strictions
> # -o smtpd_sender_restrictions=$mua_sender_restrictions
>
> but no proposed values for those.
These lines are commented out. Did you uncomment them in master.cf? If you
didn't, then you are probably keeping global values from main.cf for these
parameters without overriding them.
--
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Dnia 14.06.2021 o godz. 09:51:30 Linda Pagillo pisze:
>
> Any other ideas of what may be causing this?
Is it possible that the client is trying STARTTLS (and not TLS-wrapped SMTP)
on port 465?
Have you tried a different mail client instead of Outlook?
--
Regards,
Jaroslaw Raf
now have a formal business
justification to be not compliant with the mentioned security guidelines -
because they will be unable to communicate with their customers if they
comply.
That's just how the corporate bureaucracy works...
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a
d - IP address and username.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
elps. At least they will know :)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
my
server, there are very rare cases when I once in a few months or so see an
attempt to login to username that actually exists).
I also don't have the summary part "ehlo=xxx starttls=xxx ..." etc. in my
disconnect message, the log line is just "disconnect from
stati
t it doesn't let
> you see anyone else's content. Wierdly unhelpful.
I vaguely remember that this topic has been discussed several times on
mai...@mailop.org mailing list. I highly recommend this mailing list for
dealing with deliverability issues.
--
Regards,
Jaroslaw Rafa
r...@r
es seem to enable DKIM signing for them
> (via the milter application that I've configured), it still does not
> apply any header checks to them.
If you are able to apply a milter to them, you can write a milter that
rewrites those headers.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
to include some.domain
literally in your regular expression, then it won't match again on the
already transformed address, which does not contain some.domain.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once ther
essage in mutt, it puts the
e-mail address of the original sender (not you) at the beginning of the
subject of the forwarded message.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she
ix should outright reject the
message without trying to deliver it.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
tant one) and there's no reason to
replace them (or sometimes there isn't even anything to replace them with).
The concept of trusted hosts/networks has a reason behind it and cannot be
abandoned so simply...
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids
ion.outlook.com). The *client* address in your case is
mx0f-00376703.gpphosted.com, so it is *not* from domain dhs.gov. So it was
not whitelisted.
As far as I know, there's no option to whitelist *sender* addresses in
postgrey.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a m
this check for authenticated users (ie. submission ports).
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
own
reject_unknown_helo_hostname is known to produce quite a lot of false
positives, and it is not recommended to use this restriction.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
you
should try to configure an email client like Thunderbird and check email
sending/receiving with it.
Not everything at once!
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with
19/0.01/0.01/0.02, dsn=2.0.0, status=sent (250 2.0.0
V/yJDH9grmHtmgAAdabr2Q Saved)
Dec 6 19:11:59 softlinksys postfix/qmgr[38286]: 04E4CA06C5: removed
It's only strange why your qmgr is logging empty "from", and lmtp empty
"to". But this message should be somewhere on you
(eg. Postfix) usually use.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ut yes, Google IS dumb enough to do so.
> If so, given they allow spammers virtually free range to send FROM
> gmail this is a bit hypocritical.
100% agree.
They simply don't care about anyone that isn't using Gmail.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In
7;s what PSL is for -
to specify which domains should *not* be mixed up with one another.
Don't defend Google's email service, it's already so bad that it's not worth
defending...
Friends should not let friends use Gmail - that's all that can be said about
it.
--
Regar
y what Public Suffix List is for. It lists all such domains.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ries do not use any generic SLDs under country's
TLD (at least not mandatory ones), but just allow to register names directly
under country's TLD, like somename.de, somename.hu, somename.nl etc.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
on procedure and policy, and maybe be
able to demonstrate a bunch of actual independent subdomains registered
under this domain, run by someone else than you? Because that's the way
eu.org, uk.com and similar operate.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a millio
Dnia 14.12.2021 o godz. 13:06:49 Andrew Sullivan pisze:
> On Mon, Dec 13, 2021 at 12:31:07PM +0100, Jaroslaw Rafa wrote:
> >That's exactly what Public Suffix List is for. It lists all such domains.
