Re: nfs as storage for mail queue

On Tue, 2 Apr 2019 at 07:40, De Petter Mattheas < mattheas.depet...@jandenul.com> wrote: > Hello > > > > Can somebody help me? > > > > So I have setup the nfs share on a windows server 2016 with nfs server > role. > > > > Security is set on the device ip of the postfix server read-write with > all

RE: nfs as storage for mail queue

Found a solution to my problem in archive http://postfix.1071664.n5.nabble.com/scan-dir-push-open-directory-defer-Permission-denied-td90566.html thanks Witse Met vriendelijke groeten Kind regards De Petter Mattheas Technical support engineer - projects team IT-Department Jan De Nul Dredging N.

Re: Remove user agent information in the email header

On 2019-04-02 07:42 BST, André Rodier wrote: > I have tried the header_checks, and it works, but with all emails, > even those received. > > Can you tell me how to proceed, please? HTH -- Nick

Re: Remove user agent information in the email header

On 2 April 2019 08:18:46 BST, Nick wrote: >On 2019-04-02 07:42 BST, André Rodier wrote: >> I have tried the header_checks, and it works, but with all emails, >> even those received. >> >> Can you tell me how to proceed, please? > >

Re: Postfix 3.4.4 compile problems on Solaris 11

On 4/1/19 20:08, Wietse Venema wrote: Wietse Venema: unix_dgram_connect.c: In function 'unix_dgram_connect': unix_dgram_connect.c:63:24: error: expected identifier or '(' before numeric constant struct sockaddr_un sun; ^ Any idea why identical code in src/util/u

Re: Authentication attempts for x...@com.au addresses

You will need to install fail2ban to ip block failed attempts. As you have correctly assumed, a malicious person is trying to hack into you mail server. Fail2ban is a required application now and days. On April 2, 2019 8:57:06 AM GMT+02:00, James Brown wrote: >Not sure if this is a Dovecot or

Postfix and smfi_setmlreply() milter command resulting in SMTP protocol breakage.

Hi, I have a locally developed milter using the python-milter bindings which seems to trigger a Postfix bug. The milter in question uses the smfi_setmlreply() command to set a multiline response as defined in rfc5321. Multiline replies should result in the smtpd replying with something like

Bug report: problem with smtp_mx_address_limit = 0

According to the docs, the smtp_mx_address_limit parameter determines "the maximal number of MX (mail exchanger) IP addresses that can result from mail exchanger lookups, or zero (no limit)". However, when setting it to zero, the SMTP client won't even attempt to deliver to a server that has _both

Re: nfs as storage for mail queue

De Petter Mattheas: > Hello > Can somebody help me? $ su [password here] # postfix set-permissions # postfix check Repeat until there are no warnings. BTW I cannot confirm whether a WINDOWS server can satisfy the file system properties that Postfix requires: see the section "Postfix file system

Re: Bug report: problem with smtp_mx_address_limit = 0

Probably better to not allow a limit-less smtp_mx_address_limit, as it makes Postfix vulnerable to resource exhaustion attack. Wietse

RE: nfs as storage for mail queue

Hello We have a ntp server onboard our vessels that syncs time true gps sat. All our servers get there time from that server that how we sync time. Met vriendelijke groeten Kind regards  De Petter Mattheas  

Re: Remove user agent information in the email header

On 2 Apr 2019, at 8:42, André Rodier wrote: > Hello, Hello, > I would like to delete automatically User-Agent or X-Mailer information > in the headers of outgoing emails. > > I have tried the header_checks, and it works, but with all emails, even > those received. > > Can you tell me how to proc

Re: Bug report: problem with smtp_mx_address_limit = 0

On 2/04/19 13:21, Wietse Venema wrote: > Probably better to not allow a limit-less smtp_mx_address_limit, > as it makes Postfix vulnerable to resource exhaustion attack. > > Wietse > Fair enough, but then the docs for smtp_mx_address_limit ought to be changed to remove the "or zero (no

Re: Authentication attempts for x...@com.au addresses

There does not seem to be a completely foolproof and easy to manage solution. In my case, I modified the fail2ban time in jail to block the IP for days rather than hours and did a close look at the expressions defining the bad attempts to be sure that I got all (I hope) of the cases that were

Re: Authentication attempts for x...@com.au addresses

This will only help if you're getting multiple attempts from one subnet, but I've been able to use fail2ban to block IP ranges instead of single IPs. You just have to be careful or you may block more IPs than you want. I recommend setting fail2ban to NOT start up on boot while testing in case y

problems follow with certain rules

following the instructions given to me place the access in front of the rule that is not supported ips unresolved, and as I still have the same problems I added a debug to that ip that interests me and among other things in this debug I find this: 16:43:05 ns postfix / smtpd [28258]: generic_che

Re: Authentication attempts for x...@com.au addresses

On Tue, 2 Apr 2019 at 09:45, Esteban L wrote: > You will need to install fail2ban to ip block failed attempts. > > As you have correctly assumed, a malicious person is trying to hack into > you mail server. > > Fail2ban is a required application now and days. > > On April 2, 2019 8:57:06 AM GMT+0

Re: problems follow with certain rules

On 4/2/2019 10:17 AM, Francesc Peñalvez wrote: following the instructions given to me place the access in front of the rule that is not supported ips unresolved, and as I still have the same problems I added a debug to that ip that interests me and among other things in this debug I find this:

