GeoIP based rejections

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'd like to be able to reject connections from remote IP addresses if they're from certain countries (or conversely only allow from certain countries). What are my options for doing this in/with postfix? Mark. - -- Mark Watts BSc R

Re: GeoIP based rejections

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/10/2011 03:49 PM, Bas Mevissen wrote: > On Thu, 2011-03-10 at 15:35 +0000, Mark Watts wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> >> I'd like to be able to reject connections from

Re: Long queue ID support gotcha

> The idea is to prepend the 30 least significant bits of the time > in seconds to the queue ID. Btw, 6 more hours to the next 'pretty' decimal unix timestamp: 13 Mark

Re: GeoIP based rejections

led: geoip-policyd-0.01.tar.gz > > With some modifications, it works quite nicely. > > Justin. > This is just what I'm looking for. Annoyingly, the spams I was getting (they were all supposedly coming from one particular domain) have ceased! Thanks for all the advice,

Windows Live problems

thought of saying we can't support Windows Live Mail. Thank you so much in advance. Mark Moellering class creator .com m...@classcreator.com These are my recipient restrictions: smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknow

Re: Windows Live problems

On 18-Mar-11 12:39 PM, Randy Ramsdell wrote: Mark Moellering wrote: I am new to postfix. I have it set it up with dovecot on a unix box : postfix 2.8 on freebsd 8.1 While it tests fine under Thunderbird (and kde-mail), I currently can't send mail via Windows Live, although I can recei

Re: Windows Live problems - Resolved

authorization. Thanks again, Mark Moellering

Re: warning: truncate before-queue filter speed-adjust log: Permission denied

ad of one extra file over the process > > lifetime. > > Thanks for the insight. > > Reported: > http://www.freebsd.org/cgi/query-pr.cgi?pr=154873 > we'll see what comes out of it. > Mark ZFS fix has been committed to HEAD! | Re: standards/154873: | ZFS viola

Re: SV: SV: postfix restarts every five minute

roxy:mysql:) b) only regenerate the hash files when there is actually a need to (ie, when something changes in the database) rather than every five minutes on a schedule c) change the schedule so that it runs less frequently Mark -- http://mark.goodge.co.uk http://www.ratemysupermarket.com

Re: postfix performance

on a laptop natively under Win7 as its only resolver/server :) Mark

Re: Adjust smtp to limitations of a host

On Thu, 31 Mar 2011 12:39:20 -0400, Victor Duchovni wrote: > The receiving sites policies are stupid if they don't implement > them sensibly by just returning 4XX responses without penalizing > subsequent transactions. I am sorry to hijack this thread but we have what seems to be the same proble

Re: Adjust smtp to limitations of a host

On Thu, 31 Mar 2011 14:53:11 -0400, Victor Duchovni wrote: > Why would this be a response to "too many recipient commands", a > single message with many recipients is sent over a single connection, > unless you have set an ill-advised destination recipient limit. All _recipient_limit parameters a

Re: Adjust smtp to limitations of a host

On Thu, 31 Mar 2011 14:53:11 -0400, Victor Duchovni wrote: > > /etc/postfix/master.cf > > slow unix - - - - - smtp > > -o syslog_name=postfix-slow > > -o smtp_connection_reuse_time_limit=30s > > EOT > > > > /etc/postfix/main.cf > > slow_initial_destination

Re: Adjust smtp to limitations of a host

On Sat, 2 Apr 2011 18:03:29 -0400 (EDT), Wietse Venema wrote: > > slow unix - - - - - smtp > > -o syslog_name=postfix-slow > > -o default_destination_rate_delay=1s > > -o default_destination_recipient_limit=20 > > -o smtp_connection_cache_on_demand=no >

Re: Adjust smtp to limitations of a host (REPOST without postconf)

On Sat, 2 Apr 2011 18:03:29 -0400 (EDT), Wietse Venema wrote: > > slow unix - - - - - smtp > > -o syslog_name=postfix-slow > > -o default_destination_rate_delay=1s > > -o default_destination_recipient_limit=20 > > -o smtp_connection_cache_on_demand=no

