Re: Postfix and DNSSEC

On Wed, Dec 17, 2008 at 02:59:27PM -0500, Victor Duchovni wrote: > Postfix uses res_search(3). DNSSEC would have to be supported by the > C-library stub resolver code, not Postfix. DNSSEC can be checked by the recursive resolver, which is sufficient in most setups. > DNSSEC is very complex. I rat

Re: smtpd banner problem

On Tue, Jan 20, 2009 at 11:09:22AM +0300, Marco Tchi Hong wrote: > But when I do : telnet myserver.tld 25 from another server I get : > 220 ** > I don't find why I don't get the good banner. You have a Cisco PIX in the way which have the smtp fuckup[1] f

Re: Replacing Message-Id for SASL authenticated senders

On Sun, Feb 08, 2009 at 03:38:22AM -0500, Sahil Tandon wrote: > This works as I'd expect, but will it break anything else? Yes. It will break the complete mail handling of the client. _Never_ ever touch a message id. Bastian -- Fascinating, a totally parochial attitude. -- Spock

Re: Replacing Message-Id for SASL authenticated senders

On Sun, Feb 08, 2009 at 11:13:53AM -0500, Sahil Tandon wrote: > On Sun, 08 Feb 2009, Bastian Blank wrote: > > Yes. It will break the complete mail handling of the client. _Never_ > > ever touch a message id. > Do explain how adding/replacing a valid Message-ID only to submitted m

Re: Strange problem with pickup process (maybe just a coincidence)

On Wed, Feb 11, 2009 at 09:00:14AM +0100, Santiago Romero wrote: > I have a strange problem monitoring the "pickup" process: we have a > monitoring system that, sometimes, warns us with "pickup process not in > memory" What is the meaning of this message? > Does the "wake up" restart the proc

Re: LMTP bounce handling problem

On Tue, Apr 07, 2009 at 04:56:52PM +0200, Martin Zobel-Helas wrote: > while trying to upgrade from Postfix 2.1.5 to a newer version, i > experience problems with LMTP bounce handling. Please define problems. Why should a permanent error not cause a bounce as mandated by the RFC? > Config paramete

Re: Relay mail server for a dial-up sat connection

On Fri, May 29, 2009 at 11:39:07AM +0200, Enrico g wrote: > I've been charged to develop a relay mail server in a dial-up sat > connection by my company. You have no previous knowledge about mail infrastructure? At least parts of the mail looks this way. > 1a) This server must connect to Internet

Re: Timed out RCPT TO

On Tue, Jun 01, 2010 at 10:01:58AM -0400, Kaleb Hosie wrote: > I telnet'ed into the recipients server and started sending the series of > commands to send mail and it seemed very quick up until I sent RCPT TO; it > proceeded to hang there for 50 seconds before responding with a 250 SMTP > code. I w

Re: Queue full of double-bounce

On Mon, Oct 11, 2010 at 04:27:13PM +0200, Patric Falinder wrote: > I'm running Debian Lenny x64 with Postfix 2.5.5 with VDA patch. VDA is supported where? > It's virtualized on a VMWare ESX server. > Don't really know what tick-less timer support is so I guess I don't use > it unless it's stand

Re: reverse the polarity of the neutron flow

On Tue, Oct 12, 2010 at 01:42:25PM -0600, The Doctor wrote: > What did I forget? * rm -rf / (Read mail, really fast) * A name * http://www.postfix.org/DEBUG_README.html#mail Bastian -- We fight only when there is no other choice. We prefer the ways of peaceful contact. -- Kirk,

Re: is this DNS setup RFC-correct ?

On Mon, Oct 25, 2010 at 02:20:51PM -0200, Leonardo Rodrigues wrote: > nnn.domain.com.br (about 40 different subdomains) have only 2 (two) > DNS entries: > > nnnINMX10 server.nnn.domain.com.br. > nnnINTXT"v=spf1 include:domain.com.br -all" | ;; ->>HEADER<<- opcode: QUE

Re: Problem matching IPv6 link-local in cidr-map

On Mon, Nov 08, 2010 at 03:13:45PM -0500, Wietse Venema wrote: > Postfix CIDR support uses standard system library routines such as > inet_pton(). I am reluctant to re-invent Postfix-specific versions. > Maybe there is some other library that does not barf on this? The only parts of the glibc usi

Re: Problem matching IPv6 link-local in cidr-map

On Mon, Nov 08, 2010 at 05:21:57PM -0500, Wietse Venema wrote: > There is code all over Postfix that sanity checks the syntax of > domains and address literals, and that code just cannot ever accept > datalink suffix junk. There is no junk in it. > That means having to strip off the junk where it

