reject_unknown_helo_hostname

Hi guys, the documentation says: "Reject the request when the HELO or EHLO hostname has no DNS A or MX record" I'm trying to understand the "or" between the "A" and "MX" words - will this test reject the transport when any of those records are missing, or when the propagated HELO/EHLO d

Re: smtp servers port

Le me contribute to the list. The mail transport between _two servers_ is always on port 25. 587 is so called submission, it's for communication between client <-> server best, Istvan On 5/29/20 2:16 PM, Matteo Cazzador wrote: Hi, excuse a question, during the comunication between 2 mail serv

Postfix behind NAT -> failover IP -> wrong HELO

Hi, I hope this letter finds you well, I have Postfix behind NAT, and added one failover IP to the main router. I wanted to "get by cheaply" by just doing something like iptbales -t nat -I POSTROUTING -p tcp --dport 25 -j DNAT --to on the firewall machine. So, all well, the only problem is t

Re: Postfix behind NAT -> failover IP -> wrong HELO

On 6/30/20 9:49 PM, Wietse Venema wrote: Istvan Prosinger: Hi, I hope this letter finds you well, I have Postfix behind NAT, and added one failover IP to the main router. I wanted to "get by cheaply" by just doing something like iptbales -t nat -I POSTROUTING -p tcp --dport 25 -j

Re: Postfix behind NAT -> failover IP -> wrong HELO

On 6/30/20 10:34 PM, Wietse Venema wrote: Istvan Prosinger: On 6/30/20 9:49 PM, Wietse Venema wrote: Istvan Prosinger: Hi, I hope this letter finds you well, I have Postfix behind NAT, and added one failover IP to the main router. I wanted to "get by cheaply" by just doing

Re: Postfix behind NAT -> failover IP -> wrong HELO

On 7/1/20 1:20 AM, Bill Cole wrote: On 30 Jun 2020, at 15:40, Istvan Prosinger wrote: Hi, I hope this letter finds you well, I have Postfix behind NAT, and added one failover IP to the main router. I wanted to "get by cheaply" by just doing something like iptbales -t nat -I P

Re: Postfix behind NAT -> failover IP -> wrong HELO

On 7/1/20 12:40 AM, Wietse Venema wrote: Istvan Prosinger: On 6/30/20 10:34 PM, Wietse Venema wrote: Istvan Prosinger: On 6/30/20 9:49 PM, Wietse Venema wrote: Istvan Prosinger: Hi, I hope this letter finds you well, I have Postfix behind NAT, and added one failover IP to the main

Re: Postfix behind NAT -> failover IP -> wrong HELO

On 7/1/20 9:02 PM, Bill Cole wrote: On 1 Jul 2020, at 12:29, Istvan Prosinger wrote: Fix the DNS? All reverse DNS should have an A record pointed back in the DNS zone. This would be a real mess It is quite common for one name to have multiple A (and/or ) records and for more than one

Puting the Postfix's queue into RAM disk

Hello, I'll have a project to send 300-400k emails a day from a new IP address with one server. This can build up a signifficant mail queue on the server. We have several similar solutions already working but this time the idea is to have me do this on a VPS (no SSD drives involved), h

Re: Puting the Postfix's queue into RAM disk

On 2015-11-13 12:53, Leonardo Rodrigues wrote: Em 13/11/15 08:09, Patrick Ben Koetter escreveu: * Istvan Prosinger : Hello, I'll have a project to send 300-400k emails a day from a new IP address with one server. This can build up a signifficant mail queue on the server. We have se

Re: Puting the Postfix's queue into RAM disk

I got two options that I know of. Signifficantly shortening the queue lifetime, or (not) losing the queue from the RAM disk. Just trying to measure which is worse (or to hear something new for me) On 13.11.2015 16:17, Phil Stracchino wrote: On 11/13/15 04:44, Istvan Prosinger wrote: Hello

Re: Puting the Postfix's queue into RAM disk

Ok. As I mentioned, SSD is not an option on this project. Only RAM or Raid 10 (shared with other VPSes) On 13.11.2015 20:56, Ken Simpson wrote: We deliver tens of millions per server per day using SSD spools... On Fri, Nov 13, 2015 at 11:18 AM Istvan Prosinger mailto:ist...@prosinger.net

Re: Puting the Postfix's queue into RAM disk

On 13.11.2015 22:53, Phil Stracchino wrote: On 11/13/15 14:17, Istvan Prosinger wrote: I got two options that I know of. Signifficantly shortening the queue lifetime, or (not) losing the queue from the RAM disk. Just trying to measure which is worse (or to hear something new for me) If you

