Clarification on 'reject_non_fqdn_helo_host name''s behaviour

Hello, I have an issue with spam. To tackle the issue, I am going configure my Postfix-based SMTP server by enabling 'reject_non_fqdn_helo_host name', which will reject mail from clients that are not using a FQDN as their host name (such as 'localhost'). After reading Postfix's documentati

Re: Auth/relaying issues with 2.10.0

On 2013-06-07 2:56 AM, Jan Kohnert wrote: Am Donnerstag, 6. Juni 2013, 20:06:48 schrieb Michael Orlitzky: Postfix 2.10 on Gentoo adds the safety net, but the package manager won't automatically clobber files under /etc. You're supposed to run a tool (etc-update) afterwards to merge any changes.

Re: Clarification on 'reject_non_fqdn_helo_host name''s behaviour

Nikolas Kallis: > Hello, > > > > I have an issue with spam. To tackle the issue, I am going configure my > Postfix-based SMTP server by enabling 'reject_non_fqdn_helo_host name', > which will reject mail from clients that are not using a FQDN as their > host name (such as 'localhost'). > > A

Bug report: 'reject_non_fqdn_helo_hostname' not handling address literals

Hello, Postfix has a bug in it where argument 'reject_non_fqdn_helo_hostname' causes Postfix to reject mail from a client who is using an address literal as their 'helo' command. This in breach of RFC 2821 under section 4.1.1.1. Regards, Nikolas Kallis

Re: Clarification on 'reject_non_fqdn_helo_host name''s behaviour

Nikolas Kallis: [ Charset ISO-8859-1 unsupported, converting... ] > >> What the documentation says is incorrect. Under '3.6 Domains' of RFC > >> 2821, it says a host name can be an address literal. So, if I use > >> 'reject_non_fqdn_helo_host name' and a SMTP client uses an address > >> literal for

Re: Bug report: 'reject_non_fqdn_helo_hostname' not handling address literals

Nikolas Kallis: > Hello, > > Postfix has a bug in it where argument 'reject_non_fqdn_helo_hostname' > causes Postfix to reject mail from a client who is using an address > literal as their 'helo' command. Your claim is valid. Address literals in HELO must be enclosed in []. Wietse

Re: Clarification on 'reject_non_fqdn_helo_host name''s behaviour

What the documentation says is incorrect. Under '3.6 Domains' of RFC 2821, it says a host name can be an address literal. So, if I use 'reject_non_fqdn_helo_host name' and a SMTP client uses an address literal for its host name, will Postfix reject the mail? Of course not. According to my mail

Re: Bug report: 'reject_non_fqdn_helo_hostname' not handling address literals

Postfix has a bug in it where argument 'reject_non_fqdn_helo_hostname' causes Postfix to reject mail from a client who is using an address literal as their 'helo' command. Your claim is valid. Address literals in HELO must be enclosed in []. I am a little confused. Were you just correcting me

Re: Clarification on 'reject_non_fqdn_helo_host name''s behaviour

On 07/06/2013 12:10, Nikolas Kallis wrote: Notice helo equals '37.212.64.248' - an address literal. Please READ the RFC. That form is INVALID. I think you are referring to the square brackets - I knew about them. I didn't pick up the logic in the system message. Sorry. Never the less, '37.

Re: Bug report: 'reject_non_fqdn_helo_hostname' not handling address literals

On 6/7/2013 5:46 AM, Nikolas Kallis wrote: > Postfix has a bug in it where argument 'reject_non_fqdn_helo_hostname' > causes Postfix to reject mail from a client who is using an address > literal as their 'helo' command. > > This in breach of RFC 2821 under section 4.1.1.1. You can also enforce

Re: Bug report: 'reject_non_fqdn_helo_hostname' not handling address literals

Wietse Venema: > Nikolas Kallis: > > Hello, > > > > Postfix has a bug in it where argument 'reject_non_fqdn_helo_hostname' > > causes Postfix to reject mail from a client who is using an address > > literal as their 'helo' command. > > Your claim is valid. Address literals in HELO must be enclo

Re: Clarification on 'reject_non_fqdn_helo_host name''s behaviour

Notice helo equals '37.212.64.248' - an address literal. Please READ the RFC. That form is INVALID. I think you are referring to the square brackets - I knew about them. I didn't pick up the logic in the system message. Sorry. Never the less, '37.212.64.248' is not a domain name, so 'reject_

