Re: Two different IP for one mx

On 30.01.18 00:09, jin&hitman&Barracuda wrote: In-Reply-To: References: hell, how did you create this e-mail? it looks like reply to thread with another 9 e-mails. (Plese send new post when asking new question) We are tring to move our mx server to another isp. They gave us an IP address

Re: Two different IP for one mx

2018-01-30 12:03 GMT+03:00 Matus UHLAR - fantomas : > On 30.01.18 00:09, jin&hitman&Barracuda wrote: > >> In-Reply-To: > ail.com> >> References: > ail.com> >> >> > > hell, how did you create this e-mail? it looks like reply to thread with > another 9 e-mails. (Plese send new post when asking new

python-policyd-spf doesn't check mail from my own domain

I've installed the opendmarc milter. I'm not rejecting mail from it at the moment. I've noticed that if I send myself a message, the policyd-spf milter isn't run. That in turn causes mail I send myself to fail in opendmarc. Any ideas? The various email verifiers do show that my email passes spf.

Re: Two different IP for one mx

On 30 Jan 2018 3:43 a.m., "Paul" wrote: What is the source IP you see making connections to your new postfix server ? On 30.01.18 09:28, jin&hitman&Barracuda wrote: It is 172.27.203.20 2018-01-30 12:03 GMT+03:00 Matus UHLAR - fantomas : this is also a private address and it should not ap

Re: python-policyd-spf doesn't check mail from my own domain

li...@lazygranch.com skrev den 2018-01-30 11:11: It is easy enough just to whitelist your own domains from opendmarc, but that would allow spoofed email to get through. its simple to not accept forged senders in port 25 ? for me i just check virtual alias senders in postfixadmin, poor manns

Re: python-policyd-spf doesn't check mail from my own domain

On 30 January 2018 at 10:11, li...@lazygranch.com wrote: > I've installed the opendmarc milter. I'm not rejecting mail from it at > the moment. I've noticed that if I send myself a message, the > policyd-spf milter isn't run. That in turn causes mail I send myself to > fail in opendmarc. Any ideas

Re: Two different IP for one mx

2018-01-30 13:29 GMT+03:00 Matus UHLAR - fantomas : > On 30 Jan 2018 3:43 a.m., "Paul" wrote: >>> What is the source IP you see making connections to your new postfix server ? >>> On 30.01.18 09:28, jin&hitman&Barracuda wrote: >>> It is 172.27.203.20 >>> > 2018-

Re: Two different IP for one mx

On 30 Jan 2018 3:43 a.m., "Paul" wrote: What is the source IP you see making connections to your new postfix server ? On 30.01.18 09:28, jin&hitman&Barracuda wrote: It is 172.27.203.20 2018-01-30 12:03 GMT+03:00 Matus UHLAR - fantomas : If you see this IP when you connect to your postfix

Re: Two different IP for one mx

2018-01-30 14:16 GMT+03:00 Matus UHLAR - fantomas : > On 30 Jan 2018 3:43 a.m., "Paul" wrote: >>> What is the source IP you see making connections to your new postfix >> server ? >> > > On 30.01.18 09:28, jin&hitman&Barracuda wrote: > >> It is 172.27.203.20 >> > >

Re: Two different IP for one mx

On 01/29/2018 11:09 PM, jin&hitman&Barracuda wrote: Hi We are tring to move our mx server to another isp. You have two postfix installations then, one in your current MX record and a new which is not yet published on DNS . Is that correct ? They gave us an IP address but there is some stran

Re: Two different IP for one mx

On the new Postfix server, are you using DHCP client on the WAN interface to get a IP address?  You should not be.  You should assign your public address to the WAN interface. I have static addresses with my ISP.  My ISP's modem will hand out private addresses if I use DHCP client.  I don't conf

Re: Two different IP for one mx

If you see this IP when you connect to your postfix from the internet, complain to your new ISP immediately. Connections from outside should not be NATted. On 30.01.18 14:34, jin&hitman&Barracuda wrote: When I connecting from internet (for example from 149.XXX.164.55) I did run tcpdump command

Re: Two different IP for one mx

2018-01-30 14:42 GMT+03:00 G : > On 01/29/2018 11:09 PM, jin&hitman&Barracuda wrote: > >> Hi >> >> We are tring to move our mx server to another isp. >> > > You have two postfix installations then, one in your current MX record and > a new > which is not yet published on DNS . Is that correct ? >

send specific NDR message for users in certain OU

Hi, The question can perhaps be made more generic like this: Can postfix generate a *specific* NDR (or an autoreply) for accounts that meet a specific criterium, such as: - user account was found under OU=to-delete,CN=company... contrary to the regular location CN=Users,CN=company... We would

Re: Two different IP for one mx

2018-01-30 15:22 GMT+03:00 Bill Shirley : > On the new Postfix server, are you using DHCP client on the WAN interface > to get a IP address? You should not be. You should assign your public > address > to the WAN interface. > > I have static addresses with my ISP. My ISP's modem will hand out p

