Re: Protection against stolen credentials?

On 15/04/10 17:28, Ignacio García wrote: > The way I think this could be solved is by having a program that: > > 1.- Checks the logs for authenticated smtp usage and saves > smtp_authenticated_user, originating IPs, and country, which is > dicovered using ip geolocation. > 2.- During the following

Re: Protection against stolen credentials?

On 18/04/10 17:27, Ignacio García wrote: > John, thanks so much for your interest. I just downloaded it. Tomorrow > I will be meeting my partner (he's the php guy) adn we will take a > look at it. I'll certainly keep you posted of any developments. > > Best regards, > > Ignacio I have made an updat

mirror status

Wietse by mistake I just managed to download and compile a year old postfix snapshot version (I missed that it was 2009 instead of 2010). Wouldn't it be a good idea to remove the links to outdated mirrors when the status is more than x days old (could be done automatically). Normally I chose a mir

Re: anvil stats/restictions based on SASL username?

On 27/10/10 02:21, Cassidy Larson wrote: > This got me wondering if there's any easy way to have anvil report > stats based on the authenticated SASL username, in addition to the > remote IP address? > > This would help me prevent/monitor potential addresses that are being > used by a botnet system

fatal: bad numerical configuration: postscreen_client_connection_count_limit =

I just upgraded to postfix-2.8-20101130 from postfix-2.8-20101108 I am seeing the following being logged Dec 2 00:16:26 rosalia postfix/postscreen[8147]: fatal: bad numerical configuration: postscreen_client_connection_count_limit = Dec 2 00:16:27 rosalia postfix/master[5648]: warning: process

Re: fatal: bad numerical configuration: postscreen_client_connection_count_limit =

On 02/12/10 00:55, Noel Jones wrote: > On 12/1/2010 5:34 PM, John Fawcett wrote: >> I just upgraded to postfix-2.8-20101130 from postfix-2.8-20101108 >> >> I am seeing the following being logged >> >> Dec 2 00:16:26 rosalia postfix/postscreen[8147]: fata

[PATCH] Re: fatal: bad numerical configuration: postscreen_client_connection_count_limit =

On 02/12/10 01:14, John Fawcett wrote: > I just upgraded to postfix-2.8-20101130 from postfix-2.8-20101108 >>> I am seeing the following being logged >>> >>> Dec 2 00:16:26 rosalia postfix/postscreen[8147]: fatal: bad numerical >>> configuration: postscreen_

Re: Postfix 2.8 stable release soon

On 13/01/11 16:00, Wietse Venema wrote: > There have been a few late changes to clean up the postscreen user > interface. I left in some backwards compatibility support for early > adopters. The backwards compatibility will be removed by the time > of the Postfix 2.8 stable release. > > Wietse

Re: Postfix 2.8 stable release soon

On 14/01/11 13:02, Ralf Hildebrandt wrote: > * John Fawcett : > > >> I get the following warnings with postfix-2.8-20110112 even though I >> don't use any more postscreen_whitelist_networks and >> postscreen_blacklist_networks in my configuration ha

Re: Postfix 2.8 stable release soon

On 14/01/11 13:33, Wietse Venema wrote: > John Fawcett: > >> Jan 14 10:53:12 rosalia postfix/postscreen[1328]: warning: To stop this >> warning, SPECIFY EMPTY VALUES FOR POSTSCREEN_WHITELIST_NETWORKS AND >> POSTSCREEN_BLACKLIST_NETWORKS >> &g

postscreen_access_list action code

Up to now I have been using the same access file for: check_client_access in smtpd_mumble_restrictions and postscreen_whitelist_networks. since the client ips I had whitelisted for smtpd would also be whitelisted for postscreen (in particular this whitelisting is used to avoid DNSBL checks on spe

Re: postscreen_access_list action code

On 14/01/11 14:50, Wietse Venema wrote: > John Fawcett: > >> Up to now I have been using the same access file for: >> >> check_client_access in smtpd_mumble_restrictions >> and >> postscreen_whitelist_networks. >> >> since the client ips I had wh

Re: postfix/trivial-rewrite: warning: mysql query failed: Illegal mix of collations

On 26/01/11 12:05, Claudio Prono wrote: > Uhm, i have another information about that case: the mail are sended to > postfix from an antispam appliance (Symantec). Can be a problem of > config of that antispam results illegal characters are sended to postfix? > > Anyway, here is my conf > > user = p

