Can postfix send encrypted but not authenticated emails ?

Hi, I have been reading the online docs for TLS_README.html and SASL_README.html but still having trouble deducing if I can get Postfix 2.6 to accept email over port 587 without giving Postfix a username and password ? My current understanding of how my server deals with mail is traffic on port

RE: Can postfix send encrypted but not authenticated emails ?

o: Postfix users Subject: Re: Can postfix send encrypted but not authenticated emails ? > On Jun 28, 2018, at 12:41 PM, Fazzina, Angelo > wrote: > > Hi, I have been reading the online docs for TLS_README.html and > SASL_README.html but still having trouble deducing if I can

RE: Can postfix send encrypted but not authenticated emails ? -- FIXED

Service Manager: Spam and Virus Prevention Mass Mailing G Suite/Gmail ang...@uconn.edu University of Connecticut,  ITS, SSG, Server Systems 860-486-9075 -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Fazzina, Angelo Sent: Thursday, June 28, 2018 3:26 PM To: Postfix

may not be appropriate question but figured what the hay... -- Dovecot

Hi, based on commands below, anyone know why i would get these errors ? Jun 29 12:05:02 mail2 dovecot: imap-login: Login: user=, method=PLAIN, rip=137.99.24.120, lip=137.99.90.68, mpid=6752, TLS Jun 29 12:05:02 mail2 dovecot: imap(cec-support-comment): Error: user cec-support-comment: Initializa

RE: may not be appropriate question but figured what the hay... -- Dovecot

: owner-postfix-us...@postfix.org On Behalf Of Fazzina, Angelo Sent: Friday, June 29, 2018 1:00 PM To: Postfix users Subject: may not be appropriate question but figured what the hay... -- Dovecot Hi, based on commands below, anyone know why i would get these errors ? Jun 29 12:05:02 mail2 dovecot

RE: Can postfix send encrypted but not authenticated emails ?

0-486-9075 -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Matus UHLAR - fantomas Sent: Friday, June 29, 2018 1:49 PM To: postfix-users@postfix.org Subject: Re: Can postfix send encrypted but not authenticated emails ? On 28.06.18 16:41, Fazzina, Angelo wrote: > Hi, I have

RE: STARTTLS / DANE difficulties?

When you test connecting to your servers yourself do you get any errors ? Not sure if sslv3 is ok to see if using TLS ??? Commands to try, just replace with your server name openssl s_client -connect mta5.uits.uconn.edu:465 openssl s_client -starttls smtp -connect mta5.uits.uconn.edu:587 openssl

RE: STARTTLS / DANE difficulties?

, Server Systems 860-486-9075 -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Fazzina, Angelo Sent: Tuesday, July 10, 2018 1:06 PM To: postfix-users@postfix.org Subject: RE: STARTTLS / DANE difficulties? When you test connecting to your servers yourself do you get

RE: new strangeness with O365 [OT] --TESTING

I'm conducting a test to see if the URL rewrite issue is better, for me anyway. Please ignore. Test = http://postfix.1071664.n5.nabble.com/new-strangeness-with-O365-td96344.html Should be http:// postfix.1071664.n5.nabble.com /new-strangeness-with-O365-td96344.html -ANGELO FAZZINA ITS Servi

RE: Open Relay on local lan

Hi, I run 2.10.1 I think this should help http://www.postfix.org/VIRTUAL_README.html maybe virtual_alias_domains = test.net test.com not sure what you would need to configure for mynetworks = http://www.postfix.org/postconf.5.html#mynetworks -ANGELO FAZZINA ITS Service Manager: Spam and Vir

Flags question in master.cf

Hi, i have this in my master file. autoreply unix - n n - - pipe flags=DFuser=nobody argv=/usr/local/bin/angelo $sender $recipient $original_recipient $user $domain everything is working as I want. Is there a flag or macro that can get me t

RE: Spamhaus blocking Spectrum IPs; rbl_override not working

Hi, they are return codes. https://www.spamhaus.org/news/article/713/changes-in-spamhaus-dbl-dnsbl-return-codes -ANGELO FAZZINA ITS Service Manager: Spam and Virus Prevention Mass Mailing G Suite/Gmail ang...@uconn.edu University of Connecticut,  ITS, SSG, Server Systems 860-486-9075 -Ori

Want to be sure i am not throttling user.

