I'm working on replacing an ageing Posfix install with a new server.
On the old and new server we use virtual domains.
On the old server we login with: username.domain.com
On the new server Postfix is configured to allow login as: usern...@domain.com
I'd actually rather prefer the new format, ho
On Wed, Feb 2, 2011 at 5:31 PM, Mauricio Tavares wrote:
> On Wed, Feb 2, 2011 at 5:10 PM, Matt wrote:
>> I'm working on replacing an ageing Posfix install with a new server.
>>
>> On the old and new server we use virtual domains.
>>
>> On the old server we
simple, yet I have the impression that these two requirements
are not compatible with the rules available. I'd need to be able to have a
different set of rules for authenticated users.
Any hint as to what could be done to achieve this would be greatly
appreciated.
Thanks,
- Matt
>* Matt :
>> First of all, thank you for reading this! I have the following two
>> goals:
>> To a) only allow relaying mail when SASL authenticated, and b) to only
>> accept local (virtual) domains in the "MAIL FROM" address when relaying.
>
>Re
>* Matt :
>> >* Matt :
>> >> First of all, thank you for reading this! I have the following two
>> >> goals:
>> >> To a) only allow relaying mail when SASL authenticated, and b) to only
>> >> accept local (virtual) domains
>* Matt :
>> >> >>First of all, thank you for reading this! I have the following
>> >> >> two goals:
>> >> >> To a) only allow relaying mail when SASL authenticated, and b) to only
>> >> >> accept
ssible for most
lookups in Postfix.
Thanks,
Matt
Is there a way to only BCC when the mail stays "local" on the machine
and doesn't out outside, so the domains it knows ?
2016-03-19 2:12 GMT+01:00 Wietse Venema :
> Matt .:
>> I will test it tomorrow right away with some mysql lookups. That works
>> the same as fo
OK, thanks!
2016-03-19 15:08 GMT+01:00 Wietse Venema :
> Matt .:
>> I will test it tomorrow right away with some mysql lookups. That works
>> the same as for virtual lookups ?
>
> Wietse:
>> No. See http://www.postfix.org/postconf.5.html#sender_bcc_maps
>
> Matt .
Nice!
I will test it tomorrow right away with some mysql lookups. That works
the same as for virtual lookups ?
2016-03-18 1:08 GMT+01:00 Wietse Venema :
> Matt .:
>> Is there a way to send (B)CC messages to a specified external email
>> address when I send to a local address ?
&g
Hi Wietse,
Sorry for the late response, flu going around.
But is this only on domain base or also per user doable ?
2016-03-08 15:23 GMT+01:00 Wietse Venema :
> Matt .:
>> Hi,
>>
>> Is there a way to send (B)CC messages to a specified external email
>> address whe
pic.
Use myhostname to set what the smtpd daemon will use for the HELO
response. smtp_helo_name is for outbound connections.
-Matt
--
Matt Rude
website: http://www.mattrude.com - wiki: http://wiki.mattrude.com
PGP Fingerprint: 0E94 70DA 89F8 5102 0862 5EA2 CB10 759E E65F 2C46
nge could cause
> any kind of issue?
>
> --
> Francesco
>
>
Look at http://www.postfix.org/postconf.5.html#myhostname
You shouldn't need to change your systems hostname only this item.
--
Matt Rude
website: http://www.mattrude.com - wiki: http://wiki.mattrude.com
PGP Finge
ot;main.cf", (char *) 0);
> + /* In case a name=value pair is removed from main.cf. */
> + if (dict_handle(CONFIG_DICT) != 0)
> + dict_unregister(CONFIG_DICT);
> dict_load_file(CONFIG_DICT, path);
> myfree(path);
> }
Just goes to show you.. that the work is never done!
-Matt
logs additional delay information as "delays=a/b/c/d"
where:
a=time before queue manager, including message transmission;
b=time in queue manager;
c=connection setup time including DNS, HELO and TLS;
d=message transmission time.