Re: Understanding TLS

On Sun, Dec 05, 2010 at 11:41:05AM +0100, Christian Roessner wrote: > When I use telnet to connect to mx0.roessner-net.de 25, waiting for > postscreen to allow me sending EHLO, I only get the following list of > commands: > > Trying 78.46.253.227... > Connected to mx0.roessner-net.de. > Escape c

Re: Change error messages returned by Postfix

On Thu, Jan 06, 2011 at 10:30:15AM -0500, Wietse Venema wrote: >localtime > Server local time (Mmm dd hh:mm:ss) Hmm. This is not that useful without the information about the used timezone. Bastian -- But Captain -- the engines can't take this much longer!

Re: Question about Postfix Installation

On Mon, Jan 10, 2011 at 11:33:28AM +0100, Buzai Andras wrote: > I use Ubuntu 10.04 and the package repository does not contain the > latest Postfix release. Ubuntu 10.04 contains 2.7.0[1], Ubuntu 10.10 contains 2.7.1[2]. You n > Also I prefer installing packages from source. This way I think I ca

Re: Text Substitution with pcre:

On Fri, Jan 28, 2011 at 03:49:55PM -0500, Jerrale G wrote: > from *mail.sheltoncomputers.com (mail [127.0.0.1]) * by > mail.sheltoncomputers.com (SC Mail Server) with ESMTP id > 182431B60017for ; Fri, 28 Jan 2011 > 15:44:05 -0500 (EST) > > The correct address, for mail.sheltoncomputers.com i

Re: SSL_accept error - somebody that could tell me what to do

On Wed, Jun 17, 2009 at 05:20:38PM +0200, Jelle de Jong wrote: > Would you be willing to have an other look at the logs? I still have the > issue and I had to turn smtpd_tls_security_level to none, so the work > processes of my customer could go on, but I don't think this workaround > will be the s

Re: SSL_accept error - somebody that could tell me what to do

On Fri, Jun 19, 2009 at 04:03:39PM +0200, Jelle de Jong wrote: > I got some more debug information from the other server that initiates > the sending of the mail. "terminated by signal 11". Signal 11 is SIGSEGV, aka segmentation fault, on most systems out there. There system is severely broken. B

Re: SSLv2 and encryption for PCI compliance

On Mon, Jul 27, 2009 at 08:03:20AM -0400, Wietse Venema wrote: > Jake Vickers: > > Now I know I posted the other day about disabling SSLv2, but if I add > That solution was for MANDATORY TLS encryption. If TLS is not mandatory, > then disabling SSLv2 is pointless: you allow plaintext email. I don

Re: need to add custom header parameter/value to postfix logging.

On Wed, Aug 12, 2009 at 08:09:32AM -0500, Guidarini, Robert wrote: > Example of custom header inserted into the emails: > X-Info-MessageID: l6oL1rHPRUyklkQzdkW3kg Why don't you add this to the message-id, which is mandatory and already logged? Bastian -- He's dead, Jim. -- McCoy

Re: postfix terminating on signal 15

On Wed, Aug 12, 2009 at 05:23:17PM -0700, Jeroen van Aart wrote: > I am not sure if it's the kernel's OOM killer or postfix itself which > causes it to quit. 1. The OOM killer _always_ uses SIGKILL. A program is not even given the possibility to react. 2. root processes (like master) have a much l

Re: Multiple Ldap Servers

On Fri, Aug 28, 2009 at 09:37:02PM -0400, mic...@casa.co.cu wrote: > For more details of my problem, when the server is not responding ldap1 > by technical problems, Postfix rejects all email me saying that the > mailbox does not exist, when the user exists. This is not how postfix works. Proof:

Re: ldaps query

On Sun, Oct 11, 2009 at 01:11:12PM +0200, Roland de Lepper wrote: > When query a user via postmap, i'll this as result: > postmap: warning: dict_ldap_open: URL scheme ldaps requires protocol > version 3 > What does this mean and how to solve? Which part do you fail to understand? ldaps should be k

Re: Kernel Oops

On Fri, Mar 04, 2011 at 03:43:11PM +0300, Denis Shulyaka wrote: > Mar 4 14:46:29 shulyaka kern.alert kernel: CPU 0 Unable to handle > kernel paging request at virtual address 0050, epc == 800fbdb4, ra > == 800fbdf8 This kernel is broken bejond repair. Get a fixed one. > Mar 4 14:46:29 shuly

Re: need help for controlling authenticated realy

On Sun, Apr 24, 2011 at 07:15:34AM +0530, Rajesh Kumar Mallah wrote: > We allow relaying of email via our server to our clients using authentication. > The problem is that some miscreants have got hold of our clients password > and are using our email server to send SPAM after successfully authenti

Re: postfix not sending out mails?

