I have a machine running postfix that is required to relay mail
through my ISP's mail server. When I try to send mail, I get this error:
550 [PERMFAIL] destination not valid within DNS (in reply to RCPT TO
command)
Can someone explain what this error means? If I use 'telnet' to send
the R
this server or because something is wrong on the initiating server?
Both are using CACert as their signing authority.
Thanks.
Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA 30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678
:00:37AM -0500, Dennis Putnam wrote:
>
>> I am using CACert as my signing authority. I have included their root
>> certificate in my main.cf:
>>
>> smtpd_tls_CAfile = /etc/postfix/ssl/root.crt
>
> This is for verifying client certificates when clients connect
>
g that requires trusted
certificates? I want to enforce TLS but I don't care what certificate the
receiver uses. Thanks.
Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA 30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666
Hi Chris,
Thanks for the reply. Please see embedded comments.
On Jan 11, 2010, at 11:11 AM, Christoph Anton Mitterer wrote:
> On Mon, 2010-01-11 at 11:04 -0500, Dennis Putnam wrote:
>> I want to enforce TLS but I don't care what certificate the receiver
>> uses. Thanks.
&
pt' forces everything to be TLS and
that will not work. I need it to work as I previously described.
On Jan 11, 2010, at 11:27 AM, Dennis Putnam wrote:
> Hi Chris,
>
> Thanks for the reply. Please see embedded comments.
>
> On Jan 11, 2010, at 11:11 AM, Christoph Anton Mittere
w can be a hash and should look like:
[somedomain.com] encrypt
Is that correct? I guessing the old 'MUST' is being interpreted as 'secure' in
this version.
On Jan 11, 2010, at 12:02 PM, Noel Jones wrote:
> On 1/11/2010 10:38 AM, Dennis Putnam wrote:
>> Upon further
ry:
nnn.nnn.nnn.0 OK
However, hosts from that network still are being rejected because
there is no reverse DNS. What am I doing wrong? Thanks.
Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA 30009
Phone: 678-240-4112
Main Phone: 678-297
Can someone tell me what might get going on here? I am running version
2.1.5 so perhaps that is part of the problem.
Thanks.
Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA 30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FA
Thanks or the reply. That sucks. Is there a way around this, short of
turning that off or whitelisting?
On Oct 27, 2009, at 11:34 AM, Wietse Venema wrote:
Dennis Putnam:
I have my Postfix configured to require proper DNS resolution in both
directions. However, I have a situation that is
That is not much different than whitelisting, right? I still have to
maintain a list of permitted networks, do I not?
On Oct 27, 2009, at 1:24 PM, Victor Duchovni wrote:
On Tue, Oct 27, 2009 at 01:14:05PM -0400, Dennis Putnam wrote:
Thanks or the reply. That sucks. Is there a way around
, etc.)? Also, how do I set the default to be
reject? My best hope for approval is to only need to add exceptions.
Thanks.
On Oct 27, 2009, at 1:24 PM, Victor Duchovni wrote:
On Tue, Oct 27, 2009 at 01:14:05PM -0400, Dennis Putnam wrote:
Thanks or the reply. That sucks. Is there a way around
, Wietse Venema wrote:
Dennis Putnam:
It is beginning to appear this is my only alternative. However,
maintaining a whilelist will require some special approvals by our
security auditors. In any case, assuming I can get approval, is the
syntax for this the same as the other hash files (ie. IP
immediate problem until then.
It has been mentioned but as I said, that is out of my hands while
this problem is not.
Thanks.
On Oct 28, 2009, at 11:27 AM, Stan Hoeppner wrote:
Dennis Putnam put forth on 10/28/2009 8:57 AM:
Thanks for the reply. It appears this is not supported with my
version
at 12:00 PM, Eero Volotinen wrote:
Dennis Putnam kirjoitti:
Yes. However, that is the version Apple provides with OS X 10.4. OS
X 10.6, which has the latest version of Postfix, will not run on
PPC servers so we are in the process of acquiring Intel servers
(dictated by budget issues beyo
he same as reject_unknown_client unless the IP or network
is listed in the cdir file with OK before the above entry. What do I
have wrong?
Thanks.
On Oct 29, 2009, at 7:52 AM, d.h...@yournetplus.com wrote:
Quoting ram :
On Wed, 2009-10-28 at 08:45 +1100, Phillip Smith wrote:
2009/10/28 Dennis Putnam
Thanks. I owe you one. That seems to have fixed it.
