Thanks! With reject_unlisted_recipient it indeed works as desired!
On Thu, May 13, 2021 at 1:45 AM Wietse Venema wrote:
>
> Aleksei Shpakovskii:
> > Hi,
> >
> > I would like to verify recipient address before hitting DNS RBL. But
> > it seems I'm unable to do this. Am I doing something wrong?
> >
My domains are listed in virtual_alias_domains and my legit
senders/recipients in virtual_alias_maps.
I recently discovered the 'reject_unlisted_sender' option which
successfully prevents (auth) senders from sending from an unknown
name@mydomain. For instance f...@timedicer.co.uk is blocked as
On 13.05.21 12:12, Dominic Raferd wrote:
But it doesn't stop them sending from a different domain that is not
listed in my virtual_alias_domains, such as f...@gmail.com. Currently
I stop this with my own check_sender_access file (in an smtpd
restriction list applied only to auth emails) that DU
On 13/05/2021 12:26, Matus UHLAR - fantomas wrote:
On 13.05.21 12:12, Dominic Raferd wrote:
But it doesn't stop them sending from a different domain that is not
listed in my virtual_alias_domains, such as f...@gmail.com. Currently
I stop this with my own check_sender_access file (in an smtpd
res
Hi,
> > relay_domains = $mydestination, example.com
> > check_recipient_access pcre:$config_directory/nnnhelp-zendesk,
>
> That is not valid relay_domains syntax. For more help, see:
>
> http://www.postfix.org/DEBUG_README.html#mail
Just to be clear, I forgot to note that the check_r
Viktor Dukhovni:
> On Tue, May 04, 2021 at 10:02:49AM +0200, Bjoern Franke wrote:
>
> > Do I miss something why postfix has the trouble with the reply?
> >
> > $ dig +dnssec -t TLSA _25._tcp.smtp-relay-in-s1.neusta.de
>
> You're testing with "dig", which is *not* the same as the C library stub
>
>
>
> So I'm unable to send mail as a...@mydomain.com to any domain other
> than the ones managed by our mail server. How do I convince postfix
> that it should route mail for mydomain.com from
> outbound.protection.outlook.com?
>
> 1. If you want postfix to route/relay email TO some domain from A
On 13.05.21 12:12, Dominic Raferd wrote:
But it doesn't stop them sending from a different domain that is not
listed in my virtual_alias_domains, such as f...@gmail.com. Currently
I stop this with my own check_sender_access file (in an smtpd
restriction list applied only to auth emails) that DUNN
On 13/05/2021 16:12, Matus UHLAR - fantomas wrote:
On 13.05.21 12:12, Dominic Raferd wrote:
But it doesn't stop them sending from a different domain that is not
listed in my virtual_alias_domains, such as f...@gmail.com. Currently
I stop this with my own check_sender_access file (in an smtpd
res
Wietse Venema:
> Viktor Dukhovni:
> > On Tue, May 04, 2021 at 10:02:49AM +0200, Bjoern Franke wrote:
> >
> > > Do I miss something why postfix has the trouble with the reply?
> > >
> > > $ dig +dnssec -t TLSA _25._tcp.smtp-relay-in-s1.neusta.de
> >
> > You're testing with "dig", which is *not* t
On 2021-05-13 17:12, Matus UHLAR - fantomas wrote:
you can use check_sender_access and list wildcards in allowed from
domains.
its safe to reject localdomains envelope senders in inbound port 25, i
do not receive forged mail for my local domains there
poor manns spf check without spf
On 2021-05-13 17:52, Dominic Raferd wrote:
Understood. Good thinking but yes I cover this in my existing setup. I
was thinking there must be a simpler way but no worries...
header From: can only be protected with dkim, and not by signing all
forged domains that pass mailservr, god example is
Hi Wietse,
>
> However, I recall that some stub resolvers (libc-musl?) don't support
> queries over TCP. Could that be the problem?
Postfix is running here on Arch Linux, so usual glibc and no musl is used.
Regards
Bjoern
On 2021-05-13 19:07, Maurizio Caloro wrote:
May 13 18:42:43 nmail postfix/smtpd[15632]: NOQUEUE: reject: RCPT from
ld4prd5.mx.csod.com[208.185.235.45]: 550 5.7.23 :
Recipient
address rejected: Message rejected due to: SPF fail - not authorized.