Re: Puting the Postfix's queue into RAM disk

Prosinger wrote: On 13.11.2015 22:53, Phil Stracchino wrote: On 11/13/15 14:17, Istvan Prosinger wrote: I got two options that I know of. Signifficantly shortening the queue lifetime, or (not) losing the queue from the RAM disk. Just trying to measure which is worse (or to hear something new for

Untrusted TLS connection established headache

Hi, I'm trying to install the signed STARTSSL certificates to Postfix, but I'm getting this entry whatever I do: Nov 17 18:41:39 knox postfix/smtp[32153]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[74.125.133.26]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (12

Re: Inserting a unique ID into the email header with Postfix alone

On 18.3.2016 17:27, Wietse Venema wrote: /dev/rob0: On Fri, Mar 18, 2016 at 09:05:51AM -0500, Noel Jones wrote: On 3/18/2016 6:20 AM, Istvan Prosinger wrote: Hello Everyone! I need to insert something like X-MY-ID-some-unique-ID into each email's header for local tracking purposes.

Re: Inserting a unique ID into the email header with Postfix alone

On 19.3.2016 1:18, Wietse Venema wrote: Istvan Prosinger: Why a separate header, why not just: enable_long_queue_ids = yes and use the queue ID that's already in your top Received: header? I would use a header_checks PREPEND action that prepends a header with the long queue ID fro

Re: Inserting a unique ID into the email header with Postfix alone

On 19.3.2016 15:13, Wietse Venema wrote: Istvan Prosinger: [ Charset windows-1252 converted... ] On 19.3.2016 1:18, Wietse Venema wrote: Istvan Prosinger: Why a separate header, why not just: enable_long_queue_ids = yes and use the queue ID that's already in your top Received: header

Re: Inserting a unique ID into the email header with Postfix alone

On 19.3.2016 16:02, Wietse Venema wrote: Istvan Prosinger: [root@email ~]# postmap -h -q - pcre:/etc/postfix/stamp.pcre < testheader Received: from localhost (localhost [127.0.0.1]) by email-test.server.com (Postfix) with ESMTP id 3qRyhf4pqCzKmYs for ; Sat, 19 Mar 2016

Re: Inserting a unique ID into the email header with Postfix alone

On 19.3.2016 15:53, /dev/rob0 wrote: On Sat, Mar 19, 2016 at 03:34:28PM +0100, Istvan Prosinger wrote: I've tried what you ask, this is what I got: [root@email ~]# postmap -h -q - pcre:/etc/postfix/stamp.pcre < testheader Received: from localhost (localhost [127.0.0.1])

Inserting a unique ID into the email header with Postfix alone

Hello Everyone! I need to insert something like X-MY-ID-some-unique-ID into each email's header for local tracking purposes. The unique ID doesn't have to be some complicated hash, it can be something like the + or ... which would be mostly unique. Any ideas if such a thing could be done

Re: Inserting a unique ID into the email header with Postfix alone

Thanks Ben. It was a generic example On 18.3.2016 21:14, b...@bitrate.net wrote: On Mar 18, 2016, at 07.20, Istvan Prosinger wrote: Hello Everyone! I need to insert something like X-MY-ID-some-unique-ID into each email's header for local tracking purposes. The unique ID doesn'

Re: Inserting a unique ID into the email header with Postfix alone

On 18.3.2016 15:42, /dev/rob0 wrote: On Fri, Mar 18, 2016 at 09:05:51AM -0500, Noel Jones wrote: On 3/18/2016 6:20 AM, Istvan Prosinger wrote: Hello Everyone! I need to insert something like X-MY-ID-some-unique-ID into each email's header for local tracking purposes. Why a sep

Postfix relaying non authenticated virtual user's mails in local

test testovich

Preventing Postfix queue from being "filled"

Dear friends, Sometimes I have similar issues in the que: (connect to hotel-patrizietta.ch[185.53.177.20]:25: Connection timed out) i...@hotel-patrizietta.ch etc, etc, etc. As far as I can tell, Postfix would keep on trying to send these mails

Re: Preventing Postfix queue from being "filled"

ah got it (always late). Maximal and bounce queue liftemes. On 2014-12-20 09:16, Istvan Prosinger wrote: Dear friends, Sometimes I have similar issues in the que: (connect to hotel-patrizietta.ch[185.53.177.20]:25: Connection timed out) i

A transport maps dilema

Hello, Is it possibble to make Postfix relay to some specific domain using a specific relay, and relay all the other domains by default rules (put the mail to an inbox if local or relay outbound by the given restrictions etc)? I guess it'd involve a transport_maps pointer in the main.cf to a

Re: A transport maps dilema

a On Dec 21, 2014 12:55 PM, "Istvan Prosinger" mailto:ist...@prosinger.net>> wrote: Hello, Is it possibble to make Postfix relay to some specific domain using a specific relay, and relay all the other domains by default rules (put the mail to an inbox if local or

