On 15 Sep 2014, at 14:31 , Andrew J. Schorr
wrote:
> I could be wrong, but if greylisting works reliably,
And there we get to the root of the problem. It does not work reliably because
it ignores how large companies like Google and Yahoo and Amazon send mail.
Greylisting, *BY DESIGN* screws up
Viktor Dukhovni:
> action=REJECT 554 5.7.23 Bleeding edge status code your MUA won't understand!
action=554 5.7.23 Bleeding edge status code your MUA won't understand!
REJECT is like 5XX, and DEFER is like 4XX.
Wietse
Am 16.09.2014 um 12:47 schrieb LuKreme:
> On 15 Sep 2014, at 14:31 , Andrew J. Schorr
> wrote:
>> I could be wrong, but if greylisting works reliably,
>
> And there we get to the root of the problem. It does not work reliably
> because it ignores how large companies like Google and Yahoo and Am
> -Ursprüngliche Nachricht-
> Von: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] Im Auftrag von LuKreme
> Gesendet: Dienstag, 16. September 2014 12:48
> An: postfix-users@postfix.org
> Betreff: Re: postscreen deep protocol tests and Amazon timeouts
>
> On 15 S
Am 16.09.2014 um 13:41 schrieb Uwe Drießen:
>> just not how email works for large senders.
>
> If my Server had a problem the big sender becomes the
> same error like greylisting
no, because he just tries later or another MX
> If the big sender can not handle it they breaks the RFC not I.
> T
Am 16.09.2014 um 13:41 schrieb Uwe Drießen:
> E-Mail is not real time communication by design !
the problem is ,users are ignorant to this *g
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: Mün
> On 16 Sep 2014, at 05:41 , Uwe Drießen wrote:
>
>> -Ursprüngliche Nachricht-
>> Von: owner-postfix-us...@postfix.org [mailto:owner-postfix-
>> us...@postfix.org] Im Auftrag von LuKreme
>> Gesendet: Dienstag, 16. September 2014 12:48
>> An: postfix-users@postfix.org
>> Betreff: Re: post
On September 16, 2014 2:03:36 PM Robert Schetterer wrote:
Am 16.09.2014 um 13:41 schrieb Uwe Drießen:
> E-Mail is not real time communication by design !
the problem is ,users are ignorant to this *g
Never seen a time limithed offer ?
Under centOS 6.5, I'm trying to get postfix to play nicely with LDAP and
cyrus-imapd (please don't say "Use dovecot", I can't) Postfix is
authenticating against LDAP just fine and was writing Maildir mailboxes
where I expected it to, and then I changed the transport to lmtp
mydestination = $myhos
John Oliver:
> virtual_mailbox_domains = $mydomain
> virtual_mailbox_base = /var/vmail/
> virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
> virtual_uid_maps = static:504
> virtual_gid_maps = static:505
The above settings are for the Postfix virtual(8) delivery
agent.
> virtual_transport =
(yes i know it's not 100% perfect in any case)
but anybody using "mime_header_checks" by one of the similar howtos out
there should review the configuration - without \" at the end of the
regex this is prone to false positives
two examples from real world (.scr and .com wrongly rejected)
* name=
li...@rhsoft.net:
> (yes i know it's not 100% perfect in any case)
>
> but anybody using "mime_header_checks" by one of the similar howtos out
> there should review the configuration - without \" at the end of the
> regex this is prone to false positives
Caution: MIME allows names in this context
Am 16.09.2014 um 20:34 schrieb Wietse Venema:
> li...@rhsoft.net:
>> (yes i know it's not 100% perfect in any case)
>>
>> but anybody using "mime_header_checks" by one of the similar howtos out
>> there should review the configuration - without \" at the end of the
>> regex this is prone to false p
On 9/16/2014 1:04 PM, li...@rhsoft.net wrote:
> (yes i know it's not 100% perfect in any case)
>
> but anybody using "mime_header_checks" by one of the similar howtos out
> there should review the configuration - without \" at the end of the
> regex this is prone to false positives
>
> two exampl
On Tue, Sep 16, 2014 at 01:41:36PM -0500, Noel Jones wrote:
> I've used the below for a few years with good results. It's better,
> but surely not perfect.