Re: postfix/trivial-rewrite: warning: mysql query failed: Illegal mix of collations

On 27/01/11 13:19, Wietse Venema wrote: > John Fawcett: > >> Claudio >> the problem is happening because your column definition for "domain" >> column has character set latin1 (which by default has collation >> latin_swedish_ci) and the data being pas

Re: postfix/trivial-rewrite: warning: mysql query failed: Illegal mix of collations

On 28/01/11 13:12, Wietse Venema wrote: > John Fawcett: > > If UTF8SMTP support is introduced in Postfix, what rules should Postfix >> follow for interpreting email addresses? That if there is at least one >> non-ascii character, the string is treated as utf8 else it i

Re: postfix/trivial-rewrite: warning: mysql query failed: Illegal mix of collations

On 28/01/11 21:56, Wietse Venema wrote: > John Fawcett: > >> On 28/01/11 13:12, Wietse Venema wrote: >> >>> John Fawcett: >>> >>> If UTF8SMTP support is introduced in Postfix, what rules should Postfix >>> >>>>

Re: postfix/trivial-rewrite: warning: mysql query failed: Illegal mix of collations

On 29/01/11 00:02, Reindl Harald wrote: > Am 28.01.2011 23:44, schrieb Victor Duchovni: > >> On Fri, Jan 28, 2011 at 11:40:42PM +0100, Reindl Harald wrote: >> >> >>> what i really not understand in this post is why the OP >>> doens not change all his charset/collation to UTF8 >>> to avoid m

Option to log clients that execute invalid commands or disconnect with no email delivery

I use fail2ban in order to block some types of apparently malicious connections to postfix when the clients keep retrying. For example the following fail2ban regexes match cases I currently block by parsing the maillog. reject: RCPT from (.*)\[\]: 554 lost connection after AUTH from (.*)\[

Re: PATCH: Option to log clients that execute invalid commands or disconnect with no email delivery

On 28/06/13 22:30, Wietse Venema wrote: > Wietse Venema: >> John Fawcett: >>> I use fail2ban in order to block some types of apparently malicious >>> connections to postfix when the clients keep retrying. For example the >> As you agree logging every failed comman

Re: PATCH: Option to log clients that execute invalid commands or disconnect with no email delivery

On 28/06/13 23:33, John Fawcett wrote: > On 28/06/13 22:30, Wietse Venema wrote: >> Wietse Venema: >>> John Fawcett: >>>> I use fail2ban in order to block some types of apparently malicious >>>> connections to postfix when the clients keep retrying. For

Re: PATCH: Option to log clients that execute invalid commands or disconnect with no email delivery

On 28/06/13 22:30, Wietse Venema wrote: > Wietse Venema: >> John Fawcett: >>> I use fail2ban in order to block some types of apparently malicious >>> connections to postfix when the clients keep retrying. For example the >> As you agree logging every failed comman

Re: PATCH: Option to log clients that execute invalid commands or disconnect with no email delivery

On 01/07/13 02:18, Wietse Venema wrote: > John Fawcett: >> I would like to propose the following addition. As well as logging >> error_count as per the original patch, it also logs the number of >> messages accepted during the smtp session. The aim of that would be to >

Re: PATCH: Option to log clients that execute invalid commands or disconnect with no email delivery

On 01/07/13 02:59, Wietse Venema wrote: > Wietse Venema: >> John Fawcett: >>> I would like to propose the following addition. As well as logging >>> error_count as per the original patch, it also logs the number of >>> messages accepted during the smtp

Re: Option to log clients that execute invalid commands or disconnect with no email delivery

On 01/07/13 04:30, Stan Hoeppner wrote: > On 6/28/2013 12:31 PM, John Fawcett wrote: > >> One type of connection which I cannot block in fail2ban are clients that >> try the AUTH command on port 25, where I have disabled it. I got 245 >> connections this morning in the spac

Re: Why Postfix always complain "unexpected EOF" with my own tcp_table program?