Re: Two different IP for one mx

2018-01-30 16:42 GMT+03:00 Matus UHLAR - fantomas : > If you see this IP when you connect to your postfix from the internet, >>> complain to your new ISP immediately. Connections from outside >>> should not be NATted. >>> >> > On 30.01.18 14:34, jin&hitman&Barracuda wrote: > >> Wh

Re: Two different IP for one mx

On 2018-01-30 14:08, jin&hitman&Barracuda wrote: > 2018-01-30 15:22 GMT+03:00 Bill Shirley : > >> On the new Postfix server, are you using DHCP client on the WAN interface >> to get a IP address? You should not be. You should assign your public >> address >> to the WAN interface. >> >> I have

Duplicate email troubleshooting

Greetings, I'm running into an issue with a mailbox that also has aliases assigned to it. e.g. u...@domain.net has alias u...@domain.net, us...@otherdomain.net, and us...@otherdomain.net

Re: Two different IP for one mx

On 1/30/2018 9:15 AM, Karol Augustin wrote: From the information you provided it looks like problem is not fixable by you. It's ok to have private address configured on your server if it is properly translated upstream. Amazon does that. You have private IP configured on your machine but it is t

Re: Two different IP for one mx

On 2018-01-30 15:59, Bill Shirley wrote: > > In an earlier post: > Becouse I prefer to use fail2ban for brute force attacks and fail2ban depends > source IP address.In this setup I can't see source IP. Also I'll use iptables > as a permanent filter for some IPv4 blocks (like china). > > He n

Re: Duplicate email troubleshooting

On 30.01.18 08:55, Asai wrote: I'm running into an issue with a mailbox that also has aliases assigned to it. please avoid HTML mail. e.g. u...@domain.net has alias u...@domain.net, us...@otherdomain.net, and us...@otherdomain.net What's weird is user1 and user2 are getting duplicate email

Email and information helpfull to have in the headers/logs for police enquiries

hi, We participated in some police enquiries about emails sent to blackmail people and get the source IP. The ISP answered that they use proxy systems and they requires IP+port to be able to track the source. We just helped the case but it sparkle the idea that i better start to log the tcp por

Re: Two different IP for one mx

On 30 Jan 2018 7:00 p.m., "Bill Shirley" wrote: On 1/30/2018 9:15 AM, Karol Augustin wrote: >From the information you provided it looks like problem is not fixable by you. It's ok to have private address configured on your server if it is properly translated upstream. Amazon does that. You have

Re: Email and information helpfull to have in the headers/logs for police enquiries

On 2018-01-30 16:44, Ghislain Adnet wrote: > hi, > > We participated in some police enquiries about emails sent to > blackmail people and get the source IP. The ISP answered > that they use proxy systems and they requires IP+port to be able to > track the source. We just helped the case but it >

Re: Duplicate email troubleshooting

> On Jan 30, 2018, at 9:21 AM, Matus UHLAR - fantomas wrote: > > On 30.01.18 08:55, Asai wrote: >> I'm running into an issue with a mailbox that also has aliases assigned to >> it. > > please avoid HTML mail. >> e.g. u...@domain.net has alias u...@domain.net, us...@otherdomain.net, and >> us..

Re: Email and information helpfull to have in the headers/logs for police enquiries

Karol Augustin writes: > On 2018-01-30 16:44, Ghislain Adnet wrote: >> hi, >> >> We participated in some police enquiries about emails sent to >> blackmail people and get the source IP. The ISP answered >> that they use proxy systems and they requires IP+port to be able to >> track the source.

Re: Duplicate email troubleshooting

> On Jan 30, 2018, at 10:55 AM, Asai wrote: > > I'm running into an issue with a mailbox that also has aliases assigned to it. > > e.g. u...@domain.net has alias u...@domain.net, us...@otherdomain.net, and > us...@otherdomain.net > > What's weird is user1 and user2 are getting duplicate emai

Re: Email and information helpfull to have in the headers/logs for police enquiries

> On Jan 30, 2018, at 11:44 AM, Ghislain Adnet wrote: > > In postfix the IP is logged but not the TCP port. To be ahead in future legal > issues i wanted to know if there is a way > to : > > - add the TCP port to the log messages > - add the tcp port to a header in the mail (so it stick to i

Re: Email and information helpfull to have in the headers/logs for police enquiries

On Tue, Jan 30, 2018 at 05:27:40PM +, Karol Augustin wrote: > > I don't know why it is important to you to log the port number so if you > could explain I would be grateful. It's because of a Large Scale Nat using address+port. The same address is given out to more than one ISP customer alon

multi instance postfix with 2 IP address and 2 sending domains

Hello, I have configured server to support 2 sending IP addresses with corresponding 2 sending domains. DKIM, SPF, reverse hostname works correct, primary and secondary instances are setup with corresponding myhostname and smtp_helo_name. smtp_bind_address also configured correct on both inst

Re: multi instance postfix with 2 IP address and 2 sending domains

January 30, 2018 3:56 PM, "Anvar Kuchkartaev" wrote: > Hello, > > I have configured server to support 2 sending IP addresses with corresponding > 2 sending domains. > DKIM, SPF, reverse hostname works correct, primary and secondary instances > are setup with > corresponding myhostname and smtp