Re: problems follow with certain rules

On 2 Apr 2019, at 11:17, Francesc Peñalvez wrote: following the instructions given to me place the access in front of the rule that is not supported ips unresolved, and as I still have the same problems I added a debug to that ip that interests me and among other things in this debug I find th

Re: problems follow with certain rules

the problem is with the directive reject_unknown_reverse_client_hostname when there is a failure in the resolution of the ip blocks the connection with this ip, to avoid adding the access file the ip as indicated in the first mail, but still blocking that ip by not resolving. activate the debug

Re: problems follow with certain rules

the ip of my last mail does not match the first, but it is from the same company that uses several ips and all of them are added to the access file El 02/04/2019 a las 19:15, Francesc Peñalvez escribió: the problem is with the directive reject_unknown_reverse_client_hostname when there is a fa

Re: problems follow with certain rules

On 4/2/2019 12:15 PM, Francesc Peñalvez wrote: the problem is with the directive reject_unknown_reverse_client_hostname when there is a failure in the resolution of the ip blocks the connection with this ip, to avoid adding the access file the ip as indicated in the first mail, but still block

Re: problems follow with certain rules

the problem that I have already described I have several rules against spamers and one of them is to reject the ips that are not resolved. So when the resolution of the dns fails those ips are rejected for not having an inverse. In the access I have the ips that interest me that these locks pas

Re: problems follow with certain rules

Great. Change this: smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination permit_inet_interfaces check_client_access hash:/etc/postfix/access reject_unknown_reverse_client_hostname to this: smtpd_relay_restrictions = permit_mynetworks pe

Re: problems follow with certain rules

yes every change in access i use postmap access i I will try the changes that you suggest and I will comment something Thanks for help El 02/04/2019 a las 21:11, Noel Jones escribió: Great. Change this: smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_

Re: Authentication attempts for x...@com.au addresses

I agree with Ron Wheeler. The default settings for Dovecot and Postfix are solid. The default settings for Fail2ban, on the other hand, are inadequate. Not because its a bad program, but rather that 1.) the default settings are a little lenient, and 2.) hackers know those default settings. You

Re: problems follow with certain rules

On Tue, Apr 02, 2019 at 07:15:58PM +0200, Francesc Peñalvez wrote: > smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces > permit_tls_all_clientcerts permit_sasl_authenticated > permit_auth_destination > check_client_access hash:/etc/postfix/access The "permit_tls_all_

Re: Authentication attempts for x...@com.au addresses

On 2 Apr 2019, at 14:30, Esteban L wrote: > The times are in seconds, so you'll need to calculate those times. a month is 2629743 seconds. An hour, of course is 3600, but I prefer 86400 which is one day. BTW, pi seconds is very close to 1 nano century. -- <[TN]FBMachine> I got kicked out of

Re: Authentication attempts for x...@com.au addresses

On 4/2/19 5:39 PM, @lbutlr wrote: On 2 Apr 2019, at 14:30, Esteban L wrote: The times are in seconds, so you'll need to calculate those times. a month is 2629743 seconds. An hour, of course is 3600, but I prefer 86400 which is one day. BTW, pi seconds is very close to 1 nano century. I

Re: Bug report: problem with smtp_mx_address_limit = 0

Luc Pardon: > On the same topic: what if smtp_mx_address_limit was simply made to > apply for each family separately? E.g. the default of 5 would mean: keep > max 5 IPv6 addresses _and_ max 5 IPv4's ? The purpose of these and other Postfix limits is not to frustrate legitimate mail operators. Inst

Re: Authentication attempts for x...@com.au addresses

> On 3 Apr 2019, at 9:45 am, Curtis Maurand > wrote: > > > > On 4/2/19 5:39 PM, @lbutlr wrote: >> On 2 Apr 2019, at 14:30, Esteban L > > wrote: >>> The times are in seconds, so you'll need to calculate those times. >> a month is 26297

Re: Authentication attempts for x...@com.au addresses

On 2 Apr 2019, at 8:10, James Brown wrote: Thanks Esteban. I have fail2ban installed. Unfortunately each attempt comes from a different IP (botnet I presume). I’m finding this all the time now, so fail2ban seems to be no longer much use. Was just hoping there was a Postfix or Dovecot setting

Re: Authentication attempts for x...@com.au addresses

On 2 Apr 2019, at 23:14, James Brown wrote: We have Stunnel receive the traffic on port 465 and 587 and forward on to 127.0.0.1 on port 25. That seems odd. Why? The whole point of having submission channels distinct from port 25 SMTP is to allow you to put different restrictions on inbound a

Re: Remove user agent information in the email header

On Tue, 2019-04-02 at 08:18 +0100, Nick wrote: > On 2019-04-02 07:42 BST, André Rodier wrote: > > I have tried the header_checks, and it works, but with all emails, > > even those received. > > > > Can you tell me how to proceed, please? > >

Rewriting recipient before routing the email

Hello again, Is there an option to rewrite the final recipient, to remove some extra characters, with some header checks, for the incoming emails. This is what I want to achieve: For instance, if postfix receives emails for andre_d0...@rodier.me, the final recipient would be rewritten as an...@r