Hi, i am troubleshooting a client complaint. This user "wellness" Aug 28 10:22:27 mail5 postfix/smtpd[7534]: EE46E2FB: client=unknown[137.99.149.148], sasl_method=LOGIN, sasl_username=wellness Some user feedback : On Friday I sent a batch of 436 and it took 11 mi

RE: Want to be sure i am not throttling user.

-us...@postfix.org On Behalf Of Viktor Dukhovni Sent: Tuesday, August 28, 2018 2:39 PM To: Postfix users Subject: Re: Want to be sure i am not throttling user. > On Aug 28, 2018, at 1:47 PM, Fazzina, Angelo wrote: > > Hi, i am troubleshooting a client complaint. > This user “w

RE: Want to be sure i am not throttling user.

Hi, the client/[sender] ip 137.99.149.148 is a users desktop running Outlook, likely with a DHCP address. In answer to: "I get a quick NXDOMAIN. Is that also true for your mail server?" Yes i get the same results when i do a "dig -x 137.99.149.148" or "nslookup 137.99.149.148" My respo

RE: Want to be sure i am not throttling user.

Want to be sure i am not throttling user. > On Aug 29, 2018, at 12:19 PM, Fazzina, Angelo > wrote: > > In answer to: "I get a quick NXDOMAIN. Is that also true for your mail > server?" > Yes i get the same results when i do a "dig -x 137.99.149.148&

RE: Want to be sure i am not throttling user.

m not throttling user. > On Aug 29, 2018, at 1:53 PM, Fazzina, Angelo wrote: > > [root@mail4 log]# cat maillog-20180829 |grep 137.99.149.148 |grep -v > disconnect |grep -v submission|grep connect You forgot to aggregate: $ ... | awk '{print $3}' | sed -e 's/.:..$/

Not sure if i have a DNS or Postfix issue ?

Hi, not sure if i am looking in the wrong place: If you want my postconf I can get it. User sends email to ling...@listserv.uconn.edu with client. [one of recipients is woodsan...@msn.com and jb...@albanylaw.edu] MX for listserv.uconn.edu is spam boxes. Email goes to spam boxes, and spam boxes r

RE: Not sure if i have a DNS or Postfix issue ?

Dukhovni Sent: Thursday, September 20, 2018 12:10 PM To: Postfix users Subject: Re: Not sure if i have a DNS or Postfix issue ? > On Sep 20, 2018, at 11:37 AM, Fazzina, Angelo > wrote: > > User sends email to ling...@listserv.uconn.edu. > [two of recipients are woodsan...

Postscreen newb questions

Hi, i am learning/testing Postscreen on Postfix 2.10.1 I read the man page and need a little help understanding this : This program should not be used on SMTP ports that receive mail from end-user clients (MUAs). In a typical deployment, postscreen(8) handles the MX service on TCP port

looking for any options to better deal with mail looping

Hi, I have a domain that has MX point to O365 and then O365 relays mail to Postfix server. Currently, Postfix does a lookup in a MySql table to know where to relay the email to, AFA next hop. If not found in table Postfix looks up MX and relays the email. I want to know if there is a more grace

RE: looking for any options to better deal with mail looping

--Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Wietse Venema Sent: Wednesday, November 7, 2018 11:38 AM To: Postfix users Subject: Re: looking for any options to better deal with mail looping Fazzina, Angelo: > Hi, I have a domain that has MX point to O365 and then O365 rel

RE: looking for any options to better deal with mail looping

  ITS, SSG, Server Systems 860-486-9075 -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Viktor Dukhovni Sent: Wednesday, November 7, 2018 4:55 PM To: postfix users Subject: Re: looking for any options to better deal with mail looping > On Nov 7, 2018, a

RE: looking for any options to better deal with mail looping

ems 860-486-9075 -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Viktor Dukhovni Sent: Tuesday, November 13, 2018 4:30 PM To: Postfix users Subject: Re: looking for any options to better deal with mail looping > On Nov 13, 2018, at 4:22 PM, Fazzina, Angelo