On 28/07/13 08:27, Zhang Huangbin wrote: > Dear all, > > I wrote a simple daemon service in Python, it's used in Postfix > transport_maps like this: > > transport_maps = tcp:127.0.0.1:1234 > > It always returns '200 my_transport\n' as described in Postfix manual page > tcp_table(5), but Postfix a

minor typo in log message

I noticed this minor typo in a log message in util/vstring_vstream.c in function vstring_get_null_bound I guess if (bound <= 0) msg_panic("vstring_get_nonl_bound: invalid bound %ld", (long) bound); should be if (bound <= 0) msg_panic("vstring_get_null_bound: invalid boun

[Code submission] Postfix ODBC support

ysql by: /* Scott Cotton /* IC Group, Inc. /* sc...@icgroup.com /* /* Joshua Marcus /* IC Group, Inc. /* j...@icgroup.com /* /* dict_odbc submission by: /* John Fawcett /* j...@voipsupport.it /* /*--*/ /* System library. */ #include "sys_defs.h" #ifdef HAS_ODBC #include #include #includ

Fwd: [Code submission] Postfix ODBC support

... -lodbc ' Original Message Subject: [Code submission] Postfix ODBC supportDate: Sat, 26 Apr 2014 10:50:26 +0200From: John Fawcett To: Postfix users I am submitting the attached code (patches to some existing files and two new files: dict_odbc.c and dict_odbc.h) which a

Re: Cassandra/NoSQL table support

On 24/04/14 16:50, Wietse Venema wrote: > List: >> On 4/23/14, 3:24 PM, Wietse Venema wrote: >>> List: Are there any plans or existing projects that support connecting Postfix to a Cassandra cluster to execute CQL queries for table lookups? Or any other NoSQL databases? >>> If someo

Re: postfix will not send

On 31/12/2021 10:36, Doug Denault wrote: This is a postfix/cyrus/mysql system running in a FreeBSD jail. It is (as far as I can make it) identical to a bare metal with the same configuration. Delivery & reading email works fine, the jailed system will not send email failing with: cyrus postfi

Re: postfix will not send

On 31/12/2021 11:56, John Fawcett wrote: On 31/12/2021 10:36, Doug Denault wrote: This is a postfix/cyrus/mysql system running in a FreeBSD jail. It is (as far as I can make it) identical to a bare metal with the same configuration. Delivery & reading email works fine, the jailed system

Re: Mail system is down

On 03/01/2022 00:06, Ken Wright wrote: On Sun, 2022-01-02 at 17:30 -0500, Wietse Venema wrote: Ken Wright: On Sun, 2022-01-02 at 16:01 -0500, Wietse Venema wrote: Does it also fail when run as root? In that case, ??? # strace -e connect postqueue -p |&grep showq Otherwise, some temporary hac

Re: Mail system is down

On 03/01/2022 00:37, Wietse Venema wrote: Here is what happens on m system. As root: # chmod g-s /usr/sbin/postdrop # ls -l /usr/sbin/postdrop -rwxr-xr-x 1 root postdrop 44472 Dec 23 18:08 /usr/sbin/postdrop # chmod 777 /var/spool/postfix/public # ls -ld /var/spool/postfix/public /var/spool/post

Re: postconf -d smtpd_relay_restrictions

On 05/01/2022 20:19, Jim Popovitch wrote: This can't be right Using 'postconf -d smtpd_relay_restrictions'... ...on postfix v3.5 (Debian/Buster) smtpd_relay_restrictions = ${{$compatibility_level} < {1} ? {} : {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}} ...on

Re: postconf -d smtpd_relay_restrictions

On 05/01/2022 21:21, Jim Popovitch wrote: On Wed, 2022-01-05 at 20:45 +0100, John Fawcett wrote: On 05/01/2022 20:19, Jim Popovitch wrote: This can't be right Using 'postconf -d smtpd_relay_restrictions'... ...on postfix v3.5 (Debian/Buster) smtpd_rel

Re: postconf -d smtpd_relay_restrictions

On 06/01/2022 00:47, Jim Popovitch wrote: On Thu, 2022-01-06 at 00:11 +0100, John Fawcett wrote: On 05/01/2022 21:21, Jim Popovitch wrote: On Wed, 2022-01-05 at 20:45 +0100, John Fawcett wrote: On 05/01/2022 20:19, Jim Popovitch wrote: This can't be right Using 'p

Re: warning: process /usr/local/libexec/postfix/postscreen pid xxxxx killed by signal 11

On 20/04/2022 22:20, Michael Grimm wrote: Hi, this is postfix 3.8-20220325 (FreeBSD port postfix-current) on FreeBSD 13.1-STABLE. Michael is this problem happening on one of the RC versions of FreeBSD 13.1? On the FreeBSD site at the moment, unless I'm misreading it, I see the latest 13.1