On Oct 29, 2009, at 2:41 PM, Victor Duchovni wrote:
On Thu, Oct 29, 2009 at 02:35:56PM -0400, Dennis Putnam wrote:
That is a relief when I get to the new version.
In the mean time I am still having trouble with the workaround. My
config
nks.
Can someone explain if this can work and if, so how. If not, what do users do
in that case?
Thanks.
Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA 30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666 or 770
the forward_path is on the mail server. If that is the case,
from the users' perspective, how do they handle forwarding?
On Nov 25, 2009, at 11:37 AM, Wietse Venema wrote:
> Dennis Putnam:
>> I'm not sure if this is the right forum for this question but I don't know
th be set to a mounted filesystem that contains the user home
directories? If no mount, how does the user create/maintain the .forward file
in that alternate location?
On Nov 25, 2009, at 11:42 AM, Victor Duchovni wrote:
> On Wed, Nov 25, 2009 at 11:27:18AM -0500, Dennis Putnam wrote:
>
>
PM, Victor Duchovni wrote:
> On Wed, Nov 25, 2009 at 11:56:41AM -0500, Dennis Putnam wrote:
>
>> Thanks, that clears up a few things. It appears that this applies to
>> individual users via the $name parameter.
>
> There is no "$name" parameter. That is a generic pl
I am trying to upgrade to Postfix 2.5.5 and am having a problem with GSSAPI
authentication. When I try to send mail, I get this error in the log:
warning: SASL authentication failure: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (Key table entry not found)
Thi
;t see where to specify a path for it.Thanks.On Dec 14, 2009, at 1:17 PM, Victor Duchovni wrote:On Mon, Dec 14, 2009 at 08:54:32AM -0500, Dennis Putnam wrote:I am trying to upgrade to Postfix 2.5.5 and am having a problem with GSSAPI authentication. When I try to send mail, I get this error in the lo
Hi Viktor,On Dec 14, 2009, at 2:10 PM, Victor Duchovni wrote:On Mon, Dec 14, 2009 at 01:55:07PM -0500, Dennis Putnam wrote:You are correct, it was indeed SMTP.Which "SMTP"? The server "smtpd" (as I surmised) or the client "smtp"?Sorry. Server.I thought about that but
should be to fix it.
Can someone help me out? Thanks.
Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA 30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666 or 770-576-1000
The information contained in this e-mail an
| Abteilung Netzwerk
> Charité - Universitätsmedizin Berlin
> Campus Benjamin Franklin
> Hindenburgdamm 30 | D-12203 Berlin
> Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
> ralf.hildebra...@charite.de | http://www.charite.de
>
Dennis Putnam
Sr. IT Systems Adminis
> On 12/29/2009 7:43 AM, Dennis Putnam wrote:
>> I'm trying to set up TLS on Postfix 2.5.5 and 'tlsmgr' keeps getting a
>> fatal error on this statement:
>>
>> tls_random_source = dev:/dev/urandom
>>
>> It seems to work when I comment it out but
this warning in the log for incoming TLS
connections:
postfix/tlsmgr[67966]: warning: no entropy source specified with parameter
tls_random_source
I don't know if that is something I need to worry about or not.
On Dec 29, 2009, at 10:54 AM, Wietse Venema wrote:
> Dennis Putnam:
>> Hi
My ISP has recently changed my mail server so that I am forced to use
authentication. I am using SASL with a hash file. That all seems to be
working. However, I am unable to send mail because for some reason
postfix is not sending a MAIL FROM command. The relevant sequence of
messages I get fro
a certain
from domain ( ie;
http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps)...
That's what the first line suggests to me..
Il 02/02/2012 15.34, Dennis Putnam ha scritto:
My ISP has recently changed my mail server so that I am forced to use
authentication. I am using S
But your link appears to be for mail clients. I'm not using a mail
client other than sendmail. The from addresses already match AT&T
mailbox names. Perhaps I am missing what the MAIL FROM is really
supposed to be.
On 02/02/2012 10:16 AM, Wietse Venema wrote:
Dennis Putnam:
Tha
ipt can be configured to authenticate based on the from user
(maybe it can but I don't see how). Anyway, I think AT&T provides a
means of adding verified users so one user can send messages on behalf
of subaccounts.
