Specific DNS server

Is there a way to make Postfix/postscreen use a specific DNS server? Reason for the question: My network has an internal (non-ISP forwarding) DNS server for both internal and external resolution, and that is default nameserver across the network including for the mail server. That DNS server

Re: Specific DNS server

Hello, +1 for this Request for Improvement. I also faced this need. Changing the machine solver was, unfortunately, not an option. Thanks Marco On Thu, Apr 22, 2021 at 12:21 PM Simon Wilson wrote: > Is there a way to make Postfix/postscreen use a specific DNS server? > > Reason for the questio

Re: Specific DNS server

22.04.21, 12:20 +0200, Simon Wilson: > Is there a way to make Postfix/postscreen use a specific DNS server? One way I could think of is to use postfix' chroot features and configure this specific DNS server in the chroot's resolv.conf. -- Regards mks

Re: Configuring always_bcc

>> > receive_override_options = no_address_mappings >> > >> > and then permit mappings (which include always_bcc) to occur in the 2nd >> > instance (for the mail that is returned by amavis), for example this >> > might be in master.cf by: >> > >> > 127.0.0.1:10025 inet n - n -

Re: Specific DNS server

Simon Wilson: > Is there a way to make Postfix/postscreen use a specific DNS server? Edit /etc/resolv.conf. No kidding - Postfix uses the SYSTEM LIBRARY for DNS lookups, and the SYSTEM LIBRARY uses the resolv.conf file. Theree are no plans to re-implement this part of the SYSTEM LIBRARY in Postfi

Re: Specific DNS server

Markus Sch?nhaber: > 22.04.21, 12:20 +0200, Simon Wilson: > > > Is there a way to make Postfix/postscreen use a specific DNS server? > > One way I could think of is to use postfix' chroot features and > configure this specific DNS server in the chroot's resolv.conf. That may or may not work. The

Re: Specific DNS server

I know this does not apply to all kinds of setup, but with virtualization and containerization it should be easy to seperate Postfix and provide a different nameserver in resolv.conf for it. Cheers Lars Am 22.04.21 um 16:03 schrieb Wietse Venema: > Markus Sch?nhaber: >> 22.04.21, 12:20 +0200, Si

Re: Specific DNS server

>> Is there a way to make Postfix/postscreen use a specific DNS server? > > Edit /etc/resolv.conf. > > No kidding - Postfix uses the SYSTEM LIBRARY for DNS lookups, and > the SYSTEM LIBRARY uses the resolv.conf file. Theree are no plans > to re-implement this part of the SYSTEM LIBRARY in Postfix

Re: Specific DNS server

On 22.04.21 16:08, Lars Liedtke wrote: I know this does not apply to all kinds of setup, but with virtualization and containerization it should be easy to seperate Postfix and provide a different nameserver in resolv.conf for it. Yes, but postfix' builtin chroot isn't sufficient for this. It'll

Re: Specific DNS server

That is, what I meant with virtualization and containerization. It has to be on a sepereate system, and that is not applicable for all setups. Am 22.04.21 um 16:28 schrieb Sven Schwedas: > On 22.04.21 16:08, Lars Liedtke wrote: >> I know this does not apply to all kinds of setup, but with >> virt

Re: Specific DNS server

Sven Schwedas: > On 22.04.21 16:08, Lars Liedtke wrote: > > I know this does not apply to all kinds of setup, but with > > virtualization and containerization it should be easy to seperate > > Postfix and provide a different nameserver in resolv.conf for it. > > Yes, but postfix' builtin chroot is

Re: Specific DNS server

On 2021-04-22 12:58, Marco Pizzoli wrote: Hello, +1 for this Request for Improvement. I also faced this need. Changing the machine solver was, unfortunately, not an option. we all love 127.0.0.1 solution is to not have spamasassin running on same host as postfix, or tell spamassassin to use

Re: Specific DNS server

On Thu, Apr 22, 2021 at 4:37 PM Benny Pedersen wrote: > On 2021-04-22 12:58, Marco Pizzoli wrote: > > Hello, > > +1 for this Request for Improvement. > > I also faced this need. > > > > Changing the machine solver was, unfortunately, not an option. > > we all love 127.0.0.1 > > solution is to not

Re: Specific DNS server

Would it be an option to configure a policy for your DNS server to **not** send queries from postfix host(s) through the add&tracker filter? Cheers tobi On 4/22/21 12:20 PM, Simon Wilson wrote: > Is there a way to make Postfix/postscreen use a specific DNS server? > > Reason for the question: >

Re: Specific DNS server

Dnia 22.04.2021 o godz. 16:44:13 Marco Pizzoli pisze: > > I needed to have Postfix to solve Internet DNS names, for obvious reasons. > At the same time, I needed to be able to solve Intranet DNS names: > monitoring server, backup server, etc... I was once I need to get exactly this. I solved this

