'll need a content filter such as
> SpamAssassin.
That's a bust :(
I receive 3-5 messages without date/msgid daily (and they are ALWAYS SPAM),
and I was hoping there's a way to save some horsepower.
--
WBR,
Andrey Repin (anrdae...@freemail.ru) 18.02.2014, <21:58>
Sorry for my terrible english...
fied account is forever restricted.
I could easily hack together an auto-reply bot, but I seems to be unable to
prevent delivery to the existing mailboxes of disabled users.
Thank you in advance for any help you could provide.
--
WBR,
Andrey Repin (anrdae...@freemail.ru) 13.03.2014, <23:17>
Sorry for my terrible english...
elocated" feature is specifically for this.
> http://www.postfix.org/postconf.5.html#relocated_maps
It seems it may help me with mail redirection, but doesn't answer the question
of delivery prevention.
Quick search of the list turned up a suggestion that I could somehow use
dovecot to check if the user is available for delivery, but I've found no
further information on that yet.
The task is to prevent the use of retired addresses without constant change of
postfix configuration. Not to keep them in use.
--
WBR,
Andrey Repin (anrdae...@freemail.ru) 14.03.2014, <01:35>
Sorry for my terrible english...
s,
or says that there were timeout waiting for server greeting.
Any pointers?
--
With best regards,
Andrey Repin
Thursday, November 29, 2018 2:42:28
Sorry for my terrible english...
Greetings, Viktor Dukhovni!
> On Thu, Nov 29, 2018 at 02:59:35AM +0300, Andrey Repin wrote:
>> The premise is this:
>> 1. All delivery should be handled directly, but...
> #
> relayhost =
That's not directly, that's "through relay".
>>
Greetings, Viktor Dukhovni!
> On Thu, Nov 29, 2018 at 04:21:44AM +0300, Andrey Repin wrote:
>> >> 1. All delivery should be handled directly, but...
>>
>> > #
>> > relayhost =
>>
>> That's not directly, that's "throu
Greetings, Viktor Dukhovni!
>> On Nov 28, 2018, at 9:25 PM, Andrey Repin wrote:
>>
>>> The "smtp_tls_wrapper_mode" setting in Postfix is per-transport
>>> (via master.cf overrides), and has no per-destination analogue in
>>> the TLS policy
s_wrappermode setting is more a nuisance than a
solution to any problem, and should be either removed or lowered in its
necessity.
P.S.
Stunnel works like a charm.
--
With best regards,
Andrey Repin
Thursday, November 29, 2018 20:12:04
Sorry for my terrible english...
o explain results of tests. Especially the TLS/SSL ones.
Especially to test TLS, you can use openssl's s_client builtin.
> Does anyone know of any reliable testing options?
It all really depends on WHAT EXACTLY you want to test.
--
With best regards,
Andrey Repin
Tuesday, December 4, 2
ues can't be solved by technical means.
> so far all settings are default in postfix.
> thank you.
--
With best regards,
Andrey Repin
Thursday, December 6, 2018 14:39:20
Sorry for my terrible english...
you is 100% social, not technical or
legal.
How do they judge you is entirely up to them, as long as you conform to
standards, you can't do anything short of communicating with the owners and
solving any arising issues as they happen.
--
With best regards,
Andrey Repin
Thursday, December 6, 2018 15:00:05
Sorry for my terrible english...
look at http://www.postfix.org/qmgr.8.html
I can't provide exact solutions, as I'm solving a similar problem myself ATM.
> stuff/best practice that makes the process more effective.
> i'm certain that remote sites prefer one way over the other.
Sure they are. To each their own.
--
he
same destination), this seems appropriate.
I'm considering doing the same on my relay systems, to limit the rate at which
they talk to the smarthost.
My use case is not "hundreds", but I'd rather have this level of throttling,
than leaving a wide open gap for brute force attacks.
(As I'm not a huge fan of fail2ban. I prefer more direct approaches.)
--
With best regards,
Andrey Repin
Thursday, December 6, 2018 21:16:00
Sorry for my terrible english...
ime" means exactly? Will queue manager connect and
disconnect for each message in queue? Will it try to deliver multiple messages
to the same destination in parallel, over multiple connections?
--
With best regards,
Andrey Repin
Thursday, December 6, 2018 21:23:52
Sorry for my terrible english...
elay between deliveries.
> [ where one is less than two. ]
In other words, if I have multiple different messages to the same destination,
I can't know if they will be delivered through single connection?
And can't control it?
--
With best regards,
Andrey Repin
Thursday, December 6, 2018 22:07:44
Sorry for my terrible english...
Greetings, Viktor Dukhovni!
