Multiple server for one domain

Hi I am writing to you for an old question that I had already asked. I want to understand if it is possible to optimize the configuration that I am using now. I'm using virtual mail server configuration. I've 4 mail servers (that send and receive mail) for one domain only "example.com", each

Re: Postfix restrictions

> On 08 Jun 2020, at 16:21, yuv wrote: > > On Sun, 2020-06-07 at 20:36 -0600, @lbutlr wrote: >> On 07 Jun 2020, at 06:38, yuv wrote: >>> Is there a valid reason for a sender not to fix something so >>> essential as DNS configuration? >> >> That’s not the question. > > Oh, yes it is. Really

Re: Multiple server for one domain

Hi, I sometimes encounter similar setups. I usually solve this by identifying one server as a central system (example.com) and then using sudomomains for mail-routing to the branches (paris.example.com, berlin.example.com). On the central system you'll have to maintain the virtual: us...@ex

Re: Multiple server for one domain

Hi thanks, some clarification please On berlin.example.com server how you define the users? Local user like user2 user3 .. without virtual domain is correct? You need to do something extra mydestination (on berlin) to receive correctly mail from us...@berlin.example.com to  user2 ? For

Re: Multiple server for one domain

Hi Matteo, On berlin.example.com server how you define the users? Local user like user2 user3 .. without virtual domain is correct? Yes. When not using any database/ldap you create just system accounts, login is primary-e-mail-address, i.e. user2 When setting mydestination to berlin.exampl

Best practices virtual hosts email naming setup

If I have a server with 2 virtual hosts, what is the best approach to naming the mail server for the second virtual host? Let's say my domains are virtual1.com and virtual2.com. Both the same IP. /etc/hosts: virtual1.com rDNS: virtual1.com What is the best mail server naming approach to use in

Re: lightweight/milter Spamassassin-integtration options for Postfix -- current experience / faves?

Dnia 8.06.2020 o godz. 16:18:14 PGNet Dev pisze: > >https://savannah.nongnu.org/projects/spamass-milt/ >https://github.com/mpaperno/spampd >https://gitlab.com/glts/spamassassin-milter > > anyone have any current experience with any of these? I use the first one as it came by default

Reject RCPT TO addresses with no domain

Hi all, I am trying to figure out the best way to reject RCPT TO addresses with no domain part - i.e. "RCPT TO: " or similar. I do not want to rewrite to $myhostname or $mydomain or similar. I am on postfix 2.10. This is for an MSA function - if email passes validation checks and is authenticate

Re: Reject RCPT TO addresses with no domain

On 09.06.20 23:41, Nathan Ward wrote: I am trying to figure out the best way to reject RCPT TO addresses with no domain part - i.e. "RCPT TO: " or similar. I do not want to rewrite to $myhostname or $mydomain or similar. I am on postfix 2.10. put "reject_non_fqdn_recipient" into your smtpd_rec

Re: Reject RCPT TO addresses with no domain

> On 10/06/2020, at 00:07, Matus UHLAR - fantomas wrote: > > On 09.06.20 23:41, Nathan Ward wrote: >> I am trying to figure out the best way to reject RCPT TO addresses with no >> domain part - i.e. "RCPT TO: " or similar. I do not want to rewrite >> to $myhostname or $mydomain or similar. >>

Re: lightweight/milter Spamassassin-integtration options for Postfix -- current experience / faves?

* PGNet Dev [200608 19:19]: >https://savannah.nongnu.org/projects/spamass-milt/ >https://github.com/mpaperno/spampd >https://gitlab.com/glts/spamassassin-milter > > anyone have any current experience with any of these? I also use the first one (Debian package spamass-milter) along wi

Re: Reject RCPT TO addresses with no domain

Nathan Ward: > Hi all, > > I am trying to figure out the best way to reject RCPT TO addresses with no > domain part - i.e. "RCPT TO: " or similar. I do not want to rewrite > to $myhostname or $mydomain or similar. There is no Postfix setting to allow or deny every possible syntax error. Postfix

Re: Reject RCPT TO addresses with no domain

On 09.06.20 23:41, Nathan Ward wrote: I am trying to figure out the best way to reject RCPT TO addresses with no domain part - i.e. "RCPT TO: " or similar. I do not want to rewrite to $myhostname or $mydomain or similar. I am on postfix 2.10. On 10/06/2020, at 00:07, Matus UHLAR - fantomas w