On 02/02/2012 10:39 AM, Reindl Harald wrote:
Am 02.02.2012 16:36, sc
I have recently migrated from Mandriva to CentOS and am have the return
of an old problem. My ISP requires that I go through their reply to send
mail. That is all working with the exception of the generated from
address. They require that I have a valid FDQN in the from response.
This was all w
/2012 08:51 PM, Wietse Venema wrote:
Dennis Putnam:
[ Charset ISO-8859-1 unsupported, converting... ]
I have recently migrated from Mandriva to CentOS and am have the return
of an old problem. My ISP requires that I go through their reply to send
mail. That is all working with the exception o
hash to work.
As for the entry(s) in generic I guess I was really asking of it
accepted wildcards of a sort. For example, would this do what I want?
@localdomain.com @ispdomain.com
Thanks.
On 05/10/2012 08:22 AM, Wietse Venema wrote:
Dennis Putnam:
Hi Wietse,
That was the missing piece that
Hi Wietse,
Sorry, I am properly chastised. I simply did not see that link in the
comments.
On 05/10/2012 08:45 AM, Wietse Venema wrote:
Dennis Putnam:
Hi Wietse,
Sorry for not being clear but I was not asking what those parameters
should be but rather if they even need to be specified. I
I am running some mailman mailing lists and due to issues with my ISP's
SMTP server I need to use alternate mail relays. I need to configure
postfix to use a relay, with authentication, based on the local
originating address rather than the destination. Is this possible and
can someone point me in
Exactly what I was looking for. I never would have thought used 'sasl
sender' in a search engine. Thanks.
On 3/2/2013 8:05 AM, Wietse Venema wrote:
> Dennis Putnam:
>> I am running some mailman mailing lists and due to issues with my ISP's
>> SMTP server I need t
I'm trying to set up smtp_sender_dependent_authentication and am having
trouble. Here are the relevant main.cf directives:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_generic_maps = hash:/etc/postfix/generic
alias_database
Thanks for the reply. I found the problem but the debug was no help. I
had a typo in the password file. Why did debug level 2 not indicate an
authentication failure?
On 3/30/2013 7:16 AM, Reindl Harald wrote:
>
> Am 30.03.2013 12:10, schrieb Dennis Putnam:
>> I'm
On 3/30/2013 11:39 AM, Reindl Harald wrote:
> do NOT top-post
>
> Am 30.03.2013 16:34, schrieb Dennis Putnam:
>> On 3/30/2013 7:16 AM, Reindl Harald wrote:
>>> Am 30.03.2013 12:10, schrieb Dennis Putnam:
>>>> I'm trying to set up smtp_sender_dependent_
I think I have everything set up correctly now but when I send a message
from the sender in question, something is hanging and there is no debug
output in the log. Here are the running processes:
root 6353 0.0 0.2 12488 2444 ?Ss 07:16 0:00
/usr/libexec/postfix/master
postfix
On 3/30/2013 11:46 AM, Reindl Harald wrote:
>
> Am 30.03.2013 16:42, schrieb Dennis Putnam:
>> On 3/30/2013 11:39 AM, Reindl Harald wrote:
>>> do NOT top-post
>>>
>>> Am 30.03.2013 16:34, schrieb Dennis Putnam:
>>>> On 3/30/2013 7:16 AM, Rein
Here's 2 (the ones I use the most) where bottom posting gets complaints.
rusht...@csdco.com
cufsalumni-l...@bellsouth.com
On 3/30/2013 11:59 AM, Reindl Harald wrote:
>
> Am 30.03.2013 16:54, schrieb Dennis Putnam:
>> On 3/30/2013 11:46 AM, Reindl Harald wrote:
>>>>&g
On 3/30/2013 12:17 PM, /dev/rob0 wrote:
> On Sat, Mar 30, 2013 at 11:52:55AM -0400, Dennis Putnam wrote:
>> I think I have everything set up correctly now but when I send a
>> message from the sender in question, something is hanging and there
> What exactly is not working
On 3/30/2013 2:07 PM, Gerald Vogt wrote:
> On 30.03.13 18:34, Dennis Putnam wrote:
>> On 3/30/2013 12:17 PM, /dev/rob0 wrote:
>>> I don't know what the actual problem is. Show us.
