>> > It seems the tempfail is from the milter, not from Postfix. Postfix
>> > is not in a position to know that the milter is not working as it
>> > should, the milter is responding "normally".
>>
>> That's too bad. I'm surely oversimplifying things but I figured the milter
>> would do something l
On 25.11.19 18:22, lists wrote:
At a minimum, I would set it up to use port 587.
I would set up port 465 also. Note that TLS on 465 is implicit, while on 587 is
explicit, so it's easier to allow unencrypted connections by a mistake on
587.
Then block via firewall all the email ports other tha
To make a long story short, in the past I used a hosting service. The email
server was totally pwned by a Round Cube exploit from a hacker in a country I
never occupied. Hence my advice to keep the server secure and reduce the attack
surface.
Do hackers actually use their home ISPs? Yes if the
on 2019/11/26 17:02, Matus UHLAR - fantomas wrote:
I would set up port 465 also. Note that TLS on 465 is implicit, while on
587 is
explicit, so it's easier to allow unencrypted connections by a mistake on
587.
587 is also used for StartTLS, am I right?
regards.
My 1 cent for privacy wise (assuming you're hosting on a VPS and not at
home)
Remove headers and your home IP with postfix:
master.cf:
under submission:
-o cleanup_service_name=auth-cleanup
auth-cleanup unix n - n - 0 cleanup
-o syslog_name=postfix/auth-
Dnia 26.11.2019 o godz. 10:23:09 Conz pisze:
>
> This makes it look like all mail is sent from the email server
> itself and hides your client. I can't remember where I got the above
> from but I found it somewhere, possibly even from this list.
Isn't it simpler to just use a server-based email c
On Tue, 26 Nov 2019, Wesley Peng wrote:
on 2019/11/26 17:02, Matus UHLAR - fantomas wrote:
I would set up port 465 also. Note that TLS on 465 is implicit, while on
587 is
explicit, so it's easier to allow unencrypted connections by a mistake on
587.
587 is also used for StartTLS, am I righ
on 2019/11/26 17:02, Matus UHLAR - fantomas wrote:
I would set up port 465 also. Note that TLS on 465 is implicit,
while on 587 is
explicit, so it's easier to allow unencrypted connections by a mistake on
587.
On Tue, 26 Nov 2019, Wesley Peng wrote:
587 is also used for StartTLS, am I right?
MICHEL, SEBASTIEN:
> >> > It seems the tempfail is from the milter, not from Postfix. Postfix
> >> > is not in a position to know that the milter is not working as it
> >> > should, the milter is responding "normally".
> >>
> >> That's too bad. I'm surely oversimplifying things but I figured the m
Hi All
I'm trying to figure out how I can set up force tls for specific sending
domains. I have several domains going through the postfix, and one of them has
a requirement that TLS should be forced, the others are ok with May.And if it
can't connect with tls, it should bounce the mail.
But I ca
K F:
> Hi All
> I'm trying to figure out how I can set up force tls for specific
> sending domains. I have several domains going through the postfix,
> and one of them has a requirement that TLS should be forced, the
> others are ok with May.And if it can't connect with tls, it should
> bounce the
Hi
on 2019/11/26 19:27, Matus UHLAR - fantomas wrote:
...and there's no "starttls" on 465, that's what I meant "implicit".
while port 465 was assigned for SMTPS in January 2018, it's been used this
way on many sites/services for years (even decades)
How the traffic between big one's MTAs get
Dnia 26.11.2019 o godz. 20:50:51 Wesley Peng pisze:
>
> How the traffic between big one's MTAs get through?
> For example, gmail send messages to web.de via port 465 by SSL, or
> just plain port 25?
Sending mail out of a MTA is always on port 25. STARTTLS is used if
possible.
Ports 468/587 are on
Hi
on 2019/11/26 20:53, Jaroslaw Rafa wrote:
Sending mail out of a MTA is always on port 25. STARTTLS is used if
possible.
If using plain port 25, the messages are not secure enough for traffic.
From what I know there is a technology calling Traffic hijacking.
Regards.
on 2019/11/26 19:27, Matus UHLAR - fantomas wrote:
...and there's no "starttls" on 465, that's what I meant "implicit".
while port 465 was assigned for SMTPS in January 2018, it's been used this
way on many sites/services for years (even decades)
On 26.11.19 20:50, Wesley Peng wrote:
How the
On 26 Nov 2019, at 7:56, Wesley Peng wrote:
Hi
on 2019/11/26 20:53, Jaroslaw Rafa wrote:
Sending mail out of a MTA is always on port 25. STARTTLS is used if
possible.
If using plain port 25, the messages are not secure enough for
traffic.
