> > Alternative/additional approach:
> >
> > smtp_fallback_relay_threshold_time (compare to
> > smtp_pix_workaround_threshold_time)
> >
> > How long a message must be queued before the Postfix SMTP client
> > passes the mail to the smtp_fallback_relay.
>
> A threshold would work, with the defaul
forgot LDAP support?
suomi
On 2013-06-14 08:50, Manuel Badzong wrote:
Hi,
I would like to introduce mail gopher, a new all-in-one, MIT-licensed
mail filter.
Mopher is designed to be lightweight, modular and extensible, has
several unique features and uses a very flexible and customizable
conf
On Fri, Jun 14, 2013 at 08:50:42AM +0200, Manuel Badzong wrote:
> I would like to introduce mail gopher, a new all-in-one, MIT-licensed
> mail filter.
How does it relate to Postfix? Postfix already does this with a bit of
help.
> Mopher can:
> + tarpit hosts
Bad idea in userspace. Bad idea
Hi,
currently we are experiencing problems with an incoming SMTP/TLS
connection. Remote side is an Ironport device, we are using postfix
2.8.13 on solaris 10. The problem exists only for incoming mails
(ironport to postfix), the other direction works fine. It happens for
both opportunistic (which
Jan P. Kessler:
> Jun 14 10:24:47 rv-smtpext-101 postfix/smtpd[5847]: [ID 947731
> mail.warning] warning: TLS library problem: 5847:error:0D0C50A1:asn1
> encoding routines:ASN1_item_verify:unknown message digest
> algorithm:a_verify.c:146:
> Jun 14 00:31:58 rv-smtpext-201 postfix/smtpd[22673]: [ID
On Fri, Jun 14, 2013 at 12:08:00PM +0200, Bastian Blank wrote:
> On Fri, Jun 14, 2013 at 08:50:42AM +0200, Manuel Badzong wrote:
> > I would like to introduce mail gopher, a new all-in-one, MIT-licensed
> > mail filter.
>
> How does it relate to Postfix?
It's a milter that some people on this lis
On Fri, Jun 14, 2013 at 12:24:39PM +0200, Jan P. Kessler wrote:
> currently we are experiencing problems with an incoming SMTP/TLS
> connection. Remote side is an Ironport device, we are using postfix
> 2.8.13 on solaris 10.
Please show "postconf -n".
> Jun 14 10:24:47 rv-smtpext-101 postfix/smtp
On Fri, Jun 14, 2013 at 11:55:27AM +0200, postfix wrote:
> forgot LDAP support?
Yes. And probably other items too. It's really an open-end list..
Petar Bogdanovic
On Fri, Jun 14, 2013 at 12:37:11PM +0200, Petar Bogdanovic wrote:
> On Fri, Jun 14, 2013 at 12:08:00PM +0200, Bastian Blank wrote:
> > On Fri, Jun 14, 2013 at 08:50:42AM +0200, Manuel Badzong wrote:
> > > I would like to introduce mail gopher, a new all-in-one, MIT-licensed
> > > mail filter.
> > H
Bastian Blank skrev den 2013-06-14 12:08:
+ PSL (by Mozilla, see http://publicsuffix.org/)
What is the use for this? This all is focused on web.
patch postfix to not accept mails with dns A/ records, there is
ignorants everywhere
--
senders that put my email into body content will deli
>> Jun 14 10:24:47 rv-smtpext-101 postfix/smtpd[5847]: [ID 197553
>> mail.info] certificate verification failed for
>> mail.dgverlag.de[145.253.80.6]: untrusted issuer
>> /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
> Why do you check client certificates?
Because we authenticate/w
On Fri, Jun 14, 2013 at 12:48:51PM +0200, Bastian Blank wrote:
> On Fri, Jun 14, 2013 at 12:37:11PM +0200, Petar Bogdanovic wrote:
> > It's a milter that some people on this list might find useful.
>
> So it only supports what the milter server can do.
Mopher is a milter (or mail filter) and the
On Fri, Jun 14, 2013 at 12:24:39PM +0200, Jan P. Kessler wrote:
> Jun 14 10:24:47 rv-smtpext-101 postfix/smtpd[5847]: [ID 197553
> mail.info] mail.dgverlag.de[145.253.80.6]: Untrusted:
> subject_CN=DGVDEX.DGVERLAG.DE, issuer=VR IDENT SSL CA 2011,
> fingerprint=3D:5A:B2:71:E2:62:07:88:E5:68:BC:AB:8
Hello,
this is Semi-OT but since a lot of people run Postfix before Exchange I
hope to find some knowledge here. Also heads-up :-)
We have a couple of Exchange customers behind our frontend MX servers.
