Lets say there is a bogus email address f...@bar.com and postfix cannot send to
this address because the smtp server at bar.com says this mailbox is invalid.
Are these messages stored in /var/spool/postfix somewhere?
I'd like to scrape all the email addresses out of there and remove them from m
22:04 CEST,
Gary wrote:
> Lets say there is a bogus email address f...@bar.com and postfix cannot
> send to this address because the smtp server at bar.com says this
> mailbox is invalid.
>
> Are these messages stored in /var/spool/postfix somewhere?
If the remote server resp
Wouldn't you need something like no-ip so your router can be found?
Try to ping your router from a device not on your network such as from a cell
phone.
Original Message
From: hp...@fastmail.fm
Sent: August 13, 2017 11:54 AM
To: postfix-users@postfix.org
Subject: Sending mail from home la
It would help to have a link to Gmail's suggestions.
This website tests dkim and spf.
http://dkimvalidator.com
Original Message
From: tom.brow...@gmail.com
Sent: August 29, 2017 4:10 PM
To: postfix-users@postfix.org
Subject: mitigating gmail spam traps: how does one add the required header
As you know, letsencrypt certs can be automatically updated. However, you need to reload/restart Postfix/Dovecot to use the new cert. My email client insisted I had an expired cert. I couldn't download or send email. (Fortunately I'm on a test domain, getting ready for the Oct 1st Google insistenc
From: pmen...@molgen.mpg.de
Sent: September 11, 2017 2:06 AM
To: li...@lazygranch.com
Cc: postfix-users@postfix.org
Subject: Change of SMTP encryption policy at Google? (was: Letsencrypt tip)
Dear Gary,
On 09/11/17 10:59, Gary wrote:
[…]
> (Fortunately I'm on a test domain, getting rea
works, seems like the way to go.
Original Message
From: pmen...@molgen.mpg.de
Sent: September 11, 2017 2:23 AM
To: li...@lazygranch.com
Cc: postfix-users@postfix.org
Subject: Re: Change of SMTP encryption policy at Google?
Dear Gary,
On 09/11/17 11:20, Gary wrote:
> https://threatpost.co
https://cyber.dhs.gov
Binding Operational Directive 18-01 enforces some basic email security, notably
with DMARC set to reject. Perhaps this will set a trend. Not necessarily for
DMARC settings, but at least more servers will be set up properly not to be
rejected.
ject: Re: PSA: US government to set DMARC to reject
On 17.10.17 19:07, Gary wrote:
> https://cyber.dhs.gov/
> Binding Operational Directive 18-01 enforces some basic email
> security, notably with DMARC set to reject.
Interesting choice of words there.
DMARC [...] tells a recipient wh
FWIW, the IP address looks like a legitimate reverse proxy vendor located in
Canada. You might want to contact dosarrest security and inform them regarding
the behavior of their less than stellar client.
Original Message
From: der...@gmail.com
Sent: October 21, 2017 3:03 PM
To: postfix-use
FWIW, I've had amavisd-new "stall", for lack of a better description. Some describe it as locking up. I decided to pull it since I can't always get to a PC to get it going again. My problem is not unique as others have posted complaints on serverfault and similar websites. I look forward to your
I don't like html control panels. Just another thing to get hacked. Iredmail
and mailinabox have that "feature." Having been hacked via roundcube back in
the day when I used a hosting service, I certainly wouldn't add those features
to my email.
Thus far, postfix and dovecot have been pain fre
https://robotattack.org
These tests appear to be aimed at website testing. Any ideas how to test a
mail server for the robot attack?
:43 PM, Gary wrote:
>
> https://robotattack.org
> These tests appear to be aimed at website testing. Any ideas how to test a
> mail server for the robot attack?
Nothing at my fingertips. Note that Postfix TLS support is based on OpenSSL,
and OpenSSL is not vulnerable to the atta
http://www.linux-mag.com/id/7807/
By some miracle, I manage to get swatch to monitor my web log, but basically it
can read any log. In my case, I gave the annoying "jorgee" infected IP
addresses a three minute lockout, which is enough to make them attack another
server.
Swatch has no user grou
Am i making a mistake using the same cert for web and email?