--
Matt Rude
website: http://www.mattrude.com -
anger for example.com. The slow transport
could be configured to run at most one delivery process at
a time:
example.com slow:
-Matt
>
>
> When I tried this, I did postmap on the tranport file and postfix reload
> for that configuration, but the logs clearly showed the ascii
ly happens when you are going above their amount of queries
they limit free use to.
-Matt
you lookup
the quota's from a SQL table.
-Matt
eed to enable hosts file lookup:
>
> smtp_host_lookup = dns, hosts
>
> Wietse
Wouldn't it be:
smtp_host_lookup = dns, native
http://www.postfix.org/postconf.5.html#smtp_host_lookup
-Matt
signature.asc
Description: OpenPGP digital signature
built.
I have quite a few mailing lists I host and do relay_recipient_maps per
list. Would like to combine these into one to reduce some overhead.
Any help is greatly appreciated.
Thank you,
Matt
Victor Duchovni wrote:
> On Tue, Jan 27, 2009 at 09:56:36AM -0500, Matt Hayes wrote:
>
>> It was suggested that to bring the number of map queries down on my
>> server to shove them into a Makefile and create one recipient map.
>
> How may do you have? Generally, 1 vs 2 o
ver in a wrong way and that is why these mails are
> getting access to the system. May I request you to kindly point me to the
> right direction?
>
> With regards,
>
> Goutam Baul
>
The first thing I see is that the email appears to be coming through
webmail (squirrelmail). My guess is someone's account was "hacked" and
the spammer is using the webmail account to spam other addresses.. find
out who's account it is.. change the password or disable it until you
can fix the issue.
-Matt
us...@je.jfcom.mil
>
*snip*
Well, the logs don't like... the server isn't responding on port 25.
That would be the answer...
-Matt
_authenticated to the top of that
list. Either that or using the submission service for SASL
authenticated users
-Matt
*
Russell,
Can you provide us your "submission" lines from your master.cf?
-Matt
uthenticated,reject
-o smtpd_data_restrictions=
I have to explicitly set smtpd_recipient_restrictions to what I want and
"zero out" smtpd_data_restrictions as I have those defined in main.cf
-matt
log
> messages?
>
> Thanks,
>
> rocsca
>
Did you make changes to master.cf?
-Matt
fact that it doesn't have the
plethora of plugins that Squirrelmail does.
-Matt
I'm having problems with spam for users who forge the sender to appear as one
of my domains. The spam is coming from an external mail server. Is there
anything I can add to my main.cf to combat this? Any suggestions are
appreciated.
smtpd_recipient_restrictions =
# allow password auth
to do is get rid of "Root[...]" and just have the rewritten
email address displayed in the mailbox list.
How can I accomplish this?
Thanks.
Matt Ausmus
Network Administrator
Chapman University
635 West Palm Street
Orange, CA 92868
(7
acpid.i386 1.0.4-7.el5_3.1updates
ntp.i386 4.2.2p1-9.el5.centos.2 updates
____
Matt Ausmus
Network Administrator
Chapman University
635 West Palm Street
Orange, CA 92868
(714)628-2738
maus...@chapman.edu
Thank you. I'll test this out.
Matt Ausmus
Network Administrator
Chapman University
635 West Palm Street
Orange, CA 92868
(714)628-2738
maus...@chapman.edu
"You can lead a horse to water, but if you can get him to float on his back,
you'v
I'm trying to debug a: lost connection after CONNECT error
I added the following to main.cf
debug_peer_list = [REMOTE_IPADDRESS]
Here is the following syslog entry. Does it show anything relevant?
Is there anything else I or the remote administrator can try?
postfix/smtpd[18377]: connect from
y , but this indicates a bug
> somewhere in postfix.
>
> Even if told to change directions, it was still looking for the wrong server?
>
> I tried both 2.7.0 and 2.8 experimental!
>
> The debugging sectin help and stil we have a back up of e-mail.
>
> PLEASE fix!
>
>
Have you by chance looked at: man postsuper and reference the -r parameter?
-Matt
ame=ORIGINATING
Seems submission is commented out?