On Mon, May 23, 2011 at 09:26:09PM +0800, 张耀星 wrote: Please don't top-post. > > Am 23.05.2011 14:39, schrieb yaoxing: > >> May 23 07:27:36 gw1 postfix/local[7700]: fatal: main.cf configuration > >> error: mailbox_size_limit is smaller than > >> message_size_limit > And I hav

Re: Postfix sending VERP and without VERP

On Thu, Jun 16, 2011 at 11:51:17AM +0400, Ilya Pichugin wrote: > When I post, then see the following in the log: > # echo "test" | sendmail -XV -fser...@myserver.com k...@recipient.com > >delay=5.3, delays=2.4/0.47/0.6/1.8, dsn=5.0.0, status=bounced (host > >mail.recipient.com[220.220.220.220] sa

Re: Postfix sending VERP and without VERP

Don't top-post, don't send me copies of mails. On Tue, Jun 21, 2011 at 03:24:38PM +0400, Ilya Pichugin wrote: > I altered just domain name and ip adresses. If I'm sending letter via > 'telnet mx.recipient.com 25' I've got the same error: | mx.recipient.com. 3600IN A 64.15.205

Re: mail gets bounced when send to local bitdefender smtpd

On Sun, Jul 17, 2011 at 12:49:11PM +0200, Thomas Zehbe wrote: > I have an installtion using bitdefender as a virus scanner using the > content_filter option. > bitdefender's smtp daemon listens on port 10025, in main.cf therefore this is > defined: > content_filter = smtp:[127.0.0.1]:10025 I thi

Re: Problems migrating CentOS 6

On Mon, Jul 25, 2011 at 05:20:07PM +0100, Jonathan Gazeley wrote: > [root@helios postfix]# ls -la virtual.db > -rw-r--r--. 1 root mail 12288 Jul 25 17:05 virtual.db This file have security attributes assigned. > SELinux is disabled on this system, so it's not an obscure issue > with security cont

Re: Delivery rate

On Thu, Jul 28, 2011 at 03:42:59PM +0200, Martin Bley wrote: > does anybody have experienced data about the delivery rate of a single > postfix smtp server in the following scenario Something between 2/s, if everything needs to go through a single spamassassin process doing expensive tests, and 30

Re: Forbid .forward but be able to use vacation ?

On Fri, Jul 29, 2011 at 03:36:19PM +0200, Frank Bonnet wrote: > I'm facing an egg and chicken problem ,,, > We have received the following instructions "From Above" : > 1 - Forbid the email forwarding for our users | forward_path = At least if you don't have mailbox_command defined. > 2 - Some k

Re: using header_checks to change message-id header

On Mon, Aug 15, 2011 at 09:30:37AM -0500, Jerico2day wrote: > I'd like to have postfix dynamically change "my.domain.com" only on > Message-Id header to some arbitrary domain that would be > public-facing for all outgoing mail and change it back for incoming > mail. Care to explain how you intend

Re: Postfix talking smtp through stdio command?

On Tue, Sep 06, 2011 at 08:59:20PM +0200, Matthias Andree wrote: > > Can you describe the problem instead of the solution? There may be > > other solutions than the ones you have in mind. > The problem is this: > - I *can* (and am permitted to) connect to a computer in the same LAN as > the SMTP se

Re: Rate delay, concurrency and recipient per domain

On Thu, Sep 15, 2011 at 01:47:08PM +0200, Mickael B wrote: > I setup my postfix with transport per domain according with ISP > recommandation. What are you doing that triggers the limits of Yahoo? Please describe your problem first. Also please read the welcome message for this mailing list again.

Re: First Insallation, Bouncing Emails

On Fri, Oct 21, 2011 at 04:39:28PM +0200, Reindl Harald wrote: > i bet this is a debian system and your postfix is chrooted > "-" and "y" in this column is yes - change it to n and if i am > right complain debian why these dumb maintainers do not stop > their chroot-default which leads to trouble m

Re: First Insallation, Bouncing Emails

On Fri, Oct 21, 2011 at 05:16:04PM -0400, beno - wrote: > Oct 21 08:20:44 example postfix/smtpd[23702]: connect from > host.peakskillmediacenters.com[50.7.6.219] > Oct 21 08:20:45 example postfix/smtpd[23702]: NOQUEUE: reject: RCPT from > host.peakskillmediacenters.com[50.7.6.219]: 554 5.7.1 < > dd