Re: postscreen seqfaults with abusix rbl

On 05/10/2020 22:19, Wietse Venema wrote: > Benny Pedersen: >> Oct 5 17:01:09 localhost kernel: postscreen[387]: segfault at 0 ip >> 7f78d9773cea sp 7ffeb1cb0960 error 4 in >> libpostfix-util.so[7f78d9759000+29000] >> Oct 5 17:09:51 localhost kernel: postscreen[1310]: segfault at 0 ip

Re: postscreen seqfaults with abusix rbl

On 05/10/2020 23:18, John Fawcett wrote: > On 05/10/2020 22:19, Wietse Venema wrote: >> Benny Pedersen: >>> Oct 5 17:01:09 localhost kernel: postscreen[387]: segfault at 0 ip >>> 7f78d9773cea sp 7ffeb1cb0960 error 4 in >>> libpostfix-util.so[7f7

Re: postscreen seqfaults with abusix rbl

On 06/10/2020 00:05, Wietse Venema wrote: > John Fawcett: >> Actually to be more precise: is it guaranteed to return not null and >> with all the function pointers in the returned dict struct also not >> null. I'm adding this because I think it does always return somethin

Re: question about migration user from ldap t mysql

On 12/10/2020 13:02, natan wrote: > Hi > I have all users in openldap. In openldap I have password crypt+base64 > > after decoding base64 : > {CRYPT}$1$AvMW4io/$DDq.. > > In postfix auth via saslauthd: > > cat /etc/saslauthd.conf > > ldap_auth_method: custom > ldap_filter: > (&

Re: question about migration user from ldap t mysql

On 12/10/2020 18:07, natan wrote: > Hi > Thanks for replay John - maybe better is change saslauthd to > dovecot-auth ? > > For authenticating against dovecot you can use the saslauthd to authenticate against an imap server - can't say much about that as I've never used it. Or you can have postfix a

Re: Occasional transient "Insufficient system storage" errors

On 15/10/2020 09:44, Dara Poon wrote: > (Well, that was embarrassing! I had a Spamassassin milter on outbound mail > that tagged my own message as a false positive. Sending it again for > readability. Sorry!) > > > > I'm seeing very occasional "Insufficient system storage" errors in my > /var

Re: Mail server recently became an open relay

On 18/10/2020 06:32, Viktor Dukhovni wrote: > On Sat, Oct 17, 2020 at 09:14:50PM -0700, Rich Wales wrote: > >> Thanks. I was actually thinking something of the sort myself -- my >> server is indeed behind a separate firewall appliance. >> >> However, other e-mail (such as your recent reply to my i

Re: Mail server recently became an open relay

On 19/10/2020 20:50, Rich Wales wrote: > John Fawcett wrote: > >> One thing I would suggest looking at is if there is a web server running >> on the same host it may be allowing email to be injected into postfix >> via smtp on the loopback interface using some scripting

Re: Can a more useful bounce message be provided

On 13/11/2020 07:38, li...@lazygranch.com wrote: > My server bounced a message. Here is the server log (sanitized). > - > Nov 13 02:07:52 myserver postfix/smtpd[27706]: NOQUEUE: reject: RCPT > from sonic302-23.consmr.mail.gq1.yahoo.com[98.137.68.149]: 554 5.7.1 > Service

Re: Can a more useful bounce message be provided - correction

On 13/11/2020 07:38, li...@lazygranch.com wrote: > My server bounced a message. Here is the server log (sanitized). > - > Nov 13 02:07:52 myserver postfix/smtpd[27706]: NOQUEUE: reject: RCPT > from sonic302-23.consmr.mail.gq1.yahoo.com[98.137.68.149]: 554 5.7.1 > Service

Re: Can a more useful bounce message be provided - correction

On 15/11/2020 09:52, Nick Tait wrote: > On 14/11/20 7:30 am, Phil Stracchino wrote: >> I think what the OP is asking here is, can Yahoo/Oath be compelled to >> provide a more useful failure message relaying the informative response >> provided by OP's Postfix instance. >> >> And the answer to that,

Re: lower case email address for delivery

On 28/11/2020 11:30, Juerg Reimann wrote: > Dear list members, > > Interesting phenomenon on a newly setup system: > > 2020-11-28T11:15:48+01:00 localhost postfix/lmtp[98782]: [ID 197553 > mail.info] DDB5E8456: to=, > relay=my.host.tld[private/dovecot-lmtp], delay=0.04, delays=0.02/0/0.01/0.01,

Re: master.cf - multi IPv6 bindings but single IPv4 fallback in mixedmode possible??

