Re: OT: Large corporate email systems - Exchange vs open source *nix based

On 10-12-2013 18:12, moparisthebest wrote: Hello, I don't know if you want to go this far as it requires slight customization, but my setup is postfix+postfixadmin+dovecot with owncloud providing storage (webdav), calendar (caldav), and contacts (carddav) as well as a nice web interface if you p

Re: OT: Large corporate email systems - Exchange vs open source *nix based

>> You could even tell people it's exchange and they wouldn't know from >> the >> front-end, and best of all it's all FOSS. I'm not sure if a big >> corporation would go for it, but it is an option. Rumor has it that this has been working well even on governmental level. The government of an u

Re: Request for help with SMTP Authentication

On Wed, Dec 11, 2013 at 06:17:08PM +1100, Mark Jamsek wrote: > However, I cannot get SMTP authentication working, no matter what I > try. Still need those glasses... > And, the glaringly obvious absence of SMTP auth mechanisms: > > 220 mail.bsdbox.co ESMTP Postfix > ehlo bsdbox.co > 250-mail.bsd

Re: Request for help with SMTP Authentication

On 11/12/2013 8:31 PM, Viktor Dukhovni wrote: On Wed, Dec 11, 2013 at 06:17:08PM +1100, Mark Jamsek wrote: However, I cannot get SMTP authentication working, no matter what I try. Still need those glasses... And, the glaringly obvious absence of SMTP auth mechanisms: 220 mail.bsdbox.co ESMT

Re: Request for help with SMTP Authentication

On 11/12/2013 8:31 PM, Viktor Dukhovni wrote: On Wed, Dec 11, 2013 at 06:17:08PM +1100, Mark Jamsek wrote: However, I cannot get SMTP authentication working, no matter what I try. Still need those glasses... And, the glaringly obvious absence of SMTP auth mechanisms: 220 mail.bsdbox.co ESMT

Re: Request for help with SMTP Authentication

On Wed, Dec 11, 2013 at 08:42:29PM +1100, Mark Jamsek wrote: > >>And, the glaringly obvious absence of SMTP auth mechanisms: > >> > >>220 mail.bsdbox.co ESMTP Postfix > >>ehlo bsdbox.co > >>250-mail.bsdbox.co > >>250-STARTTLS > > > >Only when not using TLS. > > I'm not sure I understand what you

Re: Request for help with SMTP Authentication

On 11/12/2013 9:03 PM, Viktor Dukhovni wrote: On Wed, Dec 11, 2013 at 08:42:29PM +1100, Mark Jamsek wrote: And, the glaringly obvious absence of SMTP auth mechanisms: 220 mail.bsdbox.co ESMTP Postfix ehlo bsdbox.co 250-mail.bsdbox.co 250-STARTTLS Only when not using TLS. I'm not sure I under

Re: Misdeliveries of messages

The real fix is not to process the above commands with the shell. Thanks for these tips too. I decided to popen() directly to sendmail without saving a message to tmp file. Unfortunately I don't see any php function allowing to popen without executing a command with the shell. What do you th

adding rbl to smtpd restrictions

I have a new Postfix 2.6 server that came pre-configured, I'm trying to 'migrate' various anti UCE settings from the old server: order of some of the params is quite different on new server, hence I'm confused (as always) (so I'm trying to only make 1 or 2 changes at a time) is this correct place

Re: Misdeliveries of messages

On 12/11/2013 8:37 AM, Marcin Szymonik wrote: The real fix is not to process the above commands with the shell. Thanks for these tips too. I decided to popen() directly to sendmail without saving a message to tmp file. Unfortunately I don't see any php function allowing to popen without exec

Re: Misdeliveries of messages

Am 11.12.2013 14:37, schrieb Marcin Szymonik: >> The real fix is not to process the above commands with the shell. > > Thanks for these tips too. > > I decided to popen() directly to sendmail without saving a message to tmp > file. > Unfortunately I don't see any php function allowing to popen

Re: Misdeliveries of messages

On 11-12-2013 15:37, Marcin Szymonik wrote: Unfortunately I don't see any php function allowing to popen without executing a command with the shell. There are some functions in php to executing shell or another program. exec, system or piping like popen (popen, fopen). But I think you want to

Re: Misdeliveries of messages

Am 11.12.2013 14:49, schrieb M.Atıf CEYLAN: > On 11-12-2013 15:37, Marcin Szymonik wrote: >> Unfortunately I don't see any php function allowing to popen without >> executing a command with the shell. > There are some functions in php to executing shell or another program. exec, > system or pi

Re: Request for help with SMTP Authentication

On 11 Dec 2013 11:22, "Mark Jamsek" wrote: > > On 11/12/2013 9:03 PM, Viktor Dukhovni wrote: >> >> On Wed, Dec 11, 2013 at 08:42:29PM +1100, Mark Jamsek wrote: >> > And, the glaringly obvious absence of SMTP auth mechanisms: > > 220 mail.bsdbox.co ESMTP Postfix > ehlo bsdbox.co >>>

Logging syntax errors in SMTP EHLO / Logging the whole session

Hi, long story short, there is a bug in recent Seamonkey builds that emits an empty hostname in EHLO on Windows platforms with IPv6, see https://bugzilla.mozilla.org/show_bug.cgi?id=858540 This is extremely hard to debug when a user complains, because while Postfix rejects it with 501 EHLO 501 S

Re: Misdeliveries of messages

OK, I think I will pass messages to localhost 25 or use "advanced content filter". Many thanks -- Marcin Szymonik szymoni...@gmail.com

