Hello all,
I get dozens of
Apr 6 10:34:22 blueberry postfix/smtp[2590]: panic: myfree: corrupt or
unallocated memory block
Apr 6 10:34:23 blueberry postfix/qmgr[4313]: warning: private/smtp socket:
malformed response
Apr 6 10:34:23 blueberry postfix/qmgr[4313]: warning: transport smtp
failu
Hello Postfix Users!
I have a postfix 3.10 installation up & running. Postfix and dovecot handle
mail reception from the inet, dovecot/587 users sending to the local domains or
into the internet.
Is there a possibility of having some kind of "local" restriction for a
specific (or a set of) lo
Hello,
And IF dovecot is the best angle of attack, I do not know.
Neither do I. People who actually use Dovecot for submission might know.
See below. Apparently I was imprecise in the formulation who does submission
listening/receiving. Its pf.
Maybe some kind of policy driven solu
I have a postfix 3.10 installation up & running. Postfix and dovecot handle
mail reception from the inet, dovecot/587 users sending to the local domains or
into the internet.
Is there a possibility of having some kind of "local" restriction for a
specific (or a set of) local users (com
Hello,
Then probably this is my problemwhich TLSRPT receiver daemon can i
use/configure?
The one from https://github.com/sys4/tlsrpt/
I suppose this is covered under
https://github.com/sys4/tlsrpt/?tab=readme-ov-file#how-to-setup-the-virtual-environment-for-python
Like Postfix, this imnp
Hello,
Further, and I guess it is all linked together (not linked in the ldd sense), I
get cores.
==> mail/mail.warn <==
Nov 12 11:29:09 sonne postfix/tlsproxy[3242552]: warning: TLS library problem:
error:0A000102:SSL routines::unsupported
protocol:../ssl/statem/statem_srvr.c:1657:
Nov 12 1
80 00 00 00 48 85 ff 74 0b f6 03 01 74 06 83 7b 08 00 74
ANY ideas about any of my questions?
Am 11.11.2024 um 22:22 schrieb Florian Piekert via Postfix-users:
Hello,
Then probably this is my problemwhich TLSRPT receiver daemon can i
use/configure?
The one from https://github
Good morning,
That was not very useful.
Next experiment:
- Build Postfix like you built it before we started messing with debuggers.
- But this time don't add -DUSE_TLSRPT in the CFLAGS.
- As usual: make upgrade, postfix reload.
If this build also crashes, then the problem is at your end.
Hello,
Nope. smtps (port 465) and submissions (port 587) are two separated services
defined in master.cf. Their use will not affect each other.
"smtps" is the old name for "submissions" and both refer to 465. "submission" (without
the "s" on the end) is port 587.
Find the "smtps" or "submis
Hello,
If I understood correctly, I need to have a "list" containing the "jailed"
user1@domain_AB. Let's call it restricted_senders as in the pf docs.
---8<---
#
user1@domain_AB local_only
---8<---
I have added it in my main.cf (I add smtpd_client_restrictions for
completeness, perhaps th
Hello,
Following this idea, I would put
mua_recipient_restrictions = permit_sasl_authenticated,
check_sender_access
btree:/etc/postfix/restricted_senders,
reject
in main.cf
and instead in master.cf
submission inet n - y
Hello Viktor,
I found the solution by using in main.cf the
smtpd_relay_restrictions = permit_mynetworks,
check_sender_access
btree:$meta_directory/restricted_senders,
permit_sasl_authenticated,
reject_unauth
and rather implement the particular
from/to access rules intended.
On 06.11.24 11:44, Florian Piekert via Postfix-users wrote:
Thanks for pointing out this security hole I set up! I wasn't even aware yet
of smtpd_sender_restrictions directive... So I moved the access check there,
as
Hello,
AFAIK you can't use the "doma.in" DKIM Key for signing "sub.doma.in" eMails.
You need to add a separate key in the DNS file - which in this case you can't.
my current domain (bitfox.ddns.net) can set neither txt records nor cname
records.
So I can't setup dkim/spf for this domain.
So,
Hello Viktor, all,
OK, so the "normal exit" isn't a problem then at all?
That is indeed good news, as I thought it was pointing to an issue I have on
these machines. Core dump might have been wrong terminology, process logging
then as you explained.
