On Jul 11, 2021, at 1:06 PM, Claus R. Wickinghoff wrote:
I think this can be achieved with reject_unverified_recipient to query
dovecot via lmtp but I've no practical experience with this. Probably
you've to do some googling...
On 12.07.21 10:19, Ron Garret wrote:
That turned out to be the
I am getting "too many reverse jump records" messages. Couldn't find
any information about this message and looking at the source code
(record.c) it seems to be related with adding recipients and/or
headers, but I am not adding that many (1) of either.
There is a milter application before queu
Is there a way to have header checks happen as a condition during
smtpd_recipient_restrictions but not happen other times?
Something like assign the header check to a restriction class which can
be called on during a check_recipient_access?
End goal is to conditionally run header matching/actio
Is there a way to have header checks happen as a condition during
smtpd_recipient_restrictions but not happen other times?
Something like assign the header check to a restriction class which
can be called on during a check_recipient_access?
End goal is to conditionally run header matching/action
On 2021-07-13 at 12:14:50 UTC-0400 (Tue, 13 Jul 2021 12:14:50 -0400)
is rumored to have said:
> Is there a way to have header checks happen as a condition during
> smtpd_recipient_restrictions but not happen other times?
> Something like assign the header check to a restriction class which can
On 07-13-2021 12:29 pm, Bill Cole wrote:
Logically impossible. You don't have the headers yet when
smtpd_recipient_restrictions directives are evaluated.
If i move the "operation" to another stage like data or end_of_data is
there a way to invoke header checks based on recipient?
On 2021-07-13 at 12:47:35 UTC-0400 (Tue, 13 Jul 2021 12:47:35 -0400)
is rumored to have said:
>> On 07-13-2021 12:29 pm, Bill Cole wrote:
>>
>> Logically impossible. You don't have the headers yet when
>> smtpd_recipient_restrictions directives are evaluated.
>
> If i move the "operation" to ano
On 07-13-2021 1:27 pm, Bill Cole wrote:
No. All of the restriction lists are named 'smtpd_*_restrictions'
which is a clue that they are used by the smtpd process. The
header_checks are a function of the cleanup daemon, not smtpd.
If you need to handle message content differently on a per-recipie
Mehmet Avcioglu:
> I am getting "too many reverse jump records" messages. Couldn't find
> any information about this message and looking at the source code
> (record.c) it seems to be related with adding recipients and/or
> headers, but I am not adding that many (1) of either.
>
> There is a m
On 07-13-2021 1:27 pm, Bill Cole wrote:
No. All of the restriction lists are named 'smtpd_*_restrictions'
which is a clue that they are used by the smtpd process. The
header_checks are a function of the cleanup daemon, not smtpd.
If you need to handle message content differently on a per-recipien
On 07-13-2021 2:47 pm, Matus UHLAR - fantomas wrote:
btw, as always: what are you trying to achieve?
The end goal is per-recipient kdim enforcement. Since it's impossible to
control if milter/dkim runs or not based on recipient, my next option to
explore is allowing dkim to run passive to jus
On Tue, Jul 13, 2021 at 03:29:42PM -0400, post...@ptld.com wrote:
> > On 07-13-2021 2:47 pm, Matus UHLAR - fantomas wrote:
> > btw, as always: what are you trying to achieve?
>
> The end goal is per-recipient kdim enforcement. Since it's impossible to
> control if milter/dkim runs or not based on
On 07-13-2021 3:34 pm, Viktor Dukhovni wrote:
FWIW, there is no such thing as "DKIM enforcement", you're probably
thinking of DMARC.
Maybe its technically called DMARC, but what im referring to is the
opendkim verification mode with a On-BadSignature reject policy. My
layman's term of "DKIM e
> On 13 Jul 2021, at 3:59 pm, post...@ptld.com wrote:
>
>> FWIW, there is no such thing as "DKIM enforcement", you're probably
>> thinking of DMARC.