On 08/27/2015 05:01 AM, dravion.sm...@gmx.net wrote: > Hi John > > I just moved the topic off the devel list > > >from the postfix side you can do it without multiple instances. You'd > >need an additional lmtp transport in master.cf with customized settings > >for lmtp_bind_address/lmtp_bind_addre

Re: Fwd: Mailing List postfix server

On 09/05/2015 05:59 AM, Alberto Lepe wrote: > > > Could someone tell me which settings may be producing this effect? > > Please find the output of "postconf" (changed real domain), and the > content of "amavis.conf" and "master.cf " in these > links: > > http://pastebin.com/Vd5Amr

Re: fetchmail-postfix-relay and filter

On 09/05/2015 12:39 PM, Thomas wrote: > > Hi, > > i am pretty new to postfix, > > i have set up a postfix sever that forwards mail over a relay host > (gmail.com), which comes from another external server with fetchmail. the risk of this is that you end up forwarding some spam messages which will t

Re: Possible Bug ? postfix 3.1.0-3 fails on mysql table lookup

On 07/03/2016 05:35 PM, Joel Linn wrote: > > Hi guys, > > think I found a bug using Ubuntu 16.04, can you confirm this? > > ... Hi it's not actually a bug. Postfix does not support mysql stored procedures. This was discussed here back in 2008: http://osdir.com/ml/mail.postfix.devel/2008-02/msg000

Re: AW: Possible Bug ? postfix 3.1.0-3 fails on mysql table lookup

mplement stored-procedure support in the >>> > Postfix MySQL client. >>> > >>> > http://dev.mysql.com/doc/refman/5.7/en/c-api-multiple-queries.html >>> > >>> > Wietse >>> >>> Thanks for the link. >>> An interesting

Re: AW: Possible Bug ? postfix 3.1.0-3 fails on mysql table lookup

On 07/04/2016 09:58 PM, j...@conductive.de wrote: > > Quoting John Fawcett : >> I can propose a code submission to add stored procedure support (based >> on the proof of concept code from 2008), but the biggest part will be >> doing the testing and non regression testi

Re: mysql lookup table and utf8

On 09/15/2016 05:35 PM, Phil Stracchino wrote: > On 09/15/16 06:49, Wietse Venema wrote: >> Phil Stracchino: >>> Well, it's supposed to Just Work if they're using libmysqlclient. I'm >>> not sure where to get the information of NOT using libmysqlclient, other >>> than just searching likely locatio

Re: mysql lookup table and utf8

On 09/19/2016 12:13 AM, Viktor Dukhovni wrote: >> On Sep 18, 2016, at 6:03 PM, John Fawcett wrote: >> >> In order to get libmysqlclient to read the standard options file >> you have to specifically define the group name to read from that file >> for example "y

Re: mysql lookup table and utf8

On 09/19/2016 12:50 AM, Wietse Venema wrote: > John Fawcett: >>> Care to post a patch for src/global/dict_mysql.c? Do you >>> think that the "prog_name" should be configurable? Perhaps >>> allowing different Postfix instances to run with different &

Re: mysql lookup table and utf8

On 09/24/2016 03:52 PM, Wietse Venema wrote: > Wietse Venema: >> Looks good (I'll fix typos). It works with the system by using what oops, thanks for picking that up. > Before I forget, did you verify that: > > - The 'old' code reproduces the problem (postmap -q fails to look > up a database key

Re: mysql lookup table and utf8

On 09/24/2016 05:18 PM, John Fawcett wrote: > I have also looked at the latest mysql > 5.7.15 source and it does the same thing. > see mysql_read_default_options in mysql-5.7.15/sql-common/client.c > groups[0]= (char*) "client"; groups[1]= (char*) group; groups[2]=0;

Re: mysql lookup table and utf8

On 09/25/2016 02:21 AM, Wietse Venema wrote: > Wietse: > Summary > === > I think I found a libmysqlclient bug. According to documentation: > > The [client] option group is read by all client programs (but > not by mysqld). This enables you to specify options that apply > to all clie