Re: A transport maps dilema

On 21.12.2014 18:21, Viktor Dukhovni wrote: On Sun, Dec 21, 2014 at 08:57:52AM -0500, Wietse Venema wrote: Istvan Prosinger: Hello, Is it possibble to make Postfix relay to some specific domain using a specific relay, and relay all the other domains by default rules (put the mail to an

Postscreen - 450 4.3.2 forever

Hello all, I'm trying to send a test mail to my postscreened server, and postscreen should naturally rejct it for the first time. My problem is that it seems to be rejecting the mail forever even if it's comming from the same IP adress Dec 29 17:22:09 vs3163 postfix/postscreen[10262]: CONNEC

Re: Postscreen - 450 4.3.2 forever

Uf, indeed!! I almost looked letter-by-letter into the config and didn't notice that I removed the part for static IPs. Four eyes see more as my menthor would say back in the old days Thanks! On 2014-12-29 17:37, li...@rhsoft.net wrote: Am 29.12.2014 um 17:25 schrieb Istvan Prosinger

Re: New year

Happy New Year all! On 31.12.2014 11:45, John wrote: Here is wishing you all a very happy and prosperous new year.

Re: E-mail Log Search Engine v0.9.18 released

Oh nice! Will take a look asap On 26.1.2015 22:26, Nicolas HAHN wrote: Hello there,* *I've released *version 0.9.18 of the ELSE *as a tar.gz archive on Sourceforge: https://sourceforge.net/projects/x-itools/files/X-Itools%20releases/E-mail%20Log%20Search%20Engine/

Would Postfix accept decimal values in main.cf?

Hello, As in the subject. Something like, maximal_queue_lifetime = 0.5d This was the first parameter that came to my mind, for example (don't look for sense). I was wondering if Postfix would accept vaules like this. Regards, Istvan

Re: Would Postfix accept decimal values in main.cf?

Thanks. I was thinking in general. On 01/29/2015 05:34 PM, Noel Jones wrote: On 1/29/2015 10:24 AM, Istvan Prosinger wrote: Hello, As in the subject. Something like, maximal_queue_lifetime = 0.5d This was the first parameter that came to my mind, for example (don't look for sense).

Re: postscreen vs. fail2ban

Hi Wietse, One benefit of using fail2ban (for me) is a definitely cleaner mail log for these cases. Regards, Istvan On 12.3.2015 2:30, Wietse Venema wrote: Michael Fox: I haven't implemented postscreen yet, but plan to. So this question is for the postscreen experts here. As I understand

Postfix + OpenDKIM - milter reject, come back later

Hi all, I think I just need a four-eye method here, because I simply can't see what am I doing wrong. I've tried to install OpenDKIM milter with Postfix - something that is usually a ruoutine work but I keep getting the same mesage all the time when I try to send a test mail: postfix/clean

Re: Postfix + OpenDKIM - milter reject, come back later

On 2015-07-03 16:00, Benny Pedersen wrote: Istvan Prosinger skrev den 2015-07-03 14:36: postfix/cleanup[20494]: 06E7312113A: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 4.7.1 Service unavailable - try again later; from= to= means that either opendkim is not started or listning

Re: Postfix + OpenDKIM - milter reject, come back later

On 2015-07-03 16:00, Benny Pedersen wrote: Istvan Prosinger skrev den 2015-07-03 14:36: postfix/cleanup[20494]: 06E7312113A: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 4.7.1 Service unavailable - try again later; from= to= means that either opendkim is not started or listning

Re: Postfix + OpenDKIM - milter reject, come back later

) On 7/3/2015 8:27 PM, Benny Pedersen wrote: Istvan Prosinger skrev den 2015-07-03 18:11: My initial thought was that it's about Postfix. can happen if opendkim is started to late ? in that case try to solve that so opendkim is started before postfix for the mails in mailq, try post

Re: Postfix + OpenDKIM - milter reject, come back later

On 2015-07-03 22:14, Steve Jenkins wrote: On Friday, July 3, 2015, Istvan Prosinger wrote: What I can tell at this moment, is that I tried all that. Although I usually delete the mail queue and then try to send one mail with mailx, same thing happens. Nevertheless, it's not about the

Re: Postfix + OpenDKIM - milter reject, come back later

Ok, let's forget this since it's definitely an opendkim problem, not postfix. I connected to it as a unix socket, and it works that way. Still a mistery why TCP won't work, but ok.

A simple way to restrict the number of outgoing emails/hour per domain

Hi everyone, Can anyone pinpoint me to a simple way to limit the outgoing number of emails in a time frame per domain, without involving policyd and mysql, or any other 3rd party script? I'm looking for a simple restriction with a hash table or so. Best Regards, Istvan

Re: A simple way to restrict the number of outgoing emails/hour per domain

other servers, but to prevent spam/bulk/etc mailing from the sender domains that I'm hosting On 2015-07-23 12:55, wie...@porcupine.org wrote: Istvan Prosinger: Hi everyone, Can anyone pinpoint me to a simple way to limit the outgoing number of emails in a time frame per domain, without i

check_policy_service not working - need a 4eye method or..