Original Message
From: postfix-us...@dukhovni.org
Sent: June 26, 2018 12:03 AM
To: postfix-users@postfix.org
Reply-to: postfix-users@postfix.org
Subject: New EFF certbot plugin for Postfix
The EFF announced a certbot plugin for P
When I set up my last email server, I got a cheap TLD to flog it on the
internet. I used a dot-site TLD that cost a buck. (Mind you I reject all those
goofy TLDs on my actual server.) With example.site, you get to test out
everything except dnssec.
The last place I would be looking for email se
I suggest using port 587 (SUBMISSION). That was you can heavily firewall filter
the IP space to geographic locations where you are not likely to be sending
mail. Besides geographic filtering, I also limit access to 587 using my "no
eyes" list of datacenters. This firewall filter list comprises m
https://support.google.com/mail/answer/81126?hl=en
Look at "authenticate your mail" in the above link. Gmail required 1024 bits.
Google market dominance makes it a defacto standard.
Original Message
From: pg...@dev-mail.net
Sent: October 13, 2018 7:40 AM
To: postfix-users@postfix.org
Subje
https://cyber.dhs.gov/bod/18-01/
Oct 16 was the deadline for the feds to implement DMARC. Compliance of course
is TBD. They are set to reject mail that doest pass SPF or DKIM.
Now with that interpretation of the log, this makes sense. I was thinking rate
and concurrency were different things.
Original Message
From: wie...@porcupine.org
Sent: January 11, 2019 4:21 AM
To: postfix-users@postfix.org
Reply-to: postfix-users@postfix.org
Subject: Re: concurrency rate li
How about setting up a relay? Maybe you are blocked by IP.
Original Message
From: listacco...@starionline.com
Sent: February 1, 2019 2:28 PM
To: postfix-users@postfix.org
Subject: Google blocking...again...
I'm about at my wits end with Google.
A couple of weeks ago, we had a user account
When spammers do this to me, I get a bounced mail due to SPF issues since it
really isn't from my server. So maybe something SPF related can do what you
want.
Original Message
From: ru...@mrbrklyn.com
Sent: February 6, 2019 5:45 PM
To: postfix-users@postfix.org
Subject: Stopping acceptence
If you are going Fedora, you might as well go CentOS. There are minor
differences in the firewall and the code isn't always cutting edge, but CentOS
has been a no drama experience for me. It just works.
Original Message
From: cont...@noahh.io
Sent: February 13, 2019 9:27 PM
To: postfix-us
Filtering is easy. Run pi-hole.
Original Message
From: postfixlists-070...@billmail.scconsult.com
Sent: February 14, 2019 12:44 PM
To: postfix-users@postfix.org
Reply-to: postfix-users@postfix.org
Subject: Re: Click tracker removal ideas?
On 14 Feb 2019, at 11:27, Phil Stracchino wrote:
>
Number 4 is immensely useful. When I had a hosted service, I got hacked from
someone in Morocco via a Round Cube exploit that wasn't patched. (My PayPal
account subsequently hacked, though I had the account suspended.)
I saw two problems. One, I only use mail clients. Browsers leak. Two, I don'
ix.org
Subject: Re: How to protect against compromised email account password
>>>>> "Gary" == Gary writes:
Gary> Number 4 is immensely useful. When I had a hosted service, I got hacked
from someone in Morocco via a Round Cube exploit that wasn't patched. (My
P
Just to be clear here, if you submit logs to Digital Ocean, they will contact
the droplet owner. OVH however does appear to be bullet proof hosting. No
replies to complaints. Buyvm/Frantech is another bullet proof host. I do block
them, but I get hacking attempts where their Las Vegas server ha
I am setting up a server for our mailing lists. That server will not
be used for anything but those mailing lists.
Can I turn off emailing notices back?
Would it make it harder for those sending spam?
Would that help cut down backscatter messages?
Would it be a bad idea?
Thanks
Gary
More details
On Fri, Jan 16, 2009 at 12:41 PM, Gary Frederick wrote:
> I am setting up a server for our mailing lists. That server will not
> be used for anything but those mailing lists.
>
> Can I turn off emailing notices back?