Experience with smtpd_reject_footer

Hello, The feature with the config name smtpd_reject_footer is now available for some time. Our experience with it is that some people really read it and do what is listed in the message provided. How is your experience with it? Wietse: Thank you for adding this feature! Kind regards, Mark

Re: Google 7720 Error

> I have no proxies and have turned off the firewall > although the fact it works for some gmail and mindspring and not other > is puzzling Any Cisco firewall (ASA or PIX) on your side? Mark

Re: Timed out while sending message body

ly new session, this RST is then seen by the remote side as an original session reset. Mark

Unable to enforce the usage of the stronger tls ssl ciphers by Postfix

ate/example.key smtpd_tls_loglevel = 1 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = AES128, DES, MD5, aNULL smtpd_tls_protocols = !SSLv2 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes Thank you, Mark

Re: sent mail statistics - lots more than expected?

to work). Can I suggest you post your postconf -n to start with? And if you've changed it at all your master.cf would help. Be sure you're not setup as an open relay too, but let us read over your config here on the list to help you. My first thought from the default install would be to switch off soft_bounce in main.cf with soft_bounce = no -- Regards, Mark

Re: Unable to enforce the usage of the stronger tls ssl ciphers by Postfix

On Sun, 22 May 2011 22:00:49 -0500, Noel Jones wrote: > Is postfix also the client? What are the settings on that > machine? Client machines use Claws Mail as MUA (configured to use SMTP at 587) and those machine have Postfix as the MTA, configured like this: $ sudo postconf -n | grep -v '^smt

Re: mailq full but nothing in active/deferred/incoming

On Mon, 06 Jun 2011 19:45:17 +0200, Stéphane MERLE wrote: > > (I am using ubuntu 10.04LTS). > I am a little surprised by the fact that I would be using sendmail > #dpkg --get-selections | grep -i "sendmail" > I got no package installed for sendmail ... Postfix installs a pseudo-sendmail. In Ub

Re: Anyone run Postfix in FreeBSD jails environement ?

ress, or a separate mail submission IP address). More recent version should be fine. Mark

Re: conversation with ... timed out while sending end of data -- message may be sent more than once

quot; or "content-transfer-encoding" in a header field body of some unrelated header field, such as an 'h' tag of a DKIM signature: http://www.arschkrebs.de/postfix/postfix_cisco_pix_bugs.shtml Mark

Re: conversation with ... timed out while sending end of data -- message may be sent more than once

ESMTP pass through without censoring the greeting, while still exhibiting one of the header parsing bugs - which can lead to dropping the TCP session without a RST (but with a message in the log ... which noone reads). Mark

Re: conversation with ... timed out while sending end of data -- message may be sent more than once

ng some of the mail from gmail.com and the like. Mark

Re: Blocking profanity

message. Google for 'clbuttic' for examples, and, while you're at it, look up the "Scunthorpe problem" for some other reasons why profanity filters are very hard to get right. Mark -- Sent from my Babbage Difference Engine http://mark.goodge.co.uk http://www.ratemysupermarket.com

Multiple Domains / multiple TLS certs

ee my last failed attempt in the master.cf configuration. Any help is greatly appreciated. I am running on FreeBSD 8.1 Attached are postconf -n output and my master.cf file Thanks in advance Mark Moellering Class-Creator m...@classcreator.com # # Postfix master process configuration

Multiple Instances Question

am including my current postconf -n and master.cf entries for completeness. Thanks for everyone's help Mark Moellering # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not for

Re: Multiple Instances Question

On 27-Jun-11 12:50 PM, Wietse Venema wrote: Mark Moellering: I am running a postfix server on Freebsd 8.1 I have multiple domains and need to set up each domain with its own TLS certificate. I emailed this list and the best solution seems to be to run multiple instances. I read through the

Re: Multiple Instances Question

I was having trouble getting that to work but with your example I might try it again... On 27-Jun-11 3:25 PM, Christian Roessner wrote: I have multiple domains and need to set up each domain with its own TLS certificate. Can you explain this a little bit more? You could add several w1.x1.y1.