Re: A Problem No One Has Solved According To Googling

On Tue, Oct 25, 2011 at 12:06:07PM -0700, Jack Fredrikson wrote: > Here is a problem that many postfix users have had that has apparently never > been resolved! I appeal to you for your help. I have been googling this for a > very long time now. Here is my problem >     2.    > Oct  1 14:10:39 s

Re: Best Practice for (not)allowing "spoofed" MAIL FROM addresses

On Fri, Dec 23, 2011 at 12:53:29PM +0100, Reindl Harald wrote: > Am 23.12.2011 07:15, schrieb Richard Damon: > >> if i have a domain i have a mailserver respsonsible for this domain > >> if i want to send mails with f...@mydomain.tld i have to use this server > >> there is no "if" and "but", accept

Re: Ok. I'm finding a small issue on my server.

On Tue, Jan 10, 2012 at 01:36:42AM +0100, Reindl Harald wrote: > Am 09.01.2012 22:07, schrieb Noel Jones: > > On 1/9/2012 1:24 PM, Jeroen Geilman wrote: > >> Many people (me and most of this list included) reject impersonation > >> of the sender address unless it is on an encrypted submission port;

Re: Basic sending concurrency question

On Mon, Jan 30, 2012 at 02:33:53PM -0800, Peter Scott wrote: > Sending mail via Amazon happens via piping it to a program that > makes an HTTP connection. This takes about 0.5 seconds. Postfix is a SMTP-Server/-Client, no HTTP-Client. > W

Re: How do i stop DFN backscater

On Mon, Feb 20, 2012 at 04:42:21PM +0100, Przemysław.Orzechowski wrote: > Now that i know what is happening i will have to somehow setup a delivery > route that will not exceed those limits. Why do you have to work around arbitrary limits? Bastian -- "Get back to your stations!"

Re: mx bind ip

On Sat, Mar 10, 2012 at 01:01:00AM +1000, Nick Edwards wrote: > I have tried smtp_bind_address(6) but for some reason, although it > uses the correct IP, the relays are denied for spf failure on the > main server, even though they are all permitted in spf RR, ok, evident > by fact that if I remove

Re: Can I improve the efficiency of my dnsbl reject configuration?

On Fri, Apr 27, 2012 at 08:55:15AM -0700, kar...@mailcan.com wrote: > smtpd_recipient_restrictions = > check_recipient_access hash:/usr/local/etc/postfix/conf/bozos Remove or at least move _after_ reject_unauth_destination. This is prone for open relay. > reject_non_fqdn_recipient Why?

Re: Postfix 2.9.3 + milter, first header line missing in header callback

On Thu, Jul 05, 2012 at 08:56:34PM +0200, Markus Petri wrote: > I wrote a small milter to archive incoming emails. Use recipient_bcc_maps to archive emails. Bastian -- Men will always be men -- no matter where they are. -- Harry Mudd, "Mudd's Women", stardate 1329.8

Re: Reverse Hostnames with '_msdcs' not valid

On Wed, Aug 29, 2012 at 01:01:52PM +0200, Bernhard Schmidt wrote: > ok: 134.130.87.26 -PTR-> domaindnszones.geotechnik.rwth-aachen.de > -A-> 134.130.87.26 > ok: -PTR-> forestdnszones.geotechnik.rwth-aachen.de > -A-> 134.130.87.26 > ok: -PTR-> gc._msdcs.geotechnik.rwth-aa

Re: Away message and Multiuser-Addresses

On Thu, Sep 06, 2012 at 05:24:33PM +0200, Denis Witt wrote: > at the moment we're using "usermin" for Away messages (.forward and a > perl script). This works fine for single user E-Mail-Addresses but for > example our "info"-Address is sent (via /etc/aliases) to several users. > If one or more of

Re: smtpd_proxy_filter (before-queue) per domain?

