proprietary info first...
Mark Moellering
rican
Express" from unknown[83.217.119.xx];
from= to= proto=ESMTP
helo=<[83.217.119.xx]>: 5.7.1 aexp is a spamdomain.
Shouldn't the 5.7.1 be prefixed by a 550? Or, does postfix do this and
it is not logged?
Thank you,
Mark.
ve recipient addresses. Annoying,
especially for domains that have a wildcard.
Normally I wouldn't do blocking this way, but in this case it just
prevents later tests, simply rejecting delivery on sight of the domain
name. It's a small setup, mostly for myself so I don't think it can hurt.
Mark
ide of the curly brackets the problem disappeared.
That were 3 hours I'll never get back. Ok, I'll be honest, I didn't
*immediately* turn quota off..
So: if you want to add comments to a maildrop filter, be sure to never
do it in the way above.
I just had to share it. After all, who knows, someone else might run
into this same issue. :)
Mark
Thanks Victor, a few great tips, which I will investigate and report back on.
On 13 October 2019 20:20:05 BST, Viktor Dukhovni
wrote:
>On Sun, Oct 13, 2019 at 10:44:05AM -0700, mbridgett wrote:
>
>> I have a problem at the moment, specifically with Epic Games - who
>are
>> claiming that they are
pient_restrictions =
permit_mynetworks,
reject_unauth_destination,
...
check_policy_service unix:private/policyd-spf
# ls -l /var/spool/postfix/private/policyd-spf
srw-rw-rw- 1 postfix postfix 0 Jan 6 16:09
/var/spool/postfix/private/policyd-spf
HTH,
Mark.
--
Ma
emporarily while working on the system is a Good Thing,
as it means you don't lose mail if you break the configs in any way :-)
But having 450 as the standard response to a permanently undeliverable
message is just stupid.
Mark
t you're still limited by what is possible and what will not cause
secondary issues for yourself or your other clients. Sometimes, you just
have to say "no".
Mark
in such a way?
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Applied Technologies
GPG Key: http://www.linux-corner.info/mwatts.gpg
signature.asc
Description: This is a digitally signed message part.
On Wednesday 28 January 2009 13:10:52 Wietse Venema wrote:
> Mark Watts:
> > I have a requirement to split a postfix relay installation across two
> > servers.
> >
> > One server will be responsible for receiving incoming SMTP email, and
> > queueuing it on d
HTML. Try switching to
sending multipart/alternative. Or, even better, send in text/plain when
there's no need for HTML - your message to this list had absolutely no
need to be HTML at all, as all it was was text. Only use HTML when you
have to, and when you do have to always send an alternative.
Mark
out entirely off, as this
way the SSL code would not be loaded (unless needed for some other
reason).
> While this seems to be working, is this the best way of achieving what i
> want, am I missing some nasty side effect or have I missed the mark
> entirely.
No nasty side effects, as you say it is pretty much pointless to use TLS
on a loopback interface.
Mark
moting lmtp.
So in summary: either will do, I currently don't have strong arguments
to prefer one over the other. Perhaps somebody from the Postfix side
can show a preference.
Mark
posts here will show
up in a Google search. These are some of the archives, I'm sure there
are others:
http://archives.neohapsis.com/archives/postfix
http://www.mail-archive.com/postfix-users@postfix.org
http://www.pubbs.net/postfix
http://tech.groups.yahoo.com/group/postfix-users
Ma
- I added help to /etc/aliases;newaliases
but I get the same response.
I KNOW that the user help exists on internal. .
I'd rub a magic lamp about this time in the fairy tale
Thanks,
Mark
-- Forwarded Message --
Subject: Re: [AMaViS-user] rw_loop: leaving rw loop, no progress
Date: Friday 20 March 2009
From: Mark Martinec
To: amavis-u...@lists.sourceforge.net
Ivan,
> This is log in attached files
Thanks, interesting and strange.
I'll CC this to the
ong for the message to
> be sent twice?
It probably has to do with where you implemented recipient_bcc_maps,
along with a post-queue content filter which sends a checked message
back to Postfix for delivery - so recipient_bcc_maps could be
invoked twice.
Mark
l out from
postfix itself.
2. With Sendmail, I can use mailertable to sendmail within same network. For
Postfix, How can I do that?
Thanks.
Mark
2009, 12:17 PM
> 2009/4/23 Mark Johnson :
> > 1. Allow relay from trusted servers within same
> network (using IP address) How can I do that? I tried this
> with mynetworks = 192.168.1.100, 192.168.1.102,
> 192.168.1.103 and it won't work. It's not even able
> to sen
ese two fragments only the second (smaller) reaches the receiver.