-matt
s = yes
>>> soft_bounce = no
>>> tls_random_source = dev:/dev/urandom
>>> unknown_local_recipient_reject_code = 550
>>> virtual_alias_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-alias-maps.cf
>>> virtual_gid_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-gid-maps.cf
>>> virtual_mailbox_base = /var/vmail
>>> virtual_mailbox_domains =
>>> pgsql:/etc/postfix/pgsql/pgsql-virtual-mailbox-domains.cf
>>> virtual_mailbox_limit_maps =
>>> pgsql:/etc/postfix/pgsql/pgsql-virtual-mailbox-limit-maps.cf
>>> virtual_mailbox_limit_override = yes
>>> virtual_mailbox_maps =
>>> pgsql:/etc/postfix/pgsql/pgsql-virtual-mailbox-maps.cf
>>> virtual_maildir_extended = yes
>>> virtual_maildir_limit_message = "Sorry, the recipients mailbox is
>>> currently full. Please try again later."
>>> virtual_overquota_bounce = no
>>> virtual_trash_count = no
>>> virtual_trash_name = ".Trash"
>>> virtual_uid_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-uid-maps.cf
>>>
>>
>
Is there some reason you aren't using the submission port (587) ?
-matt
On 04/21/2010 08:14 PM, webmas...@aus-city.com wrote:
> Quoting Matt Hayes :
>
>> n 04/21/2010 07:35 PM, David Cottle wrote:
>>
>>> #submission inet n - n - - smtpd
>>> # -o smtpd_tls_security_level=encrypt
>>&g
On 04/21/2010 08:33 PM, Oliver Schinagl wrote:
> On 04/22/10 02:10, Matt Hayes wrote:
>> On 04/21/2010 07:19 PM, Oliver Schinagl wrote:
>>
>>> On 04/21/10 23:47, mouss wrote:
>>>
>>>> Oliver Schinagl a écrit :
>>>>
>>&g
On 04/21/2010 09:23 PM, David Cottle wrote:
>
>
> Sent from my iPhone
>
> On 22/04/2010, at 10:28, Matt Hayes wrote:
>
>>
>> On 04/21/2010 08:14 PM, webmas...@aus-city.com wrote:
>>> Quoting Matt Hayes :
>>>
>>>> n 04/21/2010
t still
> appears to be present in 2.7.0 .
>
> cheers!
> mij
Mij,
You said in the #postfix channel that you had a pcap file, might want to
include it.
-Matt
things he probably shouldn't 4)
vacation and it won't get done.
I can go on, there are just a LOT of reasons why you do NOT want to
allow this.
-Matt
ange environment?
>
> Thanks for your help.
> Kaleb
What is going to be doing the authentication? Exchange or postfix?
-Matt
On 5/13/2010 12:57 PM, Victor Duchovni wrote:
> On Thu, May 13, 2010 at 12:19:04PM -0400, Kaleb Hosie wrote:
>
>> Hello,
>> In our environment, we have a postfix server that receives mail and forwards
>> only the HAM onto Exchange.
>>
>> I have several users that are using notebooks and looking to
On 5/13/2010 1:50 PM, Victor Duchovni wrote:
> On Thu, May 13, 2010 at 01:07:00PM -0400, Matt Hayes wrote:
>
>>> You'll also need keys for "host/@EXAMPLE.COM" where
>>> "EXAMPLE.COM" is your AD Kerberos realm and "servername" is the h
it! If their server accepts it (200 OK) and they take it off
your hands, you can't control any delays once its left your system.
Tell Verizon to get better admins ;)
-Matt
y)?
>
Mike,
always_bcc might work for what you are wanting.
-Matt
On 5/19/2010 2:00 PM, Brian Evans - Postfix List wrote:
> On 5/19/2010 1:56 PM, Mike A. Leonetti wrote:
>> Matt,
>>
>> My only qualm with that is the other server isn't concerned with ALL
>> domains, just a few. So BCCing every domain would cause a much larger lo
rom your regular account.. I neglected to
hit reply to list!
