() that first checks htable_locate() and if the port exists
there simply creates the servent structure itself with the proper
service data, and if not passes the call onto getservbyname().
Peter
a valid
DKIM signature on that domain then the message will (and in this case
does) fail DMARC.
Peter
the
pickup line). It likely indicates some sort of spam coming through a
web form on your system, like on a php script, fix the web form to make
it harder for spammers to use.
Peter
$_);
next unless $j->{queue_name} eq "hold" && (time()-$j->{arrival_time}) >
86400; system qw(postsuper -d),$j->{queue_id};'
86400 is the number of seconds in a day, adjust accordingly.
Peter
otentially result in
breakage of a stable release when there's really no reason why existing
stable releases can't continue to just support pcre(1).
Peter
On 16/12/21 10:00 am, Peter Münster wrote:
submission inet n - n - - smtpd
...
-o
smtpd_client_restrictions=reject_unknown_reverse_client_hostname,permit_sasl_authenticated,reject
Not related to your current issue, but you will find it almost
impossible to
separate
commands for EL7 vs EL8 examples.
post...@ptld.com Wrote:
Wait, so its a fork of Postfix?
And not the same code as what Wietse releases for the same version?
It is not a fork, it is a packaged build from the upstream Postfix
sources. There are some minor patches which come from Fedora and you
can see what they are in the available src.rpm file.
Peter
necessarily specified in a To: header. You're not
likely to get much, if any legitimate mail with a missing To: header,
though.
Peter
of the condition (in the postfix logs) without rejecting the
message (because it's not necessarily SPAM).
Peter
On 5/05/22 6:40 am, li...@lazygranch.com wrote:
Though not currently bouncing my maillog had this message (sanitized
because of Google):
NOQUEUE: reject: RCPT from avasout-pe
this. This is better (and is in the postfix
SASL_README doc):
printf '\0%s\0%s' 'username' 'password' | openssl base64
Peter
,
Peter
2-11 (I'm
not overly concerned about the documented future usage of 5-8).
Still hoping for an answer to my previous questions, though.
Peter
l postfix to do an lookup instead of an A lookup.
Peter
as well.
This is just a suggestion of how to implement it.
Also the smtpd_client_restrictions of reject_rbl_client and
permit_dnswl_client would require similar treatment.
Peter
nd of client IP address. The default
should remain both as it is now.
Can you elaborate on how that would work?
Peter
=a, client=ipv6, timeout=nn}.
That works, and allows for future expansion. I like it.
Peter
table binary that contains the string
/etc/postfix/sasl is /usr/bin/saslfinger which is
provided by the sasl2-bin package.
Which suggests that it's been compiled into the cyrus sasl library.
Peter
I'll leave
that to someone who is.
Peter
aving
those headers alone.
Another thing to keep in mind is that Postfix doesn't use, or care
about, these headers (exception: header_checks).
Peter
On 4/07/22 5:21 pm, pat...@patpro.net wrote:
Hello,
Few days ago I've stumbled on this gem:
https://twitter.com/g
install
for pcre support, usually "postfix-pcre".
Peter
://ghettoforge.org/index.php/Usage
...and the following link for issues specific to the postfix3 packages
in GhettoForge:
http://ghettoforge.org/index.php/Postfix3
Let me know if you have any difficulties or questions with these packages.
Peter Ajamian
and
RESTRICTION_CLASS_README (while not directly applicable to this) may
also be helpful.
Peter
not be a jail violation to do so.
Peter
ystem just as well.
What I was describing has nothing to do with an HTTP API. I would not
want to have a feature that required an HTTP server in order to operate
it properly.
Peter
stand correctly, is that each rule is
individually tested against all returned values for the corresponding
DNSBL query, if any returned value matches the rule then that rule's
weight is added (or subtracted) from the total dnsbl weight.
Peter
On 15/08/22 23:42, Wietse Venema wrote:
When a postscreen_dnsbl_sites pattern matches one or more DNSBL
query results, postscreen(8) adds that pattern's weight once
to the remote SMTP client's DNSBL score.
That is extremely clear and concise, I like it.
Peter
nt agencies to track the
source of illegal activities, propaganda, censored content, political
speech and other forms of communication that these same governments
which to prevent. Recommending that the general public block TOR exit
nodes serves their own ends, but quite likely not yours.
