Re: disable smtpd_hard_error_limit

tejas sarade: > I want to disable this behavior. Means no matter how many errors remote > client make, it should not disconnect the connection. > I know this is a bad idea. But I still want to do this. This is not supported. In other words you are on your own and don't come crying when something b

Re: Relay access denied 454 not 544

2014-05-27 16:54 GMT-03:00 Viktor Dukhovni : > On Tue, May 27, 2014 at 04:38:31PM -0300, M. Rodrigo Monteiro wrote: > > > Hi. > > I wanna know why Postfix is reject mail with temp error (4xx) and not 5xx > > for Relay access denied. > > What version of Postfix is this? > > # postconf | grep mail_v

Re: Relay access denied 454 not 544

M. Rodrigo Monteiro: > In my scenario, should I use relay in transport_maps? Whats the diference > between relay and smtp? Because: default_transport = smtp relay_transport = relay The purpose of this separation is (roughly) to give relayed mail the same priority as outbound mail. Without this s

smtpd_sasl_path

We have two servers running postfix smtp1.thornet.co.uk & smtp2.thornet.co.uk, smtp1 is the main server and smtp2 the backup. All local mail is delivered to mailboxes on stmp1. smtp1 also runs dovecot for POP & IMAP. As most of our users have phones, tablets etc and send/receive via mobile conne

Re: smtpd_sasl_path

st...@thornet.co.uk: > In > main.cf we have: > smtpd_sasl_path = > inet:82.113.142.39:12345 > >From the logs > postfix/smtpd[30909]: warning: SASL: > Connect to inet:82.113.142.39:12345 failed: No such file or directory You have no evidence that Postfix treats inet:82.113.142.39:12345 as a file na

Re: smtpd_sasl_path

> I suspect that the TCP connection is failing due to SELINUX or equivalent. We are not running SELINUX or an equivalent, but I'll do some more checks. thorNET Internet Services, Consultancy & Training www.thornet.co.uk

Re: smtpd_sasl_path

> Real evidence would be in the form of strace (or equivalent) output > that shows Postfix uses an AF_UNIX (AF_LOCAL) socket. >   Which process do I strace,  master? Steve

Re: smtpd_sasl_path

st...@thornet.co.uk: > > Real evidence would be in the form of strace (or equivalent) > output > > that shows Postfix uses an AF_UNIX (AF_LOCAL) socket. > > > ? > Which process do I strace,? The error is logged by smtpd. For examples, see: http://www.postfix.org/DEBUG_README.html#auto_trace

Re: smtpd_sasl_path

Steve Heaven: > > I suspect that the TCP connection is failing due to SELINUX or equivalent. > > We are not running SELINUX or an equivalent, but I'll do some more checks. Support for the "inet:" prefix was added in Postfix 2.6. This release is no longer supported. Wietse

SPF and leboncoin.fr vs sfr.fr

Hello, this question is not strictly related to Postfix but I don't know where else I may find knowledgeable people to ask about the issue. leboncoin.fr is classifieds website and it offers the possibility to answer insertions through a web form that sends an email to the insertionist. The form r

Re: SPF and leboncoin.fr vs sfr.fr

Am 28.05.2014 17:11, schrieb Daniele Nicolodi: > Hello, > > this question is not strictly related to Postfix but I don't know where > else I may find knowledgeable people to ask about the issue. > > leboncoin.fr is classifieds website and it offers the possibility to > answer insertions through a

Re: SPF and leboncoin.fr vs sfr.fr

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 28-05-14 17:11, Daniele Nicolodi wrote: > Hello, > > this question is not strictly related to Postfix but I don't know > where else I may find knowledgeable people to ask about the issue. > > leboncoin.fr is classifieds website and it offers the

Re: Relay access denied 454 not 544

On Wed, May 28, 2014 at 08:54:23AM -0300, M. Rodrigo Monteiro wrote: > > With 2.10 or later, relay control is via smtpd_relay_restrictions. > > > # postconf | grep smtpd_relay_restrictions > smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, > defer_unauth_destination > > I

Re: smtpd_sasl_path

> Real evidence would be in the form of strace (or equivalent) output > that shows Postfix uses an AF_UNIX (AF_LOCAL) socket. >   We got this: May 28 16:39:52 balder logger: socket(PF_FILE, SOCK_STREAM, 0) = 23 May 28 16:39:52 balder logger: fcntl(23, F_GETFL)  = 0x2

postfix and encrypted private ssl key, possible ?

since i made a private ssl key that is encrypted i like to know if it can be used with postfix ? as in dovecot where the password for decrypt goes into 10-ssl.conf ssl_key password, what is the equant in postfix if yes ? if no i have to create a non encrypted private, and pay signer again :(

Re: postfix and encrypted private ssl key, possible ?