Re: Misdeliveries of messages

Marcin Szymonik: > > The real fix is not to process the above commands with the shell. > > Thanks for these tips too. > > I decided to popen() directly to sendmail without saving a message to tmp > file. > Unfortunately I don't see any php function allowing to popen without > executing a comman

Re: Logging syntax errors in SMTP EHLO / Logging the whole session

Bernhard Schmidt: > Hi, > > long story short, there is a bug in recent Seamonkey builds that emits > an empty hostname in EHLO on Windows platforms with IPv6, see > https://bugzilla.mozilla.org/show_bug.cgi?id=858540 > > This is extremely hard to debug when a user complains, because while > Postf

Re: adding rbl to smtpd restrictions

li...@sbt.net.au: > is this correct place for rbls, after 'unauth_dest' and before 'greylist' ? Generally, yes, because DNS lookups take time, and check_policy_service can be the most resource intensive, so they should be done after the quick rejects such as reject_unauth_destination. > reject_u

Re: Request for help with SMTP Authentication

On Wed, Dec 11, 2013 at 09:21:09PM +1100, Mark Jamsek wrote: > n.b. Please forgive my elementary requests for help -- I am really > really new to this. Thanks again, Viktor. Much appreciated, my > friend. While I have your ear, do you know if Postfix developers > take bitcoin donations? I'd love t

Difference between $sasl_sender and $sender?

Hi, I'm wondering about the difference between $sasl_sender and $sender in the SMTP Access Policy Delegation Protocol. ${sasl_sender} This macro expands to the SASL sender name (i.e. the original submitter as per RFC 4954) in the MAIL FROM command when

Postfix configuration settings inheritance for additional services in master.cf

Hello. I'd like to ask how configuration directives are applied to additional services that are specified in master.cf. If main.cf contains: ... smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_local_domain = example.com smtpd_helo_restrictions

Re: Difference between $sasl_sender and $sender?

Peer Heinlein: > > Hi, > > I'm wondering about the difference between $sasl_sender and $sender in > the SMTP Access Policy Delegation Protocol. MAIL FROM: AUTH= $sender $sasl_sender > So is it right, that under normal circumstances $sasl_sender and > $sender should be

Re: Postfix configuration settings inheritance for additional services in master.cf

Igor Zinovik: > I'd like to ask how configuration directives are applied to > additional services that are specified in master.cf. See http://www.postfix.org/master.5.html -o name=value Override the named main.cf configuration parameter. The parameter value can refer to othe

Re: adding rbl to smtpd restrictions

On Thu, December 12, 2013 2:11 am, Wietse Venema wrote: >> is this correct place for rbls, after 'unauth_dest' and before >> 'greylist' ? > Generally, yes, because DNS lookups take time, and check_policy_service > can be the most resource intensive, so they should be done after the quick > reject

access

hi all i have a machine heavily hit with a bunch of from=<> messages... i read around and implemented the access solution as in: /etc/postfix/main.cf : smtpd_client_restrictions

Re: access

don magnify: > i have a machine heavily hit with a bunch of from=<> messages... ... > my queue is growing very big and can't really figure out how do i drop > this connections and do not reply to them at all... See: http://www.postfix.org/BACKSCATTER_README.html Wietse

Re: access

If its a small number of ip addresses trying to connect you might also want to just block them with iptables too: iptables -I INPUT -s 209.85.216.175 -j DROP iptables -I INPUT -s 209.85.216.176 -j DROP That line for each ip, then restart iptables On Wed, Dec 11, 2013 at 5:52 PM, don magnify w

Re: access

thanks wietse.. i saw that earlier i was just hoping to avoid writing regular expressions... On Wed, Dec 11, 2013 at 6:02 PM, Wietse Venema wrote: > don magnify: > > i have a machine heavily hit with a bunch of from=<> messages... > ... > > my queue is growing very big and can't really figure

Re: access

On Wed, Dec 11, 2013 at 05:52:44PM -0500, don magnify wrote: > my /etc/postfix/access looks like: > > .eigbox.net DISCARD > .yourhostingaccount.com DISCARD Perhaps you're a victim of the dreaded p_d_m_s: http://www.postfix.org/postconf.5.html#parent_domain_matche

Re: access

On 12/11/2013 4:52 PM, don magnify wrote: > > > hi all > > i have a machine heavily hit with a bunch of from=<> messages... [Please post in plain text only - the HTML markup makes the logs difficult to read] For non-delivery notices, the BACKSCATTER_README is helpful. http://www.postfix.o

Re: access

thanks noel... On Wed, Dec 11, 2013 at 6:20 PM, Noel Jones wrote: > On 12/11/2013 4:52 PM, don magnify wrote: > > > > > > hi all > > > > i have a machine heavily hit with a bunch of from=<> messages... > > [Please post in plain text only - the HTML markup makes the logs > difficult to read]

Re: access

Re: blocking with iptables try this script it works a treat - see my notes at the bottom of the page for minor fixes: http://blog.exeko.com/2008/06/stop-spam-flood-postfix-iptables/ > On 12/12/2013, at 11:52 am, don magnify wrote: > > > > hi all > > i have a machine heavily hit with a

Re: access

don magnify skrev den 2013-12-11 23:52: i have a machine heavily hit with a bunch of from=<> messages... post postconf -n my guess is that you use smtp auth to your google account and the recipient does not exists, then google bounce since it authed mail sender :) only a wild guess