I was wondering if I could turn off sending messages
:-)
On Fri, Jan 16, 2009 at 2:36 PM, Wietse Venema wrote:
> Gary Frederick:
>> More details
>>
>> On Fri, Jan 16, 2009 at 12:41 PM, Gary Frederick
>> wrote:
>> > I am setting up a server for our mailing lists. That server will not
>> >
On Fri, Jan 16, 2009 at 2:36 PM, Evan Platt wrote:
> At 12:28 PM 1/16/2009, you wrote:
>>
>> > Would it make it harder for those sending spam?
>> I was wondering if it would make it harder if spammers got nothing.
>
> How many spammers do you think use a valid return address?
>
> Spammers likely
unknown in
virtual alias table (state 14)."
I do not send bounces. I reject them like the above.
sooo
It's a bad idea to mess with the rejection message. Thanks again.
Gary
gt; "Undelivered Mail Returned to Sender" and contains a message like "Recipient
> address rejected: User unknown in local recipient table"
>
> And, if i understand Gary correctly, he does not what such a mail - just a
> silent drop ...
Yes. I wanted to know if it was
On Fri, Jan 16, 2009 at 3:28 PM, mouss wrote:
> Gary Frederick a écrit :
>> Thanks all. I now understand.
>>
>> ...
>>>> My postfix sends a message back to the sender that it was to a
>>>> non-existent address. I was thinking about not sending them
vhome
virtual_mailbox_domains = pgsql:/etc/postfix/virtual-mailbox-domains-pg.cf
virtual_mailbox_maps = dbm:/etc/postfix/vmailbox
virtual_uid_maps = static:60008
Gary Chambers
// -
// Gary Chambers and Associates
// Nothing fancy and nothing Microsoft
// http://garychambers.com/
// -
rrect. It just doesn't get delivered
to the correct maildir directory.
Gary Chambers
// -
// Gary Chambers and Associates
// Nothing fancy and nothing Microsoft
// http://garychambers.com/
// -
et/home/blah/Maildir/
...
Thank you for your assistance, gentlemen!
Gary Chambers
// -
// Gary Chambers and Associates
// Nothing fancy and nothing Microsoft
// http://garychambers.com/
// -
message is being delivered to mailbox Y I can see that it's from
user X (not user U) as it's being forwarded. In this case, if the message
bounces, I would like it go just silently drop (or defered to a completly
different email address).
Can this be done? If so, how?
Thanks,
Gary
y concerned with about 20 email addresses. So I'm
not sure how the local address will be useful to us since we don't have a full
list of them. Anyway, it gives me a direction to start with.
Gary
shooting from the hip I would say stop listening on the network connection and
only listen to localhost
In the /etc/postfix/master.cf file change the line smtp... to 127.0.0.1:smtp
... thus forcing it to listen to localhost only.
From: owner-postfix-us.
Well, it sill stop postfix from listening to anything other then the localhost
for submissions therefore preventing external (to the machine) submissions.
When you are done, just remove 127.0.0.1: from in front of the smtp statement.
Gary
From: owner
/etc/postfix/custom/virtual
@bounces.domain.tld bmana...@bounces.domain.tld
Executed:
postmap virtual
postmap -q 'c...@bounces.domain.tld' hash:/etc/postfix/custom/virtual
postmap -q '@bounces.domain.tld' hash:/etc/postfix/custom/virtual
bmana...@bounces.domain.tld
Test with
is not connect directly to the net but rather is receives email from a relay.
So, given that it's a dedicated box for this domain, and that any email for
this domain should go to a single account, what should I add to main.cf from
stock to config to make this work.
do. Am I
understanding this correctly? If so, that's pretty easy.
Gary
From: owner-postfix-us...@postfix.org [owner-postfix-us...@postfix.org] On
Behalf Of Noel Jones [njo...@megan.vbhcs.org]
Sent: Thursday, June 11, 2009 9:52 AM
To: postfix-users@post
roup = postdrop
unknown_local_recipient_reject_code = 550
From: owner-postfix-us...@postfix.org [owner-postfix-us...@postfix.org] On
Behalf Of Noel Jones [njo...@megan.vbhcs.org]
Sent: Thursday, June 11, 2009 10:12 AM
To: Gary Smith; postfix users list
Subject: Re: Catchall not work
Bingo... That will teach me to not put my quick changes in the top of the
file...