Well, you can put SSL/TLS on any port really. Submission being 587,
pop3s being 995, smtps being 465.. which ports are you wanting SSL/TLS on?
-Matt
N.org
> mydomain = DOMAIN.org
> myorigin = $mydomain
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
> relayhost =
> mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
> smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
You could look into using RBLs such as spamhaus etc.
-Matt
postscreen from the 2.8-snapshots would
help to curtail some of the resource usage.
-Matt
On 5/26/2010 3:35 PM, brian wrote:
> On 10-05-26 03:31 PM, Matt Hayes wrote:
>>
>> I wonder if using something like postscreen from the 2.8-snapshots would
>> help to curtail some of the resource usage.
>>
>
> Thanks, I'll check it out. However, I'd feel
On 5/26/2010 4:21 PM, Ralf Hildebrandt wrote:
> * brian :
>> On 10-05-26 03:31 PM, Matt Hayes wrote:
>>>
>>> I wonder if using something like postscreen from the 2.8-snapshots would
>>> help to curtail some of the resource usage.
>>>
>>
&
On 5/26/2010 4:32 PM, Ralf Hildebrandt wrote:
> * Matt Hayes :
>
>> postscreen doesn't require you to use RBL's during its checks,
>
> Ah yes, the earlytalking and all.
>
>> however, you have the ability to do so. The nice thing about doing RBL
>> c
rated properly.
>
> Wietse
Wietse,
Do you by chance have the CHANGELOG and RELEASE_NOTES for the latest 2.8
snapshot release?
-Matt
On 06/01/2010 08:50 PM, Sahil Tandon wrote:
> On Tue, 01 Jun 2010, Matt Hayes wrote:
>
>> On 06/01/2010 08:30 PM, Wietse Venema wrote:
>>> I just uploaded new versions of Postfix 2.8-20100601 "experimental"
>>> and a release candidate for Postfix 2.7.1
But not this user above.
>
> Thanks, Robert
Considering that 'mail.cypresspartners.com' isn't showing as an
authorized MX for bankofamerica.com, I'm assuming this is a spam attempt
that has failed.
It appears that mail.cypresspartners.com is a postfix server which
appears, to me at least, to be sending out spam.
-Matt
, and
frankly, I don't care, but I don't like people saying its a 'bug' when I
have no problems following configuration directives.
Can someone PLEASE explain this in clear terms as to what they are
complaining about?
Confused,
-Matt
, and can't speak to any allowanced postfix does
> or doesn't make on that platform. I run postfix on OS X, and don't expect
> the OS to provide postfix with everything it needs.
>
>
> Jim
>
> On Jun 2, 2010, at 9:46 PM, Matt Hayes wrote:
>
>>
better off reading up on smtp auth and using the submission
port than trying to add ranges of dialup users to postfix.
This would 1) force users to authenticate to relay email and 2) you
wouldn't have to track ip ranges if they changed.
-Matt
d any specific settings?
>
> Thanks!
> Cameron
Personally, I'd setup your 'postfix' server to be something like
lists.mydomain.com and set a separate MX for it.
-Matt
ain.cf at all.
> The system is working flawlessly now with 'virtual', except for the
> deferred messages. Please let me know whether full configs are
> needed.
>
> - Darek
Darek,
man postsuper
Reference the -r option
-Matt
rver doesn't, etc.
Sounds to me like someone is blowing smoke, but I'll let far more
experienced folks chime in before I make too many judgement calls!
-Matt
l outgoing emails headers sent by our users, i can see my
>>>>> servers ip addresses (private).
>>>>>
>>>>> Is there any config that i can do to make postfix write hostname
>>>>> instead of the ip address on the header or replace the private ip
>>>>> address by the public ip address?
>>>>>
>>>>> Thank you
>>>>>
>>>>> Brest regards.
>>>>
>>>> The format and content of Received: headers is described in detail
>>>> in the relevant RFCs.
>>>>
>>>> Make sure you know why you want to mess with them before blundering
>>>> forward.
>>>>
>>>> J.
>>>>
>>>>
>>
I guess I don't see how an internal private IP is a security risk.