On Tue, Sep 11, 2012 at 03:54:52PM +0300, KSB wrote: > On 2012.09.11. 15:20, Wietse Venema wrote: > >Yes. I am perfectly happy when Postfix solves 90% well. Especially > >because those 90% are not just the easy problems. > I like Posftix so this is a hard decision to switch to other MTA to > not h

Re: Cleaning out certain 4xx-errors

On Sun, Sep 16, 2012 at 09:16:03AM -0500, Chris Adams wrote: > Once upon a time, Wietse Venema said: > > I think he refers to this: > > This sits among other headers that were added by your Mutt/1.4.2.2i > > mail reader. > Ah, that looks like a bug in mutt. It isn't supposed to put the > sender's

Re: Trouble verifying Postfix tarball signature

On Thu, Nov 29, 2012 at 10:14:40AM -0800, Ed Flecko wrote: > gpg --verify postfix-2.9.4.tar.gz.sig postfix-2.9.4.tar.gz > gpg: no valid OpenPGP data found. There is nothing to be verified in the specified file. > gpg: the signature could not be verified. > Please remember that the signature file

Re: Trouble verifying Postfix tarball signature

On Thu, Nov 29, 2012 at 01:26:34PM -0500, Wietse Venema wrote: > It's an RSA key. > Type Bits KeyID CreatedExpiresAlgorithm Use > sec+ 2048 0xC12BCD99 2005-02-28 -- RSA Sign & Encrypt > uid Wietse Venema Much worse, it is a PGPv3 RSA key. Such keys are not

Re: Trouble verifying Postfix tarball signature

On Thu, Nov 29, 2012 at 04:02:45PM -0500, Wietse Venema wrote: > Bastian Blank: > > Much worse, it is a PGPv3 RSA key. Such keys are not longer safe for use > You're mistaken. It's from PGP5. Maybe it was generated with PGP 5. This piece of software supports both formats. T

Re: destination_concurrency_limit to relayhost only

On Mon, Dec 17, 2012 at 10:46:32AM +0100, Victor d'Agostino wrote: > Our postfix server serves several internal domains and relays outgoing > traffic through our ISP SMTP relay server. This external SMTP server is > limited to 3 destination domains at the same time. A SMTP relay must accept at lea

Re: Domain alias rewriting

On Thu, Jan 03, 2013 at 11:16:19AM +0100, Kristof Bajnok wrote: > My other question was going to be how I could verify the 'alias' address > in RCPT stage (a wildcard virtual_alias_maps entry prevents this), How do you get your user information? Bastian -- Change is the essential process of all

Re: using cidr notation in client_access

On Sat, Jan 12, 2013 at 01:51:26PM +0100, LEVAI Daniel wrote: > How should I put this... My question is not in regards to how to store > IP networks (w/ CIDR postfix) in PostgreSQL; this is somewhat given. PostgreSQL handles CIDR with some special functions and operators. See http://www.postgresql

Re: transport table or relayhost only IPv4?

On Fri, Feb 08, 2013 at 11:25:28AM +0100, Marek Matejka wrote: > I'm using postfix-2.6.6-2.2.el6_1.x86_64. A bit old. > Relevant part from transport table: > aa_volmejlt...@volny.cz lmtp1:[m1.volny.internal]:26667 And where is the relevant config (postconf -n)? > Relevant part of logs: > F

Re: How to block some e-mail?

On Sun, Feb 17, 2013 at 02:46:00PM +0400, Pierre-Gilles RAYNAUD wrote: > How to get rid (or block) of this type of e-mail? You use postscreen with zen.spamhaus.org/b.barracudacentral.org. But you have to read the terms first. Bastian -- There's a way out of any cage. -- Captain

Re: reject empty sender address for authenticated users

On Tue, Feb 26, 2013 at 01:50:34AM +0100, Piotr Rotter wrote: > Can I set postfix to reject empty sender address for authenticated users. Null-sender must be accepted. There are several occasions where a MUA may send them, for example DSN mandates its usage sometimes. RFC 6409 specifies: | Note t

ldap_table and insignificant spaces

Hi I found that one MTA bounced several mails. The mails where sent to `" test"@example.com' and accepted by Postfix. The backend LMTP then rejected the mails. This is what I found out: - RCPT TO:<" test"@example.com> - The ldap table gets the sanitized address: ` t...@example.com' (note the l

Re: ldap_table and insignificant spaces

On Wed, Mar 06, 2013 at 03:51:28AM +, Viktor Dukhovni wrote: > On Fri, Mar 01, 2013 at 03:19:42PM +0100, Bastian Blank wrote: > > - The ldap server sanitices the query to (mail=t...@example.com) as > > mandated by RFC 4717, 4.2.3; it removes the insignificant spa

Re: Persistant LDAP connections

On Fri, Mar 08, 2013 at 03:45:57PM +0200, Geoff Shang wrote: > Given the high focus on secrity at our company, we've determined > that password verification in LDAP is a costly operation. Why is it costly? And how does "costly" fit into security? And password verification is not necessary for look

Re: Persistant LDAP connections

On Fri, Mar 08, 2013 at 05:23:27PM +0200, Geoff Shang wrote: > On Fri, 8 Mar 2013, Bastian Blank wrote: > >On Fri, Mar 08, 2013 at 03:45:57PM +0200, Geoff Shang wrote: > >And password verification is not necessary for looking up stuff. > Not if you bind anonymously. But

Re: Spam milters

On Thu, Mar 14, 2013 at 02:47:34PM -0600, The Doctor wrote: > I want to avoid perl-ware like amavisd and MailScanner Why? Okay, MailScanner is out of question anyway, because it modifies Postfix queue in unsafe ways. But why not Perl? > Any recommendations for a milter that would drop high spam?