A rationally configured mail server in 2019 suppor
> Is there any guide for it?
For sending mail to public mailing lists, Gmane is good. Gmane keep your
privacy all the time.
Also MX is good to use Cloud VM such as AWS, Google Cloud Platform if
you install Postfix.
Sincerely,
--
^고맙습니다 _地平天成_ 감사합니다_^))//
On 2019-11-26 7:56 a.m., Wesley Peng wrote:
> If using plain port 25, the messages are not secure enough for traffic.
> From what I know there is a technology calling Traffic hijacking.
What makes one port number more or less secure than another? Security
is based on what goes over the port, not
:-)
Some users forward their incoming mail to some external mail servers.
Unfortunately AFAIK with no action taken it may result in breaking the
SPF. The solution for this problem I know is rewriting addresses with
SRS (postsrsd). Unfortunately postsrsd uses the same settings as
canonicals do
Den 26-11-2019 kl. 17:59 skrev Marek Kozlowski:
OK. I do not insist on postsrsd. I'd really appreciate any suggestion:
what can I use instaed of it - what do you recommend?
no one uses spf anymore since it breaks mailling lists very badly ?,
postfix maillist have not even spf helo pass :)
s
Marek Kozlowski:
> :-)
>
> Some users forward their incoming mail to some external mail servers.
> Unfortunately AFAIK with no action taken it may result in breaking the
> SPF. The solution for this problem I know is rewriting addresses with
> SRS (postsrsd). Unfortunately postsrsd uses the sam
:-)
Some users forward their incoming mail to some external mail servers.
Unfortunately AFAIK with no action taken it may result in breaking the
SPF. The solution for this problem I know is rewriting addresses with
SRS (postsrsd). Unfortunately postsrsd uses the same settings as
canonicals do wh
Marek Kozlowski:
> :-)
>
> >> Some users forward their incoming mail to some external mail servers.
> >> Unfortunately AFAIK with no action taken it may result in breaking the
> >> SPF. The solution for this problem I know is rewriting addresses with
> >> SRS (postsrsd). Unfortunately postsrsd use
:-)
sender_canonical_maps = unionmap:{ldap:/etc/postfix/ldap-canonical.cf,
ldap:/etc/postfix/ldap-canonical2.cf, tcp:127.0.0.1:10001}
By design, unionmap can produce multiple results separated by comma.
That would be wrong. >
Why not:
sender_canonical_maps = ldap:/etc/postfix/ldap-canonical.c
Hello Jeffrey again^^^
> How about moving to Gmail(Google Apps)? Gmail's spam defense is not bad, i
> think.
>
> I disagree. It often labels mailing list email as spam, [...]
Personally i read public mailing lists' messages by Gmane. There is
example screenshot [0]. So i have no problem about
on 2019/11/27 10:00, 황병희 wrote:
Personally i read public mailing lists' messages by Gmane. There is
example screenshot [0]. So i have no problem about that.
For customized spam policy, I found Tuffmail has a flexible interface.
Regards.
On 26 Nov 2019, at 19:00, 황병희 wrote:
>> How about moving to Gmail(Google Apps)? Gmail's spam defense is not bad, i
>> think.
>>
>> I disagree. It often labels mailing list email as spam, [...]
>
> Personally i read public mailing lists' messages by Gmane.
Ugh. Just about the only reason I stil
On 11/26/19 2:07 PM, Benny Pedersen wrote:
> Den 26-11-2019 kl. 17:59 skrev Marek Kozlowski:
>
>> OK. I do not insist on postsrsd. I'd really appreciate any
>> suggestion: what can I use instaed of it - what do you recommend?
>
> no one uses spf anymore since it breaks mailling lists very badly ?,
Hello
on 2019/11/27 12:20, Richard Damon wrote:
DMARC/SPF, which only validates to the From: header will break.
If the sender domain set up SPF to:
v=spf1 ip4:0.0.0.0/0 ~all
Will this pass through any SPF check?
regards.
Hello
I saw myrambler.ru has a special setting for SPF:
myrambler.ru. 3599IN TXT "v=spf1
ip4:81.19.78.96/27 ip4:81.19.78.0/27 ip4:81.19.88.0/24
-exists:%{ir}.spf.rambler.ru ~all"
what does it mean for this part:
-exists:%{ir}.spf.rambler.ru
Thank you.
>> I guess there is a missing feature to configure milter in test mode.
>
> You could temporarily add '-o soft_bounce=yes' in master.cf.
Good point. It has not the same behavior than warn_if_reject but it is also
useful. thanks
Worldline is a registered trade mark and trading name owned by Worl
31 matches
Mail list logo
