Hi guys,
I would like to start a discussion about support for SRV records, mainly
record for submission service of a domain.
As is stated in [0], domain can publish dns record, which tells services
where the submission service of this domain is.
This could be used for auto configuration of postfixs
Hello!
If a user sends a mail and postfix can’t deliver it (user unknown,
mailbox quota, etc.), this user gets the error message.
Is it possible to configure postfix in such a way, that these error
messages are going to a different mailbox?
Many greetings,
Stephan
--
|If your
> Lately I've been getting email sent from one persistent spammer that's
> somehow getting through my smtpd_recipient_restrictions filters. Here are
> the message headers:
>
> Return-Path:
[...]
> From:=?UTF-8?B?RGVybWFDb3JyZWN0?=
[...]
> smtpd_recipient_restrictions =
> check_sender_acc
> -Original Message-
> From: owner-postfix-us...@postfix.org
> On Behalf Of Gerald Galster
> Sent: Monday, July 27, 2020 6:47 AM
> To: Postfix users
> Subject: Re: smtpd_recipient_restrictions Failure?
>
>
> > Lately I've been getting email sent from one persistent spammer that's
> > so
> Thanks, Gerald. I also have this in my main.cf configuration file:
>
> smtpd_sender_restrictions =
>permit_mynetworks,
>reject_non_fqdn_sender,
>reject_unknown_sender_domain,
>check_client_access cidr:/etc/postfix/blacklist_cidr,
>permit
>
> Shouldn't the
Gerald Galster skrev den 2020-07-27 14:40:
Thanks, Gerald. I also have this in my main.cf configuration file:
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
check_client_access cidr:/etc/postfix/blacklist_cidr,
Tomas Korbar:
> Hi guys,
> I would like to start a discussion about support for SRV records, mainly
> record for submission service of a domain.
> As is stated in [0], domain can publish dns record, which tells services
> where the submission service of this domain is.
> This could be used for auto
Stephan Seitz:
> Hello!
>
> If a user sends a mail and postfix can?t deliver it (user unknown,
> mailbox quota, etc.), this user gets the error message.
>
> Is it possible to configure postfix in such a way, that these error
> messages are going to a different mailbox?
The SMTP standard requir
>>> Thanks, Gerald. I also have this in my main.cf configuration file:
>>> smtpd_sender_restrictions =
>>> permit_mynetworks,
>>> reject_non_fqdn_sender,
>>> reject_unknown_sender_domain,
>>> check_client_access cidr:/etc/postfix/blacklist_cidr,
>>> permit
>>> Shouldn'
Gerald Galster:
> <> is valid by definition and does not depend on mynetworks, besides you're
> right that most external bounces are spam. The initial question was why
> reject_non_fqdn_sender did not apply.
The envelope sender address <> must not be blocked by
reject_non_fqdn_sender.
It would be
I’m trying to figure out how to tell make {install | upgrade} to install
sendmail eleswhere? I tried sendmail_path=/usr/local/sbin as well as
-DDEF_SENDMAIL_PATH and while that changes the default value of sendmail_path,
it still installs in /usr/sbin.
Background: last week, I finally upgraded
> On Jul 27, 2020, at 11:05 AM, Larry Stone wrote:
>
> I’m trying to figure out how to tell make {install | upgrade} to install
> sendmail eleswhere? I tried sendmail_path=/usr/local/sbin as well as
> -DDEF_SENDMAIL_PATH and while that changes the default value of
> sendmail_path, it still ins
On Mon, Jul 27, 2020 at 01:12:41PM -0500, Larry Stone wrote:
> Which leads to a new question. In working on this, I modified my “make
> makefiles” to add a sendmail_path argument (which worked to change the
> default value) and later as I worked through this, a
> -DDEF_SENDMAIL_PATH to CCARGS. Do
> On Jul 27, 2020, at 1:18 PM, Viktor Dukhovni
> wrote:
>
>
>> make -f Makefile.init makefiles CCARGS='-DUSE_TLS -I/usr/local/ssl/include \
>> [...]
>> -DDEF_SENDMAIL_PATH=\"/usr/local/sbin\"\
>
> This is not correct, it lists the containing directory, rather than the
> full path to the exec
Hi Victor…
Thanks so much for the feedback…very helpful…
I’ve always been dubious about the auth requirement by some (i.e. the brain
deads to which you refer) to allow TLS connections for server-to-server
communications. My view is this — when my server sends outbound mail, do I
really care t
I'm a reviewer and sent an email from my site responding to one of their
coverage requests.
A few minutes later, my postmaster acct received this message:
A message claiming to be from you has failed the published DMARC
policy for your domain.