Re: Specific DNS server

On 2021-04-22 16:44, Marco Pizzoli wrote: I am afraid you did not get my point. i dont know your solution then rpz and qname can be problematic https://labs.ripe.net/author/wouter_de_vries/making-the-dns-more-private-with-qname-minimisation/ I needed to have Postfix to solve Internet DNS

Re: Specific DNS server

On 2021-04-22 16:53, Jaroslaw Rafa wrote: Dnia 22.04.2021 o godz. 16:44:13 Marco Pizzoli pisze: I needed to have Postfix to solve Internet DNS names, for obvious reasons. At the same time, I needed to be able to solve Intranet DNS names: monitoring server, backup server, etc... I was once I

Re: Specific DNS server

On 22 Apr 2021, at 09:20, Benny Pedersen wrote: > n 2021-04-22 16:44, Marco Pizzoli wrote: >> Due also to some other constraints, I ended up relying on static >> entries in /etc/hosts. > > this file is only for when real dns server is down, not used when dns server > is up What? /etc/hosts is p

Re: Specific DNS server

On Thu, Apr 22, 2021 at 04:53:21PM +0200, Jaroslaw Rafa wrote: > > I needed to have Postfix to solve Internet DNS names, for obvious reasons. > > At the same time, I needed to be able to solve Intranet DNS names: > > monitoring server, backup server, etc... > > I was once I need to get exactly th

AW: Change default reject message

Good evening, Unfortunately, I have to revisit my topic from back in the day Sending the proper reject-messages through the postfix works wonderfully, as long as it is an external sender. But now if a local sender sends an email to the full mailbox, again the Dovecot replies, or the program

Re: Certificate Postfix.org missing?

It appears that Nick Tait said: >>> Chrome shows it as "Not secure" followed by postfix.com by gracefully >>> hiding the implied www. >> I think you meant to write "by disgracefully hiding...". > >I'm not hearing many reasons to use HTTPS... Just lots of reasons not to >use Chrome? ;-) Safari a

Re: Specific DNS server

On Thu, Apr 22, 2021 at 5:21 PM Benny Pedersen wrote: > On 2021-04-22 16:44, Marco Pizzoli wrote: > > > I am afraid you did not get my point. > > i dont know your solution then > > rpz and qname can be problematic > > https://labs.ripe.net/author/wouter_de_vries/making-the-dns-more-private-with-q

Re: Specific DNS server

On some OS the following code works - I use that for regression testing when I need fake DNS data: void dns_setns(struct in_addr *ns, unsigned int port) { if ((_res.options & RES_INIT) == 0) (void) res_init(); _res.nsaddr_list[0].sin_family = AF_INET; _res.n

Re: Specific DNS server

Dnia 22.04.2021 o godz. 09:33:04 @lbutlr pisze: > > What? /etc/hosts is processed before DNS, that is how adding adservers to > /etc/hosts blocks those adservers from being accessed. At least in Linux, it actually depends on the contents of file /etc/nsswitch.conf . If there's an entry like "host

Re: Specific DNS server

Dnia 22.04.2021 o godz. 17:24:34 Benny Pedersen pisze: > >I was once I need to get exactly this. > >I solved this by setting up my own nameserver at localhost, that > >delegates > >internal names to resolve by internal nameserver, and external ones to > >resolve by external nameserver. It can be do

Re: Certificate Postfix.org missing?

Dnia 22.04.2021 o godz. 12:04:23 John Levine pisze: > > Safari and Brave also show a Not Secure warning. Firefox won't connect > at all unless you manually edit the https to http in the address box. > Pick your poison. My four instances of Firefox on four different computers (all newest releases

Re: Certificate Postfix.org missing?

It appears that Jaroslaw Rafa said: >Dnia 22.04.2021 o godz. 12:04:23 John Levine pisze: >> >> Safari and Brave also show a Not Secure warning. Firefox won't connect >> at all unless you manually edit the https to http in the address box. >> Pick your poison. > >My four instances of Firefox on f

Re: Certificate Postfix.org missing?

On Thu, Apr 22, 2021, John Levine wrote: > Nope, vanilla install on MacOS. Not sure what your "vanilla install" is... Firefox 88.0 on MacOS: www.postfix.org and http://www.postfix.org/ show the web page just fine without a problem. It would be nice if the people who write browsers don't try to fo

Re: Certificate Postfix.org missing?

> Date: Thursday, April 22, 2021 19:26:57 +0200 > From: Claus Assmann > > On Thu, Apr 22, 2021, John Levine wrote: >> Nope, vanilla install on MacOS. > Not sure what your "vanilla install" is... > > Firefox 88.0 on MacOS: > www.postfix.org > and > http://www.postfix.org/ > show the web page ju

Re: Specific DNS server

>I was once I need to get exactly this. >I solved this by setting up my own nameserver at localhost, that >delegates >internal names to resolve by internal nameserver, and external ones to >resolve by external nameserver. It can be done pretty easy if you can >distinguish internal from external na

Re: AW: Change default reject message

rud...@padaru.de: > Good evening, > Unfortunately, I have to revisit my topic from back in the day > > Sending the proper reject-messages through the postfix works wonderfully, as > long as it is an external sender. > > But now if a local sender sends an email to the full mailbox, again the

Re: Specific DNS server

You could run Postfix in a container (LXC) on the host. It would have it's own IP and it's own resolv.conf.