Looks like something is forcefully breaking packets despite a DF,
and I don't find it unusual that a receiving side reluctantly
discards a fragment.
Mark
vni
> Subject: Re: Newbie with Postfix - Relay and Mailertable
> To: postfix-users@postfix.org
> Date: Wednesday, April 22, 2009, 1:36 PM
> On Wed, Apr 22, 2009 at 10:14:24AM -0700, Mark Johnson
> wrote:
>
> > maximal_queue_lifetime = 5h
>
> This looks rather unwise,
two cleanup services (or two Postfix instances).
See:
http://www.ijs.si/software/amavisd/README.postfix.html
-> Multiple cleanup service architecture
Mark
Ralf, here is another one for your list of Cisco PIX and ASA
problems with inspection of a SMTP protocol (actually, parsing
of a mail header section):
http://www.arschkrebs.de/postfix/postfix_cisco_pix_bugs.shtml
CSCsy28792
SMTP session disconnects due to improper parsing of a DKIM header fie
t; > Date: Wednesday, April 22, 2009, 1:36 PM
> > On Wed, Apr 22, 2009 at 10:14:24AM -0700, Mark Johnson
> > wrote:
> >
> > > maximal_queue_lifetime = 5h
> >
> > This looks rather unwise, unless you never send to
> Internet
> > domains.
> >
nnects due to improper parsing
> of a DKIM header field by ASA
...to be fixed in releases 8.1.2(22) and 8.1.3
Mark
MTU at your mailer.
Or to turn off MTU discovery (= not to set a DF flag).
A fix is to disable blocking of ICMP type 3 packets in firewalls
(your outgoing, or recipient's incoming), and turn off the second
mentioned misfeature.
Mark
7;s not the fault of the recipient if they reply to a
message and it goes to the wrong place because the reply-to header is
wrong.
Mark
I would like to issue a custom message for 550 5.1.1 errors, on a per-
user basis. In other words, instead of the generic
Recipient address rejected: User unknown in virtual mailbox table
that goes out now, I want the ability to override that with a message
saying something like:
is n
On May 19, 2009, at 2:16 PM, Ralf Hildebrandt wrote:
* Mark Edwards :
I would like to issue a custom message for 550 5.1.1 errors, on a
per-
user basis. In other words, instead of the generic
Recipient address rejected: User unknown in virtual mailbox table
that goes out now, I want the
b smacked if it is?
Why?
Because it rather misses the point of whitelisting.
Mark
Steve wrote:
On Fri, 2009-06-12 at 08:17 -0400, Wietse Venema wrote:
Mark Goodge:
Ralf Hildebrandt wrote:
* Steve :
Is this right?
Yes
"You cannot whitelist a sender or client in an access list to bypass
header or body checks. Header and body checks take place whether you
explicitl
u ought to be able to
demonstrate it with a combination of mail logs, sample messages and the
output of postconf -n.
[1] http://www.postfix.org/header_checks.5.html
Mark
.uk (xx) with ESMTPA id B9F16AC09D
for ; Fri, 12 Jun 2009 11:01:58 +0100 (BST) from
mail4[192.168.1.xx];
Note that the recipient address is in the 'Received:' header. And the
string 'broadband' in that address is what the regex is matching.
Mark
as Mailman or
majordomo. 3000 recipients is waaay too many to do in a single shot
using Bcc.
Mark
richard lucassen wrote:
On Sun, 03 Jan 2010 19:57:41 +
Mark Goodge wrote:
I want to send once a week a simple mail to a list of 3000
recipients. I can set smtpd_recipient_limit and
smtpd_recipient_overshoot_limit to higher limits, but is there a
better way to handle this?
Yes. Install
was using
qmail, but I haven't looked at these mlm's ever since.
Which mlm would you recommend to use for this purpose? I use Debian
Lenny with (of course) Postfix.
My personal preference is Mailman. I run that on Debian with Postfix,
and it was pretty simple to install.
Mark
he bottommost
instance of a 'From' header field, yet a MUA might show the topmost.
When amavisd-new (since version 2.6.4) is DKIM-signing a message,
it inserts a ":from:from:" into the 'h' tag, which makes a later
appending of another From header field invalidate a signature.
Mark
ready.
Btw, of the header fields that may occur only once, it is currently
more usual to see multiple Message-ID, or Subject, or To or Cc,
or MIME-Version, or Content-Type. Very rare are duplicate Reply-To
or Date. The least common is to see multiple From.
Mark
anybody tell me, is there any command of less than 4
> > alphabets, postfix sends
>
> 4 letters.
> Hmm.