>> On Dec 6, 2018, at 2:19 PM, Andrey Repin wrote:
>>
>> In other words, if I have multiple different messages to the same
>> destination,
>> I can't know if they will be delivered through single connection?
>> And can'
0% know what you are doing or there's
a security advisory from vendor suggesting a change.
--
With best regards,
Andrey Repin
Tuesday, December 11, 2018 3:44:28
Sorry for my terrible english...
need secure connection to your SQL server badly, setup an encrypted
tunnel.
--
With best regards,
Andrey Repin
Thursday, December 13, 2018 15:17:56
Sorry for my terrible english...
non-experts. Please
>> don't hesitate to post similarly helpful replies.
>>
> Unfortunately that answer has not made it to the list (or at least not yet)
http://postfix.1071664.n5.nabble.com/ignore-SASL-Auth-to-specific-server-internal-exchange-relay-tp98764p98779.html
--
Wit
s_security_level=may is with STARTTLS.
Which should be clearly announced by the receiving servers before long.
In which case, I don't see an downsides, assuming the remote server is
actually capable of STARTTLS and configured correctly.
> Or, whether there are Postfix package maintainers in the same boat:
> too busy to add code to enable opportunistic TLS in the client at
> package install time, but would be happy to see it happen upstream.
--
With best regards,
Andrey Repin
Friday, December 21, 2018 9:29:27
Sorry for my terrible english...
D of pickup and rewrite sender based upon it
> - Convert the sender into a FQDN before pickup, for example if mail
> generates via cron
>
>
> No, for this you also a separate Postfix instance for each logical
> container. By the time the mail leaves the container it is too
ndex.net>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
--
With best regards,
Andrey Repin
Thursday, December 27, 2018 1:28:52
Sorry for my terrible english...
. Not on postmaster,
neither on the sender's address.
--
With best regards,
Andrey Repin
Thursday, December 27, 2018 1:07:16
Sorry for my terrible english...
Greetings, Wietse Venema!
> Andrey Repin:
>> Greetings, All!
>>
>> > I think I just broke my mail system. I'd like a quick help if possible.
>> > I have a remote server that accepts the mail for domain right now.
>> > The mail is retrieved from
Greetings, Matthias Andree!
> Am 27.12.18 um 02:05 schrieb Andrey Repin:
>> Greetings, Wietse Venema!
>>
>>> Andrey Repin:
>>>> Greetings, All!
>>>>
>>>>> I think I just broke my mail system. I'd like a quick help if possible.
ions.
So, what do you think would suit your project?
--
With best regards,
Andrey Repin
Wednesday, January 30, 2019 22:00:26
Sorry for my terrible english...
ms, I was mistaken.
--
With best regards,
Andrey Repin
Friday, February 1, 2019 2:56:40
Sorry for my terrible english...
With best regards,
Andrey Repin
Thursday, February 7, 2019 17:36:01
Sorry for my terrible english...
ows". Anyone care to
> to contribute a patch for proto/SMTPUTF8_README.html?
If you point in the direction of a repository and hint on what you want to see
in it, I can try my hand.
--
With best regards,
Andrey Repin
Tuesday, February 12, 2019 17:37:28
Sorry for my terrible english...
ck. Any
> help figuring out what this error code means or how to fix this issue would
> be greatly appreciated.
> Best,
> Noah Huppert
--
With best regards,
Andrey Repin
Wednesday, February 13, 2019 17:46:16
Sorry for my terrible english...
;[1] ?
Or I'm grossly misunderstanding the implications?
>> Indeed this behavior I'm talking about is without the client specifying
>> SMTPUTF8.
> In which case it is not specifically the bytes you're reporting
> that are problematic. Likely any non-ascii envelop
Greetings, Wietse Venema!
> Viktor Dukhovni:
>> On Thu, Feb 14, 2019 at 12:45:37AM +0300, Andrey Repin wrote:
>>
>> > > Indeed I forgot that this does not enforce an ASCII character-set:
>> > >
>> > > http://www.postfix.org/postconf.5.html#s
oration link?
--
With best regards,
Andrey Repin
Friday, February 15, 2019 14:55:51
Sorry for my terrible english...
understand, what you are doing, and why, at all.
Care to explain?
--
With best regards,
Andrey Repin
Friday, February 15, 2019 15:01:05
Sorry for my terrible english...
MUA for those capable of
validating it.
> Step-1: MX checks DKIM, acts on that information (reject or pass) and
> optionally removes DKIM-header
> Step-2: MX passes mail to click track remover, after that to user's mailbox
> Or did I miss something?
Other message signing techniques,
wer security of your system without a very good
reason.
The option you are looking for is...
smtp_tls_security_level = may
...but... The bad news is that remote does not offer STARTTLS.
