mynetworks hash issue

ystem with postfix mail is sent without issue however sending it from my desktop through that relay server with the noted command it is failing with connection rejected which is why I believe the mynetworks parameter is the issue. All help and suggestions are appreciated. Thanks Blake mynetwork

Re: mynetworks hash issue

s server as such should prevent it from being an open relay. I am also implemented no inbound SMTP in our firewall for the NAT address. Thanks again for your help, it is appreciated. On Mon, Oct 7, 2013 at 9:24 AM, Viktor Dukhovni wrote: > On Mon, Oct 07, 2013 at 09:12:41AM -0600, Blake

Specify relay for single domain

next week before this change is made. For the short term I would like to explicitly forward that one domain instead of setting the relay server to send all mail one direction. Thanks, Blake

Relay Restrictions > Check_recipient_Access

Greetings, I have a postfix server which is running great and would like to clean up a few items. Due to systems outside of my control I am unable to remove invalid recipient addresses which are known to be bad. I wish threatening the owners of the systems worked but I wish to remain employ

Re: Relay Restrictions > Check_recipient_Access

ously stated I would drop the machines in question which are responsible for the bad messages but was told there are some valid messages getting through and being that we no longer have support on the systems I had to fix the issue at the relay server. Thanks again, Blake On 03/10

Re: Relay Restrictions > Check_recipient_Access

rver level but some of those applications are old, out of support or the admin is lazy. I felt this was my best option to cut the number of messages which are bounced If there is a better method I am still open to it but this seems to be working effectively. Blake On 03/11/2014 01:07

SMTP Server reply message: 220

Greetings, I have a remote site with a postfix instance which has a few systems that are receiving the following error. Unfortunately I have been unable to identify the cause and see no reason the system would be having the issue. Sending machine Error An Error occurred trying to test SMTP

Re: SMTP Server reply message: 220

machines in the same subnet which are able to send without issue. Thanks, Blake On 05/12/2014 11:05 AM, Paul C wrote: What's the error? 220 is a successful response to the greeting and 250 is success for the helo command. The only I see that could cause issue is you are using an intern

Re: Illegal mix of collations error

startup command for something similar to 'default-character-set=utf8'. If you find this, I would suggest reverting to the previous setting (likely commented out or missing altogether). --Blake

Re: Header Time

ts likely interpret this as UTC time and display accordingly. If your device send email for the correct time zone, set the clock as UTC on the device. -Blake

Re: postfix and amavisd-new on CentOS

ecified in your receive_override_options --Blake Original Message Subject: Re: postfix and amavisd-new on CentOS From: Dave To: 'postfix users list' Date: Thursday, August 06, 2009 8:47:59 PM Hi, Thanks for your reply. I have solved the prob

Re: thunderbird 3.0, cram-md5 failing

d may continue to try and authenticate using the now unsupported mech. I've seen this silly behavior after making account server/port settings changes. This would explain point #1 above. --Blake

Re: thunderbird 3.0, cram-md5 failing

nsupported mech. I've seen this silly oh... i think i didn't restart j. behavior after making account server/port settings changes. This would explain point #1 above. --Blake

Re: safe way to retire postfix gateway

mment out the SMTPd line(s) in master.cf (or apply a firewall rule stopping incoming connections to port 25) and let postfix drain the queues gradually. --Blake

Re: safe way to retire postfix gateway

What about adding this to main.cf?: inet_interfaces = loopback-only I believe that that would work as well. Basically, the idea is to cut off outside access to postfix so that new messages don't get in the queue. Simultaneously, postfix is attempting to empty the queue as normal. Eventu

Re: rate limiting spammers who have guessed passwords and use squirrelmail to inject into postfix

Larry Vaden wrote: > Larry Vaden texoma.net> writes: >> What are the URLs which describe BCP for this situation? >> >> THANKS for your response(s). >> >> kind regards/ldv > I note Ralf encountered a very similar problem (see > < limiting--td20671270.html>>), but he

Re: Another open source anti spam framework

und server where sender addresses are verified, perhaps via SMTP auth. Definitely bad for incoming mail where senders can be spoofed (or any other setup where sender addresses are not 100% verified) and backscatter would likely result. It might be nice to also have an option to REJECT, so that this tool could be used as a pre-queue content filter - aka proxy_filter. --Blake

smtpd_restriction_classes

trictive --- When processing jane's email, the restrictive class would be checked. When the checking of the restrictive class is finished, is there an implicit permit? or is processing returned to the smtpd_recipient_restrictions flow until a permit or reject is reached? Thanks, --Blake

reject_unknown_reverse_client_hostname RFC basis?

/ehlo requirements. Is there, in fact, any requirement for sending hosts to have a valid rDNS entry? Thanks, --Blake

Does this IP have reverse DNS?

PTR record and as such does not have proper rDNS. Other tools (including older versions of bind) might say otherwise; What do you say? --Blake* *

Re: Does this IP have reverse DNS?