Okay, off-topic rant is over now.
Peter
On 16/09/22 16:24, Peter wrote:
* Malicious users are much more likely to come from botnets than from
TOR, and botnets can connect from anywhere and are much *less* likely to
be malicious (People who run exit nodes tend to be knowledgeable enough
to know how to keep their computers from
It really depends on the
SPF, DKIM and DMARC policies of the sender and the anti-spam policies of
the recipient. The most correct answer is that some mail will get
through and some will not.
Peter
much more difficult to
troubleshoot because the relevant info is lost in all the noise created
by the additional logs. It will be way easier if you can generate some
logs without verbose enabled.
Also you've shared your postconf -n output, can you also please share
postconf -Mf
Peter
other form of authentication, such as SASL AUTH.
Peter
These services should be using some form of authentication such
as SASL AUTH, or at the very minimum authentication based on client IP
address (although this is recommended only for clients that you must
support which do not support any other form of authentication).
Peter
you can use this to
your advantage, but often times people get bitten by this, so if you
don't really understand how restriction ordering works and what causes a
message to pass or reject based on the restriction lists then it may be
best to just leave them in separate restriction sets.
Peter
all) have the capability to run arbitrary commands
after they create a new certificate, so a separate cron job should not
be necessary.
Peter
;d accept help. If not, a
fork might be a good idea.
Hopefully something comes of this. Opendkim is indeed highly used
throughout the email community in both individual and commercial
landscapes. It deserves to be well maintained.
Peter
understandable if you struggle with getting a UNIX socket to
work and just give up and use a TCP socket instead.
Peter
ort of old appliance that cannot authenticate in any
other way.
Peter
era.chat where I'm sure a few
of us would be happy to discuss this, and then we can create a #opendkim
channel and branch to there if you want.
Peter
t, re-transmittal, and out-of-order handling
functionality of TCP, and the mandatory division of data into small
chunks all add overhead which you do not have with a Unix-domain socket.
That makes sense, thanks.
Peter
?
Normally operators will want to know what addresses to remove from the
distribution lists, even for newsletters.
I'm suspecting a badly configured server which has become a backscatter
source.
Peter
would be happy to review your config and help you
to fix it to avoid this problem in a much better way than dropping mail.
* https://en.wikipedia.org/wiki/Backscatter_(email)
Peter
wire (or gets
compromised) and starts submitting a bunch of spam. It basically means
you can block mail from one script instead of having to block it from an
entire system user, or even the entire system which would affect
multiple sources of mail.
Peter
opback address, but it's easy to identify it as the one
that got replaced because other references to the loopback address will
be 127.0.0.1. Modify to suit.
Peter
On 14/01/23 23:34, Viktor Dukhovni wrote:
On Sat, Jan 14, 2023 at 03:16:53PM +1300, Peter wrote:
Perhaps:
/^(Received:.*)192\.168\.1\.2(.*)$/ REPLACE ${1}127.0.0.2${2}
No. This is neither precise nor accurate.
* Precision, the proposed regular expression can match unexpected
e case but certainly I figure that he can tweak,
modify, whatever the expression to suit his needs once being pointed in
the right direction.
Your example is probably better and now he has more to draw on to
accomplish what he's after.
Peter
On 16/01/23 11:06, Charles Sprickman wrote:
OP here - just noting that's not what I was after. Just the hop before the
server (ie: the MUA).
The premise is the same, craft a PCRE expression that matches what you
want and use the REPLACE action.
Peter
.
Peter
ings if no_address_mappings is set.
Is this behavior intentional or just a side effect of how
no_address_mappings is implemented?
Peter
On 30/12/19 5:15 pm, Viktor Dukhovni wrote:
On Mon, Dec 30, 2019 at 04:37:32PM +1300, Peter wrote:
If someone uses virtual_address_domains and has
"receive_override_options = no_address_mappings", then postfix will
kick back an error of "User unknown in virtual alias table&quo
That said the logs do show the message going straight into qmgr, so I'm
really just baffled here.
Peter
of-mind.de/patrick.koetter/saslfinger/
https://web.archive.org/web/20190618125312/http://postfix.state-of-mind.de/patrick.koetter/smtpauth/
It might be useful if someone wants to copy those resources to a more
permanent location, or at least update the links.
