jaso...@mail-central.com:
> On Wed, Apr 20, 2016, at 05:13 PM, Wietse Venema wrote:
> > 3) qmgr selects a delivery agent.
> >
> > 4) The delivery agent does a partial delivery attempt and reports
> >results to the verify daemon.
>
> IIUC, looking at that^ and
>
> http://www.postfix.org/OVE
Hola.
I installed PostFix 3.1.
I added these to the main.cf configuration file:
unverified_recipient_reject_reason = bad address
unverified_recipient_defer_code = 450
unverified_recipient_reject_code = 550
So a unverified_recipient rejection I think should respond by a 550.
When I send the tes
Hi All,
when attempting to enforce TLS with a remote server i saw it failing.
The reason turned out to be with the remote server-banner consisting
of '*'-characters only. The local postfix-smtp in this case insisted
to send "HELO".
I'ld like to understand if i can override/force postfix-smtp to se
Thomas Z?ch:
> Hi All,
>
> when attempting to enforce TLS with a remote server i saw it failing.
> The reason turned out to be with the remote server-banner consisting
> of '*'-characters only. The local postfix-smtp in this case insisted
The server is behind a CISCO PIX (or CISCO ASA) device wit
list...@tutanota.com:
> Hola.
>
> I installed PostFix 3.1.
>
> I added these to the main.cf configuration file:
>
> unverified_recipient_reject_reason = bad address
> unverified_recipient_defer_code = 450
> unverified_recipient_reject_code = 550
>
> So a unverified_recipient rejection I think s
21. Apr 2016 10:01 by wie...@porcupine.org:
> Postfix WILL NOT use unverified_recipient_reject_code if the
> verification result was a soft error.
Okay you have explained
> Can someone tell me what the diffrence is between these (as postfixsee's
> them).
Errors are permanent or temporary.
list...@tutanota.com:
> 21. Apr 2016 10:01 by wie...@porcupine.org:
>
> > Postfix WILL NOT use unverified_recipient_reject_code if the
> > verification result was a soft error.
>
>
>
> Okay you have explained
>
> > Can someone tell me what the diffrence is between these (as postfixsee's
> > t
Wietse Venema:
> Thomas Z?ch:
> > Hi All,
> >
> > when attempting to enforce TLS with a remote server i saw it failing.
> > The reason turned out to be with the remote server-banner consisting
> > of '*'-characters only. The local postfix-smtp in this case insisted
>
> The server is behind a CISC
Wietse Venema:
> list...@tutanota.com:
> > 21. Apr 2016 10:01 by wie...@porcupine.org:
> >
> > > Postfix WILL NOT use unverified_recipient_reject_code if the
> > > verification result was a soft error.
> >
> >
> >
> > Okay you have explained
> >
> > > Can someone tell me what the diffrence is
> I just remember from years ago that some CISCOS in fixup mode will
> reject EHLO, and some will reject STARTTLS, depending on configuration.
>
> On the upside, one does not have to worry about TLS downgrade atttacks.
>
> Wietse
Thanks for your background information, advice - and postfix
21. Apr 2016 10:52 by wie...@porcupine.org:
>> TURN OFF unverified_recipient_reject_code and you will see why it is
>> reported as
>> a temporary error.
> That should be: turn off unverified_recipient_reject_reason.
>
Okay I read that unverified_recipient_reject_reason is good for privacy but
Hola.
I added the postscreen function to my PostFix server.
I get emails now and lots of spams are blocked by it.
In the log is
Apr 21 12:33:19 tanzer postfix/postscreen[12944]: connect from
unknown[65.181.123.80]
And after the email continues to be delivered okay.
What is "unknown" in t
> On 21 Apr 2016, at 20:46, wrote:
>
> What is "unknown" in this case?
>
> I think it is the RDNS that is not there?
Yes. There’s no reverse DNS for the connecting IP address.
> host 65.181.123.80
> Host 80.123.181.65.in-addr.arpa. not found: 3(NXDOMAIN)
You should really use di
list...@tutanota.com:
> Hola.
>
> I added the postscreen function to my PostFix server.
>
> I get emails now and lots of spams are blocked by it.
>
> In the log is
>
> Apr 21 12:33:19 tanzer postfix/postscreen[12944]: connect from
> unknown[65.181.123.80]
postscreen logging looks like this:
21. Apr 2016 12:56 by j...@rfc1035.com:
> You should really use dig for DNS troubleshooting. Accept no subsitutes.
> Well, apart from delv or drill if you’re troubleshooting Secure DNS errors.
dig I know and can use.
Those other ones are new tools to me. Ill look for them
> SMTP co
> You appear to have copied the smtpd executable over the postscreen
> executable.
You are right I made the same sort of bad mistake in the set up. Thanks for
catching it.
I fixed it, and separated the smtpd for postscreen, and named it so I can
follow it.
So now I see in log
Apr 21 13:
list...@tutanota.com:
> > smtpd logs "unknown" when the IP address has no name, or when the name does
> > not resolve to the remote SMTP client IP address.
>
> Okay so the log is acting right, and recording the event.
>
> Now I must make and control the decision when it happens for each case.
>
17 matches
Mail list logo