We don't turn them up until they have configured their HBT servers to
reject unknown recip
Signature Algorithm: sha256WithRSAEncryption
It looks your OpenSSL library does not enable this via
OpenSSL_add_ssl_algorithms().
The use of certificates with signature algorithms other than MD5
and SHA-1 is supposed to be negotiated via TLSv1.2, plain SSLv3/TLSv1
do not have a way to neg
On 14 June 2013 17:44, c cc wrote:
>
> Hi,
>
> For the last few days, I noticed that our postfix server had crawl to a halt
> due to some kind of email attack. As you can see below, there were a lot of
> smtp connections. I was wondering if there is a way to stop this from
> Postfix? Thanks!
>
>
On Fri, Jun 14, 2013 at 05:53:03PM +0200, Jan P. Kessler wrote:
> >I would have expected SHA-2 support as of OpenSSL 1.0.0a.
>
> Ok, so the problem seems to be clear. The system uses an ancient
> openssl version (sunfreeware package):
>
> libssl.so.0.9.8 => /usr/local/ssl/lib/libssl.so.0
On Fri, Jun 14, 2013 at 06:00:37PM +0200, Simon B wrote:
> On 14 June 2013 17:44, c cc wrote:
> >
> > Hi,
> >
> > For the last few days, I noticed that our postfix server had crawl to a halt
> > due to some kind of email attack. As you can see below, there were a lot of
> > smtp connections. I w
On Fri, 14 Jun 2013 17:10:16 +0200, Bernhard Schmidt
wrote:
> This gets even worse when the mail has two recipients
> ... doesnotexist@ does not exist, t1@ does...
>
> mail from:
> 250 2.1.0 Sender OK
> rcpt to:
> 250 2.1.5 Recipient OK
> rcpt to:
> 250 2.1.5 Recipient OK
> data
> 354 Start
Am 14.06.2013 18:00, schrieb Simon B:
> On 14 June 2013 17:44, c cc wrote:
>>
>> Hi,
>>
>> For the last few days, I noticed that our postfix server had crawl to a halt
>> due to some kind of email attack. As you can see below, there were a lot of
>> smtp connections. I was wondering if there is a
Bernhard Schmidt:
> This gets even worse when the mail has two recipients ... doesnotexist@
> does not exist, t1@ does...
>
> mail from:
> 250 2.1.0 Sender OK
> rcpt to:
> 250 2.1.5 Recipient OK
> rcpt to:
> 250 2.1.5 Recipient OK
> data
> 354 Start mail input; end with .
> test
> .
> 550 5.1.
wrt: mail_version = 2.10.0
I am trying to understand the cause/causes of these log lines:
1) postfix/postscreen[]: fatal: error [-30986] seeking
/var/lib/postfix/postscreen_cache.db: Success
2) postfix/master[4070]: warning: process
/usr/libexec/postfix/postscreen pid 4366 exit status 1
3)
Robert Lopez:
> I am trying to understand the cause/causes of these log lines:
>
> 1) postfix/postscreen[]: fatal: error [-30986] seeking
> /var/lib/postfix/postscreen_cache.db: Success
Your Berkeley DB is screwed up.
Code fragment from src/util/dict_db.c:
/*
* Database lookup.
Hey All,
Please excuse my loose terminology in the following description as I barely
know what I'm doing.
I have a strange problem where I'm unable to send some mail from mailman using
a postfix installation on the same host.
I have postfix mail_version 2.8.4 I have users authenticating and s
On 06/14/2013 11:08 PM, Ben Greenfield wrote:
Hey All,
Please excuse my loose terminology in the following description as I barely
know what I'm doing.
I have a strange problem where I'm unable to send some mail from mailman using
a postfix installation on the same host.
I have postfix mail_
Simon B skrev den 2013-06-14 18:00:
/etc/postfix $netstat -plan | grep ':25' | grep ESTAB
tcp0 0 xx.xx.xx.xx:25 181.66.192.196:11798
ESTABLISHED
17329/smtpd
tcp0 0 xx.xx.xx.xx:25 77.42.140.151:54112
ESTABLISHED -
tcp0 0 xx.xx.xx.xx:25 109.
On Fri, Jun 14, 2013 at 3:09 PM, Wietse Venema wrote:
> Robert Lopez:
>> I am trying to understand the cause/causes of these log lines:
>>
>> 1) postfix/postscreen[]: fatal: error [-30986] seeking
>> /var/lib/postfix/postscreen_cache.db: Success
>
> Your Berkeley DB is screwed up.
>
> Code fra
Hi everyone,
I just setup postfix on my server but I'm having a problem with TLS. I
have TLS configured, there are no errors in the log, but the server does
not announce TLS support.Here is the output relevant output from
'postconf -n', the full output is at the end of the message:
-
Ravindra Gupta // Viva skrev den 2013-06-13 21:02:
So how we will resolve the issue. Please let me know for your
valuable suggestion.