RE: looking for any options to better deal with mail looping

any options to better deal with mail looping On 11/16/2018 2:41 PM, Fazzina, Angelo wrote: > Hi again, > Even though my configuration does what I need it to do, it seems to have > broken something else that needs to still work. > Did I forget something or just did this wrong

RE: SSL not working after unwanted server migration

Hi, once you correct your configuration this may help you test it is correct 1. Run this to test connectivity to your server via STARTTLS [Submission in master.cf] openssl s_client -starttls smtp -connect your.host.name:587 Typical OUTPUT = 250 DSN quit

testing question

Hi, I am trying to simulate a DKIM failure and have not been able to figure out how. Goal: test my "report" TXT record actually works. Talking about RFC 6651 I was hoping that with postfix and opendkim running and signing emails I could just turn opendkim off and send an email through and get

RE: Looking for appropriate place to ask a DKIM question

Thank you. I am still setting up the servers DNS TXT records. I started with DKIM, have not got around to DMARC yet, but I guess that will be the next thing to configure and then more testing. -ANGELO FAZZINA ITS Service Manager: Spam and Virus Prevention Mass Mailing G Suite/Gmail ang...@uco

RE: dnsbl postscreen - not blocking

Hi, I don’t know the answer to your question but from this site http://www.sorbs.net/using.shtml it looks like the IP 209.85.166.196 seems to have tripped one of these : new.spam.dnsbl.sorbs.net127.0.0.6 recent.spam.dnsbl.sorbs.net127.0.0.6 old.spam.dnsbl.sorbs.net127.0.0.6

RE: New SASL error when relaying through gmail

Hi, I suspect this is wrong relayhost = [smtp.gmail.com]:587 that looks like typical setup for an email client using IMAP and that is the config for sending email. It would require a username and password. https://support.google.com/mail/answer/7126229?visit_id=636830764979015900-598820322&hl=

RE: New SASL error when relaying through gmail

Hi, can you manually use commands to test the U/P are working from your postfix server ? 1. Run this to test connectivity to your server openssl s_client -starttls smtp -connect your.host.name:587 Typical OUTPUT = 250 DSN quit 221 2.0.0 Bye

RE: New SASL error when relaying through gmail

It may be time to crank up debug level on Postfix or do tcpdump capture to see what you are sending over the wire when it works and when it doesn't ? -ANGELO FAZZINA ang...@uconn.edu University of Connecticut,  ITS, SSG, Server Systems 860-486-9075 -Original Message- From: owner-postf

RE: stress tested postfix

Hi, I am curious why no one has recommended using what looks like a built-in testing [benchmark] tool in Postfix ? /usr/sbin/smtp-source I gave the man page a quick look and it seemed it may help, based on the given specs provided by the OP. I have versions 2.6.x and 2.10.x and assume it is s

Re: DKIM setup writeup for multi domain?

Hi, wouldn't the answer to the OP's question be to just list all the domains they want signed in the file /etc/opendkim/SigningTable Assuming they are using Opendkim. I wrote some documentation here. https://linux.uits.uconn.edu/dkim-review-of-all-aspects/ -ANGELO FAZZINA ang...@uconn.edu Uni

RE: Release from HOLD

Hi, you may get more help by providing helpful info like # postconf -n | grep -i transport -ANGELO FAZZINA ang...@uconn.edu University of Connecticut,  ITS, SSG, Server Systems 860-486-9075 -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Rafael Azevedo Sent: T

RE: Release from HOLD

anges ? If so then I cannot help you. And you need more expert advice. -ANGELO FAZZINA ang...@uconn.edu University of Connecticut,  ITS, SSG, Server Systems 860-486-9075 -Original Message- From: Rafael Azevedo Sent: Thursday, March 21, 2019 10:34 AM To: Fazzina, Angelo Cc: Postfi

RE: OpenDKIM not signing

Hi, not sure my SOP will help you but here it is and it does work. https://linux.uits.uconn.edu/dkim-review-of-all-aspects/ Your logs will be the best place to find problems. Good Luck. -ANGELO FAZZINA ang...@uconn.edu University of Connecticut,  ITS, SSG, Server Systems 860-486-9075 -Orig