Hello everyone, I have this im main.cf (I'ts actually an attempt to implement cluebringer/policyd) smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated,

Re: check_policy_service not working - need a 4eye method or..

On 2015-07-30 17:23, wie...@porcupine.org wrote: Istvan Prosinger: Hello everyone, I have this im main.cf (I'ts actually an attempt to implement cluebringer/policyd) smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynet

Re: check_policy_service not working - need a 4eye method or..

Istvan Prosinger: On 2015-07-30 17:23, wie...@porcupine.org wrote: > Istvan Prosinger: >> Hello everyone, >> >> I have this im main.cf (I'ts actually an attempt to implement >> cluebringer/policyd) >> >> smtpd_recipient_restrictions =

Re: check_policy_service not working - need a 4eye method or..

.pem smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_use_tls = yes unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual On 7/31/2015 4:37 PM, Viktor Dukhovni wrote: On Fri, Jul 31, 2015 at 02:28:35PM +0200, Istvan Prosinger wrote: On 2015-07-30 1

Re: check_policy_service not working - need a 4eye method or..

erday, thinking that it might be damaged, but no effect... On 2015-08-02 23:14, Viktor Dukhovni wrote: On Sun, Aug 02, 2015 at 10:53:35PM +0200, Istvan Prosinger wrote: smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 smtpd_recipient_restrictions = check_policy_service

Re: check_policy_service not working - need a 4eye method or..

On 2015-08-03 16:16, Viktor Dukhovni wrote: On Mon, Aug 03, 2015 at 09:48:35AM -0400, Postfix User wrote: On Mon, 03 Aug 2015 14:52:33 +0200, Istvan Prosinger stated: > Yeah when I took the server for audit, Postfix was dead and couldn't > start -the config file was (and stil

Re: check_policy_service not working - need a 4eye method or..

Got it. I have made a small perl script as a service that would only return reject as a policy (that sould have rendered most of the mailing impossibble), and postfix was still mailing happily. Since I have recompiled Postfix from the source, it was out of the question the the process was faul

Re: check_policy_service not working - need a 4eye method or..

On 2015-08-06 13:50, Istvan Prosinger wrote: Got it. I have made a small perl script as a service that would only return reject as a policy (that sould have rendered most of the mailing impossibble), and postfix was still mailing happily. Since I have recompiled Postfix from the source, it was

Re: Avoiding spam blacklists

On 2016-12-28 09:36, Alice Wonder wrote: On 12/28/2016 12:28 AM, John Fawcett wrote: On 12/28/2016 08:32 AM, Alice Wonder wrote: Virtual machine for a web application, it is still in testing. reverse DNS is properly set up. Postfix only listens on the local host. Linux firewall drops anything

Antispamming with header checks and regexp

Hi All, and Happy New Year with a little delay :) Comming to spam, header checks are one tool that I use frequently to prevent it. So, amongst all, I have this: if !/^Subject: (.*)[Aa]liexpress/ /^Subject:(.*)% [Oo][Ff][Ff]/ REJECT Go away spammer endif And this worked fine until _today_, wh

Re: Antispamming with header checks and regexp

On 2017-02-06 22:56, Dominic Raferd wrote: On 6 February 2017 at 21:23, Istvan Prosinger wrote: Hi All, and Happy New Year with a little delay :) Comming to spam, header checks are one tool that I use frequently to prevent it. So, amongst all, I have this: if !/^Subject: (.*)[Aa]liexpress

Re: Antispamming with header checks and regexp

On 2017-02-06 23:19, Noel Jones wrote: On 2/6/2017 3:23 PM, Istvan Prosinger wrote: Hi All, and Happy New Year with a little delay :) Comming to spam, header checks are one tool that I use frequently to prevent it. So, amongst all, I have this: if !/^Subject: (.*)[Aa]liexpress/ /^Subject

Re: Antispamming with header checks and regexp

On 2017-02-07 10:12, Ralph Corderoy wrote: Hi Istvan, Noel Jones wrote: > Remember that header_checks won't match encoded subjects We need to see the raw Subject header from the email that failed to match. It was probably encoded. $ scan -forma '%{subject}' . =?UTF-8?B?VGhpcyBpcyBzc

Re: Postfix 20 years ago

On 2017-02-12 19:06, wie...@porcupine.org wrote: Last month it was 20 years ago that I started writing Postfix code. Sorry for the late reply, but here's a Thanks from me too, to you and all the contributors. Best, Istvan