[pfx] Postfix 3.9's smtpd_forbid_unauth_pipelining

Hello, Does the new smtpd_forbid_unauth_pipelining config default in Postfix 3.9 make it no longer necessary to set the following? smtpd_data_restrictions = r

[pfx] [OT] postfwd3 as check_policy_service hogging the CPU

I'm using postfwd3 as a policy service for rate limiting based on the envelope sender address and number of recipients. We're both limiting "freemailer" senders (they can only reach a low number of internal recipients before being restricted) as well as our internal users (they can only reach a lo

[pfx] Re: Postfix 3.9's smtpd_forbid_unauth_pipelining

Never mind! Found my answer in the first announcement on SMTP Smuggling (in the postfix-announce mailing list): it does, in fact, make "reject_unauth_pipelining" redundant, as expected. On Thu, Mar 7, 2024 at 5:03 AM Grant Gryczan wrote: > Hello, > > Does the new smtpd_forbid_unauth_pipelining >

[pfx] Re: Misunderstanging on masquerade_domains and rewriting in master.conf

On Thu, Mar 07, 2024 at 00:22:31 +0100, Steffen Nurpmeso via Postfix-users wrote: > Thanks to the README i got it going with > > masquerade_domains = $mydomain > local_header_rewrite_clients = permit_mynetworks,permit_tls_clientcerts > > However, i first tried to add these via -o to the abov

[pfx] Active queue congestion

Hi, I look after a SAAS site where customers can send emails to their own domains. At times some of our customers can initiate sending of large mail volumes - which can swamp the active queue. >From [1]: "The only way to reduce congestion is to either reduce the input rate or increase the through

[pfx] Re: improving SRS support

Viktor Dukhovni via Postfix-users: > On Wed, Mar 06, 2024 at 07:30:01PM -0500, Christophe Kalt via Postfix-users > wrote: > > > The two options I've seen for implementing SRS are milter and > > [sender_]canonical_maps but it seems to me that neither are a good fit when > > rewriting the envelope

[pfx] Re: Milter multiline header formatting

Claus Assmann via Postfix-users: > On Wed, Mar 06, 2024, Wietse Venema via Postfix-users wrote: > > > > Again, Postfix does not store line terminators, not when email comes > > > from UNIX tool with \n, via SMTP with \r\n, or encapsulated as > > > netstrings which uses neither. > > > In headers

[pfx] Re: improving SRS support

I hadn't seen postforward, thanks for the pointer! It's a good approach, small cost of an extra hop, should be easy to enhance as well. On Thu, Mar 7, 2024, 00:36 raf via Postfix-users wrote: > On Wed, Mar 06, 2024 at 07:30:01PM -0500, Christophe Kalt via > Postfix-users wrote: > > > Hi, > > >

[pfx] Re: Active queue congestion

On Thu, Mar 07, 2024 at 12:26:06PM +, Colin McKinnon via Postfix-users wrote: > I look after a SAAS site where customers can send emails to their own > domains. At times some of our customers can initiate sending of large mail > volumes - which can swamp the active queue. Given sufficient me

[pfx] Re: [OT] postfwd3 as check_policy_service hogging the CPU

On 07.03.24 11:16, Ralf Hildebrandt via Postfix-users wrote: I'm using postfwd3 as a policy service for rate limiting based on the envelope sender address and number of recipients. not authenticated user? ;-) We're both limiting "freemailer" senders (they can only reach a low number of intern

[pfx] Re: [ext] Re: [OT] postfwd3 as check_policy_service hogging the CPU

* Matus UHLAR - fantomas via Postfix-users : > > envelope sender address and number of recipients. > > not authenticated user? ;-) Yes, I'm also checking if the come from our exchangeserver. > if you want to see/process mail size, using it in > smtpd_end_of_data_restrictions is necessary. > if

[pfx] Re: [ext] Re: [OT] postfwd3 as check_policy_service hogging the CPU

On Thu, Mar 07, 2024 at 04:24:56PM +0100, Ralf Hildebrandt via Postfix-users wrote: > * Matus UHLAR - fantomas via Postfix-users : > > > > envelope sender address and number of recipients. > > > > not authenticated user? ;-) > > Yes, I'm also checking if the come from our exchangeserver. > > >

[pfx] Re: [ext] Re: [OT] postfwd3 as check_policy_service hogging the CPU

* Viktor Dukhovni via Postfix-users : > Note that if you want the actual recipient addresses, (not just a > count), I just need the count in this case > you'll need to also intercept recipient restrictions. oh! > The Postfix smtpd(8) server does not keep the recipient list in memory, the > lis

[pfx] Postfix stable release 3.9.0

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.9.0.html] Postfix stable release 3.9.0 is available. Postfix 3.5 - 3.8 were updated earlier this week; after that, Postfix 3.5 will no longer be updated. The main changes are below. See t

[pfx] Re: [ext] Re: [OT] postfwd3 as check_policy_service hogging the CPU

Ralf Hildebrandt via Postfix-users: > * Viktor Dukhovni via Postfix-users : > > > Note that if you want the actual recipient addresses, (not just a > > count), > > I just need the count in this case > > > you'll need to also intercept recipient restrictions. > > oh! > > > The Postfix smtpd(8)

[pfx] Re: Active queue congestion

Thank you, Viktor. I am planning to look at increasing the size of the Active queue however I would need to resize to a minimum of 50x based on past events. > You can also configure a non-zero smtpd_client_message_rate_limit H, not so sure about that. The docs do advise against this for legi

