Re: Malformed DNS server reply

Wietse Venema wrote: >> Hi list, >> >> I saw this in my logs: >> >> Apr 29 14:58:08 mx postfix/smtpd[4880]: connect from >> xxx.yyy.zzz[xxx.yyy.zzz.xxx] >> Apr 29 14:58:09 mx postfix/smtpd[4880]: warning: valid_hostname: empty >> hostname >> Apr 29 14:58:09 mx postfix/smtpd[4880]: warning: malforme

Re: Malformed DNS server reply

Victor Duchovni wrote: > On Fri, Apr 29, 2011 at 09:39:10AM -0400, Wietse Venema wrote: > >>> This looks like a Null MX record: >>> http://tools.ietf.org/html/draft-delany-nullmx-00 >>> >>> If the domain owner declares that this domain never sends or recieves >>> email, then shouldn't postfix reje

antyspam.onet.pl

has anybody out there ever sent a message to them successfull? they are blcoking all our servers independent from the network-range including messages to postmaster and FAIK it is rfc-ignorant answer with 451 the whole time for all messages until "maximal_queue_lifetime" is reached May 1 22:12:1

Re: antyspam.onet.pl

On 05/02/2011 03:31 PM, Reindl Harald wrote: has anybody out there ever sent a message to them successfull? they are blcoking all our servers independent from the network-range including messages to postmaster and FAIK it is rfc-ignorant answer with 451 the whole time for all messages until "max

Re: antyspam.onet.pl

Am 02.05.2011 12:37, schrieb Mihira Fernando: > On 05/02/2011 03:31 PM, Reindl Harald wrote: >> has anybody out there ever sent a message to them successfull? >> >> they are blcoking all our servers independent from the network-range >> including messages to postmaster and FAIK it is rfc-ignorant

Re: antyspam.onet.pl

On 05/02/2011 04:17 PM, Reindl Harald wrote: Am 02.05.2011 12:37, schrieb Mihira Fernando: On 05/02/2011 03:31 PM, Reindl Harald wrote: has anybody out there ever sent a message to them successfull? they are blcoking all our servers independent from the network-range including messages to pos

Re: antyspam.onet.pl

Am 02.05.2011 12:49, schrieb Mihira Fernando: >> how stoopid can anybody be to make server-answers form a spamfilter >> with 451 in polish and a form nobody out there can read followed >> by a RED SUCCESS MESSAGE (finding out success after google translate again) >> > They are most likely to be c

milter postfix for the geolocation addresses and headers X-Anti-Abuse

hello list hello gurus hello   Wietse Venema I would like to write a milter to postfix to achieve a geolocation addresses and headers X-Anti-Abuse you tell me with mimedefang is very simple I have tried with success but when I've put my achievements in production the headers X-SenderID disap

Re: milter postfix for the geolocation addresses and headers X-Anti-Abuse

fakessh: > hello list > hello gurus > hello ? Wietse Venema > > > I would like to write a milter to postfix to achieve a geolocation addresses > and headers X-Anti-Abuse > > you tell me with mimedefang is very simple > I have tried with success > > but when I've put my achievements in produc

FYI - Postfix 2.8.2 and CentOS 5.6

This isn't a Postfix issue, just an FYI for those running updated versions of Postfix on CentOS. I recently updated one of my CentOS 5.5 systems (which was running Postfix 2.8.2 compiled from source) to CentOS 5.6. The Postfix package appeared nowhere on the upgrade list, and my /etc/yum.conf has

Re: Enabling sender-dependent authentication only for fallback relay?

Earlier, I wrote: > I'm starting to ponder the idea of setting up a separate service in > my master.cf file -- similar to the standard "smtp" service, but with > a few parameters overridden -- and define that separate service as > my smtp_fallback_relay, and have the separate service use my *real*

Re: Enabling sender-dependent authentication only for fallback relay?

Rich Wales: > Earlier, I wrote: > > > I'm starting to ponder the idea of setting up a separate service in > > my master.cf file -- similar to the standard "smtp" service, but with > > a few parameters overridden -- and define that separate service as > > my smtp_fallback_relay, and have the separa

Re: Enabling sender-dependent authentication only for fallback relay?

On Sun, May 01, 2011 at 09:46:51PM -0700, Rich Wales wrote: > [Short version of my question: Is there any way to enable sender- > dependent authentication *only* when mail is being sent out via my > smtp_fallback_relay host, and *not* when I am sending mail directly > to a destination MX? I do n

Re: Enabling sender-dependent authentication only for fallback relay?