>>>
>>> http://www.postfix.org/DEBUG_README.html#mail
>> Thanks fo
On 3/30/2013 4:08 PM, Reindl Harald wrote:
>
> Am 30.03.2013 19:28, schrieb Dennis Putnam:
>> On 3/30/2013 2:07 PM, Gerald Vogt wrote:
>>> Sorry, but maybe you should not try to configure a mail server/relay for
>>> the internet if you have trouble understanding thi
On 3/30/2013 6:48 PM, Reindl Harald wrote:
>
> Am 30.03.2013 23:30, schrieb Dennis Putnam:
>>> so come back with output of "postconf -n" and the both config
>>> files for "smtp_sender_dependent_authentication" replaced only
>>> the username and
My authentication has recently stopped working (at least it appears to
me there is no attempt to authenticate). The problem appears to be that
the sasl parameters are being ignored. The following is in my main.cf.
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
On 1/28/2014 9:44 PM, Viktor Dukhovni wrote:
> On Tue, Jan 28, 2014 at 09:15:02PM -0500, Dennis Putnam wrote:
>
>> The following is in my main.cf.
>>
>> smtp_sasl_auth_enable = yes
>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>> smtp_sasl_security
On 1/29/2014 8:49 AM, Dennis Putnam wrote:
> On 1/28/2014 9:44 PM, Viktor Dukhovni wrote:
>> On Tue, Jan 28, 2014 at 09:15:02PM -0500, Dennis Putnam wrote:
>>
>>> The following is in my main.cf.
>>>
>>> smtp_sasl_auth_enable = yes
>>> smtp
On 1/29/2014 9:35 AM, Dennis Putnam wrote:
> On 1/29/2014 8:49 AM, Dennis Putnam wrote:
>> On 1/28/2014 9:44 PM, Viktor Dukhovni wrote:
>>> On Tue, Jan 28, 2014 at 09:15:02PM -0500, Dennis Putnam wrote:
>>>
>>>> The following is in my main.cf
On 1/29/2014 4:22 PM, li...@rhsoft.net wrote:
>
> Am 29.01.2014 22:14, schrieb Dennis Putnam:
>> I have made yet another discovery. Perhaps this is the problem. When the
>> EHLO command is send, should there not be the line:
> to the destination server i assume
>
>>
On 1/29/2014 4:55 PM, Viktor Dukhovni wrote:
> On Wed, Jan 29, 2014 at 04:14:16PM -0500, Dennis Putnam wrote:
>
>> I have made yet another discovery. Perhaps this is the problem. When the
>> EHLO command is send, should there not be the line:
>>
>> 250-AUTH LOGIN
On 1/29/2014 6:22 PM, Viktor Dukhovni wrote:
> On Wed, Jan 29, 2014 at 05:58:15PM -0500, Dennis Putnam wrote:
>
>> TLS is indeed set via
>>
>> $ postconf -n smtp_tls_policy_maps
>> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
>>
>> The entry in tha
On 1/29/2014 7:41 PM, Viktor Dukhovni wrote:
> On Wed, Jan 29, 2014 at 07:14:34PM -0500, Dennis Putnam wrote:
>
>> Thanks again for the reply but no joy. I have been using port 587 for a
>> couple of years until this recent problem. The only difference is I had
>> my
On 1/29/2014 9:17 PM, Viktor Dukhovni wrote:
> On Wed, Jan 29, 2014 at 08:20:44PM -0500, Dennis Putnam wrote:
>
>>> The only other thing that comes to mind is that your "upgrade" may
>>> have installed a version of Postfix with no TLS support. Then none
>&g
On 1/29/2014 9:42 PM, Wietse Venema wrote:
> Viktor Dukhovni:
>> On Wed, Jan 29, 2014 at 08:20:44PM -0500, Dennis Putnam wrote:
>>
>>>> The only other thing that comes to mind is that your "upgrade" may
>>>> have installed a version of Postfix with
On 1/29/2014 10:32 PM, Viktor Dukhovni wrote:
> On Wed, Jan 29, 2014 at 09:42:00PM -0500, Wietse Venema wrote:
>
>>> If postconf(1) is the same version of Postfix as smtp(8), then you
>>> check with "postconf smtp_tls_loglevel". This parameter is not
>>> defined when TLS support is not available.
On 1/30/2014 8:49 AM, li...@rhsoft.net wrote:
> Am 30.01.2014 14:30, schrieb Dennis Putnam:
>> On 1/29/2014 9:17 PM, Viktor Dukhovni wrote:
>>> On Wed, Jan 29, 2014 at 08:20:44PM -0500, Dennis Putnam wrote:
>>>
>>>>> The only other thing that comes to
On 1/30/2014 9:10 AM, li...@rhsoft.net wrote:
>
> Am 30.01.2014 15:00, schrieb Dennis Putnam:
>> I changed the loglevel to 1. I am not sure where or what I am supposed
>> to see but the normal maillog contained nothing different.