Re: mysql lookup table and utf8

On 09/25/2016 06:36 PM, Wietse Venema wrote: > Wietse Venema: >> For Postfix 3.2 I'll update code and documentation, such that the >> default option_group value becomes "client". This causes the "client" >> option group to be read twice instead of never (reading it once >> is not an option). To get

Re: mysql lookup table and utf8

On 09/25/2016 08:04 PM, John Fawcett wrote: >> I'll update their documentation with a >> >> suggestion to specify "option_group = client". An incompatible >> >> code change would be forbidden. > > I'd appreciate it if you could do some te

Re: Blocking nobody - sometimes

On 10/01/2016 12:47 PM, D'Arcy J.M. Cain wrote: > I am having trouble figuring out how to do do this. Hopefully someone > here can help me figure it out. The problem is email coming from my > web server. I use "permit_mynetworks" in all of the restrictions > entries but that's a bit too liberal.

Re: AW: Possible Bug ? postfix 3.1.0-3 fails on mysql table lookup

On 11/22/2016 01:35 AM, Joel Linn wrote: > Hey Guys, > > this issue has decayed a bit but I now finally found the time (and the > nerves) to integrate the fix in my system. > I'm running Ubuntu 16.04 and trying not change to many things and be > able to have clean comparison I applied the patch to

Re: AW: Possible Bug ? postfix 3.1.0-3 fails on mysql table lookup

On 11/23/2016 10:54 PM, j...@conductive.de wrote: > On 2016-11-23 21:57, John Fawcett wrote: >> On 11/22/2016 01:35 AM, Joel Linn wrote: >>> Hey Guys, >>> >>> this issue has decayed a bit but I now finally found the time (and the >>> nerves) to in

Re: AW: Possible Bug ? postfix 3.1.0-3 fails on mysql table lookup

On 11/27/2016 01:47 PM, John Fawcett wrote: > On 11/23/2016 10:54 PM, j...@conductive.de wrote: >> On 2016-11-23 21:57, John Fawcett wrote: >>> On 11/22/2016 01:35 AM, Joel Linn wrote: >>>> Hey Guys, >>>> >>>> this issue has decayed a bit but

Re: Prevention of sending authentication via plaintext on port 25.

On 12/03/2016 04:10 PM, Wietse Venema wrote: > rich.gre...@hushmail.com: >> There are ports that exist for encrypted transfer of this data >> (such as 465, 587). What is the current state of the art for >> preventing the user's client software from being able to do this >> (sending their authentic

Re: Prevention of sending authentication via plaintext on port 25.

On 12/03/2016 05:25 PM, rich.gre...@hushmail.com wrote: > Here I am, replying to my own post again. What I said in the prior post > wasn't entirely true. I realized that I used the wrong password in my prior > attempt. I am still granted access to the SMTP service after authenticating > in pl

Re: Prevention of sending authentication via plaintext on port 25.

correcting my own typo now On 12/03/2016 05:44 PM, John Fawcett wrote: > On 12/03/2016 05:25 PM, rich.gre...@hushmail.com wrote: >> Here I am, replying to my own post again. What I said in the prior post >> wasn't entirely true. I realized that I used the wrong password in

Re: Stopping compromised accounts

On 12/06/2016 02:52 AM, Alex wrote: > Hi, > > I have a postfix-3.0.5 system with a few hundred users. They have > access to submission, webmail, and dovecot to send and receive mail. > > On occasion, user's local desktop are compromised, and with it their > account on this system. This leads to the

Re: smtpd ... SSL_accept error from ... lost connection

On 12/11/2016 09:25 AM, Dominic Raferd wrote: > In general my postfix mail server is working well, it is receiving > emails with optional STARTTLS. But I am occasionally seeing an error > message like this in the log: > > 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from > unknown

Re: smtpd ... SSL_accept error from ... lost connection

On 12/11/2016 09:43 AM, John Fawcett wrote: > On 12/11/2016 09:25 AM, Dominic Raferd wrote: >> In general my postfix mail server is working well, it is receiving >> emails with optional STARTTLS. But I am occasionally seeing an error >> message like this in the log: >>

Re: smtpd ... SSL_accept error from ... lost connection

On 12/11/2016 10:00 AM, Dominic Raferd wrote: > On 11 December 2016 at 08:43, John Fawcett wrote: >> On 12/11/2016 09:25 AM, Dominic Raferd wrote: >>> In general my postfix mail server is working well, it is receiving >>> emails with optional STARTTLS. But I am o