> There is a lot of "did not work" without concrete detail: actual > configuration, actual error responses. See my response in a recent > thread: . . . With all possible respect, Wietse, I believe I already provided ample concrete detail in my original message from last night. If you would pref

Spoofing problem

I thought I had this one fixed a while back but apparently not. I want to reject emails like this that are sent from one person but claim to be another. Ideas? Notice the first line and the last line: >From rs...@bnpi.com Sun May 1 16:37:58 2011 Return-Path: X-Original-To: gammal...@some.net Deli

Re: Spoofing problem

On 2011-05-02 R F wrote: > I thought I had this one fixed a while back but apparently not. I want > to reject emails like this that are sent from one person but claim to > be another. Ideas? Notice the first line and the last line: [...] > Thanks for any ideas. Quoting from the headers of your own

Re: Spoofing problem

On 5/2/2011 1:21 PM, R F wrote: I thought I had this one fixed a while back but apparently not. I want to reject emails like this that are sent from one person but claim to be another. Ideas? Notice the first line and the last line: From rs...@bnpi.com Sun May 1 16:37:58

Re: RFE: Make instance name visible in ps output

On Sat, Apr 30, 2011 at 10:08:40PM +0200, Patrick Ben Koetter wrote: > > So to find which master is which instance you need to look in the master.pid > > files or in /proc, ... If you do look in /proc, each child process has > > MAIL_CONFIG in its environment... > > I see, and I don't want to sou

Re: RFE: Make instance name visible in ps output

* Victor Duchovni : > On Sat, Apr 30, 2011 at 10:08:40PM +0200, Patrick Ben Koetter wrote: > > > > So to find which master is which instance you need to look in the > > > master.pid > > > files or in /proc, ... If you do look in /proc, each child process has > > > MAIL_CONFIG in its environment..

Re: RFE: Make instance name visible in ps output

On Mon, May 02, 2011 at 09:38:08PM +0200, Patrick Ben Koetter wrote: > * Victor Duchovni : > > On Sat, Apr 30, 2011 at 10:08:40PM +0200, Patrick Ben Koetter wrote: > > > > > > So to find which master is which instance you need to look in the > > > > master.pid > > > > files or in /proc, ... If y

Re: RFE: Make instance name visible in ps output

* Victor Duchovni : > > > Is this useful? > > > > Definitely! I ran it on a machine that has four instances of whom two > > weren't > > running and it failed on the first one not running. Could it be the script > > does not handle such situations? > > You of all people should be able to better e

Re: Enabling sender-dependent authentication only for fallback relay?

> You have to use a fallback relay setting that sends the mail to a second > Postfix instance on your machine, and have that instance send all mail > to the relay, with sender-dependent authentication. This would be a full > Postfix instance, not just another master.cf entry: Thanks, Victor. A f

Re: Enabling sender-dependent authentication only for fallback relay?

On Mon, May 02, 2011 at 02:00:52PM -0700, Rich Wales wrote: > > You have to use a fallback relay setting that sends the mail to a second > > Postfix instance on your machine, and have that instance send all mail > > to the relay, with sender-dependent authentication. This would be a full > > Post

Re: Enabling sender-dependent authentication only for fallback relay?

> The mail must be handled by a second separately configured smtp(8) > delivery agent, and therefore, must be placed in a separate queue, > which requires a separate instance. If the message were handed off > to the same queue-manager it would loop. Ah. And, not surprisingly, when I tried to sol

Re: FYI - Postfix 2.8.2 and CentOS 5.6

On 02/05/11 17:21, Steve Jenkins wrote: This isn't a Postfix issue, just an FYI for those running updated versions of Postfix on CentOS. I recently updated one of my CentOS 5.5 systems (which was running Postfix 2.8.2 compiled from source) to CentOS 5.6. The Postfix package appeared nowhere on t

Selective "RCPT TO" restrictions.

I am trying to configure a very selective list on who can send to a certain local accounts ( could be many and currently contains maybe 30 ). Currently, this is covered by: smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_lists,permit_mynetworks,permit_sasl_au

Re: FYI - Postfix 2.8.2 and CentOS 5.6

On Mon, May 2, 2011 at 2:39 PM, Ned Slider wrote: > There was a (Red Hat/CentOS) security update to Postfix issued almost 3 > months after the upstream release of 5.6: > > https://rhn.redhat.com/errata/RHSA-2011-0422.html > > However, because CentOS were slow with the release of 5.6, the base upda

Re: Spoofing problem

> > The above is the envelope sender.  You can configure postfix to reject your > own domain in the envelope sender from outside mail.  See numerous posts on > this in the archives. > This will reject legit mail, but probably not a great amount.  Pick your pain > threshold. That is probably som

Re: Enabling sender-dependent authentication only for fallback relay?