Re: postfix 2.8 and upper don't close connection with smtpd_proxy_filter

Please fix your MUA, it produces TOFU. On Tue, Apr 23, 2013 at 11:48:42AM +0200, Ludovic LEVET wrote: > This is not a reply ... Not showing what the actual problem is, is no question either. Especially, why are you the only person experiencing this in over three years? > http://www.ietf.org/rfc/

Re: Short burst of errors

On Tue, Apr 23, 2013 at 12:09:19PM +0200, Embedding Linux wrote: > Apr 22 16:45:36 my_server postfix/flush[10510]: fatal: config variable > inet_interfaces: host not found: server.fqdn.name Not quite unexpected: | $ drill server.fqdn.name | ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 4402

Re: postfix 2.8 and upper don't close connection with smtpd_proxy_filter

connection_cache_on_demand=no' is not take care. It doesn't even need to close the connection. > The mail is transfered well, but the connexion is not terminate properly. Show proof. > So, like you said in 3.8 of RFC5321 confirm what i said : Stop arguing with standards. > Le

Re: Strange conversion of 5.2.2 into 4.1.0 error

On Fri, May 03, 2013 at 10:18:43AM +0200, Ralf Hildebrandt wrote: > Tue Apr 30 20:05:04 2013 Info: Delivery start DCID 4678286 MID 15335505 to > RID [0] > Tue Apr 30 20:05:06 2013 Info: Delayed: DCID 4678286 MID 15335505 to RID 0 - > 4.1.0 - > Unknown address error ('552', ['5.2.2 : Recipient >

Re: Restrictions after postscreen

On Tue, May 14, 2013 at 07:35:15AM -0700, Steve Jenkins wrote: > # postconf -d | grep smtpd_relay > smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination > Any idea why my permit_sasl_authenticated is being ignored in favor of the > default? | -d Print main.cf default parameter

Re: introducing mopher, the mail gopher

On Fri, Jun 14, 2013 at 08:50:42AM +0200, Manuel Badzong wrote: > I would like to introduce mail gopher, a new all-in-one, MIT-licensed > mail filter. How does it relate to Postfix? Postfix already does this with a bit of help. > Mopher can: > + tarpit hosts Bad idea in userspace. Bad idea

Re: Problem using TLS: lost connection after STARTTLS

On Fri, Jun 14, 2013 at 12:24:39PM +0200, Jan P. Kessler wrote: > currently we are experiencing problems with an incoming SMTP/TLS > connection. Remote side is an Ironport device, we are using postfix > 2.8.13 on solaris 10. Please show "postconf -n". > Jun 14 10:24:47 rv-smtpext-101 postfix/smtp

Re: introducing mopher, the mail gopher

On Fri, Jun 14, 2013 at 12:37:11PM +0200, Petar Bogdanovic wrote: > On Fri, Jun 14, 2013 at 12:08:00PM +0200, Bastian Blank wrote: > > On Fri, Jun 14, 2013 at 08:50:42AM +0200, Manuel Badzong wrote: > > > I would like to introduce mail gopher, a new all-in-one, MIT-licensed

Re: how to stop massive email attack in Postfix

On Fri, Jun 14, 2013 at 03:44:23PM +, c cc wrote: First, get a name. > For the last few days, I noticed that our postfix server had crawl to a > halt due to some kind of email attack. Show logs and the config, see http://www.postfix.org/DEBUG_README.html#mail. If you configure Postfix to all

Re: Mail server, what else?