[pfx] Re: Active queue congestion

Colin McKinnon via Postfix-users: > Thank you, Viktor. > > I am planning to look at increasing the size of the Active queue however I > would need to resize to a minimum of 50x based on past events. That should be OK as long as your syustem has enough memory. > > You can also configure a non-zer

[pfx] Re: Postfix stable release 3.9.0

* Wietse Venema via Postfix-users: > Postfix stable release 3.9.0 is available. Postfix 3.5 - 3.8 were > updated earlier this week; after that, Postfix 3.5 will no longer > be updated. Thank you for your continued work. By "you" I mean not only Wietse, but also the other contributors who collabor

[pfx] Re: Milter multiline header formatting

Wietse Venema via Postfix-users wrote in <4tqsmy5jfczj...@spike.porcupine.org>: |Wietse Venema via Postfix-users: |> Again, Postfix does not store line terminators, not when email comes |> from UNIX tool with \n, via SMTP with \r\n, or encapsulated as |> netstrings which uses neither. |> |

[pfx] Re: Milter multiline header formatting

Claus Assmann via Postfix-users wrote in <20240307053606.ga48...@veps.esmtp.org>: |On Wed, Mar 06, 2024, Wietse Venema via Postfix-users wrote: | |>> Again, Postfix does not store line terminators, not when email comes |>> from UNIX tool with \n, via SMTP with \r\n, or encapsulated as |>> net

[pfx] Which DKIM application for postfix 3.9.0

I am upgrading to postfix 3.9.0. I have not used DKIM in previous postfix installs, but I would like to start now with the new google rules. I have done some research and opendkim is the most recommended, however, other research states the opendkim has been abandoned by it's maintainers. So

[pfx] Re: Milter multiline header formatting

Wietse Venema via Postfix-users wrote in <4tqsmy5jfczj...@spike.porcupine.org>: |Wietse Venema via Postfix-users: |> Again, Postfix does not store line terminators, not when email comes |> from UNIX tool with \n, via SMTP with \r\n, or encapsulated as |> netstrings which uses neither. |> |

[pfx] Re: Misunderstanging on masquerade_domains and rewriting in master.conf

Geert Hendrickx via Postfix-users wrote in : |On Thu, Mar 07, 2024 at 00:22:31 +0100, Steffen Nurpmeso via Postfix-users \ |wrote: |> Thanks to the README i got it going with |> |> masquerade_domains = $mydomain |> local_header_rewrite_clients = permit_mynetworks,permit_tls_clientcerts

[pfx] Re: verifying postfix github repo source tarballs?

On Thu, Mar 07, 2024 at 05:26:08PM -0500, pgnd via Postfix-users wrote: > I understand the "only official" release sources are the tarballs, > > TARBALL DL FROM MIRROR SITE > wget > https://mirror.reverse.net/pub/postfix-release/official/postfix-3.8.6.tar.gz > s

[pfx] Re: pushing changes to remote system

Dan Mahoney via Postfix-users wrote in <56abb6d4-e690-4f94-aadb-2f646a6d1...@prime.gushi.org>: |> On Mar 6, 2024, at 16:52, Wietse Venema via Postfix-users @postfix.org> wrote: |> Alex via Postfix-users: |>> Hi, |>> I have a few postfix systems on fedora38 with nearly identical |>> configura

[pfx] Re: Active queue congestion

On Thu, Mar 07, 2024 at 01:11:09PM -0500, Wietse Venema via Postfix-users wrote: > > I am planning to look at increasing the size of the Active queue however I > > would need to resize to a minimum of 50x based on past events. > > That should be OK as long as your syustem has enough memory. A mi

[pfx] Re: Misunderstanging on masquerade_domains and rewriting in master.conf

Steffen Nurpmeso via Postfix-users: > What if i would have multiple smtpd listening on different xy and > each needs different settings? Would i need different main.cf's > for each of those? > And you say the local_header_rewrite_clients at least i can > specifiy via -o, if i understand correctly.

[pfx] Re: Which DKIM application for postfix 3.9.0

Am 07.03.24 um 23:06 schrieb postfix--- via Postfix-users: I have done some research and opendkim is the most recommended, however, other research states the opendkim has been abandoned by it's maintainers. well, long story. yes, it //seem// to be abandoned, but you may use it on production

[pfx] Re: Which DKIM application for postfix 3.9.0

On Thu, Mar 07, 2024 at 03:06:45PM -0700, postfix--- via Postfix-users wrote: > I am upgrading to postfix 3.9.0. > > I have not used DKIM in previous postfix installs, but I would like to start > now with the new google rules. > > I have done some research and opendkim is the most recommended, ho

[pfx] Re: Misunderstanging on masquerade_domains and rewriting in master.conf

Wietse Venema via Postfix-users wrote in <4trq1c66rlzj...@spike.porcupine.org>: |Steffen Nurpmeso via Postfix-users: |> What if i would have multiple smtpd listening on different xy and |> each needs different settings? Would i need different main.cf's |> for each of those? |> And you say th

[pfx] Dumb question about logging

Assuming that one's configuration has open relay, what does a log entry for relayed mail look like? I don't think I've any open relay, but I want to look and make sure. I've searched for half an hour, and no answer came up. But, I did find some hints. Specifically, I use this command to list