Re: Reject RCPT TO addresses with no domain

Wietse Venema: > Nathan Ward: > > Hi all, > > > > I am trying to figure out the best way to reject RCPT TO addresses with no > > domain part - i.e. "RCPT TO: " or similar. I do not want to rewrite > > to $myhostname or $mydomain or similar. > > There is no Postfix setting to allow or deny every p

Re: Multiple server for one domain

Thanks a lot i try to follow your suggest. best regards. Il 09/06/2020 10:17, Claus R. Wickinghoff ha scritto: Hi Matteo, On berlin.example.com server how you define the users? Local user like user2 user3 .. without virtual domain is correct? Yes. When not using any database/ldap you creat

Re: SNI problem

On Wed, May 27, 2020 at 12:40:25AM +0200, Ján Máté wrote: > The error is "SNI data for smtp.myserver.eu does not match next > certificate" even if I am 100% sure that the key+cert+chain is OK, > because I use the same key+cert+chain (loaded from same files) for the > smtpd_tls_chain_files (and the

Re: Reject RCPT TO addresses with no domain

Dnia 10.06.2020 o godz. 00:29:04 Nathan Ward pisze: > > Hi - thanks for your reply. I have explored that option, as noted later in > my message - but I’d like to be able to accept email for user@gtld - where > there is no dot in the domain, but there is still a domain. "user@something-with-no-dot

Re: Reject RCPT TO addresses with no domain

On Wed, Jun 10, 2020 at 12:29:04AM +1200, Nathan Ward wrote: > > put "reject_non_fqdn_recipient" into your smtpd_recipient_restrictions > > - if you want to deny everyone from doing that, put it before common > > permit_mynetworks > > and permit_sasl_authenticated > > Hi - thanks for your reply

Re: SNI problem

Hi Victor, thanks for the explanation what's happening in the internals of Postfix, but the problem is still a mystery for me ... I use the default Debian (Buster) /etc/ssl/openssl.cnf without any modifications, so I don't think that there is any default certificate chain that might be preload

Re: Best practices virtual hosts email naming setup

* Robin Rowe: > Let's say my domains are virtual1.com and virtual2.com. Both the same IP. > > /etc/hosts: virtual1.com > rDNS: virtual1.com > > What is the best mail server naming approach to use in DNS PTR, DKIM and > SPF? Configure virtual2.com DNS for a mail server name of > mail.virtual1.com

Re: SNI problem

On Tue, Jun 09, 2020 at 08:31:27PM +0200, Ján Máté wrote: > Thanks for the explanation what's happening in the internals of > Postfix, but the problem is still a mystery for me ... > > I use the default Debian (Buster) /etc/ssl/openssl.cnf without any > modifications, so I don't think that there

Re: combining ldap and smtp-lookahead for recipient validation

Thank you! The only thing that's a little odd is that the embedded-space construct: static:{reject 5.1.1 user unknown} doesn't seem to work in this context. I get: ... postfix/smtpd[31453]: generic_checks: name={reject ... postfix/smtpd[31453]: warning: unknown smtpd restriction: "{reject" Chan

Re: SNI problem

Hi Victor, yes, I looked at /etc/ssl/openssl.cnf and found nothing related to default or preloaded chain. See the result of the debug from strace - only 3 cert related files are opened = the private key, full chain and DH param: openat(AT_FDCWD, "pid/inet.smtp", O_RDWR) = 9 openat(AT_FDCWD, "/

Re: SNI problem

Ups, the correct openssl s_client -servername smtp.example.com -starttls smtp -connect smtp.example.com:25 output: CONNECTED(0003) 140192932344960:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:../ssl/record/rec_layer_s3.c:1544:SSL al

Questions about the master.cf file

In the context of looking at implementing Postscreen, I’ve read through the postscreen readme, the master.cf man page, and postfix architectural overview docs, but I have some remaining service related questions I might appeal to one of the gurus on the list to help me with. In a default maste

Re: Questions about the master.cf file

On 6/9/2020 4:26 PM, Scott A. Wozny wrote: In the context of looking at implementing Postscreen, I’ve read through the postscreen readme, the master.cf man page, and postfix architectural overview docs, but I have some remaining service related questions I might appeal to one of the gurus on th

Re: Questions about the master.cf file

Having recently gone through this same confusion, perhaps some of what I figured out might help. The first column of the master.cf file is the port number for each of the ports that postfix will listen to, or the name of an internal postfix process. In the distributed file, the names from the

