Hi,
We currently have mail infrastructure setup like:
mail.domain.co.za (primary in our dc)
ptamail.domain.co.za (pta office)
jhbmail.domain.co.za (jhb office)
Currently we use mail.domain.co.za as the outgoing server for all
users, but I want to change that so that user will use
$branchmail.dom
* Victor Duchovni :
> On Thu, Feb 10, 2011 at 10:50:20PM +0100, Jeroen Geilman wrote:
>
> >> and I'm not sure how
> >> smtp_connection_reuse_time_limit = 300s
> >>
> >> could be lowered in such a way that busy destination MXes are not
> >> keeping a lot of mail in the active queue...
>
> The re-u
Thank you Noel,
After searching for a while, I found your info/solutions were complete
and accurate.
Locking sender addresses with authenticated users appears to be a good
practice, anyway.
Here, I have two questions about reject_sender_login_mismatch:
1. If sender is in the form "f...@e
Am 11.02.2011 10:08, schrieb Nikolaos Milas:
> Thank you Noel,
>
> After searching for a while, I found your info/solutions were complete and
> accurate.
>
> Locking sender addresses with authenticated users appears to be a good
> practice, anyway.
>
> Here, I have two questions about reject
Thank you Harald,
Please, let me ask for some clarifications, cause I'm confused:
If we have (SASL) UNauthenticated clients (who are allowed to send
emails from mynetworks) AND (SASL) authenticated clients (in mynetworks
or anywhere), what will happen to our UNauthenticated clients (in
mynetw
Hello i've a new question about two postfix server with the same mail
domain for different users.
Example
server a -> a...@example.com
a...@example.com
server b ->b...@example.com
b...@example.com
this is my question, is it possibile to receive to the cor
Ralf Hildebrandt:
> * Victor Duchovni :
> > On Thu, Feb 10, 2011 at 10:50:20PM +0100, Jeroen Geilman wrote:
> >
> > >> and I'm not sure how
> > >> smtp_connection_reuse_time_limit = 300s
> > >>
> > >> could be lowered in such a way that busy destination MXes are not
> > >> keeping a lot of mail in
On Fri, Feb 11, 2011 at 01:35:51PM +0100, Matteo Cazzador wrote:
> Hello i've a new question about two postfix server with the same mail
> domain for different users.
> Example
>
> server a -> a...@example.com
> a...@example.com
>
>
> server b ->b...@example.com
>
Thank's, i explain better why i need it, i need to do sò because i need
to reduce
the traffic between server b to server a and viceversa this is
for me the first priority.
Il 11/02/2011 14:28, Victor Duchovni ha scritto:
On Fri, Feb 11, 2011 at 01:35:51PM +0100, Matteo Cazzador wrote:
Hello
Matteo Cazzador:
> Thank's, i explain better why i need it, i need to do s? because i need
> to reduce
> the traffic between server b to server a and viceversa this is
> for me the first priority.
OK. If you know a better solution, how would a REMOTE SMTP host
know that it must send mail for a...
On Fri, Feb 11, 2011 at 02:56:47PM +0100, Matteo Cazzador wrote:
> Thank's, i explain better why i need it, i need to do s? because i need to
> reduce
> the traffic between server b to server a and viceversa this is
> for me the first priority.
If "a" and "b" are the MX hosts for a single email
On 2/10/2011 11:58 PM, Gary Smith wrote:
-Original Message-
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Gary Smith
Sent: Thursday, February 10, 2011 8:34 PM
To: 'postfix-users@postfix.org'
Subject: hold after permit question
I have clien
On 2/11/2011 6:08 AM, Nikolaos Milas wrote:
Thank you Harald,
Please, let me ask for some clarifications, cause I'm confused:
If we have (SASL) UNauthenticated clients (who are allowed to
send emails from mynetworks) AND (SASL) authenticated clients
(in mynetworks or anywhere), what will happen
On 02/11/2011 09:25 AM, Pieter Steyn wrote:
Hi,
We currently have mail infrastructure setup like:
mail.domain.co.za (primary in our dc)
ptamail.domain.co.za (pta office)
jhbmail.domain.co.za (jhb office)
Currently we use mail.domain.co.za as the outgoing server for all
users, but I want to cha
Thanks Noel,
for the detailed info.