Please
see
http://www.openspf.net/Why?s=mfrom;id
On 2021-05-13 19:07, Maurizio Caloro wrote:
http://www.openspf.net/Why?s=mfrom;id=recruit...@kncareers.com;ip=208.185.23
5.45;r=;
4000+ ips and still none spf pass
https://dmarcian.com/spf-survey/?domain=kncareers.com
On 2021-05-13 19:42, Maurizio Caloro wrote:
On 2021-05-13 19:07, Maurizio Caloro wrote:
http://www.openspf.net/Why?s=mfrom;id=n...@domain.com;ip=IP;r=;
And this link arnt running
that is a sign of outdated software used
4000+ ips and still none spf pass
https://dmarcian.com/spf-survey/?domai
On 2021-05-13 20:09, Maurizio Caloro wrote:
hard reject is not softfails, so even if spf was soft policy its
rejected,
but that is simple in spf-engine to make local policy to not reject
softfails, more hint needed ? :=)
Yes please, Outdated spf removed purged. I'am now searching any
instruction
On Thu, May 13, 2021 at 09:24:34AM -0400, Wietse Venema wrote:
> > > ; EDNS: version: 0, flags: do; udp: 1232
> >
> > Which "dig" uses, but the C library likely sets the historical default
> > of "4096" bytes, expecting that to work. I am not aware of any way to
> > configure the EDNS buffer siz
hello
Mail Server with debian 10.9, running fine and without problem, today made
any update
and see the following, i didnt understood from how its this coming.
Postfix - Mysql - Dovecot
thanks for possible update
[postfix-log]
postfix/trivial-rewrite[13162]: warning: do not list doma
On Thu, May 13, 2021 at 09:02:26AM -0400, Alex wrote:
> > That is not valid relay_domains syntax. For more help, see:
> >
> > http://www.postfix.org/DEBUG_README.html#mail
>
> Just to be clear, I forgot to note that the check_recipient_access was
> part of my smtpd_recipient_restrictions, no
Hi,
> > > That is not valid relay_domains syntax. For more help, see:
> > >
> > > http://www.postfix.org/DEBUG_README.html#mail
> >
> > Just to be clear, I forgot to note that the check_recipient_access was
> > part of my smtpd_recipient_restrictions, not relay_domains:
>
> Posting tiny fragm
Thanks
And please why this will receive as SPF Fail - not authorized.
This email are realy important !!
May 13 18:42:43 nmail postfix/smtpd[15632]: NOQUEUE: reject: RCPT from
ld4prd5.mx.csod.com[208.185.235.45]: 550 5.7.23 : Recipient
address rejected: Message rejected due to: SPF fail - not auth
On Thu, May 13, 2021 at 03:39:41PM -0400, Alex wrote:
> > This was rejected by "reject_unauth_destination".
>
> Thank you so much. I had included my smtpd_recipient_restrictions
> earlier in this thread, but should have been more complete. This is
> the multi-instance postfix you helped me co
On Thu, May 13, 2021 at 03:39:41PM -0400, Alex wrote:
> > > May 12 23:02:35 xavier postfix-117/smtpd[3481802]: NOQUEUE: reject:
> > > RCPT from
> > > mail-dm6nam10lp2107.outbound.protection.outlook.com[104.47.58.107]:
> > > 554 5.7.1 : Relay access denied;
> > > from= to= proto=ESMTP
> > > helo=
>On 2021-05-13 19:07, Maurizio Caloro wrote:
> http://www.openspf.net/Why?s=mfrom;id=n...@domain.com;ip=IP;r=;
And this link arnt running
>4000+ ips and still none spf pass
>https://dmarcian.com/spf-survey/?domain=Domain.com
Thanks Benny
Yes this email are important, please can hope that this wil
>hard reject is not softfails, so even if spf was soft policy its rejected,
but that is simple in spf-engine to make local policy to not reject
softfails, more hint needed ? :=)
Yes please, Outdated spf removed purged. I'am now searching any
instruction/manual to implement this new spf-engine.
Hi,
> > > This was rejected by "reject_unauth_destination".
> >
> > Thank you so much. I had included my smtpd_recipient_restrictions
> > earlier in this thread, but should have been more complete. This is
> > the multi-instance postfix you helped me configure some time ago. Mail
> > is first
Viktor Dukhovni:
> > Another data point: by default, Postfix uses a 4096-byte buffer
> > when it calls the C library stub resolver, but it will repeat the
> > call with a larger buffer if the response has the 'truncated' flag
> > raised, and leaving it up to the library to switch to TCP as needed.
>https://git.launchpad.net/spf-engine/tree/README.per_user_whitelisting?h=2.
9.2
>
>then add recipient to it with permisive if if its important to some
>no problem
Please i think spf-engine now It's implement how I can check if thois will
run correctly
Thanks
Mauit
>
>
>
> We've created an outbound O365 connector to route outbound mail
> through our servers before being delivered to their final destination
> - I believe this is effectively relaying mail from
> outbound.protection.outlook.com:
>
I am a little bit confused).
Zenddesk sends email to the O365,
30 matches
Mail list logo