-Matt
nks,
James
James,
Do you have logs of the instances where 'plain text' emails bounced or
were rejected? Would be quite helpful to see that if so!
-Matt
m>>,
relay=mail.2co.com[64.128.185.221]:25, delay=19449,
delays=19438/0.09/0.22/10, dsn=4.4.2, status=deferred (lost connection
with mail.2co.com[64.128.185.221] while sending end of data -- message may b
They have a PIX.. tell them to turn off fixup protocol in the PIX and it
should be good to go.
-Matt
570 962
ralf.hildebra...@charite.de <mailto:ralf.hildebra...@charite.de> |
http://www.charite.de
:: James R. Marcus | Director, IT Operations
:: Edhance | jmar...@edhance.com
:: v: 617-475-5360 | m: 914-772-8533
:: web: www.edhance.com <http://www.edhance.com/>
ASA:
config t
no inspect smtp
-Matt
I've worked on the smtp inspect is on automatically.
-Matt
On 07/01/2010 07:29 PM, James R. Marcus wrote:
no inspect smtp didn't work for me.
So you tried it and it didn't work or you ran the command and it wasn't
correct?
-Matt
On 07/01/2010 10:19 PM, James R. Marcus wrote:
I tried your command and it didn't take, I then ran what I posted and it seems
to have worked.
James
On Jul 1, 2010, at 9:33 PM, Matt Hayes wrote:
On 07/01/2010 07:29 PM, James R. Marcus wrote:
no inspect smtp didn't work for
2010 11:53 AM
To:
Subject: Re: Postfix.org SPF
On Sat, 2010-07-03 at 11:45:39 -0700, junkyardma...@verizon.net wrote:
How about publishing an SPF record for postfix.org.
Why?
--
Sahil Tandon
Rejecting email souly on the fact that a domain doesn't publish an SPF
is stupid.
-Matt
n 07/04/2010 10:53 PM, junkyardma...@verizon.net wrote:
What is stupid is to be so opposed to anti spam tools that have no
significant downside.
Makes one wonder about true motives.
--
From: "Matt Hayes"
Sent: Sunday, July 04, 2010
I
see the duplicate is when the bcc map sends the email off-site.
-Matt
On 7/6/2010 10:11 AM, Matt Hayes wrote:
> I've been watching this for a while and still not sure what could be
> causing it it or if its a known issue, but thought I'd pass it along
> here on the mailing list to see whatever one else thought.
>
Crap, forgot to add
On 7/6/2010 10:43 AM, Victor Duchovni wrote:
> On Tue, Jul 06, 2010 at 10:11:27AM -0400, Matt Hayes wrote:
>
>> I've been watching this for a while and still not sure what could be
>> causing it it or if its a known issue, but thought I'd pass it along
>> here o
ply to you
directly but to the list.
I don't believe postfix has this type of behavior, although I could be
wrong, but I'm pretty sure I'm not.
Probably need some sort of policy server to do that iirc.
-Matt
stfix isnt trying to authenticate while
relaying?
Jason
What is the output of: postconf -a
-Matt
es Postfix.
>
> Wietse
I can tell you that outlook does not require a certificate for SSL/TLS. I
have quite a few people at work that use Outlook and connect to our servers
using SSL; no certificate required.
-Matt
On 7/19/2010 10:10 AM, Beau Gould (OSS) wrote:
> Email Sys Admin, NYC | 80-100k+
>
No.
I hate unsolicited crap sent to a legit mailing list.
Bugger off.
-Matt
t; can stay in countryside at my home, I can accept very low offers.
>
> Tõnu
> skype:tonusamuel
>
>
>
> -Original Message-
> From: owner-postfix-us...@postfix.org
> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Matt Hayes
> Sent: Monday, July 19, 2010
o the mails trought the 37025 port too?
> Or I must copy the line "-o content_filter=dfilt:" under the line
> "37025 inet n - n - - smtpd" too?
>
> Thanks to all!
>
You'll need to use the content_filter on any smtpd that you want the
disclaimer on.
-Matt
,
client and server supported SASL implementations.