Re: multi instance postfix with 2 IP address and 2 sending domains

currently spf record of both domains are the same: "v=spf1 a mx ptr ptr:sendingdomain1.com ptr:sendingdomain2.com ~all" Might PTR causing issue because of it is deprecated? On 30/01/18 22:00, Fabian A. Santiago wrote: January 30, 2018 3:56 PM, "Anvar Kuchkartaev" wrote: Hello, I have confi

Re: multi instance postfix with 2 IP address and 2 sending domains

January 30, 2018 4:08 PM, "Anvar Kuchkartaev" wrote: > currently spf record of both domains are the same: > "v=spf1 a mx ptr ptr:sendingdomain1.com ptr:sendingdomain2.com ~all" > > Might PTR causing issue because of it is deprecated? > > On 30/01/18 22:00, Fabian A. Santiago wrote: > >> Januar

Re: multi instance postfix with 2 IP address and 2 sending domains

I just have modified SPF record to a mx ip4:... ~all and included all IP addresses of the server. Since TTL was 5 seconds propogation took not too long but without luck. Server has 4 IP addresses and customer requested to have send only mail server on 3rd and 4th addresses of their OpenVZ serv

Re: Email and information helpfull to have in the headers/logs for police enquiries

Le 30/01/2018 à 19:26, Viktor Dukhovni a écrit : > > http://www.postfix.org/postconf.5.html#smtpd_client_port_logging > oh this one i did not found before thanks a lot i gonna try it asap. Karol : yes this is not a law that ask me to log them but it is important to me that if a bad guy blackm

Re: Configure Postfix for High Volume

Just checking back if there is recommendation to increase outbound mail delivery . On Fri, Jan 26, 2018 at 11:04 AM, Stephen Satchell wrote: > On 01/25/2018 05:58 PM, Viktor Dukhovni wrote: > >> This is not good advice, it breaks delivery to other domains. Much better >> to run a local caching

Re: python-policyd-spf doesn't check mail from my own domain

On Tue, 30 Jan 2018 10:50:18 + Dominic Raferd wrote: > On 30 January 2018 at 10:11, li...@lazygranch.com > wrote: > > I've installed the opendmarc milter. I'm not rejecting mail from it > > at the moment. I've noticed that if I send myself a message, the > > policyd-spf milter isn't run. Tha

Connection reusing with smtp-relay.gmail.com port 465 or 587

Hi, I'm using Postfix inside Google Cloud Compute Engine with outbound port 25 blocked by default and I want to use Postfix to relay email from my org. I've setup both SSL and TLS modes successfully (diff installations) but the problem is that I generate an unique email for each of the 1000 recip

submission rate limit advice

I've tightened or rather overtightened several postfix limits, in what seemed like a good idea at the time... noticed now this warning, this user is on a dynamic IP, so can't add his IP to exception: going by the counter "Connection rate limit exceeded: 125", what values should I alter? Jan 31 1

Re: Configure Postfix for High Volume

> On Jan 30, 2018, at 9:44 PM, Tech Gurus wrote: > > Just checking back if there is recommendation to increase outbound mail > delivery First understand the source of the bottleneck. To that end, the "delays" field in your logs are the key data source to try to understand the origin of the p

Re: Connection reusing with smtp-relay.gmail.com port 465 or 587

> On Jan 30, 2018, at 11:53 PM, Vladimir Hidalgo wrote: > > I'm using Postfix inside Google Cloud Compute Engine with outbound > port 25 blocked by default and I want to use Postfix to relay email > from my org. > > I've setup both SSL and TLS modes successfully (diff installations) > but the

Re: Connection reusing with smtp-relay.gmail.com port 465 or 587

Thank you Viktor, looks like my best bet is to either have another sever that relays the TCP data from any another port to smtp-relay.gmail.com's port 25 just to bypass the random restriction in Google Cloud and make use of connection caching to comply their requirements. Sadly, changing provider i

Re: Connection reusing with smtp-relay.gmail.com port 465 or 587

On Tue, Jan 30, 2018 at 10:53:20PM -0600, Vladimir Hidalgo wrote: > smtp_destination_concurrency_limit = 1 Please read again what this setting does. Then remove it. However I don't think GMail likes it to be used as mass mail sender. > I see no conn_use on the log and I'm not sure if cache is a

Re: submission rate limit advice

On Wed, Jan 31, 2018 at 05:01:41AM +, Voytek wrote: > # grep _limit main.cf Please read http://www.postfix.org/DEBUG_README.html#mail and follow it. > smtpd_client_connection_rate_limit = 12 > smtpd_client_connection_count_limit = 5 Well, here is your problem. >From the documentation: | WAR

Re: python-policyd-spf doesn't check mail from my own domain

On 31 January 2018 at 03:44, li...@lazygranch.com wrote: > On Tue, 30 Jan 2018 10:50:18 + > Dominic Raferd wrote: > >> On 30 January 2018 at 10:11, li...@lazygranch.com >> wrote: >> > I've installed the opendmarc milter. I'm not rejecting mail from it >> > at the moment. I've noticed that if