proxy filter failover

Greetings! I'm using Posfix for years and like it a lot, but now I'm a bit confused what will be best option for smtpd_proxy_filter failover. One possible option is to use multiple A records on DNS, but dependency on one more service is unwanted thing. Any other options there? -- Regards, KSB

Re: REJECT with Before-Queue Content Filter?

On 2012.08.27. 22:15, Brian Evans - Postfix List wrote: I'm sure there are before-queue filters out there, but you cannot use a pipe. You must create/find a front-end that speaks SMTP as noted at the bottom of the SMTPD_PROXY_README. Brian For example spampd. __ KSB

Re: smtpd_proxy_filter (before-queue) per domain?

for some domains? __ KSB

Re: smtpd_proxy_filter (before-queue) per domain?

robot will set right whitelisted-sender domain. __ KSB

Re: smtpd_proxy_filter (before-queue) per domain?

gs/10-Garfinkel.pdf Wietse Ok, but if client has only specialised computers with only traffic allowed to our smtp and w/o usb and other external media devices? __ KSB

Re: smtpd_proxy_filter (before-queue) per domain?

On 2012.09.11. 13:56, Wietse Venema wrote: Your specialized niche problem is not in the 90% of the problem space that Postfix solves. Postfix does not have to solve all problems. Wietse So You suggest to stick with other MTA? __ KSB

Re: smtpd_proxy_filter (before-queue) per domain?

... __ KSB

Re: RoundCube vs squirrelmail (pros and cons)

? -- KSB

Re: RoundCube vs squirrelmail (pros and cons)

:( -- KSB

Re: Does this IP have reverse DNS?

.in-addr.arpa. IN PTR ;; ANSWER SECTION: 212.0.171.63.in-addr.arpa. 86400 IN CNAME 63.171.0.212.cust.lkq.sprintlink.net. 63.171.0.212.cust.lkq.sprintlink.net. 86400 IN PTR mail1.lkqcorp.com. -- KSB

Re: Too much traffic

out. Bye, --- Fernando Maciel Souto Maior Probably they are NDR, so look inside of one of the messages with pfqueue to see original sender, ip, contents and so on... -- KSB

Re: TLS library problem - SSL routines:SSL3_GET_RECORD - wrong version number

[109.205.120.110]:25, delay=580, delays=580/0.01/0.42/0, dsn=4.4.2, status=deferred (lost connection with isa.dominantecapital.lv[109.205.120.110] while sending MAIL FROM) but here I have "while sending MAIL FROM". What else info I need to supply, to figure out what is wrong? -- Regards, KSB

Re: Will I lose mail?

though, I should have thought to check the queue-id (and the Date: headers). What You mean with "IMAP is lying"? It is MUA, what shows last received date instead of header's Date:? -- KSB

Re: [EXTERNAL] Nessus says I have an open relay

there are more problems from stollen(by malware) credentials, than from trusted client networks without any other AUTH. -- KSB

Re: Nessus says I have an open relay

e Bathtub." Please don't make a new e-mail thread(or don't remove references) for each reply and please don't top-post. Thank you! -- KSB

MX lookup fallback to A

r some RFC and can this behavior be changed, to not try A? -- KSB

Re: MX lookup fallback to A

ould needlessly bloat some DNS zones and increase DNS traffic volume because a "no answer" reply to an initial MX query is smaller than a reply with an answer record of the same name as the one being queried. OK, that's clear now. Thank You for explanation! -- KSB

Re: WoSign/StartCom CA in the news

keys with each update, and that is easily avoided. -Ralph No, probably they will go down to 30 days as most admins learn to do automation. -- KSB

Re: WoSign/StartCom CA in the news

s. http://www.enom.com/secure/geotrust-ssl-certificates.aspx When we need some specific certificates, our company used to by from GoGetSSL.com Geotrust's rapid for comparision: https://www.gogetssl.com/rapidssl/ -- KSB

TLS AUTH forcing - thinkering

works permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname and also that old scanners don't qualify for correct hello, so we cannot say to them "use 25 port, which can be used without TLS". So I'm thinking about best compromise in this situation... Ideas? -- KSB

Re: TLS AUTH forcing - thinkering

On 2016.09.28. 18:03, KSB wrote: Hi! I would like to use smtpd_tls_auth_only=yes at least for submission port, but we have rare customers who have old scannners which don't support SSL/TLS(as they say). We also have probably strict HELO: smtpd_helo_required = yes smtpd_helo_restric

Re: A highly goofed installation Postfix/Dovecot/Squirrelmail

a very complex thing and minimalistic and correct how-to would help to comparably quick "kick-in" and get a proper working server. After comes real learning, adjusting, rebuilding and so on. -- KSB

Re: custom script adds header

t facility, which makes stop&start. -- KSB

Supporting legacy clients

Regards to ciphers configuration - everything is left default: # postconf -n | grep cipher # We also noticed that tls_medium_cipherlist has changed, is it cause of this problem (real cause is old software though)? -- KSB

Re: Supporting legacy clients

On 2017.03.08. 17:53, Viktor Dukhovni wrote: On Mar 8, 2017, at 5:51 AM, KSB wrote: After upgrading to postfix 3.1 (from 2.9), one of our clients said, it cannot send mail anymore(he has OE6 on XP and said it's planned to upgrade, but not now). What we got in log's: postfix/s

sender_dependent_relayhost_maps failover

Hi, Is it possible to configure sender_dependent_relayhost_maps with failover hosts, probably with priorities? -- KSB