Re: Forcing postfix to check the MX entry

e, the simplest technical solution is to have separate mail servers for inbound and outbound mail. That way, someone adding a domain they don't own to the inbound server won't have any effect on outbound mail. Mark -- Sent from my Babbage Difference Engine http://mark.goodge.co.uk http://www.ratemyairport.com

Re: Forcing postfix to check the MX entry

t to avoid any interruption to mail delivery you have to add the domain to the new destination server before you alter the MX to point it there. Mark -- Sent from my Babbage Difference Engine http://mark.goodge.co.uk http://www.ratemyairport.com

Re: Forcing postfix to check the MX entry

On 11/07/2011 15:21, Reindl Harald wrote: Am 11.07.2011 16:12, schrieb Mark Goodge: On 11/07/2011 15:02, Бак Микаел wrote: Easy! Fix the software that your trusted users use to add their domain. Make THAT software check that the domain's MX record points to the right place BEFOR

Re: Sending massive mails

t know how to do all of the above without further instructions, then do not send bulk email from your system. If you really must send it anyway, then outsource it. The cost of paying an experienced, legitimate mailing service is trivial compared to the costs of being labelled a spammer. M

Re: Backscatter Theory

able ones then you've got a system which is properly configured. Mark

Re: Problem with DNS lookup when chrooted

On Thu, 11 Aug 2011 12:33:44 -0500, Stan Hoeppner wrote: > > Trivial fix: modify the init script to invoke "postfix start" etc. > > instead of directly invoking the master daemon. > > I don't believe the current init script directly invokes the master > daemon, Debian/Ubuntu's current /etc/ini

post-install, IPv6-only: could not find any active network interfaces

? Mark

Bind Postfix to outgoing IP address

to apply to inbound mail - that is, interfaces from which Postfix will accept mail, not those which it uses to send it. Any clues, anyone? Mark -- Sent from my Babbage Difference Engine http://mark.goodge.co.uk http://www.ratemysupermarket.com

Re: Bind Postfix to outgoing IP address

On 23/08/2011 14:29, Patrick Ben Koetter wrote: * Mark Goodge: How can I bind Postfix to only send outgoing mail via one IP address (ie, always use the same ethernet interface)? smtp_bind_address Yes, I discovered that about 5 seconds after I hit "send" on the previous email. Oh

Re: Inject email from web server to postfix queue

d be equally simple in Python, Ruby, ASP or your programming language of choice. The only complex part of it is error handling to ensure that you don't send the same message twice to the same person or that you don't miss anyone out if any email fails to send. Mark -- Sent from my Babbage Difference Engine http://mark.goodge.co.uk http://www.ratemysupermarket.com

Re: post-install, IPv6-only: could not find any active network interfaces

> On Aug 23, 12:30 pm, Mark Martinec wrote: > > Trying to install postfix on an IPv6-only host > > FreeBSD 9.0B1,http://wiki.freebsd.org/IPv6Only > > ports: mail/postfix-current, > > but the installation chokes in the post-install phase. > > Running that faili

Re: mailing lists software ?

have approx 100 lists most of them are internals. Mailman. It just plain works. Mark -- Sent from my Babbage Difference Engine http://mark.goodge.co.uk http://www.ratemysupermarket.com

Re: PIX & timed out while sending end of data -- message may be sent more than once

smtp protocol fixup (mis)feature turned off - best to do both. If it is entirely out of control, removing a DKIM signature header field for mail to such site will probably help. Ralf posted some workaround here some time ago. Mark

Re: Not receiving e-mail on submission port

und condescending. I only write to help you and others (I hope). I also hope that as it's late here and I'm stuck with my iPhone I didn't get anything seriously wrong. I've been using Postfix only a little over a year and found it both interesting to learn and fun to use as I compiled each revision with interest at the new changes made. Wietse, hartelijk bedankt! Mark. Sent from my iPhone