Sender Domain: digitalhit.com
Sender IP Address: 2
On Mon, Jul 27, 2020 at 07:32:41PM +, Antonio Leding wrote:
> I’ve always been dubious about the auth requirement by some (i.e. the
> brain deads to which you refer) to allow TLS connections for
> server-to-server communications.
Without DANE or (weaker) MTA-STS, indeed X.509 authentication o
> You can of course use an LE cert, it does not do any obvious harm,
> unless you also do DANE, and neither freeze the key, nor handle TLSA
> updates correctly (in advance of cert deployment).
So I’m gathering (a) not much will be gained by using a public-A signed cert;
and (b) the PROs of using
Ian Evans:
> I'm a reviewer and sent an email from my site responding to one of their
> coverage requests.
>
> A few minutes later, my postmaster acct received this message:
>
> A message claiming to be from you has failed the published DMARC
> policy for your domain.
>
> Sender Domain: digital
On Mon, Jul 27, 2020 at 08:58:19PM +, Antonio Leding wrote:
> > You can of course use an LE cert, it does not do any obvious harm,
> > unless you also do DANE, and neither freeze the key, nor handle TLSA
> > updates correctly (in advance of cert deployment).
>
> So I’m gathering (a) not much w
Again, great feedback…I am definitely diving into DANE now…may have more
questions but I will try to keep those to a minimum.
Thanks again Victor - very much appreciated…
> On Jul 27, 2020, at 2:44 PM, Viktor Dukhovni
> wrote:
>
> On Mon, Jul 27, 2020 at 08:58:19PM +, Antonio Leding wrot
On Mon, Jul 27, 2020 at 09:48:29PM +, Antonio Leding wrote:
> Again, great feedback…I am definitely diving into DANE now…may have
> more questions but I will try to keep those to a minimum.
https://github.com/baknu/DANE-for-SMTP/wiki/2.-Implementation-resources
--
Viktor.
On Mon, Jul 27, 2020, 5:32 PM Wietse Venema, wrote:
> Ian Evans:
> > I'm a reviewer and sent an email from my site responding to one of their
> > coverage requests.
> >
> > A few minutes later, my postmaster acct received this message:
> >
> > A message claiming to be from you has failed the publ
Thanks Victor - actually watching some of the presos now…
BTW…any choice you like for DNSSEC providers? Google seems like a safe bet but
I figured you might have some feedback on this as well…
> On Jul 27, 2020, at 3:36 PM, Viktor Dukhovni
> wrote:
>
> On Mon, Jul 27, 2020 at 09:48:29PM +0
Ian Evans:
> Looking at the Postfix logs it appears the email was sent to the same ip
> address for cp20.com:
>
> Jul 27 15:14:22 carson postfix/smtp[13747]: 9323F20309D: to=<[some coded
> letters that probably translate to the publicist email]@cp20.com>, relay=
> mail.cp20.com[216.24.225.10]:25,
On Mon, Jul 27, 2020 at 10:55:31PM +, Antonio Leding wrote:
> Thanks Victor - actually watching some of the presos now…
>
> BTW…any choice you like for DNSSEC providers? Google seems like a safe bet
> but I figured you might have some feedback on this as well…
I self-host, so my direct exp
> -Original Message-
> From: owner-postfix-us...@postfix.org
> On Behalf Of Antonio Leding
> Sent: Monday, July 27, 2020 6:56 PM
> To: postfix-users@postfix.org
> Subject: Re: What is lost by using self-signed certs for TLS?
>
> Thanks Victor - actually watching some of the presos now…
>
On Mon, Jul 27, 2020, 6:59 PM Wietse Venema, wrote:
> Ian Evans:
> > Looking at the Postfix logs it appears the email was sent to the same ip
> > address for cp20.com:
> >
> > Jul 27 15:14:22 carson postfix/smtp[13747]: 9323F20309D: to=<[some coded
> > letters that probably translate to the publi
On Mon, Jul 27, 2020 at 07:53:09PM -0400, Scott Hollenbeck wrote:
> If you use them, you're going to need to do some scripting using the
> Let's Encrypt renewal hooks and gcloud to update your TLSA record(s)
> every time you renew your certificate(s). Viktor does some automated
> checking that's c
Ian Evans:
> > So, your Postfix did send your message to cp20.com.
> >
> > cp20 forwarded it to some domain hosted at digitalhit.com. Because
> > of the forwarding, the spf checks failed.
> >
> > cp20 also made some header and body modifications so that DKIM
> > checks failed.
>
> Just to clarify
30 matches
Mail list logo