On 5/28/2014 10:55 AM, Benny Pedersen wrote: > since i made a private ssl key that is encrypted i like to know if > it can be used with postfix ? > > as in dovecot where the password for decrypt goes into 10-ssl.conf > ssl_key password, what is the equant in postfix if yes ? > > if no i have to c

Re: SPF and leboncoin.fr vs sfr.fr

On 28/05/2014 17:30, Tom Hendrikx wrote: > SPF is failing because the website using the email address entered at > the website as the smtp envelope sender. > > The proper way to fix this issue is to convince the website owner to > change their mail form. The easy way is to change your SPF record,

Re: smtpd_sasl_path

On Wed, May 28, 2014 at 04:46:14PM +0100, st...@thornet.co.uk wrote: > > Real evidence would be in the form of strace (or equivalent) > > output that shows Postfix uses an AF_UNIX (AF_LOCAL) socket. > > We got this: > May 28 16:39:52 balder logger: socket(PF_FILE, SOCK_STREAM, 0) = 23 > May 28 16:

Re: SPF and leboncoin.fr vs sfr.fr

On 28/05/2014 17:19, Robert Schetterer wrote: > you may set your SPF Record to > > ~all SoftFail Thanks Robert, I've done that. > invest in dkim and dmarc What advantages would that bring to me? I implemented SPF just because otherwise the very big providers would threat messages originating

Re: postfix and encrypted private ssl key, possible ?

On Wed, May 28, 2014 at 05:55:25PM +0200, Benny Pedersen wrote: > Since I made a private ssl key that is encrypted I like to know if it can be > used with postfix? No, passwords stored together with the data they protect are pointless. > As in dovecot where the password for decrypt goes into 10-

Re: postfix and encrypted private ssl key, possible ?

On Wed, May 28, 2014 at 04:10:06PM +, Viktor Dukhovni wrote: > Don't be silly, just decrypt the key: > > # umask 077 > # openssl pkey \ > -in /path/to/encrypted-key.pem \ > -out /etc/postfix/smtpd-key.pem > This is for OpenSSL 1.0.0 or later. For 0.9.8: # opens

RBLs getting a lot of spam

Hello, recently I am getting loads of spam, more than usual. I have the following RBLs. reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client all.spamrats.com any recommendation? Bayes Headers: X-Spa

Re: postfix and encrypted private ssl key, possible ?

On 2014-05-28 17:55:25 (+0200), Benny Pedersen wrote: > since i made a private ssl key that is encrypted i like to know if it > can be used with postfix ? > > as in dovecot where the password for decrypt goes into 10-ssl.conf > ssl_key password, what is the equant in postfix if yes ? > > if no

Re: smtpd_sasl_path

> Steve Heaven: >> > I suspect that the TCP connection is failing due to SELINUX or >> equivalent. >> >> We are not running SELINUX or an equivalent, but I'll do some more >> checks. > > Support for the "inet:" prefix was added in Postfix 2.6. This release > is no longer supported.   Just done

RE: RBLs getting a lot of spam

RBLs don’t work with public DNS. Check you DNS server settings and build your local one. Be aware, most services are limited. Read their terms of use. Using a local DNS server allow them to track your IP. Marius. From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.o

Re: SPF and leboncoin.fr vs sfr.fr

Am 28.05.2014 18:06, schrieb Daniele Nicolodi: > On 28/05/2014 17:19, Robert Schetterer wrote: >> you may set your SPF Record to >> >> ~all SoftFail > > Thanks Robert, I've done that. > >> invest in dkim and dmarc > > What advantages would that bring to me? its the better solution, please read

Re: SPF and leboncoin.fr vs sfr.fr

Zitat von Daniele Nicolodi : On 28/05/2014 17:19, Robert Schetterer wrote: you may set your SPF Record to ~allSoftFail Thanks Robert, I've done that. invest in dkim and dmarc What advantages would that bring to me? I implemented SPF just because otherwise the very big providers wou

Re: smtpd_sasl_path

On Wed, May 28, 2014 at 05:27:02PM +0100, st...@thornet.co.uk wrote: > Just done a "yum update postfix", but it's only given me ver 2.3.3. > I guess I'll have to build my own. Postfix SRPMs are available from various places. For example, you can get a 2.10.2 SRPM from: http://ftp.wl0.org/of

Re: smtpd_sasl_path

On Wed, May 28, 2014 at 05:00:36PM +, Viktor Dukhovni wrote: > On Wed, May 28, 2014 at 05:27:02PM +0100, st...@thornet.co.uk wrote: > > > Just done a "yum update postfix", but it's only given me ver 2.3.3. > > I guess I'll have to build my own. > > Postfix SRPMs are available from various pla

Re: RBLs getting a lot of spam

I've got barrac, zen, spamcop in postscreen, and still getting lots of spam then catching a lot with dbl.spamhaus (dbl both as postfix rhs block and as BIND DNS blackhole (dbl = postfix sender domain not found), while BIND with DBL/RPZ also blocks our recursive clients from accessing DBL d

Another SASL authentication error

Hello, I am trying to setup a Postfix server on a Debian Wheezy system, and I'm encountering a little problem with SMTP authentication... Since I don't need mailboxes (messages can go out, but nothing has to come in), I decided not to install Dovecot (or another IMAP/POP3). However, this is the f

Re: postfix and encrypted private ssl key, possible ?