>
> EXPN, VRFY, HELO, EHLO, STARTTLS, ETRN,...
> Hm, I'd think the commands are 4 letters or more.
Maybe a firewall bug:
http://fanf.livejournal.com/102206.html
Mark
going to use a PBL, such as those provided by Spamhaus, then
you really ought to read the documentation first in order to avoid
obvious bear traps like the one you fell into. It's not the fault of
Spamhaus, Google or Postfix if people don't RTFM.
Mark
On Thu, Feb 4, 2010 at 6:50 AM, Arora, Sumit wrote:
> Hi All,
>
>
>
> Is there any way I can limit the size of per attachment in postfix?
>
>
>
> Thanks & Regards,
> *Sumit Arora*
>
> IPG R&D Hub, Gurgaon
> Hewlett-Packard India Software Operation Pvt. Ltd.
>
> Work: x19013
>
> Cell: +91-995818
your users
actually need before deciding on what webmail client to provide them.
And it isn't just about "flashy GUI bullshit", it's about real features
that make a practical difference for people with different requirements.
Mark
On 09/02/2010 11:53, Thijssen wrote:
On Tue, Feb 9, 2010 at 12:28, Mark Goodge
wrote:
But for day-to-day use as a long-term replacement for a desktop
client, or for any user who gets a much larger than normal volume
of mail,
What do you mean by that?
Hundreds, or even thousands, of
r many people
(including myself), and a client (either desktop or web) that doesn't
support it is simply too non-functional to be used except as a backup.
Mark
's
server is completely unreachable. Can this be done?
Of course it would be better if we didn't use this fallback construction
at all, but some customers just love it.
Thanks a lot
Mark
Wietse Venema wrote:
> Mark Hunting:
>
>> We use Postfix for some time now, and it's really a great relieve after
>> having used qmail for years. However there's one issue I am unable to solve.
>>
>> Next to the usual virtual mailboxes and aliases we al
> Jon L Miller:
> > postfix/postsuper[4932]: warning: bogus file name: hold/razor-agent.log
>
> Some NON-POSTFIX software is leaving its NON-POSTFIX garbage in
> the Postfix queue.
Sounds like a MailScanner issue.
Mark
contact the server it
first tries it should then try a different one. And a client which won't
retry when it can't reach a server will have exactly the same problem
even with normal MX records, as it won't fall back to the lower priority
records if the primary is offline.
Mark
--
inely bouncing spam
that hits your server - instead, you should be rejecting it first rather
than accepting and then bouncing it.
See http://www.postfix.org/BACKSCATTER_README.html for more information
on this, including some hints on how to configure your server to
minimise unnecessary bounces.
Mark
outbound mail, simply use the DMZ machine as a smarthost for any machine
inside the CDE (including your Exchange server if appropriate).
Mark
n your own
then it's very hard to distinguish between that and forgeries.
Mark
sure your backend filter can handle multiple transactions
within a single SMTP session.
Btw, do you really want to send bounces too to the java filter?
These could be sent directly to Postfix ($notify_method), while
filtered messages could go to your filter ($forward_method).
Mark
ot;220 Hello\n"
instead of: "220 Hello\r\n". Amavisd waited 30 seconds but
end of line (CR LF) never arrived, so the session was aborted.
RFC 5321 (and RFC 2821 and RFC 821) requires that SMTP commands
and replies are terminated by a CRLF, not by a single LF character.
Mark
ix is directly communicating with
> my component. I am not receiving such problem in that case.
> Is it because postfix is little lax in enforcing smtp for content filter?
Yes, it is. (in general, not specific to content filter interfacing)
Mark
hat a post-queue content filtered message
goes through Postfix twice.
Mark
ilguard -
configure it to quarantine *everything*, and then use the built-in
web-based management system to release the messages that are approved.
As others have said, though, it is an incredibly dumb idea for any
situation other than places where you might be dealing with genuinely
top secret material.
Mark
rrect or are I wrong?
Current situation:
- it gives a 450 error code (while it receives a 550 error code)
I think it should be:
- it should give a 550 error code (because it did receive a 550 error code
from a server downstream)
With kind regards,
Mark Scholten
> -Original Message-
> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Wietse Venema
> Sent: Friday, April 30, 2010 8:17 PM
> To: Postfix users
> Subject: Re: Response codes
>
> Mark Scholten:
> > Hello,
>
> -Original Message-
> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of mouss
> Sent: Friday, May 07, 2010 11:51 PM
> To: postfix users
> Subject: Re: Php hook for all my emails
>
> Andrés Gattinoni a écrit :
> > On Fri, May 7, 2010 at 5:29 P
u haven't tried getting it to work without SASL, then do that
first. SASL is difficult to debug, so it's essential that you first
ensure that the problem isn't anything to do with SASL!