Re: How to obtain blacklists IP lists

On 12/17/2016 08:49 AM, Roger Goh wrote: > > This may have been raised before: > > we received quite a few malicious emails (containing malicious > attachments) > & on tracing the senders' IP (from the 'Internet Headers' of the received > mails) & key into one of the services below, noted they are

Re: AW: Possible Bug ? postfix 3.1.0-3 fails on mysql table lookup

On 12/18/2016 02:09 AM, Wietse Venema wrote: > I have been working this code into Postfix, and have a comment > about error reporting for old-style queries. > >> while ((host = dict_mysql_get_active(dict_mysql)) != NULL) { >> #if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 4 >> @@ -5

Re: Feature backed out (SSL Problem with 2.12-20141013...)

On 16/10/14 02:08, Wietse Venema wrote: > I have backed out the TLS fall-back feature that is having problems. > postfix-2.12-20141015 should be OK. > > In the mean time, Viktor and I will iron out the wrinkles starting > with postfix-2.12-20141015-nonprod. > > Wietse At the moment the link o

Fail2ban for postfix not blocking

I recently noticed that my fail2ban settings were no longer triggering on postfix. I'd advise anyone who uses fail2ban to check their filter configuration (e.g. /etc/fail2ban/filter.d/postfix.conf) and to run it through fail2ban-regex with some example log lines that are required be blocked. The

Re: Postfix delivery problem

On 12/23/2016 09:47 AM, G. Schlisio wrote: > Dear list, > > We have a mail server with postfix and dovecot on Archlinux where we > have mail > addresses with local unix accounts (authenticated by pam) and without > unix accounts (dovecot passwd-file authentication). The problem only > affects those

Re: Postfix delivery problem

On 12/23/2016 10:33 AM, G. Schlisio wrote: >> Georg >> >> probably the best thing is to compare your previous configuration to the >> new one and see what changed. >> >> For help with your current configuration, you should post it. >> >> John > hi john, > > thank you for your suggestion. as i tried

Re: Postfix delivery problem

On 12/23/2016 12:34 PM, G. Schlisio wrote: >> Hi Georg >> >> for reporting problems you can refer to >> http://www.postfix.org/DEBUG_README.html#mail if you have not already >> seen it. >> >> For the configuration, command output from * >> * >> >> *postconf -n* >> >> *postconf -Mf* >> >> is a good

Re: Postfix delivery problem

On 12/23/2016 01:56 PM, G. Schlisio wrote: >> Couldn't find the postconf -n output at that link > sorry, correct link for postconf -n: http://termbin.com/w509 It doesn't look like "local" is even attempting to open the mailbox_transport_maps file. That's a good indication that the config file you

Re: Access table lookup not as expected

On 12/23/2016 03:13 PM, Dominic Raferd wrote: > Obviously I am being thick but can someone explain why this does not > work as I would expect. Basically email addresses are not matching > against domain names in a hashed database: > > $ postconf|grep "^parent_domain_matches_subdomains.*smtpd_access

Re: Postfix delivery problem

On 12/23/2016 03:20 PM, G. Schlisio wrote: > Am 23.12.2016 um 15:11 schrieb John Fawcett: >> On 12/23/2016 01:56 PM, G. Schlisio wrote: >>>> Couldn't find the postconf -n output at that link >>> sorry, correct link for postconf -n: http://termbin.com/w509 >

Re: Postfix delivery problem

On 12/23/2016 03:56 PM, G. Schlisio wrote: >> It was worth checking the obvious to exclude it. >> >> I suspect that one of the system libraries used by the .forward >> mechanism has been impacted by your upgrade. >> >> If you don't need to use .forward files you might try setting >> >> forward_path

Re: Access table lookup not as expected

On 12/23/2016 03:34 PM, Dominic Raferd wrote: > On 23/12/2016 14:27, John Fawcett wrote: >> On 12/23/2016 03:13 PM, Dominic Raferd wrote: >>> Obviously I am being thick but can someone explain why this does not >>> work as I would expect. Basically email addresses a

Re: Access table lookup not as expected

On 12/23/2016 05:29 PM, John Fawcett wrote: > On 12/23/2016 03:34 PM, Dominic Raferd wrote: >> On 23/12/2016 14:27, John Fawcett wrote: >>> On 12/23/2016 03:13 PM, Dominic Raferd wrote: >>>> Obviously I am being thick but can someone explain why this does not >>

Re: Postfix delivery problem

On 12/23/2016 04:29 PM, John Fawcett wrote: > On 12/23/2016 03:56 PM, G. Schlisio wrote: >>> It was worth checking the obvious to exclude it. >>> >>> I suspect that one of the system libraries used by the .forward >>> mechanism has been impacted by your up

Re: Access table lookup not as expected

ignore the previous message it was sent in the wrong thread, apologies for the noise.