>
> Well, to be a little more pointed about it, it attempts to provide a
>
all text/plain parts from multipart
messages, up to 5 levels nesting of multipart messages one inside another
(that level is configurable via a parameter in the script).
If you want to look at it, it's here: http://rafa.eu.org/media/textconv.pl
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.
etc. but it is not - and *should not* be - mandatory.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
somehow commerce-related
and collect personal data.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
pient of the mail can access its content. No operator of any
mail server is able to read your message. If you use only level 2, then
operators of both sending and receiving server (and any intermediate server,
if there are any) can have access to the message in plaintext form.
--
Regards,
nd sell your metadata.
And you are right with regard to the fact that metadata is often more
important in "spying" on the individual than the actual data transmitted;
but simple solutions like HTTPS don't protect you from metadata being
collected.
--
Regards,
Jaroslaw Rafa
r..
Dnia 11.01.2022 o godz. 05:00:43 Fourhundred Thecat pisze:
>
> What I am asking is, are there situations where legitimate sender
> (non-spam) would generate soft fail?
Forwarding.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they
Dnia 11.01.2022 o godz. 12:51:54 Fourhundred Thecat pisze:
> > On 2022-01-11 11:32, Jaroslaw Rafa wrote:
> >Dnia 11.01.2022 o godz. 05:00:43 Fourhundred Thecat pisze:
> >>
> >>What I am asking is, are there situations where legitimate sender
> >
et's trust Postfix authors that
they have done it right. To implement TLS support, one certainly has to know
more about it than an average mail administrator. So just trust them.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're go
t have one in the configuration shown in your mail)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
v an "overkill" for using one simple utility? Why
couldn't it just use the system-installed Python?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
is
run to provide this service. Both services, on port 25 and 587, are provided
by two instances of the same executable, therefore "smtp" in both cases.
After "smtpd" there can be arguments used to call this executable - these
arguments are used to make both services operate differently.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
mtpd_" :)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
P address, for example by using
permit_mynetworks ?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ee availability test results here:
> https://ping-admin.com/free_test/result/16443944516w2j65r1y4j0kca10wdw3q.html
> (not sure if this link will be valid for long, though).
Poland, ISP is UPC ( https://www.upc.pl/ ), works OK.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a mill
.postfix.org and tells where it
stops.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Dnia 9.02.2022 o godz. 13:58:01 Jaroslaw Rafa pisze:
>
> I think it's just a routing misconfiguration at some major ISP. It might be
> hepful that the OP does a traceroute to www.postfix.org and tells where it
> stops.
I did a traceroute to the first five sites that fail acco
where this post exists. But
maybe his security team will be happy with removing it from that particular
place where they found it...
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
pretty rare case for me (I usually work with single-server setups). I did
not think that it can be used in such context as rewriting by canonical
maps.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hu
al_alias_maps seems completely unneccessary in your case. What
funtion exactly does it provide here?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
maps mapping
destination@address->mailbox. Is that your case?
But this still doesn't have anything to do with Dovecot "accepting" any
email addresses, because Dovecot just provides access to a mailbox. Once you
properly log in, you have access to all messages stored in the mailbox,
re
Dnia 21.02.2022 o godz. 13:09:19 Alexey Shpakovsky pisze:
> On Mon, February 21, 2022 12:59, Jaroslaw Rafa wrote:
> >
> > The part I am wondering about is exactly "Dovecot accepts". As far as I
> > know, Dovecot does not need to "accept" anything, becaus
onfiguration_manual/authentication/user_databases_userdb/
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
you try apt-get?
milter-regex is not in the Ubuntu repositories (at least for 20.04).
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ely on random on-access file scanning.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
kind of password.
You may also (again if this is possible in setroubleshootd) insert a very
specific header into the message and use a milter to reject message if the
header is not present.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ltiple
"department" (or how do you call them) mail servers that relay mail to a
central server. Then you can very easily have mail-from and rcpt-to equal on
port 25.