Noel Jones skrev den 2014-05-28 18:04: Postfix has no support for encrypted keys. okay, openssl rsa -in encryptedkeyfile -out plainnonenctryptedfile solved it for me for postfix, i can put this file for postfix user only then and it would be safe then for other shell users imho ? OpenSSL

Re: postfix and encrypted private ssl key, possible ?

Viktor Dukhovni skrev den 2014-05-28 18:10: Don't be silly, just decrypt the key: # umask 077 # openssl pkey \ -in /path/to/encrypted-key.pem \ -out /etc/postfix/smtpd-key.pem you'll be prompted for the password to decrypt the input file, and the output file will not be

Re: postfix and encrypted private ssl key, possible ?

On Wed, May 28, 2014 at 08:29:26PM +0200, Benny Pedersen wrote: > Viktor Dukhovni skrev den 2014-05-28 18:10: > > >Don't be silly, just decrypt the key: > > > ># umask 077 > ># openssl pkey \ > > -in /path/to/encrypted-key.pem \ > > -out /etc/postfix/smtpd-key.pem > > > >you'll be

Re: postfix and encrypted private ssl key, possible ?

On Wed, May 28, 2014 at 06:37:10PM +, Viktor Dukhovni wrote: > On Wed, May 28, 2014 at 08:29:26PM +0200, Benny Pedersen wrote: > > > Viktor Dukhovni skrev den 2014-05-28 18:10: > > > > >Don't be silly, just decrypt the key: > > > > > ># umask 077 > > ># openssl pkey \ > > > -in /pat

Re: Another SASL authentication error

John WH Smith: > localhost postfix/smtps/smtpd[14222]: warning: > localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: > authentication failure > localhost postfix/smtps/smtpd[14222]: > > localhost.localdomain[127.0.0.1]: 535 5.7.8 Error: authentication > failed: authentication failu

Re: Another SASL authentication error

On Wed, May 28, 2014 at 07:17:22PM +0100, John WH Smith wrote: > localhost postfix/smtps/smtpd[14222]: warning: > localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: > authentication failure > localhost postfix/smtps/smtpd[14222]: > > localhost.localdomain[127.0.0.1]: 535 5.7.8 Err

Re: Another SASL authentication error

On 28/05/14 19:41, Wietse Venema wrote: > You move sockets, but how do you know that the SASL library (invoked > by smtpd) is really connected to the saslauthd process? I actually created the appropriate symlinks to avoid path breaking. Fact is : if it was related to an non-existant process/file (

Re: Another SASL authentication error

John WH Smith: > On 28/05/14 19:41, Wietse Venema wrote: > > You move sockets, but how do you know that the SASL library (invoked > > by smtpd) is really connected to the saslauthd process? > > I actually created the appropriate symlinks to avoid path breaking. Fact > is : if it was related to an

Re: Another SASL authentication error

On Wed, May 28, 2014 at 08:00:22PM +0100, John WH Smith wrote: > On 28/05/14 19:49, Viktor Dukhovni wrote: > > You're probably better off with dovecot, it is a less steep learning > > curve. Cyrus SASL is substantially more configurable, at great > > cost in interface complexity. > > Now that's

Re: RBLs getting a lot of spam

motty cruz wrote: > Hello, recently I am getting loads of spam, more than usual. I have the > following RBLs. > > reject_rbl_client b.barracudacentral.org > , > reject_rbl_client zen.spamhaus.org , > reject_rbl_client bl.spamc

Re: SPF and leboncoin.fr vs sfr.fr

lst_ho...@kwsoft.de skrev den 2014-05-28 18:54: But as always YMMV if spf pass and its spam why not reject that sender domain in postfix ? any solution always changes the problem :=)

Re: SPF and leboncoin.fr vs sfr.fr

Zitat von Benny Pedersen : lst_ho...@kwsoft.de skrev den 2014-05-28 18:54: But as always YMMV if spf pass and its spam why not reject that sender domain in postfix ? any solution always changes the problem :=) The domains change at least once per week, the netblock every 3-6 months but

Re: SPF and leboncoin.fr vs sfr.fr

lst_ho...@kwsoft.de skrev den 2014-05-28 23:24: Beside this there is already a solution against address spoofing called S/MIME with some additional benefits like encryption. its a bit unfair to say its not helping block domains that shows that domain owner sending spam in non forged domains s