Re: Clarification on 'reject_non_fqdn_helo_host name''s behaviour

On Fri, Jun 07, 2013 at 10:05:41PM +1000, Nikolas Kallis wrote: > As '37.212.64.248' for 'helo' is neither a FQDN nor an address > literal, then is it pointless using 'reject_invalid_helo_hostname' > with 'reject_non_fqdn_helo_host name'? > I have never seen 'reject_invalid_helo_hostname' reject ma

Defeating 'reject_non_fqdn_helo_hostname'

Hello, Before I had my ISP setup my IP address's PTR record to resolve to one of my domains, my IP address resolved to '123-243-137-139.static.tpgi.com.au'. If I had used '[123.243.137.139]' as the host name of my mail server, would a Postfix-based e-mail server enforcing 'reject_non_fqdn_h

Re: Clarification on 'reject_non_fqdn_helo_host name''s behaviour

On 07/06/2013 13:45, Michael P. Demelbauer wrote: On Fri, Jun 07, 2013 at 10:05:41PM +1000, Nikolas Kallis wrote: As '37.212.64.248' for 'helo' is neither a FQDN nor an address literal, then is it pointless using 'reject_invalid_helo_hostname' with 'reject_non_fqdn_helo_host name'? I have never

Re: Defeating 'reject_non_fqdn_helo_hostname'

On Fri, Jun 07, 2013 at 10:46:46PM +1000, Nikolas Kallis wrote: > (...) 'reject_non_fqdn_helo_hostname' (...) reject_non_fqdn_helo_hostname will make your life miserable and block very little spam, assuming this third reject_non_fqdn_helo_hostname related thread of yours is still about rejecting s

'reject_non_fqdn_helo_hostname' not working?!

Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. I have 'reject_non_fqdn_helo_hostname' enabled; how did this unsolicited e-mail get through?

Re: 'reject_non_fqdn_helo_hostname' not working?!

On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. 'bbbmail.com' is a fully qualified domain name. That is c

Re: 'reject_non_fqdn_helo_hostname' not working?!

Le 07/06/2013 15:11, Mark Goodge a écrit : On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. 'bbbmail.com'

Re: 'reject_non_fqdn_helo_hostname' not working?!

On 07/06/13 23:11, Mark Goodge wrote: On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' is not a FQDN. 'bbbmail.com' is a

Re: 'reject_non_fqdn_helo_hostname' not working?!

Not at all. asgljgsglhg.aergohgergearguaoreg.gaegergheagaerhgaerhgopaeg is just as much an FQDN as mail.google.com. Ron Scott-Adams r...@tohuw.net "Soap and education are not as sudden as a massacre, but they are more deadly in the long run." (Mark Twain) On Jun 7, 2013, at 09:16 , Nikol

Re: 'reject_non_fqdn_helo_hostname' not working?!

On 07/06/2013 14:16, Nikolas Kallis wrote: On 07/06/13 23:11, Mark Goodge wrote: On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not resolve to a host name, therefore 'bbbm

Re: 'reject_non_fqdn_helo_hostname' not working?!

Am 2013-06-07 15:16, schrieb Nikolas Kallis: I thought for a domain to be fully qualified, it must have a PTR record setup for it? No, fully qualified means that all domain name components up to the top level domain are specified. While you can generally expect that fully qualified domain name

Re: 'reject_non_fqdn_helo_hostname' not working?!

On 07/06/13 23:29, Mark Goodge wrote: On 07/06/2013 14:16, Nikolas Kallis wrote: On 07/06/13 23:11, Mark Goodge wrote: On 07/06/2013 14:06, Nikolas Kallis wrote: Hello, I just got an unsolicited e-mail from the domain 'bbbmail.com', which is hosted at '46.235.78.1'. '46.235.78.1' does not

Re: permit ip, reject domain

On 6/6/2013 9:36 PM, Feel Zhou wrote: > Thanks Noel > > one more thing, How to setting one IP bind two or three domain > > Thanks a lot > > ... > > # require_sender_A > A.example.com OK C.example.com OK -- Noel Jones

Re: Defeating 'reject_non_fqdn_helo_hostname'

On 6/7/2013 7:46 AM, Nikolas Kallis wrote: > Hello, > > > > Before I had my ISP setup my IP address's PTR record to resolve to > one of my domains, my IP address resolved to > '123-243-137-139.static.tpgi.com.au'. If I had used > '[123.243.137.139]' as the host name of my mail server, would a >

relay problem

Hi all, Hopefully I can explain this good enough for someone to understand and perhaps even suggest a solution. Our email system is built from a LDAP directory that contains all the necessary information about our users. A box receives mail from the MX's and routes it according to the information

