Out of all of the things we do to restrict spam,
the only one with a steady trickle of false positives is
the host lookup not passing reverse DNS check.
The only place I've seen which publicly talks about
the reverse DNS requirement is AOL. A huge majority
of senders are correctly configured in D
Thanks for the responses and tip on reject_unknown_reverse_client_hostname
I've made the switch to that and it seems to catch many unmapped IPs.
I half suspected there was something less stringent I could go for,
and had not noticed that variant. We had only reject_unknown_client
from older Post
On Fri, Aug 20, 2010 at 8:14 AM, wrote:
> Zitat von Stan Hoeppner :
>
>
> Robert Fournerat put forth on 8/19/2010 4:46 PM:
>>
>>> Quoting Noel Jones :
>>>
>>> Same here. reject_unknown_client_hostname is too strict, but
reject_unknown_reverse_client_hostname rejects lots of obvious spamb
First, I submit my postconf -n, made anonymous, but should still be
accurate.
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
alternate_config_directories = /etc/postfix-alt
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
biff = no
bounce_queue_lifetime
Usually I prefer to work within the package management provided
by a distro, or some repository collection. It can provide timely
security updates and you can have some confidence that all
of the updates coming at once are tested to work together.
I avoided the default Postfix from Redhat years a
I suspect there is a simple explanation to this I've overlooked.
We have a problem delivering to one address @eastlink.ca
The odd thing is that the bounce is from google mail, and this Canadian ISP
does not use google mail services.
I've tested that 'host -t mx eastlnk.ca' returns the smtpin.eas
On Mon, Feb 21, 2011 at 10:01 AM, wrote:
> Zitat von D G Teed :
>
>
> I suspect there is a simple explanation to this I've overlooked.
>>
>> We have a problem delivering to one address @eastlink.ca
>>
>> The odd thing is that the bounce is from google m
Hello,
I was running the postfix release postfix-2.8-20101007
for a number of months and now I want to update to the 2.8.0 stable.
I've run into an error with make upgrade:
It ends like so:
Updating /usr/libexec/postfix/smtp...
Updating /usr/libexec/postfix/smtpd...
Updating /usr/libexec/postfi
On Tue, Feb 22, 2011 at 11:18 AM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:
> On Tue, Feb 22, 2011 at 10:36:37AM -0400, D G Teed wrote:
>
> > I was running the postfix release postfix-2.8-20101007
> > for a number of months and now I want to up
Hi,
I have postfix-2.8-20101007 working fine for all features for some time.
The problem is specific to my 2.8.0 build.
This is on Debian. I built 2.8.0. with:
make makefiles CCARGS='-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DUSE_TLS -I
/usr/include/sasl -I /usr/include -DSNAPSHOT' \
AUXLIBS='-L/usr/lo
On Tue, Feb 22, 2011 at 4:58 PM, Wietse Venema wrote:
> D G Teed:
> > Hi,
> >
> > I have postfix-2.8-20101007 working fine for all features for some time.
> > The problem is specific to my 2.8.0 build.
> >
> > This is on Debian. I built 2.8
On an outbound only SMTP service, what
is the recommended way to reject mail sent
to a particular domain? There is a domain people often
typo, and it has no MX record, so it rots for some time
before people learn it won't deliver. I'd rather that
be a reject code so they immediately fix the typo
On Tue, Sep 29, 2009 at 10:44 AM, Sahil Tandon wrote:
> On Sep 29, 2009, at 9:32 AM, D G Teed wrote:
>
>> On an outbound only SMTP service, what
>> is the recommended way to reject mail sent
>> to a particular domain? There is a domain people often
>> typo, and i
We have an smtp outbound-only service on postfix.
Users on exchange are relayed out through this.
Once in awhile someone has a typo in their domain name.
Postfix bounces it back to exchange with 450 defer
Dec 18 15:48:40 smtp postfix-internal/smtpd[21635]: NOQUEUE: reject: RCPT
from labrador2.exa
On Fri, Dec 18, 2009 at 4:41 PM, Noel Jones wrote:
> On 12/18/2009 2:14 PM, D G Teed wrote:
>
>> We have an smtp outbound-only service on postfix.
>> Users on exchange are relayed out through this.
>>
>> Once in awhile someone has a typo in their domain name.
On Fri, Dec 18, 2009 at 7:52 PM, Wietse Venema wrote:
> D G Teed:
> > So, this is an uncontrollable setting. The response from
> > host not found should be something we can configure,
> > not hardwired to defer.