>
>
> # block windows executables PCRE
> /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
> ade|adp|bas|bat|chm|cmd|com|cpl|crt|
Am 16.09.2014 um 21:00 schrieb Viktor Dukhovni:
> On Tue, Sep 16, 2014 at 01:41:36PM -0500, Noel Jones wrote:
>
>> I've used the below for a few years with good results. It's better,
>> but surely not perfect.
>>
>> # block windows executables PCRE
>> /^\s*Content-(Disposition|Type).*name\s*=\s*
On Tue, Sep 16, 2014 at 09:28:11PM +0200, li...@rhsoft.net wrote:
> > # block windows executables PCRE
> > /^\s*Content-(?:Disposition|Type): # Header label
> > (?:.*?;)? \s* # Any prior attributes
> > (?:file)?name\s*=\s*"?# name or
Viktor Dukhovni:
> > interesting - none of both blocking a empty textfile renamed to "test.exe"
> > i have all 3 for now enabled and the 3rd one rejects (Thunderbird as MUA)
>
> That's because Postfix does not support in-line comments in PCRE
> patterns. The multi-line pattern is unfolded first,
On Sep 14, 2014, at 2:17 AM, li...@rhsoft.net wrote:
>
>
> Am 14.09.2014 um 01:54 schrieb Philip Prindeville:
>> On Sep 13, 2014, at 7:35 AM, li...@rhsoft.net wrote:
>>> Am 13.09.2014 um 15:10 schrieb LuKreme:
On 12 Sep 2014, at 13:55 , li...@rhsoft.net wrote:
> Am 12.09.2014 um 21:49
Philip Prindeville:
>
> On Sep 14, 2014, at 2:17 AM, li...@rhsoft.net wrote:
HEY! Take if off-list.
Wietse
Am 16.09.2014 um 21:48 schrieb Philip Prindeville:
> On Sep 14, 2014, at 2:17 AM, li...@rhsoft.net wrote:
>
>> Am 14.09.2014 um 01:54 schrieb Philip Prindeville:
>>> On Sep 13, 2014, at 7:35 AM, li...@rhsoft.net wrote:
Am 13.09.2014 um 15:10 schrieb LuKreme:
> On 12 Sep 2014, at 13:55 ,
Am 16.09.2014 um 21:42 schrieb Viktor Dukhovni:
> On Tue, Sep 16, 2014 at 09:28:11PM +0200, li...@rhsoft.net wrote:
>
>>> # block windows executables PCRE
>>> /^\s*Content-(?:Disposition|Type): # Header label
>>> (?:.*?;)? \s* # Any prior attributes
>>>
On Tue, Sep 16, 2014 at 10:15:03PM +0200, li...@rhsoft.net wrote:
> I removed all comments AFAIK
> that are 3 single lines without any break not added by the mail-client
I've copied the rule below into my test file, and it works:
$ postmap -q 'Content-Type: name="test.exe"; charset=us-ascii'
Am 16.09.2014 um 22:28 schrieb Viktor Dukhovni:
> On Tue, Sep 16, 2014 at 10:15:03PM +0200, li...@rhsoft.net wrote:
>
>> I removed all comments AFAIK
>> that are 3 single lines without any break not added by the mail-client
>
> I've copied the rule below into my test file, and it works:
>
>
On Tue, Sep 16, 2014 at 10:41:01PM +0200, li...@rhsoft.net wrote:
> > $ postmap -q 'Content-Type: name="test.exe"; charset=us-ascii'
> > pcre:/tmp/foo.pcre
> > REJECT 554 Attachment Blocked (Rule 0)
> >
> > You've not posted your test input or postmap -q invocation with output.
>
> I ju
hello all,
I am used to have in the config reject_unknown_hostname in the
smtpd_helo_restrictions and for literally years my mailserver were good.
BUT in the last months, say from the start of the year i am rejecting more and
more messages from reliable sources as the mail servers of pieces of
Am 16.09.2014 um 23:24 schrieb AndreaML:
> Is it also your experience? Has reject_unknown_hostname less and less use in
> favour of other anti-spam methods?