Using TLS for certain domains

Dear list, We need to implement TLS for one of our customers using our Postfix infrastructure (serving multiple domains) for inbound mail. The final delivery for that domain is a Exchange server, but we have a anti-virus server in front of that Exchange: internet -> postfix-relay -> AV-filter ->

Re: Using TLS for certain domains

On 6/7/2013 1:40 PM, polloxx wrote: > Dear list, > > We need to implement TLS for one of our customers using our Postfix > infrastructure (serving multiple domains) for inbound mail. The > final delivery for that domain is a Exchange server, but we have a > anti-virus server in front of that Excha

Investigating iPhone Compatibility

Greetings, We're starting to incorporate iPhone users into our email system. Sometimes we seem to be having trouble with mail being delayed for a long time before the phone will connect to the server and send the mail. I don't really have any idea what this is. I've looked through the logs,

Re: Investigating iPhone Compatibility

On 6/7/2013 3:28 PM, Asai wrote: > Greetings, > > We're starting to incorporate iPhone users into our email system. > Sometimes we seem to be having trouble with mail being delayed for a > long time before the phone will connect to the server and send the > mail. I don't really have any idea wha

Re: Investigating iPhone Compatibility

On Jun 8, 2013, at 00:47, Noel Jones wrote: > On 6/7/2013 3:28 PM, Asai wrote: >> Greetings, >> >> We're starting to incorporate iPhone users into our email system. >> Sometimes we seem to be having trouble with mail being delayed for a >> long time before the phone will connect to the server a

Re: 'reject_non_fqdn_helo_hostname' not working?!

On 6/7/2013 8:06 AM, Nikolas Kallis wrote: > Hello, > > > > I just got an unsolicited e-mail from the domain 'bbbmail.com', which is > hosted at '46.235.78.1'. > > '46.235.78.1' does not resolve to a host name, therefore 'bbbmail.com' > is not a FQDN. $ host 46.235.78.1 Host 1.78.235.46.in-add

Re: Using TLS for certain domains

On 08/06/13 05:29, Noel Jones wrote: On 6/7/2013 1:40 PM, polloxx wrote: Dear list, We need to implement TLS for one of our customers using our Postfix infrastructure (serving multiple domains) for inbound mail. The final delivery for that domain is a Exchange server, but we have a anti-virus s

Re: Defeating 'reject_non_fqdn_helo_hostname'

On 6/7/2013 11:28 AM, Noel Jones wrote: > Generally only internal systems and spammers use IP literals for the > HELO hostname. I wouldn't recommend it. Absolutely. > I would suggest not using "123-243-137-139.static.tpgi.com.au" as > your HELO, since that's what all the spam bots do. Some fol

Postfix master dead but pid file exists

Dear List, We have a mail server running on RHEL 6.2 with the following components :- 1. Postfix 2. Openldap 3. Courier-authlib 4. Courier-imap 5. SASL 6. Maildrop The problem is the postfix status is showing “master dead but pid file exists” after sometime. The main

Re: Using TLS for certain domains

On Sat, Jun 08, 2013 at 01:17:22PM +1000, Nikolas Kallis wrote: > >For the general use case, just enable TLS as described in > >http://www.postfix.org/TLS_README.html#quick-start > >then set both smtp_tls_security_level and smtpd_tls_security_level > >to "may" and TLS will just start working. > >

Re: Postfix master dead but pid file exists

On Sat, Jun 08, 2013 at 09:35:15AM +0530, jayanta.gh...@cesc.co.in wrote: > The problem is the postfix status is showing ?master dead but pid file > exists? after sometime. The main.cf file and the output of postconf ?d is > attached herein. I have also gone through the log files but could not fin

Difference between 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname'

From what I understand, 'reject_non_fqdn_helo_hostname' and 'reject_invalid_helo_hostname' detect malformed 'helo', but 'reject_non_fqdn_helo_hostname' does not detect malformed 'helo' if 'helo' is a malformed address literal. I.E: Given 'foo/bar.com' and '[900.111.111.900]': 'reject_non_fqdn_

Re: Using TLS for certain domains

On 07 Jun 2013, at 21:17 , Nikolas Kallis wrote: > Its not true that there is no benefit using a SSL certificate from a CA. Some > MTA's will reject connecting to a remote host if it cannot validate its > security credentials from a CA. Are you sure about that? I've *never* seen TLS session ab