On Fri, Jul 12, 2013 at 11:55:00AM -0700, J Gao wrote: > Now I would like your advises on my system so I can improve it more. > Here is my mail server system: > - CentOS 6.4 64bit (SELinux disabled), iptables is in action. Enterprisey. Well. > - Apache, MySql, PHP What for? If at all use nginx m

Re: Client host name resolution

On Mon, Nov 18, 2013 at 03:43:17AM -0800, E.B. wrote: > I did "dig -x 1.2.3.4" on the server for the same IP address and the result > came back with the correct domain name. So why didn't postfix see the host > name? I restarted postfix in case it was caching, but it didn't help. Show proof. Es

Re: Ask for Client Certificates

On Wed, Jan 29, 2014 at 11:39:09AM +0100, Patrik Båt wrote: > I know this is a client problem, but have anyone seen any impact for > enabling this? Is it a big problem now-days? I tried it once. The client will ask it's user for a usable certificate. > And can you somehow explicitly set this to

Re: Postfix and problem with Cyrus-SASL with unusual path to plugins

On Tue, Aug 05, 2014 at 11:25:44AM +0400, Sergey wrote: > I need to build SASL with unusual path to plugins. Its "configure" > script contains --with-plugindir option and it works. However, > Postfix does not works with this directory. The error: This is no Postfix problem. And it clearly works so

Re: bounce processing

On Fri, Sep 05, 2008 at 01:39:41PM +0200, mouss wrote: > - try to parse your postfix logs for invalid addresses. > This way, you can ignore bounces Why do you want to pull data you normally get pushed free house? Bastian -- We Klingons believe as you do -- the sick should die. Only the strong

Re: Re[4]: How to run patch file making correction

On Wed, Nov 05, 2008 at 11:42:16PM +0800, Stephen Liu wrote: > # imtest -a cyrus -m LOGIN localhost > imtest: /usr/local/lib/libsasl2.so.2: no version information available > (required by imtest) Don't override system libraries, ever, if you don't know how to do this properly. You just lost your w

Re: long_queue_ids

On Thu, May 27, 2021 at 11:50:14PM -0400, post...@ptld.com wrote: > Is it possible for two different servers to have a same long_queue_ids ? > Are the long queue ID's unique to the world or only unique to that postfix > instance? Queue ID are only unique to a single Postfix instance. Why do you t

Re: long_queue_ids

On Thu, May 27, 2021 at 11:31:15AM -0400, post...@ptld.com wrote: > Any other tips for parsing logs for queue ID? Only contain alphanumeric characters, at least 11 characters long. Bastian -- You're too beautiful to ignore. Too much woman. -- Kirk to Yeoman Rand, "The Enemy Wit

Re: postscreen appears to be misinterpreting zen.spamhaus.org's error return codes

On Sat, May 29, 2021 at 11:55:02AM -0400, Timo Geusch wrote: > On 5/29/21 11:03 AM, Wietse Venema wrote: > > Timo Geusch: > > > Based on zen.spamhaus.org's documentation 127.255.255.25[245] are > > > actually error codes and not indicators of allow/denylisting - in this > > > case, their error is t

Re: Mail not being sent to file

On Wed, Jun 16, 2021 at 05:59:16PM -0700, Jeremiah Rothschild wrote: > To triple check my sanity, I created a brand new VM and confirmed the > behavior. > So anyone should be able to easily reproduce this. > > * Fresh CentOS 8.4 install > * Choose "Minimal" base environment > * Defaults for everyt

Re: Unable to connect to IMAP - Exceeded Maximum Number of Connections

On Wed, Jun 23, 2021 at 10:36:49AM +0100, Adam Weremczuk wrote: > "Unable to connect to your IMAP server. > You may have exceeded the maximum number of connections to this server. > If so use the Advanced IMAP Server Settings dialog to reduce the number of > cached connections." Postfix does not s

Re: Skipping SPF checks

On Wed, Jun 30, 2021 at 10:31:08AM +0300, Dima Veselov wrote: > As I understand my rules does not allow any message skip SPF check: > smtpd_recipient_restrictions = > permit_sasl_authenticated > permit_mynetworks > Is there any circumstances that can make postfix skip SPF? I see two permi

Re: smtp_tls*_protocols and !TLSv1

On Fri, Jul 02, 2021 at 03:14:58PM +0200, Marek Kozlowski wrote: > It looks like '!TLSv1' is seen as something like > "!TLSv1.x" ("no TLS 1.x at all") rather than "!TLSv1.0". Yes it is a stupid > supposition but I cannot think of any other explanation. Is it possible? No, !TLSv

Re: Conditional milter_header_checks?

On Wed, Jul 14, 2021 at 05:43:57PM +1000, raf wrote: > Here's a (silly) thing that wrong with DMARC: :-) > I've sent two messages to this mailing list so far, and > I've received 52 DMARC forensic/failure report emails > as a result! :-) Your mails are not DKIM signed, so of course they will fail.

Re: Best current practice to analyze brute force login attempts?