>
> because in a server with 5000 mailbox and 80k-100k messages a day, that
> setting free me of 20k-30k spam messages easily, but catch t
MIMEDefang allows you to do all this, plus you can call Perl modules like
File::Type on attachments to figure out if the file has been mistyped (i.e. the
content-type disagrees with what the actual file header and/or file extension
says it is).
-Philip
On Sep 16, 2014, at 12:04 PM, li...@rhso
Am 17.09.2014 um 00:18 schrieb Philip Prindeville:
> MIMEDefang allows you to do all this, plus you can call Perl modules like
> File::Type on attachments to figure out if the file has been mistyped (i.e.
> the content-type disagrees with what the actual file header and/or file
> extension says
Here is my suggestion: The idea is simple, don't allow attachments that can
be executed by network users and scan everything else (such as docs).
For that, I use amavid-new with decoders, 7zip for .zip instead of the perl
library used by amavisd-new (it fails on many .zip).
I pretty much covered
On 16 Sep 2014, at 15:24 , AndreaML wrote:
> Sep 16 06:42:00 server1 postfix/smtpd[4257]: NOQUEUE: reject: RCPT from
> wr001msr.fastwebnet.it[85.18.95.77]: 450 4.7.1 : Helo
> command rejected: Host not found; from= to=
> proto=ESMTP helo=
>
> for a transaction of a prefectly valid test email i
li...@rhsoft.net:
> >>> Content-Type: application/octet-stream;
> >>> name="test.exe"
To test multiline headers, use "postmap -h -q"
Wietse
On Tue, Sep 16, 2014 at 07:14:51PM -0400, Wietse Venema wrote:
> li...@rhsoft.net:
> > >>> Content-Type: application/octet-stream;
> > >>> name="test.exe"
>
> To test multiline headers, use "postmap -h -q"
That's of course with "postmap -h -q -" when reading messages (or
message headers) from a
Am 17.09.2014 um 01:19 schrieb Viktor Dukhovni:
> On Tue, Sep 16, 2014 at 07:14:51PM -0400, Wietse Venema wrote:
>
>> li...@rhsoft.net:
>> Content-Type: application/octet-stream;
>> name="test.exe"
>>
>> To test multiline headers, use "postmap -h -q"
>
> That's of course with "postmap
Viktor Dukhovni:
> On Tue, Sep 16, 2014 at 07:14:51PM -0400, Wietse Venema wrote:
>
> > li...@rhsoft.net:
> > > >>> Content-Type: application/octet-stream;
> > > >>> name="test.exe"
> >
> > To test multiline headers, use "postmap -h -q"
>
> That's of course with "postmap -h -q -" when reading m
On Wed, Sep 17, 2014 at 01:24:27AM +0200, li...@rhsoft.net wrote:
> I still don't understand why "postmap" has a result but with
> postfix Viktors rule don't catch the attachment and so finally
> my one from the initial posting two lines below triggers
The live configuration must differ from the
> On 16 Sep 2014, at 13:00 , Viktor Dukhovni wrote:
>
> On Tue, Sep 16, 2014 at 01:41:36PM -0500, Noel Jones wrote:
>
>> I've used the below for a few years with good results. It's better,
>> but surely not perfect.
>>
>>
>> # block windows executables PCRE
>> /^\s*Content-(Disposition|Type)
Am 17.09.2014 um 01:42 schrieb Viktor Dukhovni:
> On Wed, Sep 17, 2014 at 01:24:27AM +0200, li...@rhsoft.net wrote:
>
>> I still don't understand why "postmap" has a result but with
>> postfix Viktors rule don't catch the attachment and so finally
>> my one from the initial posting two lines belo
On 16 Sep 2014, at 17:24, AndreaML wrote:
hello all,
I am used to have in the config reject_unknown_hostname in the
smtpd_helo_restrictions and for literally years my mailserver were
good.
You were lucky.
That setting (in modern Postfix 'reject_unknown_helo_hostname') has
never been safe.
*argh*
"regexp" versus "pcre"
i only replaced the regex without realite the different map type
that's why i posted "postconf -n" :-(
however, works now, thank you!
Am 17.09.2014 um 01:59 schrieb li...@rhsoft.net:
> Am 17.09.2014 um 01:42 schrieb Viktor Dukhovni:
>> On Wed, Sep 17, 2014 at 01:24
40 matches
Mail list logo