KSB wrote the following on 3/4/2013 12:13 PM: On 2013.03.04. 20:06, Blake Hudson wrote: Just hoping to get a consensus on this. Postfix is stating that a host (in fact several hosts from the same ISP) does not have rDNS, because our DNS (Bind 9.8) returns SERVFAIL when looking up a PTR record

Re: Does this IP have reverse DNS?

Pau Amma wrote the following on 3/4/2013 12:40 PM: On Mon, March 4, 2013 6:31 pm, Blake Hudson wrote: OK, so we ask for a PTR on 212.0.171.63.in-addr.arpa and instead receive a CNAME (with additional). Did anyone notice that the CNAME does not resolve? Does for me. *shrug* $ dig +noall

Re: Does this IP have reverse DNS?

Robert Schetterer wrote the following on 3/4/2013 12:37 PM: Am 04.03.2013 19:31, schrieb Blake Hudson: OK, so we ask for a PTR on 212.0.171.63.in-addr.arpa and instead receive a CNAME (with additional). Did anyone notice that the CNAME does not resolve? yeah ,my dns cache didnt resolved it

Re: Does this IP have reverse DNS?

/dev/rob0 wrote the following on 3/4/2013 12:56 PM: On Mon, Mar 04, 2013 at 12:31:08PM -0600, Blake Hudson wrote: KSB wrote the following on 3/4/2013 12:13 PM: On 2013.03.04. 20:06, Blake Hudson wrote: Just hoping to get a consensus on this. Postfix is stating that a host (in fact several

Re: Does this IP have reverse DNS?

Robert Schetterer wrote the following on 3/4/2013 1:08 PM: Am 04.03.2013 19:46, schrieb Blake Hudson: Robert Schetterer wrote the following on 3/4/2013 12:37 PM: Am 04.03.2013 19:31, schrieb Blake Hudson: OK, so we ask for a PTR on 212.0.171.63.in-addr.arpa and instead receive a CNAME (with

Re: mynetworks hash issue

I tried that method verbatium without success, postfix is able to start without issue however it continues to reject the machines I am using to test access and denied access. Your recomendation I beleive assigns the path and file designation to the variable cidr when then continues to the next

postfix reports no rDNS on a host with many PTR records

9.229]; from= to= proto=ESMTP helo= The crux is that this host does have (an abundance of) rDNS: [blake@twinc ~]# host 216.163.249.229 ;; Truncated, retrying in TCP mode. 229.249.163.216.in-addr.arpa domain name pointer ms2.dmmetlife.com. 229.249.163.216.in-addr.arpa domain name pointe

Re: postfix reports no rDNS on a host with many PTR records

Jeroen Geilman wrote the following on 10/14/2013 7:05 PM: On 10/14/2013 08:41 PM, Blake Hudson wrote: I'm seeing the following errors when a prominent North American life insurance vendor attempts to send me email. Oct 14 12:57:07 twinc postfix/smtpd[12194]: NOQUEUE: reject: RCPT

Re: postfix reports no rDNS on a host with many PTR records

ms1.metlifee401k.com. 229.249.163.216.in-addr.arpa domain name pointer ms2.fieldpayrollmetlife.com. 229.249.163.216.in-addr.arpa domain name pointer ms.nefannuity.com. ... --Blake

Re: postfix reports no rDNS on a host with many PTR records

Peter wrote the following on 10/16/2013 5:32 PM: On 10/16/2013 04:03 AM, Blake Hudson wrote: Thanks for the reminder about where to locate the test programs Wietse. I confirmed this appears to be an issue with RHEL5 (all patches applied today). The issue is resolved in RHEL6. I am running a

Re: postfix reports no rDNS on a host with many PTR records

/dev/rob0 wrote the following on 10/17/2013 12:17 PM: On Thu, Oct 17, 2013 at 12:01:39PM -0500, Blake Hudson wrote: Peter wrote the following on 10/16/2013 5:32 PM: On 10/16/2013 04:03 AM, Blake Hudson wrote: Thanks for the reminder about where to locate the test programs Wietse. I confirmed

Re: postfix reports no rDNS on a host with many PTR records

Leonardo Rodrigues wrote the following on 10/17/2013 2:04 PM: Em 17/10/13 15:09, Blake Hudson escreveu: Based on your suggestion, I did find the following bug report for glibc from 2008 (that looks like Wietse had an indirect hand in): http://sourceware.org/bugzilla/show_bug.cgi?id=5790 It

Re: postfix reports no rDNS on a host with many PTR records

Blake Hudson wrote the following on 10/18/2013 4:40 PM: Leonardo Rodrigues wrote the following on 10/17/2013 2:04 PM: Em 17/10/13 15:09, Blake Hudson escreveu: Based on your suggestion, I did find the following bug report for glibc from 2008 (that looks like Wietse had an indirect hand in

Re: Compromised Passwords

use in an automatic fashion. We typically change the password on accounts flagged for abuse and then contact the customer to inform them of the problem and recommend they take action to secure their systems and change their passwords on any other accounts that may have shared similar credentials. --Blake

How Can I Tell How Postfix Was Installed?

ut I don't know how I can tell what was used to install the currently used set up. (also asking on the Dovecot list) Thanks Blake

Re: How Can I Tell How Postfix Was Installed?

