null envelope and reject_authenticated_sender_login_mismatch

Hello, I have the following problem. I configured Postfix 3.0.1 to force SASL auth and permit only a set of envelope sender addresses for each login (reject_authenticated_sender_login_mismatch). I would like to understand why the null envelope sender address ("<>") is always permitted fo

Re: null envelope and reject_authenticated_sender_login_mismatch

On Tue, Apr 28, 2015 at 09:03:51AM +0200, Marco wrote: > I would like to understand why the null envelope sender address ("<>") is > always permitted for all logins, even if it doesn't match the > smtpd_sender_login_maps table. > reject_authenticated_sender_login_mismatch works as expected for all

RE: spam fighting

Hi Terry, I use amavisd-new/spamassassin in post-queue configuration with few adjustments: increased score for SPF_FAIL, DKIM_ADSP_DISCARD, Bayes_80, Bayes_95, Bayes_99, Bayes_999 and few others. Local DNS server - critical for RBL queries. As for postscreen, I preffer "postscreen_greet_action = e

Re: Conversation with x.x.x.x[x.x.x.x] timed out while sending end of data

Thank you for your response! I viewed the some emails in the queue and did not see DKIM signatures in them. Also, our network guys confirmed, that ASA version is 7.3, which should be bug-free. Any other ideas or things I should/could check and test? Kristjan On Mon, Apr 27, 2015 at 5:09 PM, Wiets

Re: Conversation with x.x.x.x[x.x.x.x] timed out while sending end of data

On 28 Apr 2015, at 8:45, Kristjan Nii wrote: Thank you for your response! I viewed the some emails in the queue and did not see DKIM signatures in them. Also, our network guys confirmed, that ASA version is 7.3, which should be bug-free. Perhaps it "should be" (a slippery English idiom that

Re: Stan Hoeppner's fqrdns.pcre file?

Hi, check_client_access uses the verified name, which is more conservative. I wasn't convinced this was a good idea, so I played it safe. So check_client_access is performing an additional DNS query on the hostname to check if it matches the IP? Right. Awesome, thanks. I'm learning all th

Re: Stan Hoeppner's fqrdns.pcre file?

Hi, I should have mentioned that I actually did that, once I couldn't find Stan's site: https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre For those who are using it, I've replaced it with a version from March 2013 instead of March 2012. https://github.com/stevejenkins

ERRATA(?): MILTER_README

Postfix v.3.0.0 MILTER_README says: Sendmail macro emulation Postfix emulates a limited number of Sendmail macros, as shown in the table. Some macro values depend on whether a recipient is rejected (rejected recipients are available on request by the Milter application). Di

Re: spam fighting

> On Apr 28, 2015, at 1:47 AM, Marius Gologan wrote: > > Hi Terry, > > I use amavisd-new/spamassassin in post-queue configuration with few > adjustments: increased score for SPF_FAIL, DKIM_ADSP_DISCARD, Bayes_80, > Bayes_95, Bayes_99, Bayes_999 and few others. > Local DNS server - critical for

Re: Conversation with x.x.x.x[x.x.x.x] timed out while sending end of data

Kristjan Nii: > Thank you for your response! > I viewed the some emails in the queue and did not see DKIM signatures in > them. Also, our network guys confirmed, that ASA version is 7.3, which > should be bug-free. > Any other ideas or things I should/could check and test? Other issues may have to

Re: ERRATA(?): MILTER_README

Bill Cole: > Also, the setting "smtpd_delay_open_until_valid_rcpt = no" assures that > the queue ID is known at RCPT time, making it possible for Postfix to > provide it to milters as the default setting says it will. This is not the default because it can increase queue activity by an order of

Re: Stan Hoeppner's fqrdns.pcre file?

--On Monday, April 27, 2015 10:10 PM -0700 Steve Jenkins wrote: I don't know when Stan did his final update, but if anyone has one newer than Mar 27 2013, please send it to me off-list and I'll update it. Hi Steve, I had just set this up on March 11, 2015. The version I downloaded at that

Re: spam fighting

On Apr 28, 2015, at 1:04 PM, Terry Barnum wrote: >> >> On Apr 28, 2015, at 1:47 AM, Marius Gologan wrote: >> >> Hi Terry, >> >> I use amavisd-new/spamassassin in post-queue configuration with few >> adjustments: increased score for SPF_FAIL, DKIM_ADSP_DISCARD, Bayes_80, >> Bayes_95, Bayes_99,

Re: ERRATA(?): MILTER_README

On 28 Apr 2015, at 13:30, Wietse Venema wrote: Bill Cole: Also, the setting "smtpd_delay_open_until_valid_rcpt = no" assures that the queue ID is known at RCPT time, making it possible for Postfix to provide it to milters as the default setting says it will. This is not the default because i

Re: Stan Hoeppner's fqrdns.pcre file?