Re: Attachment Limit Size

Administrator > > > Joel, Prove it's Postfix that's rejecting your downstream mail. Show the Postfix logs; the eventvwr log from Exchange or the log of you following the Postfix author's suggestion of a telnet session and its output. Did you check Curtis' suggestion too (that it's the Exchange Server that requires configuring also)? -- Mark Homoky. Sent from my iPhone

Re: TLS Issues. certificate unknown: SSL alert number 46:

e postfix > sources. But I'll amend this. No, it's a vim syntax file IIRC. It might be useful for someone senior in Postfix development to look this over? >>> Sadly, it is not practical for >> everyone to learn SSL deeply enough to understand all the warnings. > > I'm deeply and painfully aware of this :( > > Simon +1 -- Mark Homoky. Sent from my iPhone.

Re: Postfix - Problem message delivery between MX servers

uthentication. > > Unless I'm misunderstanding something, wouldn't that circumvent the authentication you just introduced? Please post logs, postconf -n configs including the both servers. When obfuscating please be consistent rather than too enthusiastic. -- Mark Homoky. Sent from my iPhone

Re: Confusing part of Docs

nly provide outbound relaying to the Internet and do not accept mail from the public Internet at all". Mark -- Sent from my Babbage Difference Engine http://mark.goodge.co.uk http://www.ratemysupermarket.com

smtp-sink shows one more empty EHLO option

, normal 220 mail.ijs.si ESMTP Postfix ehlo test 250-mail.ijs.si 250-PIPELINING 250-SIZE 26214400 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Mark

Re: smtp-sink shows one more empty EHLO option

on ; ehlo-keyword and neither does RFC 2821. Mark

Re: MIME Parser Error - Can't Send Email

with 5.500 use File::Temp->new instead. On a failure this returns a much more sensible diagnostics. Mark

smtp-sink pipelining slow: TCP Nagle & delayed ACK stalls

(TCP_NODELAY), or to send all the SMTP responses in one go. Seems the postfix itself does not suffer from this problem, only the smtp-sink. A tcpdump packet capture is available at: http://www.ijs.si/~mark/tmp/0.log.gz Mark

Re: spamcop abusing mail systems worldwide

work for commercial organisations or government bodies don't have that choice. Mark -- Sent from my Babbage Difference Engine http://mark.goodge.co.uk http://www.ratemysupermarket.com

Adding a dynamic header to all mail passing through Postfix

ach mail with a custom value derived from the mail itself, using some kind of lookup or replacement method - something like /./ PREPEND X-Test-Header: ${user} So my question is: is there any way to do this? If so, how? Or am I barking up completely the wrong tree here? Mark -- Sent from my B

Re: Adding a dynamic header to all mail passing through Postfix

On 22/11/2011 13:20, Wietse Venema wrote: Mark Goodge: What I'd like to do, therefore, is set a header via Postfix. But I am having difficulty working out how to do that, or even if it's possible. First, you must send one recipient per message, otherwise you still won'

Re: Adding a dynamic header to all mail passing through Postfix

On 22/11/2011 14:03, Wolfgang Zeikat wrote: In an older episode, on 2011-11-22 11:51, Mark Goodge wrote: However, AOL's feedback system removes the recipient email address, so I can't identify the complainer from the report. It does not remove your server's header lines th

Re: Per-Recipient Data Responses (was: ... per-recipient treatment of messages in a milter environment)

hange anything, as amavisd already speaks either SMTP or LMTP, both on input and output. Mark

unused parameter: smtpd_client_connection_limit_exceptions

ETWORKS "}" What am I missing? 10025 inet n - n - - smtpd -o smtpd_client_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8,[::1] -o smtpd_client_connection_limit_exceptions=0.0.0.0/0 [...] Mark

Re: unused parameter: smtpd_client_connection_limit_exceptions

n understood from my posting), but that did not achieve the goal of turning off connection limiting. Wietse wrote: > The problem is that postconf no longer parses parameter values > that have their default value. > You can work around this with an explicit [...] > I'll roll out a correction. Thanks! Mark

Re: Dead Destination configuration

means "We think you might be a spammer, so we are setting you a simple test of whether you can follow instructions". If you pass the test, then when you restart sending then you'll be able to get everything through - it won't be rate-limited by Yahoo. Mark --

