RE: Disable spooling

2015-11-17 Thread L . P . H . van Belle
> -Oorspronkelijk bericht- > Van: pa...@matos-sorge.com [mailto:owner-postfix-us...@postfix.org] Namens > Paulo Matos > Verzonden: maandag 16 november 2015 21:14 > Aan: L.P.H. van Belle; postfix users > Onderwerp: Re: Disable spooling > > > > On 09/11/15 16:43, L.P.H. van Belle wrote:

Re: Static WARN action without an (external) access-map in i.e. restriction_class possible?

2015-11-17 Thread Christian Rohmann
On 11/16/2015 04:54 PM, Wietse Venema wrote: > With Postfix 3.0 or later: > >... check_client_access static:{warn text...} ... > > Older Postfix releases require that the lookup result is stored > outside main.cf. > > (Postfix 3.0 also introduces inline: tables whose keys and values > are

Postfix 3.0 also introduces inline:

2015-11-17 Thread Postfix User
Okay, I suppose I don't pay as close attention to release announcements as I should. I noticed this is another post recently: Postfix 3.0 also introduces inline: tables whose keys and values are stored inside main.cf I did not see any documentation on the Postfix site for that. Am I just blind, o

Re: Postfix 3.0 also introduces inline:

2015-11-17 Thread Christian Kivalo
On 2015-11-17 12:08, Postfix User wrote: Okay, I suppose I don't pay as close attention to release announcements as I should. I noticed this is another post recently: Postfix 3.0 also introduces inline: tables whose keys and values are stored inside main.cf I did not see any documentation

Re: Postfix 3.0 also introduces inline:

2015-11-17 Thread Wietse Venema
Postfix User: > Okay, I suppose I don't pay as close attention to release announcements as I > should. I noticed this is another post recently: > > Postfix 3.0 also introduces inline: tables whose keys and values are stored > inside main.cf > > I did not see any documentation on the Postfix site

Postfix ignoring check_recipient_access

2015-11-17 Thread Neil Smith
Postfix seems to be ignoring the smtpd_recipient_restrictions = check_recipient_access instruction. I've got a Postfix + Dovecot + Amavis setup and all works fine. I use address extensions for the virtual users, so I can "turn off" addresses that have been included on spammers' lists. When an

Re: Postfix ignoring check_recipient_access

2015-11-17 Thread Koko Wijatmoko
On Tue, 17 Nov 2015 12:44:12 + Neil Smith wrote: > Postfix seems to be ignoring the smtpd_recipient_restrictions = > check_recipient_access instruction. > did you ran postmap for the hash table? what inside your /etc/postfix/recipient_checks?

Re: Postfix ignoring check_recipient_access

2015-11-17 Thread Neil Smith
On Tuesday 17 Nov 2015 20:50:32 Koko Wijatmoko wrote: > On Tue, 17 Nov 2015 12:44:12 + > Neil Smith wrote: > > > Postfix seems to be ignoring the smtpd_recipient_restrictions = > > check_recipient_access instruction. > > > did you ran postmap for the hash table? Yes, several times, and res

Re: Postfix ignoring check_recipient_access

2015-11-17 Thread Koko Wijatmoko
On Tue, 17 Nov 2015 13:56:01 + Neil Smith wrote: > > did you ran postmap for the hash table? > > Yes, several times, and restarted postfix afterwards. > is the file permission allow postfix to read it?

Re: Postfix ignoring check_recipient_access

2015-11-17 Thread Neil Smith
On Tuesday 17 Nov 2015 21:04:00 Koko Wijatmoko wrote: > On Tue, 17 Nov 2015 13:56:01 + > Neil Smith wrote: > > > > did you ran postmap for the hash table? > > > > Yes, several times, and restarted postfix afterwards. > > > is the file permission allow postfix to read it? Yes. root@pserver

Re: Postfix ignoring check_recipient_access

2015-11-17 Thread Wietse Venema
Neil Smith: > When an email is only RCPT TO one of the turned off addresses, the > smtpd_recipient_restrictions = check_recipient_access instruction > _should_ (I think) tell Postfix to reject the message. But the > messages still end up in my inbox. ... > smtpd_recipient_restrictions = permit_sasl

Re: Postfix ignoring check_recipient_access

2015-11-17 Thread Viktor Dukhovni
On Tue, Nov 17, 2015 at 12:44:12PM +, Neil Smith wrote: > Postfix seems to be ignoring the smtpd_recipient_restrictions = > check_recipient_access instruction. Yes, "seems". Postfix does not ignore its configuration. It does exactly what it is configured to do. You really should choose a

Re: rejecting email from specific domains

2015-11-17 Thread Bill Cole
On 17 Nov 2015, at 1:48, yahoogro...@lazygranch.xyz wrote: FWIW, I keep an xyz tld for test purposes. Point dot com to production and dot xyz for test. Yes I know there are ways to do this with a subdomain, but dot xyz is really cheap. While a subdomain (or ad hoc .local with your DNS authori

Re: rejecting email from specific domains

2015-11-17 Thread Viktor Dukhovni
On Tue, Nov 17, 2015 at 10:08:47AM -0500, Bill Cole wrote: > >I never investigated if there production users of xyz.   > > There are absolutely positively multiple production users of .xyz domains. > All evidence I have of this is blatant unequivocal spam and SMTP behaviors > that correlate perfe