>
> Postfix handles "host does not exist" as a
On Sat, Dec 19, 2009 at 10:40 AM, John Peach wrote:
> On Sat, 19 Dec 2009 04:40:02 -0400
> D G Teed wrote:
>
> [snip]
>
> >
> > Due to the hardwired default of 450, all sent mail becomes sluggish
> > on the Exchange queue as hundreds of messages are retried
&g
Today a user's account was compromised (likely phished) and their
credentials used to send email over our main outbound SMTP
with TLS and SASL auth.
When we learned of it, the PAM smtp configuration was set up to
block the user account authenticating and the account was soon disabled.
In the mean
On Thu, Mar 31, 2011 at 1:41 PM, Stan Hoeppner wrote:
> D G Teed put forth on 3/31/2011 10:21 AM:
>
> > I'd like some idea of what real world values would be useful, or
> additional
> > suggestions
> > on how to make the performance less attractive to users of co
On Thu, Mar 31, 2011 at 3:34 PM, pf at alt-ctrl-del.org wrote:
>
> "Stan Hoeppner" March 31, 2011 12:41 PM
>
> D G Teed put forth on 3/31/2011 10:21 AM:
>>
>> I'd like some idea of what real world values would be useful, or
>>> additional
>>
Occassionally I see a spamcop.net report on backscattered email.
Our MXes forward to three other servers, so we use virtual_alias_maps,
set up with a mapping for every email account, and
we set smtpd_client_restrictions = reject_unlisted_recipient
amongst other restrictions.
I'll report the smtpd
On Thu, Nov 13, 2008 at 12:05 PM, mouss <[EMAIL PROTECTED]> wrote:
> D G Teed wrote:
>
>> [snip]
>> Is there anything more I can be doing?
>>
>>
> what is your problem exactly? are you listed on spamcop?
We are not listed on spam cop. There have been a
On Thu, Nov 13, 2008 at 11:58 AM, Charles Marcus
<[EMAIL PROTECTED]>wrote:
> On 11/13/2008, D G Teed ([EMAIL PROTECTED]) wrote:
> >
> > I'll report the smtpd related details here so those who
> > want to know how it is set up can see.
>
> postconf -n outp
On Thu, Nov 13, 2008 at 2:14 PM, mouss <[EMAIL PROTECTED]> wrote:
> D G Teed wrote:
>
>>
>> What makes you believe I'm listed? I got a single report
>> of a complaint. Have you not used the spamcop
>> web interface before?
>>
>> never ever
On Fri, Nov 14, 2008 at 3:42 AM, mouss <[EMAIL PROTECTED]> wrote:
> D G Teed wrote:
>
>> I don't think we "send" NDRs as emails originating here.
>> I think we reject emails. Maybe you can tell me.
>>
>> I test emailed a bogus address at work f
On Thu, Nov 13, 2008 at 2:14 PM, mouss <[EMAIL PROTECTED]> wrote:
>
> sure, losing mail is bad. but you should reject mail during the smtp
> transaction. if your postfix is a lreay server and you can't get the
> relay_recipient_maps, then you can use reject_unverified_recipient (only for
> selecte
> Paul Cocker schrieb:
>
>>
> Definitely nothing in between, of that I'm certain.
Are there any tools which will give me more information
>>> about attempts
>>>
to connect to a port on a remote host?
>>> use tcpdump for that purpose
>>>
>>> please try
>>>
>>> $ telnet
On Fri, Nov 21, 2008 at 3:39 AM, mouss <[EMAIL PROTECTED]> wrote:
>
> if you have no domains in relay_domains, then you don't need
> relay_recipient_maps nor reject_unverified_domains.
>
> you are using a "non standard" setup in the sense that you are declaring
> the domains as virtual_alias_domai
ns.
> >
> > you are using a "non standard" setup in the sense that you are declaring
> > the domains as virtual_alias_domains when they are relay_domains.
>
> D G Teed:
> > Perhaps "non standard" but it works best for us.
>
> If you choose to use &q
On Fri, Nov 21, 2008 at 3:20 PM, mouss <[EMAIL PROTECTED]> wrote:
> D G Teed a écrit :
> > I'd like to see an example of a set up where we could use relay_domains
> > and provide the flexibility of sending to any of our inbox servers
> > within our domain, or f
ns.
> >
> > you are using a "non standard" setup in the sense that you are declaring
> > the domains as virtual_alias_domains when they are relay_domains.
>
> D G Teed:
> > Perhaps "non standard" but it works best for us.
>
> If you choose to use &q
31 matches
Mail list logo