Thanks,
Gary
From: owner-postfix-us...@postfix.org [owner-postfix-us...@postfix.org] On
Behalf Of Noel Jones [njo...@megan.vbhcs.org]
Sent: Thursday, June 11, 2009 12
in are all going to the proper email
account now with the boucen-user=theirdomain@bounces.domain.tld in the from
field (untouched which is nice).
Thanks for your help.
Gary
From: owner-postfix-us...@postfix.org [owner-postfix-us...@postfix.org] On
o /home) then we
may assume it's using virtual domains:
/var/vmail/example.org/garyv
Of course, the output of 'postconf -n' would be useful.
Do you truly not have any idea if there is a web interface involved?
What is the output from this:
ls -l /var/www
Gary V
> > http://roundcube.net/
>
> +1
>
> If you're going to offer webmail, you may as well offer IMAP folders instead
> of
> POP. JMHO.
>
I think it depends upon the requirements. For very simple mail and setup, +1
roundcube. I have been using horde for some time for my clients (as they use
to be made in regards to the config file
for going to 2.7.0? I know you guys have done a great job in the past of
making upgrades seamless (at least for me anyway).
Gary-
> Everything you need to know is the RELEASE_NOTES.
>
Read them already... I just wanted to do a double check first.
Thanks,
Gary-
onfidence when they release stable versions, so I like to stick with the
newest stable. I was already in line to release the 2.7.0 to test servers when
the 2.6.6 notification came out today. I've built both, but will go with 2.7.0
Gary-
> I am running CentOS 5.4 and the latest version of Postfix it has on the
> repository is version 2.3.3. After looking at the Postfix site I found out
> that that version is no longer updated.
Kaleb,
RedHat tends to backport security patches even for older products, when they
can. I personally
ostfix box, compare it to the
local and if different replace local and then run postmap on the file, on a 5
minute schedule basis.
Gary-
> The script just does:
>
> * Copy in new relay_recipients file
> * postmap relay_recipients
> * postfix reload
>
> Is there a better way to do this? Should I stop postfix completely during
> this time? Will putting the queue on hold avoid this problem, or do I need
> to stop Postfix completely
an administrative comment.
That's what I thought. I've defaulted it to just use 'OK'.
Thanks,
Gary
We use a filter to break out and run our spamassassin and other checks. In bash
shell that process, we have a need to insert a custom unique header per email
for compliance. Is there a simple way of doing this without having to go into
any special mime processing of the message?
Gary Smith
> Is there some reason the Message-ID won't work as a unique
> identifier?
>
It's about compliance tracking and tagging for specific things.
> You can use a policy server to insert a header based on
> envelope information.
> http://www.postfix.org/SMTPD_POLICY_README.html
>
> If your header mus
e seen this behavior before on a load balanced policy server?
Anyone have any ipvsadm scripts for a policy server they would like to share?
I'm using wlc nat'ed connections currently.
Gary
m conntrack --ctstate INVALID -j REJECT --reject-with
icmp-port-unreachable
Apr 26 04:36:02 wall1 kernel: FW-I BF: IN=br0 OUT= PHYSIN=eth1
MAC=00:50:56:b1:63:bc:00:0c:29:92:be:b7:08:00 SRC=10.80.66.24 DST=10.80.55.11
LEN=52 TOS=0x08 PREC=0x00 TTL=64 ID=40835 DF PROTO=TCP SPT=52114 DPT=3917
WINDOW=363 RES=0x00 ACK FIN URGP=0
> Gary
We have a custom content filter in place. During the execution of this filter
we create a set of files, per message, for the purpose of being processes
after the filter is finished. The goal in that was to get the mail back into
postfix ASAP.
In the background we have a cronjob that goes t
Lately I have found that my outgoing queues are getting a little clogged for
yahoo and sbcglobal.net. This usually coincides with a bulk set of news
letters sent out from a couples clients. Typically we are seeing that they
dump about 2000msg/per batch, with no more than one batch per week (us
> > rate_limit_transport:
> > aol.com ratelimit:
> > yahoo.com ratelimit:
> > sbcglobal.net ratelimit:
> > gmail.com ratelimit:
> >
> This looks reasonable to me; no more than 3 connections should
> be made at a t
>
> Do you realize the entries you just posted are misspelled domains? They
> are not sbcglobal.net, comcast.net, or earthlink.net.