Re: Dead Destination configuration

On 02/12/2011 14:35, Viktor Dukhovni wrote: On Fri, Dec 02, 2011 at 02:23:53PM +, Mark Goodge wrote: That makes no sense at all, surely nothing more productive will happen when the spiggot is turned on 4 hours later with even more mail queued. The point is that "following instruc

Re: Possibility to store all incoming mail

would get altered (and destroyed if i hit the bug). Set up a user on the local system, and bcc to that. That way it won't go out through the smarthost. Mark -- Sent from my Babbage Difference Engine 2 http://mark.goodge.co.uk

Re: Possibility to store all incoming mail (pre-content_filter)

On 15/12/2011 16:58, Michael Weissenbacher wrote: schrieb Mark Goodge: On 15/12/2011 16:24, Michael Weissenbacher wrote: Hi! You can do this with recpients_bcc_maps Well, as far as i know this just adds a "bcc" address to the message and as a result the mail would still pass thro

Re: Possibility to store all incoming mail (pre-content_filter)

;local:archive-%m'; $archive_quarantine_to = 'archive-quarantine'; # default to be able to compare a corrupted message to what was seen by amavisd. This would not help if a problem lies in stages prior to or in amavisd, but at least it can help troubleshooting later stages (SMTP output from amavisd and apache-james). Mark

post-install, IPv6-only: could not find any active network interfaces (again)

Reviving an old thread from 2011-09: Mark Martinec: > Trying to install postfix on an IPv6-only host > FreeBSD 9.0B1, http://wiki.freebsd.org/IPv6Only > ports: mail/postfix-current, > but the installation chokes in the post-install phase. > Running that failing command manuall

Re: post-install, IPv6-only: could not find any active network interfaces (again)

e with the necessary ports already installed, or provide a ssh root access to such. Mark

Re: post-install, IPv6-only: could not find any active network interfaces (again)

l/etc/postfix, no previous main.cf or master.cf files. The problem is in the hardwired inet_protocols=ipv4 in the code, if I remember correctly. Mark

Re: post-install, IPv6-only: could not find any active network interfaces (again)

Sahil Tandon wrote: > I do not believe Mark should have to jump through extra hoops, or that > you should revert the change. This is a FreeBSD port-specific problem > created by me that I will address as soon as I can. Wietse Venema wrote: > Considering the short time left bef

Re: Stan's List [was: free antivirus scanner ?]

On Wed, 11 Jan 2012 10:19:36 -0600, Noel Jones wrote: > I would classify it as low risk of false positives, and fairly safe. > (but not 100% safe; few rules are. YMMV and such.) I've had a > couple of FP's from idiots that run their business mail servers on a > cablemodem with a dynamic rDNS na

Re: postscreen supersedes fqrdns.pcre table

On Sun, 15 Jan 2012 11:04:21 -0500, Charles Marcus wrote: > But I'd still be interested in seeing some example postscreen configs > actually in use right now, by you and anyone else willing to share... This works pretty well: as root: ## configure Postfix to use postscreen sed -i 's/^smtp .*s

Re: Declaring options for submission port daemon

On Thu, 19 Jan 2012 18:43:28 +0200, Nikolaos Milas wrote: > submission inet n - n - - smtpd >-o syslog_name=postfix/submission >-o smtpd_enforce_tls=yes >-o smtpd_sasl_auth_enable=yes > ... > Any other options (except smtpd_*) which we should also redef

Re: Declaring options for submission port daemon

On Thu, 19 Jan 2012 17:10:00 -0500 (EST), Wietse Venema wrote: > I found these with: postconf | grep '[A-Z][A-Z][A-Z]:' :-) postconf | grep '[A-Z][A-Z][A-Z]:' :-) results in: bash: syntax error near unexpected token `)' ... and at my system man grep refuses to show what that last :-) switch

Re: Postfix 2.8 + and Berkerley DB > 4.7

On Sat, 21 Jan 2012 18:38:48 -0700, The Doctor wrote: > Any issues with Berkeley DB > 4.7 with current Postfix ? With: libdb4.84.8.30 postfix 2.8.5 Each 4 hours we get a lot of: (...) postfix/postscreen[]: close database /var/lib/postfix/postsc

