[no subject]

Good day, Why does postfix accept mail to 'RCPT TO: ' on submission port, even when smtpd_recipient_restrictions are set to permit_sasl_authenticated,reject? It's postfix-2.11.0 on Ubuntu trusty. Excerpt from chat session and configs below. $ openssl s_client -connect mail.my-domain.com:587 -star

Why is recipient accepted on submission port?

juodu...@gmail.com wrote: > Good day, > > Why does postfix accept mail to 'RCPT TO: ' on submission > port, even when smtpd_recipient_restrictions are set to > permit_sasl_authenticated,reject? It's postfix-2.11.0 on Ubuntu > trusty. Excerpt from chat session and configs below. > > $ openssl s_

I can't find the reason for this smtpd/opendmarc warning.

I have opendmarc configured in postfix main.cf ### # dkim & dmarc smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893 non_smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893 milter_default_action = accept and the opendmarc.con

Re: I can't find the reason for this smtpd/opendmarc warning.

My first thought is that is anything actually running on port 8893? On 04/12/2015 10:19 am, Robert Chalmers wrote: > I have opendmarc configured in postfix main.cf > > ### > # dkim & dmarc > smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893 > non_smtpd_milters =

Re: I can't find the reason for this smtpd/opendmarc warning.

Sorry - went back to user, not list. _opendmarc 29480 0.0 0.0 2464732660 ?? Ss 10:51am 0:00.02 /usr/local/sbin/opendmarc -c /usr/local/etc/opendmarc/opendmarc.conf Seems to be running … also a simple telnet localhost 8893 Trying ::1... telnet: connect to address ::1: Conne

Re: Why is recipient accepted on submission port?

juodu...@gmail.com: > > Why does postfix accept mail to 'RCPT TO: ' on submission > > port, even when smtpd_recipient_restrictions are set to > > permit_sasl_authenticated,reject? See RFC 5321, the document that defines SMTP. Wietse

Re: Why is recipient accepted on submission port?

Wietse Venema wrote: > juodu...@gmail.com: > > > Why does postfix accept mail to 'RCPT TO: ' on submission > > > port, even when smtpd_recipient_restrictions are set to > > > permit_sasl_authenticated,reject? > > See RFC 5321, the document that defines SMTP. > > Wietse > Thanks for the r

Found: .... the reason for this smtpd/opendmarc warning.

this warning … warning: connect to Milter service inet:127.0.0.1:8893: Connection refused I started opendmarc as root, and the warning went away. sudo /usr/local/sbin/opendmarc -v -c /usr/local/etc/opendmarc/opendmarc.conf _opendmarc 29480 0.0 0.0 2482232820 ?? Ss 10:51am 0:

Re: Why is recipient accepted on submission port?

On Fri, Dec 04, 2015 at 02:20:53PM +0200, juodu...@gmail.com wrote: > I find it strange that postfix accepts , but rejects > on this port (both variants are working on > 25/smtp). This is a work-around for "reject_non_fqdn_recipient" which applies to all addresses except "postmaster". Bottom-li

reject connections from hosts without mx record

Hello, I received (yet another) SPAM/UCE from an address without MX record. Although it is not mandatory for a sender to have an MX record, this RFC loophole is exploited by spammers. Further, I do not want to receive mail from someone I cannot reply to. Before writing a milter, I would need to

Re: reject connections from hosts without mx record

On 12/4/2015 11:28 AM, sb wrote: > Hello, > > I received (yet another) SPAM/UCE from an address without MX record. > > Although it is not mandatory for a sender to have an MX record, > this RFC loophole is exploited by spammers. Further, I do not want to > receive mail from someone I cannot reply

Re: reject connections from hosts without mx record

On 12/4/15 7:08 PM, Noel Jones wrote: > The sender domain must have either an MX or an A record. > You can reply to a domain with only an A record. If I send mail to the above address, there is no server that can receive it: > telnet 78.134.2.123 25 Trying 78.134.2.123... No response given. Th

Let's Encrypt certificates for port 25 SMTP and DANE TLSA

[ FYI, based on text from a recent post to the dane-us...@sys4.de list ] > Something else to keep in mind with the Let's Encrypt certificates is > that they have a 90-day lifetime with the automatic renewal process > starting at sixty days. Automated replacement might make them entirely unfit for

Re: reject connections from hosts without mx record

On 12/4/2015 12:57 PM, sb wrote: > On 12/4/15 7:08 PM, Noel Jones wrote: > >> The sender domain must have either an MX or an A record. >> You can reply to a domain with only an A record. > > If I send mail to the above address, there is no server that can > receive it: > >> telnet 78.134.2.123 2

Has anyone added a content filter to Postfix under OS X Server?

I have upgraded my mail "toaster" to use OS X Server. Yippee. I would like to have more control over the Spam filtering process than X Server offers by default. I have a script (which I hope won't return a "malformed response now) that I would like to insert. I am attempting to understand "htt

Has anyone added a content filter to Postfix under OS X Server?

And while we're at it, is there (anywhere) an example of an "advanced content filter" as described at http://www.postfix.org/FILTER_README.html ? The page says: The job of the content filter is to either bounce mail with a suitable diagnostic, or to fe

Re: Has anyone added a content filter to Postfix under OS X Server?

On Fri, Dec 04, 2015 at 12:48:16PM -0800, Vicki Brown wrote: > I am attempting to understand "http://www.postfix.org/FILTER_README.html"; > > Instructions for a "Simple"content filter suggest adding > -o content_filter=filter:dummy > to the master.cf entry that defines the Postfix SMTP server

Re: reject connections from hosts without mx record

On 4 Dec 2015, at 13:57, sb wrote: On 12/4/15 7:08 PM, Noel Jones wrote: [...] I had eject_unknown_sender_domain in smtpd_sender_restrictions, and it did not work. It is now in smtpd_client_restrictions. Which is wrong. See 'man 5 postconf' and the file SMTPD_ACCESS_README in the Postfi