SASL auth for selected users only

Hi, is it possible *in Postfix* to configure the list of users for whom smtp auth is accepted? I have smtp auth working, but I would like to exclude some accounts from using this functionality. I know it could be done in the sasl plugins (as documented in http://www.postfix.org/SASL_READM

Re: Getting messages from queue

@lbutlr: > This is what I have to clear the held message and send them to > sa-learn, in case it's useful to anyone else. > > $ cat /usr/local/bin/spamd-learn > #!/bin/bash > > SUSER="spamd" > SPAMF="${SUSER}/trained/spam" > > # search for held messages, get qid, train as spam, and save message,

Re: SASL auth for selected users only

Roel van Meer: > Hi, > > is it possible *in Postfix* to configure the list of users for whom smtp > auth is accepted? > > I have smtp auth working, but I would like to exclude some accounts from > using this functionality. I know it could be done in the sasl plugins (as > documented in http

/usr/sbin/postconf: fatal: invalid type field "flags=DRhu"

I'm having trouble starting Postfix on an Ubuntu 14.04 installation. The full error message when running 'postfix check' is as follows... /usr/sbin/postconf: fatal: invalid type field "flags=DRhu" in "?? flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}" p

Re: /usr/sbin/postconf: fatal: invalid type field "flags=DRhu"

Hi, It was (looks like my mail client has wrapped the line). However, I've just found the problem. The lines had been copied and pasted from notes I made some time ago. There must have been a 'bad' character. Typing it in by hand cured the issue. Thanks :) On 4 March 2015 at 13:30, Varadi Gabor

Re: emails being delivered to wrong email addresses

On 4 Mar 2015, at 7:57, James Brown wrote: I’ve had a few cases of the wrong people receiving emails. Just had one today. It was originally sent on 26 Feb, the wrong user just had it delivered today. Message should be to i...@bordo.com.au , but it is delivered to a

Email notifications to external address

Hi, I have a user who would like to receive a notification message on her personal email account when she gets a new email message in her postfix - based MailDir. She does not want the actual message, just a ping telling her to check her email. I'm finding a lot info on Google that references usi

Re: Email notifications to external address

Iad Scoot: > Hi, > > I have a user who would like to receive a notification message on her > personal email account when she gets a new email message in her postfix - > based MailDir. She does not want the actual message, just a ping telling > her to check her email. Ideally, you would use an aut

SMTP servers with RSA export suite support

According to Twitter.com/einaros, the https://starttls.info/ database shows 43266 distinct SMTP servers (~12%) supports RSA Export suites, re: #FREAK attack. I wonder what percentages would look like for pop/imap servers. Best regards, Per Thorsheim

Re: SMTP servers with RSA export suite support

On Wed, Mar 04, 2015 at 05:12:06PM +0100, Per Thorsheim wrote: > According to Twitter.com/einaros, the https://starttls.info/ database > shows 43266 distinct SMTP servers (~12%) supports RSA Export suites, re: > #FREAK attack. What they don't mention is that SMTP of TLS is almost universally just

Re: FREAK cipher-suite hygiene for Postfix

On Wed, Mar 04, 2015 at 07:53:18AM +, Viktor Dukhovni wrote: > Now that the FREAK attack is widely disclosed, those of you who > run SMTP servers that peer with clients that authenticate your > server (be it via the traditional PKI or via DANE), might want to > tighten-up your server cipher-su

Re: FREAK cipher-suite hygiene for Postfix

Zitat von Viktor Dukhovni : On Wed, Mar 04, 2015 at 07:53:18AM +, Viktor Dukhovni wrote: Now that the FREAK attack is widely disclosed, those of you who run SMTP servers that peer with clients that authenticate your server (be it via the traditional PKI or via DANE), might want to tighten

Re: FREAK cipher-suite hygiene for Postfix

On Wed, Mar 04, 2015 at 05:56:03PM +0100, lst_ho...@kwsoft.de wrote: > Thanks for explaining. As I understand the problem arises from apache (and > maybe other webservers) generate one EXPORT key which is reused for > performance reasons until the server process is restarted. Same as with Postfi

Re: emails being delivered to wrong email addresses

On Wed, Mar 04, 2015 at 11:57:52PM +1100, James Brown wrote: > Just had one today. It was originally sent on 26 Feb, the wrong user just had > it delivered today. Are you sure it is the same message? > Mar 4 22:15:15 mail postfix/smtpd[53229]: connect from localhost[127.0.0.1] Find the *upstr

Postfix + Dovecot ignore /etc/aliases

Hi, I have successfully set up Postfix (2.11.0) together with Dovecot (2.2.9), which works perfectly for normal user accounts. Now I have tried to set up a small distribution list by adding the following line to /etc/aliases: update: :include:/etc/postfix/listen/update Of course, I di

Re: Email notifications to external address

Hello Iad, I have a user who would like to receive a notification message on her personal email account when she gets a new email message in > her postfix - based MailDir. She does not want the actual message, just a ping telling her to check her email. I'm finding a lot info on Google that

Re: Postfix + Dovecot ignore /etc/aliases

On 3/4/2015 12:19 PM, Stefan Michael Guenther wrote: > Hi, > > I have successfully set up Postfix (2.11.0) together with Dovecot (2.2.9), > which works perfectly for normal user accounts. > > Now I have tried to set up a small distribution list by adding the following > line to /etc/aliases: >