...
-all three have in master.cf for tlsp
Hello again on this topic,
the problem surely is on my end. But where and why. Maybe someone has an idea.
Situation:
-3 cloud machines with ubuntu 24.04.1 LTS (2 dist upgraded from 22.04.1 LTS, 1
plain 24.04.1 LTS out of the box)
-all three have postfix 3.10-20241113 snapshot
-2 out of 3 use tl
Good morning,
out of curiosity, does it possibly -if implemented- break ARC signature
creation of e.g. rspamd, which seems to use auth-info?
ARC-Authentication-Results: i=1;
ORIGINATING;
auth=pass smtp.auth=u...@doma.in smtp.mailfrom=u...@doma.in
Or is this transferred via MILT
Hello,
that doesn't seem to be a general non-accessibility of the server:
root@sonne:~# host www.postfix.org
www.postfix.org is an alias for postfix-mirror.horus-it.com.
postfix-mirror.horus-it.com has address 65.108.3.114
postfix-mirror.horus-it.com has IPv6 address 2a01:4f9:6a:528d::a
root@son
Good morning,
Am 17.12.2024 um 06:41 schrieb Michael Tokarev via Postfix-users:
...
capabilities of the service which aren't needed. Obviously, postfix
does not need an ability to reboot a system (does it not? How about
sending a special email which will trigger a reboot?) or to do many
My s
Good morning,
I have a stable low-volume Postfix setup on a 10-year-history IP address. In
mid-2025 we need to relocate interstate. The mail MX is going to be offline for
a few days for the relocation and have possible further outage time through new
location setup. The new location will als
Good morning,
Questions:
How does the secondary MX know to transport to the primary when it is back
online? (some online “guides” talk about editing transports, but the postfix
documentation does not)
The emails remain in the queue on the backup mx and postfix (in)frequently tries to delive
Hello Wietse and all others,
Jan 15 21:38:10 butterfly postfix/local[3652656]: 475F8F8AC4C:
to=, relay=local, delay=2.9,
delays=2.9/0.01/0/0, dsn=2.0.0, status=sent (delivered to file: /dev/null)
You want to ADD a recipient with xxx_rcipient_bcc_maps. Done.
Sometimes that added recipient is
Hello,
sorry to have a similar, but different thread subject. I already deleted the
others, so couldn't backup on those mails and just thought, hey, I have a look
at my system.
But I can confirm the non-working condition of the TLSRPT part of postfix,
starting with snapshot 3.10-20250105, for
Hello all,
I can confirm it works again for me now.
Thank you Wietse!
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Am 15.01.2025 um 17:22 schrieb Wietse Venema via Postfix-users:
Florian Piekert via Postfix-users:
Hello postfix-users,
I run pf 3.10-20250107 on ubuntu 24.04.
I use sender_bcc_maps and recipient_bcc_maps with pcre: mapping. The files are
simple.
However, I am puzzled by some behaviour
Hello postfix-users,
I run pf 3.10-20250107 on ubuntu 24.04.
I use sender_bcc_maps and recipient_bcc_maps with pcre: mapping. The files are
simple.
However, I am puzzled by some behaviour of postfix that doesn't fit my
expectation somehow.
In my main.cf the corresponding directives are
---8<
Hello Wietse,
Jan 15 12:40:48 butterfly postfix/local[3017382]: 225A9F8B1D1:
to=, relay=local, delay=1.7,
delays=1.7/0/0/0, dsn=2.0.0, status=sent (delivered to command:
/usr/local/sbin/devnull)
The BCC is delivered to /dev/null in some way or another.
Replace:
ignorethis: "|/dev/null
Hello (again),
Jan 15 12:40:48 butterfly postfix/local[3017382]: 225A9F8B1D1:
to=, relay=local, delay=1.7,
delays=1.7/0/0/0, dsn=2.0.0, status=sent (delivered to command:
/usr/local/sbin/devnull)
The BCC is delivered to /dev/null in some way or another.
Replace:
ignorethis: "|/dev/nu
Amazon.com in the filename.
.com extension.