SSL3_GET_CLIENT_HELLO:wrong version number

While using Ubuntu 10.10 postfix 2.8.5-2 openssl 0.9.8o Socket Layer (SSL) binary and related cryptographic tools ii postfix 2.8.5-2~build0.10.10 High-performance We are getting a few of these: /var/log/mail.log:Jan 22 19:09:28 mx postfix-submission/smtpd[2797]: c

Re: SSL3_GET_CLIENT_HELLO:wrong version number

On Sun, 22 Jan 2012 20:03:09 -0500 (EST), Wietse Venema wrote: > Mark Alan: > > /var/log/mail.log:Jan 22 19:09:29 mx postfix-submission/smtpd[2797]: > > warning: TLS library problem:2797:error:1408A10B:SSL > > routines:SSL3_GET_CLIENT_HELLO:wrong version number:s3_srvr.c:7

Behavior of postscreen_access_list = static:retry

Hello, Regarding the config option: postscreen_access_list = static:retry And considering that: 1) "Permanent white/blacklist for remote SMTP client IP addresses. postscreen(8) searches this list immediately after a remote SMTP client connects." 2) static is a valid lookup table type 3) t

Re: Behavior of postscreen_access_list = static:retry

On Mon, 30 Jan 2012 21:09:21 +, Viktor Dukhovni wrote: > > Is there any other way to make the postscreen/postfix combination > > temporarily defer all incoming emails with '450 4.3.2 Service > > currently unavailable' (in order to give us some time to migrate > > the postfix server to some ot

Re: Behavior of postscreen_access_list = static:retry

On Mon, 30 Jan 2012 21:50:52 +, Viktor Dukhovni wrote: > On Mon, Jan 30, 2012 at 09:26:42PM +0000, Mark Alan wrote: > > > > > Is there any other way to make the postscreen/postfix > > > > combination temporarily defer all incoming emails with '450 > >

Re: Behavior of postscreen_access_list = static:retry

On Mon, 30 Jan 2012 19:17:17 -0500 (EST), Wietse Venema wrote: > Mark Alan: > > > > Would the following be an acceptable way to do it? > > > > postconf -e 'postscreen_access_list = reject' > > > > postconf -e 'soft_bounce = yes

Re: Behavior of postscreen_access_list = static:retry

On Tue, 31 Jan 2012 06:17:39 -0600, Noel Jones wrote: > You need to set both "postscreen_blacklist_action = drop" and > "soft_bounce = yes". The soft_bounce changes the 521 hangup into a > 421 hangup. Thank you Noel, If we wanted a mere 4.x.x hangup, it would be more elegant to set a single 'm

[SOLVED] make postscreen answer '450 Service currently unavailable' to all connections

On Tue, 31 Jan 2012 10:06:15 -0500 (EST), Wietse Venema wrote: > The hardest part of support on this mailing list is > to get a precise spec that does not conflict with itself. > Once we have that, configuration is not hard at all. Sometimes we only know what we need when we push the email clien

Re: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

access). Try recompiling/reinstalling. > Feb 1 10:21:15 D1OKH680RL postfix/master[11324]: daemon started -- version > 2.7.2-RC2, configuration /etc/postfix 2.7.2-RC2 ? Preferably install some officially released version like 2.7.7, or 2.8.8 or 2.9.0. Mark

Re: Postfix Mailing List

ailto:postfix-users@postfix.org> List-Help: <http://www.postfix.org/lists.html> List-Unsubscribe: <mailto:majord...@postfix.org> List-Subscribe: <mailto:majord...@postfix.org> In Thunderbird, I use (To|Cc|From) contains 'postfix-users@postfix.org'. Mark -- Se

Re: Suppressing received-from line when mail is from authenticated MUA

ries from the default). In particular, if you have a process called "RECEIVING MAIL" (as in "FILTERS WHILE RECEIVING MAIL") then logically, one would expect Received headers be added after that process is complete, as until it is complete the mail has not yet been receive