Mark
rejecting emails that look like spam. So either
a) the emails are very close to being spammy already, so that the check
for URLs is enough to push them over the edge when they do contain the
full URL, or
b) your spamassassin settings are too strict.
Mark
educate your correspondents to send less
malformed email :-)
If it is your configuration that's the problem, though, then you will
need to modify it. That's not really on-topic for the Postfix mailing
list, but this URL should help:
http://lmgtfy.com/?q=spamassassin+configuration
Mark
db, 0, db_path, 0, type, db_flags, 0644)) != 0)
msg_fatal("open database %s: %m", db_path);
Seems to work fine.
There wasn't any API change in db->open between 4.8 and 5.0
as far as I can tell.
Mark
On Thu, 10 Jun 2010 23:31:49 +0200, Ralf Hildebrandt
wrote:
[...]
> I must admit, it sounds feasible (timing between keystrokes etc.),
With respect to detection, is this relevant?
http://en.wikipedia.org/wiki/Telnet#Telnet_data
--
If you have an apple and I have an apple and we exchange t
e spam, and tag the rest.
That way, you minimise the worst effects of spam while not blocking
anything that might generate a false positive.
Mark
--
http://mark.goodge.co.uk
the preferred practice now or something.
--
Mark Krenz
IT Director
Suso Technology Services, Inc.
opinion on this.
> Also note that some spam filters will add points for messages
> with no prior Received: headers, so sometimes you can't win
> either way.
How would they know if they didn't have a Received header for the
client IP? Or do you mean if all prior Received header
#x27;d think that over the
past decade I would have gotten better at coaxing users into giving me
all the details I need up front, but its still just as hard. So many
users are already in the blame the provider mode nowadays that you have
to disarm them first before you can get anything across.
said it. I often tell customers that get burned by bad practices of
other companies on the net that the Internet is still a lot like the
wild west and if you want protection from the crazyness, you just have
to live in a town with a good sheriff.
--
Mark Krenz
IT Director
Suso Technology Services, Inc.
respond on port 25 for those
addresses, then you need to block it further upstream.
Mark
--
http://mark.goodge.co.uk
t always caused by real, live humans sending their friends and
colleagues unnecessarily large files. So these senders need to see the
bounce, in order to learn the error of their ways :-) It isn't helping
anyone if such bounces are suppressed rather than passed on.
Mark
--
http://mark.goodge.co.uk
networks
permit_sasl_authenticated reject_unauth_destination
reject_non_fqdn_sender reject_non_fqdn_helo_hostname
check_sender_access hash:/etc/postfix/sender_access
smtpd_sasl_path = smtpd
virtual_alias_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mys
On 23/07/2010 13:37, Wietse Venema wrote:
Mark Goodge:
What I need to do is configure A so that mail destined for B is stored
indefinitely (well, for a few days, at least) without generating NDRs or
attempted delivery notifications, so that when B comes back online all
the stored mail can be
lo/sending server/action (including error
code/error information if available)
I did check and didn't find it here (or I didn't look good enough)
http://www.postfix.org/addon.html#logfile
Is something like that available for postfix or should I create something
for it?
With kind regards,
Mark Scholten
> -Original Message-
> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Jeroen Geilman
> Sent: Saturday, July 31, 2010 3:16 PM
> To: postfix-users@postfix.org
> Subject: Re: Log file checking
>
> On 07/31/2010 02:15
> -Original Message-
> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Stan Hoeppner
> Sent: Sunday, August 01, 2010 12:26 AM
> To: postfix-users@postfix.org
> Subject: Re: Log file checking
>
> Mark Scholten put for
> -Original Message-
> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Stan Hoeppner
> Sent: Sunday, August 01, 2010 3:50 AM
> To: postfix-users@postfix.org
> Subject: Re: Log file checking
>
> Mark Scholten put fo
;
> Clouds and VPS are fine for a few classes of applications. SMTP mail
> is not
> one of them.
As long as it is with a reputable provider there should be no problem to use
them for SMTP mail.
Mark
>
> --
> Stan
an give problems
(HELO/SPF/rDNS/etc. checks).
Regards, Mark
(and lots of people just click on an attachment without reading the file
name/extension). The only thing difficult about is not to block too much,
but just enough.
>
> I find it foolish to start filtering everything, just because a small
> rate of that kind of file *may* be evil: it is like if you don't allow
> people go to your office with laptops, because they can hook-up to
> your network and steal information from your intranet (if you want to
> prevent this, authenticate network ports with 802.1x or something like
> that, don't use wifi, and off course, secure your intranet's
> servers!).