Peter
, ssmtp or nullmailer. These
are designed to connect to and push mail out to a submission server and
have a much lighter weight footprint than postfix and as such are way
better suited to usage on an embedded system.
Peter
other tools that are simpler to
configure and better suited to that roll. I recommend msmtp:
https://marlam.de/msmtp/
Peter
in alias_maps are
bypassed so mailman will not work. Is this expected behavior and is
there are way around this? Would really appreciate any assistance.
You probably want to use relayhost or default_transport instead of
transport_maps.
Peter
ackages at GhettoForge certainly
come with systemd unit files and work fine with the systemctl command.
Peter
.noarch.rpm
yum --enablerepo=gf-plus install postfix3
Also see http://ghettoforge.org/index.php/Postfix3
Peter
OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
...
Not After : May 19 20:43:24 2020 GMT
...
X509v3 Subject Alternative Name:
...DNS:gmail-smtp-in.l.google.com,...
...
Looks valid to me, unless I'm missing something, or is posttls-finger
missing something?
Peter
iginal poster unless they can
still pass.
This may well be the end of the line for the majordomo-based list server.
I do believe that there are ways of doing the mitigations from postfix
and still retain mailman, but it may be a lot easier to simply switch to
mailman.
Peter
g. I honestly don't know if we can
do both, but if so then we probably should. There may be servers that
verify DKIM but don't know about ARC.
Switching list manager would be the better long-term option, but a
hack could be useful to address some individual cases in the short
term.
Agreed.
Peter
things tomorrow so that we have to jump through more
or different hoops to get messages through.
At the end of the day all we can really do is fix the things we know
about and hope for the best.
Peter
from this list from several different users. The one user
is just an example of the issue.
Peter
On 23/03/20 11:09 am, Viktor Dukhovni wrote:
On Mon, Mar 23, 2020 at 11:03:43AM +1300, Peter wrote:
On 23/03/20 10:55 am, Viktor Dukhovni wrote:
ARC signing might be helpful, but I don't think we need to do anything
at all. With just one user having issues, the problem is most l
ut having to do this every time?
Peter
VPN connection to show up when I had VPN running.)
Substitute the name of your VPN interface for $vpn.
Peter
erted. If the
interface name ends in a "+", then any interface which begins with this
name will match. If this option is omitted, any
interface name will match.
Peter
On 1/04/20 1:42 am, Ranjan Maitra wrote:
On Tue, 31 Mar 2020 19:41:58 +1300 Peter wrote:
On 31/03/20 5:42 pm, Bob Proulx wrote:
The "$vpn" part is a variable was simply a placeholder for the IP
address of your VPN connected relayhost. It would be an IP address
like 93.184.216.34
tcp packets that are not matched
by the first rule.
Are the messages that are not going through when the VPN is up? Are
they supposed to go through the VPN? Can you provide info as per the
DEBUG_README?
Peter
r rpm and it won't overwrite it, right?
Peter
offer me?
It's in gf-testing, I haven't been able to move it to gf-plus yet.
Peter
not reasonable
for the mailing list owner to ask every person who's messages go to spam
because of a bad DMARC policy to change the policy.
google do what thay are asked for here
I never said that they aren't.
Peter
or influence. This is too much to expect every poster to
conform to these expectations, and more importantly there will always be
posters who do not regardless of how much you expect it.
Peter
On 27/04/20 12:00 am, Richard Damon wrote:
On 4/26/20 7:07 AM, Peter wrote:
On 26/04/20 10:47 pm, Benny Pedersen wrote:
talk to postmas...@almogavers.net ask for aspf not being set to
strict, also possible make fo tag on dmarc more relaxed
Except that this is a thread about what messages
fo DMARC will not stop that and you
should not be posting sensitive info to a public mailing list!
Peter
ix.
I prefer to be able to see a full conversation rather than having to
hunt through my Spam folder for pieces of it.
Peter
On 27/04/20 2:02 am, Richard Damon wrote:
On 4/26/20 8:15 AM, Peter wrote:
On 27/04/20 12:00 am, Richard Damon wrote:
Except that if the sender is sending from a domain with an email policy
that effectively says, "This domain is intended to send sensitive
information, please do not a
esn't reveal the issue I can provide you with RPMs that don't
have the usual set of CentOS patches applied for you to try, then we can
troubleshoot from there.
Good luck and let me know how you get on.