Re: combining ldap and smtp-lookahead for recipient validation

Jonathan Engbrecht: > Thank you! > > The only thing that's a little odd is that the embedded-space construct: > static:{reject 5.1.1 user unknown} doesn't seem to work in this context. I > get: > > ... postfix/smtpd[31453]: generic_checks: name={reject > ... postfix/smtpd[31453]: warning: unknow

Re: SNI problem

> On Jun 9, 2020, at 1:07 PM, Viktor Dukhovni > wrote: > >> May 26 22:38:58 myserver postfix/smtpd[72379]: warning: key at index 1 in >> SNI data for smtp.myserver.eu does not match next certificate >> May 26 22:38:58 myserver postfix/smtpd[72379]: warning: TLS library problem: >> error:142

Re: SNI problem

Hi Victor, many thanks for finding out the cause of the problem - I hope the information about smtpd_tls_eecdh_grade will be useful for other Postfix users! JM > On 10 Jun 2020, at 01:22, Viktor Dukhovni wrote: > > > >> On Jun 9, 2020, at 1:07 PM, Viktor Dukhovni >> wrote: >> >>> May 2

dnsblog filtering?

does dnsblog have a log map/filter/somesuch? or does the capability exist elsewhere in postfix? currently, with spamhaus dqs in the rbl/dnsbl mix, dnsblog spits out, e.g. /var/log/postfix/postfix.log:Jun 9 13:27:56 ms postfix/dnsblog[5378]: addr 72.43.215.122 listed by domain .zen.dq.s

Re: dnsblog filtering?

On 6/9/2020 8:46 PM, PGNet Dev wrote: does dnsblog have a log map/filter/somesuch? or does the capability exist elsewhere in postfix? currently, with spamhaus dqs in the rbl/dnsbl mix, dnsblog spits out, e.g. /var/log/postfix/postfix.log:Jun 9 13:27:56 ms postfix/dnsblog[5378]: addr

Re: dnsblog filtering?

On 6/9/20 8:15 PM, Noel Jones wrote: > Postfix assumes the logs are private. They generally are. The very-recent switch to BLs with Acct-ID's is new, and complicated that a bit. > To sanitize the log, you'll need to use an external process ok. easy enough -- just an additional bit of kit. >

PATCH: Handle TLS 1.3 Hello retry requests (was: SNI problem)

> On Jun 9, 2020, at 7:22 PM, Viktor Dukhovni > wrote: > > This predates support for automatic negotiated EC curve selection > in OpenSSL, and is now just a bad idea. The default "auto" setting > is the only correct one to use. That said, how this breaks loading > of RSA certificate chains is

Re[2]: The historical roots of our computer terms

I have zero interest in making your documentation "politically correct" that is an agenda of evil wrapped in a delusion of not offending and this discussion could not possibly end soon enough. On 2020-06-08 17:43:19, stse+post...@rootsland.net wrote: On Mo, Jun 08, 2020 at 07:52:34 +0200, Cla

Re: Postfix restrictions

On Tue, 2020-06-09 at 01:16 -0600, @lbutlr wrote: > > On 08 Jun 2020, at 16:21, yuv wrote: > > > > Some of [the alternatives to internet email] will achieve scale as > > well. At some point, the cost/benefit analysis of maintaining > > internet email vs. using alternatives such as SMS will tilt

Re: dnsblog filtering?

Hi, > On 10 juin 2020, at 05:22, PGNet Dev wrote: > > On 6/9/20 8:15 PM, Noel Jones wrote: >> Postfix assumes the logs are private. > > They generally are. The very-recent switch to BLs with Acct-ID's is new, and > complicated that a bit. > >> To sanitize the log, you'll need to use an exter

Re: Postfix restrictions

> On 09 Jun 2020, at 23:29, yuv wrote: > > On Tue, 2020-06-09 at 01:16 -0600, @lbutlr wrote: >>> On 08 Jun 2020, at 16:21, yuv wrote: >>> >>> Some of [the alternatives to internet email] will achieve scale as >>> well. At some point, the cost/benefit analysis of maintaining >>> internet ema

THEAD CLOSED: (was: Postfix restrictions)

On Wed, Jun 10, 2020 at 12:00:21AM -0600, @lbutlr wrote: > > It may be irrelevant to the topic, but your statement characterizes the > > troll perfectly well. > > I think you have a problem. This thread has outlived its use by. No followups please. -- Viktor.