Re: Undefined MX record for a sender domain

er mail servers (including Hotmail). If you are considering using sender verification, you should read the online documentation and only use it if you fully understand what you are doing and the potential consequences: http://www.postfix.org/ADDRESS_VERIFICATION_README.html and Mark

Re: Undefined MX record for a sender domain

l block it. If you have reject_unknown_sender_domain already configured and that isn't blocking the mail, then missing MX records are not the reason why you are unable to deliver the DSN to your customer. What do your logs say when your server tries to deliver the DSN? Mark -- Sent

Re: Undefined MX record for a sender domain

deliver to. Your customer has probably got some kind of misconfiguration, but that isn't really your problem. Mark -- Sent from my Babbage Difference Engine 2 http://mark.goodge.co.uk

postfix configuration verification

tions. smtpd_sender_restrictions is necessary, because otherwise I would end up as an open relay, right? Thank you Mark

Re: postfix configuration verification

there is one comma missing after reject_rbl_client bl.spamcop.net, that's fixed of course. - Original Message - From: Mark S To: "postfix-users@postfix.org" Cc: Sent: Wednesday, March 21, 2012 7:28 PM Subject: postfix configuration verification Hi all, I am totally

Re: postfix configuration verification

= hash:/etc/postfix/my-valiases --Mark

Re: postfix configuration verification

Hi, thank you so much for your valuable input! > Commas are irrelevant, just another of several forms of whitespace. > "Postfix main.cf file format" is at the very top of this very long > manual: > > http://www.postfix.org/postconf.5.html thanks! > > I am totally new to the mail server busine

Re: postfix configuration verification

Thank you so much for your valuable advice. (Yeah, I really mean it. Thank you so much!!!) Here's my new config: sudo postconf -n alias_maps = hash:/etc/aliases always_add_missing_headers = yes biff = no config_directory = /etc/postfix disable_vrfy_command = yes home_mailbox = Maildir/ mailbox_s

TLS Emails

be appriciated. Mark

Re: Problems with witelist - limit outbound domains - doesnt

implement. It will also make your code platform independent, should you ever want (or need) to use a different MTA (possibly in response to a client request or an installation on a legacy system). Mark -- Sent from my ZX Spectrum HD http://mark.goodge.co.uk

Multiple SSL certs on multiple IPs

I managed to get multiple SSL certs working on multiple virtual IPs on the same server so vhost domains appeared to be completely independent from the base server. I'd like an opinion as to whether this is the right or best way to do this... domain1.com = 12.34.56.78 /etc/postfix/master.cf 12.34.

Re: Multiple SSL certs on multiple IPs

On 16/04/12 21:57, DTNX Postmaster wrote: > I would not bother with prettifying headers or SMTP transaction > output that is generally only seen by automated systems, It's mainly for "vanity" virtual hosting so our clients can be assured they have their own fully branded mail service. More import

Re: Multiple SSL certs on multiple IPs

On 16/04/12 23:13, Reindl Harald wrote: >> More importantly, with the -o myhostname=domain1.com they can >> fully pass any hardfail SPF test > > this has nothing to do with the hostname True from a fail/pass SPF inspection by the remote mailserver but not from a support techie eyeball point of vie

Re: Multiple SSL certs on multiple IPs

On 16/04/12 23:14, Wietse Venema wrote: >> 12.34.56.78:smtp inet n - - - - smtpd >> -o myhostname=domain1.com > > This change all SMTP server responses that depend on the > myhostname settings. > >> Any thoughts or suggestions on how to improve this strategy? > > Use separate MTA instances. FW

Re: STARTTLS problems

On Tue, 24 Apr 2012 19:42:20 -0400 (EDT), Wietse Venema wrote: > So, TLSv1.2 is giving trouble. > ... > Works with OpenSSL 1.0.1a with "smtp_tls_protocols = !TLSv1.2": > ... > So it is a good thing that I put out those updates today. > ... > Which leaves me wondering how other MTAs deal with this

<    1   2   3   4   5   >