Peter
On 18/06/20 12:07 pm, Viktor Dukhovni wrote:
On Jun 17, 2020, at 9:34 PM, Peter wrote:
I'd like to avoid this if possible. CentOS 7 has openssl 1.0.2k and doesn't go
EOL until 2024. I'd like to be able to support new Postfix releases for it for
at least another two
kign is up before it attempts
to start postfix. Try the following:
Run "systemctl edit postfix.service" and insert:
[Unit]
After=network-online.target
This should tell systemd to wait until networking is up before it
attempts to start postfix.
Peter
t
because the default Postfix settings as shipped by CentOS only require
the loopback interface to be up, so it is not necessary for Postfix to
wait until all the interfaces are up unless you modify the Postfix
config to listen on other interfaces.
Peter
her one or the other IP address as is
appropriate for multiple DNS records as this is how round-robin DNS
works. So half of the time it will return the correct IP address for
the interface that you're on at the time and the other half it will
return the wrong IP address causing FCRDNS to fail.
Peter
uing the message postfix
will apply certain settings to determine the transport and destination.
See postsuper(8) for details.
Short answer, use postsuper -r
Peter
olicies
are not overwritten).
Indeed this is correct, in fact I just checked and verified that file is
not marked as a config file so it will be overwritten on update.
I would suggest modifying /etc/crypto-policies/config and changing it to
LEGACY instead. This change won't be overwritten by updates.
Peter
.
So Postfix is absolutely conforming to RFCs, the remote server errs by
(1) returning the wrong code in response to EHLO (unless they really
don't support EHLO) and (2) hanging up prematurely.
Peter
ole new syntax
each time.
Peter
u won't have to reconfigure Postfix each time
manually.
Peter
at postfix make auth against another server's smtp auth.
What is the right way to do this configuration?
Rethink your strategy. Perhaps connect Dovecot SASL directly to the
remote database for auth?
Peter
have):
https://web.archive.org/web/20170124033258/https://ftp.wl0.org/SOURCES/postfinger
Perhaps someone else will take up hosting it.
Peter
rvice
postfix restart". Now mail isn't being forwarded to either addresses.
See http://www.postfix.org/DEBUG_README.html#mail and post your config
as per that document and more importantly relevant logs of a message
being sent to root.
Peter
release of RHEL that
comes with Postfix 2.11.11. Whatever he has it's not a stock RHEL Postfix.
Peter
On 23/08/20 8:18 pm, ratatouille wrote:
Peter schrieb am 23.08.20 um 16:10:19 Uhr:
On 23/08/20 2:16 am, Wietse Venema wrote:
with postfix version 2.11.11?
You are running some Frankenstein Postfix, perhaps with features
backported by RHEL. Such backports are NOT part of the official
which, when used in combination with an expression-based filter can do
call outs on exact events.
Peter
of msmtp and have it submit to the localhost submission
service. Use the sendmail binary from msmtp instead of postfix's
sendmail binary.
Peter
el command.
I believe this is out of date as wrappermode has been available for smtp
for some time now and submissions is a thing now so the protocol is no
longer obsolete either.
Peter
plit which
explicitly looks for the first matching character in the string, so the
rest is considered to be the extension and is not looked at further.
I'm not sure if this is documented anywhere and if it isn't then it
means that this could be subject to change in future versions.
Peter
ys performs the following transformations:
· Insert missing message headers: (Resent-) From:, To:,
Message-Id:, and Date:.
...the explicit use of the word "always" there is misleading.
Peter
other. If the Message-Id is
present and the same then it's reasonable to assume that it's a duplicate.
peter
On 26/11/20 5:03 am, Wietse Venema wrote:
Wietse Venema:
Peter:
Might want to clarify that in cleanup(8):
The cleanup(8) daemon always performs the following transformations:
? Insert missing message headers: (Resent-) From:, To:,
Message-Id:, and Date:.
...the
?
Better to use a properly packaged Postfix:
http://ghettoforge.org/index.php/Postfix3
Peter
stfix 2.10.
If you want Postfix 3 for CentOS 7 check out:
http://ghettoforge.org/index.php/Postfix3
Peter
tp://www.postfix.org/POSTSCREEN_README.html#enable
...they explicitly say what to do with -o options to the smtp service.
Peter
101 - 200 of 905 matches
Mail list logo