--
With best regards,
Andrey Repin
Saturday, February 16, 2019 9:43:14
Sorry for my terrible english...
uld use default "may" here and leave "encrypt" for submissions (port
465/tcp).
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_tls_auth_only=yes
> Here is more detailed log after I set "smtp_sasl_security_options =
> noanonymous"
--
With best regards,
Andrey Repin
Saturday, February 16, 2019 23:44:24
Sorry for my terrible english...
tial iterations, but for those
interested it could be enabled with "smtp_tls_security_level=new,may" or may
be "smtp_tls_security_level=new,encrypt".
One last issue is if you for some reason want to specify only one level and
never upgrade... but I'm not sure it worth the hassle, with the exception of
"none".
--
With best regards,
Andrey Repin
Sunday, February 17, 2019 21:15:16
Sorry for my terrible english...
Greetings, Viktor Dukhovni!
> On Sat, Feb 16, 2019 at 11:46:12PM +0300, Andrey Repin wrote:
>> > submission inet n - n - - smtpd
>> > -o syslog_name=postfix/submission
>> > -o smtpd_tls_security_level=encrypt
>>
>> This
ere's rather old post on SO https://serverfault.com/a/547778/208335
which says that even if it's enabled, the reports generated by postfix itself
will still not be signed.
Is there a recommended way of solving this?
--
With best regards,
Andrey Repin
Monday, February 18, 2019 13:22:5
rejected
Feb 18 201919296
I could potentially understand 2x to 3x difference, but this is beyond my
wildest expectations.
The only mail multiplication rule I have is 1:2.
--
With best regards,
Andrey Repin
Monday, February 18, 2019 18:23:28
Sorry for my terrible english...
Greetings, Bill Cole!
> On 18 Feb 2019, at 10:30, Andrey Repin wrote:
>> Greetings, All!
>>
>> I'm looking at the output of today's mail server activity and it does
>> not add
>> up.
>>
>> Per-Day Traffic Summary
>> --
Greetings, Wietse Venema!
> Andrey Repin:
>> Greetings, All!
>>
>> I just discovered that mail generated locally (i.e. introduced by pickup
>> daemon) is not signed.
>>
>> Digging in documentation, I've found
>> http://www.postfix.org/postconf
any more effort than absolutely necessary to make it work.
--
With best regards,
Andrey Repin
Tuesday, February 19, 2019 2:36:38
Sorry for my terrible english...
uess would be under:
>http://www.postfix.org/SMTPUTF8_README.html#compatibility
> in the un-anchored "Pre-existing non-ASCII email flows" section.
Something like this?
--
With best regards,
Andrey Repin
Thursday, February 21, 2019 15:46:00
Sorry for my terrible english..
would work in a BQCF setup like mine?
> Same question applies for DKIM validation.
TIAS.
It only takes few minutes to try.
--
With best regards,
Andrey Repin
Saturday, February 23, 2019 1:17:10
Sorry for my terrible english...
but you usually don't need
>> this.
> Milters can modify (replace) the message body. Milters operating
> in front of a pre-queue proxy filter can only see and modify the
> message envelope, and can neither see nor modify the message content
> (headers or body).
Then how Op
crap out.
--
With best regards,
Andrey Repin
Thursday, February 28, 2019 18:21:44
Sorry for my terrible english...
--virtual-config-dir=/mnt/ebs01/vmail/%d/%l/SpamAssassin"
> export PYTHONPATH=/usr/lib/python2.6/site-packages
If your users are not using personal spamassasin lists, you can just tell it
to use same user for all server works.
--
With best regards,
Andrey Repin
Friday, March 1, 2019 10:37:52
Sorry for my terrible english...
script that would do so.
But mind you it would only create more trouble.
Social issues can not be fixed by technical means.
--
With best regards,
Andrey Repin
Saturday, March 2, 2019 23:39:00
Sorry for my terrible english...
or more simultaneous
connections, than set by default.
Google "c10k problem" for pointers to possible solutions.
--
With best regards,
Andrey Repin
Monday, March 4, 2019 21:49:26
Sorry for my terrible english...
times in 8 hours that this
> IP address is up to no good?
And you don't have local caching DNS proxy?
> That's why it would be nice to blacklist the offending IP address for 24-48
> hours and keep resources free for legitimate connections.
Are you receiving more than 10k conn
s you are using.
> most of the ones I've found are for single domain, and, use
> different setups, hence I'm trying to figure out what's the best way to
> set this up.
You just set "this" up and tell your DKIM handler what to do.
--
With best regards,
Andrey Repin
stfix.org/SMTPUTF8_README.html#enabling
>> My guess would be under:
>>http://www.postfix.org/SMTPUTF8_README.html#compatibility
>> in the un-anchored "Pre-existing non-ASCII email flows" section.