AW: AW: Change default reject message

In the message from the dovecot the @ is written, this information is of no use to the sender, because he does not know the local user name of the receiver. The bounce mail must therefore contain the e-mail address that the sender has addressed, the virtual address so to speak. Mit freundlichen G

Re: AW: AW: Change default reject message

rud...@padaru.de: > In the message from the dovecot the @ is written, this > information is of no use to the sender, because he does not know the local > user name of the receiver. > > The bounce mail must therefore contain the e-mail address that the sender > has addressed, the virtual address so

Re: Certificate Postfix.org missing?

Another +1 that with vanilla FF v87 + macOS HS, the power is in the hands of the user (where it truly belongs) via a user-knob controlling whether or not FF complains about non-https… - - - On 22 Apr 2021, at 10:51, Richard wrote: Date: Thursday, April 22, 2021 19:26:57 +0200 From: Claus As

Speaking of Firefox and HTTP^H^H^H^HFTP...

I just updated Firefox to version 88, and now "ftp://"; support is disabled by default, and the plan is to remove support in Firefox 90. I've re-enabled it, will have to enjoy it to the max while it lasts... [ Wietse's upstream FTP site for Postfix source tarballs will soon no longer be browser

Re: Speaking of Firefox and HTTP^H^H^H^HFTP...

The was brought up as a point of curiosity on Steve Gibson's "Security Now" podcast a few months ago. My recollection is Chrome has the same plan. But the interesting thing is Mozilla surveyed to see who used FTP. It was some fraction of a percent as you can imagine. But later it dawned on me th

Re: Speaking of Firefox and HTTP^H^H^H^HFTP...

It appears that Viktor Dukhovni said: >[ Wietse's upstream FTP site for Postfix source tarballs will soon no > longer be browser-accessible. :-( ] If you use a Mac, FTP is built into the Finder. Who needs a browser?

Re: Speaking of Firefox and HTTP^H^H^H^HFTP...

On Thu, Apr 22, 2021 at 10:41:14PM -0400, John Levine wrote: > It appears that Viktor Dukhovni said: > >[ Wietse's upstream FTP site for Postfix source tarballs will soon no > > longer be browser-accessible. :-( ] > > If you use a Mac, FTP is built into the Finder. Who needs a browser? Yes, bu

Re: Specific DNS server

- Message from Wietse Venema - Date: Thu, 22 Apr 2021 10:01:09 -0400 (EDT) From: Wietse Venema Subject: Re: Specific DNS server To: si...@simonandkate.net Cc: postfix-users@postfix.org Simon Wilson: Is there a way to make Postfix/postscreen use a specific DNS serv

Re: Speaking of Firefox and HTTP^H^H^H^HFTP...

> On Apr 23, 2021, at 12:36 AM, Viktor Dukhovni > wrote: >  > Yes, but it is rather a lot slower to produce a listing, because it > wants to treat FTP as a filesystem... :-( My apologies to Apple, just tried it again, and it turned out to be quite performant, haven't done that in ages, perhaps

Re: Speaking of Firefox and HTTP^H^H^H^HFTP...

On 23/04/21 1:56 pm, Viktor Dukhovni wrote: I just updated Firefox to version 88, and now "ftp://"; support is disabled by default, and the plan is to remove support in Firefox 90. I've re-enabled it, will have to enjoy it to the max while it lasts... You should be able to set an external prot

Re: Specific DNS server

Le 22/04/2021 à 21:14, Sonic a écrit : You could run Postfix in a container (LXC) on the host. It would have it's own IP and it's own resolv.conf. Would'nt the chroot feature built in postfix sufficient for this ?

AW: AW: AW: Change default reject message

Thank you for your time and replies. Actually i use the dovecot quota service: Dovecot conf: service quota-status { executable = quota-status -p postfix inet_listener { port = 12340 } client_limit = 1 } Postfix main.cf smtpd_recipient_restrictions

Re: Certificate Postfix.org missing?

Thu, 22 Apr 2021 19:26:57 +0200 skrev Claus Assmann : > It would be nice if the people who write browsers don't try to force > their kind of "standards" on others... ("but you can get a free cert" > -- what happens when those browsers do not "accept" those free certs > anymore?) With the risk of

Re: Speaking of Firefox and HTTP^H^H^H^HFTP...

On Thu, 22 Apr 2021 21:56:13 -0400 Viktor Dukhovni wrote: > I just updated Firefox to version 88, and now "ftp://"; support is > disabled by default, and the plan is to remove support in Firefox 90. Palemoon forever! :) (Or any other browser you may fancy :) Luciano. -- /"\