Re: Postfix delivery problem

On 12/23/2016 06:22 PM, G. Schlisio wrote: >> Georg >> >> Replying to my own post: on re-reading the specification, it looks clear >> >> "On success, *getpwnam_r*() and *getpwuid_r*() return zero, and set >> /*result/ to /pwd/. If no matching password record was found, these >> functions return 0 a

Re: Postfix delivery problem

On 12/24/2016 01:19 AM, Wietse Venema wrote: > John Fawcett: >>>> "On success, *getpwnam_r*() and *getpwuid_r*() return zero, and set >>>> /*result/ to /pwd/. If no matching password record was found, these >>>> functions return 0 and store NULL in /*res

Re: Postfix delivery problem

On 12/24/2016 02:43 PM, G. Schlisio wrote: > > Am 24.12.2016 um 08:40 schrieb John Fawcett: >> On 12/24/2016 01:19 AM, Wietse Venema wrote: >>> John Fawcett: >>>>>> "On success, *getpwnam_r*() and *getpwuid_r*() return zero, and set >>>>&

Re: MySQL stored-procedure support for Postfix 3.2

On 12/25/2016 01:17 AM, Wietse Venema wrote: > John Fawcett: >> Revised patch to improve error reporting when no result set containing >> data is returned > This code is now part of postfix-3.2-20161224-nonprod, slightly > edited to simplify error handling. I would be inter

Re: AW: Possible Bug ? postfix 3.1.0-3 fails on mysql table lookup

On 12/18/2016 09:38 PM, John Fawcett wrote: > On 12/18/2016 02:09 AM, Wietse Venema wrote: >> What if Postfix made an old-style query? I think it should just >> report the old-style error here. >> >> Wietse > I agree. It might be as simple as changing &g

Re: MySQL stored-procedure support for Postfix 3.2

On 12/25/2016 09:30 AM, John Fawcett wrote: > On 12/25/2016 01:17 AM, Wietse Venema wrote: >> John Fawcett: >>> Revised patch to improve error reporting when no result set containing >>> data is returned >> This code is now part of postfix-3.2-20161224-nonprod, sli

Re: Postfix delivery problem

On 12/25/2016 11:10 AM, G. Schlisio wrote: >> Georg >> >> I don't think there is enough evidence at the moment to say with >> certainty that any change in glibc has introduced the problem, since you >> were using that for a while now without seeing issues. >> >> I'd still be interested in knowing w

Re: MySQL stored-procedure support for Postfix 3.2

On 12/25/2016 04:46 PM, Wietse Venema wrote: > John Fawcett: > [ Charset windows-1252 converted... ] >> On 12/25/2016 09:30 AM, John Fawcett wrote: >>> On 12/25/2016 01:17 AM, Wietse Venema wrote: >>>> John Fawcett: >>>>> Revised patch to impro

Re: Postfix delivery problem

On 12/25/2016 05:12 PM, Wietse Venema wrote: > John Fawcett: >> for an inexistent user for strings up to 31 chars. From 32 chars onwards >> instead of returning not found it retuns EINVAL (invalid argument). >> >> ./test AAA

Re: Postfix delivery problem

On 12/25/2016 06:30 PM, G. Schlisio wrote: >> I tried that on archlinux. The above program still produces EINVAL for >> login names between 32 and 255 inclusive. >> >> _SC_LOGIN_NAME_MAX is 256 on that platform. >> >> John >> > hi, > > earlier i tried with literal "AA", which was probably not w

Re: Postfix delivery problem

On 12/25/2016 07:40 PM, John Fawcett wrote: > Hi Georg > thanks for that, so at least we have consistent behaviour which is good. > I had got the from your logging without realizing it was > anonymized. > > Now the problem to solve is why the user names you are testi

  1   2   3   >