

Re: which port to use for SSL/TLS?

Phil Howard a écrit : > [snip] > Is it the case that 465 once was assigned as smtps and later retracted > and re-assigned differently? Or was it never official at all and the > /etc/services file you have isn't just an old one, but an unofficial > one? As far as I know, it was never standardise