On 28 Apr 2015, at 18:04, Alex Regan wrote: > Hi, > >>I should have mentioned that I actually did that, once I couldn't >>find Stan's site: >> >>https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre >> >> >> For those who are using it, I've replaced it with a version from

RE: spam fighting

Shared DNS as Google's 8.8.8.8 is not accepted by some RBLs such as spamhaus. They have an ACL in place. You will lose about 2 points from Spam scoring when you use a public DNS causing some spam to pass. Spamassassin (SA) uses many RBL services checking Domain & IP of the Sender; Domains, IPs and

RE: spam fighting

To be more specific about using a notorious DNS such as Google's 8.8.8.8(4.4): When many uses that DNS for RBL, Google queries the RBL from different IP pools (IPv4 and IPv6) and not from 8.8.8.8(4.4) as some might think. As a result, the popular provider has the "feeling" of a constant DNS DDoS at

Re: spam fighting

> On Apr 28, 2015, at 12:33 PM, Marius Gologan wrote: > > Shared DNS as Google's 8.8.8.8 is not accepted by some RBLs such as > spamhaus. They have an ACL in place. > You will lose about 2 points from Spam scoring when you use a public DNS > causing some spam to pass. Thank you Marius! I did no

RE: spam fighting

I don't know about others, but Pyzor is quite accurate in my experience. I think I will increase its score because, for example, most Russian spam don't include links. Pyzor is generating a digest key based on the content which is checked against a database. In return, it gets two values: positive

Re: Stan Hoeppner's fqrdns.pcre file?

On Tue, Apr 28, 2015 at 10:50 AM, Quanah Gibson-Mount wrote: > Hi Steve, > > I had just set this up on March 11, 2015. The version I downloaded at > that time has a timestamp of: > > # Postfix PCRE bot spam killer > # > # Updated 10/2/2014 > # Thanks, Quanah. That's actually the version I have

Re: Stan Hoeppner's fqrdns.pcre file?

> On Apr 28, 2015, at 1:31 PM, Steve Jenkins wrote: > https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre/blob/master/fqrdns.pcre > > Interesting to click the history button and see that it didn't really change > all that much from 2012-2014. > > SteveJ github URL for curl: $ curl

Re: Stan Hoeppner's fqrdns.pcre file?

On Tue, Apr 28, 2015 at 2:13 PM, Terry Barnum wrote: > github URL for curl: > > $ curl > https://raw.githubusercontent.com/stevejenkins/hardwarefreak.com-fqrdns.pcre/master/fqrdns.pcre Thanks, Terry. The same URL will also work for a wget, and I recommend using the -N option for timestamping (w

Question wrt partial migration from old postfix to newer one on two servers

Hello, As a part of our existing mail setup we've got something like this : Internet ==> MX ==> Server1 ==> Backend1 Internet <== Server1 <== Backend1 Backend1 handles SMTP authentication and is used as the end users' SMTP server in their MUAs whenever they want to send emails to anywhere (e

Re: Question wrt partial migration from old postfix to newer one on two servers

On Wed, Apr 29, 2015 at 11:18:47AM +1100, J?r?me Alet wrote: > For a few users only, we are planning to have, in addition to > the setup above : > > Internet ==> MX ==> Server1 ==> Backend2 > Internet <== Server1 <== Backend2 > > Where Backend2 is a Debian Wheezy machine hosting Postfix 2.9.

Re: ERRATA(?): MILTER_README

Bill Cole: > Are you are willing to consider changing MILTER_README to more precisely > describe that conditional availability of {i} if I propose specific > wording? You can draft some text if you like. But, unless the text is really simple, I don't expect that it is worth the trouble. If a sys

Re: Question wrt partial migration from old postfix to newer one on two servers

Hi, and thanks for your fast answer, On Wed, Apr 29, 2015 at 12:34:35AM +, Viktor Dukhovni wrote: > > On Backend2 mydestination is defined as : > > > >mydestination = example.com, backend2.example.com, > >localhost.localdomain, localhost > > Looks like you're using loca

Re: Question wrt partial migration from old postfix to newer one on two servers

Hi again, On Wed, Apr 29, 2015 at 12:34:35AM +, Viktor Dukhovni wrote: > > Replace this (on Server1) with a rewriting configuration: > > virtual: > newu...@example.com newu...@backend2.example.com > > transport: > example.com relay:[backend1.example.com] >

Re: Question wrt partial migration from old postfix to newer one on two servers

On Wed, Apr 29, 2015 at 03:23:20PM +1100, J?r?me Alet wrote: > I've tried several combinations of your suggestions, but now > unfortunately delivery doesn't work anymore (it used to, as explained > previously) : newu...@backend2.example.com is always rejected as unknown > in local recipient table.

Re: Question wrt partial migration from old postfix to newer one on two servers

On Wed, Apr 29, 2015 at 04:32:22AM +, Viktor Dukhovni wrote: > On Wed, Apr 29, 2015 at 03:23:20PM +1100, J?r?me Alet wrote: > > You've not explained how you intend to manage mailboxes, or shown any > details of your configuration. My advice was correspondingly sketchy. My bad, sorry. > If yo

Re: Stan Hoeppner's fqrdns.pcre file?

On 28 Apr 2015, at 23:23, Steve Jenkins wrote: > On Tue, Apr 28, 2015 at 2:13 PM, Terry Barnum > wrote: > github URL for curl: > > $ curl > https://raw.githubusercontent.com/stevejenkins/hardwarefreak.com-fqrdns.pcre/master/fqrdns.pcre > >

Re: Question wrt partial migration from old postfix to newer one on two servers

On Wed, Apr 29, 2015 at 03:53:09PM +1100, J?r?me Alet wrote: > On Wed, Apr 29, 2015 at 04:32:22AM +, Viktor Dukhovni wrote: > > On Wed, Apr 29, 2015 at 03:23:20PM +1100, J?r?me Alet wrote: > > > > You've not explained how you intend to manage mailboxes, or shown any > > details of your configu

Re: Question wrt partial migration from old postfix to newer one on two servers

> > From: Viktor Dukhovni > Sent: Wed Apr 29 16:49:01 NCT 2015 > To: > Subject: Re: Question wrt partial migration from old postfix to newer one on > two servers > > And yet you still have not provided a complete set of requirements > and configuration d