> lines like while connect to the destinatio
On 1/30/2014 9:34 AM, Noel Jones wrote:
>
> > I changed the level to 2. I am not seeing what you suggest but
> > there is one additional line initializing TLS engine. Here is
> > the output:
>
>
> ... useless debug output deleted
>
>
> > To repeat my previous question, is there no way to force a
>
On 1/30/2014 9:59 AM, li...@rhsoft.net wrote:
>
> Am 30.01.2014 15:51, schrieb Dennis Putnam:
>> Thanks for your patience but why wouldn't the working server also be failing
>> if TLS was indeed screwed up?
> because he does not force TLS
>
>> Here is the po
I thought I had this working at some point but it seems that my
outgoing emails are not being sent via TLS when offered (incoming is
fine). I can see the offer in the smtp log but no TLS session is
started. Did something get dropped from my main.cf?
smtpd_use_tls = yes
smtpd_tls_cert_file =
Sorry but I put the version on. It is 2.1.5.
On Dec 11, 2008, at 11:53 AM, Dennis Putnam wrote:
I thought I had this working at some point but it seems that my
outgoing emails are not being sent via TLS when offered (incoming is
fine). I can see the offer in the smtp log but no TLS session
, 2008, at 12:15 PM, Noel Jones wrote:
Dennis Putnam wrote:
Sorry but I put the version on. It is 2.1.5.
(I misspoke earlier)
Postfix TLS support in versions prior to 2.2 was provided by a third-
party patch. Support for those versions is limited; I would
strongly encourage upgrading
Thanks. You should have offered a warranty and charged for it. :) That
did it. :D
On Dec 11, 2008, at 12:35 PM, Noel Jones wrote:
Dennis Putnam wrote:
Thanks. Unfortunately, at this time upgrading is not an option
(long story) in the short term. We will be upgrading in late spring
09
Now that I have TLS working in both directions I thought it would be
interesting to see if I can get enforced TLS to work also. It seems
that the 3rd party postfix extension to version 2.1.5 supposedly
supports that possibility, contrary to my previous understanding.
I seem to have a sembla
Thanks. It was only a hope. Having opportunistic TLS working is
sufficient until we can upgrade.
On Dec 11, 2008, at 1:42 PM, Victor Duchovni wrote:
On Thu, Dec 11, 2008 at 01:28:02PM -0500, Dennis Putnam wrote:
Now that I have TLS working in both directions I thought it would be
I occasionally encounter a strange problem with the mail queue seemingly
not retrying failed messages. The messages show in mailq as having timed
out and are a few days old. In the mean time other messages are going
through just fine. As soon as I run postqueue -f those messages go
through as well.
Thanks for the reply. See embedded comments. Also note that all messages
go through the same destination server.
On 1/18/2018 2:55 PM, Viktor Dukhovni wrote:
>
>> On Jan 18, 2018, at 2:44 PM, Dennis Putnam wrote:
>>
>> I occasionally encounter a strange problem with the
Thanks again. I will do so as soon as the problem recurs.
On 1/18/2018 3:46 PM, Viktor Dukhovni wrote:
>
>> On Jan 18, 2018, at 3:26 PM, Dennis Putnam wrote:
>>
>>>> The messages show in mailq as having timed
>>>> out and are a few days
I am occasionally using a VPN connection and while that connection is
up, postfix uses the wrong NIC to try to send email. When there is no
VPN connection, postfix uses the primary NIC named enp0s25. At the same
time there is another NIC named virbr0 created an used for VirtualBox.
In any case when
7/2/2019 3:12 PM, Wietse Venema wrote:
> Dennis Putnam:
>> I am occasionally using a VPN connection and while that connection is
>> up, postfix uses the wrong NIC to try to send email. When there is no
>> VPN connection, postfix uses the primary NIC named enp0s25. At the same
>
On 7/2/2019 4:25 PM, Noel Jones wrote:
> On 7/2/2019 2:36 PM, Dennis Putnam wrote:
>> Hi Wietse,
>>
>> Thanks for the reply. The problem is not with the VM connection
>> (actually there is no VM active at this point) but rather with the VPN
>> tunnel (tun0). I
75 matches
Mail list logo