Re: Email notifications to external address

On Wed, Mar 04, 2015 at 09:38:46PM +0300, Eugene R wrote: > Alternatively you could forward-copy a message to some simple script but I > don't remember off-hand how to setup such forward in Postfix. In this case: main.cf: indexed = ${default_database_type}:${config_directory}/

Re: Postfix + Dovecot ignore /etc/aliases

On Wed, Mar 04, 2015 at 12:51:41PM -0600, Noel Jones wrote: > mydestination = localhost Just in case: mydestination = localhost, localhost.$mydomain > # virtual_alias_maps > upd...@virtual.example.com update@localhost This alias typically automatically rewrites to: update@loc

Re: emails being delivered to wrong email addresses

On 4 Mar 2015, at 12:24, Viktor Dukhovni wrote: On Wed, Mar 04, 2015 at 11:57:52PM +1100, James Brown wrote: Just had one today. It was originally sent on 26 Feb, the wrong user just had it delivered today. Are you sure it is the same message? The transactions showed the same message-id an

Have tested lots of solutions now with signing-milter. What is the problem?

Have tested lots of solutions to signing-milter to get rid of the –b parameter. But still it fails validation. I now run all mails through a null filter which does silent-discard on 8bitmime so it downconverts the mail to 7bit before passing it through signing-milter. I tried to run the unsigned

Re: Have tested lots of solutions now with signing-milter. What is the problem?

We need to find out how the message is modified after it is signed. For this, it does not help if you compare messages that differ in time stamps in headers, hashcash output, S/MIME signatures, and body content. Capture one message 1) after DKIM signing but before transmission, and 2) as received

Re: Have tested lots of solutions now with signing-milter. What is the problem?

its not DKIM that fails. Its S/MIME. But how can I retain a copy of message before milter? Could then remove the hashcash milter and DKIM milter (since those does not change that -b does succeed validation and no -b does fail validation) and send a test mail. -Ursprungligt meddelande-

Re: Have tested lots of solutions now with signing-milter. What is the problem?

Sebastian Nielsen: > its not DKIM that fails. Its S/MIME. Does not matter (S/Mime signs body parts so there are no header issues). > But how can I retain a copy of message before milter? Could then remove the > hashcash milter and DKIM milter (since those does not change that -b does > succeed

Re: Have tested lots of solutions now with signing-milter. What is the problem?

On 03/04/2015 09:30 PM, Sebastian Nielsen wrote: > But how can I retain a copy of message before milter? Could then remove > the hashcash milter and DKIM milter (since those does not change that -b > does succeed validation and no -b does fail validation) and send a test > mail. But that's an assu

Re: Have tested lots of solutions now with signing-milter. What is the problem?

As you might have noticed, the mails never leave the system. I send the mails from "sebast...@sebbe.eu" to "postmas...@sebbe.eu". Here is 2 test mails, one without -b parameter, and one with -b parameter. DKIM milter and hashcash milter disabled, so now ONLY mime-signing is active. with b.eml su

Re: Email notifications to external address

Thanks for the feedback - using Dovecot so I'll look at the options there as well as the scripted option which looks really interesting. Thanks again...

AW: Postfix + Dovecot ignore /etc/aliases

@(Viktor && Noel) Thanks a lot! It's working now as expected! Stefan -Ursprüngliche Nachricht- Von:Viktor Dukhovni Gesendet: Mi 04.03.2015 20:08 Betreff:Re: Postfix + Dovecot ignore /etc/aliases An: postfix-users@postfix.org; > On Wed, Mar 04, 2015 at 12:51:41PM -

Re: Have tested lots of solutions now with signing-milter. What is the problem?

Please grab a copy of the signing milter's output by freezing the message in the mail queue: # postconf header_checks=static:hold # postfix reload You can extract the message from the queue file with # postcat -bhq queueid | smime-verifier... If the S/Mime signature is invalid at this point the

Re: Have tested lots of solutions now with signing-milter. What is the problem?

Done. Here is a mail right before signing, and then a mail right after signing. The mail are signed without -b parameter and it fails validation. test.eml is just before its sent into signing-milter, and test2.eml is right after. Both were extracted out of the queue. -Ursprungligt meddela

Re: Have tested lots of solutions now with signing-milter. What is the problem?

How many other milters are there after the signing milter? If there are none, then your signing milter is defective (produces an incorrect signature). I've got to run for the train, and I will be offline for the rest of the day. Wietse Sebastian Nielsen: > Done. Here is a mail right befor

Re: Have tested lots of solutions now with signing-milter. What is the problem?

Sebastian Nielsen: But how can I retain a copy of message before milter? Could then remove the hashcash milter and DKIM milter (since those does not change that -b does succeed validation and no -b does fail validation) and send a test mail. the milter implement a switch "-k ". there cop

Re: Have tested lots of solutions now with signing-milter. What is the problem?

wietse: How many other milters are there after the signing milter? If there are none, then your signing milter is defective (produces an incorrect signature). that's a valid assumption. and to be honest: it's more likely then inside postfix but the source is available ¹). Anybody is invited