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#Recipient
address verification
frontend accept and bounce problems
--
senders that put my email into
wie...@porcupine.org skrev den 2013-06-13 21:32:
Ravindra Gupta // Viva:
Jun 12 20:29:27 ems31 postfix/smtp[1816]: CC78D22400E:
to=, relay=imap.eemail.example.com[10.0.0.125]:25,
delay=0.86, delays=0.01/0/0.42/0.42, dsn=5.0.0, status=bounced (host
imap.eemail.example.com[10.0.0.125] said: 550 Ac
Robert Lopez:
> 1) postfix/postscreen[]: fatal: error [-30986] seeking
> /var/lib/postfix/postscreen_cache.db: Success
Wietse:
> Your Berkeley DB is screwed up.
>
> Code fragment from src/util/dict_db.c:
>
> status =
> dict_db->cursor->c_get(dict_db->cursor, &db_key, &db_value,
>
Nabil Alsharif skrev den 2013-06-15 01:57:
please disable html
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtp_ is for sending
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions = permit_mynetworks
reject_unauth_destination
smtpd_tls_CAfile = /etc/pki/dovecot/ce
Nabil Alsharif:
> Hi everyone,
>
> I just setup postfix on my server but I'm having a problem with TLS. I
> have TLS configured, there are no errors in the log, but the server does
> not announce TLS support.Here is the output relevant output from
> 'postconf -n', the full output is at the end
wie...@porcupine.org skrev den 2013-06-15 02:36:
My advice is to avoid installing multiple Berkeley DB copies, and
to use the Berkeley DB that comes with the operating system.
locate postfix/postscreen
ldd
will show the problem why it fails
under gentoo its "ldd /usr/libexec/postfix/postscr
On 06/15/2013 02:38 AM, Benny Pedersen wrote:
Nabil Alsharif skrev den 2013-06-15 01:57:
please disable html
My bad..
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtp_ is for sending
Ok so these two options are telling Postfix to check if STARTTLS is
offered by the peer and u
On 06/15/2013 02:39 AM, Wietse Venema wrote:
Have you looked at all the warning messages in the maillog file?
Yes I have, there are no errors or warnings. 'postfix check' doesn't
return any warnings or errors either.
On Sat, Jun 15, 2013 at 01:57:12AM +0200, Nabil Alsharif wrote:
> I just setup postfix on my server but I'm having a problem with
> TLS. I have TLS configured, there are no errors in the log, but
> the server does not announce TLS support.Here is the output
> relevant output from 'postconf -n', t
Nabil Alsharif skrev den 2013-06-15 02:59:
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtp_ is for sending
Ok so these two options are telling Postfix to check if STARTTLS is
offered by the peer and use TLS if available, right?
correct
smtpd_banner = $myhostname ESMTP
smtpd
/dev/rob0 skrev den 2013-06-15 03:22:
What you showed us should have announced STARTTLS. I would guess the
problem is related to the single file certificate+key+CAs. Since you
mentioned upthread that no errors are logged, check your syslogd (try
restarting it.) These errors would be logged.
st
Am Samstag, 15. Juni 2013, 03:45:02 schrieb Benny Pedersen:
> Nabil Alsharif skrev den 2013-06-15 02:59:
> >>> smtpd_tls_auth_only = yes
> >>
> >> this disable starttls since we already is using ssl/tls now
> >
> > huh? This part I don't quite understand. How are we disabling TLS?
> > Where was
Jan Kohnert skrev den 2013-06-15 03:58:
Well, no, it disables AUTH without tls/ssl but not STARTTLS, IIRC.
starttls have nothing to do with auth or not
auth users can still send plain passwords over unsecured smtpd client
connections, starttls just secure there passwords, so tcpdumpers cant
On Sat, Jun 15, 2013 at 03:45:02AM +0200, Benny Pedersen wrote:
> Nabil Alsharif skrev den 2013-06-15 02:59:
>
> >>> smtp_tls_note_starttls_offer = yes
> >>> smtp_use_tls = yes
> >>
> >>smtp_ is for sending
> >Ok so these two options are telling Postfix to check if STARTTLS
> >is offered by the p
/dev/rob0 skrev den 2013-06-15 05:27:
I think the OP will have to fix the logging problem before we can
solve this issue.
it would be more relative simple to use more default settings, if OP is
unsure what to do
sorry if i write it such it could be missunderstandelble :(
--
senders that pu
Rob Tanner skrev den 2013-06-14 00:18:
As requested. I suppose I could grab the queue ID and back track to
the sender but when the logs get long (which they do, half a million
or more lines) these scans can take a while and I'm trying to capture
this info in real time (more or less):
big logs c
44 matches
Mail list logo