On Sun, Aug 01, 2021 at 04:51:36PM +1000, raf wrote: > With only ports 25 and 465 open, the Mail app on an > iphone will auto-configure itself to use port 25. It > would use port 587/STARTTLS if that were open, but > sadly, it ignores 465/TLS). The iphone can be coerced > into connecting to port 46

Re: Rewrite 'Message-Id' to "Message-ID"

Hi On Mon, Aug 23, 2021 at 08:31:39AM +0200, rud...@padaru.de wrote: > recently we have noticed, that our postfix add a lowercase ‚d‘ when he > append value missing Headers, concrete i mean to the mail by the Message-Id > value. Is there a simple and less error way to change this behavior? So tha

Re: delete from hold queue

On Thu, Oct 28, 2021 at 10:39:52AM +0200, richard lucassen wrote: > Anyone here who wrote a shell script that deletes messages older than X > days from the hold queue? Why do you have _any_ messages in the hold queue? Don't do that! Bastian -- You're too beautiful to ignore. Too much woman.

Re: FYI SMTP/25 security (was: "Correct" way to override cipher list?)

On Sat, Oct 30, 2021 at 06:57:41PM +0200, Matus UHLAR - fantomas wrote: > unfortunately, security bureau in Slovakia started scanning gov. agencies > and we already received requests to close those on smtp/25. And do they actually have anything to say? Just disable cleartext then. Bastian -- O

Re: SMTPUTF8 is required...

On Thu, Dec 09, 2021 at 10:25:40AM -0300, Daniel Armando Rodriguez wrote: > This error came up: "SMTPUTF8 is required, but was not offered by host..." > Error appeared again, so. What else can I do? Please follow the documentation: http://www.postfix.org/DEBUG_README.html#mail Bastian -- You're

Re: Accepting expired client certificate

Hi On Thu, Feb 03, 2022 at 08:24:07AM -0500, Martin Hicks wrote: > There is an smtp server that is trying to send e-mail to my > domain, but with an expired certificate: > Feb 2 11:20:52 darwin postfix/smtpd[9181]: warning: TLS library problem: > error:14094415:SSL routines:ssl3_read_bytes:sslv3

Re: Postmulti not binding instances to aliased IPs

On Wed, Feb 09, 2022 at 12:45:21PM +0530, Nitin N wrote: > I checked out master_service_disable at here > but I am a > bit uncertain of how I should use it. Well. Did you understand what it does? > So here is the output of postmulti

Re: header_check PREPEND option different behavior in hotmail and gmail

Hi name less On Tue, Feb 08, 2022 at 05:25:54PM -0300, SysAdmin EM wrote: > I use the header_checks file to insert a data in the Reply-To header but > depending on the provider it is added incorrectly. Don't, just don't. This is up to the mail client, not you. Bastian -- It would seem that ev

Re: Preserve milter_mail_macros

Hi Michael On Wed, Feb 09, 2022 at 09:07:41PM +1300, Michael Hallager wrote: > I can not find a way to scale Amavis to ISP level with multiple client > domains because it appears to only support hard coded values. "hard coded values"? > Have you found a good option? Yes, we do DKIM signing with

Re: Preserve milter_mail_macros

Hi Michael On Wed, Feb 09, 2022 at 08:54:34PM +1300, Michael Hallager wrote: > Is there a way to preserve milter_mail_macros? You need to set the Postfix setting in the config of the instance after Amavis. Please follow https://www.postfix.org/DEBUG_README.html#mail. Bastian -- Lots of people

Re: Trying to understand this DNSBL blocking issue

On Fri, Mar 04, 2022 at 06:58:33PM +0100, Gerben Wierda wrote: > Feb 27 06:02:19 mail postfix/dnsblog[46930]: addr 113.197.35.193 listed by > domain zen.spamhaus.org as 127.255.255.254 > The 254 response means: the query comes form an open resolver so we’re not > going to reply properly. The mail

Re: Q: configuring Postfix as a front for Exchange 365

On Tue, Mar 22, 2022 at 08:38:39AM +0100, Arrigo Triulzi wrote: > I was hoping to be able to use a transport re-write but if I set it up it is > ignored because of the virtual domain settings. Please show real configs. > Does anyone have any recommendations on how to go about with this? Well.

Re: Transport_regexp permission denied - I don't see why...

On Sun, Mar 27, 2022 at 01:04:07AM -0700, Roger Klorese wrote: > [root@divine etc]# ls -ld /home > drwxr-xr-x. 4 root root 33 Mar 25 23:56 /home ^ You have SELinux enabled. > [root@divine etc]# ls -ld /home/sympa > drwxr-x--x. 14 sympa sympa 4096 Mar 26 14:45 /home/sympa You don't wa

  1   2   3   >