On Mon, May 02, 2011 at 02:33:31PM -0700, Rich Wales wrote: > > The mail must be handled by a second separately configured smtp(8) > > delivery agent, and therefore, must be placed in a separate queue, > > which requires a separate instance. If the message were handed off > > to the same queue-ma

Re: RFE: Make instance name visible in ps output

FYI, there exists no standard function to set the "process title". BSD has setproctitle() in the system library which as the manpage says, is "implicitly non-standard". Other systems don't have an equivalent in their system library, as far as I know. I prefer not to maintain Postfix's own version

Question re. IP address block of remote user

On a new postfix/dovecot configuration, email is generally working OK. That said, I'm seeing "Client host rejected: Access denied" messages in the logs for two of the client company principals when they are connecting remotely. I'm pretty certain their mail clients are set up correctly to authen

Re: Enabling sender-dependent authentication only for fallback relay?

> Yes, and this is no less efficient, and in fact the configuration > is IMHO simpler, and mailq(1) output is more meaningful, ... Thanks again. As it turned out, I was able to find a way to authenticate to my web hosting service's outbound SMTP server using a single username/password combo -- an

Re: Question re. IP address block of remote user

On Mon, 2011-05-02 at 18:09:48 -0700, Des Dougan wrote: > On a new postfix/dovecot configuration, email is generally working OK. > That said, I'm seeing "Client host rejected: Access denied" messages > in the logs for two of the client company principals when they are > connecting remotely. Show

Re: Question re. IP address block of remote user

On May 2011, at 6:58 PM, Sahil Tandon wrote: > On Mon, 2011-05-02 at 18:09:48 -0700, Des Dougan wrote: > >> On a new postfix/dovecot configuration, email is generally working OK. >> That said, I'm seeing "Client host rejected: Access denied" messages >> in the logs for two of the client company p

Re: Question re. IP address block of remote user

On Mon, 2011-05-02 at 19:16:42 -0700, Des Dougan wrote: > On May 2011, at 6:58 PM, Sahil Tandon wrote: > > > On Mon, 2011-05-02 at 18:09:48 -0700, Des Dougan wrote: > > > >> On a new postfix/dovecot configuration, email is generally working OK. > >> That said, I'm seeing "Client host rejected: A

Re: Question re. IP address block of remote user

On May 2011, at 7:26 PM, Sahil Tandon wrote: > On Mon, 2011-05-02 at 19:16:42 -0700, Des Dougan wrote: > >> On May 2011, at 6:58 PM, Sahil Tandon wrote: >> >>> On Mon, 2011-05-02 at 18:09:48 -0700, Des Dougan wrote: >>> On a new postfix/dovecot configuration, email is generally working OK

Re: Question re. IP address block of remote user

On May 2011, at 7:26 PM, Sahil Tandon wrote: > On Mon, 2011-05-02 at 19:16:42 -0700, Des Dougan wrote: > >> On May 2011, at 6:58 PM, Sahil Tandon wrote: >> >>> On Mon, 2011-05-02 at 18:09:48 -0700, Des Dougan wrote: >>> On a new postfix/dovecot configuration, email is generally working OK

Re: Question re. IP address block of remote user

On Mon, 2011-05-02 at 19:37:50 -0700, Des Dougan wrote: > > Do you have POSTFIX logs that show successful authentication? > > Like this?: > > May 2 17:30:53 enterprise postfix/smtpd[2142]: connect from > S01065475d08916e7.AA..net[DD.DD.DDD.DDD] No, that is just a connection. Success

Re: Question re. IP address block of remote user

On May 2011, at 7:42 PM, Sahil Tandon wrote: > On Mon, 2011-05-02 at 19:37:50 -0700, Des Dougan wrote: > >>> Do you have POSTFIX logs that show successful authentication? >> >> Like this?: >> >> May 2 17:30:53 enterprise postfix/smtpd[2142]: connect from >> S01065475d08916e7.AA..net

Re: Spoofing problem

On 5/2/2011 7:10 PM, R F wrote: The above is the envelope sender. You can configure postfix to reject your own domain in the envelope sender from outside mail. See numerous posts on this in the archives. This will reject legit mail, but probably not a great amount. Pick your pain threshold