>
> -Mike
Mike, um, belay my last... My eyes are tired from clearing out queue's.
Yes, those are wrong, looks like they have some typos, but they queues that
> This DOES NOT limit your delivery RATE!!
>
> This limits only the delivery CONCURRENCY.
>
> To limit the delivery RATE, see
> http://www.postfix.org/postconf.5.html#transport_destination_rate_delay.
>
Looking into it now. Thanks for the pointer Wietse. If I'm running multiple
outgoing rela
> >> This DOES NOT limit your delivery RATE!!
> >>
> >> This limits only the delivery CONCURRENCY.
> >>
> >> To limit the delivery RATE, see
> >> http://www.postfix.org/postconf.5.html#transport_destination_rate_delay.
> >>
...
> If that still doesn't help, then implement the rate delay as
> explai
e for dumping the other maps to the servers every
5 minutes, I might as well just add it there.
Gary-
> Sure, this is an improvement over what you had, but it seems strange
> to me that mynetworks would be changing frequently. Perhaps SASL AUTH
> is a better solution overall?
They don't change very often. Most of the time the problem is when adding new
servers to the mix and old config files are
> > I have a need to migrate some IP's from a static file to a hash file. These
> are singleton IP's (hash CIDR's).
>
> hash != cidr
It was meant to read "singleton IP's (not CIDR's)". I need to do a little more
proof reading before sending out these things.
> > i.e. would this be acceptable
> > I tried to make a CIDR file with most of the 3rd world in it, some
> > 30,000 ips but for some reason it doesn't seem to have the effect I
> > was hoping for.
> > Any ideas would be helpful, thanks.David
>
> Add amavisd to your postfix.
If they are relaying messages through their server, how
> We don't have any legitimate users sending mail aside from scripts on
> the server (linux), only mail from localhost, anyone with an email
> address is listed in the virtual file and has their email forwarded to
> a gmail and uses gmail's MTA to send mail.
>
> Since we have all the email addres
> Hi guys,
>
> I still need to accept mail for the email addresses we host on our
> machine from the net, so blocking port 25 or mynetworks as local host
> would seem to prevent that. we still have users on the domain that
> get mail to the address, except now we forward that mail to gmail
> usin
x - n n - 32 pipe
-o content_filter=
flags=Rq user=filter argv=/etc/postfix/scripts/tempsa.sh -f ${sender}
[${sasl_username}] ${recipient}
I was wondering if there is a better way to do this when we need to pass this
type of argument to a content filter?
Gary-
>... ${sasl_username:unknown} ${recipient}
>
> ie. if $sasl_username is empty, substitute "unknown"
>
> But nothing particularly wrong with what you're doing already.
That will work better for me since I won't have to parse out the sasl_username
from the [] if it's empty. I can just check
> I use a unique email address (alias) for every web(service)
> registration. I would like to limit or even block spam sent to these
> unique addresses. I glanced through the Postfix book but couldn't find
> an answer.
>
I've done that as well. Sometimes I love it when I get emails from
blockbu
Given the message below, if I fork a process inside a content filter (say in
python or perl), so I can return the message back to postfix faster (and end
the content pipe fast with a success exist code), will this have any impact on
postfix?
> We have a custom content filter in place. During t
ernally fork, then immediately return back to the
original content_filter, so it can exit.
My question is will this fork process cause any problems with postfix itself?
I just don't know what the impact of a fork in the content_filter will be.
Gary-
> Just make sure to close stdout and stderr, to avoid writing garbage
> into the pipe between Postfix and the filter, used to collect filter
> error messages.
>
> With this level of complexity, you really should use the advanced (SMTP)
> filter approach not pipe(8) based filters.
>
Victor,
To
t; filter approach not pipe(8) based filters.
>
> I agree. pipe-to-command+exit-status is a clumsy way to run a filter.
>
> Wietse
Well, you guys are the experts ;). I will look into setting up an SMTP proxy
here in the near future. For now I'll stick with the out of process cronjob.