In the meantime, I had already tested, and here are the test
results, for reference (tested by removing ownership of f...@example.com
by foo and logging in (in scenario II) as user foo):
I. 1 --->a (mes
(I'm sending again, because by mistake the message I sent before was in
html form.)
Thanks Noel, for the detailed info.
In the meantime, I had already tested, and here are the test results,
for reference (tested by removing ownership of f...@example.com by foo
and logging in (in scenario II)
Hi everyone.
We've been using postfix + AuthSMTP for quite awhile for our outgoing email
notifications. AuthSMTP is getting kind of expensive, so I'm trying to switch
to Amazon's Simple Email Service. I've successfully configured postfix to send
through SES and it works great, but Amazon thrott
Zach Wily:
[ Charset UTF-8 unsupported, converting... ]
> Hi everyone.
>
> We've been using postfix + AuthSMTP for quite awhile for our outgoing emai
>-l notifications. AuthSMTP is getting kind of expensive, so I'm trying to swi
>-tch to Amazon's Simple Email Service. I've successfully configured
On Fri, Feb 11, 2011 at 04:54:00PM +0100, Jeroen Geilman wrote:
>> I've tried simply setting:
>>
>> fallback_transport = mail.domain.co.za
>>
>
> fallback_transport means "use this route if other routes are not
> functional".
> This is unrelated to sepcific recipients; it only deals in mail
On 02/11/2011 05:36 PM, Victor Duchovni wrote:
On Fri, Feb 11, 2011 at 04:54:00PM +0100, Jeroen Geilman wrote:
I've tried simply setting:
fallback_transport = mail.domain.co.za
fallback_transport means "use this route if other routes are not
functional".
This is unrelated to sepc
This was designed to implement a graveyard service for mail
> that can't be delivered via the preferred service.
>
> http://www.postfix.org/postconf.5.html#smtp_fallback_relay
I tried this, but when a message to aws-email fails, it enters SOFTBOUNCE state
and sits in the queue. What I'd like is f
> HOLD always take place last, and only accepted mail is put on
> HOLD. Since this server is for user submission and all mail
> is either authenticated or rejected, it doesn't matter too
> much where you put the hold.
Good to know. I probably asked the same question years ago, but this helps.
>
On 11/02/2011 14:56, Matteo Cazzador wrote:
Thank's, i explain better why i need it, i need to do sò because i need to
reduce
the traffic between server b to server a and viceversa this is
for me the first priority.
Why don't share email storage between server to solve the problem?
--
Simone
On 02/11/2011 05:50 PM, Zach Wily wrote:
This was designed to implement a graveyard service for mail
that can't be delivered via the preferred service.
http://www.postfix.org/postconf.5.html#smtp_fallback_relay
I tried this, but when a message to aws-email fails, it enters SOFTBOUNCE
On 02/11/2011 05:56 PM, Simone Caruso wrote:
On 11/02/2011 14:56, Matteo Cazzador wrote:
Thank's, i explain better why i need it, i need to do sò because i
need to reduce
the traffic between server b to server a and viceversa this is
for me the first priority.
Why don't share email storage be
> > Anyway, the question is, how does the community as a whole deal with
> > big ISP's losing email? It seems that some companies (like ATT) seem
> > to have less and less access to tools necessary for communicating with
> > them on things like this. Is there any know lists of contact/support
>
On Friday, February 11, 2011 at 10:03 AM, Jeroen Geilman wrote:
On 02/11/2011 05:50 PM, Zach Wily wrote:
> > This was designed to implement a graveyard service for mail
> >
> > > that can't be delivered via the preferred service.
> > >
> > > http://www.postfix.org/postconf.5.html#smtp_fallback_re
On 2/11/2011 10:55 AM, Gary Smith wrote:
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject
This line is sufficient to limit access to mynetworks and
authenticated users.
Do I even need this at all if I'm using smtpd_sender_restrictions since this is
an outgo
> You must have permit_sasl_authenticated in
> smtpd_recipient_restrictions to allow users to relay.
> Typically on the outgoing only server, only
> smtpd_recipient_restrictions is used and the other
> smtpd_*_restrictions sections are empty.
>
Gotcha
>
> The one that's repeated ;)
> reject_
postscreen_access_list = permit_sasl_authenticated, permit_mynetworks,
cidr:/etc/postfix/cidr/postscreen_access.cidr
will it work ?
to avoid sasl users being tested in dnsbl
On 2/11/2011 11:36 AM, Gary Smith wrote:
You must have permit_sasl_authenticated in
smtpd_recipient_restrictions to allow users to relay.