>
> Sorry if part of this gets off-topic, but this kind of discussion is
> always interesting.
>
> >
> >>
> >> Jacqui
> >
> >
> > -- Noel Jones
> >
>
> Ildefonso
Regards, Mark
s anything that should be done about it.
Mark
tcpdumps.tar.gz
Description: application/compressed-tar
<>
ther statistics just in case, but it seems the patch
does the right thing.
Thank you!
Mark
the inet is clearly a winner
at times, or an exact even otherwise. Funny.
Mark
'm complaining about the other one, the proxy setup, which
does not LOG the reason for a failure.
Mark
d be", because I'm still not sure it's THE
> solution. After updating few perl modules (including NET::Socket) and
> restarted amavisd, it immediately started to work great. It does not
> guaranty it will not break under load again.
Maybe, although I'm not aware of any performance-related problems
with underlying perl modules. More processors would definitely help.
Mark
is not busy, again, my primary suspect is a berkeley db.
These multiples of 20..25 second delays, some at inexplicable sections,
seem to coincide with updating a child process status in the nanny database.
Try disabling it altogether: $enable_db=0;
If that helps, consider upgrading libdb to a more recent version
(along with the BerkeleyDB perl module).
Mark
elds to 0, 1, or 2,
consider other values reserved for future use.
By default the following header fields are protected from duplicates by
a DKIM signature generated by amavisd: From, Date, Subject, Content-Type.
To revert to a classical behaviour, set their value in %signed_header_fields
to 1, e.g.:
$signed_header_fields{lc($_)} = 1 for qw(From Date Subject Content-Type);
Mark
our needs. The $b is a header field body,
the result is a replacement body, or undef to delete it.
> $signed_header_fields{lc('Received')} = 0;
> @Mark Martinec (in case you're reading this): Do you think
> this would make a reasonable default setting for amavisd-new?
ant to deliver the
mail (but that server is online): 550 reject
If the server where you want to deliver the mail is down/unreachable: 450
unverified_recipient_reject_reason = Recipient address lookup failed
If the server is up and accepts the email: accept
Please correct me if I am wrong.
Regards, Mark
t
in your domain and does not use your MX).
Mark
--
http://mark.goodge.co.uk
Here is a similar incident with a milter not understanding multiline
responses, as well as shooting out the query without waiting for a
greeting. Below is my side of the correspondence with its author
and with the postmaster of the site where it was first observed.
From: Mark Martinec
To
> -Original Message-
> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Dom Latter
> Sent: Tuesday, October 19, 2010 11:41 AM
> To: postfix-users@postfix.org
> Subject: Logfile condenser
>
> Helo, as one might say.
>
> Wading through logfile
to have is in the postfix logs. Now the
information is on multiple lines and I would like to get everything in a
single line.
Regards, Mark
Postfix, which lets
> digitally sign email (i.e. if From: is X1, sign with key K1)?
That's a job for the MUA, not the MTA. There's no fraud-proof way for postfix
to know who is sending the email.
- Mark
On 27 Oct 2010, at 13:11, lst_ho...@kwsoft.de wrote:
> Zitat von Mark Blackman :
>
>> On 27 Oct 2010, at 13:02, Tomasz Chmielewski wrote:
>>
>>> Is it somehow possible to make Postfix add a digital signature to outgoing
>>> emails?
>>>
>>
With some
custom scripts I think it should be possible to do it with current tools,
the most difficult part is messages that get deleted from the file system
(pop3/imap) I guess.
I can set it up later this year in a test environment and publish my
findings about it. If this is interesting for others to know please mention
it and I'll test it and publish it.
Regards, Mark
"unknown" client hostname)
- Helo matches client hostname
Using extra smtpd_restriction_classes isn't a problem (as I do it already
for certain "whitelists").
With kind regards,
Mark Scholten
> -Original Message-
> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Reinaldo de Carvalho
> Sent: Wednesday, November 03, 2010 3:28 PM
> To: Mark Scholten
> Cc: postfix-users@postfix.org
> Subject: Re: Custom action b
an online form.
Also note:
- Donations/money won't be accepted.
- On some pages regarding this free service I might put ads (the files with
the information won't contain any ads that could cause problems with
postfix).
I also want to publish a list with known not working rDNS hosts with mail
servers to lower the number of F/P while blocking on not matching rDNS.
With kind regards,
Mark Scholten
module on CPAN:
http://search.cpan.org/dist/Net-Patricia/
Mark
1 - 100 of 497 matches
Mail list logo