Seems like a pretty valid case to me.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids
oIP provider is using
separate login & password for each phone line). This setup will work for
any ISP as long as ISP isn't blocking inbound UDP ports 5060/5061.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Dnia 12.04.2022 o godz. 14:20:11 Jaroslaw Rafa pisze:
> Dnia 12.04.2022 o godz. 14:07:13 Richard Rasker pisze:
> >
> > But according to the information supplied, I should also be able to
> > use smtp.xs4all.nl as a relay host, see
> > https://www.xs4all.nl/eigenmai
omain, its IP address (the outgoing one) should be included in SPF record
for the originating domain, if you do use SPF.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
un SpamAssassin? As a milter or as a post-queue content filter,
that reinjects the mail back to Postfix?
Double signing is a known issue in the latter case (ie. if you run SA as a
content filter). Switch to running SA as a milter and the issue will be
solved.
--
Regards,
Jaroslaw Rafa
r...@r
ld, but not "To:".
And referring to the original questions about legit cases of e-mails without
"To:" field - if someone sends an email to multiple recipients that are
listed in the "Bcc:" field (as it is often done due to privacy), and does
not specify the "To:"
x27;t exclude each other.
There are also "encrypted email providers" that claim that the messages stay
encrypted on their server, so for example admins are not able to access and
view them - and that is what they mean by "encrypted email". This is usually
in addition to the "s
, never used it
:)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
es
permanently.
Of course there was a lot more of this "hammering" when some time ago I had
mistakenly AUTH turned on on port 25, so it looks like the bots that try to
crack email passwords are mostly targeting this port.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a
for mail that is submitted locally via
/usr/sbin/sendmail and for mail that is submitted from SMTP clients.
Is it possible to do it using only Postfix configuration directives or do I
need to use a milter for this?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when
the
mail to Gmail, but I'm considering doing this automatically (although I
don't like this workaround, I'd rather prefer that all my mails be sent from
the same address I'm using for years, but it seems there's no way to achieve
that with Google :().
--
Regards,
Jaroslaw Ra
address rewriting.
>
> This rewrites {envelope, header} {sender, recipient} addresses.
Can I use "-o sender_canonical_maps=..." instead of "-o
smtp_generic_maps=..." in this way, to change only the sender addresses?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
&quo
ity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
I understand this is a default and recommended setting.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
or various other domains from time to time. Google's spam
filtering tends to discriminate aginst low-volume senders who are in less
popular domains.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
e, not a rejection. Rejection -in any context, not
only miletar and MTA related - can be described in other words as
"explicitly negative response", so nothing else than a reject code. :)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, t
Re:" actually comes from the Latin phrase "in re," which means "in the
matter of", so it should never be translated.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
not a misconfigured server, but some stupid bot trying to guess
passwords. It is a comonly observed thing.
> Blocking these IPs with fail2ban is a good idea?
Probably yes.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna kn
t "canonical" method to do such changes is via milter.
You can create a milter that will change the Subject: header appropriately
when it detects the old domain in the recipient address.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, t
jecting emails
while gmail.com is rejecting the same emails.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
when implementing
such a solution (automatically visiting links) caused all people receiving
mails from mailing lists to be automatically unsubscribed from these lists,
as the messages contained an unsubscribe link in the footer...
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years
ovecot entry above in the log. So it's either gpgit-pipe, dovecot or
amavis itself that rewrites address from u...@domain2.com to
u...@domain1.com.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
rcomplicated
things and put a lot of unnecessary settings in your config.
Isn't "always_bcc" set to an alias that expands to your script going to
achieve what you want? If not, then please try to describe what are
differences between this and your expected outcome.
--
Pozdrowienia,
Jaros
be just an alias that pipes mail to the "mailbot"
script directly?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
t in smtpd_recipient_restrictions so that only the "mailbot" script
could mail to it.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
in /etc/hosts to your real (ie. not
127.0.0.1) IP address.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
domain.2domain.tld, but
that another machine is), then Postfix has nothing to relay. Wouldn't be
enough just to set relay_domains explicitly to an empty value?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once the
ve priority over more general ones.