Thanks Wietse, On Tue, Aug 19, 2008 at 1:29 PM, Wietse Venema <[EMAIL PROTECTED]> wrote: > You can "verify" if the installed software matches the RPM package. > # rpm -qa 'postfix*' rpm -qa 'postfix*' postfix-2.3.3-2.el5.centos.mysql_pgsql postfix-pflogsumm-2.3.3-2 > # rpm --verify name-of-packa

Re: How Can I Tell How Postfix Was Installed?

Thanks Barney, I guess I'm still stuck. What I'm most worried about is if I don't do the upgrade properly. If I do an RPM upgrade and it was originally installed via source will that hurt? I've never run into this problem before and I'm not sure I understand what will happen if I do that upgrade w

Re: How Can I Tell How Postfix Was Installed?

fix-2.3.3-2.el5.centos.mysql_pgsql postfix-pflogsumm-2.3.3-2 On Tue, Aug 19, 2008 at 1:20 PM, Blake Carver <[EMAIL PROTECTED]> wrote: > I'm trying to help someone with Postfix, and it looks like this one is > a few versions behind. They say that they're not sure if it was > isntalled Via

Re: Bounce mails manually

On 1/16/2020 6:06 AM, Wietse Venema wrote: Viktor Dukhovni: Therefore, if this were to be made possible, the right mechanism would be to to somehow expedite message expiration, with normal processing on message expiration happening earlier than it would otherwise. I have a list of alternatives.

Re: Mitigating DROWN

Viktor Dukhovni wrote on 3/1/2016 11:16 AM: # Suggested, not strictly needed: # smtpd_tls_exclude_ciphers = EXPORT, LOW, MD5, SEED, IDEA, RC2 smtp_tls_exclude_ciphers = EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2 I noticed your exclude

Re: postfix drown attack migation on version 2.3 (rhel5)?

Eero Volotinen wrote on 3/3/2016 1:12 AM: Hi, Can some one give working migation intructions for postfix 2.3 (postfix-2.3.3-7.el5) many of instructions are not working correctly on so old version. (as settings are not supported) thanks, -- Eero Eero, I believe you simply need to apply the

Re: Mitigating DROWN

Viktor Dukhovni wrote on 3/10/2016 11:57 AM: On Thu, Mar 10, 2016 at 05:22:22AM -0700, @lbutlr wrote: smtpd_tls_exclude_ciphers = EXPORT, LOW, MD5, SEED, IDEA, RC2 smtp_tls_exclude_ciphers = EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2 With opportunis

Re: Problems with IPv6

ia IP4 until such time as IP6 performs more reliably or offers other advantages over IP4. I expect some applications will benefit more while others less; MX handling would be on the 'less' end of the spectrum. --Blake

Re: Problems with IPv6 - spin-off question

IP6 if one wanted to implement different policies for each protocol? Personally, I want to have parity between IP4 and IP6, not additional differences that are going to increase troubleshooting. --Blake

Re: Building and testing a parallel replacement server

ver B. Use tools like smtptest (part of Cyrus), telnet, and the email clients popular with your user base to send email from on and off network to verify functionality of incoming email, outgoing email, and authentication on Server B. --Blake Bernard T. Higonnet wrote on 10/26/2016 3:39 AM: I wa

Re: Forwarding mail to hotmail.com

HEN: Thu Oct 02 10:50:34 CDT 2014 ;; MSG SIZE rcvd: 105 --blake

Re: Update to recommended TLS settings

Thank you Viktor.

Re: re-route mails on demand during block of ip address

The majority of blacklists work on the individual host level (IPv4 /32 or IPv6 /64). If your provider's entire /22 is being listed by public blacklists then I suspect you either have a very disreputable provider or the provider has indicated that the /22 is intended for use by residential/dynam

Re: best practice lookup table perormance - non hashed file

Matus UHLAR - fantomas wrote on 6/25/2019 6:34 AM: On 24.06.19 21:42, Stefan Bauer wrote: we're publishing lookup tables through our control git repo but hashing all tables before commiting them to git is cumbersome. What do you recommend? ... Whate do you recommend? you can try rbldnsd

Re: Disabling TLS 1.0/1.1, is it advisable?

er to server connections, I agree with the sentiments of others on this thread and think disabling TLS1.0/1.1 is a bit premature at this time for most organizations. --Blake Bryan K. Walton wrote on 11/6/2019 8:54 AM: Apple, Google, Microsoft, and Mozilla have all announced that they wi