Typically on the outgoing only server, only
smtpd_recipient_restrictions is used and the other
smtpd_*_restrictions sections are empty.
Gotcha
The one
On 2/11/2011 11:57 AM, Benny Pedersen wrote:
postscreen_access_list = permit_sasl_authenticated, permit_mynetworks,
cidr:/etc/postfix/cidr/postscreen_access.cidr
will it work ?
No. Authentication happens in smtpd after postscreen is done.
to avoid sasl users being tested in dnsbl
Bes
On Fri, 11 Feb 2011 12:00:30 -0600, Noel Jones
wrote:
> On 2/11/2011 11:57 AM, Benny Pedersen wrote:
>> postscreen_access_list = permit_sasl_authenticated, permit_mynetworks,
>> cidr:/etc/postfix/cidr/postscreen_access.cidr
>> will it work ?
> No. Authentication happens in smtpd after postscreen
On Fri, Feb 11, 2011 at 07:07:15PM +0100, Benny Pedersen wrote:
> not the best option for me, but my users can live with it, but remote
> servers will need tls on port 25 still
TLS != SASL. Postscreen supports TLS/SSL, but not SASL, which belongs
largely on port 587.
--
Viktor.
On 2/11/2011 12:07 PM, Benny Pedersen wrote:
On Fri, 11 Feb 2011 12:00:30 -0600, Noel Jones
wrote:
On 2/11/2011 11:57 AM, Benny Pedersen wrote:
postscreen_access_list = permit_sasl_authenticated, permit_mynetworks,
cidr:/etc/postfix/cidr/postscreen_access.cidr
will it work ?
No. Authenticatio
On Fri, 11 Feb 2011 13:10:35 -0500, Victor Duchovni
wrote:
> On Fri, Feb 11, 2011 at 07:07:15PM +0100, Benny Pedersen wrote:
>
>> not the best option for me, but my users can live with it, but remote
>> servers will need tls on port 25 still
>
> TLS != SASL. Postscreen supports TLS/SSL, but not
It's clear thank's a lot everybody
Il 11/02/2011 15:09, Victor Duchovni ha scritto:
On Fri, Feb 11, 2011 at 02:56:47PM +0100, Matteo Cazzador wrote:
Thank's, i explain better why i need it, i need to do s? because i need to
reduce
the traffic between server b to server a and viceversa this is
Gary Smith wrote:
Anyway, the question is, how does the community as a whole deal with
big ISP's losing email? It seems that some companies (like ATT) seem
to have less and less access to tools necessary for communicating with
them on things like this. Is there any know lists of contact/sup
Benny Pedersen:
> On Fri, 11 Feb 2011 13:10:35 -0500, Victor Duchovni
> wrote:
> > On Fri, Feb 11, 2011 at 07:07:15PM +0100, Benny Pedersen wrote:
> >
> >> not the best option for me, but my users can live with it, but remote
> >> servers will need tls on port 25 still
> >
> > TLS != SASL. Posts
Zach Wily:
> This was designed to implement a graveyard service for mail
> > that can't be delivered via the preferred service.
> >
> > http://www.postfix.org/postconf.5.html#smtp_fallback_relay
> I tried this, but when a message to aws-email fails, it enters SOFTBOUNCE
>-state and sits in the qu
On 2/11/2011 12:17 PM, Benny Pedersen wrote:
On Fri, 11 Feb 2011 13:10:35 -0500, Victor Duchovni
wrote:
On Fri, Feb 11, 2011 at 07:07:15PM +0100, Benny Pedersen wrote:
not the best option for me, but my users can live with it, but remote
servers will need tls on port 25 still
TLS != SASL.
Sorry, Noel,
Now that I re-read your last post, I can see there is no discrepancy at
all between my findings and your description in the two cases I mentioned.
In fact, what happens is exactly what you describe. The email message is
rejected because the client specifies a MAIL FROM listed in
On Fri, Feb 11, 2011 at 11:58:10AM -0600, Noel Jones wrote:
> On 2/11/2011 11:36 AM, Gary Smith wrote:
> >Um, if you put the restriction twice doesn't it give it a
> >greater effect? ;)
>
> To increase the effect, google for the
> reject_unknown_sender_domain_dammit feature patch.