Re: Postfix ignoring check_recipient_access

2015-11-17 Thread Neil Smith
On Tuesday 17 Nov 2015 09:37:44 Wietse Venema wrote: > Put check_recipient_access at the BEGINNING of smtpd_recipient_restrictions. Thank you, that seems to have fixed it. But... On Tuesday 17 Nov 2015 14:43:50 Viktor Dukhovni wrote: > > smtpd_recipient_restrictions = > > permit_sasl_authe

Re: Postfix ignoring check_recipient_access

2015-11-17 Thread Viktor Dukhovni
On Tue, Nov 17, 2015 at 03:26:55PM +, Neil Smith wrote: > On Tuesday 17 Nov 2015 14:43:50 Viktor Dukhovni wrote: > > > > smtpd_recipient_restrictions = > > > permit_sasl_authenticated > > > permit_mynetworks > > > permit_mx_backup > > > check_recipient_access hash:/etc/postfix/rec

Re: rejecting email from specific domains

2015-11-17 Thread Bill Cole
On 17 Nov 2015, at 10:19, Viktor Dukhovni wrote: On Tue, Nov 17, 2015 at 10:08:47AM -0500, Bill Cole wrote: I never investigated if there production users of xyz.   There are absolutely positively multiple production users of .xyz domains. All evidence I have of this is blatant unequivocal

Re: Puting the Postfix's queue into RAM disk

2015-11-17 Thread Istvan Prosinger
The problem is tha there is that one VPS and I wanted 2nd opinions about my dirty plan. Thanks On 2015-11-15 19:03, Matthew McGehrin wrote: Is it possible to configure a 2nd VPS instance just for fallback_relay? That way your primary queue is only for deliveries, and your 2nd instance can handl

Re: Postfix ignoring check_recipient_access

2015-11-17 Thread Neil Smith
On Tuesday 17 Nov 2015 15:50:22 Viktor Dukhovni wrote: > On Tue, Nov 17, 2015 at 03:26:55PM +, Neil Smith wrote: > > > On Tuesday 17 Nov 2015 14:43:50 Viktor Dukhovni wrote: > > > > > > smtpd_recipient_restrictions = > > > > permit_sasl_authenticated > > > > permit_mynetworks > > > > pe

Untrusted TLS connection established headache

2015-11-17 Thread Istvan Prosinger
Hi, I'm trying to install the signed STARTSSL certificates to Postfix, but I'm getting this entry whatever I do: Nov 17 18:41:39 knox postfix/smtp[32153]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[74.125.133.26]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (12

Re: Untrusted TLS connection established headache

2015-11-17 Thread Viktor Dukhovni
On Tue, Nov 17, 2015 at 08:02:35PM +0100, Istvan Prosinger wrote: > I'm trying to install the signed STARTSSL certificates to Postfix, but I'm > getting this entry whatever I do: > > Nov 17 18:41:39 knox postfix/smtp[32153]: Untrusted TLS connection > established to gmail-smtp-in.l.google.com[74.

socket: malformed response

2015-11-17 Thread Vicki Brown
I got my SpamAssassin content filter working, using recommendations and script code (modified) from http://www.akadia.com/services/postfix_spamassassin.html . Added to master.cf smtp inet n - n - - smt

Re: socket: malformed response

2015-11-17 Thread Wietse Venema
Vicki Brown: > Log sections looked like this when it was working: > > Nov 17 02:35:37 g3po postfix/qmgr[70628]: 91D742F5FFD8: > from=<...@googlegroups.com>, size=7252, nrcpt=1 (queue active) ... > > Then it crashed. > > /var/log/mail.log shows > > Nov 17 02:38:29 g3po postfix/qmgr[70628]: warni

Re: Untrusted TLS connection established headache

2015-11-17 Thread Viktor Dukhovni
On Tue, Nov 17, 2015 at 07:14:21PM +, Viktor Dukhovni wrote: > > smtp_tls_CAfile = /etc/ssl/certs/startssl-ca-bundle.pem > > smtp_tls_CApath = /etc/ssl/certs/ > > smtp_tls_loglevel = 1 > > smtp_tls_security_level = may > > With opportunistic TLS ("may") certificates are never verified, > and

Re: socket: malformed response

2015-11-17 Thread Bill Cole
On 17 Nov 2015, at 18:22, Vicki Brown wrote: Is there anything I can do to troubleshoot? Enhance that script to log its failures & capture the stderr of what it calls rather than just tossing back to Postfix.

Re: Untrusted TLS connection established headache

2015-11-17 Thread Bill Cole
On 17 Nov 2015, at 14:02, Istvan Prosinger wrote: Hi, I'm trying to install the signed STARTSSL certificates to Postfix, but I'm getting this entry whatever I do: Nov 17 18:41:39 knox postfix/smtp[32153]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[74.125.133.26]:25:

Re: socket: malformed response

2015-11-17 Thread Vicki Brown
When I said "crashed" I was referring to the spamchk script, which, once it gave an error, continued to do so for the next 8 hours. > The description of the problem was logged by process 74861. Yes, I did note that I saw that. (But it makes no sense to repeat over and over; it's a call to sendm

Re: Untrusted TLS connection established headache

2015-11-17 Thread Viktor Dukhovni
On Tue, Nov 17, 2015 at 10:58:13PM -0500, Bill Cole wrote: > >[root@knox certs]# postconf -n | grep tls > >smtp_tls_CAfile = /etc/ssl/certs/startssl-ca-bundle.pem > >smtp_tls_CApath = /etc/ssl/certs/ > > That's likely to be wrong. smtp_tls_CApath needs to be more than just a > directory where the