Gary-
>
> Just make sure to close stdout and stderr, to avoid writing garbage
> into the pipe between Postfix and the filter, used to collect filter
> error messages.
>
> With this level of complexity, you really should use the advanced (SMTP)
> filter approach not pipe(8) based filters.
Looking aroun
re saying. What are the potential risks of losing
legitimate email turning it on? Or, better question WWWD? I have yet to see a
non-conformer in the saved envelopers that we have, so I suspect that most
modern MTA's are should conform.
Gary-
s 'first last <@domain.tld,fi...@example.com>' My understanding is
that regardless of the comment contents inside of the <> there can be only (1)
@ symbol and that anything else is violating RFC. Can you confirm?
Gary-
> The SMTP protocol is not a trade secret. The definition is publically
> available from the IETF website.
You make it hard to try to be lazy ;). I'll look into the RFC. In the
background I will probably just enforce the strict_rfc821_envelopes policy.
k into xforward but it doesn't seem to pass the sasl_username.
Gary-
getting mail flow pretty consistently, but today we had a report of a
bounce from a user who was trying to receive a rather large document via email
and that's when I noticed that in most cases it's "lost connection after DATA
from ... " but in the case of this users, "lost connection after DATA (xx
bytes) from ..."
Gary-
> Per the welcome message you received when you joined the list:
>
That would be like 5+ years ago. I've slept since then.
> TO REPORT A PROBLEM see:
> http://www.postfix.org/DEBUG_README.html#mail
>
> At a minimum, postfix version, output of postconf -n and unedited
> NON-verbose logs exhibit
probable with postfix, I'm just looking for postfix cases
where they have overcome this type of config issue.
Gary-
;m in there I'll look at making sure all of the other settings are sane
for the firewall boxes.
Gary-
e directions on where to look. I
think the advanced TCP and the timeout and the ipvsadm might be the biggest
issue.
Gary-
was a lost connection before RCPT. The
problematic ones where lost connection before DATA though. Anyway, I will be
tweaking settings over the weekend while the load is light and I will follow up
if it's not resolved.
Thanks,
Gary-
nt process.
I was actually surprised to how quickly, given some sample code out there, it
was to put in place an smtp proxy.
Anyway, just wanted to say thanks for the direction.
Gary-
> A while back I changed my aliases to use the mysql database. Well I
> thought everything was fine until I had a changed and relized the
> postmaster address was not working. Okay no problem I'll just link a
> postmaster address to the support account of my system. Well that is
> great if I send a
>I am using Postfix as an MTA but I see nowadays lot of spam going out of my
>system. I have used transport based throttling for a domain but I am looking
>for options for per sender based rate limiting. Can I achieve per user based
>throttling using postfix or I have to use some 3rd party sof
> I came across Policyd. It seems to follow similar Perl script for rate
> limiting. Does that sound like a solution ?
If it fits your needs, then yes.
> What about avoid the NOQUEUE error on the smtp server when policy
> service is down? I mean, queue all mail until the policy server is UP
> again. Is it possible?
That defeats the use of the policy server. The purpose of the policy server is
to help determine if it should be queued or rejected
> I've seen everything set up per the documents and all the online tests
> showing that i'm not an open relay. I have no need for external
> sendmail and I've used all the proper configs and all the suggestions
> on the list, and I still get some guy with watches for sale who can
> send mail anyway
> hello postfix network
>
> are you there a official version of centos postfix most days can be
> redhat
> this actual version is
> [r...@r13151 ~]# rpm -qa | grep postfix
> postfix-pflogsumm-2.3.3-2.1.el5_2
> postfix-2.3.3-2.1.el5_2
> This version is outdated and is no longer supported
> how to k
>
> do you have any information on a future release redhat postfix
> I'm going to compile my rpm
I have no more information than you. I just manage my own base packages and
update them when a new postfix release comes out.
version of the software and compile your own? I'd like
PostgreSQL support in Ubuntu Server 10.04 LTS, but I didn't come to
the list to ask for it.
-- Gary Chambers
/* Nothing fancy and nothing Microsoft! */
1 - 100 of 227 matches
Mail list logo