> Something like this?
Ping?
--
With best regards,
Andrey Repin
Thursday, March 14, 2019 16:01:36
Sorry for my terrible english...
Greetings, Wietse Venema!
> Wietse Venema:
>> Andrey Repin:
>> > Greetings, All!
>> >
>> > > Greetings, Viktor Dukhovni!
>> >
>> > >>> Makes sense, thank you.
>> > >>>
>> > >>> So, next questi
Greetings, A. Schulze!
> Hello,
> http://www.postfix.org/postconf.5.html#maillog_file say
>"A non-empty value selects logging to syslogd"
> I think it should say
>"A empty value selects logging to syslogd"
"An empty ..." would probably be
oes not agree with my significant experience
My significant experience says that it does not take a lot of effort sending
email with identical MAIL FROM and RCPT TO addresses, if target host did not
set up SPF declaration/validation.
--
With best regards,
Andrey Repin
Saturday, March 23, 2019 12:14:42
Sorry for my terrible english...
om; client-ip=62.75.235.12
> client=mmu.ac.ug[62.75.235.12]
> message-id=<5s5jp2.2trzrx165hrq...@mail.mmu.ac.ug>
> from=, size=228789, nrcpt=1 (queue active)
> disconnect from mmu.ac.ug[62.75.235.12]
> to=, relay=virtual, delay=8, delays=6.9/0.02/0/1, dsn=2.0.0,
> status=sent (
ip4:24.232.174.73 mx:schweb.com.ar a:schlabs.com.ar
> a:sys-arquitectura.cl -all
> Maybe i need remove -all?
Ok, I misread the message. Then the answer is even simpler, the original
MAIL FROM: wasn't what was in the "From" header field.
So, it's just your usual scaremail.
--
With
one. This has nothing to do with postfix.
> Or do I need to make a symbolic link to the current mailq destination?
No.
You should mount the directory first.
--
With best regards,
Andrey Repin
Wednesday, March 27, 2019 10:55:27
Sorry for my terrible english...
F), which is not applicable for lists that keep header
> From: but use their own envelope from.
> https://en.wikipedia.org/wiki/DMARC#Mailing_lists
The topmost Resent-From should match envelope-from in this case.
--
With best regards,
Andrey Repin
Wednesday, March 27, 2019 10:57:27
Sorry for my terrible english...
a use for fail2ban in last ten years. Anything it could do,
there's more direct tools for the same purpose available.
I.e. postfix's anvil daemon, for a given use case.
--
With best regards,
Andrey Repin
Thursday, April 4, 2019 22:04:17
Sorry for my terrible english...
I was not aware of this, I try to follow DKIM, but perhaps I was
> not using the right site. None of these standards are referenced on
> opendkim.org.
That's because OpenDKIM is unsupported for several years now.
And yes, it has had issues even before standards have changed.
--
With best regards,
Andrey Repin
Saturday, April 13, 2019 1:16:05
Sorry for my terrible english...
for this?
If you search list archive, you'll find that each check made by postfix is
made in isolation, if you want some complex rules, you'd need a milter.
--
With best regards,
Andrey Repin
Saturday, April 13, 2019 11:26:06
Sorry for my terrible english...
d; from=<> to=
proto=ESMTP helo=
May 24 10:13:22 mxs postfix/smtp/smtpd[2615]: disconnect from
mail.regionspb.net[84.204.28.35] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1
commands=5/6
--
With best regards,
Andrey Repin
Friday, May 24, 2019 10:29:44
Sorry for my terrible english...smtp
Greetings, Viktor Dukhovni!
> On Fri, May 24, 2019 at 10:38:29AM +0300, Andrey Repin wrote:
>> May 24 08:07:39 mxs postfix/smtp/smtpd[1938]: NOQUEUE: reject: RCPT from
>> mail.regionspb.net[84.204.28.35]: 450 4.7.0 : Recipient
>> address rejected: defer_if_reject requested
Greetings, Viktor Dukhovni!
> If you want soft_failure, try "-o soft_fail=yes"
Shouldn't that be
soft_bounce = yes
?
--
With best regards,
Andrey Repin
Saturday, May 25, 2019 19:32:05
Sorry for my terrible english...
of these four formats will the message
> be in?
Guess why I'm using Maildir?
--
With best regards,
Andrey Repin
Friday, June 28, 2019 14:28:30
Sorry for my terrible english...
format that uses an FF (0x0C)
character as message delimiter, and do not do any body encoding.
--
With best regards,
Andrey Repin
Friday, June 28, 2019 15:34:04
Sorry for my terrible english...
69 matches
Mail list logo