/name=[^>]*\.(bat|com|exe|dll|vbs|xls|zip)/ REJECT
Am 11.02.2025 um 20:33 schrieb Phil Stracchino via Postfix-users:
Hey folks,
I have a puzzle that has me scratching my head. A few minutes ago I tried to
send a mail message with a PDF attachm
Hello Paul,
is there the chance of storage hardware failures? Or VPS I/O issues in case it
is on a VPS?
Am 28.03.2025 um 07:50 schrieb Paul Neuwirth via Postfix-users:
Hello group,
Since a few days I have massive problems with lockfiles blocking the
mailboxes (type storage, /var/mail/user).
Hello,
I only see IPv4. Maybe DNS issue on your end?
root@sonne:~# host list.sys4.de
list.sys4.de has address 45.90.5.195
list.sys4.de mail is handled by 10 list.sys4.de.
root@sonne:~# dig list.sys4.de MX
; <<>> DiG 9.20.7-1+ubuntu24.04.1+deb.sury.org+1-Ubuntu <<>> list.sys4.de MX
;; global opt
Dear Postfixians,
I have noticed the following.
In main.cf I had
#smtp_tls_security_level = may
smtp_tls_security_level = encrypt
for a while, until just now. When I noticed that some target mx destination had
delivery issues with this, I put the exception in my smtp_tls_policy_maps file,
pr
Hello,
ofc NOT. But that then works.
Danke Ömer!
Am 19.04.2025 um 17:18 schrieb Ömer Güven:
mx2.neumuenster.demay
Have you tried:
neumuenster.demay
Best,
Ömer
Am 19.04.2025 um 17:15 schrieb Florian Piekert via Postfix-users
:
Dear Postfixians,
I have noticed
ormance of your VPS
or
LESS signatures for clamd.
As written, only guesses based on assumptions.
Florian
Sent with Proton Mail secure email.
On Monday, March 3rd, 2025 at 10:17 PM, Florian Piekert via Postfix-users
wrote:
Hello all,
Am 03.03.2025 um 15:09 schrieb Varadi Gabor via Pos
Hello all,
Am 03.03.2025 um 15:09 schrieb Varadi Gabor via Postfix-users:
2025. 03. 02. 14:50 keltezéssel, Turritopsis Dohrnii Teo En Ming via
Postfix-users írta:
But until now I still have no idea why 115 messages stuck in the mail queue
will cause postfix to consume ENORMOUS amounts of RAM
Hello,
could
reject_unknown_reverse_client_hostname
in the smtpd_recipient_restrictions be responsible, since there are dns
resolution issues for the hostname.
Florian
Am 14.02.2025 um 10:30 schrieb Nikolaos Milas via Postfix-users:
Hello,
The two mail gateway servers (MX 10 mailgw1.noa.gr
Good morning gentlefolks,
I am trying to figure out where my error is, using MTA-STS for virtually hosted
domains on my postfix server.
Environment: ubuntu 24, pf3.11snap (or pf3.10snap same), apache2, letsencrypt
certs, bind9 on same machine
The main server is sonne.floppy.org, all other dom
Hello all,
$ posttls-finger -F/etc/pki/tls/cert.pem -c -lsecure "[theater.piekert.de]"
...
posttls-finger: Verified TLS connection established to
theater.piekert.de[81.169.233.252]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature
R
Dear Viktor,
I hope you maybe have some minutes to help on a DANE question.
I have (tried to) setup floppy.org with dnssec and TLSA records in the zonefile.
root@sonne:~# dig _25._tcp.floppy.org any
; <<>> DiG 9.20.9-1+ubuntu24.04.1+deb.sury.org+1-Ubuntu <<>>
_25._tcp.floppy.org any
;; global
Hallo,
did you check if the always_bcc directive meets that need? Put in a dedicated
recipient on the other postfix, it'll get a bcc of each message
inbound/outbound of the first postfix server.
Am 13.07.2025 um 21:12 schrieb oftl--- via Postfix-users:
Hi!
This is what i'd like to do:
Have
Hello,
I picked something up in the news lately, google said with "ip data packet size
russian capped":
In Russia, Internet access for users connecting to websites protected by
Cloudflare is currently being throttled by local ISPs, limiting users to the
first 16 KB of web assets, effectively
41 matches
Mail list logo