RE: How to tell my ISP there's a problem

Hi, your Postfix logs look normal to my untrained eyes. If it was me i would figure out the best contact email for the ISP and tell them as much detailed info as i could, so it is easy for them to get you the answer to "what happened to X email ?". Looks like they just need this line : Jun 17 1

RE: Add header based on subject

I have a question, wouldn't that break a DKIM sig if the incoming email had one ? Thank you. -ANGELO FAZZINA ang...@uconn.edu University of Connecticut,  ITS, SSG, Server Systems 860-486-9075 -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Ralph Seichter Sent: F

RE: Rejecting mail if LDAP lookup returns empty

Hi, what is the output when you test if testing is possible of say these commands ? postmap -q racoo...@tamu.edu ldap:/etc/postfix/tamu.ldap postmap -q bad_a...@tamu.edu ldap:/etc/postfix/tamu.ldap if I'm sending you down the wrong rabbit hole I am sure someone more savvy will help out.

RE: SPF failure

When you plug your domain [forevermetalroof.com] in here you see too many lookups explained better https://dmarcian.com/spf-survey/ limit is 10. -ANGELO FAZZINA ang...@uconn.edu University of Connecticut,  ITS, SSG, Server Systems 860-486-9075 -Original Message- From: owner-postfix-us

sasl config confusion postfix 2.10.1

Hi, I added this to main.cf relayhost = [massmail.uconn.edu]:587 smtp_fallback_relay = [massmail.uconn.edu]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/nexus_passwd smtp_sasl_security_options = I added this to master.cf submission inet n - n -

RE: sasl config confusion postfix 2.10.1-- FIXED

= noanonymous smtp_use_tls = yes and ran yum install cyrus-sasl-plain and it works fine now. Case closed. -ANGELO FAZZINA ang...@uconn.edu University of Connecticut, ITS, SSG, Server Systems 860-486-9075 From: owner-postfix-us...@postfix.org On Behalf Of Fazzina, Angelo

RE: outbound.protection.outlook.com

Hi, not sure if this helps but, these are the networks that my postfix server is setup to send email to O365 so users get their mail delivered # Microsoft Networks 23.103.132.0/22 23.103.136.0/21 23.103.144.0/20 23.103.198.0/23 23.103.200.0/22 23.103.212.0/22 40.92.0.0/14 40.107.0.0/17 40.10

Trying to understand error message in logs

Hi, I am building new server RHEL7 and Postfix 2.10 The log file is constantly outputting this... Oct 11 11:15:08 mail6 postfix/master[3266]: warning: process /usr/libexec/postfix/smtpd pid 18008 exit status 1 Oct 11 11:15:08 mail6 postfix/master[3266]: warning: /usr/libexec/postfix/smtpd: bad

RE: Trying to understand error message in logs

. /usr/libexec/postfix/postfix-files Also config is same on working server mail5.its.uconn.edu -ANGELO FAZZINA ang...@uconn.edu University of Connecticut,  ITS, SSG, Server Systems 860-486-9075 -Original Message- From: Marty Lee Sent: Friday, October 11, 2019 11:35 AM To: Fazzina

RE: Trying to understand error message in logs

: Friday, October 11, 2019 11:55 AM To: Postfix users Subject: Re: Trying to understand error message in logs Fazzina, Angelo: > Hi, thank you for trying to help. > I hope this answers your question. > > [root@mail6 pid]# pwd > /var/spool/postfix/pid > [root@mail6 pid]# ll >

RE: Trying to understand error message in logs

the directories in the path leading to the lockfile for proper access (at least eXecute permission) and no conflicting ACLs (as viktor already wrote). --tmolitor Am Freitag, 11. Oktober 2019, 15:00:36 CEST schrieb Viktor Dukhovni: > Reboot your system, and try again. > > > On Oct 1

RE: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

From what I can tell the DNS record was not found. Oct 23 18:26:14 triggerfish opendkim[5845]: E0C34CB4A69: key retrieval failed (s=zendesk1, d=lightandmotion.com

<    1   2