-Matt
On 7/23/2010 4:49 PM, Theodore Durst wrote:
> Matt,
>
> I am probably misunderstanding this, have been playing ith the TLS
> configuration but seemed to be spinning my wheels. What we need to do is
> encrypt communication between this postfix server (which will only send)
> and
Fax ++49 7564 304-8163
> e-mail: rainer.kalus...@uni-ulm.de
Look at man postsuper and reference the -r option
-Matt
.
Strange, I can upgrade postfix versions using: make upgrade
No issues here.
-Matt
out where the original message entered from and trace
it back from there.
-Matt
On 8/13/2010 4:56 PM, Leonel Florin Selles wrote:
> i need to limit the number of messages sent per user in postfix, there are
> someone to know how can i do that.
>
>
>
>
I believe you can use policyd to do this.
http://policyd.org
-Matt
ettings are correct.
Thank you.
A.Lepe
You should really look into using submission for user relayed email.
This authenticates the sender and by all means DON'T keep adding IPs to
mynetworks as it allows them to relay EVERYTHING.
-Matt
IN authentication failed:
> authentication failure
>
> /I would like to know which username failed to authenticate.
>
> Thanks in advance.
>
> Tom
Tom,
More than likely your IMAP server or whatever is providing SASL to
postfix will log this information, or at least have the ability to do so.
-Matt
and a password before so
just curious what I'm missing.
Thanks for the hard work!
-Matt
On 09/13/2010 07:37 PM, Wietse Venema wrote:
Matt Hayes:
Thanks for the update. I'm working on implementing this now, however,
I'm a bit confused with the postscreen_dnsbl_reply_map option.
I know this is useful when you enabled the DEEP checks, which I plan on
doing, but want to m
On 09/13/2010 09:31 PM, Sahil Tandon wrote:
On Mon, 2010-09-13 at 19:20:05 -0400, Matt Hayes wrote:
I'm a bit confused with the postscreen_dnsbl_reply_map option.
http://www.postfix.org/postconf.5.html#postscreen_dnsbl_reply_map
I've not had to use anything involving a DNSBL and
on't recommend doing that as not all MTAs on the internet will be
able to or want to do SSL from MTA to MTA.
If you want to offer it, that's fine, but I wouldn't force it.
-Matt
email spam? Would a spam filter like Spamassasin help this type of
> issue?
>
> Thanks!
Please provide logs of said entries (pasted into this mailing list
reply) and also output of postconf -n
That's the best way for us to tell if you have any other remaining issues.
However, seeing rejections for relay denied and noqueue reject that are
stopping possible spammers.. definitely a good thing.
-Matt
relevant logs
Please reply to the list.
-Matt
an output of postconf -n and relevant logs to the list...
-Matt
You would want to have your clients send their outbound email through
your postfix server and configure it to scan outbound mail.
-Matt
taining mail works as it should ... everything is ok.
You might want to look at using smtpd_sasl_auth_enable for your smtpd
listener.
I'd suggest using submisstion port 587 as well for your authenticated
clients.
-Matt
On 10/03/2010 09:58 PM, Nicholas Sideris wrote:
On Oct 4, 2010, at 4:39 AM, Matt Hayes wrote:
On 10/03/2010 09:32 PM, Nicholas Sideris wrote:
Hello,
I have the following trouble with enabling the smtpd auth for postfix ...
First of all I am using Dovecot 1.2.x and I have enabled
`mailbox` WHERE `address` = '%s' AND
> `relay` = '1';
>
>
> Is this going to do the trick?
> *
Relaying through your SMTP server should already be, by default,
restricted to localhost and $mynetworks.
Just configure submission (port 587) in master.cf and use that for
authenticated email. Then configure postfix to allow that to relay; done.
-Matt
/postfix-release/index.html now,
> and via Postfix mirror sites in the next 24 hours.
>
> Wietse
Thanks Wietse.
I've been following the thread and having the same issues. I will
upgrade immediately and report if I see further problems.
-Matt
1 - 100 of 234 matches
Mail list logo