If you want to connect to somewhere on the Internet, the kernel will route
the packets via the first interface, because your default gateway is on a
network that your first interface also belongs to.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a m
dress.
reject_unknown_reverse_client_hostname
Reject the request when the client IP address has no address->name
mapping.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
ipient_access, but where you can use a
lookup table containing both sender and recipient addressses, would be an
ideal solution.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
o shouldn't the connection be outright rejected without
attempting AUTH at all?
What am I doing wrong?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
hich
> have been adopted.
>
> https://www.kfki.hu/~kadlec/sw/postfix_patch.html
I understand it's the "check_access" restriction mentioned in the page you
linked? But it is not included in standard Postfix release?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million ye
Dnia 12.08.2022 o godz. 10:27:47 Viktor Dukhovni pisze:
> You neglected to add:
>
> -o smtpd_delay_reject=no
Thank you for your answer. Just a few minutes ago found that out myself and
added this parameter to master.cf! :)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
&quo
Dnia 12.08.2022 o godz. 16:31:04 Jaroslaw Rafa pisze:
> Dnia 12.08.2022 o godz. 10:27:47 Viktor Dukhovni pisze:
> > You neglected to add:
> >
> > -o smtpd_delay_reject=no
>
> Thank you for your answer. Just a few minutes ago found that out myself and
> add
es, and I want to keep my
recipient restrictions even for authenticated clients (they contain
permit_sasl_authenticated pretty early, but the part before this should be
applied even for mail submitted from authenticated clients, it rejects some
local recipient addresses that should not receive mail).
--
someone who needs this asked me about such a
feature. So if you could do it, it would be very nice. Thank you in advance.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
rds,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Dnia 13.08.2022 o godz. 16:23:10 tog...@dinamizm.com pisze:
>
> Have you looked spamhaus or abusix for auth blacklists. They both do a decent
> job
> in blocking auth attempts from nasty IP addresses in my case.
I will look at them. Thank you!
--
Regards,
Jaroslaw Rafa
r...
sions?
I know this is not a Dovecot list, but maybe someone here knows answer to
this? Or maybe someone already wrote such a piece of software and it sits
somewhere in the Net ready to grab?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they'
st use a
completely made-up port instead of 465, that will accept mail only from your
sending server.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
x27;s own servers?
> Also one should be encrypting traffic
> anyway as a matter of best practice.
Use of port 25 (or any other port) does not exclude encryption.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: on
ryption (via STARTTLS).
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
self I had problems with double-signing mail with DKIM.
My solution was to use Spamassassin as milter instead of a post-queue
content filter. I recommend this to everyone.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: on
I don't see
any TLS settings for outbound (smtp_tls_...). So it's nothing strange that
TLS is not used for outbound connections. That's what you exactly told your
Postfix to do.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they
don't understand the "unknown[unknown]" part. The square brackets should
normally contain the IP address of the connecting client. Why is "unknown"
there? How is it possible that Postfix did not recognize the connecting IP?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
n.com> is a simple Postfix alias.
I think this is the job for the mailing list manager software, not for
Postfix.
Mailing list managers (eg. Mailman) usually have extnsive configuration
options to do this.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go
n the insiders map or not.
> I use lmtp for local mail delivery, could that be a problem?
But why can't you configure it in your mailing list manager? It's much
easier than trying to do it in Postfix...
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, whe
s as the original binary package was built, and
replacing only the file(s) I have modified. I did it for example with
ProFTPd, Xymon server or Apache and each time everything worked well...
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school,
lease and migrate
all configs (with manual adjustments if necessary) from the previous OS.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
nt.
>
> Very far-fetched, I thought something might be cached or pinned.
> And as supposed this is not relevant, I tested it and a "04"
> certificate worked well.
There can always be some completely unexpected factor. We should remember
the famous story of "500 miles emai
It simply ignores them
completely. So it will just accept the message, assuming other configured
restrictions (like RBLs) wouldn't reject it.
You have to use additional software to check DKIM/SPF/DMARC.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to
1 - 100 of 511 matches
Mail list logo