>
> Maybe its technically called DMARC, but what im referring to is the opendkim
> verification mode with a On-BadSignature reject policy. My layma
Wietse Venema:
>
> Mehmet Avcioglu:
> > I am getting "too many reverse jump records" messages. Couldn't find
> > any information about this message and looking at the source code
>
> The postfix/showq logging repeats the same error for the same file,
> every 15 seconds, presumably because you are r
On 07-13-2021 4:14 pm, Viktor Dukhovni wrote:
The DKIM standards are quite emphatically clear that bad signature ==
no signature,
and that receiving systems MUST NOT reject a message just because a
signature is
missing or fails to match. The treatment of messages that lack a
signature is
cove
On Tue, Jul 13, 2021 at 05:33:35PM -0400, post...@ptld.com wrote:
> > If opendkim supports "On-BadSignature reject", that's a disservice to
> > its users.
>
> So it's unacceptable for dkim software to reject a message for a failed
> dkim signature.
Yes.
> But its okay for dmarc software to re
I am not meaning to confrontational, i want to develop a deeper
understanding and educate myself.
A DKIM signature does not imply any expectation that
all messages will have valid signatures.
Why does DKIM signature exist if not to provide a way to know if an
email has been altered after so
Mehmet Avcioglu:
> > Now, Postfix queue files don't repair themselves spontaneously.
> > Before I go off with speculation, I have a few questions to narrow
> > the search:
> >
> > - Is only the showq process affected or other programs, too?
>
> Yes, only the 'showq' logs this message.
>
> > - Is
On 7/13/21 6:06 PM, post...@ptld.com wrote:
I am not meaning to confrontational, i want to develop a deeper understanding
and educate myself.
your issues are not with Postfix, & likely won't be further addressed/solved
here
they're with your understanding of DMARC policy/usage, and the par
On Tue, Jul 13, 2021 at 06:06:16PM -0400, post...@ptld.com wrote:
> > A DKIM signature does not imply any expectation that
> > all messages will have valid signatures.
>
> Why does DKIM signature exist if not to provide a way to know if an
> email has been altered after someone sent it? Why can'
The DKIM standards are quite emphatically clear that bad signature == no
signature,
and that receiving systems MUST NOT reject a message just because a signature is
missing or fails to match. The treatment of messages that lack a signature is
covered by DMARC (and ARC).
It is a really bad idea
> On 12 July 2021, at 18:27, Wietse Venema wrote:
>
> Doug Hardie:
>> I have a postfix server that uses postscreen. However, occasionally
>> a needed mail is blocked by one of the spam services. Is there a
>> way to bypass postscreen for just one or more specific addresses
>> for a short time
On Tue, Jul 13, 2021 at 06:32:17PM -0400, Viktor Dukhovni
wrote:
> Valid DKIM signatures can make it easier to apply greater scrutiny to
> messages that lack a positive reputation, without incurring an excessive
> false positive rate. But you still need some real evidence that a
> message is li
On 2021-07-13 at 21:18:46 UTC-0400 (Wed, 14 Jul 2021 11:18:46 +1000)
raf
is rumored to have said:
I'm beginning to think that DKIM headers might be
getting added just to improve spam detection scores.
Perhaps I'm getting too cynical. :-)
That would not be very effective.
For example: in Ap
On Tue, Jul 13, 2021 at 06:06:16PM -0400, post...@ptld.com wrote:
> > A DKIM signature does not imply any expectation that
> > all messages will have valid signatures.
>
> Why does DKIM signature exist if not to provide a way to know if an email
> has been altered after someone sent it?
That's n
On Tue, Jul 13, 2021 at 10:35:15PM -0400, Bill Cole
wrote:
> On 2021-07-13 at 21:18:46 UTC-0400 (Wed, 14 Jul 2021 11:18:46 +1000)
> raf
> is rumored to have said:
>
> > I'm beginning to think that DKIM headers might be
> > getting added just to improve spam detection scores.
> > Perhaps I'm
On Wed, Jul 14, 2021 at 01:48:21AM +0300, Kevin N. wrote:
> > It is a really bad idea to reject messages whose DKIM signature is invalid.
> > DO NOT DO THIS.
>
> Why exactly is it a really bad idea :) ?
> Could you give us some more practical details/examples?
The point is that absent DMARC poli
On Fri, Jul 09, 2021 at 02:07:02AM +0300, Kevin N. wrote:
> > Is there a way to reuse the same instance of the script, not spawn two
> > instances, and some how have the script know which restriction it was
> > called from?
>
> Not sure if this helps, but maybe you could try to implement your p
29 matches
Mail list logo