This opens up a
On 2/11/2011 1:22 PM, /dev/rob0 wrote:
On Fri, Feb 11, 2011 at 11:58:10AM -0600, Noel Jones wrote:
On 2/11/2011 11:36 AM, Gary Smith wrote:
Um, if you put the restriction twice doesn't it give it a
greater effect? ;)
To increase the effect, google for the
reject_unknown_sender_domain_dammit f
On 02/11/2011 06:22 PM, Zach Wily wrote:
On Friday, February 11, 2011 at 10:03 AM, Jeroen Geilman wrote:
On 02/11/2011 05:50 PM, Zach Wily wrote:
This was designed to implement a graveyard service for mail
that can't be delivered via the preferred service.
http://www.postfix.org/p
On 02/11/2011 08:59 PM, Jeroen Geilman wrote:
On 02/11/2011 06:22 PM, Zach Wily wrote:
On Friday, February 11, 2011 at 10:03 AM, Jeroen Geilman wrote:
On 02/11/2011 05:50 PM, Zach Wily wrote:
This was designed to implement a graveyard service for mail
that can't be delivered via the preferred
I've discovered something odd: permit_mynetworks seems to be allowing
invalid addresses in rather than just allowing relaying. The symptom is
that if I connect from a local client, any rcpt to is accepted; if I
connect from a non-local client, it's properly rejected.
moving reject_unlisted_recipi
Alan Batie:
> I've discovered something odd: permit_mynetworks seems to be allowing
> invalid addresses in rather than just allowing relaying. The symptom is
You changed "smtpd_reject_unlisted_recipient" from its default.
Wietse
On 2/11/2011 3:38 PM, Alan Batie wrote:
> I've discovered something odd: permit_mynetworks seems to be allowing
> invalid addresses in rather than just allowing relaying. The symptom is
> that if I connect from a local client, any rcpt to is accepted; if I
> connect from a non-local client, it's p
On 2/11/2011 2:38 PM, Alan Batie wrote:
I've discovered something odd: permit_mynetworks seems to be allowing
invalid addresses in rather than just allowing relaying. The symptom is
that if I connect from a local client, any rcpt to is accepted; if I
connect from a non-local client, it's properl
On 2/11/11 12:57 PM, Noel Jones wrote:
> No, the reject_unlisted_{sender, recipient} checks only apply to domains
> that postfix is responsible for. External domains are not checked.
Perfect, that's what I needed to know. Thanks!
smime.p7s
Description: S/MIME Cryptographic Signature
Dear Postfix experts,
I'm new to mailing servers and need advice. Is it reasonable for my
small company to use my own mail server? How much configuration is
needed for a secure setup on a CentOS box? The requirements are: I
have three domain names and only one user with some aliases. Google
apps i
On Fri, Feb 11, 2011 at 11:38:41PM +0100, Gergely Buday wrote:
> Dear Postfix experts,
>
> I'm new to mailing servers and need advice. Is it reasonable for my
> small company to use my own mail server? How much configuration is
> needed for a secure setup on a CentOS box? The requirements are: I
On 2/11/2011 4:38 PM, Gergely Buday wrote:
Dear Postfix experts,
I'm new to mailing servers and need advice. Is it reasonable for my
small company to use my own mail server? How much configuration is
needed for a secure setup on a CentOS box?
Not too much.
http://www.postfix.org/documentation.
On Fri, Feb 11, 2011 at 3:38 PM, Gergely Buday wrote:
> Dear Postfix experts,
>
> I'm new to mailing servers and need advice. Is it reasonable for my
> small company to use my own mail server? How much configuration is
> needed for a secure setup on a CentOS box? The requirements are: I
> have thr
On 02/11/2011 04:54 PM, Noel Jones wrote:
On 2/11/2011 4:38 PM, Gergely Buday wrote:
Dear Postfix experts,
I'm new to mailing servers and need advice. Is it reasonable for my
small company to use my own mail server? How much configuration is
needed for a secure setup on a CentOS box?
Not too
Gergely Buday wrote:
Dear Postfix experts,
I'm new to mailing servers and need advice. Is it reasonable for my
small company to use my own mail server? How much configuration is
needed for a secure setup on a CentOS box? The requirements are: I
have three domain names and only one user with some
57 matches
Mail list logo
